Need Writing Help 11/18/2023

Law101
Chapter7ReadingHSE430.docx
Home>Government homework help>Need Writing Help 11/18/2023

CHAPTER SEVEN COUNTERINTELLIGENCE

Counterintelligence (CI) refers to efforts taken to protect one’s own intelligence operations from penetration and disruption by hostile nations or their intelligence services. Executive Order 12333 (1981; revised 2008) defines counterintelligence as “information gathered and activities conducted to identify, deceive, exploit, disrupt or protect” against espionage and other activities carried out by foreign states or non-state actors. It is both analytical and operational. Counterintelligence is not a separate step in the intelligence process. It should pervade all aspects of intelligence, but it is often pigeon-holed as a security issue. Counterintelligence does not fit neatly with human intelligence, although it is, in part, a collection issue. Nor does it fit with covert action. It is also more than security—that is, defending against or identifying breaches—because successful CI can also lead to analytical and operational opportunities. It is also much more than a law enforcement issue. In sum, CI is one of the most difficult intelligence topics to discuss.

Most nations have intelligence enterprises of some sort. As a result, these agencies are valuable intelligence targets for other nations. Knowing what the other side knows, does not know, and how it goes about its work is always useful. Moreover, knowing if the other side is undertaking similar efforts is extremely helpful. The widespread existence of intelligence agencies in virtually all nations and their intelligence collection activities does not preclude states from striking disingenuous poses of dismay and shock when it is revealed that they have been targeted, as was the case with many nations after Edward Snowden’s revelations about National Security Agency (NSA) collection activities aimed at them. (See box, “Who Spies on Whom?”)

Who Spies on Whom?

Some people assume that friendly spy agencies do not spy on one another. But what constitutes “friendly”? The United States and its Five Eyes partners, or “Commonwealth cousins”—Australia, Britain, Canada, and New Zealand—enjoy a close intelligence partnership and do not spy on one another. Beyond that, all bets are off.

In the 1990s, the United States allegedly spied on France for economic intelligence. In the 1980s, Israel willingly used Jonathan Pollard, a U.S. Navy intelligence employee who passed sensitive U.S. intelligence that he believed Israel needed to know. Some people were surprised—if not outraged—that post-Soviet Russia would continue using Aldrich Ames to spy against the United States. (Subsequent revelations about the espionage of Robert Hanssen stirred less surprise—perhaps a sign of increased maturity gained through painful experience.) In the late 1990s, a House committee found that China stole nuclear secrets from the United States at a time when the two nations were strategic partners against the Soviet Union. In 2013, information leaked by Edward Snowden revealed that the United States collected intelligence against various European allies, the European Union (EU), and several Latin American nations.

In the 1970s, a “senior U.S. government official” (probably Secretary of State Henry A. Kissinger) observed, “There is no such thing as ‘friendly’ intelligence agencies. There are only the intelligence agencies of friendly powers.”

However, counterintelligence is more than a defensive activity. There are at least three types of CI:

Collection: gaining information about an opponent’s intelligence collection capabilities that may be aimed at one’s own country

Defensive: thwarting efforts by hostile intelligence services to penetrate one’s service

Offensive: having identified an opponent’s efforts against one’s own system, trying to manipulate these attacks either by turning the opponent’s agents into double agents or by feeding them false information that they report home

Paul Redmond, a Central Intelligence Agency (CIA) officer who spent a large part of his career on counterintelligence issues, defined CI as a broad array of activities, all designed to support one’s own efforts and to thwart hostile ones. Redmond’s list includes counterespionage (countering penetrations of one’s service), asset validation (confirming the bona fides of human intelligence, or HUMINT, sources), disinformation (putting out false information to support penetrations), and operational tradecraft. John Ehrman, another CIA counterintelligence veteran, defined CI as “the study of the organization and behavior of the intelligence services of foreign states and entities and the application of the resulting knowledge.”

The world of spy and counterspy is murky at best. Like espionage, counterintelligence is a staple of intelligence fiction. But, like all other aspects of intelligence, it has less glamour than it does grinding, painstaking work. There has been a marked increase in hostile foreign intelligence activity against the United States and its allies, particularly from Russia, and against the United States from China on a very large scale (see chap. 15). This involves both HUMINT and cyber. There has also been an increase in leaks by intelligence officers, all of which puts increased emphasis on counterintelligence.

Counterintelligence has traditionally been thought of primarily, if not exclusively, in terms of countering HUMINT. It seems evident that the concept is broadening to include other covert threats that may not be espionage per se. William Evanina, head of the National Security and Counterintelligence Center (2014–2021), raised concerns about foreign efforts to disrupt the 2020 U.S. elections and to use influence measures via social and traditional media. These foreign efforts at disruption and social unrest are likely to call upon increasing CI capabilities, broadly defined, in years to come. Similarly, concerns about cyber intrusions and supply chain security (see chap. 12) fall into this broadened definition. Also, one of the reasons given by the Donald Trump administration for ending the Open Skies Treaty (see chap. 11) were Russian flights that appeared to map U.S. infrastructure, which Evanina said was a threat to national security. The most recent U.S. National Counterintelligence Strategy acknowledges this broadening of the CI concept.

INTERNAL SAFEGUARDS

All intelligence agencies establish a series of internal processes and checks, the main purposes of which are to weed out applicants who may be unsuitable and to identify current employees whose loyalty or activities are questionable. The vetting process for applicants includes extensive background checks, interviews with the applicants and close associates, and, in the United States at least, the use of the polygraph at most but not all agencies. The ideal candidate is not necessarily someone whose past record is spotless. Most applicants likely have engaged in some level of experimentation—either sexual or drugs, or both. Some may have committed minor criminal offenses. It is crucial, however, that applicants be forthcoming about their past and be able to prove that they are no longer exhibiting behaviors that are criminal, dangerous, or susceptible to blackmail. In May 2016, Director of National Intelligence (DNI) James Clapper (2010–2017) authorized examining “publicly available” social media pages of applicants as part of their suitability check. (Many commercial firms now routinely look at the social media pages of job applicants.)

The polygraph, sometimes mistakenly referred to as a lie detector, is a machine that monitors physical responses (such as pulse and breathing rate) to a series of questions. Changes in physical responses may indicate falsehoods or deceptions. The use of the polygraph by U.S. intelligence remains controversial, as it is imperfect and can be deceived. A 2002 study by the National Research Council found that polygraphs are more useful in criminal investigations, where specific questions can be asked, than for counterintelligence, where the questions are more general and therefore are more likely to yield false-positive responses.

At least three spies, Larry Wu-tai Chin, Aldrich Ames, and Ana Belen Montes, passed polygraph tests while they engaged in espionage against the United States. According to press reports, the Obama administration launched criminal investigations of individuals who claimed they could teach people how to “beat” polygraphs.

Advocates of the polygraph argue that it does serve as a deterrent. They are also quick to assert that the machine is only a tool that can point to problem areas, some of which may be resolved without prejudice. However, an individual’s inability or failure to resolve such issues can lead to termination. In addition to new employees, current employees are polygraphed at intervals of several years. Contractors are also subject to polygraphs, and the machines are used with new human sources defectors. Polygraphs are not used consistently throughout the national security structure, however. CIA, Defense Intelligence Agency (DIA), National Reconnaissance Office (NRO), and National Security Agency (NSA) all use polygraphs; the State Department and Congress do not. The Federal Bureau of Investigation (FBI) began using polygraphs in the aftermath of the 2001 Robert Hanssen espionage case, which revealed that polygraphs had not been in use at the FBI. This is not to suggest that some agencies are more rigorous or more lax than others. But it does underscore a range of standards in terms of personnel security.

Despite the fact that so many agencies use polygraphs as part of their security practice, there is no standard procedure for these tests. Each agency administers polygraphs to its own standards, which, according to press accounts, can lead to different results for the same subject. Also, agencies do not accept one another’s polygraph results, which can be interpreted as either rigor or the lack of an agreed baseline.

Categorizing the different types of polygraph exams depends on the questions being asked and the information being sought. Thus, intelligence agencies have what they call the lifestyle poly (personal behavior) and the counterintelligence poly (foreign contacts, handling of classified information). In some instances, such as vetting an intelligence source, only a few pertinent questions are asked.

In 2012, DNI Clapper announced some changes in polygraph policy, including requiring agencies to accept each other’s polygraph results; requiring that “relevant” law enforcement or national security information discovered during a polygraph be reported, such as criminal behavior; and requiring a polygraph question about leaking classified information. In 2015, the Office of the DNI (ODNI) announced that a question about “unauthorized disclosures of classified information” would be added to polygraph examinations. However, critics held that these changes did not address some perceived abuses, such as personal questions that had little relevance to the granting of a clearance..

