The Need to Know

hree years ago this month, Aldrich Ames was arrested for swapping information about U.S. intelligence operations for about $ 2 million, first to the Soviet Union, then to Russia. Almost overnight, the veteran employee of the Central Intelligence Agency became one of this nation's most notorious spies. Indeed, the gravity of Ames' betrayal earned him equal billing with Benedict Arnold, a name linked with treason for more than 200 years.

While it's clear now what Ames did and the massive damage he caused, what's unknown to scores of federal executives is how Ames' crimes could affect their lives. Because of Ames, the executive branch has set about trying to right all that was wrong with its personnel security system. A glaring shortcoming, officials determined, was the lack of a procedure to track how employees with access to highly classified material make and spend their money.

Their efforts culminated in August 1995 with President Clinton's executive order 12968, "Access to Classified Information." The order made clear that to obtain a security clearance, federal employees as well as private sector workers would have to permit the government virtually unlimited access to their financial records. In particular, the order directed the U.S. Security Policy Board, a group chaired by the deputy Defense secretary and the director of central intelligence, to develop a financial disclosure form that would be required of those privy to the nation's most sensitive secrets, like nuclear weapon designs and the identities of covert agents. A pool of at least 50,000 to 60,000 employees, many of them senior government executives, would have to fill out the form. The Security Policy Board was given 180 days to craft a standard form that would be used by all government agencies.

Now, nearly a year and a half later, there is no such document, and it's unclear whether there ever will be one. There are, however, plenty of questions as to whether a form makes any sense at all. Early last year, the interagency group assigned to produce the form, the Personnel Security Committee, determined it "would not meaningfully enhance personnel security." The committee, which operates under the auspices of the Security Policy Board, voted overwhelmingly to recommend to the White House that the requirement for financial disclosure "be deleted."

While no such recommendation has yet been made and no relief has been granted, those close to the effort doubt whether a financial disclosure form will work. "I personally am not particularly impressed with the form," says Peter Saderholm, the Security Policy Board's staff director. "But I remain willing to be convinced that that's the most useful mechanism."

For now, the Personnel Security Committee, Saderholm and his staff push on, attempting to develop a financial disclosure form that will be not only acceptable to a broad range of federal agencies with different interests but also to the private sector firms that would be covered by disclosure requirements.

"I think it is appropriate for people with a security clearance, particularly ones that deal with sensitive information, to live within their means," Saderholm says. "Therefore, it is incumbent on the system that provides them that security clearance to have some understanding as to how they're living. I have no problem with that. I just think we need to do this in a fashion that is effective and also is the least intrusive."

Spies Lie

Just as supporters of financial disclosure cite the Ames case as the reason a governmentwide reporting system is necessary, opponents say the case is proof such a program won't work. Agents willing to betray their country are no more inclined to fill out a financial disclosure form honestly than they are to turn themselves in. In August 1994, after his conviction, Ames told congressional investigators financial disclosure is worthless if a spy makes a serious effort to cover his tracks. Ames, a GS-14 who lived in a half-million dollar home and drove a Jaguar automobile to work, made no such effort.

For the CIA, financial disclosure is not new. The agency has had a program in place for several years and expanded the number of people covered after Ames was arrested. Before Ames, senior agency executives and some GS-15s in sensitive posts were required to submit a form and keep it regularly updated. Following Ames' conviction, the program was "expanded geometrically," says CIA spokesman Dave Christian. It now includes all CIA employees, contractors and consultants.

Harold James Nicholson, the CIA officer arrested last November for espionage, filed a personal financial form with the CIA in 1995. Ultimately, the statement helped show that Nicholson had no outside business interests or sources of income that accounted for the large sums of cash he was depositing in his bank account. Yet the forms themselves didn't tip investigators off to Nicholson's spying. Rather, polygraph examinations that were part of his routine security clearance updates alerted the agency that something was amiss, according to the FBI's affidavit detailing the charges against Nicholson.

More useful to the CIA was the ability to obtain, without Nicholson's knowledge, records of his bank transactions. President Clinton's executive order requires those with security clearances to permit their federal employers access to their bank accounts, credit histories, and travel records. Agencies may obtain this information if, as in Nicholson's case, there are grounds to believe the employee is a spy or could be recruited as one. While the requirement for a financial disclosure form touched a nerve, few objections were raised to the account access provision.

