Overhype

by Tim Cushing


Filed Under:
fbi, insider threat



FBI Insider Threat Program Documents Show How Little It Takes To Be Branded A Threat To The Agency

from the see-something-say-something-but-for-cubicles dept

Jason Leopold has obtained the FBI's training slides for its "insider threat" program. This would be the same program the FBI refused to discuss in detail with the Senate, walking out of the briefing when asked how the program would avoid sweeping up legitimate whistleblowers.

The federal government acts as though it's receptive to whistleblowing, but then undermines that sentiment with pretty much everything else it does. These insider threat programs have only become more severe after the Snowden leaks, asking federal government employees to treat normal, everyday behavior as inherently suspicious.

The Defense Department's insider threat program declared such innocuous things as visiting foreign countries and being in debt as warning signs. Worse, anything less than full support for US government policies was considered threatening behavior.

The FBI's presentation [PDF] isn't much better. FBI employees are encouraged to say something if they see something… and there are a lot of observable "somethings" on the list.

According to the training material, potential insider threats include federal employees who brag about what they know, work odd hours, travel overseas without a good reason, or ask their co-workers about classified information without a "need to know." Workers who consume alcohol, use drugs or have “psychological conditions” may also be insider threats, as are those facing disciplinary action or job termination.

[...]

Another slide says leaks occur because leakers are “disgruntled” and are motivated by “ego,” “financial gain,” and “divided loyalty.”

Some of these factors can be indicative of someone considering engaging in espionage. Unfortunately, a lot of these may also apply to whistleblowers. The FBI presentation spends a great deal of time comparing its lists of insider threat traits to those the government has successfully prosecuted but spends zero time discussing whistleblowers and their traits/motivations.

Considering the FBI's leaky status, especially in recent months, the document feels inconsistent at best. It feels like a good way for FBI employees to get rid of coworkers they don't like and a great way to foster an atmosphere of corrosive suspicion in FBI offices.

FBI employees will distrust each other, FBI officials will distrust nosy politicians… and, in a surprising revelation by Leopold, politicians will have even less reason to trust the FBI. As was noted earlier in this post, the FBI chose to walk out of a briefing rather than answer Sen. Chuck Grassley's question about whistleblower protections under the FBI's "insider threat" program. Thanks to the efforts of a media company (BuzzFeed) and a private citizen (Leopold), Grassley now has a copy of documents the Senator asked for months ago.

Grassley asked the FBI to send him its insider threat training material. He received a couple of videos and a brochure. But a spokesperson for Grassley told BuzzFeed News that the senator did not receive the training slides until BuzzFeed News sent a copy.

The documents released here don't answer Grassley's questions either. But recent history shows us the FBI is not a whistleblower-friendly agency. It seems to have no problem with very selective leaking, but isn't nearly as kind to those who use the official channels to report wrongdoing. An insider threat program like this doesn't help. Giving agents and employees sketchy reasons to distrust each other will only serve to deter whistleblowers before they even have a chance to experience the agency's unofficial retaliation program.


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • identicon
    David, 23 May 2017 @ 3:59am

    Official channels?

    It seems to have no problem with very selective leaking, but isn't nearly as kind to those who use the official channels to report wrongdoing.

    Whistleblowing by definition does not work via official channels (or we'd be talking about interagency communication rather than whistleblowing).

    If there are any official channels for whistleblowers in place, they are like door bells for sewer rats. Their purpose is to alert the housekeepers to the presence of vermin, not to facilitate the latters' objectives.

    There will be no cheese handed out.

    reply to this | link to this | view in chronology ]

    • icon
      The Wanderer (profile), 25 May 2017 @ 9:10am

      Re: Official channels?

      Well, that's not strictly true.

      If your co-workers are breaking the rules and you report on that to your boss, that's technically "blowing the whistle on" the rule-breaking - drawing attention to it so that people will realize that it's going on.

      Similarly, if your boss is breaking the rules and your report on it to his boss, that's "blowing the whistle on" the rule-breaking again. This is probably technically going outside of official channels - but if your organization has established specific channels for reporting wrongdoing, and you report wrongdoing to those channels, the fact that they're official doesn't make it any less whistleblowing.

      The problem comes in when the people you're required to report to, under the official channels, either are or are under the control/command of the people engaged in or authorizing the wrongdoing. At that point, the official channels are somewhere in the range from worthless to actually dangerous.

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 23 May 2017 @ 4:23am

    But... whistleblowers are threats... No?

