How Congress Screwed Up America’s Security Clearance System
Blame profits, politics -- and a huge growth in secrecy-obsessed institutions.
Sometimes, the cure is worse than the disease. Especially when it's the government that's doling out the medicine. This is what happened when Washington attempted to improve the way its security agencies vetted hundreds of thousands of workers needed suddenly after the 9/11 attacks to pursue counterterror tasks and oversee heightened secrecy requirements.
Soon after its hiring binge began, the government's ambitions collided with a creaky system for conducting the background checks needed to approve job applicants for security clearances. By 2004, the backlog of contractors awaiting approval had reached the size of a small city: at least 188,000. Complaints by federal agencies and job-seekers alike grew so intense that policymakers and legislators in Washington became fixated on finding a solution.
Some additional personnel were added to the review process, but Washington largely chose a different path that promised to be cheaper and quicker -- shortening the time allowed for the reviews, by law. In its wisdom, Congress passed the 2004 Intelligence Reform and Terrorism Prevention Act, which required that by 2009, agencies must process 90 percent of clearance applications within an average of 60 days -- less than a sixth of the average 375-day wait in 2003.
Sometimes, the cure is worse than the disease. Especially when it’s the government that’s doling out the medicine. This is what happened when Washington attempted to improve the way its security agencies vetted hundreds of thousands of workers needed suddenly after the 9/11 attacks to pursue counterterror tasks and oversee heightened secrecy requirements.
Soon after its hiring binge began, the government’s ambitions collided with a creaky system for conducting the background checks needed to approve job applicants for security clearances. By 2004, the backlog of contractors awaiting approval had reached the size of a small city: at least 188,000. Complaints by federal agencies and job-seekers alike grew so intense that policymakers and legislators in Washington became fixated on finding a solution.
Some additional personnel were added to the review process, but Washington largely chose a different path that promised to be cheaper and quicker — shortening the time allowed for the reviews, by law. In its wisdom, Congress passed the 2004 Intelligence Reform and Terrorism Prevention Act, which required that by 2009, agencies must process 90 percent of clearance applications within an average of 60 days — less than a sixth of the average 375-day wait in 2003.
The government also chose to farm the bulk of its vetting work out to contractors, which generally are more nimble than federal agencies in growing or shrinking and are practiced at luring federal funds by promising to cut costs. It relied in particular on U.S. Investigations Services (USIS), a firm that in 1996 was calved off an independent agency known as the Office of Personnel Management (OPM) and quickly got most of the background investigation business before being snapped up by a private equity investment firm in 2003.
Nearly a decade later, the entire clearance system has been convulsed by two particularly notorious security checks by USIS. The first led to a renewed clearance of National Security Agency contractor Edward Snowden, the leaker of tens of thousands of highly sensitive classified documents. The other gave access to Navy Yard contractor Aaron Alexis, whose shooting spree there on Sept. 16 killed 12 other people.
It’s clear, however, that the problems are much more widespread and that their repair will involve somehow fixing an investigative culture — created by Congress and contractors, as well as the executive branch — that heedlessly prized speed over quality.
USIS, which is based in Falls Church, Va., but owned by the Rhode Island-based investment company Providence Equity Partners, is the target of a criminal investigation on charges unrelated to those clearances, according to a statement by Sen. Claire McCaskill (D-Mo.) at a June 20 congressional hearing. It stands accused, she said, of "systemic failure to adequately conduct investigations under its contract."
Michelle Schmitz, OPM’s assistant inspector general for investigations, said at the June hearing that it began to investigate USIS in late 2011 on a "complicated contract fraud case." A federal grand jury launched a criminal probe and issued subpoenas to former USIS executives this summer, the Wall Street Journal first reported.
A spokesman for USIS, Ray Howell, declined to comment on the allegations. But several former employees said in interviews that OPM’s contract with the firm — which OPM so far has refused to make public — was structured to place a premium on speed. They said the firm’s income depended on how many cases it processed and that it incurred financial penalties for failing to meet deadlines.
But responsibility for any clearance investigation mistakes would hardly be USIS’s alone.
Sen. Rob Portman (R-Ohio), a former White House aide who is now the ranking member on a subcommittee devoted to increasing the efficiency of federal programs, said at a June 20 congressional hearing that while problems persist in the clearance process, "most troubling, I think, is the pressure to meet timeliness metrics impacting the quality of investigations."
Some of this history is likely to be aired at a hearing — postponed temporarily due to the government shutdown — by the Senate Homeland Security and Governmental Affairs Committee, at which top officials from OPM, the Office of Management and Budget, the Office of the Director of National Intelligence, and the Defense Department are slated to testify. OPM has overseen all clearance investigations for defense personnel since 2005, giving it a huge workload.
