Comment by secthrowaway
14 years ago
Thought I'd make a throw away and tip in as there are lots of people here who've never had a clearance and don't really understand what it's all about (I've had one for more than a decade). I'll try and answer some questions in the threads as I can.
In the U.S. here's how it works (I'm writing this from the perspective of a contractor):
You are hired to work on a government contract, that contract requires you to work on xyz project that requires you to handle information classified at a certain level (or with certain caveats or handling requirements). You fill out a bunch of paperwork (http://en.wikipedia.org/wiki/E-qip) and it's submitted to the government. The information you put down isn't really a whole lot more interesting than what you might put down on a home loan application, but you sign some consent forms that the investigator can do some credit checks, that sort of thing. You also put down some references they can contact.
Depending on the level you are applying for, the investigation may take longer, particularly if they interview your references. The interview questions are usually simple things like, "did you work with so and so at such and such place?" "have you ever heard them talk about overthrowing the government?" that sort of thing.
If you're a normal person, no serious prison record, drug addiction, serious mental health problem, or threatening political viewpoints (card carrying member of the nuke the US party) there's really not a lot that can prevent you from getting a clearance. Even prior drug use doesn't necessarily prevent you from getting one.
A Secret clearance has a very low bar to entry. You can get one after application in perhaps 3-6 weeks. I can't even get a cable guy to come to my house in that length of time.
A Top Secret clearance takes a bit longer, and is slightly more involved, but it's on the order of months to a year.
http://en.wikipedia.org/wiki/Security_clearance
Most of the time people either get a Secret clearance of a Top Secret clearance -- there is no such thing as a "clearance" above Top Secret but people can often be confused by special accesses at those levels (explained below).
Operating at the Secret level, you'll have access to most of the information that is classified at that level. If you've read any of the wikileaks State Department stuff or the Afghan and Iraq war diaries you've seen what kind of stuff it is. Most of the time it's just information that the government would rather not go public with, but isn't really all that interesting in nature. Records of events, meetings, general information reports, troop movements, that sort of thing.
Probably 1 in 150 Americans has at least a Secret level clearance, and probably 1 in 50-70 have had one at one time (there are a lot of people that move through the military and/or for the military).
The Military's information systems are generally geared around the Secret level of classification and done on an Internet-like network called SIPRNET, There's even a Wikipedia analog and a Google search on it. It's like using a slightly shoddy version of the Internet as it was 5-10 years ago.
http://en.wikipedia.org/wiki/SIPRNET
http://en.wikipedia.org/wiki/Intellipedia
To be honest it's not really much more interesting than using your regular run-of-the-mill corporate firewalled intranet, except it's an unusually large organization.
Not all Secret information can be shared with our allies. Why? Well, we may be fighting a war with say, New Zealand at our side, but also investigating a case of attempted bribery where NZ is trying to smuggle sheep into California or some such. We don't share the bribery investigation data for example.
To deal with this we use what are called "handling caveats". Something shareable with say Canada and Great Britain might then be marked as SECRET//REL TO USA, GBR, CAN or similar. There are also group handling codes like NATO, ISAF etc.
http://en.wikipedia.org/wiki/Classified_information_in_the_U...
http://en.wikipedia.org/wiki/International_Security_Assistan...
There are also other classification markings that are used as caveats. They look kinda the same and are called compartments. It's generally just more restrictions on who can see the information.
http://en.wikipedia.org/wiki/Sensitive_Compartmented_Informa...
People use 'SCI' like it's the same as "SECRET" or a some super high level classification. But what it really means is that it is information gathered in some way that we would really really rather keep private and thus you need another level of need-to-know to get access to it. Typically it's this way because billions of dollars was spent getting that information gathering capability and replacing it would be billions more or revealing it could expose people to severe risk, harm or death.. SCI compartments exist at all levels of classification.
Often knowing what the information is showing can directly inform somebody how it was gathered as well. So it's not just the means that's protected directly, but the data as well.
To see this information, you need to be working on a program that requires you to work with information in that compartment (need-to-know). And you will be "indoctrinated" or "read on" into that compartment. Which usually involves filling out some more forms, submitting the application, and watching a boring video telling you what the compartment is all about. There are many compartments. Compartments can also have sub-compartments.
However, in some cases, the information is so super sensitive (almost always meaning that people could be killed if it becomes known) that the government wants to make sure you can be trusted with it. So you might get polygraphed. Usually they just ask you things like "have you ever considered trying to overthrow the U.S. government" and other similar. You might also go through a slightly different polygraph with highly personal questions about your sex habits.
Even more restricted are Special Access Programs (SAPs)
http://en.wikipedia.org/wiki/Special_access_program
These are things like the Nuclear Codes. Even the names of the SAPs are super double probation classified. Often they are one super specific kind of information, and they are managed very closely by the agency that creates them. Very few people will be granted access to the SAP.
