Publications Index

Publications

 

SECURITY CLEARANCE CHANGES AND CONFUSION
IN THE INTELLIGENCE REFORM ACT OF 2004

Sheldon I. Cohen[1]

 The Intelligence Reform Act signed by the President in December, 2004 effected one of the most significant changes in the organization of the intelligence community since 1947.[2]  One section of the Act, Title III , entitled “Security Clearances”, reorganizes the entire national security clearance system. This change received practically no attention either in Congress or in the public discussion during the 9/11 Committee hearings.  Because this subject was not fully explored in either the House or Senate Hearings or during floor debate, there are contradictory sections of the Act which assign responsibilities for security clearance policy and procedure to various authorities.  These remain to be resolved. 

The origin of the security clearance reorganization is found in a recommendation of the 9/11 Commission.  Its purpose was to  accelerate the processing of national security appointments in order to improve transitions to new officials in case of a catastrophic attack.[3] The 9/11 Commission recommended that: 

a single federal agency should be responsible for providing and maintaining security clearances, ensuring uniform standards - including uniform security questionnaires and financial report requirements, and maintaining a single database.  This agency can also be responsible for administering polygraph tests on behalf of organizations that require them.[4]

This recommendation resulted in Bills introduced in both the House and Senate to reform our national intelligence structure with somewhat similar provisions.  Although there was vigorous debate on many of the intelligence reforms, the security clearance reorganization version in the Senate Bill was accepted without any real discussion.[5] 

     The Act calls for reciprocity of security clearance and access determinations, establishment of a national database, use of all available technology in clearance investigations, and reduction in the length of time required for personnel security clearances to be investigated and adjudicated.  

Under the new law the President must, in a two-step process, first select a single entity which will be responsible for overall security clearance direction and policy, and, then in consultation with that entity, select a single investigative agency which will be solely responsible for investigations.[6]  Title III of the Act, requires the President, within ninety days after its enactment, to select a “single entity”, either a department, agency or element of the Executive Branch, to: (1) direct day-to-day oversight of investigations and adjudications for personnel security clearances; (2) develop and implement uniform and consistent policies and procedures for completion of security clearances, and access determinations to highly sensitive programs; (3) serve as the “final authority” to designate an authorized investigative agency or authorized adjudicative agency; (4) ensure reciprocal recognition of access to classified information among agencies of the Federal Government;(5) ensure “to the maximum extent practicable,” that sufficient resources are available in each agency to achieve clearance and investigative program goals; and (6) review and coordinate the development of tools and techniques for enhancing the conduct of investigations and the granting of clearances.[7]

The Act further directs the President, “in consultation with” the head of the “single entity,” not later than 180 days after its enactment, to select a single agency in the Executive Branch to conduct “to the maximum extent practicable” security clearance investigations.[8]  The head of the “single entity” can also designate other agencies to conduct investigations if it is  considered “appropriate for national security and efficiency.”[9] Thus, the agency selected to conduct investigations will have sole authority, except for all of the other agencies that the entity may select, to conduct investigations if considered appropriate for national security and efficiency.[10]  What the Act giveth, the Act taketh away.    

There are further incongruities in the Act.  Section 3001 directs the President to select an “entity”, which may be a department, executive agency, military department, an element of the executive branch or an element of the intelligence community to be responsible for developing and implementing uniform and consistent policies and procedures for security clearances and determinations for access.[11]  However, earlier in the Act, the Director of National Intelligence, a new position issued by the Act, is given the authority to “establish uniform security standards and procedures.”[12]  Since the “entity” does not report to the Director or National Intelligence, how these responsibilities will be divided is anyone’s guess.

The entity selected by the President is responsible for day-to-day oversight of investigations and adjudications of all personnel security clearances, including “highly sensitive programs”.[13]  Such programs include Special Access Programs (SAPS), i.e “black box” programs, and restricted data under the Atomic Energy Act administered by the Department of Energy. They also include Sensitive Compartmented Information (SCI), i.e. intelligence information, access to which is now controlled under guidelines issued by the Director of Central Intelligence.[14]  Until now, the agencies controlling these highly sensitive programs have been adamant in not relinquishing control of their personnel security clearances,  and have declined to recognize each others clearances, resulting in  new investigations, new polygraph tests and new standards each time a person moves from one program to another.  This reluctance has sometimes resulted in a clearance being granted by one agency and denied by another with no change in the background of the person under consideration - all despite the establishment of Uniform Guidelines for determining eligibility for access to classified information under a 1995 Executive Order which has not been amended.[15]   

The Act, in “ensuring reciprocal recognition”, does not require that there be a single clearance determination binding on all agencies.  What is new is, if there is a dispute among agencies concerning  recognition of another agency’s clearance, the “entity” will act as the final authority to arbitrate and resolve disputes involving the reciprocity of security clearances and access to classified information.[16]   How practical this will be remains to be seen.  Any arbitration will be between agencies, and the individual concerned  probably would have no standing to invoke an arbitration.  An agency would really need a great interest in one of its people having access to another agency’s information to demand arbitration.  Faced with an inter-agency arbitration, the sponsoring agency could just as easily send another person to fill the slot. 

