Senate Judiciary Committee chairman Chuck Grassley has been keeping the records folks awake in Foggy Bottom. Last week, he directed his attention on the missing permanent IG at the State Department from 2008-2013. Over two years late but this gotta be good.
In any case, Senator Grassley now wants to know why the IG vacancy at the State Department lasted, by official count, 2,071 straight days. Late but okay, we’d like to know, too. The senator wrote a letter to Michael E. Horowitz, the Chair of Council of the Inspectors General on Integrity and Efficiency (CIGIE) and to Secretary Kerry. Excerpt below:
Congress needs a better understanding of how and why the State Department lacked a permanent IG who could serve as an independent watchdog for 2,071 straight days. Accordingly, please respond to the following by September 11, 2015:
CIGIE Chair Horowitz: Assuming that CIGIE prepared a list of recommended candidates to fill the IG vacancy at the State Department created upon the departure of former IG Howard Krongard in 2008:
a. Who were the candidates?
b. When were they recommended?
c. Who sent the slate of recommendations from CIGIE to the White House?
d. Who received the slate of recommendations at the White House from CIGIE?
e. What was the response, if any, from the White House regarding the slate of candidates?
f. Who, if anyone, at CIGIE received the White House’s response?
g. When and how was any such response from the White House received?
h. Please provide all records from any CIGIE official at the time relating to communications with the White House about the IG vacancy or potential candidates to fill the vacancy.
i. Did CIGIE provide candidate names to the State Department? If so, please provide the Committee with all records from any CIGIE official at the time relating to communications with the State Department about the IG vacancy or potential candidates to fill the vacancy.
Secretary Kerry: Please provide the Committee with all State Department records related to the IG vacancy or potential candidates to fill the vacancy, including communications between and among former Secretary Clinton, her senior staff, or any State Department personnel, any CIGIE official, or any White House official.
[ As an aside — the original OIG draft/report on DS investigations dates back to 2012 and was made part of the Higbie v. Kerry, a title VII employment discrimination case in Texas. That case was subsequently dismissed by the district court and affirmed by the Court of Appeals (pdf) in March 2015. But in 2013, the government sought to exclude the “improperly obtained documents” that Higbie obtained via a subpoena from a retired OIG employee, Aurelia Fedenisn. The government asserted that the documents, including the draft report, were improperly retained by Fedenisn after her employment ended in 2012. We’re reminded of this case in relation to the IG vacancy because the Washington Examiner recently reported that the then acting IG had sought to keep early drafts of a controversial OIG report under wraps in the Higbie case in federal court in 2013. Note that the contents of that draft report have already circulated and were reported on by the press in June 2013].
State/OIG released it inspection report of the U.S. Embassy in Tokyo and its constituent posts. The OIG made 65 recommendations intended to improve Embassy Tokyo’s operations and programs. Mission Japan is headed by Ambassador Caroline Kennedy who arrived in November 2013, and her DCM, Jason P. Hyland who arrived in June 2014. Mr. Hyland’s predecessor is not named in the report. Prior to this inspection, US Mission Japan was last reviewed in early 2008, and a report was issued in June 2008 (link to that report at the bottom of this post).
US Embassy Japan from diplomacy.state.gov
Let’s start with the key findings:
The Department of State has not addressed security problems, including vulnerabilities which the Office of Inspector General identified in previous inspection reports.
The role and authorities of the Ambassador’s chief of staff are not clearly defined, leading to confusion among staff as to her level of authority, and her role in internal embassy communications.
The embassy’s focus on daily reporting of political and economic developments comes at the expense of building a broad network of contacts and providing in-depth analysis for policy formulation.
The embassy is not coordinating reporting and diplomatic engagement across the mission. Constituent posts in Sapporo, Nagoya and Osaka-Kobe need to be brought up to the high standards set by posts in Fukuoka and Naha.
The level of U.S. direct-hire staffing in the embassy’s political, economic, and consular sections is greater than workload warrants.
The public affairs section faces major management challenges, but has begun to focus on educational exchanges and staffing adjustments to cope with the high visitor load and public outreach needs.
American Presence Post Nagoya should cease offering routine consular services; consular operations in Fukuoka and Sapporo are inefficient.
Although the embassy’s management section has made significant progress on cost containment, senior managers should pay greater attention to management controls over travel and official residence allowances.
Office of Inspector General inspectors identified $122,665 in cost savings and $2,331,787 in funds put to better use during the inspection.
Overview of the mission:
Mission Japan is one of the U.S. Department of State’s (Department) most important missions in terms of its size and the U.S. interests for which it is responsible. The mission includes 13 U.S. Government agencies and 5 constituent posts: consulates general in Osaka-Kobe and Naha, consulates in Sapporo and Fukuoka, and an American Presence Post1 in Nagoya. The mission also includes the Foreign Service Institute language school in Yokohama. Headquarters of U.S. Forces Japan are located nearby at Yokota Air Base, and various U.S. military commands are located throughout the mainland and on Okinawa. The mission has 272 U.S. direct-hire employees and total employment of 727. In FY 2014, total funding for the mission, including other agencies, was $93.6 million. U.S. direct-hire employees were receiving a 25- to 35-percent cost-of-living allowance based on location at the time of the inspection.
Now, the good news:
Good Scores for Ethics | The Ambassador has made clear to the bureau’s executive office, the management officers at Embassy Tokyo, and her front office staff that she wants all her activities to be conducted in accordance with U.S. Government regulations. This was borne out by the fact that the highest score she received from staff members who completed a personal questionnaire was for her ethical behavior.
Hague Convention Accession | Japan is second only to Mexico in the number of children abducted from the United States. Japan’s accession to The Hague Convention on International Parental Child Abduction in 2014 was a significant development, due in no small part to Embassy Tokyo’s efforts to encourage Japan to join.
EFM Employment | A de facto work agreement with the Government of Japan allows family members to apply for work permits with strict rules governing employment. Twenty-seven eligible family members are employed inside the mission, and 34 eligible family members are employed outside the mission, mostly as English teachers.
RSO: The Tokyo regional security office is responsible for the security and emergency preparedness of a large geographically dispersed diplomatic mission. In discussions and interviews with embassy staff members, the OIG team was told repeatedly that the regional security office is responsive to their needs. Accomplishments of the senior regional security officer include reinvigorating the law enforcement working group, updating and drafting missing or outdated security policies, and implementing modifications to the local guard contract that save the Department approximately $230,000 annually. The regional security office staff uniformly describes the senior regional security officer as a good mentor and communicator.
Cost Containment: In 2014, to contain cost, the embassy transferred 70 percent of its voucher processing to the Department’s regional voucher processing center. The cost to process a voucher in Japan is three times higher than at the regional center. The transfer resulted in the elimination of at least two voucher examiner positions.
And the not so good news, oh where do we start?
Leadership | A non-career Ambassador with wide experience in nongovernmental and publishing industries leads Embassy Tokyo. She sees the strengthening of mutual understanding between the Japanese and the American people and the deepening of the security alliance as her prime responsibilities. The Ambassador does not have extensive experience leading and managing an institution the size of the U.S. Mission to Japan. She relies upon two key senior staff members—her non-career chief of staff and a career Senior Foreign Service deputy chief of mission (DCM)—to make sure that Embassy Tokyo and its constituent posts receive the resources and guidance they need to conduct day-to-day operations. The chief of staff, who has extensive experience in public relations and has worked with the Ambassador over a period of years, organizes special projects for the Ambassador, coordinates functions within the embassy, and oversees embassy staff interactions with the Ambassador. The DCM, who arrived in Tokyo 6 months before the start of the onsite inspection process, focuses on internal management of the embassy and coordination with the constituent posts.
Communication Between the Front Office and Embassy Sections Needs Improvement.
