RUTHFULLY YOURS

AMERICA’S DEFENSE AND intelligence communities have gotten into a bad habit of late. We’ve been trusting some of the most untrustworthy people with our nation’s most closely guarded secrets.

We’re not talking about real spies, recruited to betray their country, trained in their tradecraft, successful at hiding within our system for years. Edward Snowden isn’t Aldrich Ames or John Walker. He was a low-level functionary who nevertheless managed to steal and reveal massive amounts of secret information. His leaks caused enormous damage to national security, unveiling in great detail some of the methods and means by which the National Security Agency gathers intelligence.

But we are talking about secrets that, if divulged, could damage the nation seriously. As defined by Defense Department Manual 5200.01, “secret” information is that which, if disclosed in an unauthorized manner, would be reasonably expected to cause serious damage to national security. “Top secret” information is defined as that information that would reasonably be expected to cause “exceptionally grave damage to national security.” Almost all of the information stolen by Snowden and leaked to the press was classified “top secret.”

Aaron Alexis, an employee of a Navy contractor, wasn’t a secret agent either. Yet he was able to walk into the Washington Navy Yard and kill 12 people because his security clearance and job there allowed him to have a “common access card” granting entrance to the base. These murders gave President Obama the opportunity to transform the memorial for Alexis’s victims into another infomercial for gun control, without ever mentioning the obviously massive problem with the way we clear people for access to secrets.

Snowden’s security clearance never should have been granted. Alexis’s should have been terminated. Both failures raise important questions about who is falling down on the job. The necessary conclusion is that there are problems within the agencies and processes that go very deep. Identifying and fixing them has to be a national priority.

Snowden and Alexis had at least three things in common. They both had a security clearance. Both of those clearances were vetted by a company in Falls Church, Virginia, called U.S. Investigation Services (Snowden’s, because it was at the top secret level, had to be “adjudicated” by the Defense Security Service as well). And both were employed to handle computers and the information stored on them.

It’s all too tempting—and all too wrong—to say that the only thing we need to do is hold USIS accountable for its apparent error. USIS does have a lot to answer for, and the federal grand jury looking into its conduct may indict the company, some of its employees, or both. But the grand jury’s action is irrelevant to fixing the huge problems that beset the federal agencies entrusted with protecting against leaks.

Defense Secretary Chuck Hagel has ordered a complete review of the security clearance system for the Defense Department. Hagel’s appointed committee will predictably find that far too much information has been classified. It will say that since the 9/11 attacks, the amount of classified information has increased exponentially, especially in the higher ranks of classification (top secret, etc.). It will find that the demand for security clearances has skyrocketed, overwhelming the system. It will warn that contractors responsible for vetting people for security clearances are not training their employees sufficiently. And it will inevitably discover that there’s too little being spent on investigating active security clearances, bewailing yet another unfortunate effect of sequestration.

Hagel’s committee may even take a page from the teary-eyed Washington Post story that ran only a few days after Alexis’s murders. The article talked about the awful pressure on USIS employee Ileana Privetera who has too many applicants to interview and too little time to handle her caseload. After she took the job, according to the Post, “She quickly learned that she was being asked to do the impossible.”

But there’s no guarantee that the committee will be able to fix anything. This sort of review—whether it’s done quickly or slowly—often identifies key problems, but the bureaucracy almost always stalls plans for remediation, usually until they’re forgotten.

EDWARD SNOWDEN’S LEAKS resulted in the publication of what could easily be the widest array of top-secret information in our nation’s history. Its variety is simply startling.

Snowden’s most famous leak was of the NSA’s “PRISM” program, which, with the cooperation of most Internet service providers, enables the monitoring of emails, searches, file transfers, and more. He also leaked the top secret “XKeyscore” program with which NSA analysts can search through databases, emails, and browsing histories of individuals. The leaked papers describe, in high detail, how “XKeyscore” works.

He further revealed secret decisions of the Foreign Intelligence Surveillance Court. These classified legal opinions, we now know, sometimes expand what the NSA can do and sometimes question the truthfulness of what the Justice Department tells the court. They detail much of the NSA’s reach.

He leaked documents detailing our intelligence community’s dealings with those of other nations, including a top-secret memorandum laying out in considerable detail the methods by which the NSA cooperates with its Israeli counterpart.

And there’s more. Snowden leaked the entire intelligence budget of the United States, one of the few secrets Congress has managed to keep, which shows how much money is spent by all the intelligence agencies, not just the NSA. If you’re at all familiar with these agencies’ operations, you can generally interpolate, from the cost of satellites and launch services and such, the budget numbers into specific programs.

Much of the information classified as top secret is supposed to be compartmentalized. Though many people know bits and pieces about how something works or what is being done, only a very few know the whole picture. For example, a new top-secret aircraft program such as the F-117 was once known to be researched and built by small teams of people at the Lockheed Skunk Works. But only their bosses and the top dogs among their CIA and Air Force customers knew what the aircraft was capable of doing. Back then, the F-117 program—like “PRISM” and “XKeyscore” today—was known only by code name, “Have Blue.”

The point of compartmentalization is to prevent a single low-level person, such as Snowden, from gaining enough knowledge to reveal all or even most of the big secrets about the program. From the leaked documents, we can see that the programs themselves were classified top secret but not compartmentalized. We know that because the documents don’t bear the “top secret: sensitive compartmented information” label. The NSA should have to answer why codeword programs weren’t subjected to compartmentalization.

If Snowden could access one part of the program, he should not have been able to access its entirety. But he was able not only to reveal PRISM and XKeyscore, but the classified intelligence budget, top secret court decisions, and top secret memos detailing cooperation with other nations’ intelligence services. Why?

Snowden’s security clearance was reportedly renewed after a patently inadequate investigation. According to a Wall Street Journal report, the investigation didn’t resolve a prior security violation by Snowden; it merely took his word for what happened. It didn’t account for his CIA employment, didn’t investigate a trip to India, and—bizarrely—didn’t even interview anyone who knew him other than his mother and sister. And though his was a top secret clearance involving “black programs,” Snowden apparently didn’t have to undergo a polygraph test, which is routinely required for people with code-word clearances, intelligence clearances, and such. (These days, with the Obama administration trying to conceal what happened in the Benghazi attack, many of the survivors and other CIA employees have to take a polygraph every month to prove they haven’t spoken to Congress or the media.)

No one has explained the Defense Security Service’s role in the Snowden mess. DSS is supposed to “adjudicate” top secret-level clearances on the basis of its own investigations, which it normally does in a process that can take two or three years. (I’ve been questioned many times by DSS agents regarding people I know.) DSS has, through its Defense Industrial Security Clearance Office, cleared over 1 million people. Did DISCO accept the obviously incomplete investigation of Snowden? If so, why?

So many things had to go wrong, in combination and at precisely the right time, to enable Snowden to be able to leak so many secrets. But the problem is bigger—and far more ominous—than that.

WE KNOW THAT Snowden was a low-level employee of Booz Allen Hamilton, a long-time NSA contractor. He was given the task of moving hugely important computer files from one bunch of servers to another, a job that probably provided him access to a much wider range of information than anyone should be allowed. But NSA and CIA veterans I spoke to assured me that it would have been impossible for Snowden—even in the position of computer administrator—to have obtained access to PRISM, XKeyscore, the “black budget,” the intelligence cooperation memos, and the FISC decisions.

One possibility is that Snowden had help from one or more accomplices. Supervisors in both NSA and Booz Allen failed to detect that accomplices had given Snowden access to secrets he should never have had, or they knew of the extraordinary access he had and chose to allow it. There is not yet evidence for this theory, but it’s imperative to explore the possibility, to determine whether any accomplices exist and to prevent them from causing further damage.

Or perhaps instead, Snowden’s leaks were some sort of disinformation campaign by the NSA to mislead our enemies. But it’s pretty apparent that this isn’t the case, given that the Foreign Intelligence Surveillance Court was involved in approving the NSA’s actions on PRISM and, in all probability, XKeyscore and other programs as well. It stretches the imagination too far to believe that a court would participate in a disinformation program.

The only other possibility is that Snowden’s defection to Russia and leaks to the media were enabled by the kind of soft-brained idiocy—the kind of failed leadership and mismanagement—that we’ve come to expect from the federal bureaucracy. Regardless of whether such incompetence is the main reason, no one ever seems to have pointed out the obvious: No lowly computer geek such as Snowden should have access to all these programs. Each one—PRISM, XKeyscore, the black budget, the court decisions, the memos on intelligence cooperation—was of enormous significance. In combination, they appear to be the “crown jewels” of the NSA.

For that, Booz Allen Hamilton and NSA need to be held accountable. People were clearly negligent. Heads should roll. And a system has to be put in place forthwith that is properly designed to prevent a recurrence. If it costs a tad more to have teams moving computer files, if it takes more time from more senior employees to make sure the information is split up properly and moved without leaks, so be it.

BUT WHAT ABOUT Aaron Alexis? Why didn’t he have his clearance revoked or at least suspended? Alexis was far lower on the security clearance food chain, but was still trusted enough to have credentials entitling him to access the Navy Yard and the Sea Systems Command building in which he went on his murder spree. About a month before the murders, Alexis had called police to his Newport, Rhode Island hotel to tell them he was being followed, that he heard voices coming through the walls, floor, and ceiling, and that the people following him were sending microwaves into his room to keep him awake. Some or all of that information was passed on to the Navy, but no one took action.

Also overlooked were two incidents in Alexis’s past. Three years ago he reportedly accidentally fired a bullet into an apartment above him. Nine years ago he shot out the tires of someone else’s car in what is said to have been an anger-fueled blackout.

People have had their security clearances denied or cancelled for a lot less. When we were less burdened with the sheer volume of secrets and with political correctness, people were routinely denied clearances for events such as a conviction of driving while intoxicated. Alexis held a clearance at the “secret” level. No one with his sort of mental health problems should be granted any security clearance, period.

In the future, security clearances such as those that Snowden and Alexis held must never be issued. Agencies have to compartmentalize more top secret information and establish procedures to ensure that people in positions such as Snowden’s can’t get access to our intelligence agency’s most precious programs. This is not a trivial problem: Our nation’s ability to keep its secrets is an existential issue. To paraphrase Winston Churchill, it’s no use saying we’re doing our best. In some things we must succeed.