In the case of Earl Edwin Pitts, the senior FBI agent who was charged last December with selling secrets to the Russians, it wasn't reams of financial data that led investigators to their suspect. Rather, a former Soviet attache told federal agents Pitts was a spy, and he was brought down by a lengthy sting operation.

Given its experience, the CIA has been a key source of information in the effort to install financial disclosure governmentwide. Internal government documents indicate the program has been difficult to implement.

According to the minutes from a February 1996 Personnel Security Committee meeting, a CIA official briefed the panel on the agency's financial disclosure effort. "The program required a minimum of 32,000 staff hours and cost at least $1 million to implement," the minutes read. "The agency received up to 200 calls per day with queries regarding the program. Nearly a quarter of all forms received contained errors. The process has thus far had an 88 percent response rate; it appears that noncompliance is the result of administrative problems rather than any widespread refusal to comply with the requirement."

If the CIA has had this much trouble, implementing financial disclosure at the Defense Department, for example, would be a monstrous challenge. DoD has a far larger group of personnel that could be covered by the disclosure requirement. Government officials say every effort will be made to limit the number of public and private sector employees covered, yet the final tally depends on just how aggressively agencies want to implement the requirement.

"The intent is to keep the group subject to the form as small and tight as possible," says Peter Nelson, deputy director for personnel security in the office of the assistant secretary of Defense for command, control, communications and intelligence.

No one is more upset at the prospect of a widespread new financial disclosure system than defense contractors, since many of their workers would be covered. Before Clinton signed the executive order, a consortium of defense trade associations told National Security Adviser Anthony Lake that the disclosure requirement was "overly intrusive," and warned it would increase the cost of government contracts as well as discourage the best and brightest from pursuing careers in national security.

Concerns over the form fall into four basic areas: the potential burden of completing the detailed documents and keeping them regularly updated, finding the resources required to collect and manage the reports, protecting the information, and ensuring that whatever form is developed is not overly intrusive. The executive order provides no detail on any of these points, a shortcoming not lost on the Personnel Security Committee. "EO 12968 requires the [Security Policy Board] to develop a financial disclosure form; however, a form without an attendant process for dealing with the information it collects has no value," the committee's meeting minutes state.

Big Brother?

The Ames and Nicholson cases proved, once again, that the government must carefully examine who it allows to handle the country's secrets. The trick is to balance what the government really needs to know against an employee's right to privacy.

The White House isn't alone in its quest to crack down on would-be spies. Clinton's executive order on security clearances was prompted by Congress, which was also embarrassed by Ames' treason. In the 1995 Intelligence Authorization Act, lawmakers called on the president to create the governmentwide financial disclosure system.

Carol Bonosaro, president of the Senior Executives Association, which represents federal executives at various agencies, worries that Congress and the administration may have laid the foundation for a system that will become so cumbersome that trustworthy employees will find it difficult to keep up with all the requirements. And honest mistakes, she says, could lead to unwarranted investigations.

"I think Congress and the administration tend to legislate and regulate based on worst case scenarios," says Bonosaro. "There are lots of people in the private sector who might be able to contribute substantially but don't want to go through the divestiture and disclosure requirements.

"All this is driven because government [officials] live in a fishbowl," she says. When the worst occurs, senior federal executives are asked, 'Why didn't you prevent this?' There's seldom a case where the career workforce is the problem, but the laws are painted with a broad brush."

And it's not likely to get any better. The U.S. national security community must now deal with spies who are able to condense and transport information like never before. So it's likely security measures will become more stringent, not less.

The more intrusive approach to personnel security has its defenders. The FBI and CIA both heralded post-Ames counterintelligence reforms as key factors in their ability to catch Nicholson. But critics say there are more fundamental steps that should be taken. First and foremost, the United States needs to cut down on the amount of information it classifies. By extension, this will reduce the number of people who require security clearances, which automatically decreases the number of potential spies.

According to the General Accounting Office, roughly 3.5 million public and private sector employees have security clearances. Government executives and military personnel account for about 2.5 million of the total. In fiscal 1993 alone, agencies spent $326 million on background investigations. Hundreds of millions of dollars more are spent annually to protect classified government information and facilities. Kate Martin, director of the Center for National Security Studies in Washington, says these figures have to be whittled down. "The key is to have a small group of people, and focus your efforts on them," says Martin.

