[Cryptography] Security clearances and FOSS encryption?

Jerry Leichter leichter at lrw.com
Sat Jul 12 06:59:46 EDT 2014


On Jul 11, 2014, at 1:34 PM, Brian Gladman <brg at gladman.plus.com> wrote:
>> It reminds me of an experience I had many years ago.  I interviewed a woman applying for a job as a developer.  She had a number of years of experience working for a large military contractor, working on codes for missile control or something of that sort.  I was curious - and asked - what they did to make sure that such code was correct; after all, dropping a nuclear-tipped missile on the wrong city because of a bug could really ruin your day.  Her answer left me chilled:  "Oh, we don't have to worry about bugs.  All our developers have security clearances.  We can trust them completely."  (Or words to more or less that effect.)
> 
> It's a nice story, Jerry, but I very much doubt that it was a true
> reflection of the situation (I assume this is a US anecdote).
It was, indeed, in the US.

> Prior to retiring from the UK Ministry of Defence ... I was the Chief Scientist for ... the UK body that manages the safety of weapons systems deployed by the UK Armed Forces....  We took the safety and integrity of computing and software in weapons... very, very seriously and my contacts with my US counterparts suggest to me that they were no less dligent in such matters.
I have no way of knowing how true this person's statements actually were, and if true, how broadly such attitudes were held and at what levels of the organization.  The fact is, one person who had worked in this field came away with this understanding of how to produce reliable software.  It was *that* that I found chilling.

But ... this wasn't a completely isolated incident.  A co-worker had previously spent a number of years working on nuclear bomb codes - the large FORTRAN (in those days, and perhaps even today) programs that simulated nuclear bomb blasts (and which would eventually allow the US to enter into the Nuclear Test Ban treaty).  Some of his experiences were ... peculiar.  I remember one story about a manager who had gone off to a seminar on best practices in programming.  There, he learned about the concept of "information hiding" - the term then for what we now usually call encapsulation.  He wanted to apply these ideas to his own organization.  Unfortunately, the FORTRAN of the day had no support whatsoever for such notions.  So he "implemented" the ideas by administrative fiat, making lists of people who were not allowed to talk to each other - nominally not about how their code worked, but as implemented not at all.

Again, these are individual anecdotes.  I also knew people - Paul Karger was one - who approached these issues with great care and diligence, and whose work I highly respected.

It's always a mixed bag.

(I probably wasn't using them at the time, but for many years the two initial questions in interviews I did were:  "How do you produce reliable software?" and "How do you produce maintainable software?" - with the candidate told to interpret the words in the questions in whatever way seemed most appropriate.  Most of the answers I got were ... disappointing.  But some, from candidates who usually proved to be very good in other ways, were excellent.)

                                                        -- Jerry




More information about the cryptography mailing list