
The mental gymnastics involved in having a high security clearance. - pavel_lishin
http://m.motherjones.com/kevin-drum/2010/02/daniel-ellsberg-limitations-knowledge
======
throwaway31
I used to be in the intelligence field, and I held a top secret SCI clearance
for about five years.

What most people don't realize about classified information is that it's not
the information itself that's so sensitive; it's the means via which such
information is acquired that must be protected. If this were not so, targets
could simply sidestep our intelligence collection vectors.

I rarely dealt with any classified information that was interesting or
surprising. It's mostly stuff you would expect. The technologies and methods
used to acquire a piece of intelligence were always more interesting than the
intelligence itself.

~~~
lesterbuck
I thought I read somewhere once that it was a violation of security procedures
to reveal your security clearance level (unless it was in doing your job to
access information). Is it ok to mention you used to hold a top secret SCI
after the fact?

~~~
count
There is no formal guidance (that I'm aware of) about revealing a secret, top
secret, Q, or L clearances, nor is there formal guidance on revealing that you
are SCI eligible.

Each SCI compartment and SAP has its own unique rules about what you can and
cannot reveal (some SCI compartments mere existence is classified at the SCI
level itself, meaning you can't say you hold that clearance to anyone who
doesn't hold that clearance, for example).

Each SCI compartment also comes with it's own unique rules about when you can
or cannot talk about what you learned or were cleared to access (most are
probably lifetime NDAs).

That said, it's pretty shitty opsec to tell someone, or the Interwebs, that
you hold a specific clearance or do a specific job.

~~~
ultrasaurus
>you can't say you hold that clearance to anyone who doesn't hold that
clearance

I assume that there's a secondary signal that _can_ be disclosed that everyone
who has clearance can recognize?

~~~
count
I'm not aware of one. In some cases, the information will just be disclosed,
and you'll be forced to sign the paperwork and be 'read in' after the fact. As
long as you have a legitimate need to know, that's fine.

------
DanielBMarkham
There's a flip side to this as well: as a voter, I don't know what information
my elected leaders have when making decisions.

In theory, with a small amount of secrecy needed to make diplomacy and
security function, this makes sense. The problem is that it's not actually
working in practice. There are so many un-elected people who have jobs for
life and also the ability to classify broad swaths of information that the
incentives are all set to increasing amounts of classified data. There's no
correction mechanism. In theory, you'd have Congressmen aggressively using
their oversight powers to correct the system. In practice, elected officials
are mostly in for life (or as long as they choose) and are easily manipulated
by the system. In fact, they don't want anything to do with making tough
decisions. The more things are secret, the less they have to worry with those
nagging voters giving their opinions about things. I read about intelligence
oversight committees being told they don't have clearance to see things and it
just blows my mind: our entire system of using force rests on civilian
oversight. Thousands have died because civilians have made mistakes with
information they've be given -- and that's the way it is supposed to work.
Somehow we've forgotten all about this critical principle.

As an example, I'll pick a topic where you guys can all call me fuzzy-headed:
UFOs. I pick this topic because of its ludicrous nature. Heaven help me if I
were to pick something that was diplomatically sensitive and start hammering
on it. I've been studying sightings and evidence as a hobby for many years,
and based on credible eye-witness testimony I'm comfortably convinced that the
United States government knows a lot more about intermittent atmospheric
phenomenon than they are letting on. Why? I don't know. Why not a little more
openness? I don't know. What part of this information is being used by my
elected officials to make decisions? Again, I don't know.

This leaves the door open for all kinds of crazy speculation. It's an insane
way for a democracy to treat its citizens. Yet this is just par for the
course. All I did was pick a way-out example. Laugh off my UFO example if you
wish, but for every thing like that there is a thousand other things that
drive public policy -- and you and I will never know about them. Taken to this
level, it is a very unstable way to maintain consent of the governed.

Not only does it make it impossible for an elected official to take advice, it
makes it impossible for voters to make reasoned and educated judgments about
the actions of officials. Secrecy corrupts everything it touches. That's why
it must be aggressively minimized.

~~~
sneak
> In theory, with a small amount of secrecy needed to make diplomacy and
> security function, this makes sense.

It does not make sense to me. Perhaps you could explain to me how you reached
this conclusion?