Tools of the Trade

Even without a governmentwide financial disclosure form, federal investigators have other methods for making sure personnel in sensitive positions walk the straight and narrow. The polygraph, according to investigators at U.S. intelligence agencies, is an invaluable tool and a cornerstone of the government's counterespionage effort. At the same time, the polygraph is invasive and the prospect of taking one sends shivers up the spine. Ames cited the polygraph as the one security measure he most feared.

Yet Ames was able to beat a polygraph exam administered shortly after he began spying and another five years later, which underscores a key point of contention surrounding the instrument. As the Joint Security Commission noted in its February 1994 report, "the scientific validity of the polygraph is yet to be established." And, the JSC added, "unless the validity of the process can be demonstrated, there is nothing to prevent a practiced deceiver from passing a polygraph examination."

Those shortcomings notwithstanding, the polygraph is here to stay. If anything, it may be viewed as more valuable than ever in the wake of the Nicholson case. Nicholson held a Top Secret clearance and also had access to "sensitive compartmented information," which is technical data about sophisticated U.S. intelligence-gathering systems. As part of a routine security update, Nicholson was given a polygraph in mid-October 1995, which showed a high probability of deception when he was asked if he was hiding any involvement with a foreign intelligence service, according to the FBI's affidavit. Two more polygraphs, both administered shortly after the first, scored roughly the same results. Based on those tests, CIA investigators began to dig deeper into Nicholson's personal affairs.

As helpful as polygraphs may be to government investigators, there is no uniform procedure for administering the tests. For example, the CIA and the National Security Agency use polygraphs to screen applicants for employment, but the Defense Department doesn't. (Some DoD employees who have access to highly classified information must take polygraphs.) The State Department, meanwhile, refuses to use lie detector tests for personnel screening, regardless of a person's level of access.

By law, no adverse action can be taken against an employee for refusing to take a polygraph. But declining a test can severely limit one's advancement in the national security field. As a result, employees must weigh their fear or philosophical opposition to the polygraph against a possible promotion or, at the CIA and NSA, even being hired in the first place.

According to Saderholm, efforts are under way to develop a polygraph policy that would be used by the Defense Department and other national security organizations. He also says efforts need to be made to show clearly how well the polygraph works, as well as spell out the shortcomings. "We need to very carefully document where the polygraph has proven particularly useful and why it should be maintained," says Saderholm. "If [we] can't do that, then it's always going to be suspect as a tool."

Drug testing also figures prominently in the personnel security arena. All active-duty military personnel must be tested at least once a year. For civilian federal employees, drug testing is not a requirement for employment or a security clearance. There are, however, "testing designated positions" whose occupants must submit to random urinalysis. According to Nelson, a positive test result would not only affect a person's security clearance but is grounds for firing in some circumstances.

Like the polygraph, government security experts have great faith in the rigorous, careful type of urinalysis used to detect illegal drug use. But also like the polygraph, the drug testing system is not flawless. Between the time a sample is collected and tested, mistakes, most often administrative foul-ups, can happen. And an incorrect positive test result is extremely hard to reverse.

The Armed Forces Institute of Pathology, which oversees the military's network of drug testing laboratories, reports that since 1983 none of its facilities has reported a "false positive," which means the urinalysis incorrectly reported the presence of a drug. Outside the labs, it's a different story. "AFIP investigations have uncovered some false positive reports which were attributed to clerical errors made by the submitting units such as incorrect transcription of Social Security numbers prior to the submission of the samples," AFIP said in a written response to questions.

Still, drug testing is viewed as an effective, and legal, security tool. In 1991, a federal court determined the Navy could require civilian employees holding Top Secret security clearances to submit to random drug tests.

Sex and Security

It's not just money and drugs agencies are interested in; they want to know about employees' sex lives as well-even though they're not supposed to concern themselves with their workers' sexual orientation.

Upon the signing of executive order 12968 in August 1995, the White House made much of the fact that the directive eliminates sexual orientation as a factor in making security determinations. This earned the administration kudos from gay rights organizations like the Human Rights Campaign Fund, which praised President Clinton for correcting "the discriminatory policy of denying clearances to people based on their sexual orientation."

National security agencies used to view homosexuals as potential blackmail targets and therefore greater security risks. But sexual orientation has not been an issue for some time. In a 1995 report, the General Accounting Office said it found "no evidence" in the last five years that sexual orientation has been used as a security clearance criterion. A 1993 case handled by the Pentagon's directorate for industrial security clearance review supports the GAO's findings. An administrative judge granted a security clearance to a transsexual after determining the individual was a solid employee whose "transsexualism will not form the basis for coercion or blackmail," according to a synopsis of the case.

