Spying Case Against Robin Raphel Fizzles; AG Lynch’s “Houston, We Have a Problem” Moment

Posted: 2:05 am EDT


We blogged about the Robin Raphel case in September (see The Murky Robin Raphel Case 10 Months On, Remains Murky … Why?.

In November 2014, we also blogged this: Robin Raphel, Presumption of Innocence and Tin Can Phones for Pak Officials.

On October 10, the NYTimes reported that officials apparently now say that the spying investigation has all but fizzled. This leaves the Justice Department to decide whether to prosecute Ms. Raphel for the far less serious charge of keeping classified information in her home.

The fallout from the investigation has in the meantime seriously damaged Ms. Raphel’s reputation, built over decades in some of the world’s most volatile countries.

If the Justice Department declines to file spying charges, as several officials said they expected, it will be the latest example of American law enforcement agencies bringing an espionage investigation into the public eye, only to see it dissipate under further scrutiny. Last month, the Justice Department dropped charges against a Temple University physicist who had been accused of sharing sensitive information with China. In May, prosecutors dropped all charges against a government hydrologist who had been under investigation for espionage.
Some American investigators remain suspicious of Ms. Raphel and are loath to abandon the case entirely. Even if the government cannot mount a case for outright spying, they are pushing for a felony charge related to the classified information in her home.







In the case of Xiaoxing Xi, the Temple university professor and head of the school’s physics department, federal authorities handling the case were said to have misunderstood key parts of the science behind the professor’s work.  Mr. Xi’s lawyer said, “We found what appeared to be some fundamental mistakes and misunderstandings about the science and technology involved here.” The federal officials handling the Xi case did not know the science but went ahead and indicted him anyway.

Are we going to hear soon that the federal officials handling the Raphel case also made some fundamental mistakes and misunderstanding of the diplomatic tradecraft?  At least two of these officials leaked the probe to the news media even if no charges were filed against Ambassador Raphel.

This  was not a harmless leak. She lost her security clearance, and her job at the State Department without ever being charged of any crime. And in the court of social media, just the news that she is reportedly the subject of a spying investigation is enough to get her attacked and pilloried for treason. Perhaps, the most disturbing part in the report is that the authorities appear to have no case against her for spying, so now they’re considering slapping her with a felony charge under the Espionage Act.

Now, why would they do that?

Perhaps to save face and never having to admit that federal authorities made a mistake or lack an understanding of international statecraft? They could say —  see, we got something out of a year’s worth of investigation, so it was not completely useless.

Or perhaps because American investigators still viewed Ambassador Raphel’s relationships with deep suspicion?

Because, obviously, “deep suspicion” is now the bar for an espionage charge?

We should note that the hydrologist, Sherry Chen was cleared of spying charges but was notified in September that she will be fired by the National Weather Service for many of the same reasons the USG originally prosecuted her. Xiaoxing Xi of Temple University had been charged with “four counts of wire fraud in the case involving the development of a pocket heater for magnesium diboride thin films.” The USG asked to dismiss the case without prejudice, meaning it could be revived, according to philly.com.

Unlike the Chen and Xi cases, Raphel was never charged and was not afforded the right to defend herself in the court of law.  What we have in one case may have been a misunderstanding, a second case, may well have been a mistake, but a third case is certainly, a trend.

This is AG Loretta Lynch’s  “Houston, we have a problem” moment.


Amb. John Tefft “Attends” 9/20 Moscow Rally and Apollo 11 Moon Landing Wearing the Same Trench Coat!

Posted: 1:23 am EDT


Russian television network REN-TV reported yesterday that the U.S. ambassador to Russia, John Tefft, attended a Moscow rally of opposition activists. It apparently included a photograph purporting to show Ambassador Tefft at the event. Below via RFE/RL:

But there was one major problem with the report by the Kremlin-loyal national television network REN-TV: Tefft was not at the protest in Moscow’s outer Marino district. And the image showing Tefft talking to reporters against the background of the September 20 demonstration was a fabrication.

The U.S. Embassy in Moscow responded snarkily to the report on REN-TV’s website, saying Tefft had spent the day at home and publishing photoshopped images showing Tefft speaking to the same reporters against the background of famous historical events — including U.S. General Douglas MacArthur’s return to the Philippines in 1944 and the Apollo 11 Moon landing in 1969.






Apparently, REN- TV  first edited the report to state that it is “unknown whether these images are real or a common photo montage.” According to RFE/RL, later in the day, REN-TV followed up with an item conceding that the photograph was a fake circulated on Twitter and apologized. RFE/RL notes that the image of Ambassador Tefft used in the photo mashup was taken from an interview he gave on February 28 at the site near the Kremlin where Russian opposition politician Boris Nemtsov was shot dead the previous day:

RFE/RL says that REN-TV is majority-owned by National Media Group, a pro-Kremlin media conglomerate controlled by Yury Kovalchuk, one of numerous influential businessmen and officials sanctioned by the United States in response to Russia’s role in the Ukraine conflict. Read more here.

Well played @WBStevens, well played!


Congress Eyes @StateDept’s Special Envoys, Representatives, Advisors, and Coordinators

Posted: 2:27 am EDT


In June this year, Senator Bob Corker [R-TN] introduced Senate bill S. 1635: Department of State Operations Authorization and Embassy Security Act, Fiscal Year 2016.  On June 18, the SFRC issued a report to the full chamber and the bill was placed on Senate Legislative Calendar (Calendar No. 123). Only about 1 in 4 bills are reported out of committee. Govtrack also notes that only about 21% of bills that made it past committee in 2013–2015 were enacted. It gave this bill a 44% chance of being enacted.

While S.1635 may not be going anywhere right now, we know that Congress, at least, is eyeing with interest the mushrooming population of Foggy Bottom’s special reps, special envoy, advisors and coordinators. If this bill passes, the secretary of state will be asked to account for these 7th Floor denizens. Here is the relevant section of the bill:

204. Special envoys, representatives, advisors, and coordinators

Not later than 90 days after the date of the enactment of this Act, the Secretary shall submit a report to the appropriate congressional committees on special envoys, representatives, advisors, and coordinators of the Department, which shall include—

(1) a tabulation of the current names, ranks, positions, and responsibilities of all special envoy, representative, advisor, and coordinator positions at the Department, with a separate accounting of all such positions at the level of Assistant Secretary (or equivalent) or above; and

(2) for each position identified pursuant to paragraph (1)—

(A) the date on which the position was created;

(B) the mechanism by which the position was created, including the authority under which the position was created;

(C) the positions authorized under section 1(d) of the State Department Basic Authorities Act of 1956 (22 U.S.C. 2651a(d));

(D) a description of whether, and the extent to which, the responsibilities assigned to the position duplicate the responsibilities of other current officials within the Department, including other special envoys, representatives, and advisors;

(E) which current official within the Department would be assigned the responsibilities of the position in the absence of the position;

(F) to which current official within the Department the position directly reports;

(G) the total number of staff assigned to support the position; and

(H) with the exception of those created by statute, a detailed explanation of the necessity of the position to the effective conduct of the foreign affairs of the United States.


As of September 18, the State Department has officially listed 59 special advisors, envoys, and representatives. The list below is extracted from the state.gov list here but it’s not a complete list.  We’ve counted at least 69 appointees in this category.  We’ve added and highlighted in blue the appointments that had been announced but not added to the official list.  Entries without hyperlinks are copied as-is from the State Department list.  Hey, we’re still missing entries under FJ, K, U, V, W, X, Y, Z!


State Department’s Special Envoys, Representatives, Advisors, and Coordinators


Afghanistan and Pakistan, Special Representative
Arctic, Special Representive
Asia-Pacific Economic Cooperation (APEC), U.S. Senior Official


Biological and Toxin Weapons Convention (BWC) Issues, Special Representative
Burma, Special Representative and Policy Coordinator


Center for Strategic Counterterrorism, Special Envoy and Coordinator
Central African Republic, Special Representative
Civil Society and Emerging Democracies, Senior Advisor
Climate Change, Special Envoy
Closure of the Guantanamo Detention Facility, Special Envoy
[Colombia Peace Process, Special Envoy]
Conference on Disarmament, Permanent Representative
Commercial and Business Affairs, Special Representative
[Counterterrorism, Coordinator]
Cyber Issues, Coordinator


Department Spokesperson


[Ebola Response, Special Coordinator]



