FBI Insider Threat Program Documents Show How Little It Takes To Be Branded A Threat To The Agency
from the see-something-say-something-but-for-cubicles dept
Jason Leopold has obtained the FBI’s training slides for its “insider threat” program. This would be the same program the FBI refused to discuss in detail with the Senate, walking out of the briefing when asked how the program would avoid sweeping up legitimate whistleblowers.
The federal government acts as though it’s receptive to whistleblowing, but then undermines that sentiment with pretty much everything else it does. These insider threat programs have only become more severe after the Snowden leaks, asking federal government employees to treat normal, everyday behavior as inherently suspicious.
The Defense Department’s insider threat program declared such innocuous things as visiting foreign countries and being in debt as warning signs. Worse, anything less than full support for US government policies was considered threatening behavior.
The FBI’s presentation [PDF] isn’t much better. FBI employees are encouraged to say something if they see something… and there are a lot of observable “somethings” on the list.
According to the training material, potential insider threats include federal employees who brag about what they know, work odd hours, travel overseas without a good reason, or ask their co-workers about classified information without a “need to know.” Workers who consume alcohol, use drugs or have “psychological conditions” may also be insider threats, as are those facing disciplinary action or job termination.
[…]
Another slide says leaks occur because leakers are “disgruntled” and are motivated by “ego,” “financial gain,” and “divided loyalty.”
Some of these factors can be indicative of someone considering engaging in espionage. Unfortunately, a lot of these may also apply to whistleblowers. The FBI presentation spends a great deal of time comparing its lists of insider threat traits to those the government has successfully prosecuted but spends zero time discussing whistleblowers and their traits/motivations.
Considering the FBI’s leaky status, especially in recent months, the document feels inconsistent at best. It feels like a good way for FBI employees to get rid of coworkers they don’t like and a great way to foster an atmosphere of corrosive suspicion in FBI offices.
FBI employees will distrust each other, FBI officials will distrust nosy politicians… and, in a surprising revelation by Leopold, politicians will have even less reason to trust the FBI. As was noted earlier in this post, the FBI chose to walk out of a briefing rather than answer Sen. Chuck Grassley’s question about whistleblower protections under the FBI’s “insider threat” program. Thanks to the efforts of a media company (BuzzFeed) and a private citizen (Leopold), Grassley now has a copy of documents the Senator asked for months ago.
Grassley asked the FBI to send him its insider threat training material. He received a couple of videos and a brochure. But a spokesperson for Grassley told BuzzFeed News that the senator did not receive the training slides until BuzzFeed News sent a copy.
The documents released here don’t answer Grassley’s questions either. But recent history shows us the FBI is not a whistleblower-friendly agency. It seems to have no problem with very selective leaking, but isn’t nearly as kind to those who use the official channels to report wrongdoing. An insider threat program like this doesn’t help. Giving agents and employees sketchy reasons to distrust each other will only serve to deter whistleblowers before they even have a chance to experience the agency’s unofficial retaliation program.
Filed Under: fbi, insider threat
Comments on “FBI Insider Threat Program Documents Show How Little It Takes To Be Branded A Threat To The Agency”
Official channels?
Whistleblowing by definition does not work via official channels (or we’d be talking about interagency communication rather than whistleblowing).
If there are any official channels for whistleblowers in place, they are like door bells for sewer rats. Their purpose is to alert the housekeepers to the presence of vermin, not to facilitate the latters’ objectives.
There will be no cheese handed out.
Re: Official channels?
Well, that’s not strictly true.
If your co-workers are breaking the rules and you report on that to your boss, that’s technically "blowing the whistle on" the rule-breaking – drawing attention to it so that people will realize that it’s going on.
Similarly, if your boss is breaking the rules and your report on it to his boss, that’s "blowing the whistle on" the rule-breaking again. This is probably technically going outside of official channels – but if your organization has established specific channels for reporting wrongdoing, and you report wrongdoing to those channels, the fact that they’re official doesn’t make it any less whistleblowing.
