1 DEPARTMENT OF DEFENSE DEFENSE OFFICE OF HEARINGS AND APPEALS In the matter of: ) ) ) ISCR Case No. 16-00467 ) ) Applicant for Security Clearance ) Appearances For Government: Adrienne Driskill, Esq., Department Counsel For Applicant: Cathryn E. Young, Esq. August 31, 2017 ______________ Decision ______________ MOGUL, Martin H., Administrative Judge: Statement of the Case On May 27, 2016, in accordance with Department of Defense (DoD) Directive 5220.6, as amended (Directive), the DoD issued Applicant a Statement of Reasons (SOR) alleging facts that raise security concerns under Guidelines M and E.1 The SOR further informed Applicant that, based on information available to the government, DoD adjudicators could not make the preliminary affirmative finding it is clearly consistent with the national interest to grant or continue Applicant’s security clearance. On June 27, 2016, Applicant submitted a written reply to the SOR (RSOR), and requested that the case be decided after a hearing before an administrative judge. The case was assigned to this administrative judge on November 4, 2016. The Defense Office of Hearings and Appeals (DOHA) first issued a notice of hearing on November 3, 1 I considered the previous Adjudicative Guidelines, effective September 1, 2006, as well as the new Adjudicative Guidelines, effective June 8, 2017. My decision would be the same if the case was considered under the previous Adjudicative Guidelines, effective September 1, 2006. 2 2016, scheduling the hearing for December 5, 2016. Because of scheduling conflicts, a second notice of hearing was issued on November 21, 2016, scheduling the hearing for January 10, 2017. The hearing was convened as scheduled. At the hearing, the Government offered Exhibits 1 through 6, which were admitted without objection. Applicant testified on her own behalf and presented six documents, which were also admitted without objection as Exhibits A through F. One additional witness testified on behalf of Applicant. The record was left open until January 24, 2017, for receipt of additional documentation. Documents were submitted and have been marked and entered into evidence without objection as Exhibits G through I. DOHA received the transcript of the hearing (TR) on January 19, 2017. Based upon a review of the pleadings, exhibits, and the testimony of Applicant and the additional witness, eligibility for access to classified information is granted. Procedural Rulings On August 30, 2016, Department Counsel amended the SOR, adding a second allegation under both Guidelines M and E. (1.b. and 2.b.) On October 3, 2016, Applicant submitted a reply to the amended SOR admitting in part and denying in part allegation 1. b. and denying 2.b. These amended allegations will be further discussed under each guideline. Findings of Fact After a thorough and careful review of the pleadings, exhibits, and testimony, I make the following findings of fact: Applicant is 49 years old. She is unmarried, but was previously married from 1997 to 2012, and she has one daughter. Applicant received a Bachelor of Arts degree in Criminal Justice in 1990. Applicant is employed as a security administrator for a state agency, and she is employed part-time for four other companies, including defense contractors, and she seeks a DoD security clearance in connection with her employment in the defense sector. (Tr at 51-53.) Guideline M – Use of Information Technology The initial SOR lists one allegation regarding Use if Information Technology. As discussed above, the SOR was amended to add one additional allegation under Adjudicative Guideline M. 1.a. It is alleged in the SOR that Applicant was terminated from her place of employment (Company A) in 2014 for violation of company policy due to her misuse of the company computer by allowing representatives of the Defense Security Service to query her for other business through Company A’s email system, and for actively engaging in work for other companies using Company A’s business systems to support her work for other companies. A Notice of Determination/Ruling was introduced. It 3 showed that Applicant did not receive unemployment benefits because she broke an employer rule and was thereafter discharged from Company A. (Exhibit 4.) At the hearing, Applicant testified that she began working at Company A in 2011 as the Facility Security Officer (FSO) and was terminated in 2014. She stated that in the three years she was employed by Company A she had at least seven direct supervisors. She indicated that the company was unstable, and during her tenure at the company between 75 and 100 people were either laid off or terminated. Prior to her working with Company A she had been involved with consulting and advising small companies with security issues, and she discussed with the owners at Company A that she wanted to continue consulting and advising other companies. She was informed that she could continue to do that as a Company A employee. She further testified that Company A was eventually sold, and the new employers were made aware of her arrangement with the company regarding consulting. (Tr at 60-70.) Applicant listed several individuals who were aware of her consulting, which included the CEO and a vice-president of Company A, as well as the HR manager and her recruiter who helped bring her in the company. (Tr at 106-107.) Applicant conceded that she used Company