I have to discuss my own job history to provide context for my reaction to the indictment. Now the familiar reader can probably anticipate my reaction; I left the GOP (although never politically active) over Trump's 2016 nomination, supported both impeachments and have written literally thousands of critical tweets and up to dozens of blog posts. The recent indictment was hardly unexpected but I didn't really expect the nature and extent of charges.
In the aftermath of a stalled academic career due to a recession, I had reinvented myself as a professional Oracle DBA. My UH dissertation chair had taught a couple of graduate database courses; UH had installed an early version of Oracle on an IBM mainframe compatible; the campus DBA had such a hard time keeping the database open our entire class had to take an incomplete one semester. So that experience was always in the back of my mind if I ever needed to resume my professional IT career. Initially I faced a chicken or the egg problem with no professional exposure to Oracle. I got my foot in the door via a low-salary contractor at the EPA in Chicago and spent most of the next decade in the local area, more recently as a contractor or consultant. Work opportunities had largely dried up by 2004, when an Indian American company offered me a contractor role st National Archives in College Park, MD. In part, that explains my obsession over the fight between NARA and Trump on Presidential records.
I had a cluster of federal contractor gigs over the following decade, but for the most part I was shut out of the significant clearance job market, another chicken or the egg problem. It was next to impossible to get sponsored for a clearance; you're not billable and if the lengthy process clearance is denied, they have to restart their search.
I ended up moving to WV on an expiring contract; there were other DBA gigs if I were to stay in WV, e.g., at the FBI, but you had to qualify top secret through an even more stringent chicken or the egg process. I did get a contingent offer for a Pittsburgh area Department of Energy (comparable to TS) Q clearance gig. I remember a 2+ hour interview over my 75-oage background check at a fast-food place (she wanted to use the library but for some scheduling reason it was unavailable). It was like Waiting for Godot. My landlady had told her my apartment was unavailable my first week in WV (I had to pay the bill out of my pocket; commuting from over 200 miles away was not an option) So my POC calls screaming at me over a "material omission" to my paperwork, griping she now had to make a return visit to question motel management and staff about me. Seriously, dude? I checked in and checked out. End of story.
But a separate story I've mentioned in the past takes the cake, Apparently, they went to a 2009-10 employer headquarters and found it vacated. So, now they're demanding to know why I "lied" about my job history. It's not like former employers keep in contact over business issues. I had referenced Google to complete my background questionnaire, It took a lot of Googling to figure out what had happened, and the fact an investigator couldn't do the same sucks. It turns out my former employer had lost its key USPTO contract recompete; I saw a note they were suing the adverse award. I eventually found the CEO's resume on LinkedIn, mentioning they closed down the company in 2012.
I had been told by my agency it took their last candidate a couple of weeks, then it was "any day now", then weeks turned into months. Soon even my agency didn't return my calls. Not a rejection, but indirectly I heard that new DOE civilians automatically got priority. I got contacted by a Charleston, SC USMC vendor on an expiring contract. They tried to sell me the recompete was a lock, but the real sell was getting to update my EBS Apps DBA experience.
Of course, getting a clearance is not a "one-and-done" process but more of an ongoing one including periodic reviews and self-reports of relevant events, This includes adverse lifestyle changes (e.g., debt and personal bankruptcy), any legal issues, including arrests, unusual changes in behavior (e.g., emotional stability) and/or exacerbating dependency issues (e.g., alcohol, drug abuse, gambling), developing connections with foreigners or terrorists: anything that an adversary could use to compromise a cleared person for access.
Then there 'are the physical access and related restrictions/protections. You can't bring a cellphone, other smart devices or recordable media (e.g., flash drive into a SCIF, or a secure facility where you can access classified documents from secured containers or SIPR emails. I recall having to be escorted into the vault and having to do training before I could open the vault or a secure container. Typically, you might require separate tokens with multi-factor authentication before accessing NIPR and SIPR connected devices. There are protocols for marking media, scanning for malware, etc. for things like software updates or authorized data extracts. If a visitor is escorted into the SCIF, personnel are alerted so their work can be shielded. You may be subject to searches going in or out of the facility.
Just as a side note, when I, as an ensign, was training as a Nuclear Power School math instructor, we had to complete certain program requirements, like a course on reactor principles. I think the general constructs behind the nuclear-powered subs were well-known, in the open academic/industry literature, so I'm not sure why but we were required to mark our notes, and we couldn't take them home to study. Perhaps it was training in the classification process
The big picture is, as a DBA, I was more interested in maintaining the technical infrastructure than in functional access to sensitive data. For example, I might need to ensure all security patching on a database server is current, the current software version is actively supported by the vendor, support multi-factor authentication and enforce use of complex, frequently rotated passwords, verify database connection connections are encrypted as well as data in the database, etc. Various processes are audited and reviewed. Server files are controlled for need-to-know access. PII/ HIPAA data access is restricted. Proactive database monitoring is done for things like showstopper resource issues. Backups and flexible, rapid recovery strategies are reviewed. I'm not implying the above list is exhaustive, but it is a good taste of common concerns. If you have a disk failure, DoD retains custody of the disk to ensure it is degaussed or otherwise making any residual data unrecoverable
Of course, a cleared DBA must maintain various vendor and/or security certifications (e.g., Sec+) and various vendor and security trainings or refreshers like the ubiquitous Cyber Awareness, TARP, OPSEC, derivative classification, information security. To give a relevant example, any one of the photographs from the Trump indictment is 50 times worse than anything you will encounter in Cyber Awareness.
