http://www.nytimes.com/2001/08/28/opinion/28BAMF.html?searchpv=nytToday By JAMES BAMFORD August 28, 2001 WASHINGTON -- Last Thursday, when Brian P. Regan entered a metal detector at Dulles airport in Washington, he held a high security clearance and worked at one of the nation's most sensitive intelligence agencies. Before he could reach his plane he was under arrest for conspiracy to commit espionage. Grabbed by the Federal Bureau of Investigation as he was about to board a flight to Switzerland, Mr. Regan became the latest in a long line of people accused of marketing America's deepest secrets in this case, according to news reports, to Libya. Despite the end of the Cold War, the selling of secrets by those entrusted with them continues unabated. Between 1982 and 1999, according to the General Accounting Office, 80 federal employees and contractor personnel were convicted of espionage. Yet the thinking of those responsible for plugging the leaks remains frozen somewhere in the 1950's. The main problem is that our government focuses almost exclusively on the initial security clearance process. Joining the intelligence community is like trying out for a fraternity. The prospective employee must undergo a rugged pledge period during which his finances are examined, his neighbors questioned, his background searched and finally, after a heart-pounding, perspiration-inducing session with the polygraph operator, he is given thumbs up or thumbs down. Once he is admitted, except for a routine check every five years (for top-secret clearances), his worries are over. Unfortunately, this method is nowhere near sufficient. John Walker in the Navy, Aldrich Ames in the C.I.A., Robert Hanssen in the F.B.I., and on and on all successfully passed the clearance process and then, years into their careers, decided to sell out. At that point, with counterspy procedures focused on the new recruits, they simply emptied the warehouse. The arrest of Brian Regan underscores just how broken the clearance process has become. Until last August, when he retired from the Air Force and left his job at the National Reconnaissance Office, he held one of the highest clearances in the country, Top Secret Sensitive Compartmented Information. He was employed at an agency that, until a few years ago, no outsider was even allowed to know existed, and he was granted access to a computer system, Intelink, containing many of the spy world's most valuable secrets. Meanwhile, by February 2001 his consumer debt had climbed to $53,000. In June, when he returned to the N.R.O. as a civilian, he got his clearance back. By then, however, he was already under suspicion by the F.B.I. Given the state of the agency charged with most security clearance investigations, it is easy to see how potential problems slip through. Overworked and underfunded, the Defense Security Service, which handles investigations for the Department of Defense, has pushed incompetence deep into uncharted territory. In a 1999 study, the Government Accounting Office called the agency's performance "a risk to national security by making DOD [the Department of Defense] vulnerable to espionage." It then backed up the charge with statistics. For example, in the more than 500 cases they reviewed in which clearances were granted, 92 percent were based on incomplete investigations. Also, the agency was so far behind in required reinvestigations that no one really had any idea of the number that were overdue somewhere between 600,000 and 700,000. But considering that 94 percent of the reinvestigations reviewed by the G.A.O. were deficient, it probably makes little difference. Given the sad state of the government's clearance process, it is time to do what the commercial world does consider everyone a potential crook. Merchandisers do not have the luxury of giving everyone who enters their stores a background investigation and polygraph exam. Instead, they let everyone in and then develop ways to prevent customers and employees from walking out with the goods. Because it is either this or go out of business, they are far ahead of government in product control. If someone attempts to walk out of Barnes & Noble with an unpurchased book, an alarm will go off. It makes no difference whether the thief holds a top-secret clearance or just got out of Sing Sing. Employees also must go through routine bag checks in many large retail establishments prior to leaving for the day. Sensitive government agencies have never developed similar security procedures. Everyone has a clearance appropriate to his or her level of access, the philosophy goes, and thus can be trusted. So there is no need for additional controls. That is why William Kampiles was able to walk out of C.I.A. headquarters in 1977 with the operations manual to the KH-11 spy satellite one of the most secret documents in government stuffed under his jacket. He probably had less fear of detection than someone would swiping a cookbook from Borders. It is also why Robert Hanssen was able to leave F.B.I. headquarters with enough secret documents to fill large green garbage bags. And Jonathan Pollard filled suitcases with documents for his Israeli handlers, more than half a million pages in all. In this most recent case, Brian Regan is suspected, to judge from the F.B.I. affidavit, of removing spy satellite photos and C.I.A. reports from the National Reconnaissance Office. In espionage, such documents are the coin of the realm. Russian intelligence, for example, has little enthusiasm, let alone capability, for debriefing volunteer spies, who likely have limited or faulty memories. Intelligence agencies are interested in reports, messages, photos and intercepts. If you prevent the documents from leaving, you prevent the espionage. Yet even at C.I.A. headquarters there is no such thing as bag checks for exiting employees. At a minimum, intelligence agencies should begin by adopting some of the techniques used by private industry. The most sensitive manuals and reports can be magnetized and detectors placed at exits. Employees should undergo bag checks. Eventually, methods should be developed to scan employees electronically for any indication of hidden documents, discs or other items, and greater controls can be placed on copying machines. By tightening up on unauthorized removal of information, it may be possible to do away with antiquated, less reliable, and odious forms of security. This includes the polygraph, which gets it wrong and may destroy careers about 10 percent of the time. The savings from abandoning such methods could help finance research into document control. Brian Regan has a wife and four children. If the charges are true, perhaps better document controls might have deterred him. And his family would not now be passing through the gate to what will probably be a long and ugly nightmare. James Bamford is the author of "Body of Secrets: Anatomy of the Ultrasecret National Security Agency, From the Cold War Through the Dawn of a New Century.'' - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Wed Aug 29 2001 - 07:41:38 PDT