1995-12-06 - Secret Clearance (was: re: NIST GAK export meeting, sv)

Header Data

From: Pete Loshin <pete@loshin.com>
To: “‘cypherpunks@toad.com>
Message Hash: 69587ff42e60c2bc1350af10191b377e60ea09161e8ac17738dc5ff78ba04192
Message ID: <01BAC365.EB89CDA0@ploshin.tiac.net>
Reply To: N/A
UTC Datetime: 1995-12-06 04:01:51 UTC
Raw Date: Tue, 5 Dec 95 20:01:51 PST

Raw message

From: Pete Loshin <pete@loshin.com>
Date: Tue, 5 Dec 95 20:01:51 PST
To: "'cypherpunks@toad.com>
Subject: Secret Clearance (was: re: NIST GAK export meeting, sv)
Message-ID: <01BAC365.EB89CDA0@ploshin.tiac.net>
MIME-Version: 1.0
Content-Type: text/plain


I'm definitely opposed to GAK, but the conspiracy theory approach to
considering what it means to employ people with SECRET clearance
may be getting a bit paranoid.

From working at an organization that did a lot of government work,
my understanding of the process of clearing employees is this:

-certain tasks require knowledge or access that must be restricted
-you have to have a high degree of trust in the people doing those tasks
-people with money troubles, out-of-control addictions, skeletons in the
 closet, and histories of "troubles" are prime targets for subversion
-doing a clearance check (in theory) eliminates the possibility that
 these people will be blackmailed/bribed into revealing their secrets

Not that this stuff always works in practice, considering that Aldrich
Ames was an alcoholic with money troubles who then turned up 
with a lavish lifestyle, and no one he worked with noticed until it was
pretty much too late.

The point is, if you want to keep your organization's systems secure,
you need some mechanism to do so. Security clearance is one way;
banks and other financial institutions do other things (like finger prints,
background checks, etc.)

My big question is, do any of the companies providing Internet services,
or Internet software, or digital commerce services/software, employ
any of these security mechanisms on their employees? Comments or
(preferably) references to actual practices?

-Pete Loshin
 pete@loshin.com






Thread