"Do as I say, not as I do?" When I exhaustively reviewed the timeline of Trump v NARA, I came upon anecdotal incidents in media reports like a classified document found in a Trump White House women's restroom and some reports of aides having to retrieve documents from Trump's living quarters. Now I've been a critic of Trump's impulsive, undisciplined, shallow judgment and decision-making. Trump thinks he's above the law; he's a total hypocrite. One of his key talking points in the 2016 campaign was over alleged classified documents on Clinton's email server; In fact, in 2018, Trump signed into law tougher sanctions for classified data mishandling.
It wasn't just the anecdotal incidents mentioned above that troubled me about Trump's stewardship over the nation's secrets, but this incident from 2017:
The Post, citing current and former U.S. officials, reported Monday evening that the information relayed by the president to Russian Foreign Minister Sergey Lavrov and Ambassador Sergey Kislyak "jeopardized a critical source of intelligence" on ISIS:
"The partner had not given the United States permission to share the material with Russia, and officials said Trump's decision to do so endangers cooperation from an ally that has access to the inner workings of the Islamic State. After Trump's meeting, senior White House officials took steps to contain the damage, placing calls to the CIA and the National Security Agency...Trump 'revealed more information to the Russian ambassador than we have shared with our own allies.' "
Trump also reportedly boasted to the Russians about the intelligence he was receiving, telling the two men, "I get great intel. I have people brief me on great intel every day":"Trump went on to discuss aspects of the threat that the United States learned only through the espionage capabilities of a key partner. He did not reveal the specific intelligence-gathering method, but he described how the Islamic State was pursuing elements of a specific plot and how much harm such an attack could cause under varying circumstances. Most alarmingly, officials said, Trump revealed the city in the Islamic State's territory where the U.S. intelligence partner detected the threat.
Trump's narcissism is a fatal character flaw that puts our nation's security at risk. It wasn't even our own intelligence effort; it undermined the trust relationship with a key ally and put the covert operator's life at risk. Trump didn't have the judgment and self-discipline to keep his mouth shut. He was trying to impress 2 Russians for no legitimate reason, no matter how he tries to gaslight us otherwise.
I'm not going to go into detail here over the battle between Trump and NARA, eventually resulting in an FBI search at MAL. First, as a former POTUS, Trump had no need to know or right to possess classified or other government documents.
Trump has been unambiguously wrong from the start; let me start with a few key points:
- Trump had no right to government documents, period, on leaving office This includes any and all classified documents, even allegedly declassified ones, and any Presidential records.
- "The PRA requires that all records created by Presidents (and Vice-Presidents) be turned over to the National Archives and Records Administration (NARA) at the end of their administrations...The Presidential Records Act (PRA) requires the President to separate personal documents from Presidential records before leaving office.,, There is no history, practice, or provision in law for presidents to take official records with them when they leave office to sort through. If a former President or Vice President finds Presidential records among personal materials, he or she is expected to contact NARA in a timely manner to secure the transfer of those Presidential records to NARA.Prior to the end of his administration, President Trump did not communicate any intent to NARA with regard to funding, building, endowing, and donating a Presidential Library to NARA under the Presidential Libraries Act. Accordingly, the Trump Presidential records have been and continue to be maintained by NARA in the Washington, DC, area, "
- "Presidential records are ... prepared or utilized for, or circulated or communicated in the course of, transacting Government business. Personal records include “diaries, journals, or other personal notes serving as the functional equivalent of a diary or journal". The Presidential Records Act (PRA) requires the President to separate personal documents from Presidential records before leaving office.,, The PRA provides very specific requirements should a President seek to dispose of Presidential records that they determine “no longer have administrative, historical, informational, or evidentiary value.This must be done while they are in office, and they must first obtain the views of the Archivist of the U.S. in writing."
The nature of the criminal indictment is beyond the scope of this post.
The indictment accuses Trump of breaking seven laws, including 31 counts of willful retention of national defense information and single counts of false statements and representations, conspiracy to obstruct justice, withholding a document or record, corruptly concealing a document, concealing a document in a federal investigation and a scheme to conceal.
I know at one time the government told Trump (before the MAL search) that he needed to padlock and video capture access to storage. And apparently a lot of boxes were moved just before an on-site government visit. And let's be clear: the typical SCIF goes beyond padlocks and video monitoring. And MAL had a number of public events and did not vet visitors like DoD.does.
The indictment seems to be compelling, although Trump deserves his day in court. The documents he stole posed a grave risk to US security if released. At one point Trump seems to suggest they work around the subpoena [obstruction of justice] . At another point, in a recorded conversation:
Prosecutors investigating former President Donald Trump’s handling of classified documents have obtained a July 2021 [post-subpoena] voice recording of Trump reportedly describing a classified document he kept at his Florida home, Mar-a-Lago.The voice recording was created by Trump’s own assistant during an interview of Trump by aides to his former chief of staff Mark Meadows, who was writing a book. On the recording, Trump reportedly talked about a document in his possession — believed to be a memo by Gen. Mark Milley about U.S.'s options to take military action against Iran — that Trump described as still classified.
If any cleared federal employee or contractor did a mere fraction of what is in Trump's indictment, they would be serving time. Trump is not above the law.
