A new National Security Agency (NSA) data center is seen June 10, 2013 in Bluffdale, Utah.
The U.S. government may have to reconsider how much it relies on outside defense contractors who are given top security clearances after an NSA contractor exposed top-secret phone and internet surveillance programs.
Edward Snowden, a 29-year-old systems technician at Booz Allen Hamilton Holding Corp, admitted on Sunday that he divulged details of the National Security Agency's programs to The Guardian and Washington Post.
Booz shares fell 2.6 percent on Monday, and peers such as SAIC and General Dynamics fell as much as 1.7 percent.
"We do need to take another, closer look at how we control information and how good we are at identifying what people are doing with that information," said Stewart Baker, former general counsel at the NSA and former assistant secretary for policy at the Department of Homeland Security.
Baker said Snowden's leaks show the need for the government to tighten up what can be seen by contractors, as well as government employees.
"Are we challenging him, are we auditing him? Are we taking measures to be sure he doesn't have wide-ranging access to stuff that is not relevant to him?" Baker said of a theoretical contractor with wide-ranging access.
Companies like Booz became a cornerstone of the U.S. government's national security efforts after the September 11 attacks. With a massive ramp-up in security operations came the need for organizations that could move quickly to implement new rules, regulations and screening protocols.
But that did not always go smoothly. A notorious example is the company formerly known as Blackwater, which agreed last summer to pay fines for trying to operate in Sudan despite sanctions. The company had previously been a source of strained U.S.-Iraqi relations over shootings there.
The U.S. government spends more than $300 billion a year on services that are contracted out, according to Scott Amey, general counsel at the Project on Government Oversight, an independent watchdog that investigates corruption and misconduct in government.
"The government workforce has pretty much stayed the same over the last 30 to 40 years but we've supplemented that with a contractor workforce that has grown dramatically," he said.
More than 4.9 million people had government security clearances as of October 1, 2012, including about 1.4 million with "top secret" clearance, according to the Office of the Director of National Intelligence. Nearly 800,000 government employees had "top secret" clearances, versus 480,000 contractors; the remaining "top secret" holders were not broken down.
It is too early to say whether Snowden's disclosures will create momentum on Capitol Hill to review the use of contractors and security clearance policies.
"Whether someone is a contractor does not make them more likely to leak classified information," Saxby Chambliss, the top Republican on the Senate Intelligence Committee said in a statement. "There are very good contractors in the intelligence community right now who serve their country honorably."
As of March 31, Booz employed 24,500 people, of whom 76 percent held security clearances and more than a quarter held top security clearances. According to its last quarterly report, 99 percent of Booz's revenue comes from contracts with U.S. government agencies or other federal contractors.
One senior insurance industry executive said an incident like this could affect a security contractor's future insurability, particularly given the weight insurers put on a company's reputation.
"In the brand and reputation market now, for future loss of revenue, there's now an industry that evaluates and ranks the reputations of entities," said Kevin Kalinich, a national managing director at Aon Risk Solutions.
"If you have a long-term high ranking, the recovery of your revenue is astronomically higher than for companies that have a poor brand and reputation ranking."
Booz declined comment. It said on Sunday that Snowden worked for the company in Hawaii for less than three months.
"News reports that this individual has claimed to have leaked classified information are shocking, and if accurate, this action represents a grave violation of the code of conduct and core values of our firm," Booz said in the statement. "We will work closely with our clients and authorities in their investigation of this matter."
Security experts say the risks of a Snowden-type case grow as the number of clearances proliferates.
Many contractors come from the military or government, where they already had security clearance. Under current rules, someone with clearance can keep it when they move into the private sector as long as they are going to work on a government project that requires clearance.
"Are contractors a unique risk? No - Bradley Manning wasn't a contractor," said Paul Rosenzweig, a former deputy assistant secretary for policy at the Department of Homeland Security.
Manning, the U.S. Army private first class charged with the biggest leak of classified files in the nation's history, is in the second week of his court-martial at Fort Meade, Maryland.
"It's the people, it's not what their job title is," said Rosenzweig. "What does change the dynamic is the greater number of people overall - whether they're contractors or inside."