Global Coalition against ISIL, Special Presidential Envoy
Global Food Security, Special Representative
Global Health Diplomacy, Special Representative
Global Intergovernmental Affairs, Special Representative
Global Partnerships, Special Representative
Global Women’s Issues, Ambassador-at-Large
Global Youth Issues, Special Advisor
Great Lakes Region and the D.R.C., Special Envoy


Haiti, Special Coordinator
Holocaust Issues, Special Adviser
Holocaust Issues, Special Envoy
[Hostage Affairs, Special Presidential Envoy]
[Human Rights of LGBT Persons, Special Envoy]


[International Civil Aviation Organization, U.S. Representative]
International Communications and Information Policy, Coordinator

International Disability Rights, Special Advisor
International Energy Affairs, Special Envoy and Coordinator
International Information Programs, Coordinator
International Information Technology Diplomacy, Senior Coordinator
International Labor Affairs, Special Representative
International Religious Freedom, Ambassador-at-Large
[Iran Nuclear Implementation, Lead Coordinator]
Israel and the Palestinian Authority, U.S. Security Coordinator
Israeli-Palestinian Negotiations, Special Envoy


[Libya, Special Envoy]


Monitoring and Combating Anti-Semitism, Special Envoy
Mujahideen el Khalq Resettlement, Special Advisor
Muslim Communities, Special Representative
[Middle East Transitions, Special Coordinator]


Nonproliferation and Arms Control, Special Advisor 
Northern Ireland Issues, Personal Representative
North Korean Human Rights Issues, Special Envoy
North Korea Policy, Special Representative
Nuclear Nonproliferation, Special Representative of the President


Office of the Special Envoy for Israeli-Palistinian Negotiations
Organization of Eastern Caribbean States, Special Representative
Organization of Islamic Cooperation, Special Envoy


Partner Engagement on Syria Foreign Fighters, Senior Advisor
Promote Religious Freedom of Religious Minorities in the Near East and South Central Asia, Special Envoy

Quadrennial Diplomacy and Development Review, Special Representative


Religion and Global Affairs, Special Representative


Sanctions Policy, Coordinator
Science and Technology, Special Advisor

Secretary Initiatives, Special Advisor
[Security Negotiations and Agreements, Senior Advisor
Senior Advisor to the Secretary
Six-Party Talks, Special Envoy
Somalia, Special Representative
Sudan and South Sudan, Special Envoy
Syria, Special Envoy


Threat Reduction Programs, Coordinator 
Tibetan Issues, Special Coordinator
Transparency Coordinator








Special suggestions to complete this list:

F – FOIA, Special Expert Advisor
J – Japan-U.S. Cyber Dialogue, Special Advisor
K –  Kenya and Djibouti Refugee Situation, Special Advisor
U –  University Youth Events (Domestic), Senior Advisor
V-  Venezuela-Colombia Border Dispute, Special Representative
W – Weapons, Autonomous, Presidential Special Envoy
X-  Xenon Gas Release, Special Advisor
Y – Yemen Stabilization After Saudi Coalition Bombings, Special Envoy 
Z – Zamunda, Special Envoy to the Royal Kingdom

Related post:
While You Were Sleeping, the State Dept’s Specials in This “Bureau” Proliferated Like Mushroom

PSA: Know the Risk #Raise Your Shield Campaign: Spear Phishing

Posted: 4:02 am EDT


The National Counterintelligence and Security Center (NCSC) is responsible for leading the counterintelligence and security mission across the USG. It is putting out the campaign focusing on spear phishing. It will reportedly be targeting social media, human targeting, and travel awareness. You can learn more at http://www.ncsc.gov but fair warning, the website is slow and cumbersome, hard to navigate and not terribly user-friendly.

Via the Office of the Director of National Intelligence:


Here’s the Don’t Be THIS Guy: Spear Phishing video:


What Information Is Collected on OPM’s Background Investigation Forms?

Posted: 2:44  am EDT

CRS Insight

The information collected will depend on the applicant’s position and the type of background investigation required. OPM uses three standard forms for background investigations: SF-85, SF-85P, or SF-86 form. The forms are typically submitted electronically using OPM’s Electronic Questionnaires for Investigations Processing (e-QIP) system. OPM had suspended use of e-QIP “for security enhancements,” but re-enabled the system on July 23, 2015.