All of this holds true for Top Secret clearances and information, except everything is just that much more carefully controlled. You have to have a reason for accessing it, most people don't, and you have to fill out lots of paperwork and have lots of background investigation stuff.
You are encouraged frequently to try and accomplish as much as possible at the lowest classification possible. Mostly so we can share the information (all of which is declassified after 25 years max). But sometimes we just can't and things have to move up in classification.
Everything has a legal hurdle. There's lots of lawyers and other bureaucrats involved in everything. You have to report where you are everyday or establish where you'll be if you'll be out of contact for any length of time or you lose your job. If you did something bad while missing, then you'll probably end up in Federal prison for a very long time.
There's definitely too much stuff classified. What most people who don't know anything about the classified world complain about is this problem. It's actually reasonable to argue this. What they don't realize is it's a pain in the ass to keep stuff classified. What they also don't know is that everything declassifies after 25 years (or sooner) unless it's something super special sensitive (nuclear codes). This is a tremendous pain in the ass for the government to go through, but in the interest of stopping information that should be free from being locked away, it's done and most people I know in the field think this is great. Because keeping this stuff secret is a drag, you can't talk about most of what you do everyday at work with anybody outside of your work. You can't talk about it at home, even if your spouse is cleared.
http://en.wikipedia.org/wiki/Executive_Order_12958
http://en.wikipedia.org/wiki/Executive_Order_13526
http://en.wikipedia.org/wiki/Declassification
To put this in perspective, we're almost halfway to the point where everything about the lead up to the mistake of the Iraq War will automatically become declassified and available via FOIA requests.
All of this is done in special facilities called SCIFs
http://en.wikipedia.org/wiki/Sensitive_Compartmented_Informa...
(technically work that is not SCI protected doesn't occur in a SCIF, but that's what everybody calls them). They usually have all kinds of access controls, some have several layers.
For example (a real one), you may have to pass through a gate with an armed guard, an armed guard at a desk who checks ID, a proximity badge and keypad turnstile, a locked door with badge and keypad, an elevator with badge and keypad, a finger print scanner badge keypad combo, and then a safe to get to your hard drive, which is then protected by an encryption key, the login user/pass for the system, then a user/pass encryption key for the database you are accessing and finally a special decryption password for the file you need to download and unarchive from the database. This doesn't even include all of the signin/out logs and other paperwork required to get through a day.
Depending on your clearance, you may end up with several different computers at your desk at the same time, usually connected by a KVM of some sort. Something like this isn't all that unusual
http://upload.wikimedia.org/wikipedia/commons/6/6f/Intel_Gre...
Most of the work environments are pretty boring big-corp style stuff, except there's more locks on the doors and often you don't get any windows because people are stupid and open the blinds letting the world see what they're doing on their super squirrel network computer. If they do have windows, there's usually several layers of protection to prevent eavesdropping.
There are many many networks, agency specific ones, site specific ones, standalone networks of half a dozen computers (say for a SAP program), sometimes some that give access to different compartments, etc.
Even at the Secret level, you have access to a mind-boggling amount of information. There's nothing particularly surprising at the amount of information Manning had access to. I'm surprised he didn't make off with more to be honest.
I've also found a couple things to be true about moving up in classifications for those that are interested:
1) The higher up you go, the lower tech things tend to get. The IT systems on super duper squirrel SAP programs are positively ancient. There's no super secret A.I. computer that only the President and a strangely well groomed computer super nerd know about. It's probably a 10 year old desktop with a slightly broken CRT monitor.
2) There are some really cool toys at high classifications -- neat space cameras and all that. But the vast majority of the really neato stuff is at the Secret level. All the tanks and bombs and military toys are pretty much at that level. "The Army Fights off of SIPR (the secret network)" is the mantra. If you go to Wikipedia and start looking around at various pieces of military equipment, you'll probably seen 95% of the toys that anybody with a clearance has authorization to know about.
3) This piece is absolutely true, and the voices that speak in loud tones about vast conspiracies but who've never been in this world are perfect examples of what this article is talking about. Once in, the utter mundane nature of most of it is almost overwhelming.
4) An amazing, astonishing, amount of information is available completely for free on the Internet and in Libraries and other completely open places. Often the best information comes from there. There's even a field called "Open Source Intelligence" that requires no clearances at all! It's basically internet surfing and report writing to answer specific questions like "does the Prime Minister of Japan have a mistress?" or "what kind of space launch capability does the Ukraine currently possess?" or "what's the phone number of this Falafel joint in Paris?". Some of the best, most insightful, and most comprehensive stuff I've ever seen was put together with access to the Internet, MS-Word, Google Earth/Maps, Powerpoint and a Library Card.
Here's a great example: http://www.nkeconwatch.com/north-korea-uncovered-google-eart...