The Act calls for the entity to serve as the final authority  to designate “an authorized investigative agency” and “an authorized adjudicative agency”, the implication being that there would be one of each to avoid the fragmentation that exists today.[17]  However, the Act provides a loophole.  The President is to select, in consultation with the “entity”, a single agency “to the maximum extent practicable” to conduct security clearance investigations.[18]  Presently, there are numerous investigative agencies, including the Defense Security Service (DSS), the Office of Personnel Management (OPM), the FBI for its personnel, as well as each of the intelligence agencies. There are also multiple adjudicative agencies, including the Defense Office of Hearings and Appeals (DOHA) for government contractors, and eleven DOD Central Adjudicative Facility’s (CAF’s) for military personnel and civilian employees.  The intelligence agencies each also have their own adjudication facilities.  

The Act allows the head of the entity to designate other agencies to conduct investigations if he or she “considers it appropriate for national security and efficiency purposes.”[19]  These are highly flexible terms.   Not only does the Act give the head of the entity powers coextensive with the President, to select investigative agencies, it also allows the current fragmented clearance process to continue. 

The Act further provides that an authorized investigative agency’s background investigations are transferable to any other authorized investigative agency.[20]  It is hard to imagine an intelligence agency or DOE willingly giving up to OPM, DSS or even any other intelligence agency, its authority to conduct its own investigations.  

To further add to the confusion, the Act requires that all security clearance background investigations and determinations completed by an authorized investigative agency or authorized adjudicative agency must be accepted by all agencies.[21]  One possible but not desirable solution would be to establish a single highest common standard for all clearances, the effect of which would be to issue to people needing only “Confidential” access, a clearance only if they met the standard for Special Access Programs.  Another possibility would be for a single investigative or adjudicative agency to have different degrees of strictness in the application of a single standard for different levels of clearances.  That is, in reality, what has been the practice since the Uniform Guidelines for Access to Classified Information were adopted in 1996.  Why there is a provision in the Act for arbitration between agencies is not clear, if every agency is required to accept the determination of another authorized investigative or adjudicative agency.

Uniform standards and procedural requirements are currently specified in Executive Order 12986, and Uniform Guidelines for determining eligibility for access have been issued under it.  Those requirements and Guidelines may be continued or may be modified by some future Executive Order.  The Act directs that an authorized investigative agency or an authorized adjudicative agency may not establish addition requirements which exceed the Executive Order (other than for the conduct of a polygraph) except as the head of the “entity” considers necessary for national security purposes. [22]  Thus, the Act again gives the head of the entity, a member of the Executive branch, the authority to exceed the authority given to the entity by the President, if the head of the entity considers it necessary.  

Nevertheless, despite the ambiguities, the goal of reciprocal recognition of clearances and access has been substantially furthered by the Act.  It requires that the background investigations and clearance determinations completed by an “authorized investigative agency or authorized adjudicative agency” be accepted by all agencies.[23]  This includes an executive agency, a military department, or an element of the intelligence community.[24]  Background investigations started by one authorized investigative agency are transferrable to another. [25]  An authorized investigative or adjudicative agency may not conduct an investigation or an adjudication where a current investigation or clearance of an equal level already exists, or has been granted by another authorized adjudicative agency.[26]  All of this fine-sounding reciprocity may be ignored, however, when the head of the entity determines that such action is necessary for national security purposes.[27]  The required reciprocity is also weakened in the Act by the entity being directed to establish a procedure for an agency to challenge a reciprocity requirement.[28] 

A centralized database is directed to be established within twelve months after enactment of the Act, to be operated by the Office of Personnel Management.  That database is to record the granting, denial or revocation of security clearances for all military, civilian or government contractor personnel from all authorized investigative and adjudicative agencies.[29] The database is to integrate existing Federal clearance tracking systems such as the Defense Clearance and Investigations Index(DCII) maintained by DOD, and the Security Investigations Index (SII) maintained by OPM. This process has been ongoing since prior to the Act, but it not clear to what extent independent databases such as those maintained by the intelligence agencies or the FBI have thus far been integrated.  

