Does the Teixeira case mean the national security clearance system is broken?

That a National Guardsman not long out of high school had a top-secret security clearance and access to documents meant for Pentagon leaders has raised questions in and outside government about whether the security clearance process works and whether too many people can see the nation’s biggest secrets.

Federal authorities arrested Jack Teixeira, 21, on Thursday in connection with the investigation into classified documents that were leaked on the internet. Records show that Teixeira, an airman first class with the Massachusetts Air National Guard, has been in uniform since September 2019 and was stationed at the Otis Air National Guard Base on Cape Cod. He was employed as a cyber transport systems journeyman — essentially an information technology specialist — which allowed him to obtain top-secret clearance for his work.

While he helped maintain the Defense Department’s IT infrastructure, some question why a low-level airman had expansive access to classified documents that he allegedly shared with a close-knit online community of fellow gamers.

John Brennan, who served as CIA director during the Obama administration, said every department and agency should regularly review the necessity for individuals to maintain security clearances. People should only have access to information “they need to do their job,” he said.

“These reviews should also validate the accesses individuals have to networks, databases and specific classified enclaves of information. Just because someone has a top-secret code-word clearance doesn’t mean that they should have access to all information on the top-secret network,” he added. “There needs to be ‘role-based’ access.”

More than 1.25 million people currently have top-secret clearance, according to the latest declassified Director of National Intelligence report on security clearance determinations. That count, as of October 2019, constitutes a 3% increase from the previous year and includes government employees, contractors and other unnamed people. New estimates from current government officials put this year's figure at closer to 1.3 million people.

Governmentwide, there were more than 144,000 initial top-secret security clearance reviews during the 2022 financial year and more than 99,000 periodic reinvestigations, which occur every five years regardless of a person’s actions, according to a January government report on security clearance reform. The rate at which reviews are performed has increased during the Biden administration, the report said, as the Trump administration struggled with performing security clearances.

“That’s a lot of people with clearances,” Amy Zegart, the author of “Spies, Lies, and Algorithms: The History and Future of American Intelligence,” said of the 1.3 million figure. “There’s clearly some challenges with following what everyone is doing, what they’re doing online, and I think we’re facing a moment in time when we have both overclassification of information and underprotection of classified information. So, in some ways, it’s the worst of both worlds.”

Raising further concerns about security clearances, The Wall Street Journal reported Sunday that a U.S. Navy noncommissioned officer, Sarah Bils, who left the service in November, hosted a podcast and helped maintain an online persona known as Donbass Devushka that supported Russia’s invasion of Ukraine and allegedly shared a handful of the leaked documents.

Bils had a security clearance and maintained the channel while in active service, military officials said. The channels allegedly shared Pentagon documents that were doctored to aid the Russian narrative, but Bils denied sharing information while in uniform or changing information on the documents.

“I obviously know the gravity of top-secret classified materials. We didn’t leak them,” she told the Journal.

After the Chelsea Manning and Edward Snowden leaks, the government expanded the checks it put on people with security clearances. The use of flash drives and other means of moving data were also banned and, after years of discussions, agencies have rolled out what they’ve called “continuous monitoring” or “continuous vetting” to periodically check financial and criminal records in search of behavior that could make someone a security risk. That new check process has nearly quadrupled the number of actionable alerts during the last financial year, according to the Defense Counterintelligence and Security Agency.

But Teixeira reportedly used Discord, an online forum originally used as a chat platform by video game enthusiasts, to share the leaked information with his small community of online friends, and he took photos of paper documents that he may have smuggled out of a secure facility. Bils used Telegram, an online messaging platform, to share the pro-Russian content.

Security checks are only permitted to examine a person’s public-facing social media presence — not private chatrooms, emails, messages or other accounts such as Discord or Telegram.

William Evanina, who served as the director of the National Counterintelligence and Security Center during the Obama and Trump administrations, said that it is a challenge to stop someone from “bringing documents out of a building and taking them home.” But he said it is possible the Pentagon could expand monitoring of government-owned computers, similar to how the intelligence community tracks keystrokes when users are on classified systems.

It may not have stopped Teixeira, however.

“At the end of the day, if you take documents out of the CIA, NSA or here the National Guard, you bring them home and you photograph them, there’s not much anybody can do about that, except try and get that individual before they make that bad decision,” Evanina said.

A Senate Intelligence Committee aide told NBC News that Congress would be reviewing the clearance system after the recent leaks and the committee would be holding hearings on the topic, though they were not particularly concerned with the number of people who were given top-secret security clearances. The aide noted that Teixeira was only one bad actor among the 1.3 million.

While the committee will likely discuss whether clearances should include nonpublicly available social media accounts and communications, the aide said, there are concerns whether there is the bandwidth to pursue such a thorough scrub and if it could have a chilling effect on the intelligence community’s recruitment, as it sacrifices employees’ privacy further.

On Tuesday, Defense Secretary Lloyd Austin’s memo directed that there be an immediate review of how how classified info is handled and secured.

It directs several Pentagon leaders to review procedures and standards and to provide an interim report to the undersecretary of defense for intelligence and security by May 2.

The memo also outlines extensive requirements that are already expected to be followed, some of which were likely violated in the recent leak, including validating the “need to know” standard when individuals request classified content, and calling on leaders to lead by example and reinforce the importance of safeguarding classified info.

NBC News reported last week that the White House is considering changing this policy and prioritizing national security over personal privacy online, but it appears that it would be a heavy lift and may require an act of Congress.

“The security-privacy challenge has existed forever,” Brennan said, “but the advent of the internet, social media and the overall explosion of the digital domain have compounded the challenge exponentially.”

This article was originally published on NBCNews.com