Security failures at the White House

Posted on April 24, 2007

3


Rep. Henry Waxman (D-CA), chairman of the House Committee on Oversight and Government Reform, sent former White House Chief of Staff Andrew Card a letter requesting that Mr. Card testify before Rep. Waxman’s committee regarding an issue of national security. Specifically, Rep. Waxman has evidence that “there may have been a systemic failure to safeguard classified information at the White House during and after” Mr. Card’s tenure. If true, this is a major problem that, at a minimum, requires that several people lose their jobs over it and may rise to the level of federal crimes.

According to Mr. Waxman’s letter, “multiple current and former security officials who work or worked at the White House Security Office” described what could only be described as a wholesale breakdown of security procedures, including regularly ignoring security breaches, blocked security inspections of the West Wing, and mismanagement of the White House Security Office. These issues have, according to those same security officials, resulted “in the departure of more than half of the White House security officers within the last year.” (emphasis mine)

According to the letter, the security of Security Compartmented Information (SCI), a level of classification even higher than Top Secret, has regularly been breached. In one case, a “senior assistant to the President” disclosed SCI material to an uncleared junior aide. In another, a “White House official” left SCI material behind in a foreign hotel. In neither case were the individuals responsible for the security breaches investigated or disciplined in any way. According to Executive Order 13292, section 5.5 paragraph b1:

“Officers and employees of the United States Government, and its contractors, licensees, certificate holders, and grantees shall be subject to appropriate sanctions if they knowingly, willfully, or negligently: disclose to unauthorized persons information properly classified under this order or predecessor orders;”

Appropriate sanctions are defined, also according to section 5.5, as “reprimand, suspension without pay, removal, termination of classification authority, loss or denial of access to classified information, or other sanctions in accordance with applicable law and agency regulation.”

It’s a given that White House officials and aides traveling with the President take Secret, Top Secret, and SCI material out of the country with them all the time. But there are documents that anyone with a security clearance must sign, specifically the Classified Information Nondisclosure Agreement, form SF312. This document makes it abundantly clear what the signer’s responsibilities regarding classified material are. For example, Question 13 in the document answers the question of “am I liable for releasing classified information if” with the following:

A party to the SF 312, SF 189 or SF 189-A may be liable for disclosing “classified information” only if he or she knows or reasonably should know that: (a) the marked or unmarked information is classified, or meets the standards for classification and is in the process of a classification determination; and (b) his or her action will result, or reasonably could result in the unauthorized disclosure of that information.

Certainly leaving SCI material at a foreign hotel qualifies, as does talking SCI to an uncleared junior aide. In addition, some White House officials have left classified materials out on their desks instead of physically securing the material. All three meet my understanding of the legal definition of “negligence”. As such, all three must be investigated, because by some interpretations of Executive Order 13292, failure to do so also qualifies as negligence.

But Rep. Waxman’s letter doesn’t end there. According to the original Executive Order 12958 section 5.3 (amended by 13292), an arm of the National Archives known as Information Security Oversight Office (ISOO) is supposed to “have the authority to conduct on-site reviews of each agency’s program established under this order.” Yet the letter says that the ISOO has been denied access to the West Wing. Technically, the Executive Order allows agencies to request that access be severely restricted.

An agency head may limit access to a special access program to the Director and no more than one other employee of the Information Security Oversight Office; or, for special access programs that are extraordinarily sensitive and vulnerable, to the Director only.

But that’s not what happened – access was totally denied, and without a contravening Executive Order, that’s grounds for sanctions up to and including dismissal. Yet that doesn’t appear to have happened.

Finally, Rep. Waxman’s letter points out that the two highest officials in the White House Security Office, Director James Knodell and Deputy Director Ken Greeson, have been “loath to inconvenience or embarrass White House officials.” The security of classified information is not an issue of inconvenience – it’s national security, and should be treated as such. The letter continues to discuss how Mr. Knodell and Mr. Greeson regularly brought prohibited electronic devices into the sensitive compartmented information facility (SCIF) including Blackberrys and cell phones and, worse yet, allowed others to do the same against their own responsibilities to safeguard the sensitive information contained in the SCIF.

Obviously you don’t want a Blackberry or cell phone in a secure area lest a spy email or call out of the area with sensitive data. SCIFs are supposedly secured against most forms of intrusion, including electronic eavesdropping. As an engineer with a background in antennas and electromagnetics, I suspect that the SCIF would use of a Faraday cage to block nearly all EM radiation (radio, cell phone signals, etc.), but this only works if the signals are weak enough that they can’t penetrate the Faraday cage, something that may not be true of cell phones and Blackberrys. And cell phones and Blackberrys also have on-board memory that could be modified to store sensitive data that could also be smuggled out physically. But there’s one interesting problem with cell phones (and many phone-equipped Blackberrys too) – they can be turned on remotely.

According to Schneier on Security, cell phones are never completely off, and so someone could theoretically hack into your phone and listen in. In fact, the link above describes an instance when such a thing was done to tap a phone in an ongoing criminal investigation. Essentially, any spy who knew that Mr. Knodell, Mr. Greeson, or any of their various guests were going into a SCIF could potentially gain access to the entire contents of a secured conversation using their cell phone.

According to U.S Code Title 18 Section 793, paragraph f:

Whoever, being entrusted with or having lawful possession or control of any [material] relating to the national defense, (1) through gross negligence permits the same to be removed from its proper place of custody or delivered to anyone in violation of his trust, or to be lost, stolen, abstracted, or destroyed, or (2) having knowledge that the same has been illegally removed from its proper place of custody or delivered to anyone in violation of its trust, or lost, or stolen, abstracted, or destroyed, and fails to make prompt report of such loss, theft, abstraction, or destruction to his superior officer—

Shall be fined not more than $10,000 or imprisoned not more than ten years, or both.

I’m not a lawyer, but many of the security breaches described in Rep. Waxman’s letter appear to break Executive Order 13292. Many of the breaches might also rise to the level of “gross negligence” that could be against federal law. If the White House Security Office truly has not been doing its duty as Rep. Waxman suggests, then this is a serious breach of national security that, at a minimum, demands the individuals responsible must be disciplined appropriately.

But this is only a minimum. If national security truly was compromised by lax White House security procedures, then the individuals responsible should be investigated and, if they’re guilty, they should go to jail.

[Thanks to Raw Story for the original story. Crossposted to Thoughts in the Daedalnexus]

Advertisements
Posted in: Uncategorized