Dual Loyalties

My opinion on the people who shape our world

Saturday, January 08, 2005

[ISN] In Laptop Age, Security Breach Concerns Are Up (Like Martin Indyk)

[ISN] In Laptop Age, Security Breach Concerns Are Up: "Tuesday, October 3, 2000


WASHINGTON--A 14-hour plane flight ahead of him and a schedule jammed
with sensitive meetings on the other end, a senior White House
official slipped a disk filled with classified data into his laptop
computer to review en route.

A mid-level CIA officer, driving from an audience with a foreign
intelligence contact, murmured his impressions of the meeting into a
hand-held device that he later downloaded into his computer at agency

A State Department official, eager to get home and hug his new baby,
left a portable hard drive in his desktop computer instead of locking
it in the safe behind his desk.

Each of these situations really occurred, and each was a violation of
the federal government's rules for protecting classified data. And all
three illustrate a problem of increasing concern in Washington: For
U.S. officials operating in the laptop age, the pressure to make every
moment count can lead to mistakes that undermine careers and, in some
cases, put sensitive information generated by the world's most
powerful government at risk.

Take Martin S. Indyk, the U.S. ambassador to Israel. The State
Department has suspended his security clearance--and his key role in
Middle East peace talks--for suspected security violations. His crime?
He allegedly drafted classified memos on an unclassified laptop
computer during a flight and took classified documents home to prepare
for meetings.

But, although Indyk's public chastisement is highly unusual, his
alleged transgressions are not, according to current and former senior
and mid-level officials at agencies throughout the U.S. government.
With government officials traveling more than ever, competing in a
world where it is now possible to write, communicate and analyze 24
hours a day, security procedures are regularly ignored, these
authorities said.

"People knowingly violate the rules. They put the information at great
risk, especially if they do it repeatedly over a long period of time,"
said Jerry Rubino, director of security and emergency planning at the
Department of Justice.

Rubino said Justice logs dozens of internal security violations a
week, most of them minor, such as leaving sensitive documents on a
desktop overnight.

Audits conducted last year by the General Accounting Office and agency
inspectors general show that 22 of the largest federal agencies have
significant computer security weaknesses. Among the common problems
cited were poor controls over system access, data access and software

"Throughout the government, everyone's computer has the ability to
download onto disks," said a senior White House official who deals
with classified information every day. "When I write a classified
document or memo, I put it on a disk and give it to my secretary to
process," said the official, who was willing to discuss the problem
only on condition of anonymity. "We use disks. That's how documents
are moved around. And that means people can walk away with the disks.
That's a fact."

The government's defense against such security threats consists of a
hodgepodge of constantly evolving regulations, which vary
significantly from agency to agency and quickly become outmoded.
Current and former officials insisted that following the rules to the
letter would sharply limit the productivity of the people who engage
in some of government's most sensitive work.

"Let's be honest. Any foreign ambassador who is working hard and has a
lot of foreign contacts--how is he going to do his work if he doesn't
have these aids?" asked Myles Frechette, ambassador to Colombia from
1994 to 1997.

"Obviously, in the age of information, getting your information to
Washington fast is a real premium," Frechette said. "What is needed
are procedures that allow you to do your job, rather than procedures
that force you to spend your travel time reading magazines or
something. That produces mediocrity."

Ever since there were governments there have been government secrets,
and people careless enough--or motivated enough--to divulge them. But
when 70,000 pages of classified material can be downloaded on a
computer tape the size of a thin paperback novel, the risk of theft
rises exponentially.

"All high-level officials know that a laptop is not a secure system
and that they are pushing the envelope when they put sensitive
material on the laptop. But everyone does it," said Melvin Goodman,
professor of international security at the National War College and a
former senior analyst in Soviet affairs at the CIA and the State
Department. "There's too much intelligence out there and it's too easy
to pocket in this high-tech age."

The National Security Agency, the spy service charged with protecting
the U.S. government's communications and listening to those of its
foreign adversaries, is racing to develop new encryption software to
protect data on laptops and other portable computing devices.

The agency also is developing biometric technology to prevent
unauthorized access to computers. The technology verifies the identity
of a computer user by reading his fingerprints, voice or face or
scanning the retina and iris of his eye.

This kind of improvement is the information security equivalent of an
arms race.

"Don't you think the opposition has the latest technology money can
buy? Certainly, the drug cartels do," said Paul Boudreaux, technical
director in the NSA's Laboratory for Physical Sciences.

But in most agencies, nothing prevents someone from downloading
classified material onto a disk and walking out the door, or copying
classified material onto an unclassified computer.

"Currently, I'm unaware of a technology fix to that particular
problem," said a senior State Department security official who
requested anonymity.

Although each agency has its own security office and set of
regulations, enforcement mostly comes down to the honor system.

Throughout the government, officials who have access to classified
material are issued separate desktop computers for classified and
unclassified work. Classified laptops use a special software template
that designates when a document was classified and by whom.

Although security officers make unscheduled checks of offices
throughout the Pentagon and State Department, many officials leave
portable hard drives containing classified data in their computers or
sensitive files on their desks instead of locking them in safes

Even when officials are cited for security infractions, they rarely
are subjected to punishment. Infractions do go in personnel records.
But, unless there is a clear pattern of repeated violations, they
generally are ignored, security officials said.

In the wake of a series of embarrassing security lapses at the State
Department, Secretary of State Madeleine Albright has vowed to clamp
down. The department is reviewing all of its security procedures and
has tightened rules on building access. According to spokesman Andy
Koss, the department has even taken the unprecedented step of
suspending all promotions for several weeks while officials check for
security violations.

Retired State Department officials who have traditionally retained
their security clearances suddenly have been barred from entering the
building without an escort, Koss said. Many who still bank at credit
union offices located there are furious.

At some agencies, security is tighter and a higher priority than at
others. At the CIA, for example, officials submit to polygraph tests
every three to five years. But officials at other agencies with access
to the same classified material do not take polygraph tests.

Pentagon officials have started conducting spot checks of laptops
carried by some of the thousands of people who enter and leave the
building each day. They currently are drafting new security
regulations to govern the use of Palm Pilots, two-way pagers and

Pentagon officials who travel are almost always accompanied by
military aides for whom security is a top priority. The officials are
rated on attention to security issues in their promotion performance
reviews, and they know that technical violations are "career-enders,"
said Kurt Campbell, who in May left a job as a deputy assistant
Defense secretary.

"This is much more serious than driving fast on the Beltway," said Ben
Venzke, director of intelligence production at iDefense, an
intelligence computer security firm in Alexandria, Va. "Our government
is losing extremely sensitive information. . . . I don't know if
there's going to be any simple answer to it, but it's extremely

Times staff writer Paul Richter contributed to this story


CNN: U.S. ambassador to Israel stripped of security clearance - September 23, 2000

U.S. ambassador to Israel stripped of security clearance - September 23, 2000: "U.S. ambassador to Israel stripped of security clearance
September 23, 2000
Web posted at: 3:28 a.m. EDT (0728 GMT)

From Andrea Koppel
CNN State Department Correspondent

WASHINGTON (CNN) -- In an unusual move, the U.S. State Department has suspended the security clearance of U.S. Ambassador to Israel Martin Indyk -- pending the outcome of a joint State Department-FBI investigation.

State Department spokesman Richard Boucher told CNN that Indyk, a well respected U.S. diplomat was suspended September 21 "pending the outcome of an investigation into whether or not he violated Department of State security standards."

Officials say that "there is no indication of espionage" or "the compromise of intelligence information." But that Indyk may be guilty of a pattern of "possible sloppiness" with regard to the handling of intelligence information.

Albright spoke with Barak
On Friday, Secretary of State Madeleine Albright spoke with Israeli Prime Minister Ehud Barak to notify him of her decision.

The investigation started in August, prompted by an allegation "from internal sources."

Officials said the investigation was prompted by something that happened before Indyk returned to Israel in January of this year. It will be examining "how he handled classified information ... the security practices he followed and possible violations."

The State Department says it hopes the investigation will conclude as quickly as possible, but says it doesn't know how long it will run.

In the meantime Indyk, according to the State Department, remains in New York pending the outcome of the investigation.

"You can't really function without classified information," explained a senior U.S. official.

