In the wake of a massive leak of government documents on the website Discord, multiple members of Congress have demanded answers to why the alleged suspect, a young Air National Guardsman, was able to access the data. In the op-ed below, Richard Phillips, a former trial attorney at the United States Department of Justice, writes that the answer lies in part with outdated vetting not designed for the digital age.
When it was recently revealed that the most damaging leak of US intelligence documents in a decade was committed not by a double agent, alienated whistle-blower or seasoned foreign spy — but rather by a junior enlisted Air National Guardsman — the question inevitably arose how that was even possible? How could a young reservist barely out of his teens and looking to impress his mostly teenage buddies in an online chat group possibly have access to such extensive, top-secret US intelligence? More importantly, how can the US government avert such a damaging leak in the future?
A critical first step is to recognize that in the last fifteen years the threat to our nation’s most sensitive national security information has changed dramatically. If our security clearance procedures are to protect us now and in the future, they must change as well.
Those changes should begin with the “Standard Form 86,” the document the government uses to begin the process of investigating an applicant for a security clearance. In particular, the SF-86 must ask applicants about things that it currently does not inquire about at all: their activities online.
As I learned firsthand litigating security clearance determinations as a lawyer for the US Justice Department, such determinations are difficult under any circumstances. The US government essentially asks investigators to assess not just whether someone has done something wrong in the past (a difficult enough task), but whether they are likely to do something like divulge national security information in the future. In essence we ask our national security organizations to predict the human behavior of hundreds of thousands of applicants with consistent accuracy, all while some of those people are actively attempting to deceive investigators.
There have always been some who will slip through the system, but in terms of volume and damage, however, no period in our history compares to the unauthorized releases of national security information over the last fifteen years. The main reason for this spike in damaging leaks is the advent of the internet, and the mass migration of so much human interaction and information online.
For most of our history the primary reason individuals divulged national security information was affinity for, or influence by, a foreign power. Even in those cases there were natural limits on the damage any one individual could do: they needed physical access to documents and the ability to copy or steal originals and then physically transmit those documents to an adversary. In other words, restricting physical access and compartmenting information limited the impact that any one person could have in terms of damaging our national security.
As recently as the 1980s and 1990s there were changes in the behavior of individuals who revealed classified information that we could have recognized as warning signs had we paid closer attention to their social ties, and their behavior in the “civilian world.” For instance, in three of the four worst intelligence breaches of the 1980s (David Barnett, John Walker, and Clyde Conrad) the perpetrators sold US secrets, enabling a lavish lifestyle that was clearly unsupportable on a government salary. In other cases, the intelligence leak resulted from a personal affinity for a particular foreign power, or for someone with whom the leaker had a close personal relationship. In other words, questioning these individuals more closely about their personal contacts and lifestyle in the “real world” might well have tipped us off to their intentions.
RELATED: Zero trust ‘sure as heck’ might have helped stop Discord leaks: Pentagon CIO
Today all that has changed. Since Edward Snowden (and likely extending to junior National Guardsman Jack Teixeira, the alleged leaker in the current scandal), the most damaging leaks of classified information have been related to an affinity for and influence by online groups, not foreign powers. Thus the intentions of the individuals responsible would have been discernible more by their online presence than by what they might have said to a neighbor.
Moreover, as classified documents have proliferated and migrated to digital databases, far more people have instant, digital access to top-secret documents well outside of the scope of their work, as well as the capability to reproduce them. Not surprisingly, modern leaks often come in the form of indiscriminate dumping of troves of national security information onto the Internet, often to broad acclaim by online denizens.
Americans now live online. The checks on those who handle our most vital intelligence need to reflect that.
Reform The Form
The SF-86 Form has been used for decades as the factual foundation for a personnel investigation of someone applying for a national security clearance. It asks the applicant a series of questions about their background that are intended to generate both a beginning list of contacts for investigators to interview, and a baseline of personal information. Unfortunately, it does not ask about online activity.
That is not to say the SF-86 can’t be reformed. As the threats to our national security—both real and perceived — have evolved over the years, the SF-86 has evolved as well. For instance, the government no longer asks an applicant whether or not they sympathize with communism. Likewise, we no longer ask applicants about their sexual orientation. In both of these instances, the processes have changed to reflect a more evolved understanding of what actually makes someone untrustworthy, as opposed to what simply makes them different.