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 23 May 2017 @ 4:49am

      Re:

      When your entire organization is only around to come up with false flag threats that allow for additional funding, year anything that threatens the gravy train is a threat.

      reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 23 May 2017 @ 6:10am

      Re:

      Yes - They are threats to those who lie, cheat and steal from the citizens. Think of the billionaires for a change huh, these poor unappreciated stalwarts of industry need your support in order to remove the rest of your rights, and if you resist you must be a terrorist.

      reply to this | link to this | view in chronology ]

    • icon
      Bergman (profile), 23 May 2017 @ 4:36pm

      Re:

      To a criminal, police are threats. To a criminal, anyone dialing 911 is a threat. If a kid sneaks out of the house at night his parents are a threat.

      Threat is an over-used justification that doesn't mean what most people think it means.

      The fact that someone may be a threat to you doesn't justify self defense if they are a threat to you because you are a criminal and they want to report your crimes.

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 23 May 2017 @ 4:37am

    Comey

    meets all of the criteria for being an insider threat.

    reply to this | link to this | view in chronology ]

  • icon
    ThaumaTechnician (profile), 23 May 2017 @ 4:37am

    Given the FBI's propensity to create criminals..

    See here: http://www.igpub.com/the-terror-factory/
    ...then wouldn't their attempts at classifying everything as suspicious behaviour (y'know, like did the deputy in ELVIS ELVIS RAMIREZ-TAMAYO V. THE STATE OF TEXAS - "because drug traffickers have been seen breathing, then breathing is an indicia of drug trafficking"), simply be that they're just trying to make their jobs easier by having other people do their work?

    Why attribute malice to something when laziness explains it?

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 23 May 2017 @ 4:51am

      Re: Given the FBI's propensity to create criminals..

      Because malice is what they feel for everyone not covered by their organization. We are now their enemy, and they destroy their enemies.

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 23 May 2017 @ 5:45am

    Department of Defense on debt

    Just want to point out that the DoD's policy on debt is what they term 'unsecured debt' of 10,000USD or more. That refers to debt that has gone to collections or is delinquent more than 90 days or so. It doesn't refer to just having some credit card debt you are paying slowly or a mortgage that you are current on. And you can continue to work for the DoD, you just can't get a security clearance which is not required for all jobs.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 23 May 2017 @ 7:01am

    According to the training material, potential insider threats include federal employees who brag about what they know, work odd hours, travel overseas without a good reason, or ask their co-workers about classified information without a "need to know." Workers who consume alcohol, use drugs or have “psychological conditions” may also be insider threats, as are those facing disciplinary action or job termination.

    [...]

    Another slide says leaks occur because leakers are “disgruntled” and are motivated by “ego,” “financial gain,” and “divided loyalty.”


    Good, you have just described 160,213,000 people in the United States.

    Sauce:

    https://www.bls.gov/news.release/pdf/empsit.pdf

    Now, is there ANYONE that isn't a threat to the US?












    Answer is: US, as in "us", not "you".

    reply to this | link to this | view in chronology ]

    • identicon
      David, 23 May 2017 @ 8:57am

      Re:

      There is no "us" in "US". It is pronounced "you ass!". Include the government in your brayers.

      reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 23 May 2017 @ 9:28am

      Re:

      Now, is there ANYONE that isn't a threat to the US?

      Of course. The US population is about 321,400,000, so if 160,213,000 are a threat, then 161,187,000 are not. That's slightly more than half the population right there.

      reply to this | link to this | view in chronology ]

  • icon
    Mason Wheeler (profile), 23 May 2017 @ 8:38am

    On today's episode of Techdirt Advertising Theatre...

    http://imgur.com/a/A1BVy

    (from the the-markdown-link-says-i-can-embed-images-but-they-don't-actually-show-up-when-i-hit-preview dept)

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 23 May 2017 @ 8:54am

    Hope

    There will continue to be a few, deeply ethical, fully-committed patriots, who risk the sacrifice of their public reputations and even lives to disclose the abuses of the FBI, et al., to warn the citizenry.

    P.S. Never enough kudos for Mr. Snowden.

    P.P.S. Shame on President Obama for failing to provide a pardon for Mr. Snowden.

    reply to this | link to this | view in chronology ]

  • identicon
    SirWired, 23 May 2017 @ 9:28am

    Those criteria look more-or-less legit to me...

    "According to the training material, potential insider threats include federal employees who brag about what they know, work odd hours, travel overseas without a good reason, or ask their co-workers about classified information without a "need to know." Workers who consume alcohol, use drugs or have “psychological conditions” may also be insider threats, as are those facing disciplinary action or job termination."

