On December 30, 2010 the International Association of Chiefs of Police (IACP) released a report on their yearlong study of police cybervetting policy, “Developing a Cybervetting Strategy for Law Enforcement.” The report was a collaborative effort by the IACP and the Defense Personnel Security Research Center (PERSEREC). The report states that:
Using the Internet to gather information concerning job applicants and incumbents is an extension of existing background investigations conducted on persons applying for positions and promotions within law enforcement. The Internet is merely a new source to identify and collect information about people’s behavior.
The report doesn’t provide a “model” or “suggested” policy, but rather guidelines for agencies to develop their own policy based on the needs of their individual departments and the communities they serve. According to a September 2010 IACP survey, 31% of law enforcement agencies are already using cybervetting for law enforcement applicants.
Cybervetting Guidelines are presented at Appendix C of the report. In view of the “Bozeman Blunder” perhaps the most controversial aspect of the recommended guidelines is the provision that:
With the consent of applicants, candidates, and incumbents, law enforcement agencies may review online information about these individuals available on websites, where a subject’s password is required to view content. . . . Applicants, candidates, and incumbents may be asked to access password-protected websites so that the recruiter or background investigator can review their profiles, blogs, or other online forums for disqualifying content. . . . Law enforcement agencies should not ask for passwords.
Additionally a recommended supplemental questionnaire asks for information regarding an applicant’s past and present:
- e-mail addresses
- online screen names, handles, or nicknames (except those used for banking or healthcare).
- websites or blogs where they are members, frequent, or contribute
PERSEREC produced a separate report, “Developing a Cybervetting Strategy for National Security Positions,” in part from the same study, but it will not be available to the public.