~~~
scottkduncan
More mundane than protecting secret codes and espionage, I think there's a
strong argument for keeping the private conversations between the
representatives of two governments confidential. Much as my conversations with
my close friends would be very different if I knew the contents would be
published in the New York Times today, to have functioning relationships
governments need to know that some level of confidentiality will be kept when
requested.

That said, over-classification is definitely a problem, particularly if done
with domestic political considerations in mind. Even worse can be selective
declassification, when the public is presented with a few bits of intelligence
that present only part of the story and may lead to conclusions very different
than had the full picture been presented (i.e. 2003 Iraq War run-up).

~~~
wnoise
> to have functioning relationships governments need to know that some level
> of confidentiality will be kept when requested.

To have relationships that function the exact same way they do now. It's clear
that things would be different. It's probably true that things would be harder
for people in those roles. It's not at all clear that things would be worse
for those outside of government, which is the real question of whether it is
desirable.

------
teyc
If anyone has seen the comedy series "Yes, Prime Minister", they'll often
understand how a leader can be manipulated by his mandarins through selective
disclosure of uncorroborated information, present consequences couched in
politically unacceptable terms, force the hand by setting the agenda.

This is especially true if dissenting opinion is filtered before it gets
handed to the President etc.

I apologize if the following sounds a little leftist. I only intend to make a
point about how mistakes come to be made, and what governments may need to do
to arrive at better decisions:

Over in Australia, an ASIO analyst chose to resign rather than see Australia
join the Iraq war on the basis of WMD pretexts. (Andrew Wilke is now a Member
of Parliament).

The trillion dollar mistake US made was due to influencers being able to feed
super-classified information to the willingly gullible people.

It is not easy for a President to call bullshit. I believe the reason is
because there isn't sufficient accountability that is built into the system.
In days past, members of the royalty are expected to fight in wars. Even
during Roman days, only landowners could join the army. The appearance of the
professional soldiers lowered the personal risk of the people in power who
rush into war.

The Chinese emperors surrounded themselves with eunuchs thinking that the
absence of offspring give some assurance that these people will be less
biased, but it didn't work out that well. Influence is still peddled,
particularly because power itself is very addictive on its own.

Some cultures resort to shamans to try to get an outcome that is independent
of any one person's viewpoint. The most interesting one that I came across is
the use of ibogaine, where people have a "spiritual" moment, where they see
the big picture instead of worrying about themselves.

For a complex society to survive and transcend humanity's limitations, we may
need to create a supermind. Some elements of this already exist. One is the
idea of "opensource intelligence" that can be used to corroborate otherwise
secret accounts.

~~~
ramchip
I have no opinion regarding your post itself, but I'd like to point out that a
comedy series is not evidence of anything.

[http://lesswrong.com/lw/k9/the_logical_fallacy_of_generaliza...](http://lesswrong.com/lw/k9/the_logical_fallacy_of_generalization_from/)

~~~
teyc
I'm only trying to figure how Chalabi managed to fool the entire US
intelligence machinery into invading Iraq, and the only logical conclusion is
he couldn't. Facts were being created by the hawks and these people decides on
who gets access to the President.

~~~
arethuza
As far as I am aware, the decision making process started with a desire to
invade Iraq and then once it was decided to do this any evidence that could
justify this decision was collected and circulated (even if it came from
someone who was known to be delusional).

Even worse, the UK government knew that there weren't good reasons to invade
Iraq, but went along with it simply to keep in with the United States.

~~~
teyc
I didn't think GWB himself was a neocon, although he was surrounded by a few.

------
mmaunder
I wonder if any game theorists have thought about whether a country with no
secrets could be militarily stronger.

It's similar to the Linux vs Windows debate: at first glance it seems
ludicrous that an open source OS could be more secure than a closed source OS.
But with enough eyes and enthusiasts, all problems are quickly fixed.

A small inner-circle who have access to the inner workings may find it hard to
compete when their competitor has the whole world helping debug and fix the
system, including the goodwill associated with that.

~~~
wisty
Sure they have. IANA game theorist, but I think the conclusion is that some
secrets are good, but the paramaters should generally be communicated.

You didn't want to let the USSR know how many nukes you had (or they could
come up with a stronger first strike plan). But you wanted them to know
roughly how many, so they knew not to overreact (and build a massive deterrent
to an overstated threat), or under-react (and get too cocky).

There's also value in giving biased paramaters - the President is mad, and you
have more nukes than they think (which will make them scared, and more likely
to back down, because they think they are dealing with an irrational actor),
but you don't want to sail too close too the wind here.

The thing is, game theorists don't deal well with stuff that's not part of
game theory. Game theory tends to assume that actors are all very smart, and
aren't hamstrung by some of their best advisors being out of the loop.

~~~
itmag
Isn't there some kind of game theory which takes irrational/drunken actors
into account?

------
Tossrock
When I first heard about the Bell-LaPadula model (
<http://en.wikipedia.org/wiki/Bell%E2%80%93LaPadula_model> ) in my security
class, it was pretty eye opening, especially the notion that once you're given
a certain level of access, you can no longer write at lower levels. I think it
might explain in part the explosion in the amount of classified material
generated each year.

~~~
secthrowaway
Yeah, that model is more or less what's in use. Except the real-world version
is a bit more complicated and messier (and more confusing). But the principle
is all the same. Read goes down, write goes up.

You _can_ move information down only if the information is at the level you
are moving it to and it's been properly signed off.

e.g. something that is marked Secret, but written to a Top Secret system, can
be moved back down to the Secret system)

------
falcolas
A side note to the content of the article, which was interesting, but I
couldn't zoom the text.

I'm using Chrome, and when I zoomed in, the pictures, headers and footers all
grew appropriately, however the text remained a constant size.

I'm not sure how they managed that, but it makes for a terrible user
experience when you want (or need) to increase the font size to make it more
readable.

~~~
joshuarrrr
It's because it's their mobile website. The text on the normal version of the
story seems to zoom fine: [http://motherjones.com/kevin-drum/2010/02/daniel-
ellsberg-li...](http://motherjones.com/kevin-drum/2010/02/daniel-ellsberg-
limitations-knowledge)

------
bediger
Well, this sure puts a different spin on the arrogance of the US Government.
The new Aristocracy, those with "clearances", receive and can act on
information that the rest of us can't be allowed to have. The Fed's "We just
know better than you" attitude probably derives directly from this secret pool
of knowledge.

But why would you divide up information into 15 or 20 categories? I bet that
even at "Top Secret" levels, the narrowness of view is stultifying.

~~~
oldstrangers
Think of it like this: if one person only knows part of a system, they can
only reveal so much about it. 15 people might know the entirety of one system,
but individually they don't know enough to be a threat. This idea can be
stretched out to cover entire levels of security clearance and information (as
it does).

~~~
marshray
It also makes it more difficult for them to collaborate and conspire without
the coordination of those above.

~~~
bediger
Let's flip that around: it makes it easier for "those above" in the hierarchy
to deceive a whole pile of compartmentalized people into performing useless
work, and thereby consuming lots and lots of government money.

~~~
bane
Why would they do that?

~~~
bediger
Ever heard of Empire Building? It's a common problem in corporations. Mid-
level managers become important by having a lot of underlings. I imagine this
would be even more important in compartmentalized areas, as mid-level managers
would nominally have no other method to signal their importance to superiors
or peers.

I can also think of a situation where a contractor might hire a mid-level
manager's husband, wife or child. The mid-level manager would be able to crank
up his or her headcount to get the relative a sizeable Christmas "bonus". I've
heard tell that this sort of thing actually happens.

------
secthrowaway
Thought I'd make a throw away and tip in as there are lots of people here
who've never had a clearance and don't really understand what it's all about
(I've had one for more than a decade). I'll try and answer some questions in
the threads as I can.

In the U.S. here's how it works (I'm writing this from the perspective of a
contractor):

You are hired to work on a government contract, that contract requires you to
work on xyz project that requires you to handle information classified at a
certain level (or with certain caveats or handling requirements). You fill out
a bunch of paperwork (<http://en.wikipedia.org/wiki/E-qip>) and it's submitted
to the government. The information you put down isn't really a whole lot more
interesting than what you might put down on a home loan application, but you
sign some consent forms that the investigator can do some credit checks, that
sort of thing. You also put down some references they can contact.

