Homeland Security Watch

News and analysis of critical issues in homeland security

November 17, 2009

Facebook and Twitter can be dangerous to your security clearance’s health.

Filed under: General Homeland Security — by Christopher Bellavita on November 17, 2009

[Please see below for a November 23 update to this post.]

Or at least that is the informed opinion of Greg Rinckey now making its way around the web.

Greg’s ideas add an additional dimension to the emergent discoveries of the pros and cons of social networking: the communication process that refuses to be controlled. (See Jesse’s post from Monday.)

The November 2, 2009 article, available for view here, apparently first appeared on federaltimes.com.  The article describes Greg as “a former military and federal attorney, …[now]  managing partner of Tully Rinckey PLLC, a law firm with offices in Albany, N.Y., and Washington.”

Here’s a lightly edited version of the original article:


Commentary: Social sites risk security clearance

November 02, 2009

If you hold a security clearance or if you ever want to apply for one, be mindful of your postings and contacts online, particularly on social networking sites such as Facebook and Twitter. These sites pose risks to gaining and keeping a security clearance.

Question 14 of the National Agency Questionnaire (SF-86) asks for names of your relatives and associates. The term “associate” is defined as any foreign national that you or your spouse “are bound by affection, obligation, or close and continuing contact.” Continuing contact with a foreign national used to include a clear exchange between both parties — visits outside the country, mail, phone calls or e-mails. Social networking sites bring a gray area into the definition of an associate and continuing contact. Your list of friends on Facebook may include foreign nationals, or you could have foreign followers on your Twitter page.

Is giving a foreign national access to your social networking page as a “friend” considered close and continuing contact even if you never directly message them? Is having access to your updated information enough for a person to be considered an associate? Unfortunately, this uncharted territory can ensnare a potential or current clearance holder.

Foreign intelligence agencies use social networking sites. They have been known to befriend Facebook users who automatically accept their “friend” requests. I had a client who lost her security clearance after using an online chat room. She was seeking advice on how to beat a computer game while attending a gaming convention. The “gaming” experts she chatted with online were foreign intelligence agents working out of China.

You may want to eliminate any foreign nationals from your social networking sites to eliminate any potential security concerns.

A clearance holder also needs to be responsible for what he or she posts online. These sites are considered “open source intelligence,” and mining information from them is simple. Anyone can do a Web search and bring up postings from Twitter and Facebook.

Technology companies are developing more sophisticated ways to monitor social networking sites, offering the ability to scan millions of online social conversations at once. Intelligence agencies around the world are taking advantage of this technology to gain valuable information.

Social networking sites are creating new territory for many workplaces. Just this month a Staten Island, N.Y., judge had to be transferred to a new location because of his Facebook use. The judge reportedly used the site to update his whereabouts and post pictures of his courtroom.

The Pentagon also is weighing if troops deployed in Iraq and Afghanistan should continue to have social networking access.


The article ends with some advice about what to do if you find yourself in a situation where the desire to be social may conflict with the responsibility to be secretive — i.e., contact an attorney.


Thanks to Susan Reinertson, former FEMA Region 10 Administrator, and former Homeland Security Advisor and Emergency Management Director for North Dakota for alerting me to this article.  I now understand why she refuses to accept my Facebook friend requests.  Or at least I think that’s the reason.


In case you missed the comment from William Henderson:

November 22, 2009 @ 10:17 pm

Mr. Rinckey’s 2 November was retracted at the Federal Times because it was erroneously based on an obsolete version of the SF86. The wording of the “Foreign Contacts” question on the July 2008 (latest version) of the SF86 changed enough from the question on the September 1995 version of the SF86 to severely undermine the premise of his article.

The new question reads,“Do you have or have you had close and/or continuing contact with foreign nationals within the last 7 years with whom you, your spouse, or your cohabitant are bound by affection, influence, and/or obligation?”

Share and Enjoy:
  • Digg
  • Reddit
  • Facebook
  • Yahoo! Buzz
  • Google Bookmarks
  • email
  • Print
  • LinkedIn


