Here is an e-mail I just received from the Executive Director of the American Educational Research Association (AERA). Definitely worth a read if you’re interested in privacy issues…
April 6, 2007
Dear AERA Members:
As final bags and boxes are being closed for the 2007 AERA Annual Meeting, I
want to update you on an important matter for education researchers working
under federal contracts. Over the course of this past year, the U.S. Department
of Education has taken new steps to implement security clearance procedures for
contractor employees. Several AERA members informed the Association and
expressed serious concern that the process is intrusive and unwarranted for
non-classified research. Articles on the topic have appeared recently in The
New York Times and Education Week (www.edweek.org/ew/articles/2007/02/21/24checks.h26.html).
Over many months, AERA has been investigating this situation and pressing for
greater understanding. Since September, we have been engaged in discussions with
numerous federal officials at the Department of Education and other federal
agencies as well as working with other research organizations (in particular
with the American Association for the Advancement of Science) and individuals in
the scientific community to scrutinize this issue and learn as much as we can.
President Eva Baker described some of these activities in the January/February
2007 issue of Educational Researcher (http://er.aera.net/).
The actual clearance procedures required of contractual personnel vary by the
risk level assigned to a position, but minimally require employees on contracts
who are designated low risk to submit fingerprints. Low risk positions include
those on a contractor’s research team who conduct statistical analyses, but have
no access to personally-identifiable information. Contractor employees in
moderate-risk positions must provide a release for credit information and may
also be asked to sign a release allowing investigators to ask specific questions
of an individual’s health care provider regarding prior mental health
consultations. Researchers who collect or have access to personally-identifiable
information or sensitive, but unclassified information are considered moderate
risk under current Department of Education Directive OM:5-101, Contractor
Employee Personnel Security Screenings.
Our goal has been to understand the authority underlying the changes,
determine whether the situation is unique to the Department of Education, and to
effectuate change where needed. Our efforts in the fall, for example, led the
Department of Education to indicate that the directive would be revised and its
implementation examined. Most recently, the Department of Education also
confirmed that the medical/mental health release was not required for
moderate-risk positions (at least as an initial step). At our urging, agency
officials agreed to add an instruction to this effect so that contracting
officers and contractors would be aware of this at the onset.
An overarching concern is about the appropriate scope of security clearance
procedures. The security measures being implemented by the Department of
Education may reach beyond what was originally intended under Presidential
Directive HSPD-12, the key authority often cited by federal officials as
extending security clearance procedures to contractors. Both the Directive and
the Office of Management and Budget guidance for implementing the Directive
focus on contractors who access federal facilities and critical information
systems, not researchers who are engaged in primary data collection or use of
these data in the field. We are seeking an interpretation from senior federal
officials regarding the intended reach of the Presidential Directive and
anticipate receiving clarification quite soon.
Our fact gathering thus far indicates that security clearance procedures vary
by agency. The National Science Foundation, for example, does not typically
require security clearance screenings for contractors who collect data or
prepare analytical products for the agency. At the National Institute of
Justice, only those contractors who need access to federal buildings or
information systems must generally undergo security clearances. Currently, the
U.S. Department of Education – relying on Directive OM:5-101 – requires a security
screening process for all contractors employed for 30 days or more. Although, as
noted above, this Directive is currently in the final stages of revision,
Department officials have indicated that the changes are directed to clarifying
the intent of the policy as it is currently being practiced – that is, that it
covers all contracts.
We remain concerned about the collection of credit information and
fingerprints for researchers who work in the field and have no access to federal
facilities or information systems. While we recognize and appreciate the renewed
efforts of federal officials to provide the best protections possible for
personally identifiable information collected by researchers – and indeed, we as
an Association are continuously engaged in exercises and initiatives to improve
privacy and confidentiality protections – the measures must be balanced and
appropriate to the circumstances.
In a post 9-11 world, there could be a reasoned need for those performing
work for the federal government in federal facilities or on federal data bases
to undergo security clearances at a level appropriate to the types of access.
The issue of the appropriateness of security clearance procedures that are
broader in scope ultimately hinges on whether there is a compelling basis to do
so. The federal government has an interest in supporting research and attracting
researchers – whether working under grants or contracts – of the highest quality and
creativity. We take the view that any constraints need to be the minimum
necessary to achieve legitimate goals. Thus, we await clarification of the scope
of the security clearance requirements and the rationale underlying them. Our
next steps depend on what we learn.
For now, I want to keep you, our members, informed and to let you know that
this topic – as a matter of sound research policy – is very much on the active
agenda of staff and of strong interest to AERA Council and the AERA Government
Relations (GR) Committee. Both Council and the GR Committee have this topic on
their business agendas at the Annual Meeting. Meanwhile, please e-mail me if you
have knowledge or experiences that we should be aware of as we continue to
address the issue of security clearances for contractual research employees.
I look forward to seeing many of you in Chicago.
Felice J. Levine, PhD