Security clearance

From Wikipedia, the free encyclopedia
Jump to: navigation, search

A security clearance is a special status granted to individuals allowing them access to classified information (state or organizational secrets) or to restricted areas, after completion of a thorough background check. The term "security clearance" is also sometimes used in private organizations that have a formal process to vet employees for access to sensitive information. A clearance by itself is normally not sufficient to gain access; the organization must also determine that the cleared individual needs to know specific information. No one is supposed to be granted automatic access to classified information solely because of rank, position, or a security clearance.

Canada[edit]

This section deals with access to sensitive government information. 'Police Security Certificate' or similar terminology for immigration or employment purposes usually refers to Criminal Record Check and Transportation Security Clearance Program, operated by Transport Canada mandatory for marine and airport workers for the purpose of entering restricted area are not within the topic in this article.

Background[edit]

Government classified information is governed by the Treasury Board Standard on Security Screening, the Security of Information Act and Privacy Act. Only those that are deemed to be loyal and reliable, and have been cleared are allowed to access sensitive information. The policy was most recently revised on October 20, 2014.[1]

Checks include basic demographic and criminal record checks for all levels, and, depending on an individual appointment's requirements, credit checks, loyalty, and field checks might be conducted by the RCMP and/or CSIS.

Clearance is granted, depending on types of appointment, by individual Federal government departments or agencies or by private company security officers. Those who have contracts with Public Works and Government Services Canada are bound by the Industrial Security Program, a sub-set of the GSP.

To access designated information, one must have at least standard reliability status (see Hierarchy below). Reliability checks and assessments are conditions of employment under the Public Service Employment Act, and, thus, all Government of Canada employees have at least reliability status screening completed prior to their appointment.[2] However, Government employees by Order-in-council are not subjected to this policy.[3]

Clearances at the reliability status and secret levels are valid for 10 years, whereas top secret is valid for 5 years. However, departments are free to request their employees to undergo security screening any time for cause.[4] Because security clearances are granted by individual departments instead of one central government agency, clearances are inactivated at the end of appointment or when an individual transfers out of the department. The individual concerned can then apply to reactivate and transfer the security clearance to his/her new position.[2]

Hierarchy[edit]

Three levels of personnel screening exist, with two sub-screening categories:[4][5]

Standard screenings are completed for individuals without law enforcement, security and intelligence functions with the government, whereas Enhanced screenings are for individuals with law enforcement, security and intelligence functions, or access to those data or facilities.

Security screening[edit]

Individuals who need to have RS because of their job or access to federal government assets will be required to sign the Personnel Screening, Consent and Authorization Form (TBS/SCT 330-23e).

  • Reliability Status, Standard (RS)
    • Reliability checks are done by verifying personal data, criminal records check, credit check, educational, and professional qualifications, data on previous employment and references.
    • This level of clearance will grant the right to access designated documents with markings of Protected A & B information/assets on a need-to-know basis. It is mandatory for individuals when the duties or tasks of a position or contract necessitate access to protected information and assets, regardless of the duration of an assignment.
  • Reliability status, Enhanced (ERS)
    • In addition to the Reliability Status, Standard checks, open-source checks, and security questionnaire or interview are required.
    • This level of clearance will grant the right to access designated documents with markings of Protected A, B & C information/assets on a need-to-know basis.

Security clearances[edit]

Individuals who require access to more sensitive information (or access to sensitive federal government sites and/or assets) because of their job will be required to sign the Security Clearance Form (TBS/SCT 330-60e). There are two levels of clearance:

  • Secret
    • Secret clearance is only granted after a reliability status is cleared, with a positive CSIS security assessment.
    • This level of clearance will grant the right to access designated and classified information up to Secret level on a need-to-know basis. Department Heads have the discretion to allow for an individual to access Top Secret-level information without higher-level clearance on a case-to-case basis.
    • Only those with a Secret clearance, with enhanced screening have access to Protected C information.
  • Top Secret
    • In addition to the checks at the Secret level, foreign travels, assets, and character references must be given. Field check will also be conducted prior to granting the clearance.
    • This level of clearance will grant the right to access all designated and classified information on a need-to-know basis.
Site access[edit]

Two additional categories called "Site Access Status" and "Site Access Clearance" exist not for access to information purposes but for those that require physical access to sites or facilities designated by CSIS as areas "reasonably be expected to be targeted by those who engage in activities constituting threats to the security of Canada". Designated areas include Government Houses, official residences of government officials, Parliament, nuclear facilities, airport restricted areas, maritime ports, and any large-scale events that are sponsored by the federal government (e.g., 2010 Winter Olympics).[6]

Where reliability is the primary concern, a site access status screening (similar to a reliability status, standard screening) is conducted ; where loyalty to Canada is the primary concern, a site access clearance (similar to a Secret clearance screening) is required. They are both valid for 10 years.