    Certainly we don't want somebody that enjoys a glass of wine with dinner to be automatically under suspicion (I am pretty sure the information is referring to actual alchoholics), but really, these look like reasonable criteria. Working odd hours IS suspicious. Flying suddenly to a foreign country for a long weekend is not how most people take vacation. Every employee is told specifically to NOT brag about their access to information, and to NOT ask for information they don't need. And I'm pretty sure most security professionals could tell you that disgruntled or soon-to-be-fired employees are inside threats; that's Security 101... And, yes, many leakers do so for financial gain, and many do so for Ego.

    I'm just not seeing what I'm supposed to be angry about here. It doesn't say something like "raises concerns about illegality", or "makes calls to media organizations", or "too concerned about ethics." Instead, I'm seeing a very standard list of criteria that are a starting point for basic counter-intelligence.

    reply to this | link to this | view in chronology ]

    • icon
      William Braunfeld (profile), 23 May 2017 @ 11:59am

      Re: Those criteria look more-or-less legit to me...

      I don't disagree with you, actually. I think the main concern should be more focused on them not having guidelines or programs to protect whistleblowers from retaliation; while these criteria seem somewhat reasonable (with the caveat that I believe everyone watching each other like hawks is bad for *any* business or organization), I think what TD's more concerned about is that they're unilateral, with no protections built in for whistleblowers (or normal employees who just happen to meet criteria on the list).
      Another issue becomes, of course, who decides what is too much alcohol? Who decides what is a "good reason" to visit a foreign country? Who decides what constitutes "odd hours"? This is liable to result in a lot of false alarms because these sort of policies make people hyper-sensitive to any deviation from what they, personally, consider 'the norm.'

      reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 23 May 2017 @ 12:11pm

        You misunderstand the purpose

        The purpose of these guidelines isn't "Travel funny, get fired", "Work odd hours, off to Guantanamo", "Buy nice car, go to interrogation", "Have a bender, get arrested", etc.

        Yes, triggering a bunch of these guidelines might get you investigated, especially if they are trying to find the source of a leak. But odd travel and the like are not, in and of themselves, grounds for disciplinary action.

        There's no "protections" for whistleblowers needed, because whistleblowing status (or not) isn't part of finding where a leak originated, it's part of deciding if you are going to be punished for it, which is not what these guidelines are about.

        reply to this | link to this | view in chronology ]

        • icon
          William Braunfeld (profile), 23 May 2017 @ 5:20pm

          You misunderstand my response!

          I did say I didn't disagree :p However, the reason why most TDians find this so rank is because there aren't any whistleblower protections, and there don't like like there are ever gonna BE any. I'm not saying this particular program is where they should be investigated; I'm saying that this program looks even worse IN LIGHT OF the current circumstances vis-a-vis whistleblowing.
          As for your comment about the purpose of these guidelines: those things may not be their "purpose," but it's a decent bet they'll be abused in that manner.

          reply to this | link to this | view in chronology ]

          • icon
            SirWired (profile), 24 May 2017 @ 6:46am

            "Abused" to do what though?

            If one is a whistleblower, and is found out, your punishment (or not) won't depend on how many of these guidelines you did or did not trigger. Okay, if you sold information for actual money, you are in extra-deep $hit. But "working long hours" isn't something they can exactly include in their sentencing recommendation.

            These guidelines exist to help them FIND leakers of all stripes (whether they are whistleblowers, spies, or people selling information for money), but they don't have anything to do with the resulting consequences.

            reply to this | link to this | view in chronology ]

            • icon
              William Braunfeld (profile), 24 May 2017 @ 1:18pm

              Re: "Abused" to do what though?

              Abused to harass coworkers. Abused to punish employees "off the books" by harassing them, wasting their time, intimidating them. Abused to harass "undesirables" to try to drive them out and make them quit. In short: office politics.
              You don't have to be a whistleblower or a threat; you just have to have someone who doesn't like you and is high up enough to make your life miserable.
              And once again, I don't think these guidelines, IF APPLIED PROPERLY, are bad or off base. I think most of us on TD are rigtfully pissed that this is what theyare focusingnon INSTEAD OF creating any sort of process or protections for actual whistleblowers. It shows where their priorities lie.

              reply to this | link to this | view in chronology ]

  • icon
    ECA (profile), 23 May 2017 @ 9:55am

    He did it..

    He did it,
    He did it,
    They did it,
    SOMEONE DID IT...
    No, She did it..

    Shut up..the DOG DID IT..

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 23 May 2017 @ 7:12pm

    So suicide then?

    If mentioning that you know something makes you a threat then they should save us all the trouble and shut themselves down since they don't want anyone with competence and thus will be completely useless.

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Use markdown for basic formatting. HTML is no longer supported.
  Save me a cookie
Follow Techdirt
Special Affiliate Offer
Anonymous number for texting and calling from Hushed. $25 lifetime membership, use code TECHDIRT25
Report this ad  |  Hide Techdirt ads
Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.