A few weeks ago I submitted my SF-85P along with the additional questions for public trust positions form. One of the questions on the additional questionnaire asks:
In the last seven (7) years, have you introduced, removed, or used hardware, software, or media in connection with any information technology system without authorization, when specifically prohibited by rules, procedures, guidelines, or regulations or attempted any of the above? (Above refers to the actions listed in this question)
I put “no” on the form as I truly couldn’t think of anything, however I remembered something recently that made me think otherwise. About 4 years ago while I was in college, I downloaded a program someone told me about, thinking it was like a streaming site similar to Amazon/Netflix/Hulu where you pay to watch movies/tv shows. However, when I downloaded it and tried it, it turns out that it was actually a P2P program used to illegally share copyrighted media. I used it on my school’s network, and was notified of a copyright violation via the school. To resolve the incident, I had to remove the program/materials and complete a minor education program about copyright and certifying that everything has been removed. It was my first and only offense, so those were the only repercussions I had.
Does this situation fall under the context of that question on the form, and should I have put down “yes”? If so, is there a way for me to modify the info on the forms if I have already submitted them? I’m concerned because normally I would just clarify this on the interview, but I’m not sure if I will be allowed an interview since I was told the additional questionnaire is supposed to replace that. I truly forgot about this instance and just want to be forthcoming. Since this was an official offense, does that mean it will be on my record when the investigators contact the school for my files? I don’t want to make it seem like I was trying to hide anything.
Also, does anyone have an idea if this has a high chance of disqualifying me? It was legitimately an accident, and when it happened I immediately resolved it as required by my school. That was the only time something like this has happened, and ever since I’ve been more careful about what I download.
First, it wasn’t an “accident” . . . You downloaded the software on purpose believing it to be something that it was not. When you discovered that it wasn’t what you thought, you took action and satisfied the requirements of the “owner” of the system you were using it on.
The way that you think about and address this can be very important.
Did you actually download and watch anything before you got caught by the firewall? Did you download the program to your own computer? Or to a school owned server?
Your best bet is to discuss this with the investigator IF you have an interview. Otherwise, I’m not sure that I would worry about it too much. It’s not likely to be an issue if this was a one time occurrence.
Initially the P2P world seemed to be the wild, wild, west. How could they possibly stop it? But stop it they did in suing and prosecuting dozens of college kids, unsuspecting parents and business owners. Bit Torrent sites became the rage downloading pieces from here and there…over time the systems developed to protect intellectual property rights. People will always develop work arounds. I would certainly report this if it falls under the 7/10 year reporting guidelines.
Thank you both for the help. The program was on my personal computer, and I used it while on my school’s network. Nothing ended up getting downloaded when I used it so I never actually watched anything. It was caught by the firewall and I got an email from the school about the copyright issue. Then I followed the required steps to resolve the issue.
I still feel a little confused about what I should do. I have heard mixed suggestions so far when I’ve asked around. I’m leaning towards reaching out to my security office to see if I can amend my paperwork to report it - I wasn’t sure if this would be an “oversharing” situation but it does seem like the safer option. My concern is also that it might be on my official school record since it was an official offense - if an investigator discovers it from the school rather than from myself it might seem like I’m trying to hide something. And yes, this was in the 7-year time frame that the question asks about.
There is usually no way to update your security application after it is submitted. If I were in your situation, I would write up the incident and bring it to any interview. Present it to the investigator before any discussion about the incident. Include the fact that you didn’t think of this while filing out the forms. This happens all of the time. People aren’t perfect and don’t remember everything. The investigators and adjudicators know this.
Even beyond that, you downloaded a piece of software and you removed it when you found out that it wasn’t what you thought. You did on your own computer which was not, in fact, included in the “rules, procedures, guidelines or regulations” of the school. You could have just as easily downloaded this at home or elsewhere. The school said that you can’t use it on their system and you didn’t. There is a argument that this isn’t reportable at all but I would still take the action that I described above.
If the investigator gets this incident from the school when he contacts them you will have a chance, in your interview, to tell him before he asks you about it. Then your explanation becomes even more important.