1 DEPARTMENT OF DEFENSE DEFENSE OFFICE OF HEARINGS AND APPEALS In the matter of: ) ) ) ISCR Case No. 06-22547 SSN: ) ) Applicant for Security Clearance ) Appearances For Government: Candace Le’i, Esquire, Department Counsel For Applicant: Tara Lee, Esquire Patrick P. Gunn, Esquire Michael Traynor, Esquire (Of Counsel) Cooley Godward Kronish LLP March 26, 2008 ______________ DECISION ______________ ROSS, Wilford H., Administrative Judge: Applicant submitted his Security Clearance Application (SF 86), on March 11, 2004 (Government Exhibit 1). On February 8, 2007, the Defense Office of Hearings and Appeals (DOHA) issued a Statement of Reasons (SOR) detailing the security concerns under Guidelines K and E concerning the Applicant. The action was taken under Executive Order 10865, Safeguarding Classified Information within Industry (February 20, 1960), as amended; Department of Defense Directive 5220.6, Defense Industrial Personnel Security Clearance Review Program (January 2, 1992), as amended (Directive), and the revised adjudicative guidelines (AG) promulgated by President Bush on December 29, 2005, and effective within the Department of Defense for SORs issued after September 1, 2006. All references are to the November 7, 2007, transcript of the proceedings.1 2 Applicant submitted an Answer to the SOR on April 12, 2007, and requested a hearing before an Administrative Judge. The case was originally assigned to another Administrative Judge on June 13, 2007. I received the case assignment on June 18, 2007. DOHA issued a notice of hearing on August 16, 2007, and hearings were held on October 2, 2007, and November 7, 2007. The Government offered Government Exhibits 1 through 13, which were received without objection. Applicant testified on his own behalf, called four additional witnesses, and submitted Applicant’s Exhibits A through P, without objection. The Pre-Hearing and Post-Hearing Briefs of the Applicant were marked Applicant’s Exhibits Q and R for Identification only. DOHA received the final transcript of the hearing on November 19, 2007. The record closed on that date. Based upon a review of the case file, pleadings, exhibits, and testimony, eligibility for access to classified information is denied. Findings of Fact The Applicant is 49, single and has a Bachelor of Science degree. He is employed by a defense contractor and seeks to retain a security clearance in connection with his employment. Guideline K - Handling Protected Information Guideline E - Personal Conduct The Applicant has worked for his employer (Company) for 20 years. He has steadily moved up the ranks, holding positions of increasing authority and responsibility. The Applicant currently works as Director of a Program. This Program is part of a major Project of the Corporation. He currently supervises 90 people who have security clearances. (Transcript at 189.) 1 The record shows that the Applicant has had ten documented security violations between 1991 and 2006. (SOR subparagraphs 1.a. through 1.j.) The Applicant admitted all of the allegations in the SOR. Those allegations so admitted are hereby deemed findings of fact. During the entire time the Applicant has been at the Company there has been a rule which allows employees on a secure floor to have classified information out of the classified container until 5:30 pm during the work week. At that time, all classified material must be returned to the container and secured for the night. The Applicant worked on the secure floor at all times relevant to this Decision. (Applicant’s Exhibit K, Transcript at 171-172 .) The Applicant testified that he had little to no independent recollection of the security violations designated2 as SOR subparagraphs 1.a. through 1.e. (Transcript at 178-179.) The Applicant testified that Mr. A was not his day to day supervisor. (Transcript at 169-170.) Mr. A did receive3 the Performance Evaluations of the Applicant, and he forwarded the Department Performance Reviews of the Applicant to the Salary Committee of the Company, during the period encompassing SOR subparagraphs 1.a. through 1.e. (Applicant’s Exhibit O at 57-137.) Accordingly, I find that he had a degree of supervisory control over the Applicant at these times. 3 Subparagraph 1.a. The Applicant’s first security violation occurred on March 22, 1991. This violation was for leaving his classified container unsecured and unattended. (Government Exhibit 10.)2 Subparagraph 1.b. The Applicant’s second security violation occurred on March 28, 1991. This violation was also for leaving his classified container unsecured and unattended. This time it was unattended for over a day. The Security Administrator wrote at the time, “[The Applicant] was obviously concerned that this was his second open container violation within a one week period, and indicated that he would ensure that his container is properly secured in the future.” This report was sent to a person in the Company’s senior leadership (Mr. A) and also to the Defense Investigative Service (DIS). (Government Exhibit 10.)3 Subparagraph 1.c. The Applicant’s third security violation occurred on October 10, 1991. This violation was for leaving his classified container unsecured and unattended for approximately 25 