Beyond taking a polygraph (known as “being put on the box”), employees and prospective employees are evaluated for other possible indicators of disloyalty. Changes in personal behavior or lifestyle—marital problems, increased use of alcohol, suspected use of drugs, increased personal spending that seems to exceed known resources, running up large debts—may be signs that an individual is spying or susceptible to being recruited or volunteering to spy. Any of these personal difficulties may befall an individual who would never consider becoming a spy, but past espionage cases indicate some reason for concern. For many years, individuals with security clearances would be leery about seeking mental health assistance out of concern that this might jeopardize their clearances. This was eventually changed to allow for a range of counseling, including counseling for family issues, grief, marital issues, and sexual assault. (See box, “Why Spy?”) The response of counterintelligence agents to the discovery of such problems depends on the suspect’s larger patterns of behavior, how long the problem persists, and evidence of potentially hostile activity. In the aftermath of the Ames case—in which marginal performance, alcohol abuse, and a sudden increase in fairly ostentatious personal spending should have been taken as indicators of a problem—U.S. intelligence increased the amount of personal financial information that intelligence personnel must report on a regular basis. These financial-reporting forms assume, however, that ill-gotten gains show up in some way that is detectable with or without the cooperation of the recipient—cash, stocks, or new homes, cars, and so forth bought with cash received. However, as was learned from both the Ames and the Hanssen cases, the country supporting the espionage may be putting some or all of the money in escrow accounts that will not be detected—or even accessed—until years after the espionage is completed. Again, the cases of Ames and Hanssen are instructive. Ames’s lifestyle clearly changed—new house, new car, better clothes, cosmetic dental work—but all this occurred before the financial-reporting forms were required. Outwardly, Hanssen’s life showed no signs of increased wealth.

Why Spy?

U.S. counterintelligence emphasizes personal financial issues in assessing security risks. Many people involved in the worst espionage cases suffered by the United States—Aldrich Ames, Robert Hanssen, the Walker spy ring, Ronald Pelton, Harold Nicholson—were motivated largely by greed, not ideology. Some exceptions were Julius Rosenberg and Alger Hiss (both for the Soviet Union), Larry Wu-tai Chin (for China), and Ana Belen Montes and Kendall Myers (both for Cuba). By contrast, many involved in the worst espionage cases in Britain—Kim Philby and his associates or George Blake, for example—spied because of ideological devotion to the Soviet Union.

Although espionage cases of either type (greed or ideology) can arise in either country, some observers have been struck by the difference. It can be explained, in part, by the fact that Britain has had (and still has) a class system that makes ideology a more likely reason for betrayal, although the most serious British spies have come from the upper class. In the United States, the main competition has always been based on economic status, not social class.

Spies may also be motivated by vengeance toward superiors or agencies, by blackmail against themselves or family members, by thrills, or by involvement with a foreign national. Still, until recently, most of the spies suffered by the

United States have been motivated primarily by money. However, a Defense Department study released in April 2008 found that “divided loyalty” between the United States and the nation enlisting the spy had greatly increased as a motive for espionage.

Counterintelligence officers summarize the possible motives for espionage as MICE:

Money

Ideology

Compromise (or coercion)

Ego

David L. Charney, a psychiatrist who has interviewed several confessed spies, describes “injuries to pride and ego” and an “intolerable sense of personal failure” as key motivators for those who decide to spy.

As noted earlier, the case of Monica Witt, a former Air Force sergeant in intelligence, raises issues of online contacts with hostile services. Witt was recruited by Iranian intelligence largely via online contacts, despite her being warned about these contacts by the FBI. Witt defected to Iran in 2013.

Another internal means of thwarting espionage attacks is the classification system. In U.S. intelligence parlance, the system is compartmented. In other words, an employee being accorded the privilege of a clearance does not automatically get access to all of the intelligence information available. Admission to various compartments had been based on a need to know. Thus, someone working on a new imagery system is likely to have different clearances than someone involved in running HUMINT. There are also compartments within compartments. For example, a clearance involving HUMINT may include only specific cases or types of HUMINT—perhaps proliferation or narcotics.

Although “need to know” was the standard for decades, in the aftermath of the 2001 terrorist attacks, many observers believed that this standard also served to impede the necessary sharing of intelligence. In 2003, the intelligence community began to stress the “need to share,” an important shift in emphasis. Many also believed it was necessary to get away from the notion of various agencies—especially those that collect intelligence—“owning” the intelligence they produced. The clearest sign of this “data ownership” concept was the classification marking ORCON, or “originator controlled.” ORCON means that any further distribution of intelligence or its inclusion in another document must be approved by the originating agency. ORCON reflects the concern that the intelligence could reveal a sensitive source or method, a sensitivity that those wishing to use the intelligence more broadly might not appreciate. ORCON, even if necessary, was also a major impediment in intelligence sharing. The Information Security Oversight Office (ISOO), which is part of the National Archives, reports annually to the president on the security classification system. For FY2012, ISOO reported a decrease in ORCON classification decisions, with the State Department the most active, ordering over half of the more than 73,000 ORCON actions. In FY2019, ISOO reported a drop in Original Classification Authorities, meaning the number of people authorized to classify documents.

In 2007, DNI Mike McConnell (2007–2009) signaled a change in emphasis by promulgating a “responsibility to provide” standard. In other words, officers and agencies now would be evaluated by the degree to which they actively seek to share intelligence. This is far from the old “need to know” standard but, as with all other DNI initiatives, the question remains as to how this new standard will be enforced and what sanctions can be imposed against those who fail to measure up. In the aftermath of the leak to WikiLeaks of thousands of State Department cables, all of which were easily accessible on a secret-level Defense Department system, and Snowden’s revelations about NSA, and subsequent multiple leaks, there is more pressure to restrict access than to improve intelligence sharing.

In response to the Snowden leaks, NSA announced new security measures for systems administrators, which was Snowden’s function. Now two systems administrators will have to be present to access or to move certain information, and data storage rooms with sensitive servers will also require two persons to gain access. This is similar to the rules for two-person crews controlling nuclear-armed land-based missiles, designed to prevent accidental or unauthorized launches. The irony is that the very information technology that enables many of the intelligence community’s capabilities and achievements has also become a major source of vulnerability in terms of safeguarding intelligence information. It is much easier to access and remove large amounts of data that are stored digitally than it is with hardcopy material. The case of Harold Martin is illustrative. Martin was a contractor employee at NSA, who removed 50 terabytes of data, in both hard and soft copy, from NSA and was arrested in 2016. It was unclear if Martin had removed the material to commit espionage, for his own personal use, or because he was simply a unique hoarder. In 2018, Martin pleaded guilty to a felony of “willful retention of national defense information.” He was sentenced to nine years in prison. The Martin case highlighted other issues as Martin had exhibited behaviors—falling into debt, binge drinking, and computer harassment—that should have raised security concerns.

Different problems in security classification and sharing have been raised by homeland security issues, where such information may have to be shared with state, local, tribal, or private-sector individuals who do not have clearances. This issue first arose in 2002 when the Department of Homeland Security (DHS) was created. Sen. Richard Shelby, R-AL, then chairman of the Senate Intelligence Committee, insisted that Director of Central Intelligence (DCI) George J. Tenet (1997–2004) share raw intelligence with DHS Secretary Tom Ridge (2003–2005). Tenet refused and was supported by Ridge, who said DHS did not need to see the raw intelligence but would work on the understanding that if the DCI passed along intelligence, it should be deemed serious and actionable. Still, in a federal system like the United States, sharing classified information remains an issue. In 2010, President Barack Obama signed Executive Order 13549, creating a program to allow for both sharing and safeguarding information with these nonfederal entities. Typically, access is granted at the secret level, although higher access can be granted on a case-by-case basis.

The clearance and classification system that remains in place limits access and in theory reduces the damage that can be caused by any one source of leaks, although the breadth of the Snowden and other leaks calls into question these assumptions. The system is not without costs. It may become an obstacle to analysis, either wittingly or inadvertently, by excluding some analysts from a compartment crucial to their work. Despite the “responsibility to provide” standard, intelligence sharing still has difficulties, some of which stem from the necessary safeguards. Administering such a system has direct costs: devising a system, tracking documents, running security checks on employees, and so forth. Indirect costs include safes, couriers, security officers to check officers’ clearances, and color-coded or numerically tagged papers, to name a few. This list gives some sense of what is involved in a thorough classification scheme. Indeed, if such a scheme is not thorough, it is nothing more than annoying and wasteful. ISOO reported that the total cost of protecting classified information (government and industry) for 2018 was $19.8 billion, which was an increase of 7 percent from 2017.

Other safeguards include the certified destruction of discarded material; the use of secure phones, which cannot be easily tapped, for classified conversations; and restricted access to buildings or to parts of buildings where sensitive material is used. These are called sensitive compartmented information facilities (SCIFs). Finally, employees and former employees with current or past access to classified materials are required by agreements they have signed, in the United States, to have anything they write submitted for “prepublication review.” In 1980, the Supreme Court upheld the legality of these agreements, which remains the pertinent judicial ruling in these cases. This decision had been prompted by the publication of a memoir by a former CIA officer, Frank Snepp, who was then sued by the CIA, which won the case and had Snepp’s royalties attached. This sometimes leads to controversy either when authors do not agree with requested changes or when individuals do not submit their works for review. In 2010, the Defense Department purchased and destroyed 9,500 copies of a book written by a Reserve Army officer who had had his manuscript reviewed by the Army but not the Defense Department. In 2012, press reports said that the CIA was reviewing its publication review process in response to concerns that the process favored more positive works and was used to censor critics. The CIA did not comment on these reports.

