Special Offer!

40% OFF ALL ITEMS 12/2-12/9. Use code PRESENTS at checkout. More info: here

Dissent is Dangerous: Insider Threat Defense and “The Snowden Affair”

Tom Devine Posted by Tom Devine.

Tom Devine is legal director of the Government Accountability Project, where he has worked to assist thousands of whistleblowers to come forward and has been involved in the all of the campaigns to pass or defend major whistleblower laws over the last two decades.

Foreword In the aftermath of classified disclosures to Wikileaks, the Obama administration created an Insider Threat Program tasked with identifying the “malicious insiders.


In the aftermath of classified disclosures to Wikileaks, the Obama administration created an Insider Threat Program tasked with identifying the “malicious insiders.” In practice, however, we have found that the Insider Threat Program is really a threat to insiders who commit the truth – whistleblowers.

According to the Office of the Director of National Intelligence, “An insider threat arises when a person with authorized access to U.S. Government resources… uses that access to harm the security of the United States. Malicious insiders can inflict incalculable damage. They enable the enemy to plant boots behind our lines and can compromise our nation's most important endeavors.”

The initial creation of the Insider Threat Program included an explicit exemption for whistleblowers covered under the Whistleblower Protection Act (WPA) and Intelligence Community WPA. However, in the years since the program’s inception, government agencies and congressional officials have used insider threats and whistleblowers as interchangeable identities, causing an irreversible chilling effect amongst public servants who are considering reporting waste, fraud, abuse and other misconduct. Further, the whistleblower exception has vanished from official training materials and guidance on how agencies should implement the Insider Threat program.

The following blog series by Matt Fuller will examine: Executive Order 13587, which established the Insider Threat Program; associated training materials and their implications; outside contracts, including Insider Threat Defense; congressional oversight of the program; a new DOD Analytic Center created to prevent insider threats; and other relevant issues.

Stay tuned,

Tom Devine
GAP Legal Director

Dissent is Dangerous: Insider Threat Defense and “The Snowden Affair”

In 2013, another whistleblower disclosure rocked the intelligence community. Edward Snowden, an NSA contractor, released materials related to the NSA’s mass surveillance programs to The Guardian and other newspapers. His motive for the disclosures included concerns about the massive scope of the surveillance programs developed by the NSA and a belief that the public deserved an opportunity to know just how much of their activities were being recorded. Snowden made his disclosures despite the best efforts of the Insider Threat Program to demonize people like him, knowing that he would face a prison sentence if he were caught. In public statements, Snowden has made clear that he first attempted to raise concerns over mass surveillance programs within the agency first, though they fell on deaf ears. In the aftermath, the intelligence community redoubled their efforts to crack down on disclosures of any sort by using an outside company*.

That company was Insider Threat Defense, a Maryland based company founded and run by Jim Henderson, who describes himself as a Cyber Security-Insider Threat Subject Matter Expert. Henderson gave a speech discussing Insider Threat training titled, “Defending from Within: Lessons Learned from the Snowden Affair.” In this speech, he terms whistleblowers Edward Snowden and Chelsea Manning as malicious insiders, and calls for greater attempts to silence them. In the title of the speech and through his placement of news articles related to Snowden next to the Navy Yard mass shooting and acts of industrial espionage, we can see that deterring whistleblowing continues to be a priority.

Henderson rightfully acknowledges “…Snowden stated that he had reported policy or legal issues related to spying programs to more than 10 officials, but as a contractor had no legal avenue to pursue further whistleblowing.”  However, he makes no recommendations for allowing dissent within the organization and appears to reference Snowden’s internal disclosures as a clue that he was going to disclose materials or that he was what Henderson refers to as “a weak link.” This attitude towards employees raising concerns  further reinforces that it is intelligence community policy to view even responsible dissent through channels as dangerous, and that it should be quashed, not addressed.

The slides from Henderson’s speech on insider threat defense demonstrate that retaliation towards whistleblowers remains the government’s first response. Despite paying lip service to the civil liberties of employees, Henderson makes frequent references to monitoring workers and watching for signs of weak links. Henderson calls for what he refers to as a “comprehensive and integrated Insider Threat Program that is comprised of individuals from various departments, business units and supporting functions” for the purpose of “the identification of suspicious or malicious activities and behavioral indicators by the Insider.” These recommendations, when combined with the lack of safe channels for whistleblower disclosures, reinforce the chilling effect for individuals who may attempt to raise concerns internally. They are left to remain silent observers or make anonymous disclosures to the media, given that otherwise their superiors may report them as suspicious under the Insider Threat Program.

It is clear from Snowden’s case that despite the best efforts of the Intelligence Community to scare whistleblowers into silence, courageous individuals who see wrongdoing being committed may still speak out, regardless of the personal risks. Not only does targeting dissenters fly in the face of the whistleblower exceptions in President Obama’s Executive Order 13587, it also is a losing strategy when it comes to protecting classified information by forcing them outside institutional checks and balances. Ensuring that dissent at best is ignored, or at worst is grounds for an investigation forces whistleblowers to seek other methods of drawing attention to wrongdoing. They should be protected as individuals attempting to make the system work, not targeted as malicious insiders or threats to national security.

While this Insider Threat Program already has been established, efforts are being made to begin a more aggressive crackdown on whistleblowers within the Department of Homeland Security. H.R. 3361, which passed in the House of Representatives and would establish an Insider Threat Program in the Department of Homeland Security, does not include a whistleblower protection provision.  These tactics are not going unheeded, however. In January, a coalition of open government organizations published a letter to the Office of the Director of National Intelligence to call into question the complete lack of distinction between legitimate and illegitimate disclosures shown in these training materials. The letter can be viewed here. The Senate Homeland Security and Governmental Affairs Committee has responded by adding a whistleblower exception to the definition of insider threats within H.R. 3361. The jury is still out, however, for freedom of speech within institutional channels.

*An eralier version of this blog incorrectly stated the intelligence community hired Insider Threat Defense.

Matt Fuller