When news broke that 21-year-old Massachusetts Air National Guard airman Jack Teixeira leaked defense documents on the social network Discord, experts and concerned citizens alike began questioning who vetted this low-level service member who potentially caused grave damage to national security.
The Teixeira saga, which will likely play out for years to come across courtrooms, Capitol Hill and the Pentagon, laid bare how a troubled young man with extremist tendencies needed only a computer and reliable home internet to disseminate government secrets.
But on a more fundamental level, Teixeira’s leaks represent just the dramatic, final failure of an enfeebled national security vetting system that struggles at times to track which employees have access to classified information at all.
A three-month Raw Story investigation indicates that some government contractors and agencies are still tracking employees’ security clearance status using pen and paper or consumer-grade desktop computer spreadsheet programs. From federal agency to federal agency, and contractor to contractor, clearance tracking practices vary wildly, with some using technology fit for a sci-fi blockbuster, and others, an elementary school classroom from the 1950s.
Raw Story spoke with more than 15 national security experts for “Losing Track,” a three-part series that examines the systems and processes the government uses to vet and track the nation’s more than 5 million security clearance-eligible individuals, per government records.
Some outliers’ lack of technological progress potentially adds to the already tenuous nature of the government-wide personnel security clearance process, which the U.S. Government Accountability Office has classified as “high risk” for the past five years.
There’s hope: the government is in the midst of a multi-agency reform effort called Trusted Workforce 2.0.
This includes building out what’s called the National Background Investigation Services (NBIS), the new personnel vetting IT system that’s poised to standardize vetting procedures from start to finish — and continuously vet government workers who’ve already been cleared to handle sensitive documents.
But massive problems remain.
Despite being initially introduced to nearly all 115 federal agencies, the National Background Investigation Services won’t be fully operational for the foreseeable future.
Government contractors, meanwhile, including those that possess defense and military secrets, are still likely to use their own, internal personnel tracking systems in addition to the government’s databases — a security risk if those internal systems are antiquated. A person who no longer has security clearance may be listed as having it, for example.
Compounding the government’s effort: none of this addresses private, password-protected social networks of the sort that Teixeira used to allegedly publish classified documents — and unleash chaos.
The government’s catch-up effort “feels like a lot of bureaucratic initiative to continue to dress the naked emperor, but it’s like handkerchief by handkerchief,” said Lee Tien, senior staff attorney at the Electronic Frontier Foundation, a nonprofit digital rights group. “It’s a totally messed up system.”
Tracking security clearances the ‘old school’ way
A 2023 report from ClearanceJobs, a network for employees with government security clearances, revealed that 20 percent of surveyed facility security officers, who manage a company or agency’s security personnel and facilities information, were tracking their cleared employees in Microsoft Excel, 8 percent with other spreadsheets and 2 percent were using pen and paper.
Local branches of the federal government, local governments and government contractors are particularly prone to using what Joe Ferguson, co-director of the National Security and Civil Rights Program at Loyola University Chicago, calls such “old school” practices — information technology and accounting systems that seem straight out of another century.
“We’re talking about a pen and paper spreadsheet that is in someone’s desk drawer that other folks are not aware of as the reference points and is not systematically updated and reviewed — you’re talking about a huge security risk right there,” said Ferguson, who previously served as inspector general for the City of Chicago and assistant U.S. attorney with the United States Attorney’s Office for the Northern District of Illinois.
“People move on from the organization or the project, and their names are still on a list that says they have clearance,” Ferguson said. “That means they may have continuing access, and an organization that does this on pen and paper probably is an organization that does not have a reliable, accountable set of exit protocols to cut people’s access off, to remove their access from files and systems that might be accessed electronically.”
Still, pen-and-paper tracking, while relatively rare, is a problem that is not widely known, according to the government agencies Raw Story interviewed. The practice is more likely to be found with contractors who only employ a few cleared personnel, experts say.
It’s much easier to find the consumer-grade spreadsheet problems, even at larger companies and agencies, sources tell Raw Story.
Yet, none of this is readily transparent as government contractors and agencies generally keep how they track their clearances as a secret.
‘No unified system’
“I have had conversations with security offices who never challenged somebody’s security clearance, which is kind of a surprise,” said Dan Meyer, partner at law firm Tully Rinckey PLLC’s Washington, D.C. office and former Navy communications security officer who used to process security clearances. “I did encounter one security office that had no program at all, so it wasn’t that they were tracking off paper, they just weren’t tracking anybody at all … it’s true that there’s no unified system.”
Meyer, who also formerly worked for the U.S. Department of Defense Inspector General, said the government department that was not tracking its cleared personnel at all in the 2010s was a “nonintelligence agency with a fair number of security clearances, but even more importantly, databases that were absolutely sensitive and very important that our enemies not get access to them.” The government swiftly stepped in and brought in security professionals, Meyer said.
“The general mission of the agency was not national security or intelligence-based, but it had databases that it operated for the federal government that were absolutely essential to the security of the United States, and it was just a mismatch,” Meyer said. “The security office was operating under the premise that its employees really didn’t need clearances and a few had them, and they didn’t have to worry about it, so they didn’t develop the full security program.”