Latest News

Fingerprint Data of 5.6M people released in OPM Hack

Sep 23, 2015

OPM has updated the count of people whose fingerprints were released in the hacks announced earlier this year. Previous statements claimed that fingerprints of approximately 1M people were released. The latest update increases that number to 5.6M people. The total number of people whose records were released in the hack remains around 21.6M.

Two Federal Employee Unions File Suit Over OPM Data Breach

Aug 7, 2015

OPM Releases Background Check Information From All Investigations Since 2000

Aug 6, 2015

In April and June of 2015, the federal Office of Personnel Management discovered at least two computer security breaches that allowed the theft of more than 20 million personnel records from OPM computer systems. In the first incident, personal data of approximately 4.2 million current and former US government employees was stolen. In the second, larger incident the background investigation records of more than 21.5 million federal employees, contractors, and other affiliates was stolen. These data included, by OPM's own admission, the data from anyone who submitted forms SF-85, SF-85P, and SF-86 since the year 2000. Some reports indicate that the losses may go back much further in time. The released data include not just the information submitted on the forms, but also the investigation details from interviews with friends, family, co-workers, and neighbors. The data include personal identifying information from at least 1.8 million non-applicants-- close family members and co-habitants whose data (including social security numbers) were provided by applicants as part of security investigations. In some cases the stolen data include passwords used for the e-QIP system, as well as fingerprint data. OPM has barely begun individually notifying victims of the personal data release, and so far mostly only government employees. OPM has created a web page detailing much of the data release here

JPL IT security has sent out two lab-wide notifications, one shortly after the breaches were revealed to include all SF-85, SF-85P, and SF-86 applicants, and the second recently to forward a newsletter from NASA Ames Research Center with recommendations for how to deal with the release of personal information. The newsletter can be downloaded here. The list of things to do to protect oneself is neither short nor easy to implement, and the government is so far providing no support.

The impact of this release of data on the lives of federal employees and contractors, as well as national security, cannot be underestimated. The release includes complete, validated, collated data with names, social security numbers, residence histories, lists of family and associates and their contact information, information on drug history, medical, psychological, and psychiatric histories, sexual histories, and any other information revealed to investigators. Such information cannot be unreleased-- it is out and will remain out, likely to be stolen again from or released by whoever copied it from OPM. It can be used in very targeted "spearphishing" attacks and to potentially blackmail, extort, or otherwise take advantage of government employees and contractors in ways that are socially and economically harmful, and even improperly obtain national security information.

National Labor Relations Board Upholds Sanctions Against Caltech

March 15, 2014

For further information, please refer to the complete Media advisory and the NLRB Board Decision. Case docket is available on the NLRB website.

Administrative Law Judge Finds JPL/Caltech in Violation of US Labor Law

Recommends to National Labor Relations Board to find in favor of employees

May 9, 2013

Judge William G. Kocol recommended on May 9, 2013, that the NLRB find that JPL "engaged in unfair labor practices affecting commerce within the meaning of Section 8(a)(1) and Section 2(6) and (7)" of the National Labor Relations Act.

The employees were disciplined for disseminating protected, work-related information regarding the status of the Nelson v. NASA case. The employees filed complaints with the NLRB, which chose to pursue the case and argued successfully before the court that the employees' communications were protected under the act. Judge Kocol's findings will be taken up by the NLRB for final determination.

The full text of the finding and recommended order is available here: NLRB Decision.

Press Conference on NASA Data Breach

JPL Employees Call for Congressional Investigation into NASA Privacy Breech

November 28, 2012

Statement from Robert M. Nelson

My name is Robert M. Nelson. For the last 34 years I have worked as astronomer doing research at Jet Propulsion Laboratory in support of NASA's Solar System Exploration Program. I was a co-investigator on NASA's Voyager Grand Tour of the Solar System and I was the Project Scientist for NASA's Deep Space 1 mission, NASA's first mission to flyby and image a comet. I am currently a member of the Cassini Saturn Orbiter mission.

Six years ago I and my colleagues at JPL were ordered by NASA to submit to background investigations of unlimited scope into the most intimate details of our private lives. We were asked to 'voluntarily' agree to allow "...any investigator, special agent, or other duly accredited representative of the authorized Federal agency conducting my background investigation, to obtain any information relating to my activities from schools, residential management agents, employers, criminal justice agencies, retail business establishments, or other sources of information. This information may include, but is not limited to, my academic, residential, achievement, performance, attendance, disciplinary, employment history, and criminal history record information." Our employer, Caltech, which manages JPL for NASA, assured us that if we did not 'voluntarily' agree to this investigation we would be fired.