minutes. This report was also sent to Mr. A and the DIS. (Government Exhibit 11.) Subparagraph 1.d. The Applicant’s fourth security violation occurred on January 6, 1992. This violation was for leaving his classified container unsecured and unattended for approximately six hours. This report was also sent to Mr. A and the DIS. (Government Exhibit 12.) This report states as follows: After discussing this violation with the Director of Security, [the Applicant’s] Corporate Research Manager and Administrative Services Manager, the following additional security procedures are to be applied to [the Applicant’s] classified container usage. [The Applicant] will 1) secure all classified material and his container each time he leaves his office for any reason and 2), display a “Security Container Check Sheet” on his container at all times, which he must initial and annotate with the date and time of each opening and closing of the container. [The Applicant’s] container will also be checked at the end of each day by a department secretary or by Security appointed personnel who will initial the “Security Container Check Sheet” and annotate the date and time that it was checked. If [the Applicant] leaves after the evening check, he will contact the Sergeant on duty who will check [the Applicant’s] container prior to [the Applicant’s] departure. [The Applicant] was obviously concerned See, Applicant’s sworn statement of March 13, 1992, for a further discussion of his first four security4 violations. (Government Exhibit 3.) 4 about this violation and indicated he will ensure in the future that his container is properly secured.4 The Applicant admits that he did not follow all of these requirements strictly, if at all. He stated that he wanted to take care of the problem himself and that he did not want to impose on others because he was working long hours at that time. (Transcript at 196-198.) Subparagraph 1.e. The Applicant’s fifth security violation occurred on January 13, 1993. This violation was for leaving his classified container open, a Secret disk on his desk, and a Secret diskpack in his computer, all unsecured and unattended for two hours and 50 minutes. There were 81 unsecured classified items in his office at the time of this violation. Mr. A was sent an email by the Security Department concerning this security violation. This email indicates that the Applicant “was reminded of the seriousness of the situation with respect to repeated security violations.” The Applicant was also reminded by the security department of the requirements established after his last security violation. He was also told that, despite the fact this was his fifth security violation in 22 months, DIS would not be sent a report. He was also told that “any further breaches of security would have to be reported to the government with the resultant possibility of a formal investigation to determine his eligibility for continued access to classified information.” (Government Exhibit 13.) The Applicant went several years without a reported security violation. From late 1998 to December 1999, the Applicant worked for the Company in a foreign country. Subparagraph 1.f. The Applicant’s sixth security violation occurred on December 27, 1999. This violation was for leaving his classified container unsecured and unattended. (Government Exhibit 2 at page 1.) The Applicant testified that this violation occurred the first day he returned to work after a year in a foreign country. He further stated that he did not have an end of day security procedure in place and that is why the violation occurred. (Transcript at 174-175.) The Applicant was interviewed by the DIS on January 16, 2002. This interview mentions all six of the Applicant’s security violations as of that date. The Applicant said, “I am very careful about handling classified information, and . . . I do not see any problem with me safeguarding classified information in the future.” (Government Exhibit 2 at 1.) Subparagraph 1.g. The Applicant’s seventh security violation occurred on July 21, 2003. This violation was for leaving his classified container unsecured and unattended for approximately 40 minutes. (Government Exhibit 6.) The Applicant The Defense Security Service is the successor agency to the Defense Investigative Service.5 5 testified that, during this period, his parents’ health was declining and he occasionally had to rush out of the office to assist his parents. (Transcript at 175-176.) Subparagraph 1.h. The Applicant’s eighth security violation occurred on December 3, 2003. This violation was for leaving 16 pages of a classified rough draft unsecured and unattended for 45 minutes. This report was sent to the Defense Security Service (DSS) (Government Exhibit 7.) The Applicant stated that this5 particular event happened because his mother, who was suffering from Alzheimer’s Disease, had attacked her care giver with a knife and he had to rush to his parents’ home. (Transcript at 175-176.) Subparagraph 1.i. The Applicant’s ninth security violation occurred on October 12, 2005. This violation was for leaving his classified container unsecured and unattended for approximately five hours. The Applicant once again stated to the Company security department