Saderholm says the issue was addressed in the 1995 executive order "just to put the perception away."

What is very much an issue, however, is one's sexual behavior. The Security Policy Board last year crafted new adjudicative guidelines to be used by government agencies in evaluating security clearance applications. Sexual behavior is listed as one of 13 factors to be considered when examining an employee's background, along with such things as alcohol consumption, drug use and allegiance to the United States. Security officers must weigh potentially disqualifying activities against mitigating conditions, such as frequency, age and maturity, and motivation at the time of the activity.

For example, "sexual behavior of a public nature and/or that which reflects a lack of discretion or judgment" is a condition that could raise a security concern and may be grounds for disqualification. This could be mitigated, however, if "the behavior was not recent and there is no evidence of subsequent conduct of a similar nature," according to the guidelines, which have yet to be approved by the White House.

"Sexuality in the form of illegal conduct is an issue, and I believe that's appropriate. But orientation is not," says Saderholm.

A Delicate Balance

So do all these rules and regulations make for better security? That depends upon who's asked. From the government's perspective, no amount of scrutiny is too much. Ames disclosed the identity of U.S. undercover agents operating in the Soviet Union, and at least nine of them were executed. Senior government officials note the judiciary has determined no one has a right to a security clearance; rather, access is a privilege.

Ensuring only the right people get access to sensitive information is not easy. Robert C. Kim, a Navy computer specialist charged last September with giving classified documents to South Korea, appeared to be the ideal employee. An elder in his church, Kim lived modestly in suburban Washington. Based on the charges against him, however, Kim was more concerned with the interests of South Korea than those of the United States. But determining whether a government employee has a "foreign preference" requires painstaking, and often intrusive, investigative work.

Saderholm argues that he and other government officials responsible for crafting U.S. security policy are very concerned with individual rights and every effort is made to get input from the public sector. For example, the American Federation of Government Employees and the American Bar Association disagreed with the Clinton Administration's proposed policy on procedures for appealing the revocation or denial of a security clearance.

Both federal employee organizations were given ample opportunity to comment on the proposed clearance policy before the President signed the executive order, Saderholm says. The defense industry, which also holds strong opinions on personnel security subjects, acts as an additional counterweight.

"A person shouldn't have to provide us with information that is of no utility, and we should be able to provide sufficient insight and resources from the personnel security perspective to manage the data in a fashion where we can improve the probability that we're going to identify [an employee who is] living a lifestyle that's inappropriate," says Saderholm. "If we attempt to do something that's really foolish, industry will in fact go to the . . . White House and they will complain."

Bonosaro says the fallout from high-profile cases like Ames' results in political solutions that may not be necessary. "The people are looking for Congress to do something and Congress does," she says. "They pass more legislation that subjects lots of people to more paperwork."

Simply filling out and signing the standard application forms for public trust and national security positions-SF 85P and SF 86, respectively-gives the government tremendous leeway to examine a person's life. Gaining access to classified information only increases the government's ability to know what you do outside the office, and with whom.

One of the striking lessons learned from the Ames case is that there was not a shortage of security requirements, but that those responsible for keeping watch did not act when they needed to.

The CIA's inspector general determined the polygraphs Ames was given in 1986 and 1991 were deficient. In December 1990, CIA counterintelligence officials knew Ames had purchased a $540,000 home in 1989, yet could find no record of a mortgage. The same year, Ames bought his Jaguar for $50,000. Despite serious questions about his finances, Ames was not arrested until early 1994.

The Ames case also highlighted the unwillingness, or inability, of the FBI and CIA to work together in pursuing suspected spies. In the wake of the case, a senior FBI official was placed in charge of the CIA's counterespionage group in order to provide better coordination between the two agencies. This reform, coupled with other organizational changes, has helped. Senior administration officials hailed the increased cooperation between the FBI and CIA as a key element in the capture of Nicholson, who has pleaded not guilty to the charges against him.

The key is to find the right balance. As the administration, Congress and the public debate how best to protect the nation's secrets without forcing talented people to look elsewhere for work, they all might heed Adlai Stevenson's words from a speech in 1952. "Carelessness about our security is dangerous; carelessness about our freedom is also dangerous."