Data Collected for Non-Sensitive Positions

The eight-page SF-85 is required for applicants to non-sensitive positions (e.g., positions that do not require a security clearance) who require physical access to government facilities and who are in positions with a “low risk” to cause damage to the federal government or national security. The responsibilities of these positions are limited and there is little opportunity to use such positions for personal gain. For this reason, the information collected is relatively limited in scope and includes

  • full name, aliases, and SSN;
  • citizenship information;
  • employment information and addresses for the past five years; and
  • information on use or possession of illegal drugs (including marijuana) in the previous year.

Data Collected for “Positions of Public Trust”

The 11-page SF-85P is required for applicants in “Positions of Public Trust,” (i.e., positions that do not involve access to classified information, but that demand a “significant degree of public trust” due to the level of policymaking or other responsibilities). These positions may involve a “significant risk for causing damage [to the federal government] or realizing personal gain.” In addition to the information listed above, the SF-85P requires

  • identifying information (e.g., height, weight, eye and hair color);
  • military service information;
  • employment information and addresses for the past seven years; schools, if any, attended during the past seven years;
  • name, address, and telephone number of three personal references and immediate family members;
  • criminal arrests and/or convictions for the past seven years (excluding incidents prior to the applicant’s 16th birthday or traffic fines under $150);
  • financial information, including bankruptcies during the past seven years and any delinquent financial obligations;
  • foreign travel during the past seven years; and
  • information on use or possession of illegal drugs (including marijuana) in the previous year and any illegal purchase, sale, or transport of drugs in the previous seven years.

Data Collected for Security Clearances and Other National Security Positions

The 127-page SF-86 form is required for applicants to national security sensitive positions, which includes (but is not limited to) positions that require a security clearance. In addition to the information listed above, the SF-86 requires

  • employment information and home addresses for the past 10 years;
  • schools attended for the past 10 years, including a reference at each school attended;
  • personal information (including SSN) for current spouse or cohabitant;
  • foreign contacts, travels, and/or activities;
  • associations with individuals or groups dedicated to terrorism or the violent overthrow of the U.S. government;
  • details on applicant’s “psychological and emotional health,” including, with certain exceptions, details on treatments during the past seven years;
  • additional information on criminal activities, including convictions or charges involving firearms or explosives;
  • alcohol use in the past seven years that has negatively impacted the applicant’s work, personal relationships, finances, or resulted in “intervention by law enforcement/public safety personnel”;
  • use, possession, or other involvement with illegal drugs (including marijuana) in the past seven years or at any time while holding a clearance;
  • details on the applicant’s financial condition and civil court actions; and improper use of information technology systems.

What Other Records Are Contained in OPM’s Personnel Security Background Investigation Files?

OPM’s systems also include information gathered by investigators during the background investigation process, such as summaries of interviews with the applicant’s family members, co-workers, friends, and neighbors. Additionally, investigators may run credit checks, pull civil and criminal court records, and run checks of state and federal agency records to verify information that the applicant provided on the application.

According to OPM’s most recent Privacy Act Notice, personnel investigation records may also include information provided by other agencies, such as:

  • Internal Revenue Service income tax returns;
  • prior security clearance investigative records; and
  • clearance adjudicative records, including polygraph results, if applicable.

It is unclear from OPM’s news release if these types of investigative records were compromised in the breach.


US Embassy El Salvador Warns of Increased Frequency and Intensity of Security Incidents

Posted: 1:45 am EDT

The 2015 Crime and Safety Report from the Regional Security Office released in May this year, notes that crime in El Salvador can run the gamut from credit card skimming to homicide and is unpredictable, gang-centric, and characterized by violence directed against both known victims and targets of opportunity. The effect and threat of violent crime in the capital city of San Salvador, including the neighborhoods in which many U.S. citizens live and work, leads to greater isolation and the curtailment of recreational opportunities. Crimes of every type routinely occur. U.S. citizens are advised to avoid travel into the downtown area of San Salvador “unless absolutely necessary” and travel outside the cities and to Guatemala or Honduras should only be done during daylight hours and with multiple vehicle convoys for safety. Excerpt:

The threat from transnational criminal organizations is prevalent throughout Central America. There is some evidence that the Mexican drug cartel Los Zetas may have infiltrated El Salvador, although only in extremely low numbers. El Salvador has hundreds of gang “cliques,” with more than 20,000 members. Violent, well-armed, U.S.-style street gang growth continues, with the 18th Street (Barrio 18) and MS-13 (“Mara Salvatrucha”) gangs being the largest. Gangs concentrate on narcotics and arms trafficking, murder for hire, carjacking, extortion, and violent street crime. The gangs have collaborated with Mexican drug cartels to carry out murders and have sold the cartels weapons and explosives left over from the war and/or from the military. Recognizing the threat posed by MS-13, the Department of Treasury’s Office of Foreign Assets Control (OFAC) designated the MS-13 a Transnational Criminal Organization (TCO) in their list of Specially Designated Nationals. Gangs and other criminal elements roam freely, targeting affluent areas for burglaries, and gang members are quick to engage in violence when resisted. Many of the gangs are comprised of unemployed youth who do not hesitate to use deadly force when perpetrating crimes.

A contributing factor to crime is the presence of impoverished shanty communities in the midst of high-income residential and higher-end commercial areas in the capital. There are few if any areas immune from violent crime. However, the presence of armed security and the use of security features at homes have proven to be successful in combating home invasions. In 2014, armed robberies continued to be the greatest security threat facing diplomats, tourists, and business persons. Home invasions/burglaries during daylight continue to be prevalent in residential neighborhoods in San Salvador. Some home invasions occur when individuals posing as delivery men or police officers gain access to a home.

Extortion persists as a very common, effective criminal enterprise. Hitting a peak in 2009, the number of extortions has dropped from 4,528 reported cases of extortion in 2006 to 2,480 reported cases in 2014. Many of the extortion calls originate from prisons.

There were 2,480 car thefts and 1,331 carjackings reported in 2014. Not tracked however, are the significant numbers of smash-and-grab-type of auto burglaries pervasive throughout the urban areas of El Salvador.

El Salvador has one of the highest homicide rates in the world, and the Department of State updated the Travel Warning for El Salvador in November 2014 to notify U.S. citizens about travel safety concerns and challenges. Police statistics show an increase in annual homicides during 2014, attributed primarily to the cessation of a controversial 2012 truce between local gangs. Crime statistics showed that the 2014 annual homicide rate — 68.6 per 100,000 inhabitants — was significantly higher than the previous year’s 43.7 per 100,000 rate. In 2014, authorities recorded 3,912 homicides, a 55.7 percent increase from the 2,513 in 2013.

Rape remains a serious concern; in 2013 and 2014, an average of 376 rapes per year were reported. Services for victims of rape are very limited, and many victims choose not to participate in the investigation and prosecution of the crime for fear of not being treated respectfully by the authorities. Many murder victims show signs of rape, and survivors of rape may not report the crime for fear of retaliation.

El Salvador is not a danger post for allowances purposes. It is a 15% COLA and 15% hardship differential  post according to the latest bi-weekly update from state.gov.

The Crime and Safety Report is an annual product of the Regional Security Office (RSO) of every U.S. embassy. Read the full report here.


Image from CIA World Factbook 2010


On July 29, the US Embassy in El Salvador issued a security message to American citizens residing in El Salvador on the increased risk of crime and violence in the country:

In recent weeks, there has been an increase in the frequency and intensity of security incidents in El Salvador, including multiple attacks on transportation workers and security forces.  The U.S. Embassy is aware that criminal elements in El Salvador have threatened to escalate the level of violence by attacking hotels, restaurants, shopping malls and other public venues.  The grenade attack at a major hotel on July 25 demonstrates both a will and a capability to carry out such plans.

The Embassy is not aware of any threat specifically directed against U.S. citizens in El Salvador.  However, the violence of recent weeks, coupled with this new information, demonstrates the need for sustained caution and high security awareness at all times. Review your personal security plans, avoid outdoor seating (as at restaurants and bars), and monitor local news stations for updates.  Take appropriate steps to enhance your personal security. Please see the below excerpt from the Travel Warning for El Salvador:

U.S. citizens should remain alert to their surroundings, especially when entering or exiting their homes or hotels, cars, garages, schools, and workplaces.  Whenever possible, travel in groups.  U.S. Embassy security officials advise all U.S. government personnel not to walk, run, or cycle in unguarded streets and parks, even in groups, and recommend exercising only in gyms and fitness centers.  Avoid wearing expensive jewelry, and do not carry large sums of money or display cash, ATM/credit cards, or other valuables.  Avoid walking at night in most areas of El Salvador. Incidents of crime along roads, including carjacking, are common in El Salvador.  Motorists should avoid traveling at night and always drive with their doors locked to deter potential robberies at traffic lights and on congested downtown streets.  Travel on public transportation, especially buses, both within and outside the capital, is risky and not recommended.  The Embassy advises official visitors and personnel to avoid using mini-buses and regular buses and to use only radio-dispatched taxis or those stationed in front of major hotels.