that “he fully understands the importance of protecting classified information as well as the rules and regulations put in place to protect that same information.” (Government Exhibit 5.) The Applicant’s direct supervisor at that time (Ms. B) was also notified of this violation. (Applicant’s Exhibit F at 3.) Subparagraph 1.j. The Applicant’s tenth security violation occurred on May 16, 2006. This violation was for leaving his classified container unsecured and unattended. Ms. B was notified of this violation. (Applicant’s Exhibit F at 3-4.) The Applicant was again notified of his security responsibilities and, again, the Applicant indicated “that he fully understands the importance of protecting classified information as well as the rules and regulations put in place to protect that information.” In addition, once again, arrangements were to be made to have the Applicant’s assistant or other colleague double check his container each evening to make sure it was locked. Finally, the Company Facility Security Officer met with the Applicant and Ms. B “to further reinforce his need for increased diligence regarding the protection of classified information.” (Government Exhibit 4.) The Applicant received the SOR on or about February 13, 2007. At that time, in order to avoid any further security violations, he had all the classified material removed from his office and placed in an Open Storage Facility (OSF) within the Company’s headquarters. In this OSF the Applicant can have unfettered access to classified information without having to worry about his securing the material at the end of the work day. The material is actually in the custody of other people and the entire OSF is the equivalent of a classified container. (Transcript at 182-183, 212-213.) Mitigation The Applicant made several arguments about why the number of his security violations does not mean he has a lax attitude about security. First, he argues that he did not properly understand the importance of all of the security requirements, but now he does. He testified that he expected there to be a step by step violation process. He See also Transcript at 83.6 See also the Applicant’s testimony at 183-184, and that of Mr. E at 228-229, for support of this attitude.7 6 fully expected there to be oral warnings or other Company sanctions before his security clearance became endangered. He further, incorrectly, understood that after a certain amount of time his violations would no longer count. The Applicant indicated that he believed the cumulative number of his security violations would not have an impact on his security worthiness. (Transcript at 205-207.) The Applicant further testified that not6 until 2006 did he believe that he was in trouble. Even then, it was not until he received the SOR that he realized the seriousness of the situation. (Transcript at 179-180.) Second, the Applicant and his witnesses argued that the Company’s earlier attitude towards this type of security violation was not as strict as it could be. The Executive Vice President of the Company testified (Mr. C). He discussed how the Company used to view each security violation discretely, not recognizing troubling patterns like the Applicant’s. He further stated that the Company has hired a new Director of Security, who is tasked with correcting the problems the Applicant’s case has uncovered. (Applicant’s Exhibit B, Transcript at 57-61.) The new Company Director of Security (Mr. D) provided in-depth testimony, in addition to a written statement (Applicant’s Exhibit N), about how he believes the corporate security environment at the Company has changed because of the Applicant’s case. He particularly believed that much of what happened with the Applicant occurred because security violations were not seen as a performance issue with the Applicant, in that his rating was not effected by his security violations. The policies were clear cut, but the follow-up by management was not always there. He believes that attitude has now changed. (Applicant’s Exhibit P; Transcript at 86-95, 101-103, 135-138.) He further testified that the Company was somewhat inconsistent in their reporting to DIS and DSS of the Applicant’s security violations. (Transcript at 153- 154.) Ms. B, the Project Vice President and Applicant’s second level supervisor from 1997 until 2006, provided a written statement. In that statement she says: I believed, based on my training and observations at [the Company] that failing to properly spin the dial on a safe in a secure and access- controlled facility was, in the scheme of things, a relatively minor, but not unimportant, issue which would only be reported to DSS in the event there was some kind of “trip wire” that would trigger such reporting. (Applicant’s Exhibit F at 3.)7 The Applicant’s first line supervisor from 2003 to 2006 (Mr. E) provided a written statement (Applicant’s Exhibit G) and testified. In broad terms his testimony corresponded with that of the other witnesses. In particular, he describes the difference in attitude between security violations on the cleared floor and those in open areas. See also Applicant’s curriculum vitae, Applicant’s Exhibit D.8 See also Applicant’s Exhibits J and M.9 7 (Transcript at 