1 DEPARTMENT OF DEFENSE DEFENSE OFFICE OF HEARINGS AND APPEALS In the matter of: ) ) ) ISCR Case No. 16-00888 ) ) Applicant for Security Clearance ) Appearances For Government: Andrea Corrales, Esq., Department Counsel For: Applicant: Brian E. Kaveney, Esq. ______________ Decision ______________ COACHER, Robert E., Administrative Judge: Applicant mitigated the security concerns under Guideline K, handling protected information. Applicant’s eligibility for a security clearance is granted. Statement of the Case On July 8, 2016, the Department of Defense (DOD) issued Applicant a Statement of Reasons (SOR) detailing security concerns under Guideline K, handling protected information, and Guideline E, personal conduct. The DOD acted under Executive Order (EO) 10865, Safeguarding Classified Information within Industry (February 20, 1960), as amended; DOD Directive 5220.6, Defense Industrial Personnel Security Clearance Review Program (January 2, 1992), as amended (Directive); and the adjudicative guidelines (AG), effective within the DOD after September 1, 2006. 2 Applicant answered the SOR on July 26, 2016, and requested a hearing before an administrative judge. The case was assigned to me on September 28, 2016. The Defense Office of Hearings and Appeals (DOHA) issued a notice of hearing on December 13, 2016, with a hearing date of January 12, 2017. The hearing was held as scheduled. The Government offered exhibits (GE) 1 through 4, which were admitted into the record without objection. Applicant and two witnesses testified. Applicant offered exhibits (AE) A through T, which were admitted with no objection. DOHA received the hearing transcript (Tr.) on January 25, 2017. Procedural Ruling Department Counsel moved to withdraw SOR ¶ 2.a. Applicant did not oppose the motion and I granted the same. My formal findings will reflect that the allegation was withdrawn.1 Findings of Fact In Applicant’s answer, he denied SOR ¶ 1.a, admitted SOR ¶¶ 1.b and 1.c, and offered explanations for each allegation. After a thorough and careful review of the pleadings, testimony, and exhibits, I make the following findings of fact. Applicant is 58 years old. He is married and has two adult children. He has worked for his current employer, a defense contractor for 34 years. He is a senior engineer. He has held a security clearance since 1991. He has a master’s degree.2 The allegations are relatively straightforward and the facts are not in dispute. The SOR cites three separate security lapses. The first occurred in December 2011 when Applicant was tasked to prepare and send to his supervisor (located off- site) an unclassified presentation derived from classified material. Time was of the essence, so Applicant prepared an unclassified presentation in approximately 1.5 hours, which normally would have taken approximately 4-8 hours to prepare. Applicant checked the material that he was going to send to his supervisor to insure it only contained unclassified information. He gave the 50-page document to a coworker to scan and email because his scanner was not working. The coworker noticed one document with classified markings just as it went through the scanner. The scanner and supporting computers were immediately shut down and turned off. Applicant accepted responsibility immediately for missing the classified page and told his coworker to call security. All affected hardware was sanitized. Applicant was issued a type-II security violation (inadvertent). He did not receive any remedial training 1 Tr. at 9. 2 Tr. at 19-21; GE 1; AE B. 3 because of this incident.3 The second incident occurred in May 2012 when Applicant walked into the secure lab where he works with a cell phone in his coat pocket. He did not realize at the time he entered that he still had his cell phone. While he was working, the phone rang and he immediately took the phone out of the secure area and notified security. He did not answer the phone while in the secure area. No classified information was compromised. An investigation was conducted and Applicant was issued a type-II security violation (inadvertent). He did not receive any remedial training as a result of this incident. While accepting full responsibility for the incident, Applicant pointed out he was suffering from sleep apnea which affected his ability to sleep. He produced medical records supporting this medical condition. He now has his sleep apnea under control resulting in higher quality sleep for him. He also had some personal issues affecting him at the time, including his mother’s death and his sister’s cancer diagnosis. These all may have played a role in causing his inattentiveness at the time. To insure that he will not take his cell phone into the secure lab in the future, he always walks into the building with his cell phone in his hand so he is reminded to place it in a locker before entering the secure lab.4 In January 2015, the third security incident occurred. Applicant was tasked to prepare an unclassified document for his supervisor. In preparing the document, Applicant used several pieces of unclassified information. After reviewing the information, he prepared charts and emailed them to his supervisor. Later that day, while sitting in a meeting where other classified