In other ways, however, the form has failed to adequately evolve. It still asks many different questions about illegal drug use, for instance, regardless of whether or not the applicant was ever arrested for such use. On the other hand it does not ask if the applicant has ever committed a felony such as murder or kidnapping. Instead applicants are only required to disclosure if they were actually arrested or convicted of such heinous crimes.
Similarly, the form somewhat quaintly asks for a comprehensive list of neighbors, co-workers, and acquaintances from school. These questions are artifacts from a time when the people who knew us best lived next door to us, or worked in the next cubicle, or sat next to us in class on a traditional campus. Today, people increasingly work and go to school remotely, and the average young person spends between five and six hours per day online, as opposed to hob-knobbing with their neighbors over the backyard fence.
Online they are interacting and creating meaningful connections with people from around the world. To be sure, much of that time may be spent talking about video games or kittens, but there are also conversations about government, current affairs, and their view of the world. And the current version of the SF-86 leaves us blind to all of that online activity.
Updating The Questionnaire
As has happened many times in the past, it is now time to amend the SF-86 Form to better reflect current threats to the security of our most sensitive classified information. Three sections in particular warrant review and amendment in order to respond to the increasing online presence of those who hold security clearances, and the breadth of their access to information.
To start, the SF-86 should include inquiries about online “handles.” Section 5 of the current form asks applicants to list all the names they have ever used, such as maiden names, aliases, nicknames, and names from prior marriages. This makes perfect sense because investigators will use names as the easiest and most comprehensive way to search databases.
However, most people who spend significant time online have one or more “handles” that they use when conversing in chat rooms and forums. These online spaces are where applicants are most likely to discuss their ideological preferences and reveal any proclivity to releasing sensitive information. As a result, online handles and the chat rooms and forums in which they are used should be added to the list of “other names” that we request.
Government investigators working off the SF-86 should also ask about and interview an applicant’s online contacts. Currently, in order to generate a beginning list of contacts for interviews, Section 11 asks applicants where they have lived; Section 12 asks where they have gone to school; and Section 13 asks where they have worked. There should be a new Section 14 that asks about online affiliations, with the names and contact information of people with whom the applicant interacts frequently.
Because most online interactions are clustered around topics of interest, these contacts are likely to have a far more detailed understanding of what each applicant thinks about the United States government than neighbors, classmates and work colleagues. To be clear, these questions need not ask for the precise content of those interactions, but rather their general nature. That would help investigators better extrapolate what such interactions say about the trustworthiness of the applicant — just like the questions we ask of face-to-face contacts.
Because even online platforms have standards, the SF-86 should also ask whether an applicant has ever been removed or suspended from an online forum. After all, the government currently ask applicants if they have ever been fired from a job, presumably because episodes of behavior that warrant expulsion from a group can flag points of concern. Whether expulsion from an online platform warrants denial of a security clearance would likely depend on the exact circumstances, but it certainly should be a point of interest for investigators deciding whether to grant them access to our nation’s most closely guarded secrets.
Taken together these three changes would help modernize the SF-86 and the clearance process to reflect a rapidly evolving threat. Of course, they would represent only the beginning of needed reforms. Armed with this additional knowledge, investigators would need to conduct more thorough examinations of applicants’ online behavior. Doing so will likely require additional resources and skills that do not currently reside in investigative services, deficiencies that must be addressed through targeted hiring and skill development.
Such reforms will also inevitably generate resistance from those who see them as government overreach and unwarranted intrusion into confidential conversations. But surrendering a large measure of personal confidentiality has always been the price for accessing the US government’s most sensitive national security secrets, and always should be.
Rarely are there simple fixes to complex national security challenges, and these reforms of the SF-86 are no exception. The US government would still have much work to do in order to understand how online presence impacts the behaviors of people with access to sensitive national security information. That process can only begin, however, when the US government starts by asking the right questions.
Richard Phillips is a former trial attorney at the United States Department of Justice, where he handled litigation involving security clearance determinations. He is currently a trustee of the Center for the Study of the Presidency and Congress, and a 2023 fellow at the Harvard Advanced Leadership Initiative.