In the Fall of 2007 I and 27 JPL colleagues filed lawsuit in federal district court to stop or limit the scope of these investigations. After our suit was dismissed in District Court the Ninth Circuit Court of Appeals found merit in our case and issued an injunction that blocked these open ended probes. The Ninth Circuit ruled that the investigations had to be narrowly tailored to meet the Government's specific needs. Open ended fishing expeditions were ruled out. One of our principal concerns was that such intimate personal information could not be kept sufficiently secure in the hands of the sprawling government bureaucracy. Unfortunately, on appeal, the United States Supreme Court lifted the injunction in 2011. The Supreme Court held that our personal information was amply protected under the provisions of the Privacy Act. By June 1 of this year, the background investigations of my JPL colleagues were completed or fully underway. I left JPL on April 28.

Recently, tens of thousands of NASA present and former employees and contractors received a communication from NASA informing us that a laptop computer issued to a NASA employee in Washington had been stolen last Oct 31 after being left in a parked car. The highly personal and sensitive information on the NASA computer was NOT encrypted. Some of this information includes material gathered by the open ended and unconstrained background investigators of the type described above.

We warned of this possibility five years ago when we filed our lawsuit. We were ignored by the courts. Now, unfortunately, by virtue of the cavalier behavior of a NASA bureaucrat our argument has been proven. Our nightmare of five years ago has become a reality. We therefore are asking Congress to conduct an investigation into NASA's behavior in this unsavory affair and to develop new standards which protect the privacy of federal employees.

Robert Nelson Letter to Congressional Representatives

Statement from Dennis Byrnes

I am Dennis Byrnes, Chief Engineer for Flight Dynamics at JPL until my retirement April 1, 2012. As a plaintiff in the HSPD12 Nelson v. NASA case, I was very concerned when I received the letter from Mr. Keegan of NASA regarding the stolen computer which contained personally identifiable information for over 10,000 NASA employee and contractor personnel including myself. I am further concerned over the company with which NASA has contracted to provide identity theft services for us. No information on the company was provided nor on the process for choosing them. I have expressed my concerns and requested information from NASA in an as yet unanswered email sent on Tuesday, November 20, 2012. It follows:

From: Dennis Byrnes

Date: November 20, 2012 2:03:03 PM PST

To: hq-privacy@mail.nasa.gov

Cc: richard.j.keegan@nasa.gov

Subject: Stolen Laptop - compromised PII incident

Sirs: I have received the letter from Mr. Keegan indicating that my PII was included on the stolen laptop. I retired from JPL on April 1, 2012. I require that you tell me precisely what information relating to me was stolen. I wish to know more about ID Experts than is available on the web. How were they chosen, was it a competitive bid or do they have some inside advantage at HQ? What were the requirements in issuing the contract to them? What is the cost of the contract? There is no apparent rating or reviews of ID Experts available, how do I know that they are trustworthy or will they be releasing any information that I give them to their affiliates and unknown related companies? In your letter you list a number of recommended steps, some of which could be costly both monetarily as well as in inconvenience. Will NASA also be reimbursing me for these steps? This situation is precisely what we warned you of in our suit against you (Nelson v. NASA) regarding the implementation of HSPD12 which went to the US Supreme Court. I look forward to a timely reply. Thank you, Dennis V. Byrnes

Chief Engineer for Flight Dynamics , JPL (retired)

Statement from Jim Kulleck

In the past, handling classified material was considered to be a justified reason for demanding that federal employees be subject to extended background investigation. Due to the recent ruling by the Supreme Court, anyone who now works at JPL has been compelled by NASA to relinquish their right to privacy as a condition of employment. It appears that there are no longer any objective criteria for these types of investigations. Those who cut the grass and wash the dishes and the other 98% of the employees at JPL who do no classified work have had themselves and their families exposed to the potential of identity theft as a result of the cavalier handling of personal data by NASA and the subsequent theft of that data. During the judicial actions in this case, the plaintiff employees were not provided the opportunity for discovery, complained of the potential for data mishandling and endured false statements which were presented to the Supreme Court by the government. The Supreme Court summarily ruled in NASA's favor.

Unless there is clear evidence of illegal activity, neither the government nor businesses should be collecting information about individuals that extends beyond a person's duties as an employee. To allow various types of personal and consumer information to be accumulated enables an employer to discriminate against a potential employee without their knowledge. This, in and of itself, is inconsistent with existing employment law. Legislation needs to be implemented to correct these problems and protect individual privacy.