In 2019, the United States sued to seize Snowden’s proceeds from his memoir because he did not submit it for security review. In 2020, the U.S. government sued former Trump national security adviser John Bolton over the publication of his memoir. The book had been published after Bolton received oral confirmation that the book had passed review. The suit was based on the fact that Bolton never received written notice, which was withheld pending a second security review. The later review stated that the manuscript contained much classified information. A federal district court denied the Trump administration’s request for a temporary injunction, arguing that it came too late to have any effect as 200,000 copies of the book had already been printed and shipped. The court did allow that the book might contain sensitive information. The Justice Department closed the Bolton case in 2021.

(As noted in the preface, the book you are now reading was submitted for prepublication security review.)

The process by which individuals are vetted for hiring by the intelligence community has also come under scrutiny and some pressure for change, especially in the aftermath of Snowden’s leaks. Much has been made of the fact that Snowden was a contractor. Although there are certain “inherently governmental functions” that contractors may not perform—such as prosecutions, obligating funds or acquisition decisions, and so on—beyond that, contractors are used interchangeably and seamlessly with government employees in many offices. One of the ironies of the Snowden case is that background security checks had been conducted by contractors rather than government employees. Once a contractor is given a clearance and is put in position, the degree of access will depend not only on his or her job but also on the way in which classified information is being handled overall in terms of access. Both Bradley Manning and Snowden appear to have been able to access fairly broad amounts of information. A 2012 study by the U.S. Government Accountability Office (GAO) found that the policies and procedures used to determine if a position requires a security clearance were not clear or consistent and called upon the DNI to improve this.

Ironically, one of the reasons contractors were used to conduct security clearances was congressional pressure to speed up the process, especially as hiring increased after the 2001 attacks. For private-sector firms conducting background investigations, the number of investigations completed and completed quickly were major means of increasing revenue. In the aftermath of Snowden and a non-intelligence case (Aaron Alexis, who killed twelve people at the Washington Navy Yard in September 2013 and had been granted a clearance despite apparently evident mental health issues), Congress moved to limit the use of contractors for security vetting. The firm that vetted Snowden and Alexis, USIS LLC, was accused by the Office of Personnel Management (OPM) of falsifying many of its investigations. In 2014, USIS’s records were hacked. OPM dropped USIS as a contractor. OPM also resumed quality-control review for personnel investigations. In February 2014, the SCORE (Security Clearance Oversight and Reform Enhancement) Act was passed, giving the inspector general of OPM access to funds to increase oversight of background investigations. Issues like these are often pendulums, set in motion by political concerns that may have little to do with the function at hand.

The security clearance process has also come under scrutiny as a result of a cyber intrusion into the personnel records held by OPM. In June 2015, OPM said that the personnel records of 21.5 million current and former federal employees had been compromised. Many of these employees hold or held security clearances. Although federal officials were cautious not to fix attribution for the OPM breach, it is widely assumed to have been done by China, which China admitted, blaming criminals as opposed to government employees. An added concern is that China—or anyone else with access to the OPM data—could use it to identify U.S. clandestine service officers posted overseas under official cover if their records as stated in their cover job do not show up in the OPM data, a major counterintelligence problem. There are also concerns that given access to the OPM system, the data could be manipulated, raising issues about its future reliability. There have also been press reports about similar intrusions, again attributed to China, at other U.S. government agencies.

In 2016, the Obama administration created the National Background Investigations Bureau, which was still part of OPM. Much attention focused on the backlog of security investigations and the length of time required to complete a security background check, both of which delayed hiring of new personnel in the government and in private-sector firms that do classified work. At its height, the backlog was estimated to be around 710,000 cases. However, this was not a stagnant number, as some 200,000 cases moved in and out each year. The time required to complete a security background check in 2018 averaged 18 months. By 2019, the backlog, which will never reach zero, had been reduced by 40 percent. In 2020, the backlog had reached a “steady state” of about 200,000. In April 2019, President Trump signed an executive order moving all security investigations from OPM into the Defense Department. This allows the Defense Department to work to reduce its portion of the backlog, but some observers wonder if Defense understands, or is willing to take on, the broader responsibilities for security clearance activities across the civilian part of the government. These responsibilities come under the Defense Counterintelligence and Security Agency (DCSA; formerly the Defense Security Service, or DSS), established in October 2019.

Many security experts urge the adoption of a continuous monitoring and evaluation system for cleared personnel, citing personnel policies in the financial sector as an example. Currently, cleared personnel are supposed to be reviewed every five years, but often the interval is longer. The DNI, working through the National Counterintelligence and Security Center (NCSC), has begun implementing a continuous evaluation program, called Trusted Workforce 2.0, in which databases, such as financial records, criminal court records, and so on, will be used to supplement the more traditional interviews and investigations. The idea is that this continuous evaluation will flag issues that require review, which may or may not trigger an investigation. But this system’s ability to function depends heavily on reliable information technology infrastructure. For example, artificial intelligence will be used to gather and sort data from disparate sources. However, all adjudication decisions will be made by humans, not machines. DCSA plans to have all employees and contractors with clearances under Trusted Workforce 2.0 by 2023. DCSA also reported progress in reciprocity (meaning the willingness—or unwillingness—of agencies to accept the validity of clearances granted by other agencies), from 65 days down to six days.

The National Geospatial-Intelligence Agency (NGA) is experimenting with “sentiment analysis” software, called SCOUT, that analyzes the emotional content of emails, work chats, and social media on work-related systems. A key, of course, will be to weed out false positives. Such a system could be difficult to enforce if much of the workforce is working from home, as has been the case during the coronavirus pandemic.

Major leak cases also revive the discussion of the number of people holding clearances. For FY2019, 4,243,937 government employees and contractors were eligible to hold clearances, an increase of 4.2 percent from 2018, according to the ODNI. Of theoverall eligible total, 1,294,181 did not currently have access to classified material. It is important to understand that contractors hold clearances because the government requires this if they are going to do classified work. Therefore, the numbers are driven by government needs and not contractor desires. Indeed, contractors incur large costs for the infrastructure required to maintain clearances and classified work areas.

Another security clearance issue has been reciprocity. A lack of reciprocity requires new investigations and adjudications of people who have already been cleared by one agency. As clearances have been managed on an agency-by-agency basis, several agencies claimed that their system or approach was more rigorous. In November 2018, DNI Dan Coats (2017–2019) issued a directive essentially mandating reciprocity across all relevant agencies, including the military. The issue will be the willingness of agencies to comply and the ability of the DNI to oversee the process and to enforce compliance, which has sometimes been an issue in the intelligence community. It is hoped that the wider use of Trusted Workforce 2.0 as a common process will give agencies more confidence in one another’s clearances.

Managers and applicants have all decried the time it takes to hire new personnel. It is also an expense for the intelligence community, costing perhaps as much as $10,000 per potential employee. From a security point of view, it is likely preferable to be overly rigorous during the hiring process rather than take a chance on letting a potential security risk get inside the system. This has been characterized by many observers as a “risk-avoidance” approach. This approach has many results, some intended, some not. It means that the vetting process is more thorough but also longer. The intelligence community is aware that this has, on occasion, cost them would-be employees who could not afford to wait out the nine or more months needed to check backgrounds. It also means, in a period of greatly increased hiring, like the one that began across the intelligence community in 2001, that hiring delays will likely increase.

The risk-avoidance approach also means that some candidates who may not actually pose a security risk will not be hired because of the guiding cautious approach. DNI McConnell noted the need to improve the hiring of first-generation Americans “whose native language skills and cultural experiences” are most needed. There is evidence to suggest that these candidates face particular burdens under the risk-avoidance approach, out of fear of divided loyalties, family left behind whose influence is unknown or who could become subject to external pressure, and so on. FBI employees who were born overseas or who have relatives or friends overseas face more intense security scrutiny in the Post-Adjudication Risk Management (PARM) plan. FBI supervisors say there are no adverse effects to being in PARM and that it is simply a way to assess vulnerabilities. Employees who have been in PARM disagree. There is an irony here in that most of the worst espionage breaches suffered by the United States came from individuals whose families had been here for generations. This is not to discount the problem of sleeper agents—that is, agents sent to another nation to assume normal lives who then become active agents at some time later. The 2010 expulsion of ten Russian sleeper agents underscores the continuing problem.

DNI McConnell sought to move from the risk-avoidance security approach to a “risk-management” approach. This implies a willingness to give the benefit of the doubt to some applicants or employees rather than to try to run a system that wards off any potential risks, which clearly is not possible. As sensible as this approach may be, it can run into opposition from those people who are supposed to administer it, the individuals responsible for personnel security. These individuals are unlikely to see any benefit to clearing more people if this means they have also cleared the individual who becomes a security threat. The personnel security staff may also recognize that they will be the ones who are asked to explain how breaches got through in the first place. This personnel policy shift is another interesting test of the DNI’s authority over intelligence officers who work in agencies that the DNI does not control directly. Finally, it is important to remember that security rules do not exist in a vacuum. Rather, they coexist with several other policy goals, at least in democracies. These goals include the necessity and desire of governments to be transparent and to give their citizens access to certain types of information. This does not equate to access to any and all information, but it does occasionally raise issues about where to draw the line, one way or the other, or how long information should remain classified and the rules for declassification. All of these tensions exist in the United States.

The security clearance issue became highly politicized with the advent of the Trump administration in 2017. First, there was the issue of clearances for the new White House staff, some of whom spent prolonged periods with interim clearances while their cases were adjudicated, including Trump’s son-in-law and senior adviser, Jared Kushner. According to press reports, Trump interceded personally to secure Kushner’s clearance. In 2018, White House chief of staff John Kelly took steps to improve the White House process by improving liaison with the FBI and expediting the transmission of “significant derogatory information.” Kelly also banned any further use of interim clearances for new hires.

Second, and more controversial, was Trump’s decision in August 2018 to remove the security clearances held by former DCIA John Brennan (2013–2017). Former senior national security officials retain clearances largely as a courtesy, so that they can offer advice when asked by their successors. Brennan repeatedly expressed his extreme discontent with Trump’s tenure in a series of Twitter postings. As a result, Trump lifted Brennan’s clearance. Although most observers believed Trump had the authority to do so, the action was unprecedented in that it was the White House taking this action and not the agency holding Brennan’s clearances, in this case the CIA. Most of the former DCIs, DNIs, and their deputies signed a letter protesting Trump’s action, as did several hundred former intelligence and national security officials. Although not necessarily supporting what Brennan said, they defended his right to do so. There are thirteen administrative reasons for which a clearance can be revoked (substance abuse problems, criminal activity, security violations, and so on). Disagreeing with or speaking harshly about a president and his policies is not among them.

EXTERNAL INDICATORS AND COUNTERESPIONAGE

Besides internal measures taken to prevent or to identify problems, counterintelligence agents look for external indicators of problems. They may be more obvious, such as the sudden loss of a spy network overseas, a change in military exercise patterns that corresponds to satellite tracks, or a penetration of the other service’s apparatus that reveals the possibility of one’s own having been penetrated as well. This apparently is how Robert Hanssen was detected. According to Russian press sources, the ten Russian sleepers arrested in the United States in 2010 were also identified by a Russian intelligence officer who had defected. The indicators may be more subtle—the odd botched operation or failed espionage meeting or a negotiation in which the other side seems to be anticipating one’s bottom line. These are all murkier indicators of a leak or penetration—what some observers have described as a “wilderness of mirrors.”

In 1995, CIA and NSA published signals intelligence (SIGINT) intercepts (code-named VENONA) that had been used to detect Soviet espionage in the United States. From 1943 to 1957, VENONA products helped identify Alger Hiss, Julius Rosenberg, Klaus Fuchs, and others working for Soviet intelligence. As VENONA showed, SIGINT can offer indications of ongoing espionage, although the references to spying may be oblique and are unlikely to identify the spy outright. The VENONA intercepts used code names for the spies but often provided enough information to help narrow the search.

The serious problems resulting from having been penetrated by a hostile service also highlight the gains to be made by carrying out one’s own successful penetration of the hostile service. Among the intelligence that may be gathered are the following:

An opponent’s HUMINT capabilities and targets, strengths, weaknesses, and techniques

The identity of clandestine service officers

An opponent’s main areas of intelligence interest and current shortfalls

Possible penetrations of one’s own service or other services

Possible intelligence alliances (for example, the Soviet-era KGB used Polish émigrés in the United States for some defense industry espionage and Bulgarian operatives for “wet affairs”—assassinations)

Sudden changes in an opponent’s HUMINT operations—new needs, new taskings, changed focuses, a recall of agents from a specific region—each of which can have a host of meanings

Discovering the presence of foreign agents may not lead automatically to their arrest. The agents also present opportunities, as they are conduits back to their own intelligence services, which takes us into the realm of counterespionage. At a minimum, efforts can be made to curtail some of their access without their becoming aware of it and then false information can be fed to them to send home to confuse their analyses. Alternatively, counterintelligence officers may try a more aggressive approach, attempting to turn them into double agents who, although apparently continuing their activities, then provide information on their erstwhile employer and knowingly pass back erroneous information. (Britain’s Double Cross system was very effective at turning German agents into double agents during World War II. Fidel Castro apparently was also successful with U.S. agents sent against his regime in Cuba.) But just as there are double agents, so there are triple agents—agents who have been turned once, discovered, and then turned again by their own side. The effect, again, is a wilderness of mirrors.

Counterespionage also underscores the use of “dangles,” discussed earlier. (See chap. 5, HUMINT.) One way to probe or to identify hostile counterintelligence activities is to dangle a supposed spy in front of a foreign service and see how they react and how they handle the dangle. (When Hanssen approached the Soviets after a period in which he had stopped spying, they apparently protested about what they believed to be a dangle, which the United States denied doing but did not follow up as to why the Soviets had raised this possibility at the time.)

PROBLEMS IN COUNTERINTELLIGENCE

Several problems arise in assessing counterintelligence operations. First, by its very nature, any CI penetration is going to be clandestine. Counterintelligence officers are unlikely to come across initially compelling evidence about a successful hostile penetration.

Second, the basic tendency within any intelligence organization (or any organization, for that matter) is to trust its own people, who have been vetted and cleared. They work with one another every day. Familiarity can lead to lowering one’s guard or being unwilling to believe that one’s own people may be disloyal. This appears to have been a problem in uncovering the espionage of Ames; the CIA was slow to look inward for the cause of severe losses of assets in Moscow. It was originally thought that Hanssen escaped detection for more than twenty years because of his familiarity with U.S. counterintelligence policy and techniques. However, a 2003 report by the inspector general of the Justice Department (the FBI is part of that department) found that internal laxity and poor oversight allowed Hanssen, who was portrayed as erratic and bumbling, to avoid detection. Most telling, the FBI first concentrated on a CIA officer, Brian Kelley, when hunting for the spy who turned out to be one of their own—Hanssen. It is easier to believe that the problem lies in another agency. Similarly, fellow employees apparently did not ask why Edward Snowden, a systems administrator, was asking for their computer passwords.

But the alternative behavior—unwarranted suspicion—can be just as debilitating as having a spy in one’s midst. James Angleton, who was in charge of the CIA’s counterintelligence from 1954 to 1974, became convinced that a Soviet mole—a deeply hidden spy—had penetrated the CIA. Some believed that Angleton was reacting to the fact that his close British associate, Kim Philby, had turned out to be a Soviet agent. Angleton was unable to find the mole, and some believe that he tied the CIA in knots by placing virtually anyone under suspicion. Some suggested that Angleton himself was the mole and that he created a furor to divert attention. Angleton remains a controversial figure, but his activities give some indication of the intellectual issues that can be involved in spying and counterintelligence.

For many years, counterintelligence was a major source of friction between the CIA and the FBI. Some of the friction was a legacy of longtime FBI director J. Edgar Hoover’s resentment toward the CIA and that agency’s reciprocation of Hoover’s feelings. The friction also stemmed from differing views of the problem. A discovered spy is a problem as well as a counterespionage opportunity that the CIA may wish to exploit. Counterespionage can be thought of as a subset of the larger counterintelligence issue. CI seeks to thwart or exploit any and all attempts to undercut or penetrate intelligence activities. Counterespionage works against the HUMINT aspects (both offensive and defensive) of the CI problem. For the FBI, spying is a prelude to prosecution. As late as the Ames case of the early 1990s, the CIA and the FBI were not coordinating their counterintelligence efforts, which probably prolonged Ames’s activities. As a result of his arrest and the subsequent investigation, the CIA and the FBI created a jointly staffed counterintelligence office to correct the mistakes of the past.

Like so much else in intelligence, suspicions of espionage may not always be proved. The case of Wen Ho Lee, a scientist at Los Alamos National Laboratory, is instructive but complex. In brief, Lee’s case came up hard on the heels of a congressional report put out by the Cox Committee (U.S. House Select Committee on U.S. National Security and Military/Commercial Concerns with the People’s Republic of China, 1999), which was headed by Rep. Christopher Cox, R-CA, and investigated a series of allegations about Chinese spying that largely targeted high-end technology, including U.S. nuclear weapons designs. Given the issues involved, the Department of Energy (DOE) and the national laboratories were likely places to look. (A series of nasty arguments also played out in public between current and former DOE intelligence and counterintelligence officers, as well as between some of them and the FBI, over the issue of responsibility.) Lee, who was born in Taiwan, had been under investigation since 1994, but the investigation was fitful and inconclusive. He had downloaded some 400,000 pages of classified nuclear data unrelated to his work at Los Alamos. In 2000, Lee was arrested, charged with fifty-nine counts, and held in jail for more than nine months, mostly in solitary confinement. However, the government was unable to discover evidence of espionage, that is, passing the material to a foreign power. A Justice Department report castigated the FBI’s handling of the investigation, concluding that if Lee was a spy, the FBI let him get away, and if he was not a spy, the bureau failed to consider other lines of investigation. Lee was eventually released and agreed to plead guilty to one felony count of illegally downloading sensitive nuclear data. The case remains, at best, inconclusive. This calls to mind Scottish law, which gives a jury the option to return a verdict of “not proven,” instead of either guilty or not guilty.

In intermediate cases, officers come under suspicion for reasons other than espionage but still pose risks. A good example is Edward Howard, a CIA Directorate of Operations (DO) officer who was slated to be posted to Moscow in the 1980s. Howard was revealed to have ongoing drug and criminal problems that made the posting impossible. He was suspected of being a counterintelligence problem, but handling the situation was difficult. If sending him to Moscow was not an option, he would have to be reassigned or fired. If he were reassigned, he would still be in a position to see classified material even though he remained a security risk because of his personal behavior. Moreover, he would most likely feel aggrieved because of the cancellation of his overseas posting, making him an ever bigger risk. Alternatively, to fire him was risky, as he had thorough knowledge of DO tradecraft plus information about operations in Moscow. Once fired, it would be difficult, if not impossible, to keep watch on him. Ultimately, Howard was fired, but he was kept under FBI surveillance. He eluded a somewhat lax surveillance (using techniques he learned as a DO officer) and fled to Moscow, claiming that he had not been a spy but had been driven away by the CIA. David Wise, a veteran intelligence author and sometimes critic of U.S. intelligence, interviewed Howard in Moscow and came away convinced that Howard’s disloyalty predated his flight.

Some who deal with counterintelligence make a distinction between big CI and little CI. If a spy is revealed in one’s organization, it is important to determine the reasons why he or she went after specific information. Was this tied to some specific need or tasking or was it simply opportunistic? If one is able to answer this question, it will reveal the nature of the penetration and the goals of the nation running the spy. All of this comes under “big CI.” Beyond this, there are still the specific issues surrounding the penetration: how it happened, how long it has been going on, who on the other side has been responsible for tasking and for running the penetration, what information may have been compromised, issues of tradecraft. All of these are “little CI” issues. It is like the distinction made in military operations between strategy (big CI) and tactics (little CI).

Once a spy has been identified and arrested (or, in the case of some foreigners with diplomatic status, expelled), the intelligence community conducts a damage assessment to determine what intelligence has been compromised. Having the cooperation of the captured spy would be useful. In the United States, this cooperation often becomes a major negotiating point between government prosecutors and the spy’s attorney: cooperation in exchange for a specific sentence or for consideration for the spy’s family. (The wives of Ames and Pollard also received short prison terms for their complicity in their husbands’ espionage, serving five years and three years, respectively. Hanssen’s wife knew at least about his first period of espionage. However, she was allowed to keep the survivor portion of Hanssen’s federal pension.)

As with everything else in counterintelligence, however, issues always linger. The most obvious is the degree to which the spy is being honest and forthcoming. Those conducting the damage assessment must avoid the temptation to use the fact of a discovered spy to explain intelligence losses that are unrelated to that person’s espionage. The focus must stay firmly on the intelligence to which the spy had access. More than one spy may have been operating at the same time, with access to the same intelligence. This appears to have been the case with Ames and Hanssen, whose espionage was contemporaneous and who had access to some of the same intelligence. Thus, the Hanssen damage assessment likely required a reexamination of the Ames damage assessment, perhaps without any definitive conclusions. The Soviets or, later, the Russians could have used one set of information to confirm the other, thus having Ames and Hanssen ironically confirming each other’s bona fides as useful spies.

Double agents raise a host of concerns about loyalty. Have they been turned, or are they playing a role while remaining loyal to their own service? Investigations of U.S. citizens suspected of spying bring up legal issues because of constitutional safeguards on civil liberties. Domestic telephones can be tapped, but only after intelligence agents have obtained a warrant from a special federal court (the Foreign Intelligence Surveillance Court), which was set up by the Foreign Intelligence Surveillance Act of 1978 (FISA, pronounced “fy-za”). (See chap. 10 for a discussion of this court.) Agents also use other intrusive techniques, such as listening devices in the suspect’s home or office; searches of home or office when the suspect is absent, including making copies of computer files; and going through garbage.

Prosecuting intelligence officers for spying was a major concern for the intelligence agencies, which feared that accused spies would threaten to reveal classified information in open court as a means of avoiding prosecution. This is known as “graymail” (as opposed to blackmail). To preclude this possibility, Congress in 1980 passed the Classified Intelligence Procedures Act (also known as the Graymail Law), which allows judges to review classified material in secret, so that the prosecution can proceed without fear of publicly disclosing sensitive intelligence.

In 1999, as part of a government-wide response to revelations about Chinese espionage, the FBI proposed splitting its National Security division into two separate units, one to deal with counterespionage and the other with terrorism. In 2003, the FBI created an Intelligence Division, concentrating primarily on terrorism. The 2004 intelligence legislation formally recognized the new office as the Directorate of Intelligence. The FBI also proposed broadening the National Security Threat List, on which it assesses counterespionage threats, to include corporations and international criminal organizations as well as foreign governments.

In June 2005, President George W. Bush ordered a restructuring of both the Justice Department and the FBI. The position of assistant attorney general for national security was created, overseeing counterterrorism, counterespionage, and intelligence policy. The FBI now has a National Security Branch, which oversees the new Directorate of Intelligence and the Counterterrorism and Counterintelligence Divisions, and the Weapons of Mass Destruction Division. The National Security Branch is headed by an executive assistant director, who is the FBI’s primary liaison to the DNI for coordination of activities and budget. Interestingly, the branch deputy has been a senior CIA officer.

In addition to the FBI, which has the primary counterintelligence responsibility in the United States, and the CIA, the DCSA, noted above, and the counterintelligence units of virtually all intelligence agencies or offices share some CI responsibility. The diffusion of the CI effort reflects the organization of the community and also highlights why coordination on CI cases has been problematic. To remedy this, Congress, in 2002, passed the Counterintelligence Enhancement Act, which called for the creation of what is now the National Counterintelligence and Security Center (NCSC, established 2014; formerly the National Counterintelligence Executive, NCIX). The NCSC is the head of U.S. counterintelligence and is responsible for developing counterintelligence plans and policies. This includes an annual strategic CI plan, a national CI strategy, and the oversight and coordination of CI damage assessments. The intelligence law of 2004 puts the NCSC under the DNI. NCSC has no control, however, over the agencies or offices that conduct counterintelligence. Therefore, there is something of a disconnect between the office creating a fairly broad and general strategy and those offices responsible for actually conducting counterintelligence.

In 2020, Congress passed legislation requiring intelligence agencies to assess the risk posed by former intelligence officers working for foreign governments. A year later, the CIA’s counterintelligence chief sent a note to retired officers warning about working directly or indirectly for foreign governments. Receiving a clearance entails a lifetime obligation not to reveal secrets, even after retirement. This may or may not include specific skills or techniques that an intelligence operator or analyst used on the job. There is no law or rule prohibiting such work, as long as the contractors continue to safeguard classified information. But there are obvious counterintelligence concerns. This entire effort appears to have been prompted by four former NSA employees who went to the United Arab Emirates to assist with that nation’s cyber capabilities.

A more recent issue has arisen as a result of the SolarWinds cyber breach (see chap. 12 for details), widely attributed to Russia. Until this breach, U.S. courts allowed the electronic filing of sensitive materials that are germane to counterintelligence cases. The U.S. court system’s electronic case files were among those affected by the SolarWinds breach. Under new rules, sensitive documents have to be printed out and hand delivered to the courthouse.

LEAKS

Leaks are a constant security concern. They may not be seen as dangerous as an espionage penetration, but they can have obvious counterintelligence concerns, because leaks often entail the unauthorized release of classified information. It is a generally held view that the leak problem is much worse now than it has ever been, but this perception was prevalent through much of the latter twentieth century. (President Franklin D. Roosevelt, decrying leaks during his tenure, wondered why the British had so many fewer leaks, even though Britain had freedom of speech and tea parties.)

