UC Scrutinizes Fine for Lab Security Breach

By Silhan Jin
Staff Writer
Thursday, Nov. 15, 2007

The University of California is seeking a formal review of a $3-million fine assessed after a former employee of the UC-managed Los Alamos National Laboratory was discovered with stolen classified data.

The university was fined after authorities linked 1,219 pages of documents and classified computer data devices to then 22-year-old former laboratory archivist Jessica Quintana, who lived in a trailer that New Mexico police raided for drugs in October 2006.

UC officials said that they are requesting the legal review because of the limited time they have to discuss the issue with the U.S. Department of Energy’s National Nuclear Security Administration.

“The final notice of violation called for UC to respond within 30 days,” UC Office of the President spokesman Chris Harrington said. “[The Judicial Review] preserves the university’s right to continue ongoing discussions with the department regarding the notice of violation.”

The university objected to the alleged violations, claiming that Quintana was not employed by either the university or the laboratory when she was found with the classified material. After working at LANL for three years, Quintana’s work contract had expired a few weeks before the raid. She worked in three divisions at the laboratory, including Safeguards and Security, a physics division and the top-secret X-Division.

University officials also argued that they had taken preventative steps while managing the laboratory, such as reducing the number of removable drives and other forms of portable media.

Despite these claims, the NNSA found that the university showed “a fundamental and disturbing misunderstanding of the proper approach to security matters.”

A D.O.E. notice said that the university failed to manage its classified data, having not implemented suitable measures such as physical checks or escort oversight to prevent unauthorized removal of classified materials from the “vault-type room” where such information is stored.

The final notice of violation from the NNSA also outlined five infractions relating to the security of classified materials, alleging the “negligence” of classified material protection requirements which led to the breach by an individual subcontractor.

“[The UC system] may not escape liability for these deficiencies because an individual subcontractor exploited weaknesses in [the university’s] security management controls shortly after the university’s tenure ended,” the notice said.

The university managed the laboratory from 1943 to May 2006, just five months before the breach.

Los Alamos National Security LLC — an entity of which the university is a member — currently oversees the labs, and has already paid a $300,000 fine for seven security-related violations. Though the university had fewer violations in total, it was fined more heavily because the D.O.E. found fault in the university’s inadequate management, according to the letter.

Quintana said she had taken the material home to catch up on work and later forgot about it. She has since pleaded guilty to a single misdemeanor count of negligent handling of classified documents.

LANL representatives could not be reached for comment.

Despite the university’s decision to seek a formal legal review, it is uncertain if the university will ultimately decide to appeal the decision.

Harrington said that the university wants to communicate further with the D.O.E. on the issue, which the legal review permits.

Readers can contact Silhan Jin at sijin@ucsd.edu