A Letter to Colleagues

As you know from the August 25 e-mail from JPL Deputy Director Eugene Tattini, JPL/Caltech has resumed HSPD12 credentialing and the associated investigations. The e-mail suggests that 25% of employees are yet to be badged. Some of those employees have been waiting until the lawsuit was resolved, either anticipating a better process or simply biding time. Many of them have contacted former plaintiffs in the lawsuit with questions about the process and for guidance on how to proceed. We address some of those questions ...

HSPD-12 Legal Action Dismissed, Injunction Lifted

IT IS SO ORDERED that, in light of the United States Supreme Court’s decision in the above-captioned matter, Defendant’s pending Motion is hereby GRANTED. The July 11, 2011 hearing on this matter is VACATED and no appearances are necessary. Furthermore, the preliminary injunction entered by this Court on March 13, 2008 is VACATED, and this matter is DISMISSED with prejudice, each party to bear its own fees and costs.



(Signed) HON. OTIS D. WRIGHT, II

UNITED STATES DISTRICT JUDGE

TO ALL PARTIES AND TO THEIR COUNSEL OF RECORD: Plaintiffs will not oppose a motion to dismiss by Defendants, nor an order of dismissal by this Court, in light of the following factors: 1) The Supreme Court’s decision in this matter, which assumed the existence of the right to informational privacy but refused to decide its scope; 2) the fact that NASA has decided to remove the Suitability Matrix challenged by this injunctive relief action and replace it with a less objectionable list of criteria; and 3) the fact that this action only presented a facial challenge to the background investigation process, and not a challenge to the actual application of such an investigation. In light of these considerations, plaintiffs hereby stipulate that the matter may be dismissed either by the court’s own motion or upon motion of Defendants. DATED: May 2, 2011





U.S. Supreme Court Rules for NASA in JPL Employees' HSPD-12 Privacy Case

American Astronomical Society Leadership Write to NASA Deputy Administrator Ms. Lori Garver

Dear Ms. Garver:



We are writing to you in our capacities as President of the American Astronomical Society (AAS) and Vice-Chairman of its largest division, the Division for Planetary Sciences (DPS) on the issue of background investigations of members of NASA's Jet Propulsion Laboratory staff, many of whom are AAS-DPS members. The Supreme Court has ruled that background investigations of federal contract employees like those at JPL are permissible where appropriate, but the nature and breadth of the background investigations remain at the discretion of the individual agency (Case #09-530). The decision regarding how NASA proceeds is in the hands of you and Administrator Bolden.



We hope that you might consider our suggestions as you deliberate this question. We have worked with many of the plaintiffs and submitted an Amicus Curiae brief to the Supreme Court (the first in the 112-year history of the AAS) in connection with this case. We understand that while the case was motivated by matters of unlimited investigations of personal privacy, we are also strongly concerned that an intrusive background investigation policy will detract from NASA's ability to draw the highest level of technical talent for the Agency's mission. Our view is summarized in the wording of the AAS Amicus Curiae, which said, in part, "Yet, a significant number of US astronomers would be or are unwilling to work in an environment where they are subject to intrusive, open-ended background investigations at issue here. Their loss will impact the entire professional community - even those individuals that agree to undergo the background investigations."



...



Please consider the following: 1) Homeland Security Presidential Directive #12 (HSPD12) requires only that a uniform identification badge be established for all employees and contractors at federal facilities. Background investigations are never mentioned in the directive[...]

2) Some agencies such as the National Science Foundation did not issue new credentials to employees at facilities under their cognizance. At Department of Energy-administered FFRDCs where little or no classified work is done (e.g., Fermilab), HSPD12 procedures were not imposed on workers who did not do classified work [...] We suggest that an approach modeled on the DOE and NSF implementations would lead to a reasonable closure of the HSPD12 matter. It is a solution that respects the security concerns of the government, the privacy concerns of JPL employees, and maintains the broadest reasonable access for the astronomical community to participate fully in exciting work that brings us all to NASA.



Yours sincerely,



[signed]

Debra M. Elmegreen, President

American Astronomical Society



[signed]

Daniel Britt, Vice-Chairman

AAS Division for Planetary Sciences

Path Forward

Science and Civil Liberties Stakeholder Support

Our superb legal team -- Hadsell, Stormer, Keeny, Richardson & Renick LLP -- is one of the nation's premier civil rights firms, and has given generously of their time to fight for our rights. We are urging supporters to contribute to the legal fund. Please send your donations, payable to "HSKRR", to Bob Nelson, 775 N. Mentor Ave., Pasadena, CA 91104.

Status

Current Status as of July 11, 2011 Injunction : No longer in force.

: No longer in force. Court Case against NASA: Dismissed.

Updated 9/24/10

Updated 9/24/10