Legal[edit]

Prior to granting access to information, an individual who has been cleared must sign a Security Screening Certificate and Briefing Form (TBS/SCT 330-47), indicating their willingness to be bound by several Acts of Parliament during and after their appointment finishes. Anyone who has been given a security clearance and releases designated/classified information without legal authority is in breach of trust under section 18(2) of the Security of Information Act with a punishment up to 2 years in jail. Those who have access to Special Operational Information are held to a higher standard. The release of such information is punishable by law, under section 17(2) of the Security of Information Act, liable to imprisonment for life.[7]

The Criminal Code of Canada, Section 750 (3) states that no person convicted of an offence under Section 121 (frauds on the Government), Section 124 (selling or purchasing office), Section 380 (Fraud - if directed against Her Majesty) or Section 418 (selling defective stores to Her Majesty), has, after that conviction, the capacity to contract with Her Majesty or to receive any benefits under a contract between Her Majesty and any other person or to hold office under Her Majesty unless a pardon has been granted. (This effectively prohibits granting of a Reliability Status to any such individual.)[8]

United Kingdom[edit]

Clearance is checked at six levels, depending on the classification of materials that can be accessed — Baseline Personnel Security Standard (BPSS), Counter-Terrorist Check (CTC), Security Check (SC) and Developed Vetting (DV). Security Check allows an individual long-term unsupervised access to protectively-marked SECRET material, whilst for TOP SECRET Developed Vetting is required.

Those with security clearance are commonly required to sign a statement to the effect that they agree to abide by the restrictions of the Official Secrets Act. This is popularly referred to as "signing the Official Secrets Act". Signing this has no effect on which actions are legal, as the act is a law, not a contract, and individuals are bound by it whether or not they have signed it. Signing it is intended more as a reminder to the person that they are under such obligations. To this end, it is common to sign this statement both before and after a period of employment that involves access to secrets.

History[edit]

After the United States entered into World War II, Britain changed its security classifications to match those of America. Previously, classifications had included the top classification "Most Secret", but it soon became apparent that the United States did not fully understand British classifications, and classified information appeared in the U.S. press. This spearheaded the uniformity in classification between the UK and the United States.

United States[edit]

Introduction[edit]

A security clearance is an official determination that an individual may access information classified by the United States Government. Security clearances are hierarchical; each level grants the holder access to information in that level and the levels below it. The clearance process requires a background investigation and the signing of a nondisclosure agreement. Access to any particular piece of information requires "need-to-know."[9] In some cases, this requirement is only nominal, as some classified information is widely published on secure networks. In other cases, there is a formal need-to-know determination. In addition to such a determination, Special Access Programs and Sensitive Compartmented Information may require additional investigation and adjudication of the prospective clearance holder.

Authority[edit]

The authority for classifying information and granting security clearances to access that information is found in executive orders (EOs) and Federal law. National Security Information (NSI) is classified under EO 13526. Information may be classified under this Order if a classification authority determines its unauthorized release could cause damage to the national defense or foreign relations of the United States. Information concerning nuclear weapons and fissile material may be classified under the Atomic Energy Act of 1954 (AEA). These clearances are only granted by the Department of Energy. The clearance process for access to NSI or AEA information is substantially aligned. Under EO 12968, the investigative and adjudicative guidelines for NSI and AEA clearances are identical. This enables reciprocity between NSI and AEA clearances, although some exceptions exist.

Executive Order 12968's standards are binding on all government agencies that handle classified information, but it allows certain agency heads to establish Special Access Programs (SAPs) with additional, but not duplicative, investigative and adjudicative requirements. The Intelligence Community's Sensitive Compartmented Information (SCI) control systems are a family of SAPs, and SCI eligibility must be granted prior to accessing any particular control system or compartment (which may require additional investigation or adjudication). SCI eligibility policy is described in Intelligence Community Directive 704 and its implementing policy guidance. Any additional clearance measures used by SAPs must be approved by the Office of Management and Budget, which has generally limited such measures to polygraphs, exclusion of persons with non-US immediate family members, requiring more frequent reinvestigations, and requiring annual updates to security questionnaires.[10]