Depending on the level you are applying for, the investigation may take
longer, particularly if they interview your references. The interview
questions are usually simple things like, "did you work with so and so at such
and such place?" "have you ever heard them talk about overthrowing the
government?" that sort of thing.

If you're a normal person, no serious prison record, drug addiction, serious
mental health problem, or threatening political viewpoints (card carrying
member of the nuke the US party) there's really not a lot that can prevent you
from getting a clearance. Even prior drug use doesn't necessarily prevent you
from getting one.

A Secret clearance has a very low bar to entry. You can get one after
application in perhaps 3-6 weeks. I can't even get a cable guy to come to my
house in that length of time.

A Top Secret clearance takes a bit longer, and is slightly more involved, but
it's on the order of months to a year.

<http://en.wikipedia.org/wiki/Security_clearance>

Most of the time people either get a Secret clearance of a Top Secret
clearance -- there is no such thing as a "clearance" above Top Secret but
people can often be confused by special accesses at those levels (explained
below).

Operating at the Secret level, you'll have access to _most_ of the information
that is classified at that level. If you've read any of the wikileaks State
Department stuff or the Afghan and Iraq war diaries you've seen what kind of
stuff it is. Most of the time it's just information that the government would
rather not go public with, but isn't really all that interesting in nature.
Records of events, meetings, general information reports, troop movements,
that sort of thing.

Probably 1 in 150 Americans has at least a Secret level clearance, and
probably 1 in 50-70 have had one at one time (there are a _lot_ of people that
move through the military and/or for the military).

The Military's information systems are generally geared around the Secret
level of classification and done on an Internet-like network called SIPRNET,
There's even a Wikipedia analog and a Google search on it. It's like using a
slightly shoddy version of the Internet as it was 5-10 years ago.

<http://en.wikipedia.org/wiki/SIPRNET>

<http://en.wikipedia.org/wiki/Intellipedia>

To be honest it's not really much more interesting than using your regular
run-of-the-mill corporate firewalled intranet, except it's an unusually large
organization.

Not all Secret information can be shared with our allies. Why? Well, we may be
fighting a war with say, New Zealand at our side, but also investigating a
case of attempted bribery where NZ is trying to smuggle sheep into California
or some such. We _don't_ share the bribery investigation data for example.

To deal with this we use what are called "handling caveats". Something
shareable with say Canada and Great Britain might then be marked as
SECRET//REL TO USA, GBR, CAN or similar. There are also group handling codes
like NATO, ISAF etc.

[http://en.wikipedia.org/wiki/Classified_information_in_the_U...](http://en.wikipedia.org/wiki/Classified_information_in_the_United_States#Handling_caveats)

[http://en.wikipedia.org/wiki/International_Security_Assistan...](http://en.wikipedia.org/wiki/International_Security_Assistance_Force)

There are also other classification markings that are used as caveats. They
look kinda the same and are called compartments. It's generally just more
restrictions on who can see the information.

[http://en.wikipedia.org/wiki/Sensitive_Compartmented_Informa...](http://en.wikipedia.org/wiki/Sensitive_Compartmented_Information)

People use 'SCI' like it's the same as "SECRET" or a some super high level
classification. But what it really means is that it is information gathered in
some way that we would really really rather keep private and thus you need
another level of need-to-know to get access to it. Typically it's this way
because billions of dollars was spent getting that information gathering
capability and replacing it would be billions more or revealing it could
expose people to severe risk, harm or death.. SCI compartments exist at all
levels of classification.

Often knowing what the information is showing can directly inform somebody how
it was gathered as well. So it's not just the means that's protected directly,
but the data as well.

To see this information, you need to be working on a program that requires you
to work with information in that compartment (need-to-know). And you will be
"indoctrinated" or "read on" into that compartment. Which usually involves
filling out some more forms, submitting the application, and watching a boring
video telling you what the compartment is all about. There are many
compartments. Compartments can also have sub-compartments.

