Here is an e-mail I just received from the Executive Director of the American Educational Research Association (AERA). Definitely worth a read if you're interested in privacy issues...
April 6, 2007
Dear AERA Members:
As final bags and boxes are being closed for the 2007 AERA Annual Meeting, I want to update you on an important matter for education researchers working under federal contracts. Over the course of this past year, the U.S. Department of Education has taken new steps to implement security clearance procedures for contractor employees. Several AERA members informed the Association and expressed serious concern that the process is intrusive and unwarranted for non-classified research. Articles on the topic have appeared recently in The New York Times and Education Week (www.edweek.org/ew/articles/2007/02/21/24checks.h26.html).
Over many months, AERA has been investigating this situation and pressing for greater understanding. Since September, we have been engaged in discussions with numerous federal officials at the Department of Education and other federal agencies as well as working with other research organizations (in particular with the American Association for the Advancement of Science) and individuals in the scientific community to scrutinize this issue and learn as much as we can. President Eva Baker described some of these activities in the January/February 2007 issue of Educational Researcher (http://er.aera.net/).
The actual clearance procedures required of contractual personnel vary by the risk level assigned to a position, but minimally require employees on contracts who are designated low risk to submit fingerprints. Low risk positions include those on a contractor's research team who conduct statistical analyses, but have no access to personally-identifiable information. Contractor employees in moderate-risk positions must provide a release for credit information and may also be asked to sign a release allowing investigators to ask specific questions of an individual's health care provider regarding prior mental health consultations. Researchers who collect or have access to personally-identifiable information or sensitive, but unclassified information are considered moderate risk under current Department of Education Directive OM:5-101, Contractor Employee Personnel Security Screenings.
Our goal has been to understand the authority underlying the changes, determine whether the situation is unique to the Department of Education, and to effectuate change where needed. Our efforts in the fall, for example, led the Department of Education to indicate that the directive would be revised and its implementation examined. Most recently, the Department of Education also confirmed that the medical/mental health release was not required for moderate-risk positions (at least as an initial step). At our urging, agency officials agreed to add an instruction to this effect so that contracting officers and contractors would be aware of this at the onset.
An overarching concern is about the appropriate scope of security clearance procedures. The security measures being implemented by the Department of Education may reach beyond what was originally intended under Presidential Directive HSPD-12, the key authority often cited by federal officials as extending security clearance procedures to contractors. Both the Directive and the Office of Management and Budget guidance for implementing the Directive focus on contractors who access federal facilities and critical information systems, not researchers who are engaged in primary data collection or use of these data in the field. We are seeking an interpretation from senior federal officials regarding the intended reach of the Presidential Directive and anticipate receiving clarification quite soon.
Our fact gathering thus far indicates that security clearance procedures vary by agency. The National Science Foundation, for example, does not typically require security clearance screenings for contractors who collect data or prepare analytical products for the agency. At the National Institute of Justice, only those contractors who need access to federal buildings or information systems must generally undergo security clearances. Currently, the U.S. Department of Education - relying on Directive OM:5-101 - requires a security screening process for all contractors employed for 30 days or more. Although, as noted above, this Directive is currently in the final stages of revision, Department officials have indicated that the changes are directed to clarifying the intent of the policy as it is currently being practiced - that is, that it covers all contracts.
We remain concerned about the collection of credit information and fingerprints for researchers who work in the field and have no access to federal facilities or information systems. While we recognize and appreciate the renewed efforts of federal officials to provide the best protections possible for personally identifiable information collected by researchers - and indeed, we as an Association are continuously engaged in exercises and initiatives to improve privacy and confidentiality protections - the measures must be balanced and appropriate to the circumstances.
In a post 9-11 world, there could be a reasoned need for those performing work for the federal government in federal facilities or on federal data bases to undergo security clearances at a level appropriate to the types of access. The issue of the appropriateness of security clearance procedures that are broader in scope ultimately hinges on whether there is a compelling basis to do so. The federal government has an interest in supporting research and attracting researchers - whether working under grants or contracts - of the highest quality and creativity. We take the view that any constraints need to be the minimum necessary to achieve legitimate goals. Thus, we await clarification of the scope of the security clearance requirements and the rationale underlying them. Our next steps depend on what we learn.
For now, I want to keep you, our members, informed and to let you know that this topic - as a matter of sound research policy - is very much on the active agenda of staff and of strong interest to AERA Council and the AERA Government Relations (GR) Committee. Both Council and the GR Committee have this topic on their business agendas at the Annual Meeting. Meanwhile, please e-mail me if you have knowledge or experiences that we should be aware of as we continue to address the issue of security clearances for contractual research employees.
I look forward to seeing many of you in Chicago.
Felice J. Levine, PhD