author photo
By Bruce Sussman
Mon | Nov 9, 2020 | 8:51 AM PST

If you apply for a U.S. government job that requires an FBI background check, should you be able to ask for the results?

Not just yes, you passed or sorry, you failed, but specifically, what information did the FBI uncover about you? 

The FBI just made the case in court that you do not have the right to see this information. And the agency built its case around what you can call a very interesting "Cyber Intrusion Defense."

Federal government job applicant: I want my background check info

Noel Whittaker had a background check done by the U.S. government in 2007 when he applied for a job. He was a chemist with the National Institute of Health (NIH).

Years later, Whittaker filed a Freedom of Information Act (FOIA) request to get detailed results of his FBI screening known as a National Agency Check.

The federal government gave him a highly redacted document with the details blacked out, so the whole thing ended up in court.

Cyber Intrusion Defense used to keep secrets a secret

This is where the FBI and the U.S. Department of Justice, the Defendants, used cyber intrusion as a reason for not turning over this kind of information. 

From the court case, Whittaker vs. the U.S. Department of Justice:

Defendants note that a "broad range of specific investigative techniques and procedures would be put at risk if the FBI began disclosing name check results."

They provide examples, including the following:

"[I]f a criminal involved in unlawful cyber intrusions was subject to a name check and learned the FBI found no information concerning her, she could positively determine the FBI currently had not detected her cybercrimes.

This would provide her information suggesting that the FBI may not possess the technology necessary to detect her criminal behavior or may expose the limitations of the FBI's technological capabilities to detect and deter certain types of cybercrimes.

This would enable the criminal to make an informed decision on how she may successfully continue to commit crimes without detection by the FBI. Conversely, if this same criminal found the FBI had located information on her, she could conclude the FBI had likely detected her commission of cybercrimes. This would allow her to pre-emptively destroy evidence of her crimes, and/or modify the means by which she commits her criminal acts... to avoid further detection or disruption by the FBI."

The court agreed and dismissed the case. Whittaker will not be getting details of his background check.

Judge Amit Mehta summed up the decision like this:

"The FBI applies a categorical withholding policy in part because revealing the underlying information could compromise the techniques and procedures that produce that information. Even in cases where the National Agency Check results contain no derogatory information, a requester could discover that the FBI lacks the methods necessary to capture or track the requester's illicit behavior.

If the FBI were to reveal any specific techniques or procedures associated with Plaintiff's results, Plaintiff would be made aware of those methods' use as to his own activity, which would 'reduce or nullify their effectiveness.'"

That's an interesting cyber defense angle, isn't it?

You can read the entire court decision here.

Tags: FBI, Cyber Law,