Feds ask judge to dismiss smart-ID case filed by NASA contractors
Workers claim background checks mandated under new security program are too intrusive
Computerworld - The U.S. District Court in Los Angeles will hold a hearing Friday on a motion to dismiss a case involving 28 NASA contractors suing the government over background checks that are required under a mandatory smart card credentialing program.
The group filed suit last August in Los Angeles District Court against the U.S. government, NASA and Caltech, challenging what they claimed were overly intrusive background check requirements by NASA. The 28 JPL employees asked the court to not only permanently stop the background investigations but to also issue a preliminary injunction to halt the checks while the case was considered.
The background checks that were at the center of the issue were required under the Homeland Security Presidential Directive-12 of August 2004, a presidentially mandated smart-card credential program. HSPD-12 requires federal agencies to issue new tamper-proof smart-card identity credentials called Personal Identity Verification (PIV) cards to all employees and contractors. As part of the program, all employees and contractors are required to submit to comprehensive background checks, including criminal histories.
Federal agencies were supposed to have completed those checks and issued PIV cards to all employees with less than 15 years experience by last October, though many failed to meet the deadline.
In their suit (PDF format), the JPL employees claimed that the NASA requirement violated their constitutional right to "informational privacy", the right to be free from unreasonable searches and the right against self-incrimination. The scientists argued that none of them were doing any classified work for NASA and said the mandated background checks were too open-ended, and pried into "protected associational activities." They claimed the checks submitted them "to a determination of their suitability for employment that includes such wrong-headed and/or dangerously vague criteria" such as sexual orientation as well as medical and emotional history.
The judge hearing the case initially dismissed it on October 3. However following an appeal by the employees the Ninth Circuit Court of Appeals issued a temporary injunction on October 5. The injunction was issued literally hours before JPL was to begin advertising for replacements for employees who were deemed non-compliant with HSPD-12, according to a press release announcing today's hearing from one of the plaintiffs.
That temporary injunction still remains in place. A three-judge panel of the United States Court of Appeals for the Ninth Circuit is still deliberating whether to extend it.
In the meantime both Caltech and the government filed motions for dismissing the case in District Court. Those motions were allowed to continue by the Ninth Circuit court. On January 9, District Court judge Otis Wright, who is presiding over the case, issued an order dismissing Caltech as a party to the lawsuit.
Today's hearing is expected to focus on the federal motion to dismiss the case.
"We cannot predict what will happen, and we do not know whether the Ninth Circuit will issue its ruling before the Friday hearing," a statement on the plaintiffs' Web site noted.
It is possible that the judge could postpone the hearing until the Ninth Circuit makes a ruling regarding the temporary injunction, or it could hear arguments on the motion to dismiss and then postpone its decision until hearing from the Ninth Circuit, the Web site noted.
Read more about Security in Computerworld's Security Topic Center.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts