National Security

After CIA gets secret whistleblower email, Congress worries about more spying

The Central Intelligence Agency in Langley, Virginia,
The Central Intelligence Agency in Langley, Virginia, MCT

The CIA obtained a confidential email to Congress about alleged whistleblower retaliation related to the Senate’s classified report on the agency’s harsh interrogation program, triggering fears that the CIA has been intercepting the communications of officials who handle whistleblower cases.

The CIA got hold of the legally protected email and other unspecified communications between whistleblower officials and lawmakers this spring, people familiar with the matter told McClatchy. It’s unclear how the agency obtained the material.

At the time, the CIA was embroiled in a furious behind-the-scenes battle with the Senate Intelligence Committee over the panel’s investigation of the agency’s interrogation program, including accusations that the CIA illegally monitored computers used in the five-year probe. The CIA has denied the charges.

The email controversy points to holes in the intelligence community’s whistleblower protection systems and raises fresh questions about the extent to which intelligence agencies can elude congressional oversight.

The email related to allegations that the agency’s inspector general, David Buckley, failed to properly investigate CIA retaliation against an agency official who cooperated in the committee’s probe, said the knowledgeable people, who asked not to be further identified because of the sensitivity of the matter.

Somehow, according to these people, Buckley obtained the email, which was written by Daniel Meyer, the intelligence community’s top official for whistleblower cases, to the office of Sen. Chuck Grassley, R-Iowa, a leading whistleblower-protection advocate. The Senate Intelligence Committee also learned of the matter, said the knowledgeable people.

After obtaining the email, Buckley approached Meyer’s boss, I. Charles McCullough III, the inspector general for the 17-agency U.S. intelligence community, in what may have constituted a violation of the confidentiality of the whistleblowing process, they said.

Monitoring inspectors’ general communications with lawmakers would clash with efforts by Congress and President Barack Obama to strengthen protections for intelligence community whistleblowers. If government officials outside an inspector general’s office accessed such communications, they could discover whistleblowers’ identities and retaliate against them by targeting them as security risks known as “insider threats.”

The incident involving Meyer’s email occurred shortly before Grassley and Sen. Ron Wyden, D-Ore., a member of the Senate Intelligence Committee, wrote to Director of National Intelligence James Clapper demanding to know if all of the communications of federal employees with security clearances are being continually monitored, without protections for whistleblowers. McClatchy’s sources said that the letter and the email were likely connected.

“If whistleblower communications with Inspectors General or with Congress are routinely monitored and conveyed to agency leadership, it would defeat the ability to make protected disclosures confidentially, which is especially important in an intelligence community context,” the senators wrote.

The letter, which Grassley and Wyden made public on June 19, made no mention of the email controversy. Grassley’s office declined to comment on the letter or the email controversy. “The letter speaks for itself,” said Keith Chu, a Wyden spokesman, who declined further comment.

The senators wrote that monitoring whistleblower communications “could result in whistleblowers choosing to make unprotected disclosures in public forums, with potential negative consequences for national security.” They were apparently referring to former National Security Agency contractor Edward Snowden’s disclosures to the media.

Snowden has said that he decided to leak to the media thousands of top-secret documents on the NSA’s sweeping collection of Americans’ communications data in part because he did not trust the system designed to protect whistleblowers from retaliation.

Clapper responded to the letter from Grassley and Wyden on Friday _ a day after McClatchy sought comment from the CIA. Clapper’s letter, obtained by McClatchy, didn’t directly address the Meyer email.

Clapper’s letter suggested there is a need for tighter technical controls that discriminate between whistleblower-related communications and genuine insider threats.

McCullough and other intelligence community inspectors general are “currently examining the potential for internal controls that would ensure whistleblower-related communications remain confidential, while also ensuring the necessary UAM (user activity monitoring) occurs,” Clapper said in the letter.

If such disclosures occur, he said, they’d be accidental, and in such cases there are safeguards in place to maintain the confidentiality of the whistleblowers.

“In the event a protected disclosure by a whistleblower somehow comes to the attention of personnel responsible for monitoring user activity, there is no intention for such disclosures to be reported to agency leadership under an insider threat program,” Clapper wrote.

