www.baltimoresun.com/news/maryland/bs-md-snowden-contractors-20130610,0,2933179.story

baltimoresun.com

NSA leaks shift focus to intel contractors

Government relies heavily on private firms

By John Fritze and Jamie Smith Hopkins, The Baltimore Sun

9:45 PM EDT, June 10, 2013

WASHINGTON —

Advertisement

An intelligence contractor's disclosure of covert National Security Agency surveillance programs reopened a debate Monday over how much the government relies on private companies for spy work and whether those firms must do more to vet employees and protect secret information.

The leaks last week by Booz Allen Hamilton employee Edward Snowden that revealed the NSA's phone and Internet surveillance underscored how deeply involved private contractors, including many based in Maryland, have become in U.S. intelligence gathering.

About 70 percent of the money spent by intelligence agencies flows to contractors, including firms not involved in sensitive analysis, and nearly one-quarter of the 4.9 million people who hold security clearances work for contractors, according to a 2012 report from the Director of National Intelligence.

"A lot of people have pointed the finger at the federal government — that it's too big," said Scott Amey, general counsel for the Washington-based Project on Government Oversight. "What people don't realize is we've supplanted that with a shadow contractor workforce."

Snowden, a former Central Intelligence Agency employee, was named on Sunday by Britain's Guardian newspaper and The Washington Post as the source of top secret documents detailing NSA's efforts to collect domestic phone records and intercept photographs, email and other data from Internet users.

A 29-year-old North Carolina native, Snowden moved with his family to Maryland, where he attended Anne Arundel County public schools.

While intelligence experts acknowledge the intelligence industry's significant growth since the terrorist attacks in 2001, few expect the unprecedented leaks — or the fact that the information came from a private contractor — to affect the role those private firms play.

Contract employees who handle sensitive information undergo the same screening and security procedures as those who work directly for the government, experts noted. What's more, Snowden worked as a CIA employee before he left his government job for the private sector.

Randy Belote, a spokesman for Northrop Grumman, said the company vets potential employees "in strict compliance with the government's requirements" and that everyone "we hire, regardless of skills, is subject to the same strict compliance with government personnel security regulations."

Plenty of high-profile leaks — including the classified documents released to WikiLeaks by Army Pfc. Bradley Manning — came from government employees, not contractors, noted Loren B. Thompson, a defense analyst at the Lexington Institute, a think tank in Arlington, Va.

"There's no real connection between being a contractor and leaking," Thompson said.

The real question raised by the Snowden case is whether talented tech workers are in such short supply that both intelligence agencies and contractors are taking hiring risks, he said. Thompson said the government's increased emphasis on cybersecurity has led to the hiring of people with hacker temperaments that could be at odds with the buttoned-down, closed-mouth culture of intelligence.

"People in the government say the kinds of cyber talent they're looking for often includes people with outlaw personalities, so people who are on the fringes but really know computers," he said. "Hiring people that think out of the box always runs the [risk] that they'll take some of the information they've learned out of the box."

Given the scope of intelligence contracting, and the fact that it is largely conducted in secret, it's difficult to say precisely how large the industry is in Maryland. The Maryland Department of Business and Economic Development counts 3,457 defense contractors in the state. Many of those work in intelligence, but that number doesn't include companies working for the NSA.

That's because the NSA, based at Fort Meade, doesn't publicly disclose its budget or its contracts.

Still, the NSA's presence in Maryland is considered an important economic engine for the state.

Virginia-based Booz Allen Hamilton has nine locations in Maryland. The state's former business and economic development secretary, Christian S. Johansson, once worked as a consultant for the firm. The company has partnered with the University of Maryland to develop course work in intelligence analysis and cyber security.

Booz Allen Hamilton employs 24,500 people, three-fourths of whom hold government security clearances, according to public financial filings. The company's stock price fell more than 2.5 percent on Monday. A spokesman declined to comment.

Contractors and trade groups stressed that Snowden doesn't represent the industry.

In a statement, Lockheed Martin said the company "is constantly updating and reevaluating our security procedures to protect classified information" and that "we have numerous safeguards built into the system."

Alan Chvotkin, executive vice president of the Professional Services Council, said the Snowden case shouldn't affect the way contractors do business. The group represents defense and intelligence contractors, including some in Maryland.

"We're hoping that this is not viewed as a contractor issue," he said. "This should have nothing to do with the fact that this work happened to be done by a contractor."

Stewart Baker, a former assistant secretary for policy at the Department of Homeland Security and now a partner at Steptoe & Johnson, said contract employees may need to be made more aware of internal channels for whistleblowing.

"We might want to ask the question, 'Are we sure that contractor employees have the same sense of the importance of their mission and the opportunities to raise concerns inside the system that are widely available to government employees?' " he said.

John Pike, director of GlobalSecurity.org, a military-information website based in Alexandria, Va., said he hopes the NSA leak prompts the government to revisit the way it processes security clearances — for both contractors and federal employees.

He suggests the government needs to ask more questions up front, "and then keep asking those questions" afterward to catch troubling changes.

"They gave too many people clearances a decade ago, after Sept. 11, because the defense budget doubled and the intel budget more than doubled," he said. "They were giving clearances to people who have no business having clearances. They still have them."

Steven Aftergood, director of the Project on Government Secrecy at the Federation of American Scientists, said it is premature to devise policy changes. It's not yet clear, he said, whether the case speaks to a broader problem with the way clearances are issued or whether any screening would have flagged Snowden.

"People are going to want to have a better understanding of exactly how the Snowden case transpired," Aftergood said. "These are questions that will need to be sorted through."

Baltimore Sun reporter Matthew Hay Brown contributed to this article.

jhopkins@baltsun.com

twitter.com/jsmithhopkins

john.fritze@baltsun.com

twitter.com/jfritze