Firm That Cleared Snowden Under Grand Jury Investigation

The government contractor that conducted Edward Snowden's background investigation faces criminal indictment.

classified-stamp

The government contractor that conducted Edward Snowden’s background investigation faces criminal indictment.

WSJ (“Grand Jury Probes Firm That Cleared Snowden“):

A federal grand jury is investigating whether the company that conducted the last security background check on National Security Agency leaker Edward Snowden improperly rushed cases without proper review, according to people involved in the examination.

In recent days, a grand jury sitting in Washington, D.C., has issued subpoenas to former officials of Falls Church, Va.-based US Investigations Services LLC, the largest security background-check firm working for the U.S. government, according to the people involved in the matter.

At the heart of the criminal probe, which is being conducted by federal prosecutors and the Federal Bureau of Investigation, are allegations that the company improperly cut corners to boost its processing of background checks, a practice known inside USIS as “flushing,” according to people familiar with the matter. Such activity could violate the False Claims Act, which outlaws actions that defraud the U.S. government.

USIS has been a dominant player in the business of conducting background checks on government employees since the industry was privatized in 1996. Today the company carries out about 45% of the government’s background investigations, according to federal estimates.

Allegations about the firm’s practices came to the government’s attention in 2011 when a fired USIS manager approached investigators, according to former USIS employees. The probe appears to have gained momentum after federal officials revealed at a June Senate hearing that USIS carried out Mr. Snowden’s 2011 security-clearance review. At the time, officials said they uncovered unspecified problems with the review.

 

It’s remarkable that something as sensitive as background checks for Top Secret clearances is farmed out to private contractors. But it’s not a slam dunk that USIS committed fraud. At least as likely is that was facing enormous pressure from its client, the US Government, to speed up the process.

OPM carries out about two million background investigations a year on behalf of the U.S. government for jobs including cafeteria workers at the Pentagon and intelligence analysts working for the NSA.

Depending on the clearance being sought, investigators typically scour applicants’ backgrounds, interview friends and relatives, verify education and work history and look to uncover problems such as criminal records, gambling or excessive drinking that could raise questions about their access to America’s secrets.

Nearly five million people currently hold government security clearances. Clearing a background check can a valuable ticket to lucrative jobs working with the federal government.

After Sept. 11, 2001, demands on the industry exploded as the federal government dramatically ramped up hiring for top-secret national-security jobs.

By 2005, the wait for security clearances had hit more than a year in some cases. Congress passed laws aimed at reducing the time to complete investigations.

It’s simply crazy that we need to conduct two million background checks each year, let alone that five million people currently hold clearances. And, no, that doesn’t include people who have been cleared but no longer work for the government. Clearances expire quickly—usually after six months of non-use. Indeed, I’ve personally undergone six separate background investigations and they start from scratch each and every time. Which, in and of itself, shows how stupid the process is.

I can understand running a routine background investigation on cafeteria workers, janitors, and others who work in buildings where classified materials are stored and utilized. But it strikes me as an enormous waste of resources to conduct a full-on security clearance process for people who won’t actually handle classified documents. It’s not as if people are taking Top Secret documents to the cafeteria to peruse over their lunch; there’s a pretty rigorous process for handling sensitive information.

And, of course, the process winds up being self-defeating. If we need two million people to be cleared every year, we’re naturally going to create a shoddy investigation process. You either hire a massively larger team of people to conduct the investigations—who, of course, must themselves be cleared!—or you make people put in more hours or work faster. All three options lower quality.

 

When the industry was privatized in 1996, USIS went from being a federal operation to an employee-owned business. It now gets 90% of its business from the federal government.

Under the ownership of Providence Equity, which bought USIS in 2007 for $1.5 billion, USIS developed an automated system that allowed reviewers to quickly process cases, according to the former employees. It also established regular revenue goals.

Several of the former employees said they came under pressure to push incomplete checks through the system, despite possible concerns about an applicant’s suitability. It isn’t clear how many investigations were treated this way, a process known within the company as “flushing.”

These former employees said that Bill Mixon, a veteran USIS executive who became president and CEO after Providence took over the company, pushed managers hard to close cases at the end of financial quarters. In one instance, he threatened to fire a USIS division director who didn’t follow his instructions, according to two people familiar with the exchange.

If true, this is black letter fraud. Still, how much of this was a function of trying to maximize profits and how much of it was in response to pressure from the government to speed things up?

FILED UNDER: Intelligence, Law and the Courts, , , , , ,
James Joyner
About James Joyner
James Joyner is a Professor of Security Studies. He's a former Army officer and Desert Storm veteran. Views expressed here are his own. Follow James on Twitter @DrJJoyner.

Comments

  1. Mark Ivey says:

    “If we need two million people to be cleared every year, we’re naturally going to create a shoddy investigation process.”
    ————————–

    But the outsourced contractors still get paid though, business baby yeah.. 🙂

  2. Rafer Janders says:

    It’s remarkable that something as sensitive as background checks for Top Secret clearances is farmed out to private contractors.

    Privatization! Free market! Government is inherently inefficient! Personal anecdote about waiting on line at DMV or Post Office!

  3. Rafer Janders says:

    Nearly five million people currently hold government security clearances.

    The total size of the US workforce is about 150 million people. Account for the fact that many of those jobs are part-time and/or held by the “retired”, teenagers, etc., and it seems that roughly 4-5% of the working US population has some form of security clearance.

    First, frankly, it’s a wonder we keep any secrets at all. And second, this really illustrates the reach of the national security state’s tentacles into American life.

  4. DC Loser says:

    A Top Secret clearance is good for two years after leaving a position requiring one, unless the reinvestigation date is past (they’re good for 5 years).

    The reason the background investigations were outsourced is because the government agencies conducting them, like DoD’s Defense Investigative Service, could not handle the crushing workload, especially after the 9/11 ramp up in hiring in the intelligence community.

    You want to know what is more scandalous about the Snowden case? The continuing reliance of the polygraph in the intelligence community as a vetting tool. Snowden had to pass the NSA’s Full Scope polygraph examination to get his job to access NSA’s systems. Why is that program not investigated for its “failures?” Polygraph tests are a joke, just looking at the spies that have passed them multiple times (Ames, Hanssen, Walker, etc.).

  5. James Joyner says:

    @DC Loser: I’ve had to start from scratch every time, but I’ve tended to have lapses between cleared jobs.

    And, yes, polygraphs are worthless in both directions. Spies make it through and perfectly trustworthy people get weeded out for no apparent reason.

  6. James Pearce says:

    Maybe we could farm these background checks out to the NSA…..

    They’ve got a list of who’s naughty and nice, don’t they?

  7. bill says:

    so snowdens essentially gone and someone needs a patsy trophy? blame game 101, nice.

  8. James Joyner says:

    @bill: In fairness, this investigation started two years before the Snowden leaks.

  9. HarvardLaw92 says:

    Still, how much of this was a function of trying to maximize profits and how much of it was in response to pressure from the government to speed things up?

    I’m not sure that’s germane. Someone either intended to perpetrate a fraud or they didn’t.

  10. James Joyner says:

    @HarvardLaw92: I’m not sure it’s that clear cut. If the client that alleges it’s being defrauded because you’ve cut corners is also the one who’s urged you to cut said corners, it’s hard to argue fraud.

  11. HarvardLaw92 says:

    @James Joyner:

    Eh, not buying it. These investigations take place under a set of specifications that are part of the contractual agreement between the client and the vendor. A client urging you to act expeditiously in the performance of a contractual duty is not an inducement to breach. It’s an inducement to perform.

    USIS is representing to its client that those standards have been met (which is what it does when it approves a candidate for a clearance). Now, I agree that on face it sounds like breach of contract, but in this instance USIS crosses the line into fraud IMO.

    They meet the elements:

    USIS has arguably made a intentional misrepresentation if it knowingly cuts corners in investigating applicants but approves those applicants without having fulfilled its duty in toto.

    The government has relied, and USIS has intended that the government rely, on that misrepresentation (otherwise it becomes non-performance and there is no payment)

    The government has demonstrably been damaged by relying on the misrepresentation.

    AFAICS they’ve done everything that you do when your intent is to perpetrate a fraud.

  12. JohnMcC says:

    Two thoughts: First, that every since I’ve been paying attention to politics — many decades — administrations have been moaning and bitching about ‘leaks’ and promising to find and punish leakers. The Obama administration actually seems serious about it.

    Second, Providence Equity is a global investment firm which has no particular loyalty to the US. The President of Capital Markets Group (a phrase with 1,000 meanings if I ever heard one) is Mr Thomas Gahan, formerly with DeutcheBank.

    One can go on in this vein at some length: The CEO of USIS turns out to be a Mr Sterling E Phillips. Who owns a significant share of Hadron, Inc. Which is associated with several bad children over the years, one of whom, Dr Earl Brian, is the Reaganite who actually met with the Iranians to arrange delivery of missles in exchange for hostages.

    Corruption can occur anywhere but it seems like by granting the contract to USIS, the US Gov’t really increased their risk factors.

  13. Rafer Janders says:

    @James Joyner:

    If the client that alleges it’s being defrauded because you’ve cut corners is also the one who’s urged you to cut said corners, it’s hard to argue fraud.

    We have a saying in business that if you’re the client, you want the work done fast, good, and cheap, but it’s impossible to get all three. You can get any two of the three in whatever combination you want — fast and cheap, cheap and good, fast and good — but all three together? Impossible.

  14. bill says:

    @Rafer Janders: you have to admire the gov’t. for realizing they’re too slow to get out of their own way. and they have a scapegoat if/when something goes wrong- win/win for them.

  15. But it strikes me as an enormous waste of resources to conduct a full-on security clearance process for people who won’t actually handle classified documents.

    Which is more of a waste of resources: getting a janitor a security clearance or forcing several dozen people stop working every time someone has to empty the waste baskets or vacuum?

  16. anjin-san says:

    Personal anecdote about waiting on line at DMV or Post Office!

    I was in line for six minutes at the post office the other day. Sic semper tyrannis!

