Congressional IT Contractor Didn’t Pass a Background Check

By Michael Klazema on 5/15/2018

An IT contractor who had access to email servers for United States House of Representatives members worked without a background check, according to a report from security and risk management publication CSO. The contractor, Imran Awan, is currently facing fraud charges and a class-action lawsuit.

Emails leaked as part of the 2016 Democratic National Committee (DNC) hack indicate Awan was a go-to source when members of the House of Representatives needed IT assistance. Reps would contact Awan if they forgot their passwords. The CSO article indicates roughly 80 members of Congress had contact with Awan over the years.

Given this role and its inherent access to sensitive information, Awan appeared to be in line to obtain a government security clearance—or at least undergo a thorough background check. According to CSO, workers who are members of the “Congressional administrative staff” are not required to obtain national security clearances but are expected to undergo background checks. The Committee on House Administration guidelines include a section concerning shared staff—the category into which Awan would fit—and the vetting expectations for those employees.

Based on Congressional guidelines, Awan should have at least passed a “Capitol Police Criminal History Records Check.” This type of check would be the equivalent of a state criminal history check for the District of Columbia. The CSO article does not mention whether Congressional administrative staff are supposed to have any screenings beyond this criminal check—such as criminal searches outside of Washington, D.C.employment verification checks, or identity checks.

Why was Awan’s background check overlooked? The answer might be found in the wording of the Committee on House Administration guidelines. The guidelines state “it is recommended that Member and Committee offices” request a background check for shared employees due to the sensitive information those employees often access during their work. “Recommended” is the key word in that sentence: Congressional departments are not technically required to conduct background checks on shared administrative staff.

When authorizing someone to provide IT services, a House member can conduct the background check, but they can also check a box that says, “I have verified that a trustworthiness determination has been made on behalf of this shared resource by another Member.” In other words, if another member has already run a background check on a “shared resource,” that member can offer an attestation of trustworthiness for the resource.

Evidence shows many Congress members used this method to approve Awan to provide IT resources. However, no one could identify who initially attested to Awan’s trustworthiness, which means no one can verify a background check ever took place.

Awan is currently under investigation for bank fraud and potential involvement in a “cyber breach operation” during his time as a Congressional aide. There have also been accusations that Awan accessed information or servers he shouldn’t have, something that may have been prevented had he been required to pass a background check.



Tag Cloud
Recent Posts

Latest News

  • May 18 In search of more personnel and considering normalization, some major employers have elected to drop pre-employment drug screens for marijuana. As the opioid epidemic continues, there is still a role for workplace drug tests.
  • May 15

    A Congressional IT contractor who is facing bank fraud, a class-action lawsuit, and allegations of cyber breach never underwent a background check. Congressional guidelines recommend background screenings but have a loophole that makes it possible to skip them.

  • May 10 Are SSN background checks essential, or even necessary? We look at what Social Security Number data can and cannot do in the background check process.
  • May 10

    In the wake of an attack in which the perpetrator used a rental vehicle to strike pedestrians, and with a growing number of such attacks around the world in recent years, rental companies must consider how to address the issue. Effective security measures have proven difficult to implement.

  • May 08 Some statistics suggest employers aren’t running international background checks. In a job market where foreign candidates are increasingly common, this oversight can be dangerous.
  • May 03

    Despite player numbers in the millions, the primary sanctioning body for youth soccer in the United States established no standard policy requiring background checks. They face legal jeopardy due to the actions of abusive coaches. 

  • May 03 Are you applying for a job with Starbucks? Here’s what to expect from the background check process.
  • May 02 — Further restrictions have been placed on employers that inquire about prior criminal records. Timeframes have been adjusted and asking about expunged records is prohibited. 
  • May 01 Uber is expanding its background check policies. Going forward, the company will incorporate repeat background checks and ongoing criminal monitoring into its driver screening processes.
  • April 28 Airport background checks are governed by the TSA and FAA. They typically include employment history checks, criminal history searches, and a few other elements.