INSIDE THE 
NEWS + ADVICE
Continuous Evaluation Rollout Must Be Fast-Tracked after OPM Data Breach, Clearance Holders Must Address Problems Faster
Even before hackers, presumably from China, stole from the Office of Personnel Management (OPM) sensitive personal information for millions of current and former federal employees and contractors, the government had been pushing to more frequently put security clearance holders under the microscope. Last year, Secretary of Defense Chuck Hagel said the Department of Defense (DOD) planned to implement, among other things, a continuous evaluation (CE) program to close “troubling gaps in DoD’s ability to detect, prevent, and respond to instances where someone working for us…decides to inflict harm on this institution and its people.”
The OPM data breach has turned those “troubling gaps” into deeper chasms. Now there is growing pressure to ramp up the implementation of such CE programs, which automatically and continually comb through over 40 databases for information pertaining to arrests, foreign travel, large-currency transactions and other incidents. According to the Office of the Director of National Intelligence (DNI), select executive branch departments and agencies this fiscal year will have CE capabilities for part of the top secret/sensitive compartmentalized information (TS/SCI)-cleared population. The goal is to expand such capabilities to all TS/SCI-populated agencies and departments by the end of 2016. This means that potentially disqualifying security incidents will be detected more easily and rapidly, causing a multitude of concerns for federal employees and contractors and military personnel. However, the Government Accountability Office recently issued a report in which it said, “executive-branch agencies face challenges in implementing certain aspects of the 2012 Federal Investigative Standards, including establishing a continuous evaluation policy.”
Nevertheless, the impact of CE initiatives on employees and contractors – when fully implemented – will be sweeping. It has always been important for security clearance holders to promptly report incidents, such as arrests, and to quickly resolve certain issues, such as financial problems. However, CE will make such promptness doubly important. CE will leave employees and contractors with little time to delay in reporting such incidents or resolving problematic issues. During a pilot of DOD’s Automated Continuous Evaluation System (ACES), 21.7 percent of 3,370 Army service members, civilian employees and contractor personnel were found to have not reported post-reinvestigation derogatory information. The derogatory information was so serious for 3 percent of them that they ended up having their security clearances revoked or suspended, according to an Office of Management and Budget report.
It is important for federal employees and contractors to keep in mind that CE programs supplement, instead of replace, the traditional, periodic re-investigations of security clearances. In the Navy, for example, commanders are required to report derogatory information discovered through the CE process that indicates “information and behaviors that bring into question an individual’s trustworthiness, judgment, and reliability to protect classified information.” So derogatory information that calls into question the employee’s or contractor’s allegiance to the United States or that shows inappropriate sexual behavior, as outlined National Adjudicative Guidelines, could result in a commander’s incident report to the DOD Consolidated Adjudication Facility. And that, in turn, can trigger a formal or informal suspension of access to classified information.
A Navy Commander’s Guide to Incident Reporting, states, “In many cases incident reports are resolved favorably and will not affect an individual’s career.” The guide adds that “[a]ttending counseling, corrective training, self-reporting, frequency, factors outside of an individual’s control, etc, has a direct bearing on the outcome of an incident report.” My concern with CE is that employees and contractors with access to classified information may have shorter windows of opportunity to take steps to mitigate any derogatory information found in an automated database search. Rather than having years between re-investigations to develop and implement a plan to address financial problems or personal conduct issues, employees and contractors may have months, weeks or days to take such actions. Agencies must provide these employees flagged in the CE process with the same due process rights afforded to employees and contractors targeted for a security clearance suspension or revocation because of the findings or a regularly scheduled re-investigation, according to a Department of Homeland Security report.
CE is going to push employees and contractors to be more proactive in terms of addressing issues before they end up in a disabling incident report. Under the new framework, having a strategy to mitigate the government’s concerns will be even more crucial. Employees and contractors should consult with an experienced security clearance representation attorney well before the potential security clearance issue grows into an unmanageable revocation or suspension action. Even if a Letter of Intent (LOI) or Statement of Reasons (SOR) has been issued, an attorney could address the issue with Agency security managers or directly with the Defense Office of Hearings and Appeals (DOHA). Either way, a prompt and swift response will be crucial to success.
Greg T. Rinckey, Esq. is one of Tully Rinckey PLLC’s two founding partners. Tully Rinckey PLLC is one of the largest federal sector employment, military law and security clearance representation firms in the country. Mr. Rinckey is a recognized leader in the security clearance, military and federal employment law sectors. He can be reached at [email protected].
