Championing Responsible National Security Policy

DoD Expands Troubling Insider Threat Program to Contractors

Last month, the Department of Defense approved changes requiring its contractors to implement programs that would “gather, integrate, and report” information about potential internal threats in order to identify and stop the unauthorized disclosure of classified information before it occurs. These programs, called Insider Threat Programs (ITPs), were required for all federal agencies by way of a 2011 Executive Order, issued after intelligence analyst Chelsea Manning released large amounts of classified information to WikiLeaks the year before. According to this change, ITPs must be implemented by all contractors holding facility clearances by November 30, 2016.

While this change addresses a valid concern that classified information pertinent to our national security must be protected, the Project On Government Oversight and other good governance organizations fear it will be used to target whistleblowers. ITPs threaten whistleblowers’ ability to report waste, fraud, and abuse because they do not differentiate between genuine threats and those who are acting in the interest of the public. In a PowerPoint presentation given by the Office of the Director of National Intelligence (ODNI) at their internal insider-threat webinar, titled “Simple Steps and Guidance to Secure Classified Networks,” ODNI placed NSA whistleblower Thomas Drake in the same “insider threat” category as the Fort Hood and Navy Yard shooters, Nidal Hasan and Aaron Alexis. The same PowerPoint defined insider threats as “any employees and contractors who damage an entity’s reputation…by exposing inside information.” By this definition, there is no difference between whistleblowers who expose government wrongdoing in hopes of fixing problems, like Drake, and people wishing to do harm to national security, like Hasan and Alexis.

Contractor-facilitated ITPs introduce a separate problem of oversight. While ITPs do have provisions that protect whistleblowers, they are not easily enforceable. In fact, oversight is generally lacking in many of these programs. If the federal government can’t even adequately oversee its own ITPs to ensure they aren’t improperly used to target whistleblowers, it would be ill-advised to create new programs.

While ITPs pose current threats to whistleblowers, there is a new development that will have a greater negative impact. DoD is in the process of creating an intragovernmental information-sharing system to clear national security personnel and identify potential insider threats. This system will collect data on individuals from a variety of sources, including social media and monitoring employees’ digital devices while at work. This system would both violate employees’ right to privacy and make it easier for administrators to identify and retaliate against whistleblowers.

ITPs pose a great threat to whistleblowers, who play a significant role in ensuring open and accountable government. The chilling effect that these programs will have on whistleblower disclosures will decrease the effectiveness and accountability of government and harm the American people.