A’s computer while doing her consulting, but it was not only approved, it was encouraged to give her the opportunity to win an award called the Cogswel award, which is presented to individuals who are outstanding in the security field, and which is considered highly prestigious and would reflect positively on Company A. Applicant ultimately won the Cogwhel award. Applicant averred that had she never been made aware that she was not allowed to do her consulting on a company computer. If she had been made aware, she would have ceased using the company computer and used a different system that was available to her. (Tr at 70-77.) In 2014, she was called into her manager’s office with the human resource manager also in attendance, and she was informed that she was going to be terminated because of her consulting using the company computer. She explained that she had never been informed before her termination, in verbal or written form, not to use the company computer for her consulting, and she would cease immediately. She was told that she was simply terminated, and would be given no further opportunity to resolve the issue. She also testified that if she had been informed that she had to stop consulting, she would have done so immediately, but then she would have pursued another job since she did enjoy consulting and helping other companies. Applicant testified that she was extremely surprised at her dismissal as she had always received positive evaluations, and when she arrived at the company she took their security ratings from poor to superior. (Tr at 77-80.) Applicant conjectured that she was dismissed as she was earning a very high salary, and because the company that purchased Company A did not realize the poor financial position of Company A, many individuals had to be laid off or terminated. (Tr at 81-82.) Applicant testified strongly and extremely credibly that she never received any notice during her time employed at Company A that any of her conduct at Company A 4 was a violation of company policy. If she had received such notice she would have ceased the conduct immediately and never done it again. (Tr at 147-148.) 2.b. It is alleged in the amended SOR that Applicant was terminated from Company B in 2010 for emailing personally identifiable information (PII) in open email and not following proper procedure in relation to processing security clearances and utilizing the JPAS system. Applicant testified that she began working at Company B in 2008 after she was recruited by the FSO. She was hired to lead six people in the personal security clearance division. The FSO retired and Applicant opined that his replacement seemed to not like Applicant from the day he started at Company B, which made it a hostile work environment. Applicant explained that before an employee from her company was sent overseas, Applicant was to make certain that the person had an interim clearance. On multiple occasions she had to have a person removed from a plane because they did not have an interim clearance. The incident that is cited as the reason for her dismissal is Applicant emailed to a Company B representative overseas, regarding a Company B employee who was already overseas, asking why the employee was there if he did not have an interim security clearance. She stated that this was the same procedure that had been used before and did not violate the rules for emailing information. (Tr at 82- 92.) In this case, she simply emailed asking why an individual who did not have an interim clearance was somewhere where that was required. She never included the person’s social security number or any other information other than his name. (Tr at 126-139.) Applicant testified that she had believed she was terminated, but when she met with a government investigator after completing her security clearance application, she was told that the record showed she was laid off, not terminated. She was also told by a former employee of Company B that she was laid off, not terminated. She now believes that she was laid off and not terminated. Applicant did receive a two week severance pay after her employment ended with Company B. (Tr at 143-144.) Applicant also testified strongly and credibly that she never received any notice during her time employed at Company B that any of her conduct at Company B was a violation of company policy. If she had received such notice she would have ceased the conduct and never done it again. (Tr at 146-147.) This allegation was primarily based on a statement made by a former co-worker of Applicant. (Exhibit 5.) Applicant addressed the allegations in this statement in great detail, and with significant specificity. (Tr at 92-101.) Based on Applicant's extremely credible testimony refuting this statement, the testimony of the other witness, discussed below, and the other positive evidence on Applicant's behalf, I find this statement to have limited credibility and probative value. 5 Guideline E, Personal Conduct The initial SOR lists one allegation regarding Guideline E, Personal Conduct. As discussed above, the SOR was amended to add one additional allegation under Adjudicative Guideline E. 2.a. It is alleged in the SOR that Applicant's conduct, discussed in 1.a., above, raises concern under Guideline E. Applicant denied this allegation. 2.b. It is alleged in the SOR that Applicant's conduct, discussed in 1.b., above, raises concern under Guideline E. Applicant denied this allegation. Mitigation As reviewed above, one additional witness testified on behalf of Applicant. The witness is the vice president of industrial security for a DoD contracting company, and has held a security clearance for more than 30 years. The witness has known Applicant since 2004, when she became Applicant’s supervisor. The witness testified that Applicant was trustworthy, reliable and displayed good judgment. Finally, the witness testified that based on her long knowledge of Applicant, the information expressed in Exhibit 5 was completely untrue and unreliable. (Tr at 20-48.) Applicant also submitted a number of documents in mitigation. They include an extremely positive character letter from Applicant's former supervisor at Company B. He wrote that Applicant worked for him for two years and she was outstanding in her position as Manager or the clearance division. He described her as “one of the most knowledgeable individuals in Industrial Security Field.” He also wrote that she was allowed to resign from her position at Company B and that if she had been terminated, based on her excellent record, “the company would be in jeopardy of a wrongful termination lawsuit.” (Exhibit A.) The second letter was from a friend and co-worker of Applicant's from Company A. She wrote that she had been informed by the VP of Human Resources when Applicant began working at Company A that Applicant would be consulting with other businesses with whom Applicant already was consulting prior to joining Company A. This woman also emphasized that Applicant always followed the rules and regulations of security. (Exhibit B.) A third letter came from an individual, who is Applicant’s current employer and a vice president of the company. He described Applicant as a person “of good moral character,” and “a decent person at the core and only wants to do what is right.” Four additional extremely laudatory and positive character letters were also submitted on behalf of Applicant. (Exhibit C.) Additional awards and certificates were also submitted on behalf of Applicant. (Exhibit D.) Applicant also submitted her performance evaluations for Company A for March 2011 to December 2013, for a current employer dated September 2015, and another current employer dated 2015. (Exhibits G, H, I.) Her overall rating for Company A was 4.2 out of 5, which is considered “Highly Successful.” Her other evaluation ratings were also excellent. 6 Policies When evaluating an applicant’s suitability for a security clearance, the administrative judge must consider the adjudicative guidelines (AG). In addition to brief introductory explanations for each guideline, the adjudicative guidelines list potentially disqualifying conditions and mitigating conditions, which are to be used in evaluating an applicant’s eligibility for access to classified information. These guidelines are not inflexible rules of law. Instead, recognizing the complexities of human behavior, administrative judges apply the guidelines in conjunction with the factors listed in AG ¶ 2 describing the adjudicative process. The administrative judge’s overarching adjudicative goal is a fair, impartial, and commonsense decision. According to AG ¶ 2(a), the entire process is a conscientious scrutiny of a number of variables known as the whole-person concept. The administrative judge must consider all available, reliable information about the person, past and present, favorable and unfavorable, in making a decision. The protection of the national security is the paramount consideration. AG ¶ 2(b) requires that “[a]ny doubt concerning personnel being considered for national security eligibility will be resolved in favor of national security.” In reaching this decision, I have drawn only those conclusions that are reasonable, logical, and based on the evidence contained in the record. Under Directive ¶ E3.1.14, the Government must present evidence to establish controverted facts alleged in the SOR. Under Directive ¶ E3.1.15, the “applicant is responsible for presenting witnesses and other evidence to rebut, explain, extenuate, or mitigate facts admitted by the applicant or proven by Department Counsel, and has the ultimate burden of persuasion as to obtaining a favorable clearance decision.” A person who applies for access to classified information seeks to enter into a fiduciary relationship with the Government predicated upon trust and confidence. This relationship transcends normal duty hours and endures throughout off-duty hours. The Government reposes a high degree of trust and confidence in individuals to whom it grants access to classified information. Decisions include, by necessity, consideration of the possible risk the applicant may deliberately or inadvertently fail to protect or safeguard classified information. Such decisions entail a certain degree of legally permissible extrapolation as to potential, rather than actual, risk of compromise of classified information. Section 7 of Executive Order (EO) 10865 provides that adverse decisions shall be “in terms of the national interest and shall in no sense be a determination as to the loyalty of the applicant concerned.” See also EO 12968, Section 3.1(b) (listing multiple prerequisites for access to classified or sensitive information). 7 Analysis Guideline M, Use of Information Technology The security concern relating to the guideline for Use of Information Technology is set out in AG ¶ 39: Failure to comply with rules, procedures, guidelines, or regulations pertaining to information technology systems may raise security concerns about an individual's reliability and trustworthiness, calling into question the willingness or ability to properly protect sensitive systems, networks, and information. Information Technology includes any computer-based, mobile, or wireless device used to create, store, access, process, manipulate, protect, or move information. This includes any component, whether integrated into a larger system or not, such as hardware, software, or firmware, used to enable or facilitate these operations. The guideline notes several conditions that could raise security concerns under AG ¶ 40. (a) unauthorized entry into any information technology system; (b) unauthorized modification, destruction, or manipulation of, or denial of access to, an information technology system or any data in such a system; (c) use of any information technology system to gain unauthorized access to another system or to a compartmented area within the same system; (d) downloading, storing, or transmitting classified, sensitive, proprietary, or other protected information on or to any unauthorized information technology system; (e) unauthorized use of any information technology system; (f) introduction, removal, or duplication of hardware, firmware, software, or media to or from any information technology system when prohibited by rules, procedures, guidelines, or regulations or when otherwise not authorized; (g) negligence or lax security practices in handling information technology that persists despite counseling by management; and (h) any misuse of information technology, whether deliberate or negligent, that results in damage to the national security. 8 Based on the allegations and the facts of this case concerning Applicant's history with both Company A and Company B, I find that AG ¶ 40 (e) and (g) are potentially applicable in this case for SOR allegations 1.a. and 1.b., respectively. AG ¶ 41 provides conditions that could mitigate security concerns. I considered all of the mitigating conditions under AG ¶ 41 including: (a) so much time has elapsed since the behavior happened, or it happened under such unusual circumstances, that it is unlikely to recur and does not cast doubt on the individual's reliability, trustworthiness, or good judgment; (b) the misuse was minor and done solely in the interest of organizational efficiency and effectiveness; (c) the conduct was unintentional or inadvertent and was followed by a prompt, good-faith effort to correct the situation and by notification to appropriate personnel; and (d) the misuse was due to improper or inadequate training or unclear instructions. I found Applicant's testimony regarding Company A (1.a.) credible and persuasive that she began her Company A employment with a very clear understanding that she was allowed to do consulting work in addition to her full-time position with Company A, and that she was allowed to use her company computer to contact other individuals and companies that could use her help and guidance on security issues, whether or not she was compensated. I also found persuasive that during her entire tenure at Company A Applicant never received a notice, oral or written, informing her that she must cease her consulting work or that she must cease using the company computer for her consulting business. Finally, Applicant's testimony that if she had received such a notice, she would have immediately ceased the proscribed conduct was extremely reasonable and believable. Not only did I consider Applicant's demeanor and perceived veracity in reaching my decision, I considered her overall employment history, the very powerful testimony of the character witness, and the very persuasive character letters written on her behalf. Regarding Company B (1.b.), I find that the evidence strongly suggests that Applicant was not terminated from this position, but was “laid off,” and that her conduct did not violate company policy or general rules and regulations regarding emailing PII. I considered the same factors discussed above that I used in analyzing 1.a. to analyze 1.b. Based on the analysis discussed in the two paragraphs above I find that mitigating factors AG ¶ 41 (a) and (d) are applicable and controlling in this case for SOR allegations 1.a. and 1.b. 9 Guideline E, Personal Conduct The security concern relating to the guideline for Personal Conduct is set out in AG ¶ 15: Conduct involving questionable judgment, lack of candor, dishonesty, or unwillingness to comply with rules and regulations can raise questions about an individual's reliability, trustworthiness, and ability to protect classified or sensitive information. Of special interest is any failure to cooperate or provide truthful and candid answers during national security investigative or adjudicative processes. The guideline notes several conditions that could raise security concerns under AG ¶ 16.: (a) deliberate omission, concealment, or falsification of relevant facts from any personnel security questionnaire, personal history statement, or similar form used to conduct investigations, determine employment qualifications, award benefits or status, determine national security eligibility or trustworthiness, or award fiduciary