Above, an old wartime poster's warning against unguarded talk. Loose lips likely played a role in the current CIA "whistleblower" uproar. (Wikimedia)

By Eric Felten, RealClearInvestigations

October 3, 2019

As Democrats in Congress assess a CIA analyst’s “whistleblower” allegations against President Trump regarding Ukraine, one thing already seems clear: There has been a breakdown within the government of traditional restrictions against sharing intelligence beyond those with a need to know it.

Robert James Hanssen: Perhaps America's worst turncoat spy ever, he made a point of trivial need-to-know breaches. If no one noticed, that told him he wasn't under suspicion.

Unlike most whistleblowers, the CIA analyst was not a witness to events. Instead, he functioned as a kind of investigative reporter who worked sources to develop the information detailed in the complaint. While some have praised the informer for unearthing questionable behavior by the president, some experts in national security law say that the whistleblower and his sources may have violated regulations aimed at preserving state secrets.

Experts also say this breakdown was almost inevitable. Restrictions on information sharing were reinforced in response to some of the biggest spy breaches in U.S. history – involving Robert Hanssen, Aldrich Ames and Harold James Nicholson, among others. But they were undermined after 9/11 when government officials concluded that closer communication among various agencies might have helped it prevent the attacks.

Robert Eatinger, former senior deputy general counsel at the CIA who now leads the national security law practice at Dunlap, Bennett & Ludwig, said the basic rule is two-fold: 1) you don’t share classified information with someone who doesn’t have a sufficient level of clearance; and 2) you don’t share with someone who doesn’t have an official need to know the information.

This helps explain why “most whistleblower complaints are about first-hand experience,” says attorney Sean Bigley, who specializes in such whistleblower actions and in defending those at risk of losing their security clearances. He says that is preferable not just because an eyewitness is generally more credible, but because the sharing of classified information can itself be against the law. For example, it could matter where the information was discussed. If the information was classified top secret, for example, any conversation about it would have to take place in a surveillance-proof room called a Sensitive Compartmented Information Facility, or SCIF. Bigley says that’s not a problem when someone with direct experience files a whistleblowing complaint, and he wonders why none of the whistleblower’s sources were willing to come forward.

In his complaint, the CIA analyst states that he “was not a direct witness to most of the events described.” If the whistleblower had a “need to know” the information that was troubling, he could have accessed the transcript and intelligence himself. Instead he was told about it by anonymous “officials” at the White House and State Department.

The CIA analyst claims that he came by the information legitimately, claiming “the information provided herein was relayed to me in the course of official interagency business.” But though a meeting may have an official purpose, that doesn’t mean that it’s free game to share any and every piece of classified information.

His complaint also makes clear that he was not passively accepting reports from others but actively pursuing information. “Over the past four months,” he writes, “more than half a dozen U.S. officials have informed me of various facts related to this effort [to pressure Ukraine].” These seven-some officials are fonts of information:

“Multiple White House officials with direct knowledge of the call informed me…”

“Based on multiple readouts of these meetings recounted to me by various U.S. officials…”

“I also learned from multiple U.S. officials that…”

“U.S. officials characterized this meeting…”

“Separately, multiple U.S. officials told me that…"

“I was told separately by multiple U.S. officials that…"

There are more examples – page after page of them -- perhaps an effort to make the chorus of chatty officials seem more compellingly numerous than they are. In “almost all cases,” according to the whistle-blowing complaint, “multiple officials recounted fact patterns that were consistent with one another.”

How have officials with clearances become so casual in sharing classified information? Widespread disdain for President Trump within the federal bureaucracy, particularly within the intelligence agencies, may be a factor. But apparently something else was happening as well, namely a long-standing failure to rein in the rumor mill. It seems that security clearances are rarely revoked for over-sharing with colleagues.

Eatinger says that there are many reasons one might lose a security clearance. “It runs the gamut from psychological issues to the salacious,” he says.

One of the most common reasons government workers are stripped of their clearances is that they have been caught lying about when they got to work and when they left. Time and attendance fraud is vigorously policed and ruthlessly punished. Losing one’s security clearance over T&A (as it is known to federal employees) is a “career death sentence,” Eatinger says.

By contrast, in handling years’ worth of cases involving loss of clearances, “I haven’t seen anything to do with talking out of school” or anything to do with discussing secret information with a fellow official who lacks a need to know that information.