The U.S. Charge D'affaires, Paul Simons, the embassy's number two diplomat, is now the most senior U.S. official in Israel.

'No direct effect' on peace talks
This is Indyk's second tour in Israel as ambassador. He served there during U.S. President Bill Clinton's first term and returned to Washington several years ago to assume a position as assistant secretary of state.

Indyk returned to Israel in January at the request of Clinton and Barak -- in the hopes he'd be able to help accelerate peace talks between Israel and its Arab neighbors.

Officials say Ambassador Indyk's suspension should have "no direct affect on peace talks," which have been moving slowly since the Camp David peace talks ended in July.

Following a series of embarrassing security lapses at the State Department, Albright last summer insisted on a major security review and has since demanded all employees review security procedures and follow them to the letter.

Some of the most serious lapses include the discovery of a listening device planted in a 7th floor conference room, down the hall from Albright's office suite, and the arrest by the FBI of a Russian diplomat caught outside the department recording the goings-on in that conference room.

In addition, last spring, a highly classified laptop computer with "code word" data on sources and methods disappeared from ostensibly the most secure area in the department.

Ambassador Indyk is the most senior U.S. official to be accused of mishandling intelligence information.

Officials say they believe this is the first time the State Department has suspended the security clearance of one of its ambassadors.

US Ambassador Martin S. Indyk Security Clearance Suspended

AFIO Weekly Intelligence Notes #39-00 29 September 2000: "SECURITY CLEARANCE OF US AMBASSADOR TO ISRAEL PULLED -- The State Department announced on 22 September that the department had suspended the clearances of US Ambassador Martin S. Indyk until it completes an investigation of "suspected violations of security standards." The suspension bars Indyk from handling classified materials, requires him to be escorted inside the State Department building, and presumably makes it difficult for him to play his role in negotiations between Israel and the Palestinians. The Department's decision to announce suspension of his clearances came after an anonymous call to the Senate Intelligence Committee reporting that State was going to ignore security violations by the ambassador.
According to the US press, investigators are focusing on "sloppy handling of classified information" and reportedly are looking into whether Indyk took classified materials home and improperly used an unclassified laptop for a classified briefing - - a by now familiar scenario. However, an internet report attributed to a Jerusalem source indicates that the situation may be more serious. The FBI is said to be focusing on allegations that the ambassador systematically handed over US classified material to persons in Israel unauthorized to receive them. It is alleged that a recent unusual trip by CIA Director George Tenet to Israel resulted in a report concluding that the ambassador had committed serious security violations.
The context for this affair is diplomatic, political and structural. It may impact on the Administration's race for a diplomatic triumph of some sort of agreement between Israel and the Palestinians. It also could have implications for US electoral politics, but these are beyond the scope of this commentary. And lastly, it further impacts on the image and substance of the US intelligence and security structure. With leakages on all sides, the intelligence structure is obviously damaged by what has been described as a high-level environment of sustained and arrogant disdain for security for some years now, and may well be in serious danger unless the alert is sounded and the course reversed.
This may finally be underway in the State Department, as it is in Los Alamos. Security became a serious topic in the State Department after the publicity about the disappearance of a laptop computer containing top secret information, and after '98 and '99 State IG reports citing widespread failure in the Department to safeguard classified information. Thirty-two State Department employees had their security clearances revoked or suspended during the past eighteen months. The Indyk affair may well be another manifestation of this crackdown.
Indyk, 49, identified as a lobbyist for Jewish causes, with close ties to the Israeli Labor Party leadership, became a US citizen seven years ago, in January 1993, just in time to be sworn in as the senior Middle East specialist on the National Security Council (the center of the nation's national security secrets), at the start of President Clinton's administration. He was subsequently appointed Ambassador to Israel from April 1995 to October 1997, and was reappointed in 1999 at the request of Prime Minister Ehud Barak. (NY Times 23Sep00, p.A3 /C. Marquis // Wash Post 23Sep2000, p.A11 /S. Mufson;/// Israeli Web site/ Jerusalem DEBKA file: "The Indyk case -- a grave threat to the Gore campaign and US-Israel relations" 24Sep00 /// AP 25 Sep 2000) [B. Schweid]. (Jonkers)"