Before you brush-off the significance of the private email scandal confronting former Secretary of State and 2016 presidential hopeful Hillary Clinton, take a look at what the U.S. intelligence community inspector general had to say about the matter.
In a notification to Congress Thursday, Intelligence Community Inspector General I. Charles McCullough III said while his office had not made a criminal referral regarding the contents of Clinton’s private email server, his office has notified the White House and State Department security officials about the potential compromise of classified information.
The IG took a sample of 40 emails out of the 30,000 provided by Clinton and discovered four emails that contained classified information derived from secret intelligence community data and that were not marked with the appropriate classification markings. According to intelligence officials, “that information remains classified today … [and] should never have been transmitted via an unclassified personal system,” McCullough wrote.
The State Department also recently notified the intelligence community that there are “potentially hundreds of classified emails” within the Clinton cache.
Meanwhile, McCullough’s office also discovered that classified information had been disclosed inadvertently through the State Department’s own Freedom of Information Act process. The intelligence community recommended the State Department use a top-secret computer network to process future FOIA reviews, but the department has balked at that request. “According to State, resource constraints preclude conducting the entire FOIA review on a top secret system,” the notification states.
Both McCullough and State Department IG Steve Linick requested copies of the 30,000 Clinton emails to conduct a comprehensive review for classified information. The department granted Linick “limited access” to the emails but denied McCullough’s request.
OPM an inside job?
House Homeland Security Committee Chairman Rep. Michael McCaul, R-Texas, speaking recently at the Aspen Security Forum, let slip an interesting tidbit on the data breach at the Office of Personnel Management. While McCaul believes the attack came “straight out of China,” he also alluded to the possibility the hackers had help. “How could we have stopped that? That was more of an inside job that would be very difficult, I think,” to stop, McCaul said.
Inside Scoop wasn’t the only one to sit up straight and take notice at that remark. Fran Townsend, President George W. Bush’s former homeland security and counterterrorism adviser, also took note.
OPM & Scattered Castles
Inside Scoop has picked up a few weak signals that some may be concerned about the security and integrity of the U.S. intelligence community’s top-secret clearance database, known as Scattered Castles, in the wake of the data breach at the Office of Personnel Management.
Intelligence officials have long resisted calls by Congress and others to improve efficiency by integrating Scattered Castles with OPM’s Central Verification System and the Defense Department’s Joint Personnel Adjudication System. Of course, the main concern has been the security of the top-secret clearance investigations, including polygraph examination results and even aliases for individuals operating undercover, that are stored in Scattered Castles.
Scattered Castles is maintained on the Joint Worldwide Intelligence Communications System, known as JWICS (pronounced Jay-wicks), and access requires a top-secret (sensitive compartmented information) clearance, a valid JWICS account and a PKI certificate.
But whether Scattered Castles could have been compromised by the OPM data breach remains an interesting question, particularly since the Office of the Director of National Intelligence has been behind an effort to find alternative ways to electronically share security clearance data across the federal government without having to build one central database. In fact, the DNI issued a policy guidance document in 2008 that ordered the Special Security Center to collaborate directly with OPM and DOD to ensure Scattered Castles data “is correlated with OPM’s Clearance Verification System database.”
A Government Accountability Office report released in December 2010 also found some interesting linkages between Scattered Castles and the non-intelligence civilian agencies and Defense Department. “Although the Intelligence Community maintains a separate database, we found that most of the non-intelligence agencies included in our review had some access to Scattered Castles,” GAO reported. “For example, five non-intelligence, non-DOD agencies included in our review had some access through a Sensitive Compartmented Information Facility located in their agency. All of the military departments, as well as the Joint Chiefs of Staff, also had some access.”
The Congressional Research Service acknowledged this month that officials have neither confirmed nor denied that Scattered Castles was, in fact, connected in any way to the OPM system. But if it was, the potential problems are massive.
“If the IC’s database were linked with OPM’s, this could potentially help the hackers gain access to intelligence agency personnel and identify clandestine and covert officers,” CRS stated in a July 17 report. “Even if data on intelligence agency personnel were not compromised, the hackers might be able to use the sensitive personnel information to ‘neutralize’ U.S. officials by exploiting their personal weaknesses and/or targeting their relatives abroad. Access to the IC’s database could also reveal the process and criteria for gaining clearances and special access, allowing foreign agents to more easily infiltrate the U.S. government.”
This world can drive you to drink
Director of National Intelligence James Clapper is a 50-year veteran of the U.S. intelligence community. Inside Scoop interviewed him in 1999 — about 18 months before he became director of the then National Imagery and Mapping Agency, which is known today as the National Geospatial-Intelligence Agency.
Speaking at the recent Aspen Security Forum, Clapper was asked how difficult it is for him to live minute-by-minute as the nation’s top intelligence officer worrying about the next attack. “When I was the undersecretary of defense for intelligence — I did that for about three and a half years before this job — about every six weeks I’d gather a few people in the office on a Friday night and we’d have a drink,” said Clapper. “You know, I’d have a martini and a couple of other people would have beer or wine or something like that.”
But “this job?” said Clapper, referring to the role of DNI during one of the most dangerous and tumultuous times in the nation’s history. “Every night.”
Got some Inside Scoop you want to share? Send it to email@example.com or follow me on Twitter @DanielVerton.