Monday, November 12, 2007

A little background

HSPD-12 is "Homeland Security Presidential Directive 12". It is a directive by the president for a government wide standard for identification of federal employees and contractors. You can find information on it here.

NASA falls within this realm and is required to implement the standards required by HSPD-12.

So why this site? Well, for a couple of reasons. Many people are upset at the amount of privacy invasion that will occur as part of NASA's HSPD-12 process. Background investigations include the interrogation of friends and relatives, insight into marital status and history, financial and bankruptcy history, etc. In addition, waivers must be signed releasing financial and medical history information. All of this, even for contractors that don't work with any sensitive information. Even for people in non-sensitive positions such as cleaning staff.

As you can see, this can rub people the wrong way. In fact, 27 scientists at the NASA JPL center are suing to protect their privacy. On October 11th, an appeals court granted them an injunction and agreed that the case raises serious provacy concerns.

NASA has aggravated the problem further with incompetence. For example, the SF85P form for the complete background investigation includes specific signature forms to release credit histories and medical information. These releases are well worded and state exactly how the information will be used. They even spell out the exact questions that may be asked to a practitioner about mental health. But above and beyond that, NASA has decided to tack on it's own release form, such as form NF1684. This form is titled as a release of credit history, but has text in the middle about the release of medical information. It does not state how or when the information will be gathered except that it will be in accordance with the FCRA. The real incompetence is that the form specifically states that the employee understands that this release is voluntary. But when NASA officials are asked about the "voluntary" release of information, they claim it is voluntary: you can either keep your job or not. They use this separate form as a way to keep your background investigation from being submitted for completion. If you don't sign their "voluntary" release form, they hold your investigation paperwork back, and you lose your badge.

This site was set up as a place for people to voice their opinions. Our voices should be heard. If you work at NASA and don't agree with processes that require horrible doublespeak about what the word "voluntary" means, then don't sign the 1684 form! Demand answers as to how your information will be used, and why you MUST sign a form that makes you admit that the release is voluntary. Use the comment sections or send them to hspd12jsc@gmail.com to voice your opinions here and demand answers from the security and badging personnel.

1 comment:

G said...

The article cites the White-house HSPD-12 website: http://csrc.nist.gov/policies/Presidential-Directive-Hspd-12.html

Note that the HSPD-12 initiative, the text of which is cited in full on that website, says nothing about investigations.

The investigations apparently stem from the suggested OPM implementation of HSPF-12. This can be found here:

http://www.whitehouse.gov/omb/memoranda/fy2005/m05-24.pdf

The document, in fact, proposes implementing things that are not included in HSPD-12-- the NACI requirement was already an existing requirement for new employees; the OMB is apparently aggomerating that onto the HSPD-12 procedure.

It doesn't fully answer the questions about the NASA implementation, though. It requires a National Agency Check with Written Inquires (NACI) for everybody. However, although NACI itself is a pretty egregious invasion
of privacy, nevertheless it doesn't require permission to access credit records or medical records. NACI and Credit check is a different investigation, NACIC, which is NOT what the OMP site says is required. And health records are yet a different check, not included in either NACI or NACIC.

(see at http://irm.cit.nih.gov/security/table2.htm )

So, apparently, the NASA implementation of HSPD-12 requires things that are not included either in HSPD-12 or in the OPM guidelines.