Once a leak occurs, the agency whose information has been compromised can ask the Justice Department to open a criminal probe. However, there are two immediate impediments. The first is that, in many cases, too many people have had access to the information to be able to pin down the source of the leak. Agencies keep “bigot lists” of people with access to certain categories of intelligence, but these are often rather lengthy rather than exclusive. The second is the legal basis for prosecuting a leak. Several nations, including Britain, Canada, and India, have laws protecting classified information and creating legal penalties for unauthorized disclosure. But there is no single U.S. statute covering leaks. The Intelligence Identities Protection Act (1982) makes it a crime for someone who has access to classified information to knowingly reveal the identity of a clandestine agent. It is also a crime to engage in a “pattern of activities” intended to reveal the identity of a clandestine agent or agents. This law was passed in reaction to the 1975 assassination of Richard Welch, the CIA chief of station in Athens. The “pattern of activities” clause was aimed at individuals such as former CIA officer Philip Agee, who made a practice of revealing the identity of CIA case officers overseas after he left the CIA. This act was also initially at issue in the 2003 revelation that Valerie Plame was a CIA officer, which was part of the larger Iraq weapons of mass destruction (WMD) controversy. However, Lewis Libby, then chief of staff to Vice President Richard Cheney, who became the focus of the leak investigation, was convicted in 2007 of obstruction of justice, perjury, and making false statements to federal investigators, and not of the leak itself. The Plame leak investigation also led to questions about the roles and responsibility of the press with regard to classified information. (See chap. 13.)

In 2011, President Obama signed Executive Order 13587, designed to make structural reforms to improve security on classified networks while also allowing for the sharing of classified information. This executive order included a mandate to create an Insider Threat Program to deter, detect, and mitigate insider threats. The details of this program came to light in 2013, after the Snowden leaks. According to press reports, this program covers not only classified material but any other leaks and includes many agencies beyond the intelligence community. The program is based, in part, on federal employees and contractors looking for and reporting “high-risk persons or behaviors”—many similar to the indicators for espionage—and also imposes penalties for failing to report them. The program also includes greater protection for whistle-blowers who use proper internal channels to report fraud, waste, and abuse. In late 2015, the Defense Insider Threat Management Analysis Center (DITMAC) was stood up under the Defense Security Service, now the DCSA. DITMAC is the central clearinghouse for collecting and coordinating potentially “adverse” information about employees and other people with access to Defense facilities. DITMAC is not responsible for detecting and acting on threats. Critics of the program note the large number of people holding clearances and argue that the indicators for high-risk behaviors are set rather low and are also somewhat subjective, which may result in a plethora of false reports. Concern about insider threats again raises issues about the personnel security system and the need for more frequent, if not continuous, evaluations. This was one of the recommendations made by the National Insider Threat Task Force, created under the Obama executive order and part of the National Counterintelligence and Security Center. The task force published its Insider Threat Program: Maturity Framework in November 2018.

In 2012, DNI Clapper announced steps designed to deter unauthorized disclosures of national security information. A question related to unauthorized disclosures would be added to the counterintelligence polygraph for all agencies administering that examination (CIA, DIA, DOE, FBI, NGA, NRO, and NSA). Also, the inspector general for the intelligence community would be tasked with leading independent investigations of leaks that the Justice Department declined to prosecute. Parallel efforts to include anti-leak legislation in the intelligence authorization bill failed to pass.

There are technologies that can disable the use of removable storage devices, such as CDs and thumb drives. The Defense Department reportedly bought such a system, the Host Based Security System (HBSS), after the Manning leaks, but it is not clear that it was in place at NSA to prevent the Snowden leaks. The Espionage Act (1917) has been used as the legal basis for leak prosecutions. Enacted months prior to the United States’ entry into World War I, this act covers traditional espionage but is also deemed broad enough to cover leaks, even of information that is not classified but is related to the national defense. During World War I, the act was used to jail antiwar protesters, such as U.S. socialist leader Eugene V. Debs, who was convicted of sedition for speaking out against the draft. The Espionage Act was used to convict Samuel L. Morison, a U.S. Navy intelligence officer who provided classified imagery to a British publication with whom he had a business relationship. Morison was convicted in 1985 of espionage and theft of government property.

Use of the Espionage Act became controversial in 2006 when it was used as the basis for prosecuting two officials of the lobbying group the American Israel Public Affairs Committee (commonly called AIPAC) who received classified information from a Defense Department official, Lawrence Franklin, and then passed it on to an Israeli official and a journalist. Franklin pleaded guilty and was sentenced to more than twelve years in prison, later reduced to ten months of house arrest and 100 hours of community service after the cases against the AIPAC lobbyists were dropped. But the cases of the AIPAC officials, Steven J. Rosen and Keith Weissman, were the first use of the Espionage Act to prosecute nongovernment officials for leaking. The FBI also conducted an investigation of AIPAC for connections to Israeli intelligence. The judge in the case refused to dismiss the charges on the claim made by the defendants’ lawyers that the use of the Espionage Act infringed on their clients’ right of free speech, but he also raised questions about the applicability of the statute during the trial. He also ruled that the defendants could use classified information in their defense, despite government opposition. In 2009, the Justice Department dropped the charges.

Another aspect of leaks that became controversial was an offshoot of the Plame/Libby case. In 2006, Libby reported that President George W. Bush authorized him in 2003 to discuss with a reporter aspects of the then-classified 2002 national intelligence estimate (NIE) on Iraq WMD. Although the president can decide to declassify information, Bush’s action seemed to undercut his administration’s complaints about leaking. It can be argued that the president cannot leak because the president also has the right to declassify intelligence, but the motives behind a revelation can be debated, as they were in this case. Similarly, President Obama and other senior officials clearly cooperated with a reporter writing a book about administration policy in Iraq and Afghanistan in Obama’s first year in office. At the same time, the Obama administration was much more aggressive than past administrations in prosecuting individuals accused of leaking, with nine prosecutions in all. Some were successful, such as the prosecution of CIA officer John Kiriakou, who was found guilty of leaking information about the identity of CIA officials involved in the rendition and interrogation program. Kiriakou received a sentence of thirty months. However, the case against Thomas Drake, an NSA officer accused of leaking information related to a program that had run into trouble, proved to be problematic. The judge in this case questioned the delays involved in the investigation and ruled that the jury would have to be shown some of the reportedly classified material, which NSA refused to do. Drake pleaded guilty to a misdemeanor and not to felonies under the Espionage Act as originally charged. (Drake and several others charged with NSA leaks have sued several agencies and officials, charging violation of rights, illegal searches, retaliation for whistle-blowing, cancellation of clearances, and so on.) In 2018, Reality Winner, a contractor working for NSA, was sentenced to five years and three months in prison after pleading guilty to leaking information about Russian interference in the 2016 election.

In 2013, Pvt. Bradley Manning was found not guilty of aiding the enemy but was found guilty of other violations of the Espionage Act and sentenced to thirty-five years. The “aiding the enemy” charge in the Manning case disturbed some First Amendment authorities as it advances the legal argument that leaking to the press can be equated to the treason charge if the leaker knows the information may get to an enemy, even by indirect means. Commentators have noted that Manning was charged under military law, but this leaves open whether similar charges could be brought against nonmilitary personnel. Former State Department and FBI employees were also successfully prosecuted by the Obama administration for leaks.

In January 2017, President Obama commuted Manning’s sentence to time served, seven years. Finally, the Manning case also raises the issue of what is a journalist under First Amendment protections. Does this include a website like WikiLeaks, whose sole purpose is to publish classified material? The Obama administration struggled with this issue but decided not to indict Julian Assange, the founder and operator of WikiLeaks. However, in November 2018, a federal court filing inadvertently revealed that Assange had been secretly indicted by the United States. In April 2019, Ecuador ended Assange’s almost seven-year asylum status at their London embassy; he was arrested and sentenced to fifty weeks in prison for jumping bail on a Swedish sex assault warrant. After his arrest, the initial U.S. indictment was revealed. Assange was charged with conspiracy to commit computer intrusion against a U.S. government computer, referring to his work with Manning. This charge, which carries a five-year sentence, avoided possible issues regarding Assange’s claimed status as a journalist. In May 2019, the U.S. government released a second indictment against Assange, this time covering seventeen counts under the Espionage Act. This second indictment raised concerns among journalists and free press advocates, although some observers questioned whether Assange is a journalist. Pursuing efforts to extradite Assange to the United States, the Biden administration in July 2021 stated that, if convicted, Assange would not be sentenced to a severe U.S. prison term and could serve out his sentence in his native Australia. Snowden has also been indicted under the Espionage Act. In November 2020, Snowden announced that he and his wife were applying for Russian citizenship in addition to their U.S. citizenship.

One of the most serious recent leak cases was brought against former CIA employee Joshua Schulte, who was accused of being behind the 2017 Vault 7 leak to WikiLeaks, which detailed CIA cyber tools and operations. Schulte’s 2020 trial ended in convictions on two minor counts—contempt of court and making false statements to the FBI—but the jury deadlocked on the more serious charges. The judge declared a mistrial, but a retrial is possible.

Some observers have argued that there may be a double standard when it comes to prosecuting government leakers, depending on their rank. In March 2015, former DCIA Gen. David Petraeus (2011–2012) pleaded guilty to one misdemeanor for the unauthorized removal and retention of classified material, having shared highly classified material with Paula Broadwell, who was Petraeus’s biographer and mistress. Petraeus was sentenced to two years of probation and a $40,000 fine. Former Secretary of State Hillary Clinton (2009–2013) was severely criticized by the FBI for her use of a private, unsecured email server but was not indicted, which also may be seen by critics as a double standard. Finally, in 2016, Gen. James Cartwright, former vice chairman of the Joint Chiefs of Staff, pleaded guilty to making false statements to the FBI concerning an investigation of a leak about supposed U.S.-Israeli operations against Iran. President Obama pardoned Cartwright in 2017, before he was sentenced, at the same time that Manning was pardoned.