However, in some cases, the information is so super sensitive (almost always
meaning that people could be killed if it becomes known) that the government
wants to make sure you can be trusted with it. So you might get polygraphed.
Usually they just ask you things like "have you ever considered trying to
overthrow the U.S. government" and other similar. You might also go through a
slightly different polygraph with highly personal questions about your sex
habits.

Even more restricted are Special Access Programs (SAPs)

<http://en.wikipedia.org/wiki/Special_access_program>

These are things like the Nuclear Codes. Even the names of the SAPs are super
double probation classified. Often they are one super specific kind of
information, and they are managed very closely by the agency that creates
them. Very few people will be granted access to the SAP.

All of this holds true for Top Secret clearances and information, except
everything is just _that_ much more carefully controlled. You have to have a
reason for accessing it, most people don't, and you have to fill out lots of
paperwork and have lots of background investigation stuff.

You are encouraged frequently to try and accomplish as much as possible at the
lowest classification possible. Mostly so we can share the information (all of
which is declassified after 25 years max). But sometimes we just can't and
things have to move up in classification.

Everything has a legal hurdle. There's lots of lawyers and other bureaucrats
involved in everything. You have to report where you are everyday or establish
where you'll be if you'll be out of contact for any length of time or you lose
your job. If you did something bad while missing, then you'll probably end up
in Federal prison for a very long time.

There's definitely too much stuff classified. What most people who don't know
anything about the classified world complain about is this problem. It's
actually reasonable to argue this. What they don't realize is it's a pain in
the ass to keep stuff classified. What they also don't know is that everything
declassifies after 25 years (or sooner) unless it's something super special
sensitive (nuclear codes). This is a tremendous pain in the ass for the
government to go through, but in the interest of stopping information that
should be free from being locked away, it's done and most people I know in the
field think this is great. Because keeping this stuff secret is a drag, you
can't talk about most of what you do everyday at work with anybody outside of
your work. You can't talk about it at home, even if your spouse is cleared.

<http://en.wikipedia.org/wiki/Executive_Order_12958>

<http://en.wikipedia.org/wiki/Executive_Order_13526>

<http://en.wikipedia.org/wiki/Declassification>

To put this in perspective, we're almost halfway to the point where everything
about the lead up to the mistake of the Iraq War will automatically become
declassified and available via FOIA requests.

All of this is done in special facilities called SCIFs

[http://en.wikipedia.org/wiki/Sensitive_Compartmented_Informa...](http://en.wikipedia.org/wiki/Sensitive_Compartmented_Information_Facility)

(technically work that is not SCI protected doesn't occur in a SCIF, but
that's what everybody calls them). They usually have all kinds of access
controls, some have several layers.

For example (a real one), you may have to pass through a gate with an armed
guard, an armed guard at a desk who checks ID, a proximity badge and keypad
turnstile, a locked door with badge and keypad, an elevator with badge and
keypad, a finger print scanner badge keypad combo, and then a safe to get to
your hard drive, which is then protected by an encryption key, the login
user/pass for the system, then a user/pass encryption key for the database you
are accessing and finally a special decryption password for the file you need
to download and unarchive from the database. This doesn't even include all of
the signin/out logs and other paperwork required to get through a day.

Depending on your clearance, you may end up with several different computers
at your desk at the same time, usually connected by a KVM of some sort.
Something like this isn't all that unusual

[http://upload.wikimedia.org/wikipedia/commons/6/6f/Intel_Gre...](http://upload.wikimedia.org/wikipedia/commons/6/6f/Intel_GreenDoor.jpg)

~~~
furyg3
_You might also go through a slightly different polygraph with highly personal
questions about your sex habits._

Why do they do this? For blackmail purposes later?

~~~
buro9
I went through UK security clearance and can tell you that the process is to
determine whether your personal/sexual habits are likely to make _you_
vulnerable to blackmail. Not so that the government or agency can blackmail
you.

That is: If you happen to be into BDSM and this is something you keep
extremely private, then what would you rather give up? Your personal privacy
or a piece of sensitive data?

