Experts: Obama’s plan to predict future leakers unproven, unlikely to work
Insider Threats
McClatchy
Jonathan S. Landay and Marisa Taylor | McClatchy Washington Bureau
7/9/2013
Excerpt:
WASHINGTON — In an initiative aimed at rooting out future leakers and other security violators, President Barack Obama has ordered federal employees to report suspicious actions of their colleagues based on behavioral profiling techniques that are not scientifically proven to work, according to experts and government documents.
The techniques are a key pillar of the Insider Threat Program, an unprecedented government-wide crackdown under which millions of federal bureaucrats and contractors must watch out for “high-risk persons or behaviors” among co-workers. Those who fail to report them could face penalties, including criminal charges.
Obama mandated the program in an October 2011 executive order after Army Pfc. Bradley Manning downloaded hundreds of thousands of documents from a classified computer network and gave them to WikiLeaks, the anti-government secrecy group. The order covers virtually every federal department and agency, including the Peace Corps, the Department of Education and others not directly involved in national security.
Under the program, which is being implemented with little public attention, security investigations can be launched when government employees showing “indicators of insider threat behavior” are reported by co-workers, according to previously undisclosed administration documents obtained by McClatchy. Investigations also can be triggered when “suspicious user behavior” is detected by computer network monitoring and reported to “insider threat personnel.”
Federal employees and contractors are asked to pay particular attention to the lifestyles, attitudes and behaviors – like financial troubles, odd working hours or unexplained travel – of co-workers as a way to predict whether they might do “harm to the United States.” Managers of special insider threat offices will have “regular, timely, and, if possible, electronic, access” to employees’ personnel, payroll, disciplinary and “personal contact” files, as well as records of their use of classified and unclassified computer networks, polygraph results, travel reports and financial disclosure forms.
Over the years, numerous studies of public and private workers who’ve been caught spying, leaking classified information, stealing corporate secrets or engaging in sabotage have identified psychological profiles that could offer clues to possible threats. Administration officials want government workers trained to look for such indicators and report them so the next violation can be stopped before it happens.
“In past espionage cases, we find people saw things that may have helped identify a spy, but never reported it,” said Gene Barlow, a spokesman for the Office of the National Counterintelligence Executive, which oversees government efforts to detect threats like spies and computer hackers and is helping implement the Insider Threat Program. “That is why the awareness effort of the program is to teach people not only what types of activity to report, but how to report it and why it is so important to report it.”
But even the government’s top scientific advisers have questioned these techniques. Those experts say that trying to predict future acts through behavioral monitoring is unproven and could result in illegal ethnic and racial profiling and privacy violations.
“There is no consensus in the relevant scientific community nor on the committee regarding whether any behavioral surveillance or physiological monitoring techniques are ready for use at all,” concluded a 2008 National Research Council report on detecting terrorists.
...............................
View the complete article at:
http://www.mcclatchydc.com/2013/07/0...l#.Ud1oUW3ueSo
Insider Threats
McClatchy
Jonathan S. Landay and Marisa Taylor | McClatchy Washington Bureau
7/9/2013
Excerpt:
WASHINGTON — In an initiative aimed at rooting out future leakers and other security violators, President Barack Obama has ordered federal employees to report suspicious actions of their colleagues based on behavioral profiling techniques that are not scientifically proven to work, according to experts and government documents.
The techniques are a key pillar of the Insider Threat Program, an unprecedented government-wide crackdown under which millions of federal bureaucrats and contractors must watch out for “high-risk persons or behaviors” among co-workers. Those who fail to report them could face penalties, including criminal charges.
Obama mandated the program in an October 2011 executive order after Army Pfc. Bradley Manning downloaded hundreds of thousands of documents from a classified computer network and gave them to WikiLeaks, the anti-government secrecy group. The order covers virtually every federal department and agency, including the Peace Corps, the Department of Education and others not directly involved in national security.
Under the program, which is being implemented with little public attention, security investigations can be launched when government employees showing “indicators of insider threat behavior” are reported by co-workers, according to previously undisclosed administration documents obtained by McClatchy. Investigations also can be triggered when “suspicious user behavior” is detected by computer network monitoring and reported to “insider threat personnel.”
Federal employees and contractors are asked to pay particular attention to the lifestyles, attitudes and behaviors – like financial troubles, odd working hours or unexplained travel – of co-workers as a way to predict whether they might do “harm to the United States.” Managers of special insider threat offices will have “regular, timely, and, if possible, electronic, access” to employees’ personnel, payroll, disciplinary and “personal contact” files, as well as records of their use of classified and unclassified computer networks, polygraph results, travel reports and financial disclosure forms.
Over the years, numerous studies of public and private workers who’ve been caught spying, leaking classified information, stealing corporate secrets or engaging in sabotage have identified psychological profiles that could offer clues to possible threats. Administration officials want government workers trained to look for such indicators and report them so the next violation can be stopped before it happens.
“In past espionage cases, we find people saw things that may have helped identify a spy, but never reported it,” said Gene Barlow, a spokesman for the Office of the National Counterintelligence Executive, which oversees government efforts to detect threats like spies and computer hackers and is helping implement the Insider Threat Program. “That is why the awareness effort of the program is to teach people not only what types of activity to report, but how to report it and why it is so important to report it.”
But even the government’s top scientific advisers have questioned these techniques. Those experts say that trying to predict future acts through behavioral monitoring is unproven and could result in illegal ethnic and racial profiling and privacy violations.
“There is no consensus in the relevant scientific community nor on the committee regarding whether any behavioral surveillance or physiological monitoring techniques are ready for use at all,” concluded a 2008 National Research Council report on detecting terrorists.
...............................
View the complete article at:
http://www.mcclatchydc.com/2013/07/0...l#.Ud1oUW3ueSo