FBI Sys Admins Face Lie Detector Tests
The FBI has quietly expanded its use of the polygraph to cover systems administrators and all other employees with access to sensitive computer networks and databases, marking the first time that government IT specialists have been singled out for the controversial lie detector test.
FBI Director Louis Freeh issued a memo two weeks ago that put the policy into effect immediately, agency spokesman Bill Carter confirmed last week.
"The director notified all employees that interim changes have been made to the FBI security program, including an expansion of the use of the polygraph to cover employees in sensitive areas," Carter said. Until now, the FBI's polygraph policy has been used to conduct periodic tests of employees at random.
The policy change is a direct response to the Feb. 18 arrest of Robert Philip Hanssen in one of the most damaging spy scandals in the bureau's history. Hanssen, a career FBI agent with access to highly classified counterintelligence databases, is accused of spying for Russia since 1985. The computer-savvy counterintelligence agent used his access to the FBI's Electronic Case File system to check whether the bureau had been alerted to his activities.
The new FBI policy also includes what Carter called technical "enhancements" to the bureau's ability to monitor and analyze the computer activity of employees in sensitive areas of the bureau and to detect "anomalies."
Steven Aftergood, who runs the Project on Government Secrecy at the Federation of American Scientists in Washington, said he thinks this is the first time systems administrators have been singled out to take the polygraph.
Still, it's unclear, pending the release of an ongoing independent review of the Hanssen case, whether the polygraph policy will remain in effect.
Polygraphs are used regularly by the CIA as a hiring tool and as a method of uncovering spies. Employees are hooked up to a machine that records breathing rate, blood pressure and sweat gland activity during a series of questions. Changes in those rates are then recorded and used to determine truthfulness. But experts are split on the test's accuracy and acknowledge that honest people can be misread.
Alan Paller, director of research at the SANS Institute, a security research organization in Bethesda, Md., characterized the focus on internal security and personnel monitoring as "the Carnivoore effect," referring to the FBI's controversial system for e-mail monitoring.
"People have discovered that system administrators have unfettered access to all the most private information being passed through their systems," he said. "With it comes a sense that there ought to be some controls on what they see and what they do with it. [However], I have not seen any consensus on what they are going to do about these discoveries."
John Pescatore, an analyst at Stamford, Conn.-based Gartner Group Inc., said that there are benefits to subjecting systems administrators to polygraphs but that he doesn't see such testing becoming widespread. The national security community does them only every five years, on average, because of cost, but "the average time at a job of a system administrator is less than three years," he said.
Computerworld
Symantec Backup Exec 12 and Backup Exec System Recovery 8 deliver industry leading Windows data protection and system recovery. Download this whitepaper to find out the top reasons to upgrade and how to get continuous data protection and complete system recovery.
Data and system loss — from a hard drive failure, malicious attack, natural disaster, or simple human error — can happen anytime. Don’t leave your business vulnerable. Make sure you have a secure recovery strategy in place. Symantec's latest backup and system recovery technology can efficiently restore critical applications, individual emails and documents and even restore your entire system in minutes in the event of a loss.
Businesses face a growing challenge to ensure that the IT environment is properly protected. Backup Exec 12 integrates with other applications in the Symantec family of products, to complement your current data protection strategy, keep your data securely backed up and make it recoverable when you need it most.
