Continuous Evaluation and Credit Reports: Ensuring Fairness In Current Security Clearance Reforms.

• Author: Woodbury, Andrew H.

1. Introduction II. Security Clearance and Reinvestigation Process A. Security Clearance Investigation and Adjudication Process B. Judicial Non-Intervention C. Problems with the Security Clearance Process D. Current Changes to the Security Clearance Process III. Continuous Evaluation and Consumer Credit Information IV. Consumer Credit Reporting and Debt Collection Practices A. Credit Reporting Agencies B. Fair Debt Collection Practices V. Protecting Clearance Holders From Erroneous Consumer Credit Information, Bias, and Unfair Practices A. Centralized Investigation Database B. Appropriate Burden Sharing and Oversight C. Safeguards Against Bias and Discrimination D. Unfair Debt Collection Practices Reporting and Education VI. Conclusion I. INTRODUCTION

   The security clearance process in the U.S. federal government is currently undergoing its biggest overhaul in over 50 years. [1] In March 2018, the Office of the Director of National Intelligence (ODNI) announced the inception of the Trusted Workforce 2.0 initiative with the goal of overhauling and improving the security clearance process, a framework that has been in place since the 1950s. [2] A key part of the initiative to modernize a security clearance process badly in need of an update is the use of "Continuous Evaluation" (CE). [3] CE allows federal agencies to get a "near-real-time look" at its employees. It can alert agencies to "potential red flags on a clearance holder's credit or financial transactions" or search for "suspicious transactions, foreign travel or potential links to terrorism." [4] "The trustworthiness of those who guard the secrets of the [U.S.] should be beyond reproach" and using advances in technology to improve the system used to assess the trustworthiness of clearance holders is a necessary development. [5] Although "insider threats" are not new, the past decade has seen multiple high profile examples of government insiders attacking fellow workers and unlawfully disclosing national security information. "[T]hreats such as Chelsea Manning and Edward Snowden (trusted insiders who stole and released classified data) and U.S. Army Major Nidal Hasan (who killed 13 and injured more than 30 at Fort Hood, Texas)" provided the momentum needed to bring the security clearance and vetting process into the current era. [6] Not only could CE help identify insider threats sooner, but it could also reduce the costs associated with the security clearance process and help reduce the backlog of security clearances currently pending for periodic reinvestigation. [7]

   However, with every technological innovation comes tradeoffs and new challenges. CE will rely on automated records checks of "commercial databases, Government databases, and other information lawfully available to security officials.". [8] These "commercial databases" include consumer credit information from credit reporting agencies. [9] Credit reporting agencies have been criticized or allowing inaccuracies to pervade the consumer credit reports of millions of Americans. [10] In many ways, "large scale inaccuracies are tolerated" by credit bureaus because they "have little economic incentive to conduct proper disputes," improve their investigation, or prevent erroneous information from appearing in credit reports. [11] The use of credit reports and consumer credit information in the security clearance process is not new, but the use of real-time automated record checks and other technological innovations may exacerbate existing problems with the security clearance investigation process and create new problems.

   This article recommends several policies that could help alleviate some of these problems. Part II of this article explains how government employees and contractors gain and retain eligibility to access classified information, discusses problems with the security clearance process, and describes current ongoing changes to the process. Part III discusses CE, how it is being implemented across the federal government, and how it uses consumer credit information. Part IV explains how the consumer credit reporting industry operates and how it is regulated. It also discusses several critiques of credit reporting agencies and unfair debt collection practices. Lastly, Part V discusses several policy proposals that would alleviate some of the concerns from using consumer credit information in an automated CE process. There are several ways the ODNI can protect current clearance holders from the effects of erroneous or misleading consumer credit information: (1) mandate an effective, centralized investigation database that prevents the reflagging of previously adjudicated issues in credit records; (2) ensure appropriate oversight and burden sharing among agencies, credit reporting agencies, and clearance holders; (3) require the reporting and analysis of automated records check systems to identify potential bias or disparate impacts on protected classes and minority groups; and (4) mandate education efforts to address unfair debt collection practices. CE has the potential to make the security clearance investigation process more efficient, effective, and fair, but the ODNI must also take efforts to protect clearance holders from the negative effects of inaccurate credit information.

2. SECURITY CLEARANCE AND REINVESTIGATION PROCESS

   The eligibility to access classified national security information, a "security clearance," is an important component of employment in many federal agencies, including in the intelligence community and Department of Defense (DoD), and has become a valuable benefit of federal employment. According to a 2017 ClearanceJobs survey, the average total compensation for security-cleared professionals it surveyed was $86,902. [12] Individuals with a Top Secret security clearance earned an average of $95,868. [13] "The security clearance process is designed to determine the trustworthiness of an individual prior to granting him or her access to classified national security information." [14]

   The history of security clearances is traceable to the executive orders issued by Presidents Harry S. Truman and Dwight D. Eisenhower following the end of World War II. [15] President Truman expanded the military classification system created during World War I to all federal agencies in Executive Order 10,290.[16] He also created standards guiding the investigation of employees entering the federal workforce to ensure their "complete and unswerving loyalty" to the U.S., protect "against infiltration of disloyal persons," and give employees "equal protection from unfounded accusations of disloyalty." [17] This "Loyalty Program," created under the shadow of the Cold War and tensions with Soviet Russia, "has been criticized as a weapon of hysteria attacking law-abiding citizens," but President Truman defended it as a necessary measure to preserve national security. [18] Successive presidents have issued executive orders delegating the classification of sensitive national security information and materials to the heads of agencies. [19] President Eisenhower's Executive Order 10,450 expanded President Truman's order and created many of the factors for consideration that eventually became the 13 adjudicative guidelines used in the present security clearance process. [20]

   "An individual who is performing work for the federal government-whether that individual is a direct government employee or a private contractor-may be eligible to obtain a security clearance if his or her work requires access to classified materials." [21] As of October 1, 2017, 4,030,625 individuals were eligible for access to classified information. [22] Generally, only U.S. citizens are eligible to obtain a clearance, but Executive Order 12,968 permits limited access to non-U.S. citizens for certain compelling reasons. [23] The security clearance process is separate from the decision whether an individual is suitable for employment, but a "suitability check" involves "many of the same investigative elements as a security clearance investigation." [24] Even if an individual receives a security clearance, they still cannot access classified information unless they have a "need-to-know" the information. [25] A need-to-know is a determination that the individual needs access to "specific classified information in order to perform or assist in a lawful and authorized government function." [26] The cleared individual also needs to sign a nondisclosure agreement before gaining access to the information. [27]

   1. Security Clearance Investigation and Adjudication Process

      A security clearance is a formal determination granted by a federal agency or department that a federal employee or government contractor is eligible to access classified national security information. [28] There are three levels of security clearances, "Confidential," "Secret," and "Top Secret." [29] Each level corresponds with the classification level of the information the individual may require access to upon being cleared. [30] Information cannot be classified unless its "unauthorized disclosure could reasonably be expected to cause identifiable or describable damage to the national security...." [31] The classification level of information is based on the level of damage that the information could cause to the national security if improperly disclosed: Confidential information could "cause damage," Secret information could cause "serious damage," and Top Secret information could cause "exceptionally grave damage." [32] Before information can be classified, the federal official classifying the information must be properly delegated by an official classification authority and must be able to identify or describe the damage that unauthorized disclosure of the information "reasonably could be expected to cause." [33] In addition to these levels, there are two additional categories of information traditionally associated with the Top Secret level...