Printer Friendly

For sale: US secrets - $60.

Reprinted from the Security Awareness Bulletin, published by the Department of Defense Security Institute in Richmond, VA.

ACCORDING TO THE GREEK philosopher Plato, simple truths can be tested by extreme examples. A simple truth that security professionals argue constantly is that the strict observance of security policies and regulations - however mundane and nit-picky they appear to some cleared employees - directly affects national security. Far-fetched? Simply too hypothetical? We ask you to judge from the following account.

The credibility of the argument for sound security is held up against this extreme example: a "worst possible case" that resulted in the loss of highly classified information to Soviet intelligence. Much more could have been lost had it not been for the FBI's intervention at an early stage.

A bitter and dejected Randy Miles Jeffries can barely see the forested Adirondacks through the heavily barred windows. The former messenger, now in his fourth year of a nine-year sentence, is assigned to the federal correction facility at Ray Brook, NY-a far cry from the hustle of downtown Washington, DC, from his wife and three children, and from the scene of his crime.

Jeffries's crime was to betray his country through espionage, and although there is reason to believe that he did not fully comprehend the implications of his own behavior, most of us would agree that this is an act that cannot be excused or left unpunished. Perhaps the larger question is, How did this happen in spite of countermeasures and security safeguards designed to prevent it?

The story really begins some years before Jeffries was hired by the Acme Reporting Company, which provided stenographic reporting services for various federal agencies and congressional committees. By 1985 Acme had built up a three-and-a-half-million-dollar business from a lucrative GSA contract.

Official reports state that Jeffries, after a period of employment with the FBI (1978-1980) as a clerk, fell into drug use, was convicted for possession of heroin in 1983, and later spent four months at St. Elizabeth's psychiatric hospital in a rehabilitation program. The drug conviction resulted in a one-year suspended sentence.

After his return home in late 1985, Jeffries needed a job. He was referred to the Acme Reporting Company by a social service worker. He applied to Acme, which asked for a police check, and somewhat to his own surprise was accepted for immediate employment. Jeffries was to remain at Acme for two months. Lacking a valid driver's license, he was at first tasked with tying up bundles of transcripts and assisting the company driver in delivering completed work.

But in a few days Jeffries was assigned other duties. Much of the material Acme produced had to be photocopied. A large proportion of the transcripts for copying came from federal agencies such as the National Labor Relations Board (NLRB) and the Securities and Exchange Commission.

Some, however, originated from congressional hearings and bore classification markings such as "secret" and "top secret." Many of those hearings were transcribed by Acme employees and contained classified testimony on defense matters. For that reason Acme held a facility clearance and employed a few recorders who held security clearances. Only those selected recorders were called upon to cover closed hearings.

Within Acme's distribution department, however, access to classified material was not so carefully restricted. "Jim" did most of the classified photocopying, but sometimes others did it, like Jeffries or "Ken." Or Jim would run copies while Jeffries tied them into bundles.

One employee joked about taking some documents to the Soviet embassy to "make some money." Jeffries in fact remembered numerous instances of handling, reproducing and binding materials marked "secret" and "top secret"; he, of course, held no clearance whatsoever. As it turned out later, neither did Jim.

After his arrest Jeffries was asked to describe how classified waste or excess copies were destroyed. As he related, all copied material-including top secret - other than the final transcripts were thrown in a regular trash barrel with a plastic liner. Later those were carried to a dumpster.

Was it the flippant remark in the photocopy room about making some money off the Soviets, or was it an idea Jeffries had hatched in his mind earlier? We may never know the truth. But somehow a scheme emerged to make some "big money." The former messenger would like us to believe that his original intention was to engage the Russians in a con game - not really to sell secrets.

Although some of the information is contradictory, investigative reports indicate that Jeffries and Ken were called in to work on Saturday, December 14. According to their statements, the security officer instructed them to destroy classified transcripts by tearing them into four pieces and throwing them in the trash can. When Ken was called out to deliver a package, Jeffries was left to work alone and unsupervised.