High Visibility Ambassador Puts a Strain on Some Embassy Elements
Role of Chief of Staff Needs Refinement
The Deputy Chief of Mission Should be More Proactive in Exercising Leadership
The leadership section does not include discussion on training, mentoring, and professional development of First and Second Tour (FAST) officers, or mission morale. The report says that “four of seven officers in the public affairs section assigned to Tokyo have left post before their tour end date.” There’s a term for that; it’s called curtailment. A non-career chief of staff, a PR person, who has a large sway in the functioning of this embassy is not named in this report. And just before the arrival of the inspectors, the front office apparently had made some headway on improving communication by holding a town hall meeting to unveil the revised memo outlining the activities the Ambassador would undertake. The report is not clear if this is the ambassador’s first town hall meeting with embassy staff.
Minister Counselor Positions Under-Ranked
Economic Section Has Too Many Supervisors
Economic Section Portfolios Organized Poorly
Excess Staff in the Political and Economic Sections
Law Enforcement Working Group Lacks Political Context
Reporting and Advocacy Needed on Structural Reform
Economic Section Not Keeping Proper Records and Files
Embassy Tokyo does not have a current records management policy and does not enforce Department and Federal regulations on records management.
The economic section’s reporting relies heavily on media sources. On some policy developments, the OIG team found that embassy reporting did not add value to more timely reporting by the international press. Reporting was mostly single-sourced and did not evidence a range of contacts among Japanese business leaders, legislators or staff, political parties, academia, or other economic leaders or decision makers, as intended by 2 FAM 113.1 c (10) and (11).
Consular Officer Staffing Is Excessive
No Coordination of Consular Social Media
Inefficient Consular Operations in Fukuoka and Sapporo
Note that citizens of some countries including Japan, who are traveling to the U.S. for 90 days less for business or tourism may not need a visa as they are eligible for the Visa Waiver Program (VWP). This report says that Tokyo’s consular section, with 14 officers, has more officer positions than other consular operations of similar workload, with a high proportion of managers to entry-level officers.
Inconsistencies in Billing Methods Creates Confusion
Cashiering Violation and Fiscal Irregularity
Class B Cashier’s Cash Advance is Excessive
Salaries Inappropriately Paid Directly to Official Residence Expense Staff (this is a pretty common subject in OIG reports)
Position Descriptions Are Inaccurate
Delays in Processing Within-Grade Increases
In-House Post Language Program Is Not Cost Effective
No In-House Equal Employment Opportunity Training Provided to Staff
Allegations of Sexual Harassment Not Reported to the Office of Civil Rights
Unauthorized Use of Motor Pool Shuttle Services
Living Quarters Allowance Not in Compliance with the Foreign Affairs Manual
No Emergency Backup Generators at Some Constituent Posts
The Department’s Office of Fire Safety conducted visits in 2014. The report identified 83 deficiencies of which the mission has corrected 53.
Locally Developed Software Applications Not in Compliance
Emergency Communication Does Not Meet Department Standards
No Logs of Network Maintenance
Premium Class Train Travel Policy Does Not Comply with Department Regulations
Extra Travel Costs Inappropriately Approved for Using Indirect Routes
USCG Naha: Inappropriate Use of Official Residence Expense Funds Instead of Representation Funds
The OIG report says that in the past 8 months, four of seven officers in the public affairs section assigned to Tokyo have left post before their tour end date. That’s called curtailment. Unless they were all medevaced.
Embassy’s 11-person Media Analysis and Translation Team Lacks a Clear Mandate | Without a survey of the MATT’s customers, the embassy cannot confirm who—if anyone—is reading its products or justify the $1.25-million annual cost of operating the MATT.
Social Media Lacks Coordination| Several LE staff members work separately with social media, resulting in a multiplicity of uncoordinated messages
Grants Management Not in Compliance
No Public Diplomacy Strategy
The public affairs section was told to take a 26-percent cut. This reduced the public diplomacy allotment from $11.5 million in FY 2011 to $8.6 million in FY 2012. Even at that reduced rate, Mission Japan’s public affairs budget was still the largest in the Bureau of East Asian and Pacific Affairs. As a result of these budget cuts, the public affairs section eliminated 17 LE staff positions. The public affairs section allocated 68 percent of its FY 2014 budget of $8.5 million to LE staff salaries. According to the Under Secretary for Public Diplomacy and Public Affairs, this is high by world standards. […]The Ambassador selected the country public affairs officer, who arrived in Tokyo in August 2014, to stabilize the public affairs section, end the curtailments, define LE staff duties in order to clarify the new distribution of duties following the 2012 staff cuts, bring transparency to personnel decisions, and get the entire staff’s commitment to move forward. Since the public affairs officer’s arrival, the public affairs section has had considerable success, particularly with programs on educational exchange and women’s issues
A few more items with notable details extracted from the report:
Commercial Email Usage | In the course of its inspection, OIG received reports concerning embassy staff use of private email accounts to conduct official business. On the basis of these reports, OIG’s Office of Evaluations and Special Projects conducted a review and confirmed that senior embassy staff, including the Ambassador, used personal email accounts to send and receive messages containing official business.
Employee Evaluation Reports do not Reflect Demonstrated Weaknesses | The OIG team reviewed a range of Department employee evaluations written by managers at the U.S. Mission to Japan. They found several examples of evaluations that did not reveal any indication of serious weaknesses, even though the rated officers had required in-depth management and or discipline by their supervisors and had absorbed time and resources from senior embassy officers. The DCM, having been at post only 6 months, has not yet produced employee evaluations. The inspectors advised him to make clear to rating officers that employee evaluations must present an accurate record of each staff member’s strengths and a realistic area for improvement.
Yokohama Language Program Cost-Benefit Analysis Lacking | To provide Japanese-language instruction in Yokohama, it costs the Department an estimated $2.3 million per year. The total cost of operating the school, factoring out fixed expenses, such as leasing residences for the students, post allowance, education allowance, the school director’s salary and benefits, and other sunk costs, is $1 million per year. This translates into a per-student cost of from $83,583 to $200,599 for a student body of from 5 to 12 students. The Department could be incurring higher costs for providing language services.
No Justification for Paying Post Allowance to Family Member Appointees | Worldwide, Embassies London and Tokyo are the only two authorized to pay post allowance to family member appointees. In 2001, the Department granted them an exception on the basis of their inability to recruit individuals for family member positions because of lower salaries and wages, in accordance with 3 FAM 8218.1 c. In Japan, these adverse employment conditions no longer exist. Except for security escort positions, the embassy has had no difficulty filling family member positions. It also has been able to fill some of its LE staff vacancies with eligible family members when they meet all position requirements. The cost impact to the embassy of providing the post allowance to nine full-time family members is $59,190, annually.
Consulate General Naha Not Benefiting from Zero Cost Leasing Offer | In February 2010, the Open Source Center located on the U.S. Army’s Torii Station offered four Government-owned houses located on Kadena Air Base to Consulate General Naha at zero leasing costs. Consulate General Naha has not fully considered this offer. The OIG team estimates accepting the Open Source Center’s offer would save leasing costs of $110,665 per year. The embassy would continue to fund utility and make-ready costs. In Naha, U.S. direct hires already use base services, including the commissary, Post Exchange, and other support services. U.S. direct-hire dependents attend Department of Defense schools. According to 15 FAM 228 b, housing selection should achieve maximum cost benefit to the U.S. Government, and every effort should be made to lease appropriate housing with terms that reflect the likelihood of the housing unit remaining in posts inventory, with lease terms of 5 years or more whenever appropriate.
Private Domestic Staff Inappropriately Housed in U.S. Government-Owned Facility | The embassy continues to house private domestic staff of U.S. direct-hire officers in a separate U.S. Government-owned facility (the former U.S. Marine Dormitory) despite a 2008 Office of Legal Counsel’s opinion cautioning that the legality of operating living quarters for private domestic servants of U.S. Government employees on U.S. Government premises is highly doubtful under Federal appropriations/employment law. The presence of such facilities on U.S. Government-controlled real property also raises liability issues under employment law and tort law. The embassy raised concerns about prior fraudulent domestic staff employment contracts, use of appropriated funds to maintain the facility and collection of utilities reimbursements through the employees association as a probable violation of appropriation law. At the time of inspection, 42 domestic staff resided in the 31-room U.S. Government-owned building designated for domestic staff. According to 15 FAM 244, post personnel may house full-time domestic staff in their own U.S. Government-provided quarters if space is available and approved by the regional security officer. The estimated cost of maintaining the facility is $60,000 per year.