So the interviews at different levels determine whether you can be trusted
with the information based on the risk you pose to factors such as blackmail,
or financial rewards, etc.

~~~
JonnieCache
This is mainly why they killed Turing.

~~~
gujk
Turing died because his lifestyle was illegal and he was being punished for
it, not because it was a secret.

~~~
JonnieCache
Turing died because he had a head full of military secrets and consorted with
gay prostitutes, and was therefore considered a security (blackmail) risk.

Obviously it was more complicated than that, but I consider this to be the
primary reason.

~~~
nate_meurer
Interesting theory you've got there. Please explain why, if he was considered
such a security risk, he was charged and tried publicly in a civilian court,
and then allowed to roam freely for two years after his conviction.

~~~
JonnieCache
I think I'm coming across as more of a conspiracy theorist here than I
intended.

When he was convicted for homosexuality, it would have come to the attention
of various senior people in government. They would have wanted to make an
example of him, being as he was a relatively well known figure at the time,
much like what happened with Oscar Wilde.

They would have also had concerns about his homosexuality being used against
him by britain's enemies, and also because of the recent uncovering of a ring
of soviet spies who were all drawn from an intellectual set, all academics,
and two of whom were gay.

What I am saying is, I find it likely that these government/military figures
would have found it highly convenient for Turing to disappear, or at least
have his life made extremely difficult for him. They couldn't have him
executed for his sexuality, but they could apply chemical castration. They did
offer him the choice between castration and prison, and I accept that this
weakens my case. You might ask, if they were that concerned, why didn't they
just have him conveniently die in a car crash? My answer would be that they
weren't that concerned, it was an opportunistic thing.

Also to be honest I am not entirely convinced that his death by poisoned apple
was necessarily suicide, but there is no evidence for that, and there never
will be.

------
JosephHatfield
Even given the variations of security clearances in use, there is the
requirement that classified information is always and only distributed on a
"Need to Know" basis; two people with exactly the same level clearance may
still have official secrets from each other.

------
ChuckMcM
Does anyone know of any research into compartmentalized network protocols?
Specifically I'm wondering about protocols where components co-operate to
acheive some goal but don't know enough to compromise the entire network. I'm
sure the botnet guys have done a lot of work on this but I'm wondering there
are any good references in the open literature.

~~~
littlebird
Not sure about network protocols, but, the systems research version of this is
called multi-level secure systems. You might want to start looking there.

------
jhuckestein
Interesting. Perhaps the comment about not being able to learn from people who
don't have these clearances also applies to highly knowledgeable individuals
in any field that have trouble listening to people with less information or
understanding of matters. Perhaps it even explains how years of "knowing more"
can lead to resistance to change (the kind that I've found to be
characteristic of bad professors or some people I used to work for)

I think it's important to be aware of this. If I ever find myself not
listening to someone because I think the person doesn't know all the facts, I
hope that I'll become aware of it and try to zero in on what facts they are
missing. Luckily I know very few secret things (I have even been known to
intentionally make secret things un-secret) so I'd gladly share those facts
and see for myself if it changes the other person's opinion.

~~~
secthrowaway
And the corollary, just because people have access to sensitive information
means they _know all_ of the sensitive information.

"Well I have a clearance and can tell you this is how it is" is probably the
mark of somebody who just wants to win the debate but doesn't know squat.

------
Palomides
for those interested in US governmental secrecy stuff,
<http://www.fas.org/blog/secrecy/> is a very interesting blog/newsletter

~~~
littlebird
For a more nuts and bolts view of security requirements and procedures, the
NISPOM is publicly available
<http://www.dss.mil/isp/fac_clear/download_nispom.html>

------
lwhi
I think there's a big danger here.

Of course the idea of being initiated into a secret circle is extremely
attractive. It appeals to our sense of ego, intrigue, romantic notions of the
other. It's the stuff of novels and films .. it's the beginning of a great
story. The personal advice given sounds good. But the dangerous part for me is
the inference that we need to consider that those above us necessarily know
best, and we should, by necessity, capitulate control.

The fact that such layers of information, access to information, and access to
power exist should not supplant the fact that this system embodies one single
way the world can be ordered.

What would happen if everyone had access to everything?

