Feds Have Found ‘Unbelievable’ Amounts of Child Porn on National Security Computers. Is This the Solution?

hamburg_berlin/Shutterstock.com

Currently, managers only look for aberrant computer behavior on internal, agency-owned IT systems.

A top National Security Agency official wants to keep tabs on national security personnel off-the-clock, in part by tracking their online habits at home. The aim is to spot behavior that might not be in America's best interests. 

Historically, some illicit activity, like downloading child pornography, has occurred on government computers and been prosecuted. 

But today, the digital lives of employees cleared to access classified information extend beyond the office. 

About 80 percent of the National Security Agency workforce has retired since Sept. 11, 2001, says Kemp Ensor, NSA director of security. When the millennial and Gen Y staff that now populate the spy agency get home, they go online.

“That is where were we need to be, that’s where we need to mine," Ensor said. 

Currently, managers only look for aberrant computer behavior on internal, agency-owned IT systems – it’s a practice known as “continuous monitoring.”

But the military and intelligence communities are beginning to broaden checks on cleared personnel in the physical and digital worlds. It used to be that national security workers were re-investigated only every five or 10 years. 

Under the evolving "continuous evaluation” model, the government will periodically search for signs of problems through, for example, court records, financial transactions, and -- if authorized -- social media posts. 

Ensor and other federal officials spoke April 28 about new trends in personnel security at an Intelligence and National Security Alliance symposium in Chantilly, Virginia.

On government devices, “the amount of child porn I see is just unbelievable," said Daniel Payne, director of the Pentagon's Defense Security Service. The point being, there’s a need to routinely scan agency network activity and criminal records to gauge an individual's suitability to handle classified information.

Payne, whose 34 years of counterintelligence experience have spanned the military, CIA and National Counterintelligence and Security Center, was not referring to any specific agency or any specific timeframe, his current employer told Nextgov.

Payne just returned to the Defense Security Service in February, after starting his career there. 

"Director Payne provided this example to demonstrate the range of issues identified during the personnel security process, and the range and value of different data sources that have a bearing on an individual's ability to access sensitive information," the Defense Security Service said in an emailed statement. 

» Get the best federal technology news and ideas delivered right to your inbox. Sign up here.

Ensor echoed his colleague's concerns, noting he sees child pornography on NSA IT systems. In the national security space, “what people do is amazing," he said. Ensor's guess about the presence of explicit material is that there are many "introverts staring at computer screens" day in and day out. This is why it is so important to look at individuals holistically when determining who might be a so-called insider threat, Ensor said. 

In the past, military and intelligence personnel have exploited minors online, without notice, for years or even an entire career. 

The Boston Globe broke a story in 2010 that a significant number of federal employees and contractors with high-level security clearances downloaded child pornography -- sometimes on government computers -- at NSA and the National Reconnaissance Office, among other defense agencies.

At least one NSA contractor holding a top secret clearance told investigators in 2007 he had been spending $50 to $60 monthly fees on various sexually explicit websites for the past three years, according to a Defense inspector general report on the matter. After each session on the porn sites, he would wipe the browsing history of that system. The Pentagon investigation did not state who owned the computer.

More recently, a military official pleaded guilty to pedophile crimes and accessing child pornography through the Internet -- but at home. 

On April 15, a U.S. district judge sentenced former Army Corps of Engineers official Michael Beeman, of Virginia, to 30 years in prison for molesting minors, beginning in the 1980s while working in public affairs at Patrick Air Force Base. He later downloaded child pornography to personal devices, court records show.

Case files state the illegal online activity occurred between 2010 and 2014, which according to LinkedIn, was when Beeman served as an Army Corps of Engineers public affairs regional chief.