The system is intended to identify rogue agents, corrupt officials and leakers, and draws on a Defense Department model under development for more than a decade, according to officials and documents reviewed by the AP.
Intelligence officials have long wanted a computerized system that could monitor employees, in part to foil leakers like former National Security Agency analyst Edward Snowden, whose revelations bared massive U.S. surveillance operations. Such a system might also detect troubling signs in those who already hold security clearances, such as the shooter in last year’s mass killings at Washington’s Navy Yard. Many of the nearly 4 million government employees who hold secret clearances would be scanned by the new system, officials say.
An administration review of the government’s security-clearance process due this month is expected to support continuous monitoring as part of a package of comprehensive changes.
Privacy advocates and government-employee-union officials expressed concerns that electronic monitoring could intrude into individuals’ private lives, prompt flawed investigations and put sensitive personal data at greater risk. Supporters say the system would have safeguards.
Workers with secret clearances are already required to undergo background checks of their finances and private lives before they are hired, and again during periodic re-investigations.
“What we need is a system of continuous evaluation where when someone is in the system and they’re cleared initially, then we have a way of monitoring their behavior, both their electronic behavior on the job as well as off the job,” Director of National Intelligence James Clapper told Congress last month.
Clapper said the proposed system would extend “across the government,” drawing on “six or seven data streams.” Monitoring of employees at some agencies could begin as early as September and be fully operational across the government by September 2016. The price tag, Clapper conceded, “is going to be costly.”
Budget documents released last week show the Pentagon requesting nearly $9 million next year for insider-threat-related research.
Current and former officials familiar with the DNI’s planning said the monitoring system would collect records from multiple sources about employees. They would use private credit agencies, law enforcement databases and threat lists, military and other government records, licenses, data services and public record repositories. During random spot checks, the system’s software would sift through the data to spot unusual behavior patterns.
The system could also link to outside databases to flag questionable behavior, said the officials, who spoke anonymously because they were not authorized to publicly discuss the plans. Investigators would analyze the information along with data separately collected from social media and, when necessary, polygraph tests.
The proposed system would mimic monitoring systems already in use by airlines and banks, but it most closely draws from a 10-year-old Pentagon research project known as the Automated Continuous Evaluation System, or ACES, officials said. The ACES program, designed by researchers from the Monterey, Calif.-based Defense Personnel and Security Research Center and defense contractor Northrop Grumman, has passed several pilot tests but is not yet in full operation.
The ACES project and clearance-related Defense Department research cost more than $84 million over the past decade, documents show.
Gene Barlow Jr., a spokesman for the Office of the National Counterintelligence Executive, the DNI agency coordinating the system’s development, said ACES and other internal monitoring systems developed by federal agencies “will align and integrate” with the DNI’s system.
According to project documents, ACES links to up to 40 databases. While many are government and public data streams already available, ACES also taps into the three major credit agencies – Experian, Equifax and Trans Union.
One former official familiar with ACES said researchers considered adding records from medical and mental-health files, but, due to privacy concerns, left that decision unresolved for policy makers.
The government’s inability to review information from local police reports, employers, family and personal-health records was cited as a glaring weakness in background checks on contract computer specialist Aaron Alexis, who fatally shot 12 people at the Washington Navy Yard last September before killing himself.
The Alexis case and the Snowden disclosures raised concerns about the flawed or inadequate work of outside contractors in background checks. A federal official acknowledged that outside contractors would likely be used to support electronic monitoring.
Critics worry about the potential misuse of personal information. Private contractors supporting the monitoring system would have access to sensitive data. Credit agencies and other outside data sources would know the identities of government employees under scrutiny.
“The problem is (that) you’re spreading all this private data around to more and more people, both inside and outside,” said David Borer, general counsel for the American Federation of Government Employees. Borer also warned about government efforts to reclassify lower-level employees into jobs requiring clearances, citing a recent court case backed by the union.
Lee Tien, a senior staff attorney with the Electronic Freedom Foundation, a civil liberties group, said workers’ free speech, political allegiances and outside activities could be chilled by constant monitoring.
Officials familiar with the DNI’s system said internal guidelines, audits, encryption and other precautions built into the proposal were designed to minimize abuses of private information. A 2007 Homeland Security review of the ACES project concluded that the system contains ample “security and procedural controls” to ensure worker privacy.
A report released last week by an intelligence consortium, the Intelligence and National Security Alliance, urged continuous monitoring for government workers and the nearly 1 million private contractors with clearances.