At that point Jeffries made his fateful move: He set aside three of the classified transcripts from the pile and hid them in a storage room for retrieval in the day. Two were marked "secret" and one "top secret."

By the end of the afternoon, when Ken returned from his delivery run, Jeffries had stashed some of the documents in another area. Together Ken and Jeffries retrieved the hidden documents, which came to a stack of transcripts several hundred pages thick. Jeffries commented that now he needed to find a Russian to sell them to.

To continue the story, it is useful to turn to the facts presented in the government's criminal complaint issued to the US District Court for the District of Columbia on December 23, 1985.

According to that memorandum, shortly after 4 pm on that same day a telephone call was made from an individual identifying himself as "Dano" to the Soviet Military Office located on Belmont Road in Northwest Washington. The individual offered to sell one top secret and two secret documents and read one of the titles: "US House of Representatives, Department of Defense Command, Control, Communication, and Intelligence Programs, [C.sup.3.I], Closed Session, Subcommittee on Armed Services, Washington, DC.

The caller stated that he was leaving immediately for the Soviet office. The document was in fact top secret and had been recorded and transcribed under contract by Acme.

At approximately 4:45 pm a man answering to Jeffries's description and carrying a briefcase arrived by taxi at the Soviet Military Office, entered, and remained inside for over half an hour. The driver of the taxi was questioned by US agents, who determined that the rider had been picked up within a block of Jeffries's residence.

At that first meeting with the Soviets, Jeffries later stated that he gave them 13 sample pages of three documents in his possession. The Soviets instructed him to wait for a contact.

But Jeffries needed an immediate response. Urged on by a couple of dubious friends" whose advice he had sought, he made a second (distinctly unwelcome) visit to the Soviet establishment on December 17. He was almost denied entry. At that second visit he provided another 15 pages of the classified transcripts and asked about his request for money. He was given $60 and told to wait until April for a contact.

On Friday, December 20, 1985, an undercover agent of the FBI posing as a Soviet official called Jeffries at his home. The agent identified himself as connected with the Soviet Military Office. Jeffries admitted his visit to the Soviet Military Office and that he was in fact "Dano." He agreed to meet with the agent at the Holiday Inn on 14th Street and Massachusetts Avenue that evening.

During the meeting Jeffries reminded agent that he had seen the Soviets twice at their office and had provided at least 40 pages of samples. He said he had not yet been paid and demanded 5,000 for full copies of all three transcripts. One document he described as more than 200 pages long.

The complete copies, he claimed, were being held in safekeeping by a friend, and could be retrieved in a few minutes. He also declared that he could get other secret and top secret documents that were ripped up but could be put back together.

The arrest was made the same evening, as Jeffries was leaving the hotel allegedly to pick up the classified material he had hoped to sell. He was held without bond pending formal arraignment.

On January 14, 1986, Randy Miles Jeffries was indicted on one count of delivering and attempting to deliver national defense documents to Soviet agents and on another count of attempting to deliver national defense documents to a person not entitled to receive them. The trial date was set for March.

ON THE MONDAY FOLLOWING Jeffries's arrest, a systematic facility inspection of Acme turned up a litany of alarming facts. The following are only a few of the deficiencies noted in the final report submitted by representatives of the Defense Investigative Service DIS):

* Classified storage was totally inadequate. Material was stored in unapproved areas, rooms, and containers. As a cleared facility, Acme was authorized to possess or store materials up to the level of secret. However, clear evidence later emerged that the long-term rage of top secret transcripts was a routine practice.

* The lack of a security education program at the facility resulted in frequent security violations by uninformed cleared employees. Few if any employees had been briefed on security requirements.

* The facility failed to process security clearances for several individuals required for contract performance. Specifically, reproduction and courier personnel were not cleared and yet were required to handle classified documents. Uncleared individuals were routinely called upon to reproduce classified material, including top secret.