240-242.) He also discussed occasions where the Applicant would closely follow onerous security regulations. (Transcript at 230-232.) The current Vice President of the Project (Mr. F) also provided a written statement (Applicant’s Exhibit H) and testified. He also believed that the seriousness of the situation was not properly brought to the attention of the Applicant, and that had a serious impact on the Applicant’s actions. (Transcript at 259-260, 282-283.) Third, the Applicant and his witnesses made much of the fact that the Applicant’s violations occurred in his office, which is on a cleared floor with restricted access. In other words, the possibility of any classified material being compromised was very slight. (Applicant’s Exhibit K.) In addition to evidence concerning mitigation of the Applicant’s security violations, there was considerable testimony and evidence about the Applicant’s general good character and importance to the defense industry. His performance evaluations (Applicant’s Exhibit O) show an individual of intelligence and talent moving up the corporate ladder. He provided a letter of support from a senior uniformed leader of one8 of the Armed Forces (Applicant’s Exhibit I). The senior leadership of the Company provided laudatory written statements and/or testimony concerning the Applicant. Mr. C testified about the Applicant’s receiving a President’s Award at the Company and his general importance to the Company. (Transcript at 42-47.) Mr. E finds the Applicant to be “one of the most trustworthy and steady . . . steadfast people that I’ve worked with at [the Company].” (Transcript at 224-225.) Mr. F testified that the Applicant is the person he turns to when his Project needs quick, reliable answers. (Transcript at 258.)9 Policies Security clearance decisions are not made in a vacuum. When evaluating an Applicant’s suitability for a security clearance, the Administrative Judge must consider the revised adjudicative guidelines (AG). In addition to brief introductory explanations for each guideline, the adjudicative guidelines list potentially disqualifying conditions and mitigating conditions, which are useful in evaluating an Applicant’s eligibility for access to classified information. These guidelines are not inflexible rules of law. Instead, recognizing the complexities of human behavior, these guidelines are applied in conjunction with the factors listed in the adjudicative process. The Administrative Judge’s over-arching adjudicative goal is a fair, impartial and common sense decision. According to AG ¶ 2(c), the entire process is a conscientious scrutiny of a number of variables known as 8 the “whole person concept.” The Administrative Judge must consider all available, reliable information about the person, past and present, favorable and unfavorable, in making a decision. In addition, the Administrative Judge may also rely on his own common sense, as well as his knowledge of the law, human nature, and the ways of the world, in making a reasoned decision. The protection of the national security is the paramount consideration. AG ¶ 2(b) requires that “[a]ny doubt concerning personnel being considered for access to classified information will be resolved in favor of national security.” In reaching this decision, I have drawn only those conclusions that are reasonable, logical and based on the evidence contained in the record. Likewise, I have avoided drawing inferences grounded on mere speculation or conjecture. Under Directive ¶ E3.1.14, the Government must present evidence to establish controverted facts alleged in the SOR. Under Directive ¶ E3.1.15, the Applicant is responsible for presenting “witnesses and other evidence to rebut, explain, extenuate, or mitigate facts admitted by applicant or proven by Department Counsel. . . .” The Applicant has the ultimate burden of persuasion as to obtaining a favorable security decision. A person who seeks access to classified information enters into a fiduciary relationship with the Government predicated upon trust and confidence. This relationship transcends normal duty hours and endures throughout off-duty hours. The Government reposes a high degree of trust and confidence in individuals to whom it grants access to classified information. Security clearance decisions include, by necessity, consideration of the possible risk that the Applicant may deliberately or inadvertently fail to protect or safeguard classified information. Such decisions entail a certain degree of legally permissible extrapolation as to potential, rather than actual, risk of compromise of classified information. Finally, as emphasized by President Eisenhower in Section 7 of Executive Order 10865, “Any determination under this order . . . shall be a determination in terms of the national interest and shall in no sense be a determination as to the loyalty of the applicant concerned.” See also EO 12968, Section 3.1(b) (listing multiple prerequisites for access to classified or sensitive information). Analysis Guideline K - Handling Protected Information Guideline E - Personal Conduct The security concern relating to the guideline for Handling Protected Information is set out in AG & 33: Deliberate or negligent failure to comply with rules and regulations for protecting classified or other sensitive information raises doubt about 9 an individual’s trustworthiness, judgment, reliability, or willingness and ability to safeguard such information, and is a serious security concern. (Emphasis supplied.) The security concern relating to Personal Conduct is set out in AG ¶ 15: Conduct involving questionable judgment, lack of candor, dishonesty or unwillingness to comply with rules or regulations can raise questions about an individual’s reliability, trustworthiness and ability to protect classified information. The Applicant has ten security violations over a period of 17 years, the first being in 1991 and the last being in 2006. I find that the following disqualifying conditions apply to this case under Guideline K: 34.(g) any failure to comply with rules for the protection of classified or other sensitive information and 34.(h) negligence or lax security habits that persist despite counseling by management. There are two mitigating conditions that arguably apply to the Applicant’s conduct under Guideline K. They are 35.(b) the individual responded favorably to counseling or remedial security training and now demonstrates a positive attitude toward the discharge of security responsibilities and 35.(c) the security violations were due to improper or inadequate training. Concerning cases such as this, the DOHA Appeal Board has stated, “A person who has committed security violations has a very heavy burden of demonstrating that they should be entrusted with classified information. Because security violations strike at the heart of the industrial security program, an Administrative Judge must give any claims of reform and rehabilitation strict scrutiny.” (ISCR Case No. 00-0030 (Appeal Board, September 20, 2001).) In the same case, the Appeal Board further says that the Government has a compelling interest in protecting classified information from disclosure to unauthorized persons, regardless of whether the disclosure is the result of deliberate or negligent conduct This same history of security violations arguably brings into play disqualifying condition 16.(d) under Guideline E: credible adverse information that is not explicitly covered under any other guideline and may not be sufficient by itself for an adverse determination, but which, when combined with all available information supports a whole-person assessment of questionable judgment, untrustworthiness, unreliability, lack of candor, unwillingness to comply with rules and regulations, or other characteristics indicating that the person may not properly safeguard protected information. This includes but is not limited to consideration of: . . . (3) a pattern of dishonesty or rule violations. The following mitigating condition under Guideline E arguably applies to his conduct: 17.(c) the offense is so minor, or so much time has passed, or the behavior is so infrequent, or it happened under such unique circumstances that it is unlikely to recur For purposes of this Decision, I am viewing the term “offense” as including the security violations of the10 Applicant. No criminal or dishonest conduct is implied to the Applicant in the use of this term. 10 and does not cast doubt on the individual’s reliability, trustworthiness, or good judgment.10 Stripped to its essence, the Applicant’s argument, supported by the management of the Company, is that it is primarily the Company’s fault that the Applicant’s security clearance is in jeopardy. The theory is that, even though the security system worked, in the main, as it was supposed to, the Applicant did not completely understand how important it is to follow every security rule. The evidence is clear that the Applicant knew the rules but felt he could ignore them because, in his opinion, the possibility of improper release of classified information was low. That decision was not his to make. The line between corporate and individual responsibility in a case such as this is blurry at best. However, there comes a point when an individual must be held responsible for his actions. The fact is the Applicant’s ten security violations were not “inadvertent,” but the result of a personal attitude, which he admits having, that “people didn’t take the spinning the dial thing seriously.” (Transcript at 183.) That attitude, and excuse, may work for the first one or two security violations, but the record shows ten violations. Security personnel talked to the Applicant and, almost every time, he was described as being contrite, remorseful, concerned and repeatedly stated that he knew his security responsibilities and would fulfill them. (Applicant’s Exhibit L at 1.) Yet, every time, he committed another violation. It is very difficult, if not impossible, to say that the Applicant has responded favorably to counseling or remedial security training when, by his own admission, it took receipt of the SOR to get the point across. Based on the state of the record, I cannot find that mitigating condition 35.