The serious problem of delay in investigating and adjudicating clearances is finally addressed in the Act.  It has been reported that DSS has had a backlog of investigations, at times exceeding 300,000 cases, its two year caseload.  Investigations have been transferred from DSS to OPM and back again in an effort to reduce the backlog.  Cases languish for two or more years during the course of a routine investigation, and if referred for adjudication, may be delayed for more than a year at DOHA before appeals are exhausted, or twice that long at the CIA. In the meantime, government and contractor personnel cannot be assigned to the tasks for which they were hired, persons whose clearances have been suspended are put on indefinite unpaid leave until there is a final adjudication, employees move on to other jobs because they get tired of waiting and contractor employees just get fired. 

The Act tries to address this problem by requiring the head of the entity to develop a plan with 90 days after he or she is selected, which will require that 90 percent of all applications will have a determination completed within an average 60 days after receipt of the completed application.[30]   Not more than 40 days is to be used for the investigation and not more than 20 days for  adjudication.  

The plan need not take effect, however, until five years after date of enactment of the Act.  There is a stepped up implementation.  Within two years after enactment, each adjudicative agency must complete 80 percent of its adjudications within 120 days after receipt of the completed application, which would include 90 days to complete the investigation and 30 days to complete the adjudication.[31]     

This sounds like a bold move forward until you parse the numbers. Ten percent of the applications are not included in the average and have no time limit except that they “shall be made without delay.”[32]  Of the 90 percent required to be completed within the 60 day “average”, a substantial number, perhaps half or more will take more than 60 days. The natural effect on any agency trying to meet its numbers will be to put the easy ones in front of the queue, resulting in the difficult ones falling further and further behind.

CONCLUSIONS 

What has the Act accomplished?  Surely, there now will be someone in charge of the entire security clearance process. The last time the National Industrial Security Program was revised in 1993, it was by a committee of industry representatives and the interested agencies appointed the White House.  The last time the Executive Order and personnel security Guidelines were revised was by an interagency drafting committee in 1995.   Until now the Director of the CIA, wearing the hat of Director of Central Intelligence, set the standards for SCI access.[33]  DOD set the standard for virtually every other agency, except the FBI and DOE which went their own ways.[34]  The designated entity is now intended to coordinate and direct the entire process. 

What is not likely to be accomplished?  Although the Act speaks of a single investigative agency and a single adjudicative agency, clearly there is provision for more than one and perhaps many of each.  The Act allows for different standards  for different types of clearances, and for polygraphs for “highly sensitive programs” which is the format that presently exists.  Also, it is hard to imagine that the intelligence agencies will relinquish control of their investigations and adjudications to non-intelligence agencies such as DSS, OPM or DOHA.  

For every requirement imposed by the Act, there is an  out.  The designated entity shall ensure “to the maximum extent practicable”, that sufficient resources are available.  The President is to select a single agency in the Executive Branch to conduct security clearance investigations “to the maximum extent practicable”.  The head of the entity may designate other agencies to conduct investigations if he or she “considers it appropriate for national security and efficiency purposes.”  The agency selected to conduct investigations will have sole authority, except for all of the other agencies that the entity may select to conduct investigations if considered appropriate for national security and efficiency.

The Act in “ensuring reciprocal recognition”, does not require that there be a single clearance determination binding on all agencies but allows for arbitration to resolve disagreements. It directs that an authorized investigative agency or an authorized adjudicative agency may not establish addition requirements which exceed the Executive Order (other than for the conduct of a polygraph) unless the entity head considers it necessary for national security purposes.  All of the Act’s requirements for reciprocity may be ignored when the entity head determines it to be necessary for national security purposes.  The ten percent of the clearance applications not included in the 60 day average for completion have no time limit, except that they “shall be made without delay.”[35]  

There currently exists all of the elements of the new organizational structure and it is unimaginable that these elements would not be reorganized in some form to meet the requirements of the Act.  The primary organization for resolving contractor clearances is DOHA and it will most likely continue to have that responsibility.  The various Central Adjudication Facilities, with their experienced personnel and institutional knowledge, will certainly be retained and may be consolidated in some fashion to serve as a single adjudicative body for collateral clearances for  military personnel and civilian government employees.  There could be a consolidation of access determinations for the “highly sensitive programs” such as SCI, Restricted Data under the Atomic Energy Act and Special Access Programs.  It is to be expected that all organizations and personnel currently involved with security investigations and access determinations will be included in whatever new structure results from the act.   