information was discussed, Applicant realized that classified information could be derived from the separate unclassified pieces of information that he had prepared earlier. He then self-reported his security violation. The information was contained and all affected computer systems were sanitized. An investigation ensued and Applicant was issued a type-II security violation (inadvertent). He was required to attend remedial security training.5 Applicant successfully completed the following security related training courses: 1. Classified Information Systems User Briefing (Feb 2015); 2. IT Information Security Awareness (Feb 2015); 3. DOD Annual Security Refresher Briefing (September 2015); 4. Derivative Classifier (November 2015); 5. Restricted Party Screening (December 2015); 6. Jurisdiction and Classification (December 2015). He received additional training throughout 2016. Applicant’s position requires him to be exposed to classified information on a daily basis. To further insure he complies with all security requirements, he self-imposed extra security measures that he takes when dealing with 3 Tr. at 27-32; GE 4; AE B. 4 Tr. at 33-37; GE 3; AE B. 5 Tr. at 38-39; GE 2; AE B. 4 classified information. Those measure are: 1. He requests peer reviews of his security markings whenever he generates technical information containing classified information; 2. He does not remove any media (printed documents, electronic files, discs, etc.) from any classified information system. He tasks other subordinates to do so; 3. He mandates a “security pause” on himself whenever he is dealing with classified information. He stops what he is doing and asks himself a series of security questions to verify that he is in compliance with all security requirements. Since imposing these requirements on himself, he has had no additional security incidents in over two years. Management is fully supportive of Applicant’s self-imposed security requirements.6 Applicant did not attempt to deflect or avoid responsibility for these security lapses. He accepted full responsibility and recognized his mistakes. It was clear from Applicant’s demeanor that he was extremely disappointed in himself and remorseful. He credibly stated that he takes security matters very seriously. To support his statement he provided a “statement of intent,” which details his taking responsibility for the three security incidents, outlines his personal security procedures, and acknowledges that any future incident could result in the revocation of his security clearance.7 Applicant is an outstanding employee as reflected by the numerous awards and accolades he received over the years. He was the recipient of his company’s prestigious President’s Award in 2008. He has received numerous other individual and team awards over the years for his engineering contributions.8 Applicant’s company’s chief engineer, who is responsible for 1,300 employees and approximately $2 billion worth of business, testified and provided a written statement on behalf of Applicant. He was fully aware of the three security incidents that form the SOR. He was asked why he was not concerned about Applicant having any future security incidents and his response was: It all comes down to his response. At the state when each occurred, that he recognized what had happened and he self-reported himself, and then it continues forward into the corrective actions that he's put in place to prevent those from occurring in the future. One, by contacting and working with a security professional and then two, in establishing from his personal process as to how he is going to do business differently to get peer reviews, most importantly to me, to take a pause and make sure that whatever time is needed is taken to get it done right. And then thirdly, to 6 Tr. at 40-43, 51, 54, 72; AE B, G. 7 Tr. at 25; AE B, H. 8 Tr. at 21-23; AE E. 5 make more use of those around him in getting media prepared. I see that those actions correct the root cause of what was behind the ’11, the ’12, and the '15 incidents. He was then asked if he saw any pattern to the three incidents and his response was: I'll start with the 2012 incident which is where he had the cell phone that was left in his pocket. That is not a technical issue at all. That is an issue of where it was a mistake and he left his cell phone in his jacket when he entered a classified area. He self-reported it. When you look at 2011, the piece of information that was left in those scanned areas was clearly listed as classified, so that was a mistake. That was a miss on his part. 2015 falls into an area that's very interesting for us in my product line, especially on SM-3 [a program] where basically you had piece of information A is unclassified. Piece of information B is unclassified. But when you put them on the same page or within the same document, a smart person can take A and B and derive C, which is classified. That's very difficult to discern and it becomes even more complicated on SM-3 because I talk to my security professional about this routinely. On any contract on SM-3, there is no less than ten classification guides that define what is classified. And at times, some of those overlap and conflict slightly, which makes taking that derivation conclusion even more difficult to do. But in this case, Sam did it; albeit, it was not when the document was created. And he recognized it. That's hard. He was asked if he believed Applicant was taking positives from the incidents and he responded: I think Sam's overall attitude is appropriate for where we are. He is remorseful and regrets the incidents that he had. And his response is appropriate to that where he basically went out and reached out to take corrective action not only to repair what had immediately occurred but then to get the right people in the room and understand how do I avoid repeating this, and then putting that into place and actually practicing it. And I think he practices it routinely to make sure that what has occurred will not happen again. He further stated that he had absolute trust in Applicant and that Applicant’s integrity had grown even greater in the witness’s mind because of how he reacted during the incidents. He stated: So to me, integrity means that you have a set of values, that you say this is what I believe, and then integrity comes along and says you know what, I will stand by those values, regardless of what it means to me personally, 6 whether it's good or bad. And when I look at these incidents and I see someone who takes his security that seriously, that on every time it's occurred, he continues to self-report himself, regardless of the fact that it means something bad towards him, but he still does it. I think his integrity is extremely high. I need those people on my programs.9 A coworker testified and provided a statement expressing similar opinions about Applicant. She further added that she witnessed Applicant implement his self-imposed security procedures by seeking peer reviews of his classified work product to insure security compliance.10 Seven other coworkers and a personal friend provided statements in support of Applicant. All the coworkers expressed the same themes: Applicant had taken responsibility for his actions and had implemented preventative measures to preclude future occurrences. Applicant is described as a man of honesty and integrity and they all fully support that he retain his clearance.11 Policies When evaluating an applicant’s suitability for a security clearance, the administrative judge must consider the adjudicative guidelines. In addition to brief introductory explanations for each guideline, the adjudicative guidelines list potentially disqualifying conditions and mitigating conditions, which are used in evaluating an applicant’s eligibility for access to classified information. These guidelines are not inflexible rules of law. Instead, recognizing the complexities of human behavior, these guidelines are applied in conjunction with the factors listed in the adjudicative process. The administrative judge’s overarching adjudicative goal is a fair, impartial, and commonsense decision. According to AG ¶ 2(c), the entire process is a conscientious scrutiny of a number of variables known as the “whole-person concept.” The administrative judge must consider all available, reliable information about the person, past and present, favorable and unfavorable, in making a decision. The protection of the national security is the paramount consideration. AG ¶ 2(b) requires that “[a]ny doubt concerning personnel being considered for access to classified information will be resolved in favor of national security.” In reaching this 9 Tr. at 75-89; AE Q-R. 10 Tr. at 98-99; AE S-T. 11 AE I-P. 7 decision, I have drawn only those conclusions that are reasonable, logical, and based on the evidence contained in the record. Under Directive ¶ E3.1.14, the Government must present evidence to establish controverted facts alleged in the SOR. Under Directive ¶ E3.1.15, an “applicant is responsible for presenting witnesses and other evidence to rebut, explain, extenuate, or mitigate facts admitted by applicant or proven by Department Counsel, and has the ultimate burden of persuasion to obtain a favorable security decision.” A person who seeks access to classified information enters into a fiduciary relationship with the Government predicated upon trust and confidence. This relationship transcends normal duty hours and endures throughout off-duty hours. The Government reposes a high degree of trust and confidence in individuals to whom it grants access to classified information. Decisions include, by necessity, consideration of the possible risk that an applicant may deliberately or inadvertently fail to safeguard classified information. Such decisions entail a certain degree of legally permissible extrapolation as to potential, rather than actual, risk of compromise of classified information. Section 7 of EO 10865 provides that decisions shall be “in terms of the national interest and shall in no sense be a determination as to the loyalty of the applicant concerned.” See also EO 12968, Section 3.1(b) (listing multiple prerequisites for access to classified or sensitive information). Analysis Guideline K, Handling Protected Information AG ¶ 33 expresses the security concern pertaining to handling protected information: Deliberate or negligent failure to comply with rules and regulations for protecting classified or other sensitive information raises doubt about an individual's trustworthiness, judgment, reliability, or willingness and ability to safeguard such information, and is a serious security concern. I have considered all the handling protected information disqualifying conditions under AG ¶ 34 and determined the following apply: (a) deliberate or negligent disclosure of classified or other protected information to unauthorized persons, including but not limited to personal or business contacts, to the media, or to persons present at seminars, meetings, or conferences; 8 (c) loading, drafting, editing, modifying, storing, transmitting, or otherwise handling classified reports, data, or other information on any unapproved equipment including but not limited to any typewriter, word processor, or computer hardware, software, drive, system, gameboard, handheld, "palm" or pocket device or other adjunct equipment; (g) any failure to comply with rules for the protection of classified or other sensitive information; and (h) negligence or lax security habits that persist despite counseling by management. Applicant failed to comply with proper procedures as outlined in the SOR allegations. AG ¶¶ 34(a), 34(c), 34(g), and 34(h) apply. All the mitigating conditions for handling protected information under AG ¶ 35 were considered and the following were found relevant under these circumstances: (a) so much time has elapsed since the behavior, or it has happened so infrequently or under such unusual circumstances, that it is unlikely to recur and does not cast doubt on the individual's current reliability, trustworthiness, or good judgment; (b) the individual responded favorably to counseling or remedial security training and now demonstrates a positive attitude toward the discharge of security responsibilities. Applicant’s actions can be considered remote since he has held a security clearance for 27 years, is exposed to classified information every day, but has had three security incidents in 2011, 2012, and 2015. He has not experienced another security issue since that time. His actions were inadvertent. He accepted responsibility for his actions and took appropriate corrective measures. He participated in security training courses and implemented a personal security plan, with the consent of management, to prevent future occurrences. Management and his coworkers still have complete confidence in his ability to safeguard classified information. He provided persuasive evidence to show that sufficient time has passed since the incidents, that any security issues are unlikely to recur, and that his current reliability, trustworthiness, and good judgment are not in doubt. AG ¶¶ 35(a) and 35(b) apply. Whole-Person Concept Under the whole-person concept, the administrative judge must evaluate an applicant’s eligibility for a security clearance by considering the totality of the applicant’s 9 conduct and all the circumstances. The administrative judge should consider the nine adjudicative process factors listed at AG ¶ 2(a): (1) the nature, extent, and seriousness of the conduct; (2) the circumstances surrounding the conduct, to include knowledgeable participation; (3) the frequency and recency of the conduct; (4) the individual’s age and maturity at the time of the conduct; (5) the extent to which participation is voluntary; (6) the presence or absence of rehabilitation and other permanent behavioral changes; (7) the motivation for the conduct; (8) the potential for pressure, coercion, exploitation, or duress; and (9) the likelihood of continuation or recurrence. Under AG ¶ 2(c), the ultimate determination of whether to grant eligibility for a security clearance must be an overall commonsense judgment based upon careful consideration of the guidelines and the whole-person concept. I considered the potentially disqualifying and mitigating conditions in light of all the facts and circumstances surrounding this case. I considered that Applicant’s last security incident occurred in 2015 without recurrence. I considered the circumstances surrounding each incident. I also considered that he admitted his mistakes and showed initiative in implementing a self-correction plan, which demonstrates his permanent behavior changes toward security issues and the unlikely chance of recurrence. Applicant met his burden and provided sufficient evidence to mitigate the security concerns. Overall the record evidence leaves me without questions or doubts about Applicant’s eligibility and suitability for a security clearance. For all these reasons, I conclude Applicant mitigated the security concerns arising under Guideline K. Formal Findings Formal findings for or against Applicant on the allegations set forth in the SOR, as required by section E3.1.25 of Enclosure 3 of the Directive, are: Paragraph 1, Guideline K: FOR APPLICANT Subparagraphs 1.a-1.c: For Applicant Paragraph 2, Guideline E: WITHDRAWN Subparagraph 2.a: Withdrawn 10 Conclusion In light of all of the circumstances presented by the record in this case, it is clearly consistent with the national interest to grant Applicant eligibility for a security clearance. Eligibility for access to classified information is granted. _____________________________ Robert E. Coacher Administrative Judge