For obvious reasons, we are unable to share the name of the retired diplomat here but we have permission to share this with our readers.
Retired FSO: I was planning on blogging about Hillary’s emails. Title: “If I Did What Hillary Did, I’d Be In Jail.”
Me: Great! Looking forward to reading it!
Retired FSO: But I won’t.
Retired FSO: Just read 3 FAM 4170. I’m retired. I can’t believe I really need to clear my blogposts with PA. I mean, I’d use common sense, you know? I wouldn’t be divulging stuff like, say, our nuclear launch codes, or the chronically malfunctioning air conditioning system at Main State. I’d just focus on how when you become a charter member of America’s political elite, the rules don’t apply to you. That’s all.
Me: Only stuff “of department concern” needs clearance. Max timeframe for blogs, five days.
Retired FSO: But they’ve made me jittery. I don’t fancy jail. They’d probably force me to watch re-runs of “Madame Secretary” every day; let me read only the FAM! The eighth amendment doesn’t allow this kind of cruel and unusual punishment, but Mother State can be as vindictive as a Borgia dowager.
Me: Okay. So, does this mean you’ll stop blogging?
Retired FSO: Nah. Maybe I’ll just write about my pets from now on. Think anybody would read Diplo Doggy’s Adventures?
On September 25, 2013, State/OIG released its Special Review of the Accountability Review Board (ARB) Process. That report contains 20 formal and 8 informal recommendations. For the status of the 20 formal recommendations, see Appendix B of the report. For the status of the informal recommendations, see Appendix C of the report. The OIG notes that the action taken by State at some Benghazi ARB recommendations “did not appear to align with the intent of the recommendations and some Benghazi ARB recommendations did not appear to address the underlying security issues adequately.”
Thirteen of the formal recommendations and five of the informal recommendations are related to the ARB process. The remaining seven formal and three informal recommendations mirror or are closely related to the Benghazi ARB recommendations. As stated in the ARB process review report, the ARB process team’s rationale for issuing these recommendations was that the action taken to date on some of the Benghazi ARB recommendations did not appear to align with the intent of the recommendations and some Benghazi ARB recommendations did not appear to address the underlying security issues adequately. The classified annex to the report provides an assessment of the Department’s implementation of the recommendations of the Benghazi ARB as of the date of the review. Its focus is on the implementation of the 64 tasks S/ES issued in response to the Benghazi ARB recommendations. It contains no OIG recommendations.
In the Compliance Followup Review or CFR dated August 2015, State/OIG reissued one recommendation from the 2013 inspection report, that the Under Secretary of State for Management, in coordination with the Bureau of Diplomatic Security and the Bureau of Overseas Buildings Operations, develop minimum security standards that must be met prior to occupying facilities located in designated high-risk, high-threat locations and include these minimum standards for occupancy in the Foreign Affairs Handbook as appropriate. The report also include a little nugget about DOD cooperation with investigative reports of security-related incidents that involve State Department personnel, specifically mentioning “the incident in Zabul Province, Afghanistan.” That’s the incident where FSO Anne Smedinghoff and four others were killed in Zabul, Afghanistan in April 2013.
Outstanding Recommendation on Minimum Security Standards
Recommendation 17 of the ARB process review report recommended that the Department develop minimum security standards that must be met prior to occupying facilities in HRHT locations. The Department rejected this recommendation, stating that existing Overseas Security Policy Board standards apply to all posts and that separate security standards for HRHT posts would not provide better or more secure operating environments. Furthermore, recognizing that Overseas Security Policy Board standards cannot be met at all locations, the Department has a high threshold for exceptions to these standards and the waiver and exceptions process requires “tailored mitigation strategies in order to achieve the intent of the standards.”5
Although OIG acknowledges the Department’s assertion of a “high threshold for exceptions,” the Department’s response does not meet the recommendation’s requirement for standards that must be met prior to occupancy. As was noted in the ARB process review report, “…occupying temporary facilities that require waivers and exceptions to security standards is dangerous, especially considering that the Department occupies these facilities long before permanent security improvements are completed.”6 As the Department has not identified minimum security standards that must be met prior to occupancy, Recommendation 17 is being reissued.
Recommendation CFR 1: The Office of the Under Secretary of State for Management, in coordination with the Bureau of Diplomatic Security and the Bureau of Overseas Buildings Operations, should develop minimum security standards that must be met prior to occupying facilities located in Department of State-designated high-risk, high-threat environments and include new minimum security standards of occupancy in the Foreign Affairs Handbook as appropriate. (Action: M, in coordination with DS and OBO)
So, basically back to where it was before Benghazi, when there were no minimum security standards prior to occupying temporary facilities.
How high is this “high threshold of exceptions” that’s being asserted?
Risk management process now called “tailored mitigation strategies” — resulting in waivers of Inman standards?
So waivers will continue to be executed?
And temporary facilities will continue to be occupied?
The Department of State has complied with all the formal and informal recommendations of the 2013 Special Review of the Accountability Review Board Process, except one, which has been reissued in this report.
The Department of State has implemented regulatory and procedural changes to delineate clearly who is responsible for implementation, and oversight of implementation, of Accountability Review Board recommendations. The Under Secretary for Management, in coordination with the Under Secretary for Political Affairs, is responsible for implementation of Accountability Review Board recommendations. The Deputy Secretary for Management and Resources is responsible for overseeing the Department’s progress in Accountability Review Board implementation, which places accountability for implementation at an appropriately high level in the Department of State.
The Office of Management Policy, Rightsizing, and Innovation manages the Accountability Review Board function. The Accountability Review Board process review report was critical of the Office of Management Policy, Rightsizing, and Innovation’s recordkeeping and files of past Accountability Review Boards. The Office of Management Policy, Rightsizing, and Innovation has since revised its Accountability Review Board recordkeeping guidelines. These revised guidelines have yet to be tested, as no Accountability Review Board has met since the Benghazi Accountability Review Board, which issued its report in December 2012.
More details excerpted from the IG report
Flow of Information
Formal Recommendations 1, 2, 3, and 9—as well as Informal Recommendations 1 and 3—concern the flow of information within the Department and from the Department to Congress. The recommendations introduce additional reporting requirements for all incidents that might meet the criteria to convene an ARB, as well as a more clearly defined list of congressional recipients for the Secretary’s Report to Congress. Recommendation 9 tasks S/ES with creating a baseline list of congressional recipients for the Secretary’s report to Congress. That list is now more clearly specified and included in regulations governing the ARB process.
Informal Recommendation 3 requires broader circulation of ARB reports as well as the Secretary’s report to Congress. The M/PRI position is that these reports belong to the Secretary and their dissemination should be at the Secretary’s discretion. OIG continues to believe that the Secretary should exercise discretion and circulate ARB reports and subsequent reports to Congress more widely within the Department.
In December 2014, M/PRI revised its ARB recordkeeping guidelines regarding those records to be retained and safeguarded. However, because no ARB has convened since Benghazi, these revised guidelines remain untested. Although these guidelines require recording and transcribing telephone interviews, they do not mandate verbatim transcripts of all interviews, including in-person meetings, as the Inspector General suggested in his May 29, 2014, memorandum to the D/MR.
Action Memo for the Secretary
In compliance with Recommendation 1, the OIG CFR team found that M/PRI now drafts an action memo for the Secretary after every Permanent Coordinating Committee (PCC) meeting detailing the PCC decision, even if the PCC does not recommend convening an ARB.
In response to Recommendation 4, the Under Secretary for Management amended 12 FAM 030 to require vetting and reporting security-related incidents, which do not result in convening a PCC. Those cases will be communicated to the Secretary.
To meet the intent of Recommendation 2, M/PRI has included in its instructions to the PCC chair a reminder to PCC members that if the PCC votes not to convene an ARB, the PCC should decide whether to recommend that the Secretary request an alternative review.