responsibilities; (b) deliberately providing false or misleading information; or concealing or omitting information, concerning relevant facts to an employer, investigator, security official, competent medical or mental health professional involved in making a recommendation relevant to a national security eligibility determination, or other official government representative; (c) credible adverse information in several adjudicative issue areas that is not sufficient for an adverse determination under any other single guideline, but which, when considered as a whole, supports a whole- person assessment of questionable judgment, untrustworthiness, unreliability, lack of candor, unwillingness to comply with rules and regulations, or other characteristics indicating that the individual may not properly safeguard classified or sensitive information; (d) credible adverse information that is not explicitly covered under any other guideline and may not be sufficient by itself for an adverse determination, but which, when combined with all available information, supports a whole-person assessment of questionable judgment, untrustworthiness, unreliability, lack of candor, unwillingness to comply with rules and regulations, or other characteristics indicating that the individual may not properly safeguard classified or sensitive information. This includes, but is not limited to, consideration of: 10 (1) untrustworthy or unreliable behavior to include breach of client confidentiality, release of proprietary information, unauthorized release of sensitive corporate or government protected information; (2) any disruptive, violent, or other inappropriate behavior; (3) a pattern of dishonesty or rule violations; and (4) evidence of significant misuse of Government or other employer's time or resources. (e) personal conduct, or concealment of information about one's conduct, that creates a vulnerability to exploitation, manipulation, or duress by a foreign intelligence entity or other individual or group. Such conduct includes: (1) engaging in activities which, if known, could affect the person's personal, professional, or community standing; (2) while in another country, engaging in any activity that is illegal in that country; (3) while in another country, engaging in any activity that, while legal there, is illegal in the United States; (f) violation of a written or recorded commitment made by the individual to the employer as a condition of employment; and (g) association with persons involved in criminal activity. Because I did not find that Applicant exhibited conduct that supports a whole- person assessment of questionable judgment, untrustworthiness, unreliability, lack of candor, unwillingness to comply with rules and regulations, or other characteristics indicating that the individual may not properly safeguard classified or sensitive information; I do not find that any of the disqualifying conditions are applicable in this case under AG ¶ 16. AG ¶ 17 provides conditions that could mitigate security concerns. I did not consider the mitigating conditions under AG ¶ 17 since none of the disqualifying conditions were established in this case. Whole-Person Concept Under the whole-person concept, the administrative judge must evaluate an applicant’s eligibility for a security clearance by considering the totality of the applicant’s 11 conduct and all relevant circumstances. The administrative judge should consider the nine adjudicative process factors listed at AG ¶ 2(d): (1) the nature, extent, and seriousness of the conduct; (2) the circumstances surrounding the conduct, to include knowledgeable participation; (3) the frequency and recency of the conduct; (4) the individual’s age and maturity at the time of the conduct; (5) the extent to which participation is voluntary; (6) the presence or absence of rehabilitation and other permanent behavioral changes; (7) the motivation for the conduct; (8) the potential for pressure, coercion, exploitation, or duress; and (9) the likelihood of continuation or recurrence. Under AG ¶ 2(c), the ultimate determination of whether to grant eligibility for a security clearance must be an overall commonsense judgment based upon careful consideration of the guidelines and the whole-person concept. I considered the potentially disqualifying and mitigating conditions in light of all facts and circumstances surrounding this case. I have incorporated my comments under Guidelines M and E in my whole-person analysis. Overall, the record evidence leaves me with no significant questions and doubts as to Applicant’s eligibility and suitability for a security clearance. For all these reasons, I conclude Applicant has mitigated the security concerns under the whole-person concept. Formal Findings Formal findings for or against Applicant on the allegations set forth in the SOR, as required by ¶ E3.1.25 of the Directive, are: Paragraph 1, Guideline M: FOR APPLICANT Subparagraph 1.a: For Applicant Subparagraph 1.b: For Applicant Paragraph 2, Guideline E: FOR APPLICANT Subparagraph 1.a: For Applicant Subparagraph 1.b: For Applicant 12 Conclusion In light of all of the circumstances presented by the record in this case, it is clearly consistent with the national interest to grant Applicant eligibility for a security clearance. Eligibility for access to classified information is granted. Martin H. Mogul Administrative Judge