Hierarchy[edit]

A security clearance is granted to an individual and generally recognizes a maximum level of clearance. Exceptions include levels above compartmentalized access or when an individual is cleared for a certain type of data. The President of the United States may be given access to any government or military information that he requests if there is a proper "need to know", even if he would not otherwise be able to normally obtain a security clearance were he not the President. Having obtained a certain level security clearance does not mean that one automatically has access to or is given access to information cleared for that clearance level in the absence of a demonstrated "need to know".[11] The "need-to-know" determination is made by a 'disclosure officer,' who may work in the office of origin of the information. The specified "need to know" must be germane to the prospective user's mission, or of necessity for the integrity of a specified security apparatus.

Controlled Unclassified[edit]

"Controlled Unclassified" does not represent a clearance designation, but rather a clearance level at which information distribution is controlled. Controlled Unclassified designates information that may be illegal to distribute. This information is available when needed by government employees, such as Department of Defense (DoD) employees, but the designation signifies that the information should not be redistributed to users not designated to use it on an operational basis. For example, the organization and processes of an information-technology system may be designated Controlled Unclassified to users for whom the operational details of the system are non-critical.

Public Trust Position[edit]

Despite common misconception, this designation is not a security clearance, and is not the same as the confidential designation. Certain positions which require access to sensitive information, but not information which is classified, must obtain this designation through a background check. Public Trust Positions can either be moderate-risk or high-risk.[12][13]

Confidential[edit]

This is hierarchically the first security clearance to get, typically requiring a few weeks to a few months of investigation. A Confidential clearance requires a NACLC investigation which dates back 7 years on the subject's record and must be renewed (with another investigation) every 15 years.

Secret[edit]

A Secret clearance, also known as Collateral Secret or Ordinary Secret, requires a few months to a year to investigate, depending on the individual's background. Some instances wherein individuals would take longer than normal to be investigated are many past residences, having residences in foreign countries, having relatives outside the United States, or significant ties with non-US citizens. Unpaid bills as well as criminal charges will more than likely disqualify an applicant for approval. However, a bankruptcy will be evaluated on a case-by-case basis and is not an automatic disqualifier. Poor financial history is the number-one cause of rejection, and foreign activities and criminal record are also common causes for disqualification. A Secret clearance requires a NACLC, and a Credit investigation; it must also be re-investigated every 10 years.[14] Investigative requirements for DoD clearances, which apply to most civilian contractor situations, are contained in the Personnel Security Program issuance known as DoD Regulation 5200.2-R, at part C3.4.2

Top Secret[edit]

Top Secret is a more stringent clearance. A Top Secret, or "TS", clearance, is often given as the result of a Single Scope Background Investigation, or SSBI. Top Secret clearances, in general, afford one access to data that affects national security, counterterrorism/counterintelligence, or other highly sensitive data. There are far fewer individuals with TS clearances than Secret clearances.[15] A TS clearance can take as few as 3 to 6 months to obtain, but often it takes 6 to 18 months. The SSBI must be reinvestigated every 5 years.[14] In order to receive TS clearance, all candidates must pass an oral interview.

Compartmented[edit]

As with TS clearances, Sensitive Compartmented Information (SCI) clearances are assigned only after one has been through the rigors of a Single Scope Background Investigation and a special adjudication process for evaluating the investigation. SCI access, however, is assigned only in "compartments". These compartments are necessarily separated from each other with respect to organization, so that an individual with access to one compartment will not necessarily have access to another. Each compartment may include its own additional special requirements and clearance process. An individual may be granted access to, or read into, a compartment for any period of time.

Top secret clearance might be required to access:

  • Communications intelligence, a subset of SIGINT
  • Design or stockpile information about nuclear weapons
  • Nuclear targeting

Such compartmentalized clearances may be expressed as "John has a TS/SCI", whereby all clearance descriptors are spelled out verbally. For example, the U.S. National Security Agency once used specialized terms such as "Umbra",[16][17][18] This classification is reported to be a compartment within the "Special Intelligence" compartment of SCI.[19] The various NSA compartments have been simplified; all but the most sensitive compartments are marked "CCO", meaning "handle through COMINT channels only".

The U.S. Department of Defense establishes, separately from intelligence compartments, special access programs (SAP) when the vulnerability of specific information is considered exceptional and the normal criteria for determining eligibility for access applicable to information classified at the same level are not deemed sufficient to protect the information from unauthorized disclosure. The number of people cleared for access to such programs is typically kept low. Information about stealth technology, for example, often requires such access.