This summer, Sen. Jon Tester (D-Mont.), a committee member, introduced the Security Clearance Oversight and Reform Enhancement Act, which, among various reforms, would require OPM to fire or debar any employee or contractor who falsifies or fails to review background investigation reports. Since 2007, 20 employees have been convicted of such crimes, and one more pleaded guilty, according to OPM, but the agency’s inspector general, Patrick McFarland, said at the June hearing that he does not "believe that we have caught it all by any stretch."
Reforming the process is now considered urgent, not only because of the Snowden and Alexis debacles, but also because the government is struggling to monitor the 4.9 million people who hold clearances, an increase of roughly 1.7 million people since 1993. Even as the United States winds down its wars overseas, the number of people with access to classified information has stayed steady. The government is still in the process of drafting uniform standards to determine whether positions require a clearance, opening the possibility that many individuals hold clearances who don’t need them.
"Everyone with clearances has to undergo a periodic reinvestigation. The more in the system means the workload multiplies, becomes more expensive, and creates the possibility of flawed investigations," said Steven Aftergood, who studies security classification issues for the Federation of American Scientists, a nonprofit research and advocacy group in Washington.
Clearing the backlog
Although the problems are seen as acute now, they have deep roots. Even before the 9/11 terrorist attacks, the Department of Defense was experiencing backlogs in clearance investigations, largely caused by inadequate resources and changing government standards. But after 9/11, "the intelligence budget doubled in size," Aftergood said. "To spend the money, the government needed more cleared people, including more cleared contractors."
Brenda Farrell, director of defense capabilities and management at the Government Accountability Office, which has published many reports on clearance problems over the past decade, said "the contractor workforce was waiting, in some cases, more than a year for a clearance. You had a situation where you had people waiting to work, but they couldn’t work. And the backlog kept growing."
Bill Henderson, president of the Federal Clearance Assistance Service who until 2007 worked as a field agent and supervisor in DOD and OPM investigations, noted that contractors began to adapt in troublesome ways – they overstated how many employees they needed in an attempt to stock up on cleared employees, knowing it could take more than year to get clearances.
Tom Davis, former Virginia congressman who chaired the House committee that helped write the new clearance deadlines for federal security agencies, recalled that because of the backlog, defense contractors were paying a premium for cleared workers, which boosted government contract costs. "You had to do something," Davis said, whose district was the home for many contracting firms. Government agencies "didn’t have their act together. I think everybody was frustrated," he added.
The bill his committee put forward imposed the deadlines in stages. By 2007, agencies had to make a decision on 80 percent of applicants within 120 days, but two years later, it had to grant 90 percent of clearance cases within an average of 60 days-40 days for the background investigation and 20 days for agencies to make their decision. The act did not put deadlines in place for periodic rechecks of clearances, like the one USIS conducted on Snowden in 2011, but agencies pushed their reviewers to speed up those cases as well.
The workforce assigned to the clearance task expanded somewhat, growing from 7,819 in March 2005 to 9,421 in January 2008, according to a 2008 report by the Security Clearance Oversight Group, which includes officials from OPM and OMB. Most of these investigators worked for USIS and a few other private firms, rather than OPM.
It looked to many in Washington like a great success — a problem solved. By 2012, the backlog had disappeared and the average initial investigation was completed within 36 days. "We have no backlogs, are meeting timeliness mandates, and have increased automation," Merton Miller, associate director of OPM’s investigations unit, said at the June congressional hearing.
But the obsession with cranking out cases had some negative consequences. According to a May 2009 GAO report, an estimated 87 percent of the 3,500 background reports DOD officials used to make security clearance decisions were incomplete. Miller said this was largely due to the difficulty of interviewing military service members deployed in war zones. The law’s 40-day investigative deadline "must be met" nonetheless, he said, so all probes "must be accomplished within that period of time, and then the case is closed."
OPM gauged whether investigators were performing adequately partly based on the speed of their work, and partly by how often the agencies sent reports back for additional work to fill in missing information. Miller said the agencies sent less than 1 percent of all the cases that OPM oversaw back to investigators.
But the reason the figure was so low, Farrell said, is that many agencies were afraid of missing the deadline Congress had set. "You send it back, there goes another week, two weeks, and everybody was focused on this 60-day goal," Farrell said. "Often the adjudicators, we were told, would just go ahead and complete the investigation themselves. Or [they would] think it wasn’t important enough…and skip over it."
GAO recommended in 2009 that the OPM investigations unit measure how often the background checks met federal standards, so they could figure out how to fix the problem of incomplete investigations. But OPM, as of August, had not implemented that recommendation. "They do not have a systematic way to help ensure the investigations are complete," Farrell said. "That’s what’s missing."