All of the cases cited above involved government employees who had access to classified information. The Obama administration was also aggressive about journalists who receive such information. In 2012, the Justice Department secretly seized phone records for Associated Press editors and reporters to investigate a State Department leak. In July 2013, Attorney General Eric Holder announced new guidelines for obtaining journalists’ records, including more advanced notice in most cases and a process for news organizations to challenge requests in court. A more complex case involves former CIA officer Jeffrey Sterling and New York Times reporter James Risen. Sterling was indicted under the Espionage Act in 2010 for alleged leaks, presumably to Risen. Risen received a subpoena ordering him to reveal some of his sources as part of the Sterling case. Risen lost every legal effort he made to have the subpoena quashed, including an appeal to the Supreme Court. However, at the outset of Sterling’s trial in late 2014, Attorney General Holder decided not to call upon Risen to testify, convinced that the reporter would refuse to do so. Sterling was convicted and sentenced to three years and six months. Interestingly, Sterling’s attorneys cited Petraeus’s plea bargain in requesting a less severe sentence, which Sterling did not receive. In June 2018, James Wolfe, the former head of security for the Senate Intelligence Committee, was accused of lying to the FBI during a leak investigation. In making their case against Wolfe, prosecutors had obtained phone records, but not the actual content, of Ali Watkins, a reporter with whom Wolfe had had a personal relationship. Other journalists objected to this, but there was also the question of journalistic ethics, as Watkins’s various employers allowed her to be assigned to a beat, the Senate committee, where she had a personal relationship. Wolfe pleaded guilty to one count of making a false statement to the FBI. He was sentenced to two months in prison.

In August 2020, Brian Murphy, the acting under secretary for intelligence and analysis at DHS, was reassigned after revelations that his office had compiled and disseminated reports about reporters who had leaked documents critical of DHS’s handling of the Black Lives Matter protests in Portland, Oregon.

In May 2021, the Washington Post revealed that the telephone records of three reporters had been seized, covering a period in 2017. The Justice Department said that the investigation was not about the reporters but about federal employees who may have leaked information concerning possible connections between the 2016 Trump campaign and Russia. The Trump administration also sought emails for reporters from The New York Times and CNN and from some Democrats serving in Congress. Gag orders pertinent to these requests continued into the Biden administration. In the spring of 2021, President Biden decried these searches, and Attorney General Merrick Garland created new rules limiting what records could be sought from reporters and what information could be obtained about members of Congress and their aides. The inspector general of the Justice Department said he would investigate the earlier effort against Democratic members.

Presidents, by definition, do not leak. If they say something publicly, it is declassified. For example, U.S. intelligence officials were caught off-guard by the first unclassified acknowledgment that the United States used imagery satellites, which came in a speech made by President Lyndon B. Johnson in 1967. In a June 2011 speech, President Obama acknowledged the U.S. role in the death of Anwar al-Awlaki, a U.S. citizen who was abetting terrorism. However, Obama avoided mentioning how Awlaki had been killed. As noted in chapter 5, President Trump was criticized for sharing foreign liaison intelligence, presumably Israeli, with Russian Foreign Minister Sergei Lavrov, violating the third party foreign liaison rule. In August 2019, after an explosion at an Iranian rocket launch site, Trump tweeted a photo of the damage and denied U.S. involvement. The photo apparently came from a classified imagery system, again raising security concerns. A few weeks after taking office in 2021, President Biden decided that Trump should not receive further intelligence briefings, which are customarily offered to former presidents as a courtesy, citing security concerns.

It is important to understand the status of classified information that is leaked. The fact that classified information is released to the public by unauthorized means does not mean that this information is now declassified. The information is still considered to be classified and remains so until declassified by someone with the authority to do so.

An underlying issue regarding leaks is the large amount of material that is classified, some of it incorrectly. As noted in chapter 5, there are rules and definitions by which material is properly classified. Also, as noted before, cases like that of David Petraeus and potentially Hillary Clinton make it more difficult to defend a system that apparently allows exceptions. In March 2016, the Obama administration began a Fundamental Classification Guidance Review to eliminate obsolete requirements and reduce the amount of classified material. The Obama administration created a category called “sensitive but unclassified” (SBU), meaning the information is unclassified but still must be controlled in its distribution. This strikes some security professionals as anomalous, arguing that material is either classified or not, but there is no middle case like SBU.

In April 2017, the ODNI published Principles of Classification Management for the Intelligence Community, which promulgates uniform guidelines for classifying and marking Classified National Security Information (CNSI). These include a risk-management strategy for classification decisions to avoid automatic over-classification, and making declassification and downgrading an integral part of the strategy.

A new type of leak has arisen with the advent of sites like WikiLeaks, whose avowed purpose is to publish classified information. WikiLeaks publications to date have involved thousands of documents, underscoring the added security problem created by information technology, which enhances the ability to access, remove, and transfer large amounts of data easily. The leaks have exposed the names of foreigners who have cooperated with the United States and Democratic National Committee emails during the 2016 presidential election. Interestingly, the organizations Amnesty International and Doctors Without Borders have condemned WikiLeaks’s activity, making for an unlikely coalition with the Defense Department. There has been a debate within and beyond U.S. intelligence as to whether or not WikiLeaks works for the Russian government. No conclusions have been reached publicly, but it is clear that Russian president Vladimir Putin’s foreign policy goal of sowing discord in the West has benefited from WikiLeaks’s activity.

In March 2017, WikiLeaks published thousands of pages detailing alleged CIA tools to hack into computers, cell phones, and other technology. The CIA, of course, refused to authenticate the leaks. In June 2018, a former CIA employee, Joshua Schulte, was charged with theft of classified material. A few months before this leak, a group calling itself Shadow Brokers began leaking what it said were tools used by NSA to hack into systems. Reactions to this leak appeared stronger and more concerned than to the CIA leak, especially as various groups began using the stolen NSA tools. According to some press accounts, Israel hacked into the system of Kaspersky, a Russian cyber security firm, and then alerted the United States to the presence of stolen tools. Both cases, involving the CIA and NSA losses, raised new concerns about the intelligence community’s vulnerability to leaks and about lost capabilities. Also according to press accounts, the cyber firm Symantec reported that China had captured some NSA tools that were being used in an intrusion on Chinese systems.

A 2013 report by the RAND Corporation on leaks was fairly pessimistic on the likelihood of stemming what the authors called “a culture of leaking.” In March 2014, DNI Clapper signed Intelligence Community Directive (ICD) 119, “Media Contacts,” limiting such contacts by all intelligence community employees and requiring authorization for all such contacts. The ODNI later offered a clarification that appeared to indicate that a major concern was that intelligence community employees not use leaked material as sourcing when speaking to the press, although the underlying concern about trying to limit press contacts remained.

Leaks, like espionage cases, raise the issue of damage assessments. Both the Manning and Snowden leaks have entailed costs to U.S. diplomatic relations. Manning leaked the details of U.S. diplomatic traffic and assessments of various foreign officials. As noted, Snowden leaked details of intelligence collection in various nations, some of which are U.S. allies. The Snowden leaks also put the collection programs themselves in jeopardy by exposing their existence and how they function. Assessing the damage—or potential damage—done by Snowden may be difficult, as it may never be known with certainty the full extent of the files he copied and took with him.

The large number of leaks, particularly by contractors, also raises issues about relying on contractors for secure support and the insider threat issue. Contractors go through the same security review for clearances as all government employees, so they do not represent an inherently weak link in the security system. There are multiple efforts ongoing to identify insider threats as they develop and before they result in lost intelligence, but these do not appear to be very different from efforts to identify potential spies in advance. As noted, there are some behaviors that may be indicative of a willingness to spy or to leak, but they may also be no more than indicators of personal problems that many people face.

Leaks also raise the issue of the reliability of the United States as an intelligence partner. As noted in chapter 5, there are multiple foreign liaison relationships between U.S. intelligence agencies and their foreign counterparts. These relationships are built on shared interests and on trust regarding the security of shared intelligence. In the aftermath of Trump’s remarks to the Russians concerning Israel, several press reports suggested that Israel would curtail its intelligence sharing with the United States. Officially, of course, Israel denied this. The British government was concerned about police intelligence related to the 2017 suicide bombing in Manchester that had been shared with the United States but appeared in The New York Times.

The Trump administration, like others before it, has tried to stop leaks. In September 2017, the Trump administration ordered every federal department and agency to hold one-hour training sessions on “unauthorized disclosures” and their consequences. The document mandating this program, although not classified, leaked. The FBI’s counterintelligence division has created a unit devoted to countering leaks. The Justice Department reported a twofold increase in the number of leaks during the first two years of the Trump administration.