Comment by William R. Cumming

November 17, 2009 @ 3:13 am

An important post as the numbers of those jobs requiring security clearances climbs as another administration refuses to understand the problems with E.O. 10450 issued by President IKE so that Lewis Strauss of the AEC could reduce the access of Dr. Robert Oppenheimer in the 50’s. Note Dr.Oppenheimer never lost all his clearances and in fact received the Presidential MEDAL OF FREEDOM from President JFK. Part of the confusion exists because Personnel Security Clearances are required by persons holding National Security Positions as defined by 5 CFR. Complete confusion in most federal HR offices over basic suitablity and access to classified information. To oversimplify, first some investigative unit–the FBI in the case of PAS (Presidentially appointed Senate Confirmed)positions–or OPM or contractors of OPM collect background information gathering raw data including any derogatory information about a person. Then separately an adjudication occurs of that data with the final level being the head of any federal department or agency under EO 10450. The suicide of White House Counsel under Clinton was probably caused because he did not understand the system and was distraught some say over the fact that he had sought mental health counseling and had to face the choice of revealing it to the background investigation process. Certain programs and positions also can require polygraphing. Bottom line background information and its adjudication is not a standardized process and in fact subject to varying judgements in both collection and adjudication. Just another example where a system can be abused by those that don’t care, don’t know, don’t want to know, know but don’t follow the rules, and in reality there are few rules. Removal of a clearance after being granted also can be very arbitrary and capricious. Federal contractors with clearances being removed have more rights than civil servants. Because having a clearance gives some people, many in fact, the notiton that they are important (and clearly some are and some are not) removal of a clearance can often result in catastrophic career consequences. The removal of clearances of 40% of the personnel in FEMA in early 90’s by Director James Lee Witt allowed the agency to finally operate with the unnecessary stovepipes created by REAGAN/BUSH era directors for an agency that principally was an adminstrative/grant making agency not a regulatory/policy making agency. Incorporation into DHS again made FEMA into a stovepiped agency under the 2nd Bush and interestingly not one discussion of FEMA in or out of DHS I have ever seen and I have seen many addressed the issue of misuse of security clearances and that process of award or removal in DHS. For some background information got to the following URL: http://www.fas.org/sgplibrary/trefry.pdf

Comment by William R. Cumming

November 17, 2009 @ 3:16 am

Correction for the URL in previous comment: http://www.fas.org/sgp/library/trefry.pdf

Comment by Kathleen - ClearedJobsNet

November 17, 2009 @ 10:33 pm

Yes, professionals with security clearances have many concerns when it comes to maintaining their clearances. These are professionals who we have entrusted the security of many levels of classified information to and they have been provided training, support and continual guidance on how to maintain their security cleared status both online and offline. It is unfortunate that there are a few incidents which tend skew the veiwpoint that these professionals are easy targets to foreign intelligence agencies.

There are many people, many more people than you, think that have security clearances and do actively participate in social networks at many levels both in an open community and closed communities. These security cleared professionals do the same things that many other professionals do online in these social networks – their monitor their interactions, share information with approved sources and are diligent about the way they interact within these communities.

As government agencies move to utilize and leverage these social networks to collaborate with others inside the government and to respond to citizen requests, professionals with security clearances are going to have to be more comfortable using these tools and operating in an open social community – just as they do in the offline world.

Comment by Gabriele Oliva

November 18, 2009 @ 3:47 am


Comment by Gabriele Oliva

November 18, 2009 @ 3:55 am

I find the topic very interesting.
Do you think there is the need to actively limit and control social networks and their use, or it is sufficient to inform people about possible threats and best practices in order to reduce risks?

I have just created a blog http://www.interdependency.org in which i would like to talk about interdependency in technological,biological and social contexts.

I am a Ph.D student and my research is in the field of critical infrastructure protection, so the blog will be mainly devoted to sensibilization about critical infrastructure protection.

Comment by Kathleen - ClearedJobsNet

November 18, 2009 @ 7:30 am

One of the founding principles of communities is that they can be and for the most part are self governing. Each individual armed with the proper knowledge and training can operate within in a community and be able to evaluate the benefits and the risks.

A challenge with so many in the security cleared world is that for many of them they have not been provided training or guidance on how to operate that actual tools such as privacy controls or evaluating invitations that they don’t participate in the communities at all. This is a dissservice to them and the communities they could participate in.

Comment by William R. Cumming

November 18, 2009 @ 2:05 pm

I would be interested if you come across any federal training programs RE: Security on new social media for federal employees or contractors!

Comment by William Henderson

November 22, 2009 @ 10:17 pm

Mr. Rinckey’s 2 November was retracted at the Federal Times because it was erroneously based on an obsolete version of the SF86. The wording of the “Foreign Contacts” question on the July 2008 (latest version) of the SF86 changed enough from the question on the September 1995 version of the SF86 to severely undermine the premise of his article.

The new question reads,“Do you have or have you had close and/or continuing contact with foreign nationals within the last 7 years with whom you, your spouse, or your cohabitant are bound by affection, influence, and/or obligation?”

Comment by Out of Debt Money Makeover

December 24, 2009 @ 2:46 pm

Hey very nice blog!! This was what I needed to know.

Comment by Cordell Salsa

August 6, 2010 @ 1:40 am

You made tremendous great ideas there. I made a search on the topic and noticed almost all peoples will agree with your blog. But who wants to spend anywhere from fifty to two hundred fifty dollars to get rid of one lousy program? Yes, the laws of supply and demand are at work, but so is the law of common sense.

RSS feed for comments on this post. TrackBack URI

Leave a comment

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>