State Department security officials failed to sweep scores of rooms for bugging devices and repeatedly failed to account for highly classified documents, according to a critical audit by the department's inspector general.
The inspector general said lax security procedures plagued the department's handling of "sensitive compartmented information" (SCI), the government's most sensitive intelligence reports. The report said that 140 offices handling those materials had never been swept for listening devices.
It said that 239 of 1,890 SCI reports distributed from the super-secret National Security Agency's Cryptological Support Group had not been returned to the group's secure facility inside the State Department between August and October 1998. In one case, a pouch was returned empty; another was returned open with the key in it, the report said.
"The Department is substantially not in compliance with the director of central intelligence's directives that govern the handling of SCI," the inspector general, Jacqueline Williams-Bridger, concluded in the report.
All this happened before FBI agents discovered a Russian spy lurking outside the State Department building, leading to the discovery of a listening device placed in a conference room on the seventh floor of the headquarters.
The inspector general's report, completed in September but kept largely confidential, was ordered by the Senate Select Committee on Intelligence in 1998 after an earlier seventh-floor security breach. In 1998, a man strolled into the executive secretary's office, six doors down from Secretary of State Madeleine K. Albright's, helped himself to classified briefing materials in view of two secretaries and walked out. The man was never identified and the materials were never recovered, a senior State Department official said over the weekend.
Congress was so upset by the inspector general's report last fall that it held up some funding earmarked for the department's Bureau of Intelligence and Research (INR), the section responsible for safeguarding top-secret reports. To obtain the funds, department officials must submit a plan for improving security by Jan. 31.
"There were serious concerns about procedures there," a senior intelligence official said over the weekend. "This requires action, and that is what's happening. CIA security officers are working closely with [State Department] representatives."
The security review triggered by the inspector general's findings coincides with heightened concern about espionage throughout the federal government. Congress reorganized the Department of Energy last year to improve security and counterintelligence after an FBI investigation into allegations of Chinese espionage at DOE's nuclear weapons complex.
A senior State Department official said Friday that the House and Senate intelligence committees will receive a full report on planned security upgrades by Jan. 31.
The official said, however, that "if you're going to follow documents around the building, you need to have people to log things in and log things out." Another senior department official estimated that the Diplomatic Security (DS) bureau would need 50 to 100 people to implement the report's recommendations.
"Everyone thinks it is useful to have people highlight [the security issue], particularly since the solution requires resources," said a senior State Department official.
Most security upgrades recommended by the inspector general had not been implemented last month when a Russian intelligence operative, Stanislav Borisovich Gusev, was expelled from the United States for monitoring a listening device planted inside the seventh-floor conference room.
FBI agents immediately began interviewing department employees and contractors to determine how Russia's Foreign Intelligence Service managed to plant the device. A senior State Department official said Saturday that investigators still haven't found out how the bug was placed but that "we have some leads" and that the investigation is "very robust."
In the report, Williams-Bridger noted that the department has about 350 contractors--providing services such as cleaning and equipment maintenance--working inside its headquarters building, and that most of their employees do not have security clearances.
The report also said that thousands of authorized visitors, including hundreds of foreign government officials, had enjoyed unescorted access throughout headquarters once they were cleared by the main security desk. In one two-day period in September 1998, the inspector general found, 1,726 visitors, including 326 foreign officials, entered the building and most moved "about the building unescorted."
"A recent FBI report stated that suspected foreign intelligence personnel were granted unescorted access," the inspector general reported. "The policy of allowing unescorted access poses a significant security vulnerability for the surreptitious planting of listening devices, theft of documents or overhearing discussions of classified information."
The State Department stopped allowing authorized visitors unescorted access to its sprawling headquarters last summer.
But while the department plans to tighten access to offices cleared for dealing with top-secret materials, 140 offices that receive SCI material have yet to be inspected, upgraded and certified as SCI facilities, according to department officials and aides on Capitol Hill.
State Department officials also have not decided whether to transfer responsibility for handling and safeguarding all SCI intelligence reporting to DS, as the inspector general recommended. Now DS handles secret materials and the INR handles top-secret items.
The department also has yet to strengthen sanctions against employees who mishandle classified information. The inspector general reported that from 1995 to 1998 the department referred to the FBI 53 cases in which employees were suspected of unauthorized disclosure of classified information.
"None of these cases resulted in prosecutions, yet FBI officials stated that in some instances department employees admitted, when interviewed by FBI agents, the inappropriate and deliberate release of classified information to unauthorized individuals," the report said.
In 1998, the department reported 1,673 incidents involving the mishandling of classified documents, the report said, and 218 employees were cited after each was involved in four incidents--the threshold for disciplinary action--but none was dismissed.
"Administrative actions taken to discipline employees are ineffective to ensure that poor security practices are corrected," the report said. "Unit security officers are not well informed about security requirements and do not have the authority to enforce security requirements."
"I know I have seen violations in numbers that I think are unacceptable and I don't think people have been admonished to the degree that would make them reevaluate," a senior State Department official conceded.
Some department officials contest the view widely held by defense and intelligence agencies that State is a massive security risk. "The thought that every visitor to every government office needs a full-time escort is ridiculous," said one former senior official.
Both current and former department officials complain that some documents are more highly classified than they need to be and that security rules hamper the ability to conduct debates about and reviews of foreign policy that are inherently more wide-ranging and open than in military or intelligence bureaucracies.
"Where you run into problems is with the pressing and legitimate desire on the part of policymakers to hold and review classified documents to make good policy and the desire of INR to say that a document is classified and you can't keep it," said a former INR official.
Because the documents aren't supposed to leave INR's custody, INR officers are theoretically supposed to sit in meetings where highly classified documents are being used. "It's unrealistic," the former official said. "They don't want a junior flunky sitting in on high-level policy meetings."
In comments attached to the inspector general's report, DS officials agreed with the recommendations. But INR officials disputed the conclusion that they had failed to adequately protect SCI material and said they opposed transferring responsibility to DS.
INR's response, drafted in July by its chief, Deputy Secretary of State Phyllis Oakley, who has since retired, noted that "of the 1,700 infractions [involving improper handling of classified documents], only six involved SCI material."
But Oakley added: "INR wishes to be very clear that even one infraction involving SCI material is unacceptable. The Bureau takes very seriously the [inspector general's] concerns about the way such materials are handled."
Oakley acknowledged that "one of the immediate benefits" of the inspector general's review was a realization by INR senior managers that the bureau's security director had failed to report a number of possible security violations. The official, Oakley wrote, was promptly rotated to another job.