CIA contractor secretly hoards his classified work

The saying goes that memories are all that remain from one’s work within the CIA or any other classified environment. That is, of course, unless you are one who likes to keep those memories alive with your own set of Cliff Notes. 

That is exactly what occurred at the CIA with Reynaldo B. Regis of Fort Washington, Maryland, from August 2006 to November 2016. He was found out, though, and recently pleaded guilty to hoarding classified information during his 10-year stint working for various contractors within the CIA.

Regis pleaded guilty to lying to the FBI when he claimed he never transferred classified information into his personal notebooks and that he never removed classified information from his work space.

As everyone who has security clearance is aware, the rules of engagement follow along the tenets of least privileged access — strict need to know. Regis found that his access to the classified databases of the CIA was wide and apparently very interesting.

Regis conducted both unauthorized searches within the CIA databases, as well as those associated with his work.

His access was such that he was able to become knowledgeable of “CIA programs, operations, methods, sources, and personnel.”

Regis would make notes on each of his searches into his notebook and then secret the notebook out of the CIA to his residence daily. Apparently, none of the routine package/bag inspections at the CIA building where Regis was employed caught Regis carrying his notebooks. Or if the notebooks were detected, they were not recognized as containing classified information.

Is intelligence document hoarding common?

Regis is not the first contractor within the U.S. intelligence community to be accused of hoarding. Two others come to mind.

• Weldon Marshall stored information about the U.S. TACAMO (Tack Charge and Move Out) concerning the methods and means for the U.S. military to maintain communications during a nuclear conflict. Where did Marshall keep the information? In his attic. Did U.S. foreign adversaries gain access to it? We don’t know. Let’s hope not.
• Harold Martin had a suitcase (and more) of secrets that he secreted out of the National Security Agency over a period of some 20 years. Just how much information did Martin remove from his classified office environment? The FBI says they found 50 terabytes of information, equal to 50,000 gigabytes (point of reference, one gigabyte is space for approximately 10,000 pages of documents). You could fill many rooms with Martin’s information. In addition, Martin was known to have stashed hard copies – six banker’s boxes in total were recovered. Martin also stored his memories at his home and in a rented storage locker.

Commonality of these insiders breaking trust

Looking at these three instances — Regis, Marshall, and Martin — we see that each of the individuals exceeded their natural access to classified information.

Data Loss Prevention (DLP) solutions may have caught these individuals later in their collection efforts. But the reality is there were very few DLP options available in the private sector when these individuals began collecting their classified information, let alone within the government sector.

What happens to Regis?

Regis now faces up to five years (maximum) in prison. He will be sentenced Sept. 21, 2018. For now, he has been released on $10,000 bail, has surrendered his passport, may not travel outside the Washington, D.C., metro area, and may not change his current place of residence without court permission.

The question to ask yourself today: Would your insider program have detected Regis?