Harmless right? At first it might seem so, that is until the threat of blackmail and the secret is out. The invitations to register are enticing,
and the promise of a secret affair with other like-minded adults make the offer seem like an appealing proposal. That is until a group hacked the company and
exposed the data base for the world to see.
What was once a hi-brow hook up is
now touted as a wall of shame. Suddenly high profile people are now humiliated,
losing jobs, credibility, and some have committed suicide. The likes of Josh Duggar and even the Ashley
Madison CEO are losing what they have worked so hard to build up. Josh lost his
legacy and the business world lost confidence in a company's leader who promised
discretion. The cloak that once hid the appealing invitation to participate in
the exclusive playground has been removed, exposing it for what it really is; a
place for married people to engage in adultery.
This article is by no means meant to pass judgement on
these individuals, but to highlight the issue of possible blackmail and
security clearances. Specifically, the
bad formula of person possessing the knowledge of national secrets plus
something to hide equals security risk. I recall well my military service
during the Cold War. I remember reading reports of service members and those in
the intelligence community put on trial for acts of espionage resulting from
adulterous affairs. Remember the old "honey trap" where a beautiful
girl from the Soviet Union befriends a not so deserving victim? Her handlers
then record the event and blackmail the unwitting participant into revealing
secrets. Yep, a cleared person plus something to hide equals security risk.
The Criteria
Employees are awarded security clearance based on classified contract needs and after a lengthy investigation and adjudication process. This process is based on the 13 security clearance guidelines. They are listed below:
(1) Guideline A: Allegiance to the
United
States
(2) Guideline B: Foreign
Influence
(3) Guideline C: Foreign
Preference
(4) Guideline D: Sexual
Behavior
(5) Guideline E: Personal
Conduct
(6) Guideline F: Financial
Considerations
(7) Guideline G: Alcohol
Consumption
(8) Guideline H: Drug
Involvement
(9) Guideline I: Psychological
Conditions
(10) Guideline J: Criminal Conduct
(11) Guideline K: Handling Protected
Information
(12) Guideline L: Outside
Activities
(13) Guideline M: Use of Information Technology Systems
There are several guidelines that participating in the
Ashely Madison offerings could cover. For the sake of brevity, we'll take a
closer look at Guideline D: Sexual Behavior.
The Concern.
Sexual behavior that involves a criminal offense, indicates a personality or emotional disorder, reflects lack of judgment or discretion, or which may subject the individual to undue influence or coercion, exploitation, or duress can raise questions about an individual's reliability, trustworthiness and ability to protect classified information. No adverse inference concerning the standards in the Guideline may be raised solely on the basis of the sexual orientation of the individual.
In this case, married cleared employees may have
registered on the website. According to an article at www.msn.com/en-us/news/technology/the-blackmail-of-ashley-madison-users-has-already-begun/ar-BBlXLTH,
the blackmail has already begun. Cleared employees on the list could be
vulnerable to this blackmail and if investigated, they may find their security
clearances in question.
According to the Office of Personnel Management, conditions that could raise a security
concern and may be disqualifying include:
(a) sexual behavior of a criminal nature, whether or not
the individual has been prosecuted;
(b) a pattern of compulsive, self-destructive, or
high-risk sexual behavior that the person is unable to stop or that may be
symptomatic of a personality disorder;
(c) sexual behavior that causes an individual to be
vulnerable to coercion, exploitation, or duress;
(d) sexual behavior of a public nature and/or that which
reflects lack of discretion or judgment.
But this isn't always a clearance killer.
When adjudicators take a look at the "whole person" concept, there may be some conditions that could mitigate security concerns. These include:
(a) the behavior occurred prior to or during adolescence
and there is no evidence of subsequent conduct of a similar nature;
(b) the sexual behavior happened so long ago, so
infrequently, or under such unusual circumstances, that it is unlikely to recur
and does not cast doubt on the individual's current reliability,
trustworthiness, or good judgment;
(c) the behavior no longer serves as a basis for
coercion, exploitation, or duress;
(d) the sexual behavior is strictly private, consensual,
and discreet.
Other implications
The fallout is still on going. Some accounts "pretend" or otherwise were made using official government and business email. If these are further investigated, clearances could be suspended for violating Guideline M: Use of Information Technology Systems.The point is, that just being on the hacked list may not in itself cause the denial or revocation of a security clearance. Cleared people have affairs and maintain their clearances. But problems arise when the affairs are discovered or the individual is susceptible to coercion, exploitation or duress. When these events cannot be mitigated, the of course the person is not trustworthy. However, these will be considered on a case by case basis and with the "whole person" in mind.
Some preventative actions
Cleared contractors would do well to include warnings against such online behavior during annual security awareness and other NISPOM required training. Reminders about continuous observation and maintaining a lifestyle to maintain a security clearance may just be what some cleared employees need to toe the line.