(b) applies. Certainly, the attitude of the senior leadership of the Company towards security before the hiring of the new Director of Security is troubling. By their attitude, they effectively were undercutting the work of their own security staff by downplaying or ignoring the repeated security violations of the Applicant. However, the security staff did their job by repeatedly reminding him of his responsibilities and, on at least two occasions, changing the procedures the Applicant was to follow. In addition, there is evidence that the Applicant knew security rules well and could be strict in applying their often onerous requirements when he felt like it. Once again, corporate culpability can only go so far. Based on the state of the record, I do not find that his security violations were the result of improper or inadequate training as set forth in mitigating condition 35.(c). The Applicant states that he has changed his attitude about security and violations like this will never happen again. Part of the reason is that he has had his security containers removed from his office and put into an OSF. This action handles a symptom of the problem, but not the underlying cause. The underlying cause, as I have discussed above, is his attitude of almost 20 years that he knows best when it comes to 11 which security rules he will follow. I must be convinced that the Applicant has truly changed his ways and will show good judgment, reliability and trustworthiness with regards to all of his security responsibilities in the future. I am not so convinced. I find against the Applicant with regards to Guideline K. He is not currently eligible for a security clearance. Turning next to Paragraph 2. As stated above, I find that the Applicant’s conduct is cognizable under Guideline K. Given that finding, Guideline E as alleged does not apply to the facts of this case. Accordingly, that Guideline is found for the Applicant. Whole Person Concept Under the whole person concept, the Administrative Judge must evaluate an Applicant’s eligibility for a security clearance by considering the totality of the Applicant’s conduct and all the circumstances. The Administrative Judge should consider the nine adjudicative process factors listed at AG ¶ 2(a): “(1) the nature, extent, and seriousness of the conduct; (2) the circumstances surrounding the conduct, to include knowledgeable participation; (3) the frequency and recency of the conduct; (4) the individual’s age and maturity at the time of the conduct; (5) extent to which participation is voluntary; (6) the presence or absence of rehabilitation and other permanent behavioral changes; (7) the motivation for the conduct; (8) the potential for pressure, coercion, exploitation, or duress; and (9) the likelihood of continuation or recurrence.” Under AG ¶ 2(c), the ultimate determination of whether to grant eligibility for a security clearance must be an overall commonsense judgment based upon careful consideration of the guidelines and the whole person concept. I considered the potentially disqualifying and mitigating conditions in light of all the facts and circumstances surrounding this case. The Applicant is a hard-working, highly respected, and valuable member of the defense industry. I have carefully considered all the potential mitigating evidence in this case, including the laudatory personal opinions of his superiors at the Company and in the Armed Forces. The Applicant, over a period of years, repeatedly violated security rules which the vast majority of the people with security clearances obey without thought. His conduct was very serious. The argument that his violations are somehow lessened because, assuming everyone else did their jobs, there was no possibility of compromise is rejected. His conduct was recent and frequent, the last violation of the ten being in 2006. Based on the current state of the record, I cannot find that there is the presence of rehabilitation and other permanent behavioral changes. Finally, even though he no longer has classified information in his office, I cannot find that there is no likelihood of continuation or recurrence. Overall, the record evidence leaves me with questions and/or doubts as to Applicant’s eligibility and suitability for a security clearance. For all these reasons, I conclude the Applicant has not mitigated the security concerns arising from his history of security violations. 12 On balance, it is concluded that the Applicant has not successfully overcome the Government's case opposing his request for a DoD security clearance. Accordingly, the evidence supports a finding against the Applicant as to the factual and conclusionary allegations expressed in Paragraph 1 of the Government's Statement of Reasons. As stated above, Paragraph 2 is found for the Applicant. Formal Findings Formal findings for or against Applicant on the allegations set forth in the SOR, as required by section E3.1.25 of Enclosure 3 of the Directive, are: Paragraph 1, Guideline K: AGAINST THE APPLICANT Subparagraphs 1.a through 1.j.: Against the Applicant Paragraph 2, Guideline E: FOR THE APPLICANT Subparagraph 2.a: For the Applicant Conclusion In light of all of the circumstances presented by the record in this case, it is not clearly consistent with the national interest to grant Applicant eligibility for a security clearance. Eligibility for access to classified information is denied. _________________ WILFORD H. ROSS Administrative Judge