U.S. IT pros may face background checks

The George W. Bush administration plans to convene a panel of government and private-sector labour and legal experts to develop guidelines for subjecting tens of thousands of corporate IT and other employees to background investigations.

The panel, as described in the president’s “National Strategy for Homeland Security” report, released July 16, would be convened jointly by the secretary of Homeland Security and the attorney general following the establishment of a cabinet-level U.S. Department of Homeland Security. It would examine whether current employer liability statutes and privacy concerns would hinder “necessary background checks for personnel with access to critical infrastructure facilities or systems.”

That means employees in industries that include banking, chemicals, energy, transportation, telecommunications, shipping and public health would be subject to background investigations as a condition of employment.

“Personnel with privileged access to critical infrastructure, particularly [IT-based] control systems, may serve as terrorist surrogates by providing information on vulnerabilities, operating characteristics and protective measures,” the Bush report states.

Some IT professionals see the plan as both an infringement on civil liberties and a recipe for destroying innovation and economic prosperity.

Jonathan Blitt, president of ITT Industries Inc.’s network systems and services division in New York, said expanding background investigations would do more harm than good.

“I [have] great concern with any effort to expand the size of government intervention in commercial operations. The people you most want on your side are the people that may seem least desirable to a panel of so-called experts,” Blitt said, referring to the community of programmers and ethical hackers who often live on what he referred to as the “fringe” of society.

“This pandering to the masses should stop, and professional reason should start. This plan could put shackles on an industry that is critical to the growth of our country.”

Others see no problem with the requirement for background investigations. Eric Johansen, a systems analyst at ReliaStar Life Insurance Co. in Minneapolis, is one of those.

“Yes, there is added cost, but companies should be doing this anyway as part of standard hiring procedures,” Johansen said. “A position like systems analyst [or] network administrator requires access to extremely sensitive data and control of many business-critical tasks. It would be ridiculous not to screen employees. Companies should not need President Bush’s push in order for this to happen.”

Indeed, background investigations are already conducted by many companies that have sensitive or critical positions that are vulnerable to terrorist infiltration, such as airport baggage screeners and air marshals, said Ed Badolato, president of Washington-based Contingency Management Services Inc. Investigations are necessary because they “provide a baseline for preventing known criminals and potential terrorists from working in vulnerable areas,” said Badolato, who oversaw some of the government’s most stringent and expensive background investigations when he served as deputy assistant secretary for energy emergencies at the Department of Energy.

The main challenges facing companies that don’t currently conduct detailed background investigations on employees include determining how much of the workforce needs to obtain a security clearance, who will pay for the government-level security investigation and how those clearances will be administered and maintained, said Badolato.

Vinton Cerf, senior vice president for Internet architecture and technology at WorldCom Inc., said that while there are benefits to such background checks, they are not a panacea for homeland security.

“Given the technical nature of much of the critical infrastructure it seems likely that these investigations will uncover some number of risks that employers were not aware of,” said Cerf. However, “I am ambivalent about the ultimate utility of these measures, since compromise of trusted individuals is not something an investigation can prevent.”

The administration’s desire to ensure that employees at critical facilities don’t pose a threat could also provide incentive for Bush to establish a chief privacy officer post at the proposed Homeland Security Department. “I think that we are very open to having that discussion,” said Steven Cooper, Bush’s CIO for homeland security. “I suspect the American public is also interested.”

Meanwhile, Bush has threatened to veto current legislation that would create the cabinet-level post if Congress doesn’t grant him the ability to limit the workplace rights of the 177,000 federal employees who would make up the new department. Bush has argued that current labor laws would limit his ability to manage the department. Critics fear that the administration is seeking a way to deny employees collective bargaining and civil service protections.