Recommendation 5 recommends establishing written criteria to define the key terms “serious injury,” “significant destruction of property,” and “at or related to a U.S. mission abroad.” The 2013 OIG inspection team found that ambiguity in the terminology had led to their inconsistent application as criteria in decisions to convene ARBs.
Recommendations 10 and 11 recommend institutionalizing the oversight of the implementation of ARB recommendations as a responsibility of D/MR. M/PRI’s revision of 12 FAM 030 and addition of 12 Foreign Affairs Handbook (FAH)-12 now clearly delineate who is responsible for managing the ARB process and who is responsible for oversight of implementation of ARB recommendations. The Deputy Secretary’s responsibility for overseeing implementation of ARB recommendations places accountability for implementation at an appropriately high level in the Department.
Recommendation 19 tasks M/PRI, in coordination with the Bureau of Human Resources and the Office of the Legal Adviser, to prepare clear guidelines for ARBs on recommendations dealing with issues of poor personnel performance. M/PRI has revised its standing guidance to ARB members, referring them to the Department’s new leadership principles in 3 FAM 1214, 4138, and 4532 when documenting instances of unsatisfactory performance or poor leadership. The Department further codified this ARB authority by expanding the list of grounds for taking disciplinary or separation action against an employee, including “conduct by a senior official that demonstrates unsatisfactory leadership in relation to a security incident under review by an [ARB] convened pursuant to 22 U.S.C. 4831.” In addition, in January 2013 the Department began seeking an amendment to the ARB statute (22 U.S.C. 4834(c)) to provide explicitly that unsatisfactory leadership may be a basis for disciplinary action and that the ARB would have the appropriate authority to recommend such action. No change to the statute has yet been made.
Strengthening Security at High-Risk, High-Threat Posts
New courses: Guided by a panel of senior DS special agents and outside organizations, DS updated its former High Threat Tactical Course to create a suite of mandatory courses for DS agents assigned to HRHT locations, drawing on lessons learned from the attacks in Benghazi, Libya, and Herat, Afghanistan. The cornerstone of these courses is the “High Threat Operations Course” (HT-310), which, as of October 1, 2013, was made mandatory for all DS agents at grades FS 04 through 06 who are assigned to HRHT locations. Similar, but shorter duration courses (HT-310E and HT-315) are required for senior and mid-level DS agents assigned to such locations.
The Department, in coordination with DOD, has added 20 new MSG detachments, and Marine Corps Headquarters has created the Marine Security Augmentation Unit. Although some HRHT posts still lack MSG detachments, for example, because of the lack of host government approval, the Department has made progress in deploying new detachments and increasing the size of existing detachments.[…] The June 2013 revision of the memorandum of agreement also includes a revision of the MSG mission. In the previous version, the MSG’s primary mission was to prevent the compromise of classified information. Their secondary mission was the protection of personnel and facilities. In the revised memorandum of agreement, the mission of the MSG is to protect mission personnel and prevent the compromise of national security information.
DS Agents Embed With DOD Forces
An additional area of security improvement beyond reliance on the host government has been the Department’s closer relationship with DOD, whose personnel have been involved in every Department contingency operation at an HRHT post since the Benghazi attack. Furthermore, DS agents are now embedded in DOD expeditionary forces.
About That Zabul Incident
Recommendation 6 recommends that the Department seek greater assurances from the Department of Defense (DOD) in providing investigative reports of security-related incidents that involve Department personnel. The Department makes its requests via Executive Secretary memorandum to the equivalent DOD addressee, in accordance with 5 FAH-1 H-120. The DOD counterpart has been responsive in delivering requested materials in all the recent instances, including the incident in Zabul Province, Afghanistan. M/PRI will continue to monitor DOD responses to requests for reports in the future.
The Chicago Tribune FOIA’ed that Army report but did not make the document public. The State Department internal report of the incident as far as we are aware, remains Classified. Then State Department spox, Jennifer Psaki referred to “multiple investigations” in April 2014; none publicly released.
On August 14, 2015, former FSO Michael T. Sestak was sentenced to 64 months imprisonment for receiving over $3 million in bribes in exchange for visas at the U.S. Consulate General in Ho Chi Minh City, Vietnam.
The Preliminary Consent Order of Forfeiture filed in the District Court of Columbia includes forfeiture of a) “any property, real or personal, which constitutes or is derived from proceeds traceable to the offense;” and b) “a money judgment equal to the value of any property, real or personal, which constitutes or is derived from proceeds traceable to the offense.”
The consent order identifies 1) any and all funds and securities seized from Scottrade Account #XXXX001S, held in the name of Anhdao Thuy Nguyen (“Scottrade Account”); and 2) $198,199.13 seized from the Department of Treasury from the Treasury Suspense Account under Seizure Number 38l30010—O1 (“Treasury Account”); and 3) a money judgment in the amount of at least $6,021,440.58, for which the defendant (Sestak) is jointly and severally liable with any co-conspirators ordered to pay a forfeiture money judgment as a result of a conviction for either offense.
In the plea agreement, Sestak agreed to sell nine properties in Thailand and that the proceeds would be paid to the United
States to satisfy a portion of the money judgment entered against him. The consent order also notes that “upon entry of a forfeiture order, Fed. R. Crim. P. 32.2(b)(3) authorizes the Attorney General or a designee to conduct any discovery the Court considers proper in identifying, locating, or disposing of property subject to forfeiture.”
In a pre-sentencing filing, Mr. Sestak requested that any term of incarceration occur in a Camp-level facility. Specifically, at FCI Miami or if that’s not available, FCI Pensacola. Defense justification is based on Sestak’s “lack of criminal history, the non-violent nature of the crimes, his cooperation with the Government, his lifetime of public service, his age, education, and status as a trustee during his pretrial confinement at Northern Neck Regional Jail.”‘
We had a chance to ask a few questions from his lawyer, Gray Broughton; we wanted to know where will be the location of his incarceration.
“The Bureau of Prisons will ultimately make a determination as to where Mr. Sestak is incarcerated,” said Mr. Broughton. The defense lawyer again cited the nonviolent nature of the crimes and Mr. Sestak’s “clean criminal history.” Mr. Sestak should be housed in a lower security level facility, according to his lawyer and that his prior employment with the U.S. Marshal will be taken into consideration by the Bureau of Prison.
We asked about the plea deals received by Sestak and main co-conspirator Bihn Vo. Sestak’s lawyer believed the government made the best deal it could:
Mr. Sestak received a sentence of 64 months – 32 months less than codefendant Binh Vo, who received a sentence of 96 months. The Government will end up getting roughly $5M from Binh Vo – the $3M it already seized and the $2M he has agreed to pay in the next year. Binh Vo’s money (and his wife) are all currently outside of the U.S., so the U.S. doesn’t have any control over either. It made the best deal it felt it could with Binh Vo.
We were also interested in the duration of the sentence. By our calculation, Mr. Sestak would be almost 50 by the time he completes his sentence. Mr. Broughton, however, told us that “assuming good behavior, Mr. Sestak would serve 85% of the sentence.” He will reportedly also get credit for the 27 months he has been in jail since his arrest, towards his sentence. We’re not sure if he’ll get credit for the full 27 months. But if that’s the case, and if our math is correct, he’d be out between 2-3 years.
We asked what happened to the 500 visa applicants that Mr. Sestak had issued visas to in Vietnam. And if Mr. Sestak was asked to help track or account for the applicants who paid bribes for their visas. Mr. Broughton said, “I don’t know what happened to the visa applicants. I am not aware of any efforts by the US Government in that regard.”
Mr. Broughton also released the following statement after the sentencing:
** Michael Sestak received a fair, well-reasoned sentence today. The Court had the unenviable task of taking a multitude of opposing factors into consideration in devising Mr. Sestak’s sentence.
