The misuse of information technology systems in relation to national security clearance is governed under Guideline M, Use of Information Technology Systems in the Security Executive Agency Directive 4 (SEAD 4). Under Guideline M, the government may have security concerns related to the misuse of information technology systems as it tends to show an inability to follow laws, rules, and regulations and thus creates a heightened risk of coercion, exploitation, or duress.
The main concern that is typically alleged by the government in a Statement of Reasons (the document issued by the government expressing the security concerns) revolves around unauthorized use or entry into any information technology system. This can include incidents such as using a co-worker’s password or computer to gain access to a government computer or system, downloading or storing any sensitive, classified, or proprietary material, or negligent or relaxed security practices. Furthermore, you don’t even need to have engaged in this behavior intentionally or deliberately for you to be disqualified from obtaining a security clearance. Therefore, the question that must be asked is, can any misuse of government information technology systems really cause me to have a security clearance denied or revoked? In short, it can, depending on the circumstances.
On several occasions, Guideline M becomes germane after it is determined, whether through self-reporting or routine monitoring, that a misuse of an information technology system has occurred. The most common incidents are related to the use of a co-worker’s password or using the information technology system in a way that is against government or company policy, such as usurping installed protections to visit unauthorized websites while at work or even downloading or inserting unauthorized media into the system. The main concerns of the government are two-fold: a failure to follow policy, rules, and/or regulations; and the potential to damage the national security of the United States. Even unintentional violations could call into question your ability to safeguard classified material.
Despite these common disqualifying conditions referenced above, it is not a certainty that anything negative will happen to your security clearance if you engage in such behavior. In an abundant number of cases, simply providing the proper mitigation can be the difference between the revocation or denial of a security clearance and retaining one’s national security eligibility. While in some cases, the intent of an individual may be considered disqualifying, producing information or evidence showing the conduct was unintentional or inadvertent and was properly and promptly reported to the appropriate individuals could mitigate these concerns. Another mitigating aspect is if the misuse was minor or done solely in the interest of organization efficiency and effectiveness (as described in SEAD 4). This could include using a co-worker’s password to ensure the protection of national security or to promptly resolve any unintentional leak of sensitive, classified, or proprietary information. This would constitute unique and unusual circumstances occurring and done in the interest of organization efficiency, thus showing mitigation. Ultimately, while the seriousness of the misuse is considered, showing that the proper steps were taken after the misuse and there is no pattern of similar behavior is paramount to proving mitigation.
It is always important to stay vigilant regarding the potential windfalls of misuse of information technology systems, especially considering the numerous and ever-instituted telework policies that many government agencies and contractors have been implementing since the start of the COVID-19 pandemic. Without showing the proper mitigation, not only will your ability to obtain or maintain a security clearance be in jeopardy, but this could potentially impact your ability to obtain a security clearance in the future.
Ryan C. Nerney, Esq. is a Managing Partner in the Southern California office of Tully Rinckey PLLC, where he focuses his practice primarily on national security law, with experience in federal employment and military matters. Ryan represents clients who have security clearance issues against agencies such as DHS, NSA, DIA, DOD, NRO, and DOE. He has represented numerous clients in security clearance revocation proceedings and has a proven record of saving clients’ jobs, as well as anticipating and resolving potential future issues with their security clearances. Ryan is also a standing member of the National Security Lawyers Association executive board. He can be reached at email@example.com or at (888)-529-4543.