chrisl

Canada has better privacy laws than the US. I know one guy who was walked away from the lectern at gunpoint at a conference because both he and the person who cleared his slides overlooked something. He had something like weekly interviews for a year, got followed, probably wiretapped (that still takes a court order), the full works. Another person who was followed out of the cleared area of a national lab at gunpoint just because he was working late and the guards felt like following him all the way to a grocery store. The US constitution does have a lot of protections for the normal citizen. Something that exists nowhere in that document, and has rarely been addressed by the court, is a right to privacy of information. Where it has been addressed, you have essentially no right to privacy with respect to any information that you've shared with a third party. There are various state and federal laws that protect some of that (your video rental record, your medical records, communications with your attorney in most cases), but none of those are constitutional protections, and most of them are waived when you sign up for a clearance. The investigators use your signed waiver to get whatever they want. And if there's something they want to pursue that they need an additional release for, you sign the release or the investigation stops and you don't get the clearance. Tracking anything you do at work using employer resources? Any and every employer does that to some extent, and it's entirely legal. When the US government is doing it in its role as an employer, you have the rights of an employee, not the rights of a general citizen. OPM is allegedly moving to a "continuous review" mode, rather than periodic renewals, where cleared people are essentially under investigation at all times. I haven't been interviewed for anybody's renewals in a while, so maybe they're already doing it. But we also haven't been in the office much until the last 6 months, so if the investigators are following chains of people it's slower and less convenient for them. I also don't answer the phone for numbers that I don't know and am bad about checking my voicemail (it's always about my car warranty), so maybe they've been trying to call. The flip side of it all is that in the US there are very few actual laws directly related to handling of classified information - it's mostly a contract between you and the government that you won't reveal it. The rules are primarily through executive order. That's why part of what Teixera is being charged with is a WWI era law. Simple unauthorized possession of classified information is generally not illegal - how you came to have it and what you do with it are what affect the legality. Most of the punishments for mishandling are administrative (anal probe, losing your clearance forever), and criminal only comes into play if you deliberately access stuff you aren't legally supposed to have or do something illegal (like export or pass to an adversary) information that you legally have.

I've managed to avoid it entirely, but I know quite a few people with clearances, and I'm more familiar with the legalities than you might expect. Once you sign the release on the SF-86 they can get essentially anything they want on you, from anyone. That's essentially what the release does - you exchange any expectation of privacy in return for the clearance. Even the SF-85, which doesn't even get you a clearance gives the USG that kind of access, but it's rarely used because at that level you don't get any special information. I know a few people who have screwed up, even in relatively minor ways, and then been essentially tracked and sometimes followed for extended periods.

If it turns out he was trash picking, that would be the easiest way - just put the doctored stuff in the trash. If he had unrestricted access it's a lot harder, but dynamic substitution of links is easy and it's putting in the spoofed docs that would be harder. Depending on what he was doing, if it was all about Ukraine and he was predictable in what he pulled, they could both create content for him and get someone into the discord who would prompt him for the doctored stuff. It will be interesting to find out what actually happened some time in the distant future when we get something approximating a complete story.

I suspect that's the biggest risk of the leak. The details weren't surprising, and the number of military people from various countries in Ukraine was so low that it could be all embassy protective details and maybe ISR liaisons. Anybody who's actually dangerous or doing something (even in the ISR world) would probably be a contractor with a very well laundered payment path.

And still disqualifying for government employment in the US, or employment at a national lab where you have to fill out SF-85 or higher.

Doesn't have to be a full team. Monitoring someone's social media and classified printer (seriously, what 19 year old even thinks they might need a printer for anything?) usage can be mostly automated, and probably will be as they ramp up the "continuous review" that they're apparently transitioning to, anyway. The automation looks for patterns (keywords, particular groups, contacts with particular people/groups/etc) and kicks it to a person for review if there's a hit. It doesn't even have to be as good as the non-com two years older than them who would be giving them instructions in the field - it doesn't give instructions, it just monitors. And for all we know it might have been going on and that's how the intel people poisoned the leak. I agree that in this case they IC people probably poisoned the leak before we even heard about it. The first thing I thought when I saw "Ukraine out of AD weapons on April whatever" was "LOL, it's a trap!"

double post

That's mostly true, but having tried to teach technical things (both ancient, like physics, and modern, like image processing) to college age kids, a lot of them just have holes in their brains. Take the same people in their mid 20s after they've been out of their parents' house a while and their hormones have settled down and stick them in the same courses and their brains work way better. (Though there are certain subset who are basically high speed logic machines as adolescents). The problem is really you don't know who a kid is going to be at 18 and that time between 18 and 25 is when you and they are finding out. Closer continuous review based on clearance level and role would have probably made a big difference in this case. If someone were watching this kids social media activity they'd have caught it when he was posting his own summaries that nobody paid attention to and either adjust his access or his behavior, or both. Part of the network problem is that encrypting and putting different levels of access controls on data at rest makes it much harder (if not impossible) to do effective cross-agency/department/etc data fusion for finding the kind of patterns that were missed in 2000-2001.

Doesn't look like wood. Some of the comments suggest it's composite armor.

Most people I know in the aerospace world are TS/SCI - most job ads for clearance related technical jobs in aerospace companies either ask for it or require you to be eligible for it. They prefer if you already have it so they don't have to pay an engineer to count paperclips for 18 months. If you're hiring high end engineers out of top schools to work on defense programs they're generally going to be working on things at the higher end of the classification scale. The difference between them and Teixera is that they all at least have a BS, and most have either an MS or PhD on top of that, so only a few would be getting TS/SCI before age 25 just because of their time spent in higher education.

25 is a reasonable age for another reason: the standard form asks for information going back 7 years. For an 18 year old,. that's going back to age 11. People change a huge amount between 11 and 18, and there's also a very limited documentation trail of what a person is like at 18. But for a 25 year old that's going back to an age where they have most adult rights and privileges (except legal alcohol in most states). So setting it at 25 mreans you get people who are more mature and also have started to show who they are as adults. The down side of that is that it shuts people who are fresh out of college out of clearance jobs, giving them more time to get settled at a high paying FAANG job where none of the clearance hassle is required. And probably eliminates a lot of very smart early career math people - I used to know a guy who was an assistant professor of math at a top 20 school when he was 23. A compromise might be to use the continuous review process (which is where the renewal thing is supposed to be headed, anyway) more heavily on younger people with shorter histories. You're 18 with a brand new TS/SCI? They're going to watch your internet traffic pretty closely. 25 with a 7 year history of no issues through the continuous review? They'll have backed off over time to a lower level of intrusiveness.

Or an airburst of tungsten rain well outside of APS range.

Pulled out of burn bags in a SCIF?

For all we know he works for someone who doesn't deal with computers and has him print everything out to read/review/trash. It's not so common anymore, but it wasn't so long ago that there were managers who would have their secretaries print their email then dictate replies or handwrite and have the secretaries transcribe. That's less likely with emails now, but not too unusual with reports and presentations, and they could be printed for an officer who likes to read them on paper instead of a screen. It wouldn't raise any eyebrows, and then he can make off with some of the paper copies if they don't have some other audit mechanism to make sure that everything that gets printed is either stored properly or destroyed. If the data were never printed it would be easier to restrict and track access by login. If it's encrypted at-rest it would be possible to keep him from being able to see it, even if his boss could read it on a tablet or laptop by having the appropriate permissions and password or key.

I wouldn’t think twice about it, and I would expect the same from anybody I work with. We’re the same about safety and reliability. The difference around here is that we only do a relatively small amount of classified work, so not having a clearance isn’t career ending. Having one can a be worse, because you disappear into a black hole until you decide to go back to unclassified stuff.

They do the same on new clearances. I’ve been interviewed for people in both situations.

