The Cyber Edge Home Page

  • The millennial generation came of age when the ability to share information via technology was just beginning. Without guidelines, many began to share everything without regard of the consequences to themselves or others. Credit: GaudiLab/Shutterstock
     The millennial generation came of age when the ability to share information via technology was just beginning. Without guidelines, many began to share everything without regard of the consequences to themselves or others. Credit: GaudiLab/Shutterstock

Latest Leakers Are Canaries in Coal Mine

The Cyber Edge
July 1, 2018
By Margaret S. Marangione

To improve information management, organizations must adjust to millennial mindset.

The recent dissemination of classified information through media outlets and social media indicate that contemporary insider threat management has entered a new phase. Unlike previous generations that adhered to a strict code of silence, some millennials in charge of keeping U.S. secrets safe have the urge to share information they deem the public has the right to know. Rather than going through official channels to reveal actions they believe are wrong, people like Chelsea Manning, Edward Snowden and Reality Winner leak classified material through media and are just the first indication of information management processes that must change with the times.

Addressing this emerging and evolving problem requires understanding millennials, reviewing the 1917 Espionage Act and revisiting out-of-date insider threat models. In particular, the intelligence community (IC) must adapt to a workforce of millennials and the upcoming generation Z, who have markedly different values and ethics than the baby boomers, according to intelligence experts..

For millennials, a person’s intent and motive are paramount to determining how they feel about disclosing information. In a 2016 Rand Report, 22 percent of millennials polled felt Edward Snowden was a patriot and 15 percent said they would have released the information if they had been in his position. These numbers are significant because millennials make up 70 percent of all military personnel and 30 percent of the federal workforce. As a result, their attitudes about information and transparency affect insider threat management.

Through the lens of the psychology of espionage, insider threat management may be shortsighted in the digital age. Even the term “insider threat” seems old school for members of the millennial generation because their mindset alone could make many young employees appear to be insider threats.

The attitudes of this generation  are only one of the issues that must be addressed to renovate current information management norms. The Espionage Act, the current whistleblowing reporting structure and the lack of support for a whistleblower also must be reexamined. The decision to prosecute whistleblowers under the act is viewed by some, including the perpetrators, as a gross war on “truth tellers” because it ignores the legal definition of whistleblower, which is any person who brings to light evidence of waste, fraud, abuse or illegality. Many individuals say sharing inside information enhances quality assurance, so the federal government and its agencies should support them.

The actions of Snowden, Manning and Winner exemplify many of these current challenges. Snowden revealed Top Secret details of an NSA electronic surveillance program to The Washington Post and The Guardian. Though some denounced Snowden as a traitor, many others—especially millennials—supported his actions, calling him a whistleblower. Snowden’s supporters argued that his actions opened up a much-needed debate about security, privacy and transparency within the federal government.

Greg Austin, cybersecurity professor at the Australian Centre for Cyber Security, relates that after Snowden disclosed classified information in 2013, his organization in New York conducted a small survey. While young people thought Snowden had done the right thing, people of Austin’s generation thought Snowden’s actions were wrong, he says.

Former Director of the CIA Michael Hayden concurs. “I don’t mean to judge them at all, but this group of millennials ... simply has different understandings of the words loyalty and secrecy and transparency than certainly my generation did.”

Shane Lambert, who has more than 20 years of experience with insider threats, intelligence and counterintelligence, echoes this sentiment. Lambert says millennials do not comprehend why state secrets are needed because they share everything, and they have different attitudes about privacy. “They are a generation of free information,” he states.

This might explain how Snowden, Manning and Winner cavalierly disseminated classified information without regard or awareness for the causal chain that might follow for them or the country. “They do not understand the long-term damage of leaks and how it compromises the United States,” Lambert says.

Fran Moore, a former director for intelligence at the CIA agrees. “Individuals like Snowden, Manning and Winner do not care about ramifications … One of the challenges of an organization that must be made clear is that it is never OK to spill secrets. The real question is how do you recognize if you have a Snowden [Winner or Manning] working for you?”

Manning, a former Army private, disclosed classified information about the war in Iraq to WikiLeaks after first attempting to contact The New York Times and The Washington Post. In 2013, at age 25, she was sentenced to 35 years in prison for espionage and theft, a sentence President Barack Obama commuted in 2017.

The American Civil Liberties Union referred to the conviction as a “… sad day for all Americans who depend on brave whistleblowers and a free press for a fully informed public debate.” Manning stated that she leaked the information because she questioned the morality and ethics of U.S. policy.

Millennials’ lack of connections to institutions, employers and even secrecy agreements is exemplified in Winner’s 2017 case. Under the Espionage Act, the former U.S. Air Force senior airman was accused of providing classified information about Russian hacking of U.S. elections to the news website The Intercept. “I felt really hopeless,” stated Winner. “I was not trying ... to be a Snowden or anything.”

But on social media, people called the 27-year-old a hero and a whistleblower; they began raising money for her defense and family as soon as she was apprehended.