The problem comes in when the people you’re required to report to, under the official channels, either are or are under the control/command of the people engaged in or authorizing the wrongdoing. At that point, the official channels are somewhere in the range from worthless to actually dangerous.
But… whistleblowers are threats… No?
Re: Re:
When your entire organization is only around to come up with false flag threats that allow for additional funding, year anything that threatens the gravy train is a threat.
Re: Re: Re:Or they themselves might just be the problem
Re: Re:
Yes – They are threats to those who lie, cheat and steal from the citizens. Think of the billionaires for a change huh, these poor unappreciated stalwarts of industry need your support in order to remove the rest of your rights, and if you resist you must be a terrorist.
Re: Re:
To a criminal, police are threats. To a criminal, anyone dialing 911 is a threat. If a kid sneaks out of the house at night his parents are a threat.
Threat is an over-used justification that doesn’t mean what most people think it means.
The fact that someone may be a threat to you doesn’t justify self defense if they are a threat to you because you are a criminal and they want to report your crimes.
Comey
meets all of the criteria for being an insider threat.
Re: Comey
Threat to whom?
Given the FBI's propensity to create criminals..
See here: http://www.igpub.com/the-terror-factory/
…then wouldn’t their attempts at classifying everything as suspicious behaviour (y’know, like did the deputy in ELVIS ELVIS RAMIREZ-TAMAYO V. THE STATE OF TEXAS – "because drug traffickers have been seen breathing, then breathing is an indicia of drug trafficking"), simply be that they’re just trying to make their jobs easier by having other people do their work?
Why attribute malice to something when laziness explains it?
Re: Given the FBI's propensity to create criminals..
Because malice is what they feel for everyone not covered by their organization. We are now their enemy, and they destroy their enemies.
Department of Defense on debt
Just want to point out that the DoD’s policy on debt is what they term ‘unsecured debt’ of 10,000USD or more. That refers to debt that has gone to collections or is delinquent more than 90 days or so. It doesn’t refer to just having some credit card debt you are paying slowly or a mortgage that you are current on. And you can continue to work for the DoD, you just can’t get a security clearance which is not required for all jobs.
According to the training material, potential insider threats include federal employees who brag about what they know, work odd hours, travel overseas without a good reason, or ask their co-workers about classified information without a “need to know.” Workers who consume alcohol, use drugs or have “psychological conditions” may also be insider threats, as are those facing disciplinary action or job termination.
[…]
Another slide says leaks occur because leakers are “disgruntled” and are motivated by “ego,” “financial gain,” and “divided loyalty.”
Good, you have just described 160,213,000 people in the United States.
Sauce:
https://www.bls.gov/news.release/pdf/empsit.pdf
Now, is there ANYONE that isn’t a threat to the US?
Answer is: US, as in “us”, not “you”.
Re: Re:
There is no “us” in “US”. It is pronounced “you ass!”. Include the government in your brayers.
Re: Re:
Now, is there ANYONE that isn’t a threat to the US?
Of course. The US population is about 321,400,000, so if 160,213,000 are a threat, then 161,187,000 are not. That’s slightly more than half the population right there.
On today's episode of Techdirt Advertising Theatre...
http://imgur.com/a/A1BVy
(from the the-markdown-link-says-i-can-embed-images-but-they-don’t-actually-show-up-when-i-hit-preview dept)
Hope
There will continue to be a few, deeply ethical, fully-committed patriots, who risk the sacrifice of their public reputations and even lives to disclose the abuses of the FBI, et al., to warn the citizenry.
P.S. Never enough kudos for Mr. Snowden.
P.P.S. Shame on President Obama for failing to provide a pardon for Mr. Snowden.
Those criteria look more-or-less legit to me...
“According to the training material, potential insider threats include federal employees who brag about what they know, work odd hours, travel overseas without a good reason, or ask their co-workers about classified information without a “need to know.” Workers who consume alcohol, use drugs or have “psychological conditions” may also be insider threats, as are those facing disciplinary action or job termination.”