Area-specific clearances include:

Jobs that require a clearance[edit]

Anyone with access to classified data requires a clearance at or higher than the level at which the data is classified. For this reason, security clearances are required for a wide range of jobs, from senior management to janitorial. According to a 2013 Washington Post article, over 1.5 million Americans had top-secret clearances; almost one-third of them worked for private companies, rather than for the U.S. government.[2] [20]

Jobs that require a security clearance can be found either as positions working directly for the federal government or as authorized federal contractors. Over time, more clearance jobs are being outsourced to contractors.[21] Due to an overall shortage in security-cleared candidates and a long time frame to obtain the credentials for an uncleared worker, those with clearance are often paid more than their non-cleared equivalent counterparts.[22][23][24] According to one 2010 estimate, "people with security clearances are in the top 10 percent of wage earners in the country".[25]

Requirements for a clearance[edit]

The vetting process for a security clearance is usually undertaken only when someone is hired or transferred into a position that requires access to classified information. The employee is typically fingerprinted and asked to provide information about themselves. This becomes a starting point for an investigation into the candidate's suitability. The process has been streamlined and now requires the person who needs clearance to input the information online using E-qip; five days are allowed for data input. Having the older paper form can be helpful for collecting and organizing the information in advance. The information on an investigation and its status is stored in either JPAS or Scattered Castles.

Investigative work is usually at least one of the following types:

  • National Agency Check with Local Agency Check and Credit Check (NACLC). An NACLC is required for a Secret, L, and CONFIDENTIAL access. (See: Background check)
  • Single Scope Background Investigation (SSBI). An SSBI is required for Top Secret, Q, and SCI access, and involves agents contacting employers, coworkers and other individuals. Standard elements include checks of employment; education; organization affiliations; local agencies; where the subject has lived, worked, or gone to school; and interviews with persons who know the individual. The investigation may include an NACLC on the candidate’s spouse or cohabitant and any immediate family members who are U.S. citizens other than by birth or who are not U.S. citizens.
  • Polygraph. Some agencies may require polygraph examinations. The most common examinations are Counter Intelligence (CI) and Full-Scope (Lifestyle) polygraphs. While a positive SSBI is sufficient for access to SCI-level information, polygraphs are routinely administered for "staff-like" access to particular agencies.[citation needed]

If issues of concern surface during any phase of security processing, coverage is expanded to resolve those issues. At lower levels, interim clearances may be issued to individuals who are presently under investigation, but who have passed some preliminary, automatic process. Such automatic processes include things such as credit checks, felony checks, and so on. An interim clearance may be denied (although the final clearance may still be granted) for having a large amount of debt, having a foreign spouse, for having admitted to seeing a doctor for a mental health condition, or for having admitted to other items of security concern (such as a criminal record or a history of drug use.)

Investigations conducted by one federal agency are no longer supposed to be duplicated by another federal agency when those investigations are current within 5 years and meet the scope and standards for the level of clearance required.[citation needed] The high-level clearance process can be lengthy, sometimes taking a year or more. In recent years, there has been an increased backlog of cases which has been attributed to the economic climate. The long time needed for new appointees to be cleared has been cited as hindering U.S. presidential transitions.

Security briefings[edit]

In the U.S., once the clearance is granted, the candidate is briefed on "the proper safeguarding of classified information and on the criminal, civil, and administrative sanctions that may be imposed on an individual who fails to protect classified information from unauthorized disclosure." He or she is also required to sign an approved non-disclosure agreement (e.g., form SF-312). High-level clearances are reviewed periodically and any "adverse information" reports received at any time can trigger a review. When a cleared person leaves their job, they are often "debriefed"—reminded of their ongoing obligations to protect the information they were allowed to see.[citation needed] According to NISPOM Chapter 3, newly cleared employees are required to receive an initial security briefing before having access to classified information. This training helps them understand the threat, risks to classified information, how to protect the classified information, security procedures and duties as they apply to their job. This training is followed up by refresher training that reinforces the initial security briefing.

