[Cryptography] Security clearances and FOSS encryption?

[Bill Stewart]

The most common issues with security clearances vs. FOSS software are 
bureaucratic, not spooky.
Most of the people who have them are either military (and therefore may have
restrictions on what they can work on in their copious spare time),
or civilians working for big companies (which may have intellectual property
rules that say "anything you work on, even in your spare time, is Ours")
that may not be very enlightened about FOSS.

Some of the higher level clearances have rules about getting pre-approval
for publication of anything that might be work-related,
because they don't want the next Phil Agee publishing a book,
but your developers would know if that applies to them,
and some have rules about what countries cleared people can travel to,
so they might not be able to join your user-group meetings in Iran,
or at least might have to let their security office know they're going.

Back in the 80s, I had a clearance and ran a computer lab where we 
built models of Stuff.
Most or all of the models we built were unclassified,
and the results of running them on test data were unclassified,
so people could do most of their design and analysis at their desks,
and it was only the Real Data and the Stuff that happened when we
ran the models using Real Data that were classified,
or any word-processing people did about classified stuff.
(And of course every piece of magnetic storage media in the lab
was also classified, because you couldn't trust it not to be,
so you could only bring paper out of the lab, not tapes or floppies.)
If I had wanted to do open-source development of the laser printer drivers
or contribute bug reports about the virtual memory system tuning problems,
none of that would have been affected by the classification issues,
except the inconvenience of paper-handling.