[Cryptography] Security clearances and FOSS encryption?
Arnold Reinhold
agr at me.com
Tue Jul 8 14:10:14 EDT 2014
Ian commented:
# There aren't specific restrictions as such with security clearances [1]
# but there are conflicts of interest. If a person has a security
# clearance, then they have a master or power. If they are devoted to
# your project, then this means they serve two masters, the best you can
# hope for is that the other master is dormant.
#
# That power can be used at will. There are a range of pressures that can
# be put on a person to assist the power.
Anyone who is employed by some government or a company that does business with one or more governments has a conflict of interest and is subject to job pressure. So is anyone whose tax returns have been less than pristine or is here on a temporary visa. I would be particularly suspicious of anyone with teenage children. Most of them do illegal drugs, and who would believe a kid that doesn't if accused by a cop or dealer who's been offered a plea bargain? That makes their parents subject to irresistible pressure. And if someone has absolutely no apparent conflicts, isn't that kind of suspicious in itself?
In short, you can't trust anyone. So this kind of thinking is unhelpful. Not only encryption systems but the process by which they are created and maintained must be auditable; security can't be based on "trusted" personalities.
Arnold Reinhold
More information about the cryptography
mailing list