There is also the question of leaks and whistle-blowing. Snowden, for example, has claimed to be a whistle-blower, revealing programs that he believed were a threat to civil liberties, even though these had been created by a public law passed by Congress and signed by the president. Snowden also released a great deal of material wholly unrelated to the two NSA programs, which undercuts his assertion. But the question remains: What differentiates a leaker from a whistle-blower? Whistle-blowing is a recognized and legitimate action. There is a Whistleblower Protection Act (1989), defining the range of activities that can be reported and offering protections against retaliation. The intelligence community has the Intelligence Community Whistleblower Protection Act (1998), Presidential Policy Directive 19 (PPD-19, 2012), and ICD 120 (2014), all of which have similar purposes to the 1989 law. There is a formal Whistleblowing Program under the Office of the Intelligence Community Inspector General, but the overall program seems small. The latest report of the intelligence community inspector general, covering April–September 2020, stated that there were eight external review requests by whistle-blowers for the period, two of which were closed and six pending, plus another six pending from previous periods. The previous semiannual report listed fifteen congressional disclosures and eleven external review requests. In 2018, NSA announced that it was taking steps to give higher priority to whistle-blower protection. There are always questions about the effectiveness of these various laws and policies, especially the ability to be heard and the protection from retaliation. The point remains that for an employee, there is a specific process to be followed in the event of suspected misfeasance, malfeasance, or illegality, in lieu of going to the press. This view is also undercut, however, by “official” leaks, which do occur and which, again, appear to create a double standard.

In December 2019, Trump raged about the whistle-blower whose accusations about Trump’s dealing with Ukrainian officials led to his first impeachment. Trump also revealed the name of the individual he believed to be the whistle-blower, which violated the protection rules. In 2020, a federal court ruled that agencies could launch retaliatory investigations against whistle-blowers, which would appear to diminish any protections.

In April 2020, President Trump fired the intelligence community inspector general, Michael Atkinson. Atkinson had notified Congress about the whistle-blower complaint that led to Trump’s first impeachment, concerning his policy and actions about Ukraine. By law, Atkinson was obligated to do so. At the same time, Trump fired several other individuals who had testified against him in the impeachment hearings. Trump said he had “lost confidence” in Atkinson and cited the “fake” whistle-blower report. Over the next few weeks, Trump fired four departmental inspectors general in addition to Atkinson.

Finally, leaks also raise the issue of the responsibility of the press. Should members of the press publish any classified material that comes their way, or do they also have a responsibility, on occasion, to withhold information that has been classified but leaked? There are instances in which journalists have agreed not to publish classified information at the request of government officials. In a famous case, The New York Times became aware of preparations for the 1961 Bay of Pigs operation but agreed not to publish key details, a decision the editors regretted after the operation failed so disastrously. But would they have had the same regrets had the operation succeeded? Who in the press makes these decisions, and how, remains controversial. (See Gabriel Schoenfeld, Necessary Secrets, in this chapter’s bibliography.)

ECONOMIC ESPIONAGE

Finally, there are issues surrounding cases that involve foreign economic espionage that does not come under the 1917 Espionage Act, as in the theft of information that may be proprietary but not classified. In recent years, the U.S. government had four cases collapse involving Chinese Americans accessing information of this sort. None of them had been charged as spies, meaning working for a foreign government. As a result of these failures, the Justice Department said that all cases affecting national security, even tangentially, would be coordinated with Justice’s national security staff, rather than being treated exclusively as white-collar crime.

NATIONAL SECURITY LETTERS

One investigative technique that has been used in espionage cases, as well as counterterrorism, is national security letters (NSLs). Although these have been authorized since 1978 as an exception to the law protecting personal financial data, their existence became widely known only in 2005. NSLs are a type of administrative subpoena—that is, they do not require a judicial order. NSLs are used most often by the FBI but are also used by the CIA. NSLs require the recipients to turn over records and data pertaining to individuals, with the added proviso of a gag order—the recipient of the NSL may not reveal its contents or even the fact of its existence.

Since their inception, NSLs have expanded beyond their original provisions to include electronic communications and credit information. The USA PATRIOT Act, passed after the 2001 attacks, expanded the authority to issue NSLs from FBI headquarters only to field offices, included terrorism as a target as well as espionage, and eliminated the requirement that the information being sought pertain to a foreign power or its agent.

Several controversies surround NSLs. First, and most obvious, is the fact that NSLs are not subject to judicial review and that they come under a gag order, which raises civil liberties concerns. Second, the use of NSLs expanded since 2001. According to the DNI’s Statistical Transparency Report for 2019, 13,850 NSLs were issued in that year, resulting in 63,466 requests for information (one NSL can include multiple information requests). The number of NSLs has been fairly steady for the past several years, but the number of requests has varied. Third, subsequent internal FBI and Justice Department scrutiny also revealed that some NSLs were issued without the proper “exigent circumstances.” FBI Director Robert Mueller (2001–2013) took responsibility for the lapses and apologized, but this was not the first time that the FBI’s management had been called into question in the press and in Congress. In March 2013, a federal judge struck down the law authorizing NSLs and the statute prohibiting legal challenges by those receiving NSLs. However, the judge also stayed implementation of the ruling pending an appeal by the FBI. In 2017, the Ninth Circuit Court of Appeals held that NSLs are constitutional and that the nondisclosure provision does not violate the First Amendment (freedom of speech). Also in 2017, Twitter had a gag order lifted and published NSLs it had received in 2015 and 2016. The letters asked for details about various Twitter accounts (name, address, length of service, transaction records) but not the content of the accounts.

One of the recommendations in the December 2013 report of the President’s Review Group on Intelligence and Communications Technologies, which was formed in the aftermath of the Snowden disclosures, was that NSLs should be granted under a court order. A month later, FBI Director James Comey (2013–2017) took issue with this recommendation, calling the NSLs “essential” and arguing that the recommended procedure would make it very difficult to obtain them. In his January 2014 speech, President Obama took a position similar to Comey’s but said steps would be taken to make them less secret.

As noted, the USA FREEDOM Act (2015; see chap. 5) revised the NSL program. NSL requests must now identify the specific information being sought, rather than make a blanket request for information. Nondisclosure orders may be issued only if the recipients are informed of their right to judicial review. Issuing officials must also certify that disclosure could result in danger to national security, interference with certain operations, or the safety of the recipient. Finally, the act requires that the ODNI post on its website annual numbers of NSLs issued and the number of requests covered by these NSLs during the previous year. Recipients of NSLs, in this case meaning corporations, may also report publicly—within certain categories—on the number of NSLs and the number of customers covered by them.

CONCLUSION

As VENONA confirms, the espionage threat during the cold war was pointed and obvious, even though some cases of Soviet espionage—such as those of Rosenberg and Hiss—still remain controversial to some people. But, as the Ames and Hanssen cases indicated, Russian espionage did not end with the cold war. Neither did U.S. activities against Russia, given the Russians arrested and killed by dint of Ames’s spying or the source who led to Hanssen. (In 2003, Russia arrested Alexander Zaporozhsky, a former intelligence officer who had settled in the United States but had been lured back to Russia. Zaporozhsky was sentenced to eighteen years for spying for the United States. Some observers believed that Russia held Zaporozhsky responsible for helping identify Hanssen.) In 1999, the Cox Committee found that China had stolen U.S. nuclear weapons designs during the 1980s, when the two states were tacit allies against the Soviet Union.

Assessing the nature and scope of the espionage threat to the United States may be more difficult in the post–cold war world than it had been before the demise of the Soviet Union, not only because the ideological conflict is over but also because the sources and goals of penetrations may have changed. A 2002 report prepared for Congress listed China, France, India, Israel, Japan, and Taiwan as being among the most active collectors. The most commonly targeted types of intelligence are U.S. military capabilities, U.S. foreign policy, technological expertise, and business plans. Government officials need not be the sole targets. For certain types of intelligence, government contractors may be key. Several recent studies suggest that China has replaced Russia as the main counterintelligence concern of the United States. China certainly represents the largest number of espionage cases reported in the press. According to FBI Director Christopher Wray (2017–), speaking in 2020, the FBI opens a China-related espionage case every ten hours. Money appears to be the main motive for spying for China, which extends far beyond the Chinese diaspora community. A recent target of Chinese espionage was Western efforts to create a vaccine to fight coronavirus infections. Russia also remains an active concern, albeit less so than China, as does Iran.

Also, just as the United States relies on liaison relationships to enhance its HUMINT, so do foreign nations. In 2001, Ana Belen Montes, a DIA analyst, was arrested for spying for Cuba. U.S. officials assume that much of the intelligence that Montes provided over seventeen years was shared by Cuba with Russia and possibly other nations. Reports in 2002 and 2008 prepared by the Defense Personnel Security Research Center noted changes in the demographics of U.S. citizens who spied against their country. Since the end of the cold war, spies have tended to be older, to have lower clearances, to be naturalized citizens instead of native born (although 65 percent of the spies since 1990 are still native born), and to include more women. Thus, it would be naïve to believe that the need for rigorous counterintelligence and counterespionage ceased with the end of the cold war.