The security week that was: 12/02/11 (background checks for security dealers)

Background checks for security dealer staffs

The Electronic Security Association (ESA) is campaigning to gain access to the FBI database for background checks, arguing that since security industry employees need FBI background checks to ensure that it would "reduce the chances for felons to gain access to homes and businesses."

Here's the lay of the land on this topic. The proposed legislation (S. 1319 - PDF download ) is pretty generic. It doesn't really specify much about how the access would work, such that it would use IAFIS (the FBI biometric fingerprint system that is used to enter requests) and access the NCIC (the federal crime records database that stores everything from personal criminal histories to stolen cars, boats and more). I suppose that is to be debated in Congress, but the bill seems a bit lackluster and almost thrown together because it doesn't even address this. Maybe that is OK, because there would probably also have to be some details from the Dept. of Justice before this could be clarified.

Another issue, as the ESA noted in a missive to members, is the question of fairness. Right now, there are certain industries that can get special access to the NCIC. One is the guard services industry, which received access in 2004. There's also a provision for federally insured banking institutions to gain access to this federal database. The reasoning on that one is simple: If the federal government is going to underwrite/insure banks, it needs to ensure those banks are not being operated by crooks. The ESA-endorsed legislation, S. 1319 (introduced by Sen. Charles Schumer in June 2011), would allow all employees of an electronic security business to be checked against the database. It doesn't say just installers/service people. The way the legislation is written by Schumer, it covers everything from the janitor cleaning your equipment warehouse to the guy installing two windows and a door. I think that broad application will become one issue for this legislation (if it's given any review by the Senate at all).

The question is where do we stop? Does a PERS installer have more risk than the installer of a cable TV system in someone's home? Are they more of a risk than a guy who comes into your home or business to lay out carpet? This is the judgment that the Senate would have to make in committee. It's an important nuance, I think and again gets back to the question of who really deserves to be checked against this database. Would this legislation open the door for any contractor who works inside a home or business?

One issue is that typically access to the NCIC was only granted when specifically called for in licensing. Here's the text from Title 28 that addresses it:

"Criminal history record information contained in the III System and the FIRS may be made available ... For use in connection with licensing or employment, pursuant to Public Law 92-544, 86 Stat. 1115, or other federal legislation, and for other uses for which dissemination is authorized by federal law."

The issue as we know is that licensing is a state and sometimes a local issue, not a federal issue. In fact, the ESA itself seems to hem and haw on this topic. On one hand it wants access to check these files, but it doesn't seem to want any standards spelling out a government mandate on who would be approved and who wouldn't. I think there may exist a conflict here in that the industry wants access but doesn't want a national licensing mandate. From a recent ESA press release: "Although ESA believes that all employees in the industry should undergo criminal background checks as a way of maintaining safety and security, no government mandate would be involved." Honestly, I don't think this double standard of no national license will be an issue. Security officers still don't have a national license, but they can be checked against the FBI records.

Privacy is another issue. The legislation glosses over any sort of privacy protection and doesn't address privacy controls that would need to be in place to ensure that such original records aren't leaked. The NCIC has been pretty tightly controlled and there are federal statutes that prohibit the leaking and sale of NCIC-owned information.

Additionally, there needs to be an expectation that this legislation will take some time. The bill that authorized security officers to be checked didn't pass the first time, and that was in the days after 9/11 when they were rapidly granting access to the NCIC for organizations that previously had never had access.

Finally, I think that there needs to be some sort of industry standard on what we do with this info. The NCIC has a lot of information, including expunged information that doesn't exist elsewhere. Is it just an issue of keeping felons from being security installers? Or does the security company get to block potential employees with certain misdemeanors? When can the employer access the info? Before first hire? Every year? Randomly? What would justify blocking employment? The Private Security Officer Employment Authorization Act of 2007 (which revised the 2004 act that gave security officer firms access) specifically details things that would be red flags for employment, by mentioning offenses like "Unlawful entry of a building" and "aiding escape from prison."

If the legislation can get some traction in the Senate and address some of these undefined issues, I think it will indeed be a positive step for our industry. Considering that the bill for giving security officer firms access to this database was also from Schumer (and others), and it was eventually passed; it indicates that there is a strong possibility that the ESA-endorsed bill could become an official act.

In other news
AT&T to make industry debut, SIA announces standards initiative, more

Telecommunications giant AT&T could be ready to makes its entrance into the home security and automation market with the creation of a new "Digital Life Services" division. … The Security Industry Association is launching a new Open Supervised Device Protocol project to help create a standard protocol for interfacing identity and access control devices with security management systems and control panels. … Researchers have discovered a flaw in some Hewlett-Packard printers that could leave them vulnerable to hackers. The company admitted the flaw, but said no customers have reported an intrusion. … The adoption of network video equipment is expected to increase over the next five years in the train and tram market, according to a new report out this week by IMS Research. … The Security Dealer Association has reached a milestone with membership surpassing more than 100 companies.