FBI to require lie detectors on its systems administrators
The U.S. FBI last week quietly expanded its use of the polygraph to cover systems administrators and all other employees with access to sensitive computer networks and databases, marking the first time that IT specialists in the government have been singled out for the controversial lie detector test.
FBI Director Louis Freeh issued a memorandum last week that put the new policy into effect immediately, said agency spokesman Bill Carter. "The director notified all employees that interim changes have been made to the FBI security program, including an expansion of the use of the polygraph to cover employees in sensitive areas," Carter said. To date, the FBI's polygraph policy has been used to conduct periodic tests of employees at random.
The change in policy is a direct response to the Feb. 18 arrest of Robert Phillip Hanssen in one of the most damaging spy scandals in the bureau's history. Hanssen, a career FBI agent with access to highly classified counterintelligence databases, is accused of spying for Russia since 1985 and giving Russian intelligence agents details about U.S. intelligence sources and electronic surveillance operations.
However, the Hanssen case is unique in that the computer-savvy counterintelligence agent used his access to the FBI's Electronic Case File system, which contains classified information about ongoing FBI investigations, to check whether the bureau had been alerted to his activities. Although Hanssen and his Russian handlers relied heavily on traditional spying methods, such as "dead drops" for exchanging packages anonymously, the case is being touted by the FBI and IT security experts as a harsh lesson in the growing threat to corporate data by insiders.
As a result, the new FBI policy also includes what Carter called technical "enhancements" to the bureau's ability to monitor and analyze the computer activity of employees in sensitive areas of the bureau and to detect "anomalies."
Steven Aftergood, who runs the Project on Government Secrecy at the Federation of American Scientists in Washington, said he thinks this the first case where system administrators have been singled out to take the polygraph. It's also clear, he said, that the revised testing policy is a direct reaction to the FBI's failure to monitor Hanssen's online activities in real time before he could do damage.
Still, it's unclear, pending the release of an ongoing independent review of the Hanssen case, whether the new polygraph policy will remain in effect.
"It's a bit of a compromise," said Aftergood. "There is a cultural resistance to the polygraph that is different at the FBI than at the CIA. A polygraph is something that is given to new employees and suspected criminals, not to employees in good standing."
Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @IT_world
jfruh
Apple syncing patent can't come soon enough
pasmith
New Twitter features borrow from 3rd party clients
Esther Schindler
Open Source Changes the Software Acquisition Process
mikelgan
How to set up continuous podcast play on the new iTunes
David Strom
Five important Windows 7 mobility features
sjvn
Guard your Wi-Fi for your own sake
Sandra Henry-Stocker
Grepping on Whole Words
Sidekick: The Good News & the Bad News
Either way you look at it Microsoft Data Center management did not follow standards or best practices in this failure. In which case it makes me wonder more about the outsourcing of corporate data much less personal data.
- mburton325
Join the conversation here
Quick, practical advice for IT pros. Made fresh daily.
Want to cash in on your IT savvy? Send your tip to tips@itworld.com. If we post it, we'll send you a $25 Amazon e-gift card.
