Applicants for Federal security clearances may want to double check their Twitter feeds, as agencies could soon be moving forward with investigations into applicants’ social media accounts.

The biggest obstacle to these investigations, however, is not privacy concerns, but rather data security, according to congressmen and witnesses testifying in front of the House Subcommittee on Government Operations and Subcommittee on National Security on Friday.

“When you apply on an SF86 [form for security clearance] the very first thing you get to do is consent to the government searching you,” said William Evanina, the national counterintelligence executive and director of the National Counterintelligence and Security Center at the Office of the Director of National Intelligence (ODNI).

He also said that when defining social media, “we mean social media information that has been published or broadcast for public consumption, is available on request to the public, is accessible online to the public, is available to the public by subscription or purchase, or is otherwise lawfully accessible to the public.”

Many of the subcommittees’ members agreed that searching public-facing social media accounts during background investigations was a logical step.

“It seems second nature to examine the social media accounts of those applying for a security clearance,” said Rep. Robin Kelly, D-Ill.

In light of 2013’s Office of Personnel Management (OPM) breach, however, many were concerned that the information collected and stored from these social media searches would be vulnerable to exposure. Rep. Mick Mulvaney, R-S.C., worried that seemingly innocuous information, like whether someone had gone to marriage counseling, could be used against the person being investigated when paired with more personal information stored within the investigation report.

Rep. Stephen Lynch, D-Mass., added to this concern by reminding OPM acting director Beth Cobert that, just 10 months ago, OPM still had Social Security numbers left unencrypted, raising concerns about their ability to protect yet more data.

“We continue to work at these quite closely,” Cobert said, making note of the many security improvements that OPM had undertaken, such as the use of network security tool Einstein 3 and increased identity monitoring.

Evanina added, “If it’s not relevant to you getting clearance, it’s not retained.”

Other concerns addressed in the hearing were the accuracy and reliability of information gathered from social media.

“How do we flag the serious from the trivial?” said Rep. Gerry Connolly, D-Va. And even before addressing that question, investigators must make sure they’ve found the account that is actually owned by the applicant, and that the applicant is not using a pseudonym online.

“There’s not really a way for us to identify Bob Smith, who is really Tom Jones online,” Evanina noted.

One of the solutions to such a problem would be the development of more automated systems that could do the work of matching people to their social media accounts.

“We are working toward the processes that will enable us to match individuals,” Cobert said. “We are committed to its value; it’s a question of how.”

These automations could also help reduce costs associated with social media investigations. Pilot program estimates find that it costs approximately $100 to $500 a person to investigate social media presence. OPM’s Federal Investigative Service estimates that it conducts 1 million background checks a year, meaning that social media investigations could cost hundreds of millions of dollars in a year.

“The government must keep up with advancements in technology,” said U.S. CIO Tony Scott.

Read More About
About
Jessie Bur
Jessie Bur
Jessie Bur is a Staff Reporter for MeriTalk covering Cybersecurity, FedRAMP, GSA, Congress, Treasury, DOJ, NIST and Cloud Computing.
Tags