Jane Harman: Top-Secret Clearance System Like Something Out Of 19th Century
Garance Franke-Ruta writes in TheAtlantic.com
Harman, now the director, president, and CEO (of) the Wilson Center in Washington, D.C., ... had some tough words for the security clearance process that signed off on giving Snowden the authority to extract some of the United States's most closely held surveillance secrets."The clearance system that we have for secret and top secret clearances is broken," she said during a panel discussion on Friday. "It's a 19th century model -- it's ridiculously labor intensive, a lot of it isn't even online and updated and for a person in the kind of position he had ... [for] a systems administrator, where he was the boss supervising himself in a position where he had enormous access, there needs to be the two-man, the two-person rule."
The two-person rule simply means that when accessing sensitive information, two individuals must sign off on the maneuver.
This would limited the ability of one person to gain "unfettered access," per a New York Times piece quoted in Franke-Ruta's piece.
Of course, the government should not be Big Brothering anyone sans probable cause, but Harman was a jerk of a congresswoman, who resigned, costing Los Angeles for the special election to replace her, so we can't expect much of her.
A commenter in The Atlantic writes:
anirprof / Patrick Watson I have worked in a DoD agency recently. We all had secret clearances, but with only unclassified computer systems in our offices. Even then, they really, really made a point over the last few years of locking down the network to only allow access with biometric smart cards, no user rights to anything on the machines (not even to change the Windows desktop color, or move a mouse from one USB port to another), and with very high levels of compartmentalization in terms of who could access what files. Made it tough to get stuff done across departments.Yet all the IT staff could do anything, to any account, file, or email store, any time they wanted to, with a single system password. Including the authority to connect USB devices (e.g., flash drives and dvd burners). And those staff were all contractors, not US Govt employees, with a very high turnover rate. Nope, no potential holes there...
You'll love the cartoons at Federal facilities.
Our IT service techs cannot have a thumbdrive. They CAN have completely bootable external drives that are NOT thumbdrives.
You can't, by the rule book, connect a Droid or iPhone to a government computer - only a company camera. Yes, there are company iPads and iPhones!
When you first start your government PC up - and wait for the motley assortment of malware prevention apps to run - you are shown a warning notice about unauthorized use which is not only grammatically wrong, but legally wrong. It was installed by the Feds, and if it is corrected, we will fail automated "security" audits.
A contract was let for badge readers, and these were required to log into Site computers in the protected areas. They did nothing whatsoever to limit who was actually logged in, and for single-user machines, they weren't forced. Mine sits in a drawer, unused, because it is simpler to control your PC otherwise.
Radwaste at June 30, 2013 4:04 PM
Oh, yeah... I forgot this:
Recently, we changed badge systems as mandated by the Federal government.
I got a new badge. The requirements were to have a photo ID and a social security card.
It replaced a badge issued after full interviews with everyone who knew me by two investigators, who traveled to my neighborhoods in Florida and SC.
Boy, I feel much better now!
Radwaste at July 2, 2013 2:50 AM
Leave a comment