No, the FTC is not/not offering money to OPM data breach victims

Posted: 1:07  pm EDT


The Federal Trade Commission’s Lisa Weintraub Schifferle, an attorney for FTC’s Division of Consumer and Business Education pens the following warning:

If you’re an OPM data breach victim, you probably know to look out for identity theft. But what about imposter scams? In the latest twist, imposters are pretending to be the FTC offering money to OPM data breach victims.

Here’s how it works: A man calls and says he’s from the FTC and has money for you because you were an OPM data breach victim. All you need to do is give him some information.

Stop. Don’t tell him anything. He’s not from the FTC.

One fake name the caller used was Dave Johnson, with the FTC in Las Vegas, Nevada. There’s not even an FTC office in Las Vegas. The FTC won’t be calling to ask for your personal information. We won’t be giving money to OPM data breach victims either.

That’s just one example of the type of scam you might see. You may get a different call or email. Here are some tips for recognizing and preventing government imposter scams and other phishing scams:

• Don’t give personal information. Don’t provide any personal or financial information unless you’ve initiated the call and it’s to a phone number you know to be correct. Never provide financial information by email.

• Don’t wire money. The government won’t ask you to wire money or put it on a prepaid debit card. Also, the government won’t ask you to pay money to claim a grant, prize or refund.

• Don’t trust caller ID. Scammers can spoof their numbers so it looks like they are calling from a government agency, even when they are not. Federal agencies will not call to tell you they are giving you money.

If you’ve received a call or email that you think is fake, report it to the FTC. If it’s an email that relates to the OPM breach, you also can forward it to US-CERT at phishing-report@us-cert.gov. If you gave your personal information to an imposter, it’s time to change those compromised passwords, account numbers or security questions.

Originally posted here.


OPM to Charge Agencies for Credit Monitoring Offered to Federal Employees

Posted: 2:32 am EDT


The latest update from “M” on the OPM breach dated July 15, notes that “The State Department never transferred personnel records to the OPM facility. However, if you had other U.S. Government service prior to joining State, you may have had records that were involved.” On the background information breach, it says that “State Department employees’ SF-85 and SF-86 forms (depending on the appointment) were in the OPM system and thus were impacted. However, other background investigation material was not.”

If you have additional questions email DG DIRECT [DGDIRECT@STATE.GOV] or OPM’s new email: cybersecurity@opm.gov

AFSA’s latest update to its membership is dated July 10 and available to read here.

Some developments on the fallout from the data breach:














State Dept Authorization Bill Mandates Security Breach Reporting, NSA Consultations –Can PenTest Be Far Behind?

Posted: 12:27 am EDT
Updated: 11:23 am PDT


Update: A source on the Hill alerted us that the State Authorization bill was offered as an amendment when the NDAA was debated in the Senate last month but it was not voted on and the NDAA passed on June 18 (That would be H.R. 1735 which passed 215 (71-25)  We understand that both chambers are now starting the process to bring the bill to conference in order to resolve differences.  The State Authorization bill, we are told, will not be part of those discussions.  In order for this to move forward, it will either need to be brought to the floor as a stand alone vote or Corker/Cardin could try again to attach it to another piece of legislation. Given that this is the first authorization bill passed by the SFRC in 5 years, and made it through the committee with bi-partisan support, we suspect that the senators will not just easily forget about this. — DS

On June 9, 2015, U.S. Senators Bob Corker (R-Tenn.) and Ben Cardin (D-Md.), the chairman and ranking member of the Senate Foreign Relations Committee, applauded the unanimous committee passage of the Fiscal Year 2016 Department of State Operations Authorization and Embassy Security Act. The SFRC statement says that it has been five years since the Senate Foreign Relations Committee passed a State Department Authorization bill and 13 years since one was enacted into law.  This State Department Authorization bill has been offered as an amendment to the National Defense Authorization Act, which currently is on the Senate floor. It is quite lengthy so we’re doing this in installments.