  17. James Joyner says:

    @Stormy Dragon: The circumstances under which a janitor would have a Need to Know are hard to fathom. Simply having a clearance doesn’t mean you’re cleared to view classified materials for which you have no reason to access.

    When I was a contractor at DISA, we’d have some low level employee escort the cleaning team around. But we didn’t tend to have classified docs sitting around on the desk, either.

  18. DC Loser says:

    All the IC agencies operate in SCIFs where open storage and display of Top Secret documents is allowed. To have uncleared janitors work through those areas would be a huge inconvenience. There is currently one IC building where they use uncleared janitors and it’s a huge PITA.

  19. @James Joyner:

    When I was a contractor at DISA, we’d have some low level employee escort the cleaning team around.

    So you’re worried about wasting resources, but you think, say, paying someone an engineer’s salary to watch a janitor working is okay? And that still doesn’t deal with the fact everyone in the room has to stop, put everything they were working on away, stand around while the janitor comes through, get everything back out, and then try to remember their train of thought from before.

  20. @James Joyner:

    Not to mention, if the janitor’s need to clean to room doesn’t qualify as KTK, why would being the guy who needs to watch the janitor clean the room qualify as KTK?

  21. James Joyner says:

    @DC Loser: Yeah, I can see that. While I had SCI clearance as an Army officer, I’d never heard of a SCIF. I don’t know that we even had them in those days (1988-92). So, essentially, we either viewed them in the vault or were locked and loaded when taking classified docs anywhere else.

    But, yeah, I could see it being a problem in an environment where everyone’s looking at classified material all the time.

  22. James Joyner says:

    @Stormy Dragon: It wasn’t a SCIF environment. You had to have at least a SECRET clearance to work there, access SIPRNET, etc. but we didn’t have classified docs laying around on a routine basis.

    I thought the escort thing was stupid, since we weren’t a 24/7 operation and there was no obvious-to-me reason why the janitors had to be there during the workday. Also, if I recall correctly, the janitors weren’t employees but rather contract labor. Not contractors in the sense that I was—essentially a civil service employee without job security—but rather people who worked for a janitorial service. Employees of that sort of business tend not to stay around long, so it would have been prohibitively expensive to get them cleared.

  23. @James Joyner:

    I thought the escort thing was stupid, since we weren’t a 24/7 operation and there was no obvious-to-me reason why the janitors had to be there during the workday.

    Yeah, I don’t see anyway letting uncleared people wander around a secured area alone in the middle of the night could possibly lead to any breaches.

  24. James Joyner says:

    @Stormy Dragon: But, again, this wasn’t an environment where people were dealing with classified info on a routine basis. And, certainly, nobody was allowed to leave it laying out on the desk at night; it had to be checked back in.

  25. @James Joyner:

    Yes, but people make mistakes and accidents happen from time to time. I’d bet money there were regular incidents of people forgetting to check something back in and leaving it lying on their desk overnight by mistake.

  26. ratufa says:

    @James Joyner:

    I thought the escort thing was stupid, since we weren’t a 24/7 operation and there was no obvious-to-me reason why the janitors had to be there during the workday.

    In this sort of situation, the main issue is not that somebody might leave unsecured sensitive documents sitting on their desks, overnight (though, that possibility can’t be ignored — security protocols have to take into account the possibility of human errors of that kind). The big problem is that many/most/all people in secured environments have computers on their desks, and somebody with unsupervised physical access to such computers can do all sorts of things to gain information. For example, installing some keyghost-like logger, or physical modification of a keyboard, or replacing a network switch/hub with one that logs traffic, or inserting a flash drive that uses AutoRun to install malware (there are ways to bypass some of the protection mechanisms against this sort of thing). Also, even brief access to the site’s internal network by a hostile party could directly lead to information compromise or provide information that would assist future attacks..

    This doesn’t include the risks of someone installing eavesdropping equipment in the office itself in order to record conversations or bypassing whatever physical security is used to protect sensitive documents when they’re not on someone’s desk.. The point is that, in a security-conscious environment, it is negligence to not supervise janitorial staff when they do their job in areas with computers that are able to access sensitive information or where such information is stored or discussed.

  27. we'll see says:

    USIS doesn’t clear people. They follow OPM guidelines and do an investigation. They send a completed case to OPM who does a final review. Then Opm sends the case to the requesting agency and that agency decides to sponsor the clearance or not. USIS doesn’t do CIA backgrounds so if he was there first the CIA would have granted his clearance then when he went to NSA, they would have requested his reinvestigation (after 5 years for TS) through OPM and they apparently assigned this to USIS. So after the reinvestigation the case would go from USIS to OPM for review then to the NSA for THEIR decision on whether to continue to sponsor the clearance. So I’m sure USIS is lonely under the bus! The problem I see is that clearance is decided by individual agencies determination and there is no set standard and are handed out at individual agencies discretion. All in all the USIS investigation could’ve been rushed since they are profit driven but they are not the final word in who gets a clearance. Thanks.

  28. anjin-san says:

    I am going to wander off topic and go back to the recent conversation about humans giving the earth value and the question of animals being able to form value judgements:

    If animals can’t place value on anything, why do cross species friendships exist?

    Highly recommended.