Congress and government agencies were not alone in pressing for faster clearance checks.
The managers at USIS, which was formed by privatizing a unit within OPM in the mid-1990s and instantly became one of the country’s largest security firms, became increasingly devoted to profits as the firm was shuttled from one private owner to another over the years, according to its former employees.
That concern was first articulated in 1995 at a congressional hearing on the agency’s transformation by Rep. Jim Moran (D-VA), whose Northern Virginia district included many rattled OPM employees. "I just hope we don’t find ourselves in a situation where we become dependent upon firms that don’t have the commitment that federal employees have to getting the job done, really whose principal objective is making profit," he said at the time.
The shift to private sector control eventually proved to be a financial boon for many who had been at OPM, however, particularly those with the highest salaries. Employees accrued shares in the new company based on how much they were paid every year by OPM, and some reaped substantial benefits when a private equity giant, the Carlyle Group — known for its investments in the defense industry — bought a quarter of the company in 1999.
They reaped additional sums when private equity firm Welsh Carson Anderson and Stowe, which focuses on investments in the healthcare and business and information services industries, agreed to pay $545 million for a majority stake in the company in 2003. News reports at the time stated that $500 million was distributed among 4,000 current and former employees and the other $45 million went to buy outside shareholders. Carlyle and senior USIS managers reinvested another $172 million in the company, according to the firms.
"There were some who got in the millions of dollars, and some who got in the thousands or hundreds of thousands," said Mike Clancey, an OPM investigations manager who moved over to USIS as head of quality control in 1996 and later the security policy division until 2007. "I doubt there were any two checks the same."
In the years following the company’s formation, OPM and USIS officials trumpeted the privatization as a great success. Philip Harper, USIS’s first CEO, said in April 1997 that the company was doing 40 percent more work with 10 percent fewer employees. In its application for a Harvard University Innovations in American Government Award, OPM officials boasted that by 1999, the effort already saved taxpayers $65 million. Harvard named OPM a 2000 finalist for the effort.
Authoritative, long-term evidence of cost savings is more elusive, however. OPM, its inspector general, and the GAO have never conducted follow-up studies assessing long-term financial benefits from the privatization, their officials say.
Moreover, the company’s takeover by private investors in 2003 had significant consequences for its work, according to former USIS employees. They said its culture became more corporate and numbers-based, a development that some said had brought a needed discipline while others decried as undermining their values.
Phil Gasiewicz, who headed USIS operations from 1996 to 2004, said for example, that after the buyout in 2003, he sensed that the company’s new private equity owners wanted to flip it to a new buyer. The firm had little experience in the industry, he said in an interview with CPI. As the company scrambled to hire and train new, often less-experienced, investigators to help with the rapid increase in clearance cases, some of its original employees began to exit, buyout checks in hand, to retire or go back to working for the federal government, he and other former employees said.
"You could imagine that these (new owners) were very much nervous nellies about owning us," Gasiewicz said. "When I would go to board meetings and give presentations on how long it would take to train an investigator or a reviewer, oh they didn’t want to hear that. What they wanted to hear was: Can we produce more cases?" He said the pressures came from the government as well as the company.
Another former senior USIS manager, who retired in 2008 and asked not to be named, recalled the motto in USIS’s original employee handbook: "Do the right thing the right way." After the private equity firm’s takeover, he saw an emphasis on streamlining the investigations process and "losing concern of what’s the quality of the investigation….As time went on, the pressures got greater to produce, that underlying philosophy got thrown to the side," he said.
Clancey said financial pressures were a reality from the beginning. But at the time of the 2003 buyout, he saw the push to cut costs and drive revenue increase. The company’s new executive team "focused more on productivity, cutting down time, how do we get through review faster. Some might say cutting corners. You could argue that," he said. Clancey, who said he never saw the company violate contract requirements while he was there, left the company in the spring of 2007 after the company stopped funding his position.
The company’s listed public contacts, including its head of investor relations Fran Higgins and its general partner and chief financial officer Jonathan M. Rather, did not respond to telephoned and emailed requests for comment.
Later in 2007, USIS was sold to another private equity firm, Providence Equity Partners, and by the accounts of other former employees, the company’s pressure for profits intensified. One, who worked on quality control issues but asked not to be named, said that roughly a year after the sale, senior managers started pressuring certain employees to work so quickly that they had to skip reviews required under their contract with OPM, which were meant to ensure that the investigations were complete.
