How social media can help spot insider threats

Shutterstock image: social media brain.

In May, Director of National Intelligence James Clapper signed Security Executive Agent Directive 5 on the "Collection, Use and Retention of Publicly Available Social Media Information in Personnel Security Background Investigations and Adjudications." The directive was released the night before a House Oversight and Government Reform Committee hearing on the same topic.

It has been a long time coming and overall is a great step forward. However, it might not go far enough.

Under Section E (Policy), the directive states that "agencies may choose to collect publicly available social media information in the personnel security background investigation process." In my opinion, that could have been worded more strongly because the word "may" conveys something optional.

I realize that making a stronger policy statement would lead to questions about funding and tactics. However, reviewing social media is one of the best ways to evaluate individuals against the adjudicative guidelines for determining whether someone should have access to classified information. Those guidelines define what investigators should look for in a background investigation.

The first three guidelines cover:

  1. Allegiance to the United States
  2. Foreign influence
  3. Foreign preference

The new directive also states, "Only publicly available social media information pertaining to the covered individual under investigation shall be intentionally collected."

That statement leaves too many loopholes. Standard Form 86, the Questionnaire for National Security Positions, does not ask applicants to list the social media platforms they use and does not ask for their online identities. That makes it very difficult for investigators to ensure that they are looking at the correct person's online activity. Unless someone uses his or her name for a Twitter handle, public Instagram feed or YouTube channel, how can an investigator be sure?

Chances are if people are applying for security clearances and posting anti-U.S. sentiments online in their spare time, they are probably not doing it in a way that can easily tie back to themselves. Therefore, technology must improve so that investigators can associate disparate user names across multiple social media platforms with a single individual.

The security clearance directive seems to recognize the identity resolution challenge, and in Section E, paragraph 7, it states: "Authorized investigative agencies shall make reasonably exhaustive efforts to verify that any information collected that is discrepant or potentially disqualifying pertains to the covered individual."

It also goes on to say any information that would disqualify an applicant must be investigated, and ultimately, the covered individual must be given a chance to review the proceedings.

The latter part reminds me of the Fair Credit Reporting Act's requirements for issuing adverse-action notices and resolving consumer disputes. It would be difficult to bring social media disputes under similar reporting requirements, but the government seems to be heading in that direction.

However, FCRA's accuracy requirements for identity resolution would be hard to meet, and the consumer dispute process would become overwhelming if applied to social media activity and security clearances.

Further, in the social media world, it is not clear to whom FCRA's data-furnisher requirements would apply because in this context, the individual is furnishing his or her own data.

Every initiative must start somewhere, of course, and Security Executive Agent Directive 5 is a definite improvement over the previous status quo. If the government is serious about strengthening the clearance process, however, more must be done.

About the Author

Jeffrey Huth is vice president of product strategy for TransUnion’s government information solutions division.


  • Defense
    Ryan D. McCarthy being sworn in as Army Secretary Oct. 10, 2019. (Photo credit: Sgt. Dana Clarke/U.S. Army)

    Army wants to spend nearly $1B on cloud, data by 2025

    Army Secretary Ryan McCarthy said lack of funding or a potential delay in the JEDI cloud bid "strikes to the heart of our concern."

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

Stay Connected


Sign up for our newsletter.

I agree to this site's Privacy Policy.