Intelligence_ From Secrets to Policy - Mark M. Lowenthal [116]
In 2007, Director of National Intelligence (DNI) Mike McConnell signaled a change in emphasis by promulgating a “responsibility to provide” standard. In other words, officers and agencies now will be evaluated by the degree to which they actively seek to share intelligence. This is far from the old “need to know” standard but, as with all other DNI initiatives, the question remains as to how McConnell will enforce this new standard and what sanctions he can impose against those who fail to measure up.
The clearance system that remains in place limits access and therefore reduces the damage that can be caused by any one source of leaks. The system is not without costs. It may become an obstacle to analysis, either wittingly or inadvertently, by excluding some analysts from a compartment crucial to their work. Administering such a system has direct costs: devising a system, tracking documents, running security checks on employees, and so forth. Indirect costs include safes, couriers, security officers to check officers’ clearances, and color-coded or numerically tagged papers, to name a few. This list gives some sense of what is involved in a thorough classification scheme. And, if such a scheme is not thorough, it is nothing more than annoying and wasteful. The Government Accountability Office (GAO) reported that, in 2006, the U.S. government (excluding the CIA, which presumably spent even more) spent $9.2 billion safeguarding classified information.
Other safeguards include the certified destruction of discarded material; the use of secure phones, which cannot be easily tapped, for classified conversations; and restricted access to buildings or to parts of buildings where sensitive material is used. These are called sensitive compartmented information facilities (SCIFs).
The process by which individuals are vetted for hiring by the intelligence community has also come under scrutiny and some pressure for change. Managers and applicants have all decried the time it takes to hire new personnel. It is also an expense for the intelligence community, costing perhaps as much as $10,000 per potential employee. From a security point of view, it is likely preferable to be overly rigorous during the hiring process rather than take a chance on letting a potential security risk get inside the system. This has been characterized by many as a “risk-avoidance” approach. This approach has many results, some intended, some not. It means that the vetting process is more thorough but also longer. The intelligence community is aware that this has, on occasion, cost them would-be employees who could not afford to wait out the nine or more months needed to check backgrounds. It is also means, in a period of greatly increased hiring, like the one that began across the intelligence community in 2001, that hiring delays will likely increase. The risk-avoidance approach also means that some candidates, who may not actually pose a security risk, will not be hired because of the guiding cautious approach. DNI McConnell, again in his 100 Day Plan, has noted the need to improve the hiring of first-generation Americans “whose native language skills and cultural experiences” are most needed. There is evidence to suggest that these candidates face particular burdens under the risk avoidance approach, out of fear of divided loyalties, family left behind whose influence is unknown or who could become subject to external pressure, and so on. There is an irony here in that most of the worst espionage breaches suffered by the United States came