As counsel for the U.S. Government readily admitted during Mr. Sestak’s sentencing hearing, Binh Vo was the mastermind of the visa fraud conspiracy. Binh Vo also had the largest pecuniary gain and will likely have millions of dollars waiting for him upon his release – along with his wife Alice Nguyen, who was able to avoid prosecution as a result of Binh Vo’s plea agreement. The Court appeared to appreciate that a sentence greater than or equal to Binh Vo’s sentence of 8 years would be fundamentally unjust for Michael Sestak, even though the U.S. Sentencing Guidelines recommended a sentence of approximately 20 years.
What made things difficult for the Court in determining an appropriate sentence is that Mr. Sestak was an essential component to the conspiracy and a public servant who had taken an oath of loyalty to his Country. It was Mr. Sestak’s status as a public official and the theory that would-be criminals will think twice before committing similar crimes that caused the Court to sentence Michael Sestak to something greater than time served.
Ultimately, the Court balanced these countervailing factors by issuing a sentence of 64 months – 32 months less than codefendant Binh Vo, who received a sentence of 96 months.
Michael Sestak is a good man who made made a huge mistake. Even after his release from prison, Mr. Sestak’s actions – and the shame that follows – will haunt him forever.
With the case concluded for all charged co-conspirators, we thought we’d asked the State Department what systemic changes had Consular Affairs instituted at USCG Ho Chi Minh City and worldwide following the Sestak incident.
The Bureau of Consular Affairs takes all allegations of malfeasance seriously and continually works to improve its operations. Following any detection of vulnerabilities, CA works to improve management controls and guidance to the field. After the incident in Ho Chi Minh City, the management controls at post were comprehensively reviewed to determine what improvements could be made to their processes. As a matter of policy, we do not discuss the specifics of internal management controls.
Most of the Sestak visa cases were allegedly previous refusals. If true, we don’t quite understand how one officer could overturn so many visa refusals and issue close to 500 visas without red flags, if consular management controls worked as they should. We wanted to know what consequences will there be for supervisors, embassy senior officials and principal officers who fail to do their required oversight on visas. And by the way, what about those who also do not follow the worldwide visa referral policy, particularly, Front Office occupants? The State Department would only say this:
As a matter of policy we do not discuss specific internal personnel actions. Protecting the integrity of the U.S. visa is a top priority of the U.S. government. We have zero tolerance for malfeasance. We work closely with our law enforcement partners to vigorously investigate all allegations of visa fraud. When substantiated, we seek to prosecute and punish those involved to the fullest extent of the law.
We imagined that the Bureau of Consular Affair’s Consular Integrity Division would be tasked with reviewing procedures and lessons learned on what went wrong in the Sestak case. We wanted to know if that’s the case and wanted to ask questions from the office tasked with the responsibility of minimizing a repeat of the Sestak case. Here is the official response:
The Consular Integrity Division regularly reviews incidents of malfeasance or impropriety and makes recommendations for procedural changes to reduce vulnerabilities and updates training materials for adjudicators and managers based on the lessons learned, including the case in Ho Chi Minh City. The Consular Integrity Division also does reports on the management controls at overseas posts, as well as reports that review global management controls issues, which inform CA leadership about any issues of concern.
No can do. So far, we’ve only learned that the CID reviewed incidents of malfeasance including the Sestak case but it doesn’t tell us if it did a specific report on HCMC and what systemic changes, if any, were actually made.
We tried again. With a different question: According to in country reports, USCG Ho Chi Minh City received a letter from a jilted man in central Vietnam that helped DS crack the Sestak case. ConGen Ho Chi Minh City is one of the few consular posts that actually has a Regional Security Officer-Investigator, dedicated to visa investigations. If this case started with this reportedly jilted lover, the question then becomes how come neither the RSO-I or the internal consular management controls did not trip up the FSO accused in this case? If there was no anonymous source, would the authorities have discovered what was right under their noses?
As a matter of policy, we do not discuss the details of investigations. Protecting the integrity of the U.S. visa is a top priority of the U.S. government. We continually work to improve its operations, both in the field and here in Washington DC.
Ugh! Sestak was charged in May 2013. In July that year, the State Department told Fox News it was reviewing thoroughly alleged “improprieties” regarding a consular official in Guyana allegedly trading visas for money and possibly sex. In another article in 2014, former Peace Corps, Dan Lavin, said, “The State Department makes millions off of the poorest people in the world just by selling them the opportunity to fill out the application.” He also made the following allegation: “There are people at the embassy who can get you a visa,” Lavin said. “If you’re a Sierra Leonean, you go to a man called a ‘broker’; you then pay that ‘broker’ $10,000 and he personally gives that money to someone at the embassy who in turn gets you a visa.” Apparently, when asked about the accusations, a spokesperson at the U.S. embassy in Freetown declined to comment.
In any case, we also wanted to know if there were systemic changes with the State Department’s RSO-I program and how they support consular sections worldwide? Or to put it another way, we were interested on any changes Diplomatic Security had implemented in the aftermath of the Sestak case. Here is the amazing grace response, still on background:
It is the mission of DS special agents assigned as Assistant Regional Security Officer-Investigators (ARSO-I) to find fraud in the countries where they serve.
Sigh, we know that already. We thought we’d also ask about those 489 Vietnamese who got their visas under this scheme. What happened to them? Did Diplomatic Security, DHS or some other agency tracked them down?
The Bureau of Consular Affairs conducted a review of visas issued by Mr. Sestak. The Department revoked those visas that were improperly issued. If the visa holder had already travelled to the United States on the improperly issued visa, the Department of State notified the Department of Homeland Security so that agency could take action as appropriate.
We don’t know how many “improperly issued” visas were revoked. All 489?
We don’t know how many of those able to travel to the U.S. were apprehended and/or deported to Vietnam.
Frankly, we don’t really know what happened to the 489 Vietnamese nationals who paid money to get visas.
Calvin Godfrey who covered this case from Vietnam writes:
State Department investigators managed to track down and interrogate a few, though they wouldn’t say how many. The Washington DC office of the US Immigration and Customs Enforcement Agency didn’t respond to a list of questions about their efforts to track them down.
We also don’t know how much was the total proceed from this illegal enterprise. The USG talks about $9.7 million but one of the co-conspirators in an email, talked $20 million. Below via Thanh Nien News:
Prosecutors only put the gang on the hook for a $9.7 million — a “conservative estimate” they came up with by multiplying $20,000 by 489. Statement written by Hong Vo the middle of the illicit ten-month visa auction:
“I can’t believe Binh has pretty much made over $20m with this business,” she wrote to her sister, identified only as Conspirator A.V. “Slow days… are like 3 clients… and that’s like 160k-180.”
Then there’s the individual who purportedly started this ball rolling in Vietnam. Below excerpted from Thanh Nien News:
The State Department was quick to crow over Vo’s sentencing, but it remains deeply disingenuous about how this case came about and what it means.
“This case demonstrates Diplomatic Security’s unwavering commitment to investigating visa fraud and ensuring that those who commit this crime are brought to justice,” crowed Bill Miller, the head of the Diplomatic Security Service (DSS) in a press release generated to mark Vo’s sentencing.
The problem there is that the whole case didn’t come about through careful oversight; it came about because a sad sack from Central Vietnam loaned his pregnant wife $20,000 to buy a US visa from Sestak and the Vos. Instead of coming home with their baby boy, she disappeared, married another man and blabbed about it on Facebook. The sad sack wrote rambling letters to the President and the State Department’s OIG trying to get his wife and money back.
That Vietnamese informant reportedly is a recipient of threats from some of the Sestak visa applicants. Poor sod. So, now, one of the co-conspirators got 7 months, another 16 months, Sestak got 5 years, Vo got 8 years, one alleged co-conspirator was never charged, and we don’t know what happened to close to 500 visa applicants. Also, the USG gets less than half the $20 million alleged gains. It looks like, at least Vo, will not be flipping burgers when he gets out of prison.
The Daily Signal picked it up and got an official statement from deputy spox Mark Toner:
State Department Deputy Spokesperson Mark Toner says the reason for the revisions is actually “to underscore that the Department encourages employees to engage with the public on matters related to the nation’s foreign relations.”
“The revised policies and procedures are more protective of employee speech as they establish a higher bar for limiting employees’ writing or speaking in their personal capacity, while also recognizing changing technologies in communication, such as social media,” Toner said in a statement to Daily Signal.
Toner also said the revisions do not change the procedures employees must follow before testifying in court or before Congress but “streamline the review process and also remind employees about existing rules regarding the disclosure of classified and other protected information.”
Streamline-apalooza! Here’s the laugh out loud cry from our favorite Veronica Mars:
“It’s an absolute overreach,” Rep. Jason Chaffetz, chairman of the House Oversight and Government Reform Committee told the Daily Signal:
“They should be able to talk to the media, they should be able to speak to Congress,” the Utah Republican said. “They have an absolute and total right to interact with Congress. There are whistleblower protections. That’s not a balanced approach to current and former employees’ rights.”
No kidding! We imagine that the State Department would say no one is preventing anyone from speaking to the media or Congress, they just want to know what you’re going to say first. Before you say it. And hey, the agency will even help you clean it up, if needed.
When the ACLU defended Mr. Van Buren in 2012, it made the following argument:
The Supreme Court has long made clear that public employees are protected by the First Amendment when they engage in speech about matters of public concern. A public employee’s First Amendment rights can be overcome only if the employee’s interest in the speech is outweighed by the govemment’s interest, as employer, in the orderly operation of the public workplace and the efﬁcient delivery of public services by public employees. Pickering v. Bd. of Educ, 391 U.S. 563, 568 (1968). The government bears an even greater burden of justiﬁcation when it prospectively restricts employees’ expression through a generally applicable statute or regulation. United States v. National Treasury Employees Union, 513 U.S. 454, 468 (1995) (“NTEU”).
The Supreme Court has repeatedly held that public employees retain their First Amendment rights even when speaking about issues directly related to their employment, as long as they are speaking as private citizens. Garcetti
v. Ceballos, 547 U.S. 430, 421 (2006).
Further, the State Department’s pre-publication review policy, as applied to blog posts and articles, raises serious constitutional questions. Through its policy, the State Department is prospectively restricting the speech of Mr. Van Buren as well as all present and future State Department employees. Where, as here, the restriction limits speech before it occurs, the Supreme Court has made clear that the government’s burden is especially heightened. NTE U, 513 U.S. at 468. The State Department must show that the interests of potential audiences and a vast group of present and future employees are outweighed by that expression’s necessary impact on the actual operation of government. Id. Courts have also required careful tailoring of prospective restrictions to ensure they do not sweep too broadly and that they actually address the identiﬁed harm. Id. at 475. Given this heightened standard, it is highly unlikely that the State Department could sustain its burden of demonstrating that its policy is constitutional.
In 2012, the ACLU presumably, used the 2009 version of 3 FAM 4170. The updated version of 3 FAM 4170 issued July 27, 2015 is much tighter and has a much wider reach. We don’t know how one could argue that this enhanced policy could better sustain constitutional challenge. But then, perhaps, State has a stable of constitutional lawyers at a ready. Besides, those folks outside the building do not have legal standing to challenge these rules. So.
Oh, wait, perhaps, the State Department is also counting that no one will cross the fine line after Mr. Van Buren, and this policy functions, at its core, as a simple deterrent.
On July 27, 2015, two months short of Year 3 since Mr. Van Buren retired, the State Department without much fanfare released its new 3 FAM 4170 rules in 19 pages. For the “FAM is not a regulation; it’s recommendations” crowd, we hope you folks have great lawyers.
My! Look who’s covered!
The updated FAM, same as the old FAM, is divided into two meaty parts — official capacity public communication and personal capacity public appearances and communications. The new version of 3 FAM 4170 is all encompassing, covering the following (not exhaustive list):
— all personnel in the United States and abroad who are currently employed (even if in Leave Without Pay status) by the Department of State and the United States Agency for International Development (USAID), including but not limited to Foreign Service (FS) employees, Civil Service (CS) employees (including schedule C appointees and annuitants returning to work on temporary appointments on an intermittent basis, commonly referred to as “While Actually Employed (WAE)” personnel), locally employed staff (LE Staff), personal service contractors (PSCs), employees assigned to fellowships or details elsewhere and detailees or fellows from other entities assigned to the Department, externs/interns, and special government employees (SGEs).
— Former Department of State employees (including former interns and externs) must seek guidance from A/GIS/IPS for applicable review process information. Former USAID employees (including former interns and externs) must consult the Bureau for Legislative and Public Affairs for applicable review process information.
— Employee testimony, whether in an official capacity or in a personal capacity on a matter of Departmental concern, may be subject to the review requirements of this subchapter. Employees should consult with the Department of State’s Office of the Legal Adviser or USAID’s Office of the General Counsel, as appropriate, to determine applicable procedures.
In practical terms, we think this means that if you get summoned to appear before the House Select Benghazi Committee and is testifying in your personal capacity as a former or retired employee of the State Department, these new regulations may still apply to you, and you may still need clearance before your testimony.
Convince us that we’re reading this wrong, otherwise, somebody poke Congress, please.
Also, does this mean that all retired FSOs who contribute to ADST’s Oral History project are similarly required to obtain clearance since by its definition, “online forums such as blogs” and “a person or entity engaged in disseminating information to the general public” are considered media organizations under these new rules?
Institutional interest vs. public interest
We are particularly interested in the personal capacity publication/communication rules because that’s the one that can get people in big trouble, as shown in the Van Buren case. Here’s the equivalent of our bold Sharpie.
3 FAM 4176.4 says: “A principal goal of the review process for personal capacity public communications is to ensure that no classified or other protected information will be disclosed without authorization. In addition, the Final Review Office will evaluate whether the employee’s public communication is highly likely to result in serious adverse consequences to the efficiency or mission of the Department, such that preventing those consequences outweighs the employee’s presumptively high interest in communicating and the public’s interest in receiving the communication.”
Institutional interest trumps public interest? Where do you draw the line? You can still write a dissent cable as the “3 FAM 4172.1-3(D). No Review of Dissent Channel Communications” included in the 2009 version of the FAM survives as 3 FAM 4171 (e) in the current rules:
Views on matters of Departmental concern communicated through methods of internal communication (including, for example, the Department’s internal dissent channel) or disclosures made pursuant to 5 U.S.C. 2302(b)(8)(B) are not subject to the review requirements of this subchapter.
Which is fine and all, except — who the heck gets to read your dissent cable except the folks at Policy Planning? The State Department is not obligated to share with Congress or with the American public any dissenting opinions from its diplomats. One might argue that this is appropriate, after all, you can’t have diplomats second guessing in public every foreign policy decision of every administration. So, the American public typically only hears about it when a diplomat quits. But given the two long wars in Iraq and Afghanistan, is the American public best served by this policy? And by the way, candid opinion like the case of the six-page memo, entitled “The Perfect Storm,” in the lead up to the Iraq War, is still classified. Why is that?
The new regs also say this:
“To the extent time and resources allow, reviewers may assist the employee in identifying possible modifications or other adjustments to avoid the inclusion of non-classified but otherwise protected information, or the potential for adverse consequences to the Department’s mission or efficiency (including the employee’s ability to perform his or her duties effectively in the future).”
If we weigh the Van Buren book against these parameters, how much of the book’s 288 pages would survive such “modifications” or “adjustments.”
There goes the book, We Meant Well in Afghanistan, Also.
The Peter Van Buren Clause
We’ve come to call “3 FAM 4172.1-7 Use or Publication of Materials Prepared in an Employee’s Private Capacity That Have Been Submitted for Review“ as the Peter Van Buren clause. Below is the original language from the 2009 version of the FAM:
An employee may use, issue, or publish materials on matters of official concern that have been submitted for review, and for which the presumption of private capacity has not been overcome, upon expiration of the designated period of comment and review regardless of the final content of such materials so long as they do not contain information that is classified or otherwise exempt from disclosure as described in 3 FAM 4172.1-6(A).
That section of the FAM appears to survive under the current 3 FAM 4174.3 Final Review Offices, underlined for emphasis below.
c. To ensure that no classified information is improperly disclosed, an employee must not take any steps to proceed with a public communication (including making commitments to publishers or other parties) until he or she receives written notice to proceed from the Final Review Office, except as described below. If, upon expiration of the relevant timeframes below, the Final Review Office has not provided an employee with either a final response or an indication that a public communication involves equities of another U.S. Government entity (including a list of the entity or entities with equities), the employee may use, issue, or publish materials on matters of Departmental concern that have been submitted for review so long as such materials do not contain information described in 3FAM 4176.2(a) and taking into account the principles in 4176.2(b). When an employee has been informed by the Final Review Office that his or her public communication involves equities of another U.S. Government entity or entities, the employee should not proceed without written notice to proceed from the Final Review Office. Upon the employee’s request, the Final Review Office will provide the employee with an update on the status of the review of his or her public communication, including, if applicable, the date(s) on which the Department submitted the employee’s communication to another entity or entities for review. Ultimately, employees remain responsible for their personal capacity public communications whether or not such communications are on topics of Departmental concern.
The Van Buren clause appears to survive, until you take a closer look; italicized below for emphasis:
3 FAM 4176.2 (a) Content of Personal Capacity Public Communications
a. When engaging in personal capacity public communications, employees must not:
(1) Claim to represent the Department or its policies, or those of the U.S. Government, or use Department or other U.S. Government seals or logos; or
(2) Disclose, or in any way allow the public to access, classified information, even if it is already publicly available due to a previous unauthorized disclosure.
3 FAM 4176.2 (b) Content of Personal Capacity Public Communications
b. As stated in 3 FAM 4174.2(c)(1), a purpose of this review process is to determine whether the communication would disclose classified or other protected information without authorization. Other protected information that is or may be subject to public disclosure restrictions includes, but is not limited to:
(1) Material that meets one or more of the criteria for exemption from public disclosure under the Freedom of Information Act (FOIA), 5 U.S.C. 552(b), including internal pre-decisional deliberative material;
(2) Information that reasonably could be expected to interfere with law enforcement proceedings or operations;
(3) Information pertaining to procurement in violation of 41 U.S.C. 2101-2107;
(4) Sensitive personally identifiable information as defined in 5 FAM 795.1(f); or
(5) Other nonpublic information, when used in a manner as prohibited by 5 CFR 2635.703.
Can one make the case that the conversations between the writer and his boss in the Van Buren book are “internal pre-decisional deliberative material?” Or that any conversation between two FSOs are deliberative? Of course. State can make a case about anything and everything. Remember, it did try to make the case that the book contained classified information. (see “Classified” Information Contained in We Meant Well – It’s a Slam Dunk, Baby!). Also, we should note that documents marked SBU or sensitive but unclassified are typically considered nonpublic information. Under these new rules, it’s not just classified information anymore, anything the agency considers deliberative material or any nonpublic material may be subject to disclosure restrictions.
3 FAM 4174.2 Overview (2015): Waving the ‘suitability for continued employment’ flag
c. Employees’ personal capacity public communications must be reviewed if they are on a topic “of Departmental concern” (see 3 FAM 4173). Personal capacity public communications that clearly do not address matters of Departmental concern need not be submitted for review.
(1) The personal capacity public communications review requirement is intended to serve three purposes: to determine whether the communication would disclose classified or other protected information without authorization; to allow the Department to prepare to handle any potential ramifications for its mission or employees that could result from the proposed public communication; or, in rare cases, to identify public communications that are highly likely to result in serious adverse consequences to the mission or efficiency of the Department, such that the Secretary or Deputy Secretary must be afforded the opportunity to decide whether it is necessary to prohibit the communication (see 3 FAM 4176.4).
(2) The purposes of the review are limited to those described in paragraph (1); the review is not meant to insulate employees from discipline or other administrative action related to their communications, or otherwise provide assurances to employees on matters such as suitability for continued employment (see, e.g., 3 FAM 4130 for foreign service personnel and 5 CFR 731 for civil service personnel). Ultimately, employees remain responsible for their personal capacity public communications whether or not such communications are on topics of Departmental concern.
More 3 FAM 4170 Fun: Not meant to insulate employees from discipline or other administrative action
3 FAM 4176.1(e) General
e. As stated in 3 FAM 4174.2(c)(1), the review process is limited to three purposes. (See also 3 FAM 4176.4.) Therefore, completion of the review process is not a Department “clearance” or “approval” of the planned communication, and is not meant to insulate employees from discipline or other administrative action related to their communications, including for conducting personal capacity public communications that interfere with the Department’s ability to effectively and efficiently carry out its mission and responsibilities, by, for example, disrupting operations, impairing working relationships, or impeding the employee from carrying out his or her duties. Ultimately, employees remain responsible for their personal communications whether or not the communications are on topics of Departmental concern.
3 FAM 4176.3 Employee must disclose his/her identity to Department reviewers
a. PA reviews all personal capacity public communications on matters of Departmental concern by senior officials at the Assistant Secretary level and above, including Chiefs of Mission. For all other employees wishing to communicate publicly in their personal capacity on matters of Departmental concern, there are two review processes available:
(1) Individuals may, as a first step, submit their requests for review to the Final Review Office (as described in 3 FAM 4174.3(a)). For employees submitting a request to PA, such requests should be submitted via PAReviews@state.gov. The Final Review Office will then consult with the employee’s immediate supervisor(s) and any other offices concerned with the subject matter in accordance with 3 FAM 4176.4(c). The Final Review Office will then make the final determination; and
(2) Alternatively, employees may initially submit their requests for review to their immediate supervisor(s), the Public Affairs Office in their bureaus or posts, and any other Department offices concerned with the subject matter. The materials must then be submitted to the Final Review Office, noting all such reviewers and any comments received. The Final Review Office will then verify those reviews, assess whether other reviews are needed, and make the final determination.
b. Supervisors, Public Affairs Offices, or any other offices involved in the review process must flag for the Final Review Office any view that the proposed public communication may:
(1) Contain classified or other protected information;
(2) Result in serious adverse consequences to the efficiency or mission of the Department; or
(3) Be or become high impact or high profile, for example communication that is controversial, or otherwise involves a sensitive Department priority; and
(4) The Final Review Office will then apply the standard described in 3 FAM 4176.4(a).
c. In all cases, an employee must disclose his or her identity to the relevant Department reviewers.
d. If another U.S. Government entity seeks Department review of a personal capacity public communication by that entity’s employee, the Department office in receipt of such request must coordinate with PA.
3 FAM 4177 Noncompliance may result in disciplinary action, criminal prosecution and/or civil liability.
a. Failure to follow the provisions of this subchapter, including failure to seek advance reviews where required, may result in disciplinary or other administrative action up to and including separation. Violations by USAID employees may be referred to the Deputy Administrator for Human Resources or USAID’s Office of the Inspector General (see 3 FAM 4320). Disciplinary action will be pursued consistent with applicable law, including 5 U.S.C. 2302
b. Publication or dissemination of classified or other protected information may result in disciplinary action, criminal prosecution and/or civil liability.
This is the part where we must remind you that what the former State Department spokesperson said about the FAM being recommendations is a serious bunch of hooey!
Oh, hey, remember the 2-day clearance for tweets …’er scandal?
We wrote about it here and here, and the “ain’t gonna happen 2-day clearance” for social media posting is now part of the Foreign Affairs Manual. Apologies if the 2-working day review timeframe below for social media postings is too shocking for 21st century statecraft innovation purists. These are the rules, unless you can get the current State Department spokesperson to say from the podium that these are merely recommendations that employees/retirees/interns/charforce are free to ignore. We must add that the 2009 version of these rules, required that materials of official concern submitted in the employee’s private capacity must “be submitted for a reasonable period of review, not to exceed thirty days.” The old rules made no distinction whether the submitted material is a book manuscript, an article, a blogpost or a tweet.
screen grab from 3 FAM 4170
Yo! What’s Missing?
The new regs emphasized the need for official clearance for official and private communication “to ensure that no classified information is improperly disclosed.” It however, does not include any guidance on the use of a private server for emails and social media postings where classified information could be improperly disclosed.