Dual citizenship[edit]

Dual citizenship is associated with two categories of security concerns: foreign influence and foreign preference. Dual citizenship in itself is not the major problem in obtaining or retaining security clearance in the United States. If a security clearance applicant's dual citizenship is "based solely on parents' citizenship or birth in a foreign country", that can be a mitigating condition.[26] However, exercising (taking advantage of the entitlements of) a non-U.S. citizenship can cause problems. For example, possession and/or use of a foreign passport is a condition disqualifying from security clearance and "is not mitigated by reasons of personal convenience, safety, requirements of foreign law, or the identity of the foreign country" as is explicitly clarified in a Department of Defense policy memorandum which defines a guideline requiring that "any clearance be denied or revoked unless the applicant surrenders the foreign passport or obtains official permission for its use from the appropriate agency of the United States Government".[27] This guideline has been followed in administrative rulings by the Department of Defense (DoD) Defense Office of Hearings and Appeals (DOHA) office of Industrial Security Clearance Review (ISCR), which decides cases involving security clearances for Contractor personnel doing classified work for all DoD components. In one such case, an administrative judge ruled that it is not clearly consistent with U.S. national interest to grant a request for a security clearance to an applicant who was a dual national of the United States and Ireland.[28]

Individuals who have had security clearances revoked[edit]

In the post World War II era there have been several highly publicized, and often controversial, cases of officials or scientists having their security clearances revoked, including:

United Nations[edit]

The UN has a Security Clearance (SC) procedure and document for United Nations staff travelling to areas designated as security phase areas, with numbers ranging from one to five ("no-phase" areas are calm countries where no SC is required).

United Nations staff can apply for SC online, at the website of the Department for Safety and Security.

See also[edit]

Notes and references[edit]

  1. ^ Standard on Security Screening - Table of Contents
  2. ^ a b Personnel Security Standard
  3. ^ Guide to the Audit of Security - March 2004
  4. ^ a b Security Policy-Manager's Handbook
  5. ^ Standard on Security Screening
  6. ^ CSIS Security Screening
  7. ^ Security of Information Act
  8. ^ ISM Chapter 2 Part I
  9. ^ Executive Order 12968
  10. ^ OMB Memorandum M-06-21, Reciprocal Recognition of Personnel Security Clearances, July 17, 2006.
  11. ^ [1][dead link]
  12. ^ "National Security Positions vs. Public Trust Positions". 
  13. ^ "FEDERAL SECURITY/SUITABILITY CLEARANCE CHART". 
  14. ^ a b "DSS / DISCO / Frequently Asked Questions about the Industrial Personnel Security Clearance Process". Defense Security Service. Retrieved 13 June 2013. 
  15. ^ "Report on Security Clearance Determinations for Fiscal Year 2010" (PDF). Office of the Director of National Intelligence. September 2011. Retrieved 13 June 2013. 
  16. ^ "NSA Bibliographies". NSA Bibliographies. 2007-09-27. 
  17. ^ "William H. Payne v. National Security Agency". William H. Payne v. National Security Agency. 2007-09-27. 
  18. ^ "US Spying on Indian Nuclear Scientists". The NSA has been spying on Indian nuclear scientists by tapping phone conversations. 2007-09-27. 
  19. ^ "National Security Archive Electronic Briefing Book No. 24". Declassified documents and Archive publications on U.S. Intelligence. 2007-09-27. 
  20. ^ Fung, Brian (2014-03-24). "The Washington Post". Retrieved 12/5/14.  Check date values in: |accessdate= (help)
  21. ^ Tyler, Jeff (2006-11-17). "Private spooks for hire". Retrieved 2009-01-10. 
  22. ^ "Security Clearance a Valued Resume Credential". Fox News. Associated Press. 2007-03-25. Retrieved 2009-01-10. 
  23. ^ Willing, Richard (2007-02-14). "White House looks for faster top-secret clearances". USA Today. Retrieved 2009-01-10. 
  24. ^ Merle, Renae (2006-02-09). "Security Clearances Can Pay Off". Washington Post. Retrieved 2010-05-23. 
  25. ^ Hedgpeth, Dana (2010-08-24). "Fairs help job-seekers with security clearances connect with intelligence firms". Washington Post. 
  26. ^ "Security Clearance Guidelines: Foreign Preference". military.about.com. Retrieved 2007-05-15. 
  27. ^ Arthur L. Money (16 August 2000). "Guidance to DoD Central Adjudication Facilities (CAF) Clarifying the Application of the Foreign preference Adjucitative Guideline" (PDF). Retrieved 2007-05-15.  (the "Money Memorandum")
  28. ^ ISCR Case No. 02-21102

External links[edit]

Canada[edit]

UK[edit]

US[edit]

UN[edit]

Geneva Centre for the Democratic Control of Armed Forces[edit]