Under current laws, anyone who shares classified information with the media instead of working through appropriate governmental channels is not a whistleblower entitled to legal protection. Because she signed secrecy agreements under her own volition, Winner was bound by law, oath and ethics to protect material she was handling from unlawful disclosure, which included news outlets.

Winner and other millennials are likely to be motivated by their own ideological beliefs; to them, the Espionage Act is as outdated as the ox cart. On National Public Radio, senior fellow Benjamin Wittes of the Brookings Institution commented, “Broadly speaking, the problems with the Espionage Act are that it is hopelessly broad. ... What the statute talks about is information related to the national defense … [not classified information].”

The Espionage Act isn’t the only vestige of previous generations that needs to be revisited; the whistleblower information review structure also must be better defined. Even though a 2014 Office of Special Report to Congress showed that the number of submitted disclosures was on the rise, only 5 percent of the 1,747 disclosures in 2014 were investigated. These statistics may act as a deterrent to following approved channels for millennials who are hoping for decisive action in areas they view as corruption or misuse of power.

Washington lawyer Mark S. Zaid, who represents national security whistleblowers, states, “I will be the first to admit the system has serious flaws that demand strengthening, especially in ways that reassure whistleblowers that their concerns are being addressed. But that does not relieve the legal and moral obligation for Winner [and leakers] to make every possible effort short of unlawful disclosure before crossing the dangerous line of leaking.”

Unfortunately, recent developments in the offices handling whistleblower cases may not be inspiring millennials to trust official channels and avoid unlawful disclosure of information, therefore increasing the likelihood that leaking will continue. For example, George Ellard, the NSA’s inspector general, was terminated in 2016 for retaliating against whistleblowers; ironically, Ellard had stated in 2014, “Snowden could have come to me.”

Also, in December 2017, Dan Meyer, IC whistleblower ombudsman, was put on administrative leave. Many insiders say the reprimand was in response to his aggressive support of whistleblowers. Meyer’s firing is also seen as a blatant attack by the Trump administration to shut down the whistleblower and source protection program.

Organizations that handle sensitive information and employ millennials must consider how to create, communicate and enforce new standards and expectations that address the challenges generations molded by the information age bring to the workplace. Perhaps the IC’s approach to managing insider threats must change as reactively as its approach to information sharing did after the 9/11 attacks. The first step in being proactive in information management can be acknowledging a problem exists with outdated models and a change is needed in how individual threats are managed. In addition, a bureaucratic platform and leadership must be created that validates and responds to the reporting of fraud, abuse and employees’ ethical concerns in a timely manner.

The IC’s culture must recognize whistleblowers as watchdogs rather than jilted employees. Without this change, the community runs the risk of increased intelligence leaks, especially in a divisive political climate where it appears the government and leadership are at odds with their own morals and ethics.

For industry, a clear moral compass must be communicated through companies’ mission, values and strategic direction that must be well defined during a new employee’s onboarding process. Whistleblower laws must be enhanced, protected and treated as legitimate. Otherwise, whistleblowers will continue to see WikiLeaks as their only course of action.

Margaret S. Marangione is a research analyst for Syntelligent Analytic Solutions LLC and teaches writing and competitive intelligence analysis for Blue Ridge Community College, Weyers Cave, Virginia, and James Madison University, Harrisonburg, Virginia.

Enjoyed this article? SUBSCRIBE NOW to keep the content flowing.


Share Your Thoughts:

Some good points, but missed the core issue. As a former custodian of classified material, I saw 90%+ of "Secret" information was bogus. Most is a cover-up of bureaucratic stupidity, illegality, and/or corruption. The chain of command involved sees exposure of their shortcomings as treason, and attacks legal exposure accordingly. Thus, whistleblowing is the only option for true Patriots. When Officials take responsibility for stupid, illegal, and wasteful acts on their watch, the "Leaker" problem goes away..

There are many variables that contribute to the current insider threat issue which could not be addressed in this short article. Some experts feel that the post 9/11 classification/reclassification of information also plays a part. In an independent survey of 300 Federal employees and college students, which I conducted for an academic paper on this topic, many agreed that whistleblowers are the true patriots but also acknowledged that whitsleblowing is not safe.Corresponding with these issues are the Department of Defense Office of the Inspector General (DODIG) whose investigations into employee whistleblower reprisal for 2013-2015 did not meet statutory or timeliness goals for 83 percent of the cases. For example, DODIG's timeliness goals were 240 days, but the average length of investigations was closer to 608 days. This office also found that whistleblowers risk reprisal such as demotion, reassignment and firing. Recent developments in the offices and cases handling whistleblowers are not encouraging for individuals with grievances and have increased the likelihood that leaking will continue when only 5 percent of reported cases are investigated. In the OSC report, published in September 2017,the report also acknowledges that, "whistleblowers play an important role in safeguarding the federal government against waste, abuse and fraud. However, [they] also risk reprisal such as demotion and firing"

Share Your Thoughts: