Summary
A 36-year-old cybersecurity engineer was denied a security clearance due to concerns under Guideline K (Handling Protected Information), Guideline M (Use of Information Technology), and Guideline E (Personal Conduct). The denial stemmed from an incident in August 2018 where the applicant deliberately downloaded proprietary information onto a personal USB device while employed by a previous company.
The Statement of Reasons included allegations that the applicant deliberately downloaded proprietary information, which he accepted as disqualifying facts under Guideline M. He denied an allegation under Guideline E, mistakenly believing it related to a falsification in his Security Clearance Application. Disqualifying conditions were raised under AG ¶ 34(b), AG ¶ 34(c), AG ¶ 40(a), AG ¶ 40(d), and AG ¶ 40(e), while mitigating conditions AG ¶ 35(c), AG ¶ 35(d), and AG ¶ 41(a) were applied.
Ultimately, the judge found that the applicant failed to mitigate the security concerns. The judge determined that the applicant's actions constituted serious violations of company policy, undermining his trustworthiness and reliability. The applicant's testimony lacked credibility, and he did not demonstrate that his conduct was unintentional or inadvertent, leading to the denial of eligibility for access to classified information.
Why the Applicant Was Denied
- The applicant failed to mitigate security concerns regarding handling protected information, use of information technology, and personal conduct.
- The judge found the applicant's actions to be serious violations of company policy, undermining his trustworthiness and reliability.
- The applicant's testimony lacked credibility, and he did not demonstrate that his conduct was unintentional or inadvertent.
Conditions Referenced
- AG ¶ 34(b)appliedCollecting or Storing Protected Information in Any Unauthorized Location
- AG ¶ 34(c)appliedLoading, Drafting, Editing, Modifying, Storing, Transmitting, or Otherwise Handling Protected Information on Unauthorized Equipment
- AG ¶ 40(a)appliedUnauthorized Entry Into Any Information Technology System
- AG ¶ 40(d)appliedDownloading, Storing, or Transmitting Classified, Sensitive, Proprietary, or Other Protected Information on Unauthorized Information Technology Systems
- AG ¶ 40(e)appliedUnauthorized Use of Any Information Technology System
- AG ¶ 35(c)rejectedThe Security Violations Were Due to Improper or Inadequate Training or Unclear InstructionsThe record is silent as to what training he did receive, and the applicant was highly educated in information security.
- AG ¶ 35(d)rejectedThe Violation Was Inadvertent, It Was Promptly Reported, and There Is No Evidence of CompromiseThe applicant failed to carry his burden to prove that his conduct was unintentional or inadvertent.
- AG ¶ 41(a)rejectedSo Much Time Has Elapsed Since the Behavior Happened That It Is Unlikely to RecurThe passage of three years since the incident was not sufficient to mitigate serious security concerns.
Key Rule Quoted
“Eligibility for a security clearance is predicated upon the applicant meeting the criteria contained in the adjudicative guidelines.”
Procedural Posture
- SOR issuedFeb 20, 2021
- Answer filed—
- Hearing heldAug 11, 2021
- Decision dateSep 30, 2021
Cite For
- Serious Violations of Company Policy Under Guideline K and M
- Credibility Issues in Applicant Testimony
- Failure to Demonstrate Mitigation Under Guideline E