Privacy Impact Assessment for the Background Investigation Contract Services Dictaphone Express
March 30, 2007
The FBI, through the Background Investigation Contract Services (BICS) Unit, provides timely and thorough background investigation (BI) and reinvestigation lead coverage to ensure that the FBI is staffed with personnel who meet FBI employment suitability criteria, and whose trustworthiness is sufficient for access to the classified and sensitive information necessary to perform their duties. Additionally, the BICS Unit conducts BI leads on the following by agreement: High level employees of the Department of Justice (DOJ) (including the Office of the Pardon Attorney and Assistant U.S. Attorneys); Administrative Office of the U.S. Courts; Nuclear Regulatory Commission (NRC); Department of Energy (DOE); and other Federal Government entities when appropriate; Joint Terrorism Task Force (JTTF) detailees, other Joint Task Force (JTF) detailees, Law Enforcement Executives and Elected Officials (LEO Program), Foreign Intelligence Surveillance Act (FISA) personnel, Classified Information Procedures Act (CIPA) personnel, and miscellaneous other personnel categories, including investigations relative to the security of employees of other government agencies.
The BICS Unit has developed an automated system, Background Investigation Contract Service Dictaphone Express (BDE), for collecting and managing interviews and other information assembled by the Contract Special Investigators (SIs) that are pertinent to background investigations. BDE is maintained on a stand-alone server connected to the Internet through a secure local area network and is used for dictation and transcription of SI reports of investigation. BDE captures reports of interviews and other background information that are dictated as a voice file and then permits a contract typist to retrieve the file and prepare a transcription of the report in the proper format. The reports of interviews or other transcribed data are then sent via Law Enforcement Online (LEO) as an email attachment to employees in the Background Investigation Case Support Unit (BICS) for further action.
This Privacy Impact Assessment, conducted pursuant to Section 208 of the E-Government Act and FBI policy, describes the privacy implications of the BDE tool.
The System and the Information Collected and Stored Within the System
1.1 What information is to be collected? The BDE system is a temporary storage medium for information collected by SIs in connection with background investigations. With respect to the information that is recorded, in addition to containing basic identifying data about an applicant, candidate or employee (including, but not limited to name, date of birth, address, telephone number and social security number), the information that is stored electronically for transcription typically is obtained as a result of analysis (and with consent of the applicant) of credit reports, school transcripts, medical records, and public source materials, and from interviews. These interviews are obtained from friends, neighbors and relatives who are asked about the applicant's fitness for employment, from the applicant who is interviewed as part of the background investigation, and from employment references and educational associates.
1.2 From whom is information collected? The underlying information is provided by the applicant/candidate and by individuals knowledgeable about the applicant/candidate/employee, such as current and former employers, friends, relatives and associates and is collected from commercial sources such as credit bureaus and public record checks.
The Purpose of the System and the Information Collected and Stored within the System
2.1 Why is the information being collected? The purpose of the system is to facilitate the transcription of information collected for compilation into formal reports concerning the suitability and trustworthiness of individuals for access to national security information.
Use of the System and the Information
3.1 Describe all the uses of the information. The information is used solely to prepare investigative reports for clients to be used in the adjudication of suitability inquiries. Information is formatted into a voice file on BDE. Thirty days after transcription, the voice file is purged. All that remains is a log entry listing the job number and the fact that it was completed. SI reports that are converted to hard copy are reviewed for accuracy by the BICS Unit, serialized and uploaded into the FBI's case management system, where access is strictly limited.
Internal sharing and disclosure
4.1 With which internal organizations is the information shared? Initial reports of transcribed interviews are shared within the FBI with the Personnel Security Investigation and Personnel Security Adjudication Sections. Finished products are shared with client agencies; therefore, DOJ would be provided with a finished product.
External sharing and disclosure
5.1 With which external organizations is the information shared? The information is shared with BICS clients (listed in the introductory section of this PIA). The information that is shared is limited to data pertinent to the individuals employed or under contract to those agencies and organizations for which BI services have been performed.
6.2 Do individuals have an opportunity and/or right to decline to provide information? Individuals have the right, in the first instance, to decline to provide information that is necessary for a background investigation. Without their consent to the release of information, however, a background investigation cannot be conducted.
6.3 Do individuals have the right to consent to particular uses of the information, and if so, how does the individual exercise the right? Information in the BDE system is used for background investigations only and individuals consent in advance to the use of all information for that purpose.
Technical Access and Security
8.9 Privacy Impact Analysis: Given access and security controls, what privacy risks were identified and describe how they were mitigated. In order to ensure non-disclosure of sensitive information to anyone outside of the BICS work process and compliance with FBI policies, the BDE system requires double password access for all administrators. Dictators and transcribers are required to use unique FBI-issued user identification codes and passwords to access the BDE system. Passwords must be changed every 90 days in compliance with FBI security requirements. The BDE allows SIs to complete their work in a secure electronic environment where it can be retrieved by contract typists and converted from a voice file to hard copy. Information on the system is routinely purged 30 days after completion of the transcription and this process has been automated to ensure purging occurs. The system is configured to allow for transcription but does not permit queries based on personally identifying information. Moreover, indexing or cross-referencing is used in connection with this system. All these attributes protect privacy.
The text files created from information placed in BDE are forwarded to the BICS Unit using encryption software. The files are verified for accuracy by BICS Unit personnel and are ultimately maintained in a closed area of the FBI's case management system where internal access is strictly limited. BDE logs system activity, including all users, and discrepancies (such as an unknown user) can be identified and resolved quickly.
The system has been analyzed for security, which included an accreditation of the technology and evaluation of the facility housing the system. Access to the system is limited to administrators and personnel who have a need for it in order to perform their responsibilities. Privacy and information security training are required on a yearly basis and anyone involved in the overall BICS Program, which includes BDE employees, executes a Rules of Behavior Acknowledgment Form. Any effects on personal privacy of creating a voice file which can be retrieved electronically for transcription are mitigated by the strong system controls and rules that govern BDE.
_________________________/s/ 4/9/07_______________________ (Sign / Date)
Maurice Jon Hayes
Project Manager, Security Division
Federal Bureau of Investigation
_________________________/s/ 4/12/07______________________ (Sign / Date)
Patrick W. Kelley
Privacy and Civil Liberties Officer
Federal Bureau of Investigation
____________________________________________ (Sign / Date)
Jane C. Horvath
Chief Privacy and Civil Liberties Officer
Department of Justice