Below is the section on information technology system security that mandates security breach reporting, as well as making State Dept systems and networks available to the Director of the National Security Agency (NSA) and any other such departments or agencies to carry out necessary tests and procedures.

The State Department’s Consular Consolidated Database (CCD) as of 2011 contains over 137 million American and foreign case records and over 130 million photographs and is growing at approximately 40,000 visa and passport cases every day. If the CCD is compromised, it would be a jackpot for hackers that would make the OPM hack severely pales in comparison.

If this bill passes, will the penetration test by NSA on one of the world’s largest data warehouses finally happen?

Via govtrack:

Section 206.Information technology system security

(a)In general

The Secretary shall regularly consult with the Director of the National Security Agency and any other departments or agencies the Secretary determines to be appropriate regarding the security of United States Government and nongovernment information technology systems and networks owned, operated, managed, or utilized by the Department, including any such systems or networks facilitating the use of sensitive or classified information.


In performing the consultations required under subsection (a), the Secretary shall make all such systems and networks available to the Director of the National Security Agency and any other such departments or agencies to carry out such tests and procedures as are necessary to ensure adequate policies and protections are in place to prevent penetrations or compromises of such systems and networks, including by malicious intrusions by any unauthorized individual or state actor or other entity.

(c)Security breach reporting

Not later than 180 days after the date of the enactment of this Act, and every 180 days thereafter, the Secretary, in consultation with the Director of the National Security Agency and any other departments or agencies the Secretary determines to be appropriate, shall submit a report to the appropriate congressional committees that describes in detail—

(1)all known or suspected penetrations or compromises of the systems or networks described in subsection (a) facilitating the use of classified information; and

(2)all known or suspected significant penetrations or compromises of any other such systems and networks that occurred since the submission of the prior report.


Each report submitted under subsection (c) shall include—

(1)a description of the relevant information technology system or network penetrated or compromised;

(2)an assessment of the date and time such penetration or compromise occurred;

(3)an assessment of the duration for which such system or network was penetrated or compromised, including whether such penetration or compromise is ongoing;

(4)an assessment of the amount and sensitivity of information accessed and available to have been accessed by such penetration or compromise, including any such information contained on systems and networks owned, operated, managed, or utilized by any other department or agency of the United States Government;

(5)an assessment of whether such system or network was penetrated by a malicious intrusion, including an assessment of—

(A)the known or suspected perpetrators, including state actors; and

(B)the methods used to conduct such penetration or compromise; and

(6)a description of the actions the Department has taken, or plans to take, to prevent future, similar penetrations or compromises of such systems and networks.


Related Post:
S.1635: DOS Operations Authorization and Embassy Security Act, Fiscal Year 2016 – Security Clearance

We’re Hosting a Q&A With FSO Mark D. Perry of CorridorRep.com — Saturday, July 18, 7pm EST

Posted: 2:23 pm EDT
Updated: 8:41 pm EDT
Updated: 12:43 pm EDT


On July 7, I did a blogpost about CorridorRep.com, a website owned by Transparency In Government Performance, LLC. (See “Corridor Reputation” Gets a Makeover, And OMG …. It’s Now Online!)

CorridorRep.com’s site administrator is Foreign Service Officer Mark D. Perry. (Note: he is not the Mark Perry on LinkedIn). We requested a short bio and here is what he sent us:

Mark D. Perry is a consular-coned Foreign Service Officer who has served overseas in Monterrey, Cairo, and Lima.  He is currently working in a domestic assignment at the Buffalo Passport Agency.  He enjoys chocolate and looking for ways to make life better through the use of technology. Prior to joining the service, he worked in corporate HR for Tyco International, Ltd.

We cannot give you firsthand assessment of the site but readers writing this blog seems split between “this is great, yay!” or this is a terrible idea.

Mr. Perry told us via email that he has been thinking about this idea for years and floated it to a number of trusted friends. “Some said wow this is great and others said you are crazy,” he writes.

Another feedback we got is along the line of — hey, it only took a minute to figure out who runs this site; if he’s not good at protecting himself … what about my information?

