1995-12-06 - re: Secret Clearance

Header Data

From: nobody@REPLAY.COM (Anonymous)
To: cypherpunks@toad.com
Message Hash: 6c11dbdfe910a174c51f2e30965293dab84cb89b3fb5ae172e372cde3ca0e930
Message ID: <199512060445.FAA22949@utopia.hacktic.nl>
Reply To: N/A
UTC Datetime: 1995-12-06 04:44:07 UTC
Raw Date: Tue, 5 Dec 95 20:44:07 PST

Raw message

From: nobody@REPLAY.COM (Anonymous)
Date: Tue, 5 Dec 95 20:44:07 PST
To: cypherpunks@toad.com
Subject: re: Secret Clearance
Message-ID: <199512060445.FAA22949@utopia.hacktic.nl>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

At 9:00 PM 12/5/95, Pete Loshin wrote:

>I'm definitely opposed to GAK, but the conspiracy theory approach to
>considering what it means to employ people with SECRET clearance
>may be getting a bit paranoid.

      In a discussion of governmental efforts to deny presumedly innocent
citizens the assurance that they can conduct their affairs in privacy --
and to require that "trusted," "impartial" escrow agents employ someone
who has been vetted according to undisclosed criteria, the best you can
come up with is this "conspiracy theory" saw? Did *I* invent this
stipulation?

>>From working at an organization that did a lot of government work,
>my understanding of the process of clearing employees is this:
>
>-certain tasks require knowledge or access that must be restricted
>-you have to have a high degree of trust in the people doing those tasks
>-people with money troubles, out-of-control addictions, skeletons in the
> closet, and histories of "troubles" are prime targets for subversion
>-doing a clearance check (in theory) eliminates the possibility that
> these people will be blackmailed/bribed into revealing their secrets

      Therefore, *every* GAK escrow agent *must* employ someone with an
arbitrary clearance level?

>Not that this stuff always works in practice, considering that Aldrich
>Ames <etc.>

      And what protected him? Incompetence, cronyism, corruption, and
ass-covering. Of course, any failures in GAK administration would be
handled differently...

>The point is, if you want to keep your organization's systems secure,
>you need some mechanism to do so. Security clearance is one way;
>banks and other financial institutions do other things (like finger prints,
>background checks, etc.)

      I get the point. I *disagree* with it.

>My big question is, do any of the companies providing Internet services,
>or Internet software, or digital commerce services/software, employ
>any of these security mechanisms on their employees? Comments or
>(preferably) references to actual practices?

      On the *hardware* front, definitely -- if not by law then simply by
practical need. Does the hardware in question *necessarily* apply to every
citizen in America?

Hieronymous

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQBVAwUBMMUfVr3g0mNE55u1AQE2AwH+Ps6ux/T/jME+yz6NEr2hC02m2j1TalGr
/hfzvIGytpAE3Ld6f0ltjz70RbSFb4mFX1oPbNnDVwDsPo5iSstEiw==
=4PcI
-----END PGP SIGNATURE-----





Thread