[Cryptography] Security clearances and FOSS encryption?

[Phillip Hallam-Baker]

On Tue, Jul 15, 2014 at 12:14 PM, Rick Smith, Cryptosmith <me at cys.me> wrote:

> I think our discussion is getting a little muddy: some authors are using
> "security clearance" when they really mean "employment" by a government
> agency (directly or as a contractor, including military and intel
> organizations).
>
> The security clearance is a side-effect of one's employment.
>
> And let me remind everyone, again, that you don't need a clearance or any
> public form of government employment in order to be a spy, confidential
> informant, or agent provocateur.


Exactly, the people to worry about are the people who don't declare their
affiliations and/or clearances.

And that is why what the NSA did with the Bullrun program is such a
problem. How would a government spy be likely to behave?

One possibility is that they would be a very visible and prominent
technical contributor leading a major working group working for a company
like BBN or Van Dyke or SAIC or one of the other beltway contractors that
is likely a wholly owned subsidiary of the CIA/NSA from the days that they
had to conceal the funding sources to the black budget.

But another possibility is that they would be a less technical, non
technical type who was always willing to do work like write up reports or
drafts or chair a working group and you would wonder how they managed to do
so much without an apparent source of funds.


In other words an NSA plant looking to derail a project is going to look
just like the 10% of IETF members who do 80% of the actual technical work.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20140715/38b8f0a2/attachment.html>