Comment by eob

That's a fair point, hga.

The larger problem with this process, I think though, is that it isn't one governed by a clear set of rules. They tell you "list everything" but they don't actually want to know everything, so they end up making you erase some things from the form.

Why do you have to erase them? Because you can't get cleared if you list them, but as long as you've verbally come clean they make a run-time decision not to care.

I think this is a bad way to go about the process because it introduces the whims of your investigator as a factor in the process.

If the system has bad rules on the books, we should fix the rules rather than instructing security investigators to make run-time decisions to bypass them.