Whatever you think about NSA leaker Edward Snowden and his outlook on government secrets, it's pretty clear that from a human-resources perspective, he was a terrible hire. Just weeks after starting his job at Booz Allen Hamilton, Snowden took medical leave — then fled the country with top secret documents he had pilfered while on Booz Allen's dime (and, by extension, the taxpayers').
Lots of questions remain about Snowden's hiring: Like how a relatively low-level IT contractor like Snowden got access to such sensitive information, why Booz Allen put a guy with apparently a high school education in such a position, at $122,000 a year, and whether the other 480,000 government contractors with top-secret clearance pose a similar threat.
If the NSA knows the answer to the first question, it isn't saying so. Reuters has some new insights into the second question: Snowden appears to have padded his résumé a bit, according to "a source with detailed knowledge of the matter." He claimed to have taken computer-related courses at Johns Hopkins and a University of Maryland campus in Japan, and "estimated" that he would receive a master's degree in computer security from Britain's University of Liverpool sometime this year, Reuters says. That information "did not check out precisely," according to Reuters' source, but was close enough to get him the job. And obviously, Snowden knows his way around computer networks.
The answer to the question about the rest of the country's government contractors isn't encouraging, if you think America's spy agencies should keep secrets. Roughly 4.9 million people have some level of U.S. security clearance — classified, secret, or top secret — and the federal Office of Personnel Management, which oversees 90 percent of the government's security background checks, farms out a lot of that vetting to private companies. The biggest, USIS, re-authorized Snowden's top secret clearance in 2011.
And it may not have done a stellar job. "We do believe that there may be some problems" with Snowden's 2011 background check, OPM Inspector General Patrick McFarland told a Senate hearing on Thursday. McFarland declined to elaborate, but it also came out yesterday that USIS has been under criminal investigation since late 2011, for allegedly systematically performing inadequate background checks. (USIS says it was never informed that it is the subject of a criminal investigation.)
USIS isn't alone in its faulty practices. The company — started by former OPM employees in 1996, sold to private equity firms Carlyle Group and Welsh, Carson, Anderson & Stowe in 2003, then resold in 2007 to private equity firm Providence Equity Partners, which merged it with HireRite and Kroll under the umbrella Altegrity Inc. — conducts 45 percent of the background checks contracted out by OPM. USIS earned $200 million last year. But the whole process of government vetting is flawed to a dangerous degree, McFarland told the Senate hearing:
"There is an alarmingly insufficient level of oversight of the federal investigative-services program.... A lack of independent verification of the organization that conducts these important background investigations is a clear threat to national security." [Via The Wall Street Journal]
In one example cited by McFarland, an unidentified woman at an unidentified vetting company fabricated 1,600 credit reports. And "in an ironic twist," says Kevin Liptak at CNN, "the background check used to hire her was also found to be false." In all, 18 workers — seven contractors and 11 federal workers — have been criminally convicted of falsifying records while conducting background checks since 2007.
McFarland says there are 36 cases pending, but his office lacks the resources to clear the backlog. "I believe there may be considerably more," he said on Thursday. "I don't believe that we've caught it all by any stretch."
Why did the government start outsourcing its security-clearance vetting? "The idea was to harness the efficiencies of the private sector to get rid of the backlog of security clearances," Dan Gordon, a former top procurement official in the Obama administration, tells Bloomberg.
But efficiencies sometimes come at a cost, says Dion Nissenbaum in The Wall Street Journal, and "one concern for lawmakers is the pressure on contractors to quickly complete cases to bring in more money for their firms."
One answer to the sloppy screening that may have missed some red flags with Edward Snowden, then, would be to stop outsourcing America's security-clearance vetting to for-profit companies owned by private equity firms. That said, 11 of the 18 people busted for fabricating records were federal employees. And its not clear any screening criteria would have caught Snowden.
Another idea: The government could keep fewer secrets, lessening the need for so many background checks — and the $1 billion a year they cost us. Case in point: The widely acknowledged drone program that was an official U.S. secret for so long. And while some of Snowden's leaks very likely have affected national security, others seem relatively benign. On Thursday, for example, The Guardian published documents from Snowden that explain the rules for NSA retention of "incidentally" snagged records of U.S. persons.
"I can't imagine there's great harm to national security from these rules being out," William C. Banks, an expert on national security law at Syracuse University College of Law, tells The New York Times. "If this helps us learn more about what the government's doing, that's probably a good thing."