[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Secret Clearance (was: re: NIST GAK export meeting, sv)

I'm definitely opposed to GAK, but the conspiracy theory approach to
considering what it means to employ people with SECRET clearance
may be getting a bit paranoid.

From working at an organization that did a lot of government work,
my understanding of the process of clearing employees is this:

-certain tasks require knowledge or access that must be restricted
-you have to have a high degree of trust in the people doing those tasks
-people with money troubles, out-of-control addictions, skeletons in the
 closet, and histories of "troubles" are prime targets for subversion
-doing a clearance check (in theory) eliminates the possibility that
 these people will be blackmailed/bribed into revealing their secrets

Not that this stuff always works in practice, considering that Aldrich
Ames was an alcoholic with money troubles who then turned up 
with a lavish lifestyle, and no one he worked with noticed until it was
pretty much too late.

The point is, if you want to keep your organization's systems secure,
you need some mechanism to do so. Security clearance is one way;
banks and other financial institutions do other things (like finger prints,
background checks, etc.)

My big question is, do any of the companies providing Internet services,
or Internet software, or digital commerce services/software, employ
any of these security mechanisms on their employees? Comments or
(preferably) references to actual practices?

-Pete Loshin
 [email protected]