That’s consistent with the experience of lawyer Elaine L. Fitch, who practices security clearance law at Kalijarvi, Chuzi, Newman & Fitch, and who co-authored the fourth edition of the book “Security Clearance Law and Procedure.” “The biggest issues we see are financial,” she says. Workers are considered insufficiently reliable for a clearance if they have “too much debt” in their personal lives, potentially making them vulnerable to offers of cash for secrets.

Former FBI director James Comey hasn't been punished for leaking to the media. The government is hesitant to punish top officials who share information.

The fact that few government officials are losing their clearances because of inappropriate sharing doesn’t mean that everyone is holding classified information close. Instead, it suggests that the lines are often blurred and, as has been revealed in cases involving former FBI Director James Comey and others leaking classified information to the press. The government is hesitant to punish top officials who share information, who under law are subject to reprimand, suspension without pay, or removal, among other penalties.

If the whistleblower had a need to know the information, he likely would not have needed White House and State Department “officials” to provide it to him surreptitiously. But information such as read-outs of presidential phone calls are not normally left out for just anyone to peruse. Eatinger says that in his time at the CIA, which included interacting with the NSA, “I never saw a transcript of a president’s call with another country’s president.” He finds it “surprising that contacts shared that information.”

“What is truly endangered now is the ability to keep anything secret,” intelligence scholar Bowman H. Miller wrote in the journal Studies in Intelligence in 2011. After 9/11 there was a push to end “the ‘stovepiping’ and bureaucratic hoarding of national security information,” he wrote. The need to share replaced the need to know. Miller lamented that the lack of secrecy would hobble intelligence analysts’ “ability to write for or brief policymakers and decisionmakers with as much candid, relevant information as possible.”

Fitch cautions that as important as confidentiality may be, one doesn’t want secrecy used to cover up wrongdoing. One solution to that tension is for actual witnesses to go directly to inspectors general or Congress, who have a legitimate, official need to know.

There’s another reason altogether for hewing to the need-to-know basis for sharing intelligence. It has proved to be an effective way to spot – and thwart – spies.

In 2003, the Justice Department’s inspector general released “A Review of the FBI’s Performance in Deterring, Detecting, and Investigating the Espionage Activities of Robert Philip Hanssen.” The IG found that the longtime FBI mole had made a point of making trivial violations of need-to-know rules: If no one noticed, he was able to assume he wasn’t under suspicion.

The inspector general stressed that an institutional tolerance for breaking simple security rules, both at the FBI and the State Department (where Hanssen was detailed) made the institutions vulnerable. “Hanssen continued to commit security violations while at the State Department,” the IG reported. “He improperly disclosed classified information to others – including NSA and State Department employees, close friends, and members of the press.”

But it was through the unauthorized access of an FBI computer database that Hanssen did the most damage. The IG urged the FBI to “implement measures to improve computer security, including … procedures designed to enforce the ‘need to know’ principle in the context of computer usage.”

Harold James Nicholson: The Russian asset pursued information he didn't have a need to know, and drew suspicion.

CIA instructor Harold James Nicholson was a Russian asset for years. In April 1996, his efforts to gather information on Chechnya – information he had no need to know – brought him under greater suspicion even than his excessive spending. In November of that year the FBI searched Nicholson’s office and found documents about Russia. They weren’t beyond his clearance level, but neither were the documents about anything he had a need to know. It was the giveaway that led to Nicholson’s arrest later that month.

To the extent that damage done by notorious double-agent Aldrich Ames was limited, it was because of what was then a robust CIA culture of sharing information only with those who could demonstrate they needed it. Ames later told the Senate Intelligence Committee there were things “I couldn’t get access to” because the organization’s “culture of compartmentation” was strong. “If you have a need to know something you are upfront and you say I need to know this or you go to someone and get permission to get it, but you don't say to someone in the hall … ‘Anything exciting happen last week?’ You don't do that. And I never did.”

None of this is to suggest, as Trump has, that the whistleblower is any kind of spy. Rather, it is to point out that there are serious considerations behind the rules restricting the sharing of classified information with those who have a need to know it. If the whistleblower’s tale tells us anything, it’s that some in the intelligence community have become blasé about over-sharing. It’s a bad habit, one that – at a time when bad actors are prodding us in search of institutional weaknesses -- undermines our defenses.