The email controversy finds an echo in the allegations that the CIA monitored computers that Senate Intelligence Committee staffers used to compile the 6,000-page investigative report on the agency’s use of waterboarding and other harsh interrogation methods on terrorist suspects held in secret overseas prisons.

The report is undergoing a declassification review, and its 400-page executive summary, findings and conclusions are expected to be made public in coming weeks.

Senate Intelligence Committee Chairwoman Dianne Feinstein, D-Calif., took to the Senate floor in March to charge that the CIA “may have violated the separation of powers principles embodied in the United States Constitution” by monitoring her staff’s computers.

The Justice Department announced earlier this month that it would not pursue her charges or separate CIA allegations that her staff removed classified materials from a top-secret CIA facility without authorization.

The Senate Intelligence Committee declined to comment on Meyer’s email, as did the Office of the Inspector General for the Intelligence Community, the CIA and Clapper’s office. Meyer’s office declined to allow a reporter to speak to him.

Meyer’s email concerned allegations that Buckley failed to thoroughly investigate a whistleblower retaliation claim, McClatchy has learned. The retaliation allegedly involved delays by the CIA in paying the legal fees of CIA officials who cooperated with the Senate committee. An indemnification agreement required the agency to cover those costs – which it eventually did – as long as the officers weren’t found to have committed any wrongdoing.

Meyer, whose official title is Executive Director, Intelligence Community Whistleblowing and Source Protection, handles whistleblower allegations of waste, fraud and abuse within the intelligence community. He works for McCullough, the intelligence community inspector general, in a facility whose email network is part of the CIA’s system, McClatchy was told.

The Intelligence Community Inspector General’s Office was set up in 2011 as an independent watchdog with some oversight powers over other intelligence agency inspectors general, including the CIA.

After Buckley approached McCullough about Meyer’s email, McCullough’s office sent two classified notifications to the Senate Intelligence Committee.

Grassley announced in an April 14 press release that he’d received two notifications from McCullough’s office, but he did not provide details, saying the contents of the notifications were classified.

The first notification, sent on March 28, 2014, had the unclassified subject line “Whistleblower Communications,” Grassley said. The second, sent three days later, had the unclassified subject line “Whistleblower Communications – Clarification.”

In a letter to Clapper and CIA Director John Brennan attached to Grassley’s release, the senator questioned the need to keep the notifications secret and asked them to declassify the documents because of the “strong public interest in their content.” Grassley copied the letter to Senate Judiciary Chairman Patrick Leahy, D-Vt., members of the Senate Intelligence Committee, the Office of Senate Security and intelligence agency officials.

“I respectfully request that they be declassified as soon as possible so that the serious policy implications and potential Constitutional issues that they raise can be debated publicly,” Grassley wrote.

There could be several explanations of how Buckley obtained Meyer’s email, said experts familiar with insider threat monitoring. They requested anonymity because of the matter’s sensitivity.

CIA computer security systems could have inadvertently flagged Meyer’s email because it contained certain keywords deemed to be indicators of a potential breach, they said.

Other triggers could include sending email from a personal account over a government network, the identity of the recipient or emailing an attachment, they said.

Intelligence and defense agencies log their workforces’ computer use to detect and deter security risks as part of the administration’s Insider Threat Program, an effort to prevent unauthorized leaks of information.

Employees are notified of the monitoring and are told that they could lose their security clearances if they are caught improperly divulging sensitive or classified information. But security officials are barred from targeting whistleblowers.

Clapper earlier this year discussed the need to continually evaluate the trustworthiness of federal employees with security clearances as part of the Insider Threat Program by monitoring their official and “off the job” communications.

“We’re going to need to change our security clearance process to a system of continuous evaluation,” he told the Senate Armed Services Committee on Feb. 11. The intelligence community, he continued, needed to have “a way of monitoring their behavior, both their electronic behavior on the job as well as off the job.”

Last year, a series of McClatchy reports described how the Insider Threat Program had become an unprecedented government-wide crackdown in which federal bureaucrats were ordered to watch co-workers for “high-risk persons or behaviors.”

The program covers virtually every federal department and agency, including the Peace Corps, the Department of Education and others not directly involved in national security.

Related stories from McClatchy DC