A Much Better FAM Version, Hey?
From the organizational perspective, some folks would say that this is a “much better” version of the FAM. We’d call this a much better plug. An insider could argue that this is a “very fine sieve.”
Okeedokee, but what do you think will be its consequences for the rank and file? No one will officially admit this as the intent, but after reading this new version of 3 FAM 4170, this is what we think it really says:
The updated regs also says that “In light of the rapid pace with which many social media platforms are used, all offices, sections, or employees who routinely post to such platforms in their official capacity are encouraged to seek advance blanket authorization to engage for their social media communications, in accordance with 3 FAM 4175.1(c).”
The blanket authorization as far as we can tell only applies to those who are engaged in social media platforms in their official capacities, it makes no similar provision for employees in social media platforms in their private capacities.
Fun With Fido or Grumpy Cat
The new regs helpfully notes that “Employees who, in their personal capacity, wish to communicate publicly on matters that are clearly not “of Departmental concern” (see 3 FAM 4173) need not seek Department review under the procedures outlined herein, and need not use the personal capacity disclaimer discussed below in paragraph (b).”
So, basically, if you blog, tweet or write a book about Kitty Kat or Fidodog, or about their travels and adventures in Baghdad, Kabul, Sanaa, and all the garden spots, you don’t need to seek Department review. That is, as long as Kitty Kat is not secretly arming the rodent insurgents and tweeting about it and Fidodog is not flushing government money down the toilet and blogging about it.
According to CNN, a group calling itself the Islamic State Hacking Division recently posted online a purported list of names and contacts for Americans it refers to as “targets,” according to officials.
Though the legitimacy of the list is questionable, and much of the information it contains is outdated, the message claims to provide the phone numbers, locations, and “passwords” for 1400 American government and military personnel as well as purported credit card numbers, and excerpts of some Facebook chats.
The Guardian describes the list as a spreadsheet, published online last week which exposes names, email addresses, phone numbers and passwords. The 1,482 names include members of the U.S. Marine Corps, NASA, the State Department, the U.S. Air Force, and the FBI.
The Daily Mail reports that the list includes an accompanying message that reads: ‘Know that we are in your emails and computer systems, watching and recording your every move, we have your names and addresses, we are in your emails and social media accounts.’
The list apparently also includes the names of eight Australians and UK government personnel. In Australia where there this is huge news, Prime Minister Tony Abbott told the press, “We’ve just discovered that it’s actually able to launch cyber attacks in this country so this is a very sophisticated and deadly threat to us even here in Australia.” A chief executive of a forensic data firm in the country went so far as to advise that Canberra’s public servants get off social media. He also recommended that “on the day [ADFA] cadets enlist, their entire electronic lives be erased” and that “they should not exist on digital networks until they retire from Defence.”
The reaction here is a little less ZOMG! Last week, then Army Chief of Staff Gen. Ray Odierno said in a press conference that “this is the second or third time they’ve claimed that and the first two times I’ll tell you, whatever lists they got were not taken by any cyber attack.”
“This is no different than the other two,” Odierno said. “But I take it seriously because it’s clear what they’re trying to do … even though I believe they have not been successful with their plan.”
CNN reports that Pentagon spokesman Lt. Col. Jeffrey Pool also cautioned that many of the military email addresses looked at least several years old, based on their suffixes. He said that shortly after this list was posted, a reminder went out to service personnel that they should limit the personal information they put on social media. “If any of your information on it is accurate, you’re very concerned,” former Homeland Security adviser Fran Townsend told CNN, “as are government officials.”
According to the Washington Examiner, State Department employees comprise about a quarter of the alleged personal information on the list. That would be about 370 names. It also says that at the bottom of the leaked document, originally posted on zonehmirrors.org, are receipts from State Department employees along with their credit card numbers. The report notes that Islamic State supporters tweeted a link to the document and also tweeted, in one instance, information claiming to be the personal details of a staff member from the U.S. embassy in Cairo that said: “To the lone wolves of Egypt.”
Technology security expert, Troy Hunt, writes that “nothing makes headlines like a combination of ISIS / hackers / terrorism!” and has taken a closer look with an analysis here. Mr. Hunt’s conclusion — drawn merely from looking at the leaked list and applying what he observed from experience with previous data dumps leaked list — is that “the data is almost certainly from multiple locations and very unlikely to be from a single data breach.” Also that “most of the data is easily discoverable via either existing data breaches or information intentionally made public.” He writes, “Even the source of the amalgamated data is unverifiable – it could be someone who does indeed wish harm on the individuals named, it could be a kid in his pyjamas, there’s just not enough information to draw a conclusion either way.”
In his analysis of the ISIS list, Mr. Hunt says that “there are many sources from which attributes in this list can be compiled.” As an example, he cited the Adobe breach of 2013 in which 152M records were leaked, which includes 257k .gov email addresses. He writes:
The ISIS list has a lot of state.gov email addresses – Adobe leaked 1,657 of those and they look just like this:
state.gov email addresses in the Adobe data breach via Troy Hunt (used with permission)
“Adobe also leaked password hints so you can begin to quite easily build a profile around people working in the US State Department,” he said.
Would be good to know if any of the names in the Adobe breach are showing up in the ISIS list. We have not seen the purported ISIS list or the names from the Adobe hack but we hope somebody at State is looking at those names. Folks probably need to work on their password hints, too.
In a separate post, Mr. Hunt also notes this:
“The hyperbole and the fear, uncertainty and doubt that spread over this was just off the scale compared to the significance of the actual data. Here we have what amounts to little more than easily discoverable information mostly already in the public domain and suddenly it’s become a huge terror hack. [….] However, the legitimacy of the claims that this was an “ISIS hack” appear to have gotten in the way of a good story and the news has simply run with it.
A couple more reading clips below from Troy Hunt:
Just did a (very late) interview with CNN on this ISIS hack, story seems to be spreading a bit: http://t.co/pQkxHIJxFN
There’s not much one can do with the Adobe, Target, Home Depot, OPM hack except to sign up for credit monitoring service or put a credit freeze on one’s account. That is, if we’re concerned about identity thief. But those services will not work against potential blackmails related to a foreign government hack, or online threats related to potentially scraped data, collected from websites and social media accounts.
We are persuaded by Mr. Hunt’s analysis that this was not a real hack. But real or not, the information is out there and thinking about ‘lone wolf’ offenders seduced by ISIS’ call, in the U.S. or elsewhere is not paranoid. Folks might consider this a good excuse to review their digital footprint.
The threats online — whether real or part of propaganda — is not going to abate anytime soon. This is the world as it is, and not an attempt at hyperbole. Employees overseas can report these threats to RSOs but hey, have you seen the rundown of the RSO’s managed programs? We don’t even know what specific office at State tracks these breaches or who has responsibility for online threats. Was anyone notified by State when the Adobe breach occurred in 2013 and leaked hundreds of official emails? Were those emails changed? A talkinghead writinghead would like to know.
Also some of USG’s overseas posts still display the official email addresses of personnel in public affairs, and those dealing with contracts, solicitations, and acquisitions on their websites. Those should be generic e-mail accounts not linked to an individual’s name but linked instead to the section, function or office, e.g. Sanaacontracts@state.gov. Makes better sense as people rotate jobs anyway.
We’re trying to find if Diplomatic Security has any response, guidance, reminder for State Department personnel given this report and the Burn Bag received earlier. Would be a good time as any to issue an opsec reminder. We will have a follow-up post if/when we get an official response.
Maine poet Richard Blanco who was born to a Cuban exile family and read at President Obama’s second inauguration will read a poem commemorating the reopening of the US Embassy in Havana on August 14. Its title is “Matters Of The Sea” or “Cosas Del Mar,” and its first line goes, “The sea doesn’t matter. What matters is this – that we all belong to the sea between us.” Looking forward to reading it in Spanish!
VIDEO: US Marines raise the US flag over the newly opened American Embassy in Havana, Cuba: http://t.co/Fbu7jZkqem