* Classified material controls simply did not exist at the facility. Unauthorized individuals were routinely afforded access, material was not properly secured, and records were incomplete.

* Management continually allowed at least one reporter to work at home on classified transcripts.

Consequently, the facility was rated as unsatisfactory, with a recommendation for the revocation of the facility clearance based on the compromise of top secret information. At the same time, DIS Director Thomas J. O'Brien ordered a full administrative inquiry into what had been going on at Acme. Employees of both the company and DIS were interviewed.

The inquiry report stated, "The failure of Acme's security program has resulted in at least one instance of classified national security information falling into the hands of a hostile intelligence service. It has resulted in numerous instances of classified material being subjected to compromise as a result of improper storage, access by unauthorized persons, unauthorized retention, and unauthorized destruction."

It concluded that these failures were directly attributable to the gross negligence of the facility security officer (FSO) as well as the president of the company, who remained ultimately responsible for the actions of his employees.

The fact is that the FSO had repeatedly made false and misleading statements to DIS representatives and later to the FBI, and had falsified records. Industrial security inspections had been conducted twice in 1984 and twice in 1985 before Jeffries's arrest. The most recent had been on December 9, 1985.

In each instance the security officer advised DIS inspectors that in accordance with established procedures, top secret material was handled only at customer locations and never returned to Acme premises, and that no classified destruction took place.

Nevertheless, evidence uncovered in the course of the espionage investigation showed beyond doubt that top secret material had been on the premises since at least February 1985 and that employees had been simply trashing classified material of all types. In addition, unsecured boxes of classified transcripts had been found in at least two storage rooms.

What DIS representatives found at Acme on their first follow-up inspection was a massive assortment of files and envelopes that had to be fully inspected for possible classified content. The review of materials and storage areas and interviews with officers and employees took several days.

Prior to its departure on the afternoon of December 31, the DIS team instructed the company's officers to ensure that no material of any type be removed from the facility or otherwise be tampered with until the team's return the following week.

On January 2, a thorough examination of the basement storage room was conducted. Inspectors immediately saw that virtually every envelope that contained material from House or Senate hearings had been opened and resealed with staples or cellophane tape. In some cases envelopes had not been resealed at all. They made an educated guess that classified materials had been removed to avoid further embarrassment and that those papers had been discarded in what was for Acme the normal fashion.

A few inquiries to the building manager helped investigators locate dumpsters in a service alley and find out that, due to the New Year's holiday, no garbage had been picked up since the previous Friday. Any material in the dumpsters would have been placed there on January 1 or 2.

An examination of the contents of the dumpsters revealed several large plastic trash bags from several companies. One large green bag was found to contain waste paper associated with Acme-paper envelopes and postal wrappings as well as printed materials.

Many of the items were marked with classification markings, including notes taken in hand by individuals employed as reporters by Acme. A closer look at the contents resulted in the identification of seven sets of notes relating to closed congressional hearings known to have involved classified information. There can be no escaping the fact that on top of all of the deceptions and obvious security violations that had made it easy for Jeffries to walk off with classified materials, company officials had deliberately attempted to destroy incriminating evidence that might have led to their own conviction for criminal negligence.

On January 23, 1986, Randy Miles Jeffries unexpectedly entered a plea of guilty to the charge of passing national defense documents to a person not entitled to receive them. That was the lesser of two counts on which he had been indicted and carries a maximum penalty of 10 years in prison and a $10,000 fine. The more serious charge was dropped by federal prosecutors.

Prior to sentencing on March 13, Federal Court Judge Gerhard A. Gesell expressed his frustration in not seeing before the bench officers of the company whose security had been so lax as to literally invite the theft of classified materials.

In the judge's own words, "Well, now, where is the Acme Reporting Company? A nationwide company with lush contracts in the federal government. I don't see them before me, and that organization is primarily responsible for this offense. Where are they?"

