[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

re: Secret Clearance



-----BEGIN PGP SIGNED MESSAGE-----

At 9:00 PM 12/5/95, Pete Loshin wrote:

>I'm definitely opposed to GAK, but the conspiracy theory approach to
>considering what it means to employ people with SECRET clearance
>may be getting a bit paranoid.

      In a discussion of governmental efforts to deny presumedly innocent
citizens the assurance that they can conduct their affairs in privacy --
and to require that "trusted," "impartial" escrow agents employ someone
who has been vetted according to undisclosed criteria, the best you can
come up with is this "conspiracy theory" saw? Did *I* invent this
stipulation?

>>From working at an organization that did a lot of government work,
>my understanding of the process of clearing employees is this:
>
>-certain tasks require knowledge or access that must be restricted
>-you have to have a high degree of trust in the people doing those tasks
>-people with money troubles, out-of-control addictions, skeletons in the
> closet, and histories of "troubles" are prime targets for subversion
>-doing a clearance check (in theory) eliminates the possibility that
> these people will be blackmailed/bribed into revealing their secrets

      Therefore, *every* GAK escrow agent *must* employ someone with an
arbitrary clearance level?

>Not that this stuff always works in practice, considering that Aldrich
>Ames <etc.>

      And what protected him? Incompetence, cronyism, corruption, and
ass-covering. Of course, any failures in GAK administration would be
handled differently...

>The point is, if you want to keep your organization's systems secure,
>you need some mechanism to do so. Security clearance is one way;
>banks and other financial institutions do other things (like finger prints,
>background checks, etc.)

      I get the point. I *disagree* with it.

>My big question is, do any of the companies providing Internet services,
>or Internet software, or digital commerce services/software, employ
>any of these security mechanisms on their employees? Comments or
>(preferably) references to actual practices?

      On the *hardware* front, definitely -- if not by law then simply by
practical need. Does the hardware in question *necessarily* apply to every
citizen in America?

Hieronymous

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQBVAwUBMMUfVr3g0mNE55u1AQE2AwH+Ps6ux/T/jME+yz6NEr2hC02m2j1TalGr
/hfzvIGytpAE3Ld6f0ltjz70RbSFb4mFX1oPbNnDVwDsPo5iSstEiw==
=4PcI
-----END PGP SIGNATURE-----