There are “sensitive” positions which do not deal with  classified national security information, but with essential parts of the government infrastructure such electronic data bases and networks, and information concerning the nation’s industrial base. “Suitability” determinations, i.e., background reviews for such  positions could be determined either by other organizations or included in the centralized structure for security determinations.

With all the loopholes in the Act and opportunities for delay and obstruction, implementation of the goals of standardization and reciprocity can only be achieved by cooperation among the agencies which, unfortunately, history does not predict.  A strong entity will be needed to avoid turf battles and resolve disputes.  If standardization and reciprocity is not achieved, the goal of the 9/11 Commission and the many commissions before it, to streamline the security clearance process to get necessary people in quickly place, will not be met. 

nas.01s

 
 

[1]           The author is in the private practice of law in Arlington, Virginia.  He is the author of Security Clearances and the Protection of National Security Information: Law and Procedures, 335 pp., published by the Defense Personnel Security Research Center, Technical Report 00-4, November, 2000. It is available online from the United States National Technical Information Center, www.ntis.gov, Accession Number ADA 388100. The author may be contacted at www.sheldoncohen.com.

[2]           Intelligence Reform and Terrorism Prevention Act of 2004, PL 108-458 (Dec. 17, 2004).

[3]           Final Report of the National Commission on Terrorist Attacks Upon the United States, p.422 (Government Printing Office, 2004).

[4]           Virtually the same recommendations were made in the  Report of the Commission on Protecting and Reducing Government Secrecy, in 1997 (Also know as the Moynihan Commission Report)(Govt. Printing Office 1997).

[5]           The House Bill, H.R. 10 (108 Cong., 2d. Sess.), entitled  the “9/11 Recommendations Implementation Act”, contains Title V, Subtitle F, § 5072, “Security Clearance Modernization”.  The Senate Bill S.2848, entitled the “Intelligence Reform and Terrorism Prevention Act of 2004", contains a similar Title III, entitled ”Security Clearances”.

[6]           Section 5072 of the House Bill would have created a new position, Deputy National Intelligence Director for Community Management and Resources, to be responsible for these duties.  Section 5077 would have required the President-elect to submit the names of candidates for high level national security positions as soon as possible after the date of the general election for President and before the inauguration.

[7]           P.L. 108-485, § 3001(b).  (Unless otherwise noted, further section references are to P.L. 108-485).

[8]           § 3001(c)(1).  The House Bill did not contain a similar requirement.  It authorized the Deputy National Intelligence Director appointed under § 5071 to designate the authorized investigative agency and authorized adjudicative agency. See, H.R. 10, § 5072(3).

[9]           Ibid.

[10]          § 3001(c).

[11]          §§ 3001(a)(1); 3001(b)(2).

[12]          § 1011(a), amending § 102A(g)(1)(A) of the National Security Act of 1947 (50 U.S.C. §§ 402 et seq.).

[13]          § 3001(b)(1).

[14]          Director of Central Intelligence Directive 6/4 (DCID 6/4).

[15]          Executive Order 12968 (1995).  The Guidelines are published at 32 C.F.R. Part 147 and are incorporated verbatim in DCID 6/4, Annex C.

[16]          § 3001(b)(4).

[17]          § 3001(b)(3).

[18]          § 3001(c)(1).

[19]          Ibid.

[20]          § 3001(d)(2).

[21]          § 3001(d)(1).

[22]          § 3001(d)(3).

[23]          § 3001(d).

[24]          § 301(a).

[25]          § 3001(d)(2).

[26]          § 3001(d)(4).

[27]          § 3001(d)(5).  The House Bill did not provide for an override by the Deputy Director.

[28]          § 3001(d)(5)and (6).

[29]          § 3001(e).

[30]          § 3001(g)(1) and (2).  The House Bill would have required a determination on all applications within 60 days.  H.R. 10 § 5076.

[31]          § 3001(g)(3).

[32]          § 3001(g)(2)(B).

[33]          DCID 6/4 is the government  standard for SCI.

[34]          DOD Directive 5200-2 and DOD Regulation 5200-2R establish the personnel security program for DOD and its agencies.   These standards are applied by DOHA to its contractor adjudications and to contractors of twenty-one other agencies under DoD Directive 5220.6, and a Memorandum of Understanding with those other agencies.  

The Nuclear Regulatory commission’s regulations are at 10 C.F.R. Part 10.  Background investigations by the FBI of its employees are conducted in accordance with Part 67 of the FBI Manual of Investigative guidelines (MIOG).

[35]          § 3001(g)(2)(B).

 Copyright © Sheldon I. Cohen

 

 

 
Submit Information About Your Problem