After being assured that the firm was under investigation, his honor responded, "Well, there's nothing to investigate. You have all the facts. You know they spewed these confidential documents all over for everybody to take. They laid them out. They allowed people to go around the halls talking about how they were going to sell them to the Russians. And you haven't done anything about them."

The judge went on to state that Jeffries deserved and would receive a substantial sentence, but decried the fact that Acme was still allowed to do business with the federal government, although denied classified work. In less than a year, however, Acme would cease to exist as a corporate entity.

In the face of Jeffries's claim that his acts were the work of a desperate man contending with drug addiction, Judge Gesell flatly stated that what Jeffries did could not be excused on the basis of drugs. He pronounced a sentence of three to nine years in a federal penitentiary. However, the former messenger's assignment to the Ray Brook facility in New York was by no means arbitrary. That prison has a drug treatment program as well as educational facilities for learning a trade.

WITH THIS AND SIMILAR CASES, the bottom line is always how much damage resulted from the act of espionage. And here it's fair enough to examine how much damage could have occurred if Jeffries had not been detected early in the game.

Damage assessment is difficult to discuss in an unclassified case study; however, you will benefit from some idea of the importance of the information that was lost.

A careful piece of investigative reporting by Washington Post writers Ruth Marcus and Fred Hiatt gives us a clear picture of the substance of the information in the three transcripts stolen by Jeffries. According to Marcus and Hiatt, who published their report in December 1985, although it would be difficult to identify which pages Jeffries passed as samples to the Soviets, declassified versions of those same transcripts issued by the House Armed Services Committee included discussions of US nuclear strategy, the location of Trident submarines in the Pacific, and the vulnerability of US computer and communication systems to Soviet eavesdropping.

One of the documents, with numerous sections deleted, dealt with some of the Defense Department's most sensitive plans and programs. That transcript which was classified as top secret before it was sanitized, included testimony by Donald C. Latham, assistant secretary of defense for command, control, communications, and intelligence, commonly known as [C.sup.3.I]. Latham testified before a House subcommittee in closed session on the vulnerability of military satellites, the capability of US coastal radar to track Soviet cruise missiles, and the comparative nuclear strengths of the United States and the Soviet Union.

As described in the Post article, much of the text surrounding the deletions concerns systems now being developed that would improve our ability to communicate with nuclear submarines, missile launch sites, and bombers after a Soviet nuclear first strike. Undeleted discussions remained about the use of "blue-green lasers" that would make it possible for satellites to communicate with submarines by sending pulses of light from space through the ocean.

While we cannot validate reports from unofficial sources point by point, the Post article does give us at least a general sense of the damage that took place. If Jeffries had been able to sell the complete package, unquestionably this loss would have been extremely serious in terms of national security.

Regrettably, Acme officials were not brought to court to answer for their conduct. However, in light of the circumstances surrounding Jeffries's conviction for espionage, the firm's facility clearance was revoked by the director of DIS on February 11, 1986.

And Acme faced legal problems from another quarter: A few weeks later, authorities launched a second criminal investigation involving the firm. Allegations had been made that a high-ranking official of Acme bribed a contract specialist with the NLRB. At the time, the NLRB had a substantial contract with Acme that was up for renewal.

Although the charge was never proven, the company was barred from future business with NLRB. Possibly as a result of those setbacks and the unpleasant notoriety of the Jeffries case, the firm was sold in January 1987 and incorporated under a new name and new management.

Although it was Randy Jeffries who stole the classified documents and pleaded guilty to espionage, the original culprits were Acme and its corporate officers who ignored DoD's security regulations, lied during DIS's facility inspections, and allowed daily security violations and compromise of classified materials. What could be done to prevent further misconduct?

The many lessons to be learned from this case were not lost on DIS. In general, DIS decided to take a more preventive approach to security violations. Its initial response was to establish Project Insight in March 1986.

The Project Insight team, composed of one special agent and two industrial security representatives, analyzed current industrial security inspection practices and policies; interviewed knowledgeable individuals in both the government and private sector; and devised and tested new inspection techniques. They also created a new handbook to be used by industrial security representatives.

The purpose of the new inspection techniques and guidance is to provide DIS representatives with supporting information that validates facts routinely provided by the contractor. These changes have since been incorporated in the facility inspection procedure to give the industrial security representative conducting an inspection a clearer understanding of the classified work a facility performs, who its customers are, and the amount and level of classified holdings it should have on the premises.

DIS now conducts preinspection research by talking with a facility's customers to learn the status of a contract, the level of access required, where access to classified material takes place, how classified material is handled, and if there have been any security problems or violations associated with a contract.

When DIS representatives arrive at a contractor facility, an entrance briefing is conducted with upper-level management. That briefing allows the agency to establish rapport with management before the facility inspection begins and enables DIS to assess a contractor's support for the program. And to help ensure the objectiveness of information being collected, inspecting officials also conduct unaccompanied interviews (without the security officer) with both cleared and uncleared contractor employees.

Much of this fact-finding process is now being incorporated into the more recently introduced concept of programmatic inspections. In this new approach by DIS, an accurate assessment of a firm's overall security posture can be gained from tracking the flow of classified material from start to finish on one or two contracts or projects. The method is a lot like checking an audit trail of work in progress without attempting to inspect an entire location in which the work is being done.

According to DIS Director Jack Donnelly, if any flaw is found while they are doing this inspection, DIS representatives will work with the security people to fix it right then and there and that will be the end of it. According to Donnelly, "Our job is to help educate people in industry with regard to the industrial security regulations, and not to play `gotcha'."

His statement shows that changes in facility inspection procedures since 1985 do not alter the government's goal of cooperation with and support for industry. In fact, as a result of reforms stemming from the Acme disaster and of later innovations, DIS's ability to advise and assist contractors in maintaining a sound security program have been significantly enhanced. As a result, our power to assure the protection of this nation's secrets in the custody of private industry has been reinforced.

Admittedly, the situation described at Acme was an extreme example of corporate negligence and duplicity. But should we draw the conclusion that security has to become that lax before someone is tempted to commit espionage?

Nothing could be further from the truth. In fact, in several other espionage cases, damage of this type occurred in spite of what was considered at the time to be satisfactory or even exemplary compliance with security regulations by the firm. In the cases of Thomas Cavanagh (1984) and Arthur Walker (1985), for example, security controls enforced by the company prevented an even greater loss than what did occur.

In the case of Randy Miles Jeffries and Acme, however, espionage was virtually invited by a breakdown of control at the top of the firm. Since Jeffries was an uncleared employee, his access to any classified material even under close supervision was totally unwarranted.

Regulations existed but were not enforced. Nor was there any apparent attempt to carry out an effective security awareness program for cleared employees, who lived in ignorance of the rules for transmission, storage, and destruction of classified materials.

The most obvious lesson drawn from this disaster is that the government or industry security officer is the keystone of the whole system. If that stone crumbles, damage will occur sooner or later. Much rests on the integrity of that one person and on that individual's ability to act in the national interest, enforce approved policy and regulations, and educate others on the need to protect classified information.
COPYRIGHT 1990 American Society for Industrial Security
No portion of this article can be reproduced without the express written permission from the copyright holder.
Copyright 1990 Gale, Cengage Learning. All rights reserved.

Article Details
Printer friendly Cite/link Email Feedback
Title Annotation:Randy Miles Jeffries case resulted from lax security
Publication:Security Management
Date:Nov 1, 1990
Previous Article:The call of the whistle-blower.
Next Article:Threat on the horizon.

Related Articles

Terms of use | Copyright © 2017 Farlex, Inc. | Feedback | For webmasters