The White House reportedly ordered the CIA to send it a list of new hires over an unclassified email system. Here’s what happened and the concerns it raises.
What happened?
As part of the Trump administration’s broader efforts to cut the federal workforce, the White House reportedly asked the CIA to send it a list of all employees hired within the last two years. The list included the first names and first initial of the last name of the employees.
What are the national security implications of this?
It will be easy for an adversary to identify the employees.
Despite White House officials playing down security concerns, it is almost certain a determined adversary could uncover the identities of these employees. Adversaries like China, Russia, and Iran have hacked countless sites containing the personal data of millions of Americans. China has hacked OPM. It is not a reach to think any of them might access an unclassified email server. This is precisely why so many national security experts raised concerns about Hillary Clinton’s private server.
With access to the list, it wouldn’t take much for an adversary to pair it with other collected personal data (such as area of expertise, studying at campuses known to be CIA recruiting grounds, possessing critical foreign language skills) and figure out who’s who. It would be even easier with individuals whose names might be unique. Somebody with the first name John, for example, might be harder (but not impossible) to identify than someone with a unique first name.
This creates a loss in operational capability (and morale).
With even the risk of their identity being known to adversaries, it is much more likely these officers will not be able to work undercover. That is a huge loss. Finding individuals with the right demeanor to manage the stress associated with undercover work is an arduous task. Finding such individuals who also speak relevant foreign languages and are fluent in foreign cultures is even harder. Indeed, media reports say many of the new hires have expertise in China and speak Mandarin, skills we need as we increasingly find ourselves in confrontation with China. Replacing people with those skills is hard. Those who are left behind will also suffer from poor morale as the administration continues to signal it doesn’t value intelligence professionals.
If these individuals are indeed compromised but were to do undercover work anyway, they would be taking an enormous risk with their lives, as well as those of their assets and their colleagues, who could also be exposed.
The loss is compounded by the fact that these are new officers. The ability to maintain good cover decreases over time, as an intelligence officer is exposed to more people in more places. Young officers have the opportunity to build good solid covers that will serve them well for years.
It is worth noting here that Harold Nicholson, himself a CIA officer, was sent to prison for 24 years for, among other things, selling the names of CIA trainees to the Russians. No one has handed over the names of these current employees directly to an adversary, but the White House and the CIA have certainly made it easier for our adversaries to uncover who they are.
This is also a waste of resources.
An entire cadre of new employees might have to be let go for operational reasons, or might willingly be let go by a White House intent on cutting the federal workforce. Either way, losing these employees represents a waste of federal resources. A certain amount of time and money have already been invested in them: the interview and onboarding stages at CIA are rigorous and long. Vetting the candidate and doing background checks are intensive and rigorous processes. Once onboard, employees begin training in spy tradecraft and analysis. If these employees are let go, that will all be for naught.
The episode raises concerns about the White House’s and CIA’s willingness and capability to protect undercover officers.
According to the New York Times story, “Current officials confirmed that the C.I.A. had sent the names of employees to the Office of Personnel Management, complying with an executive order signed by President Trump. But the officials downplayed security concerns. By sending just the first names and initials of the probationary employees, one U.S. official said, they hoped the information would be protected.”
Of course, hope is not a strategy, as they say. Particularly as there are processes in place to safely relay this type of information to the White House. Not sending the names of undercover operatives over an open email system is Day One stuff (and honestly, most people know this even without any spy training).
It seems almost quaint to mention any of this, given that Trump has repeatedly shown disdain for protecting anything classified. Reckless behavior regarding the identities of undercover CIA officers simply adds to what we already knew: Trump doesn’t care about protecting classified information or his own people.
It is also likely to raise concerns from U.S. partners and allies.
Trump’s repeated refusal to take protection of classified information seriously is bound to lower the level of trust with our partners. If we cannot protect our own undercover officers—worse, if we take actions that actively risk exposing them—why should our partners share their secrets with us?
(Editor’s note: This article is part of the Collection: Just Security’s Coverage of the Trump Administration’s Executive Actions.)