Certainly we don’t want somebody that enjoys a glass of wine with dinner to be automatically under suspicion (I am pretty sure the information is referring to actual alchoholics), but really, these look like reasonable criteria. Working odd hours IS suspicious. Flying suddenly to a foreign country for a long weekend is not how most people take vacation. Every employee is told specifically to NOT brag about their access to information, and to NOT ask for information they don’t need. And I’m pretty sure most security professionals could tell you that disgruntled or soon-to-be-fired employees are inside threats; that’s Security 101… And, yes, many leakers do so for financial gain, and many do so for Ego.
I’m just not seeing what I’m supposed to be angry about here. It doesn’t say something like “raises concerns about illegality”, or “makes calls to media organizations”, or “too concerned about ethics.” Instead, I’m seeing a very standard list of criteria that are a starting point for basic counter-intelligence.
Re: Those criteria look more-or-less legit to me...
I don’t disagree with you, actually. I think the main concern should be more focused on them not having guidelines or programs to protect whistleblowers from retaliation; while these criteria seem somewhat reasonable (with the caveat that I believe everyone watching each other like hawks is bad for any business or organization), I think what TD’s more concerned about is that they’re unilateral, with no protections built in for whistleblowers (or normal employees who just happen to meet criteria on the list).
Another issue becomes, of course, who decides what is too much alcohol? Who decides what is a “good reason” to visit a foreign country? Who decides what constitutes “odd hours”? This is liable to result in a lot of false alarms because these sort of policies make people hyper-sensitive to any deviation from what they, personally, consider ‘the norm.’
Re: Re: You misunderstand the purpose
The purpose of these guidelines isn’t “Travel funny, get fired”, “Work odd hours, off to Guantanamo”, “Buy nice car, go to interrogation”, “Have a bender, get arrested”, etc.
Yes, triggering a bunch of these guidelines might get you investigated, especially if they are trying to find the source of a leak. But odd travel and the like are not, in and of themselves, grounds for disciplinary action.
There’s no “protections” for whistleblowers needed, because whistleblowing status (or not) isn’t part of finding where a leak originated, it’s part of deciding if you are going to be punished for it, which is not what these guidelines are about.
Re: Re: Re: You misunderstand my response!
I did say I didn’t disagree :p However, the reason why most TDians find this so rank is because there aren’t any whistleblower protections, and there don’t like like there are ever gonna BE any. I’m not saying this particular program is where they should be investigated; I’m saying that this program looks even worse IN LIGHT OF the current circumstances vis-a-vis whistleblowing.
As for your comment about the purpose of these guidelines: those things may not be their “purpose,” but it’s a decent bet they’ll be abused in that manner.
Re: Re: Re:2 "Abused" to do what though?
If one is a whistleblower, and is found out, your punishment (or not) won’t depend on how many of these guidelines you did or did not trigger. Okay, if you sold information for actual money, you are in extra-deep $hit. But “working long hours” isn’t something they can exactly include in their sentencing recommendation.
These guidelines exist to help them FIND leakers of all stripes (whether they are whistleblowers, spies, or people selling information for money), but they don’t have anything to do with the resulting consequences.
Re: Re: Re:3 "Abused" to do what though?
Abused to harass coworkers. Abused to punish employees “off the books” by harassing them, wasting their time, intimidating them. Abused to harass “undesirables” to try to drive them out and make them quit. In short: office politics.
You don’t have to be a whistleblower or a threat; you just have to have someone who doesn’t like you and is high up enough to make your life miserable.
And once again, I don’t think these guidelines, IF APPLIED PROPERLY, are bad or off base. I think most of us on TD are rigtfully pissed that this is what theyare focusingnon INSTEAD OF creating any sort of process or protections for actual whistleblowers. It shows where their priorities lie.
He did it..
He did it,
He did it,
They did it,
SOMEONE DID IT…
No, She did it..
Shut up..the DOG DID IT..
Re: He did it..
… and that’s how you end up with security vulnerabilities in the software…
So suicide then?
If mentioning that you know something makes you a threat then they should save us all the trouble and shut themselves down since they don’t want anyone with competence and thus will be completely useless.