[Cryptography] Security clearances and FOSS encryption?

[Rick Smith, Cryptosmith]

It should be clear by now from the conversation that holding a security clearance doesn't in general qualify or disqualify someone from working on FOSS.

There are a lot of scenarios. A small number involve bad behavior by someone with a clearance, but we don't necessarily know if a person has a clearance. If someone intentionally subverts a FOSS project as their job representing an intelligence agency, then the agent isn't going to be bragging about security clearances. At least, a competent agent won't.

In any case, it comes down to a single solution - assurance through multi-person control. Teamwork for system maintenance, teamwork for code review, teamwork for everything. Human error and incompetence are bigger risks, and we can reduce the risks with the same mechanism.

Rick.