We asked Mr. Perry about that and he explained that he created the LLC not to hide his identity, but to provide some additional legal protection.  That is true enough as LLC owners are protected from personal liability for business debts and claims.

We also asked about some readers’ concerns on data security, and here is his response:

I can understand the concerns about data security but I think the potential benefits outweigh these risks. Anything posted here could also be overheard in a cafe or sent by personal email to a friend or already on someone’s Facebook page. All of these are also easy targets for collection. This is nothing new. The site might make it marginally easier but I really do not see much risk in that aspect.

One reader asked about an “opt-out” so we also put that question to Mr. Perry.

[T]here really is not [a] way to prevent someone from  rating you. Preventing someone from being rated would be technically  close to impossible. Anyone can delete or edit the ratings they have  entered for others but could not delete ratings from others about  themselves. Anyone can choose not to visit the site so I guess that is one way one could opt out.

The site itself says that “you now have access to honest 360 reviews.”  One of the screencaps on the site is a section that says “Will work again with You” with the following options:  1) Supervisor, 2) Subordinate, 3) Colleague, 4) Other and 5) All.  We should note that the State Department has been using the 360 degree feedback for years primarily as a placement tool during the assignments process, and as far as we know, not as a developmental tool. See update below.

So think Yelp, Trip Advisor, Amazon and other online rating sites out there, except that the employee is now the rated brand/product.  Or perhaps the closest ones would be the student rating sites for teachers/professors performance.  Online reviews are popular and have grown prevalent in recent years.  There are even online reviews written by ex-convicts!  These online reviews have also grown controversial, of course, with some allegations of manipulation (and some real) orchestrated by companies to trick potential customers. The Harvard Business review last year, however notes that “voracious information-seeking has become deeply ingrained in many consumers, and we can envision no scenario in which they will see traditional marketing as a better provider of product information.”

In some ways, corridorrep.com is probably more like glassdoor.com, a career community that depends on everyone being able to share an inside look at a company they know.  Corridorrep.com depends on everyone being able to share an inside look about each other; it’s success certainly depends on the participation of enough individuals rating each other. Its stated goal is to have 5,000 reviews. Since we posted about the site, the online reviews have gone from 26 to 83, averaging about six reviews a day in the last 9 days.  That’s not a significant number at this time but if the number of posts continue at this rate, we estimate that the site will reach its goal in slightly over a couple of years.  The question now is how many of the Foreign Service’s 13,908 employees are willing to participate? Will Civil Service employees and Foreign Service Nationals, who all have state.gov emails also participate?

We understand that the site has become fairly controversial within the FS community. We are sure there are many more questions out there for corridorrep.com. We have offered to host a Q&A at our forum and Mr. Perry has accepted the invitation.  He will answer your questions on Saturday, July 18, 7pm EST. This forum is set as “open” so non-registered members of the forum and readers of the blog will be able to post questions of interest. You may post your questions ahead of time here: http://forums.diplopundit.net/?forum=457155.

See you at the forum!

Update:  We received the following nugget from an FSO with clarification on current use of 360 at State; our correspondent is not sure if there is a similar process for the Civil Service:

“State’s mandatory leadership and management training that everyone in the Foreign Service has to take each time they are promoted to the next level (at least for promotions to 02, 01 and into the SFS, not sure about below that) has a 360 component. You have to submit 10-15 names to review you anonymously, inlcuding subordinates, peers and bosses (the bosses are not anonymous). The results and comments are shared with you and the FSI instructors and I’ve found it quite useful. You also do one for yourself and seeing the similarities or differences between your self-image of your strengths and weaknesses and how others view you is very instructive.”

A Consular Officer also sent us the following details on the use of 360s at State/CA:

The Bureau of Consular Affairs also uses 360s as a development tool. Its CBAT program collects 360s for bidders and shares the report of the assessors’ input with the bidder. There are fewer questions than on the leadership training 360s mentioned above, but the CBAT does ask “would you work with this employee again?” and offers free text fields for assessors to say whatever they want. In general, the new (2 years old) CBAT process has been received pretty well, although I think some officers have been surprised by frank feedback.  And on the leadership training you mentioned, that is also open to Civil Service employees. I think it is mandatory at GS-13/14/15.



Related posts: