security

Watchdog uncovers 'inappropriate access' to Biden's personal data – E&E News


President Joe Biden’s and Vice President Kamala Harris’ personal information was at risk of being exposed during counterintelligence reviews by the Department of Energy.

The Energy Department’s inspector general substantiated an allegation that records for Biden and Harris were accessed by “a Department support contractor” although the president and vice president are exempt from counterintelligence evaluations under DOE’s review program, according to a special report obtained by E&E News under the Freedom of Information Act.

The watchdog office also found that other members of the executive branch from current and past administrations who are not subject to such reviews had their records checked by department and contractor staff.



“The inappropriate access” happened after the National Nuclear Security Administration requested that DOE’s intelligence office conduct evaluations on whether access to the agency’s most secret programs should be granted. But failing to implement counterintelligence reviews in line with federal requirements put the department at “a higher-than-necessary level of risk” of compromising top officials’ personal information and violating the Privacy Act, said the report, dated this June.

The disclosure that Biden and others’ personnel records were checked outside of federal rules comes as scrutiny over access to sensitive documents has increased dramatically while the president revs up his 2024 reelection campaign. Biden’s Republican rival — former President Donald Trump, who is running for the White House again — has been charged with holding onto classified papers after his time in office, including an undated document dealing with “nuclear weaponry.”

Included among Trump’s stash are records from the Energy Department, which is responsible for the U.S. nuclear weapons stockpile. DOE is a hub of the federal government’s secret documents and guards access to them closely, which resulted in its errant counterintelligence reviews of senior officials.

Brad Moss, a partner at law firm Mark S. Zaid P.C., said the inspector general’s report was another example of inadequate training and deficient technology “resulting in unauthorized access to information beyond an individual’s need to know.”

“In this case, that information was nothing less than the records of the president and vice president of the United States,” said Moss, who specializes in litigation on national security and security clearance law.

“There is a real and serious need for proper counterintelligence reviews to be performed on an ongoing basis,” he added. “It undermines those activities when officials are conducting reviews of personnel that are excluded by law from the process.”

“What this episode shows is the need for external oversight. People may not know the rules and do the wrong thing,” said Steven Aftergood, a government secrecy specialist with the Federation of American Scientists. “This report is a good thing. It shows the oversight process is alert and effective.”

Energy Department spokesperson Charisma Troiano said protecting classified information is “a top priority” of DOE and that the department appreciated the inspector general’s office’s review.

Readers Also Like:  Micro credentials could stave off software engineer layoffs - TechTarget

“As reflected in the report, while irregular, the records accessed were part of a good-faith effort to follow DOE orders and guidance,” Troiano said. She added that the inspector general “did not issue a finding of wrongdoing and there was no loss or compromise of classified records.”

“The practice has since ceased and DOE is currently reviewing its procedures for controls around classified information to ensure they are updated, clear, and align with government-wide polices,” Troiano said.

‘Potential misuse’ of data

The Energy Department uses the Clearance Action Tracking System (CATS) to process security clearances for its personnel. The web-based case management system has gobs of personal information, including social security numbers, family members’ names and addresses.

The National Nuclear Security Administration is a semi-independent agency within the Energy Department. Stood up in 2000, it handles several nuclear issues, including the security of nuclear weapons as well as responding to radiological emergencies.

The inspector general was contacted by the agency in October 2021 after an internal review found “potential misuse of CATS and its data,” the report said. An NNSA official alleged security files for certain officials, including the president and vice president, had been accessed “without explanation.”

The watchdog office conducted its inspection from April to December last year, interviewing federal officials and contractor personnel and pulling audit logs for CATS and other documents.

The inspector general found that records were accessed for Biden, Harris and officials from current and past administrations, even though they are not within the scope of the Energy Department’s counterintelligence review program. NNSA officials requested the evaluations to determine whether those officials should be granted access to the agency’s special access programs and Sigma categories of classified information.

SAPs protect “extremely sensitive information” and require extra clearances and approvals for access, the report said in a footnote. Meanwhile, Sigma categories were set up for “additional need-to-know protection” of nuclear weapons data.

Moss said the special programs are “some of the most highly compartmentalized information” in the department’s possession. People authorized to access that information have been cleared for a top-secret security clearance and are eligible for access to sensitive compartmented information “just as a threshold point” before being “read on” to particular programs, he said.

Aftergood, the government secrecy specialist, said those special programs could be the latest intelligence on North Korea’s nuclear weapons program or delve into problems with the U.S. nuclear arsenal.

“These are things we don’t want to broadcast but we want to keep closely held,” he said.

‘You have to go by the rules’

NNSA officials told the IG office they relied on a 2012 memo approved by then-Energy Secretary Steven Chu and Department Order 471.5, which is more than 11 years old and undergoing revision, for accessing the security records of high-ranking officials.

Readers Also Like:  ETCISO Secufest 2023: Emerging operating models and tech in cyber horizon - ETCIO

That guidance, however, was outdated and vague, according to the report. Subsequently, the reviews were “inconsistent” with exemptions for the president and vice president under the department’s counterintelligence evaluation program as well as executive orders and other guidelines.

Bud Albright, who served as undersecretary of Energy during the George W. Bush administration, said the department’s secrets have to be fully protected.

“But still, you have to go by the rules. Apparently, they don’t know what the rules are,” said Albright, now CEO of consulting firm Albright Strategies. “That is the most disturbing part to me.”

On Jan. 13, 2021, NNSA requested a counterintelligence evaluation on Biden, then the president-elect, and his records were accessed two days later. A similar request was made on Aug. 18 that year for Harris, and her records were accessed the next day.

The agency also requested counterintelligence reviews for more than a dozen top officials in the Biden administration, including the Defense, State and Homeland Security secretaries as well as several senior aides in the White House.

The IG office also found former Energy Secretary Rick Perry’s CATS file was accessed on Oct. 9, 2020, Oct. 13, 2020, and Feb. 1, 2021, even though he left the department in 2019. Perry was selected for a random counterintelligence review, but “NNSA officials indicated to us that his [redacted] expired in early 2020, and there should not have been a reason to access his file,” the report said.

An official in DOE’s intelligence office confirmed to the inspector general that similar reviews had been performed during past administrations. “Evaluations were also requested for individuals in these executive positions in prior Administrations, including the prior President and Vice President,” the report said.

Asked if reviews were performed for Trump and former Vice President Mike Pence, Ryan Cocolin, chief of staff for the Energy Department’s inspector general office, said that question would be better asked of DOE and NNSA.

“As noted in the report, we were told that this practice occurred during prior administrations,” Cocolin said. “As such, we recommended to the department that they determine whether there were any breaches that required notification.”

The president and vice president are aware of the IG office’s report and its contents, a White House official who was granted anonymity to discuss a sensitive matter told E&E News.

“Any effort to inappropriately access personnel records or personal information is concerning,” the White House official said. “The inspector general’s report makes clear that the Department of Energy’s practice across multiple administrations was inappropriate, contrary to federal regulation, and was ordered to cease immediately.”

A spokesperson for the America First Policy Institute, a Trump-aligned think tank where Perry serves as a chair of its energy and environment center, said they shared E&E News’ request for comment with Perry’s team, which didn’t pass on a response.

Readers Also Like:  New PASS School Security Guidelines Include Emerging Tech - SecurityInfoWatch

No loss of personal information

The IG office said what it uncovered in its report required “immediate notification” to the Energy secretary.

“Anything involving the president of the United States is politically sensitive,” the Federation of American Scientists’ Aftergood said. “It could have all kinds of political and security implications so it would be standard practice to alert the secretary.”

Also, the DOE watchdog laid out three recommendations for the department. Those were to cease counterintelligence evaluations of the president and vice president; develop new processes to ensure such reviews are following regulations; and determine if there was “any other noncompliance” with laws and policies, including the Privacy Act, and if found, report it to “the necessary authorities.”

Jill Hruby, undersecretary for nuclear security and NNSA administrator, and Steven Black, director of DOE’s intelligence office, signed the department’s response to the report.

“It is important to note that the records were accessed only as part of a good-faith effort to protect national security, and the OIG review did not identify any loss or compromise of personal information for the affected individuals,” their response said.

They added, “While the OIG characterizes the access as inappropriate, the Department officials who accessed those records reasonably understood that doing so was within the normal course of their duties.”

DOE will end counterintelligence reviews of the president and vice president, the department said in its response. The department agreed with two of the inspector general’s recommendations, partially concurred with the other, and estimated it would complete all three by June 30.

“To date, the OIG has not been updated on the status of implementing the recommendations,” Cocolin, the DOE inspector general office’s chief of staff, said.

The inspector general’s report was held tight initially.

The watchdog office had said the report would not be released to the public because it contained “controlled unclassified information,” which led to E&E News’ FOIA request for the document. The report is now posted online.

Cocolin said the report on the IG office’s website has been redacted “to remove CUI content” from its original version.

The Energy inspector general’s work is not done, either.

The watchdog office will continue “cybersecurity test work” related to CATS, the department’s clearance system, and provide those results in a separate report. Cocolin said that report “is not yet complete.”



READ SOURCE

This website uses cookies. By continuing to use this site, you accept our use of cookies.