For TS and higher, they are. When people are getting their clearances renewed the investigators make appointments and then come around and interview both the person given as a reference on the SF-86 and anybody else that person refers to as familiar with person under investigation. If they come looking for someone who they didn't have an appointment with they'll even ask random people in the area "hey, do you interact much with X? I'm here reviewing their clearance, do you have a few minutes?"

The simple questions are mostly just there so they can bounce you immediately for having lied on the form if the investigation and interviews indicate that you did those things. And if you make a good effort to conceal them before getting caught, they can charge you criminally. You’re correct that simply being cleared doesn’t get you access to anything. You still have to have a “need to know”, which can be pretty minimal depending on what it is. I’ve worked with suppliers who offered to tour me through their classified technology areas if I’d had a clearance. They have to processing a little paper, but apparently not a big deal for them.

The only one I saw where I could read the markings has “Top Secret” on it, but no indication of SCI. It may be a mix of Secret and TS, but SCI is harder to sneak out in your pocket so without seeing it all I’d suspect none was SCI.

It's actually been updated and replaced with several similar questions: "been a member of an organization devoted to terrorism" and "been a member of an organization dedicated to the use of violence or force to overthrow the US government". The latter one may have also been there in the "communist party" days. The form is online, and those questions are way at the back in section 29. As far social media accounts - they have limited ability to find them if you're using pseudonyms and making even a little effort to stay anonymous if you don't self report them. They do lie detector tests for some clearances, but those don't actually work. There's also nothing ensuring that the people evaluating the investigations aren't total wackos who prefer to approve other total wackos.

One of the problems with the clearance process is that the younger you are and less history you have, the easier it is to get a clearance. And at that age it's easier to hide wacko properties because there are just fewer people who would have seen them. A lot of the investigation is about whether you have questionable connections, or things you're hiding from people that make you blackmailable, etc, and so if you're 22 and fresh out of school there's just a lot less there. I'm also not convinced that the government has done any really scientific study of what works and what doesn't as evaluation criteria - quite a few of the criteria look like they came right out of the 50s and there are things that make you "questionable" that might have been an issue in 1956 but not only are common today, so common that you may not be able to find people without those characteristics. But to your point - they should be able to find people who aren't wackos who are competent, even for pretty obscure things. You may not always be able to get all the skills/capabilities you want in a single cleared person, but should be able to do it by making a small group of complementary people. And that's probably more secure in some ways, since they should start noticing if their teammates are wacko. edit: But all that said, I'm also not convinced that it's not a psyop. It's a lot of stuff to get out in one place, and it's got some strange characteristics. So even if it wasn't originally a US/NATO created psyop, it's possible that it's the product of some random OSINT person (or hobbyist making a game, or troll, or whatever) and the intel people decided they could fabricate a psyop around it. "Yeah, that report about aliens that you found on the internet that says USG all over it? IT'S ALL REAL!!!" and then start feeding stories to the WAPO and NYT "Oh, those aliens, yeah, we've been hiding them for decades and now the jig is up. We're so effed that the alien technology is about to all get out. The brits have been teleporting in and out all over the Russian lines and are going to be shut down".

The most plausible thing I’ve found is that it dates back to days when data transmission was expensive, so they abbreviated everything and terminated abbreviations with “x”. To this day if you read the short data things on aircraft status, weather delays and cancellations are WX, mechanical are MX, and probably a few others.

Could be a hobbyist or rpg player/game designer working on their SMO campaign game. Some of you might be old enough to remember the Secret Service convincing themselves that Steve Jackson Games was writing a handbook for cybercrime.

Not enough radios across the board. Only the recon and capture squads have them called out. Commander doesn’t have a dedicated radio operator? Drone team doesn’t? Fire support squads don’t? How do they know where to apply support? If the radios are complicated enough that five of the squads have dedicated operators called out, then they should have dedicated operators in more places.

It’s been standard airline usage for “passenger” (singular or plural) since forever and the only other usage I’ve heard is Latin for Pax Romana or Pax Americana. I travel too much and also spend time on travel forums.