"They were knowingly not doing their job," the former employee said. "They skipped the review and hoped OPM didn’t look at them." The former employee said USIS feared losing money if it missed its government-set deadline. Employees would be particularly pressed to close cases before the end of every quarter, so the company could get paid and report higher revenues, the employee said. The managers called it "flushing" the background check reports, he said.
Two spokesmen for Providence Equity Partners did not respond to emailed and telephoned requests for comment on these specific allegations. Other media have quoted unnamed former employees describing the same "flushing" practice, and the New York Times on Sept. 27 reported that the company had dismissed some top executives after a federal investigation into the practice began.
Gasiewicz pointed out, however, that USIS wouldn’t be solely responsible for any shortcuts. OPM is supposed to review investigation reports before sending them on to government agencies, which review them a second time before deciding whether to grant a clearance. OPM collects fees from other federal agencies for its security investigations oversight work, he pointed out.
"How can they possibly allege [now] that for 3-4 years USIS was turning in improper background investigations and they didn’t catch it?" Gasiewicz said. OPM declined comment on its review process.
This push for speed and volumes at all costs made an inherently difficult job almost unbearable, according to some investigators.
Tom Wilson, a retired fire chief and police officer in California who worked as a USIS investigator from 2010 to 2012, said the pressure to make money outweighed the company’s efforts to conduct complete, accurate investigations.
In a phone interview with CPI, Wilson said USIS supervisors wanted investigators to churn out background checks quickly. Wilson said for example that he typically worked on 15 to 20 investigations at once, of varying complexity. He was expected to complete each one in five to 10 days, and reprimanded if he tried to go beyond minimum government standards for background checks, Wilson said.
"That’s when the pressure came in. They kept giving them to me and giving them to me," he said. "When you throw a profit motive in there, it deteriorates into a mill. Get them out, get them out," he said.
It got to the point where he felt he only had two options: Work overtime without compensation or cut corners. Wilson chose to work long hours, clocking in an average of 60 hours a week, but quickly felt burned out and began complaining to his superiors. He was fired by email on May 30, 2012, without being given a reason, he said.
Wilson is the lead plaintiff in a proposed class action lawsuit filed in 2012 alleging, among other things, that the company didn’t pay him overtime hours and retaliated against him for his concerns about work conditions. In a court pleading, the company denied any wrongdoing and said Wilson was not entitled to any relief.
Another former USIS employee, who worked as a team leader from 2001 to 2011, described the work environment as "hectic" and said upper management had "expectations very few people could meet." He said USIS would take on government workloads that were "nearly impossible" to do.
"Expectations were high but you didn’t fear losing your job if you didn’t meet all the deadlines. … I tended to protect my people from upper management, but that became more difficult," he said. "They just wanted us to stay on their butts and fire them if they couldn’t (meet deadlines)."
Another USIS veteran, who was at the company for more than seven years and is also a participant in the proposed class action lawsuit, said the workplace became particularly tumultuous after Providence Equity Partners took over the company.
The investigator, who said she was fired last month for allegedly not meeting deadlines, said she was reprimanded for going beyond the minimum requirements for background checks. "I now have high blood pressure; I have to take medication," the investigator said. "I wouldn’t recommend it to my worst enemy."
Even when she had difficulty tracking down military service members for interviews, she said, the company refused to change the cases’ due dates. She recalled one month when she received more than 100 case assignments, which she described as 6 months-worth of work. "All they look at are those numbers," the employee said, on condition she not be named. "That’s all they care about."
USIS, which vetted Snowden and Alexis, said in a statement released at the June congressional hearing that OPM had informed the company its investigation met all standards, and that the government did not request for additional information or interviews.
On September 23, however, Navy officials revealed that USIS’s 2007 clearance check on Alexis, a contractor with an arrest record and history of mental illness, downplayed his prior arrest for alleged malicious mischief. According to a Seattle Police Department arrest report, Alexis aimed his .45 caliber pistol at a construction worker’s car and shot out the rear tires in a "black-out" rage. But USIS’s background check summary stated only that he "deflated the tires on a construction worker’s vehicle."
OPM’s Miller said in a written statement to CPI on Sept. 19 that the check met all investigative standards.
More from Foreign Policy
Lessons for the Next War
Twelve experts weigh in on how to prevent, deter, and—if necessary—fight the next conflict.
It’s High Time to Prepare for Russia’s Collapse
Not planning for the possibility of disintegration betrays a dangerous lack of imagination.
Turkey Is Sending Cold War-Era Cluster Bombs to Ukraine
The artillery-fired cluster munitions could be lethal to Russian troops—and Ukrainian civilians.
Congrats, You’re a Member of Congress. Now Listen Up.
Some brief foreign-policy advice for the newest members of the U.S. legislature.