5) Physics applies even to the Intelligence Community.
If you have a decent education in Engineering or Physics, you probably already are capable of knowing or understanding 99% of the capabilities of the highest of the high speed super spy systems. If Physics doesn't allow it, there's no getting around it. That doesn't mean people haven't engineering some clever things, but we're still limited by things like the speed of light, or available materials that can defract or focus it (none of this "enhance, now focus on the reflection, enhance, now that reflection, enhance, rotate, enhance!"). Radio waves can't penetrate the earth, low frequency waves that can penetrate lots of stuff still propagate to the inverse square law. Encryption can be broken, but it takes lots of computation power to do it often enough -- being able to break a single message in 12 months with a top 100 supercomputer doesn't mean squat if you need to break a million messages a day.
http://en.wikipedia.org/wiki/Radio_propagation
6) Almost everything I've said here is on Wikipedia, or linked to by Wikipedia. Anybody really interested in this stuff, and determined enough to click link a few dozen times could figure this out. It's often surprising how passionate and conspiratorial some of the most uninformed comments are, even here on HN where there's no excuse to not have done just that.
7) Getting a clearance is really not that big a deal, but there can be a catch-22. Most jobs that require a clearance won't bother letting you apply for one. But there are still plenty of places out there that do. Lots of R&D organizations will do it. Non-profits that contract with the Government will often do it. It's easier to start young, the investigation is faster. But the reason most don't is that they likely have nothing for you to do without a clearance and you'll just be sitting there eating up overhead budget for months on end while you wait for the process to work its course.
8) Security managers, (FSOs and SSOs) are almost uniformly idiots. If you think Comcast's customer support sucks, try dealing with these clowns. Misfiled paperwork, nonresponsive to emails and phone calls, generally don't know their jobs, etc. If you find one who has half a brain you hold on to them lie you are drowning. The only thing they are good at doing is making sure that people without tenacity are filtered out of the system.
9) This job often sucks. Paperwork you can't believe, endless training lectures, shitty work environments, old IT infrastructure, endless hassles to get to do your work, constant barriers to just getting things done, weirdo people, lots of unmotivated do nothings, no windows, can't talk about work, forget one of a couple dozen passwords, cut off from the outside world most of the time, no idea what the current news is most of the time, pay can often suck compared to private sector, access to data is usually buried in some non-machine readable format.
10) The job can be rewarding. More than once while I was doing work, stepped out for a break and saw some breaking news on CNN or someplace that was reporting on recent evens right where I was! Cool shit. Other times you get to play with tremendous amounts of raw data, if you are a data junky it can rock. Cool toys, things used in ways you probably won't believe, gather and collect that data. And sometime really incredibly interesting people who've been around this stuff for decades. Some of the smartest people I've ever met work in this field, outright 1 in a century geniuses. And savants who've memorized the chemical makeup of every piece of military hardware in North Korea's arsenal, who the current commanders are of all the tank battalions and can draw a spectrograph of all of the elements by hand on a whiteboard.
You said that there is no level strictly above Top Secret (just comparmentalizations within that). Is there any actual evidence for that? (I mean, non-classified evidence; I'm not asking you for classified information.)
Where did you get the statistic about 1 in 50 to 70 Americans have had at least a Secret classification? That seems absurd.
What are you talking about when you say "cut off from the outside world most of the time, no idea what the current news is most of the time"? It wasn't clear at all, but I guess you mean "while physically working in a classified area"; (i.e. you're no longer cut off at the end of the workday)?
Secret ain't really that secret. That's why they invented Top Secret. Seriously, if you add up all the military veterans and people who used to work in defense/government contracting who have had to access slightly classified information, that's not an unreasonable ratio.
6 replies →
All fair questions (I don't know why the down votes for you)!
"You said that there is no level strictly above Top Secret (just comparmentalizations within that). Is there any actual evidence for that? (I mean, non-classified evidence; I'm not asking you for classified information.)"
There are no levels strictly above Top Secret. At least as far as the military is concerned. SAP programs and compartmentalizations provide more than enough OPSEC to keep things classified. For example, I don't personally have access to the Nuke Codes. But the guys who do all have Top Secret clearances and are read onto some specific compartments and SAPs.
There are also clearance equivalencies at other agencies. DOE for example, has a different kind of system, but they more or less map to DoD clearances. Some agencies are highly compartmentalized, the CIA for example.
"Where did you get the statistic about 1 in 50 to 70 Americans have had at least a Secret classification? That seems absurd."
I don't know the exact number, but I have a pretty good idea that agrees with some back-of-the-brown-paper-bag calculations, it's perfectly within reason.
For example, say there are 1 million people in the military right now. And say all of them have at least a Secret clearance (it's probably more like 70%-80%, most jobs get you at least this clearance level just as a matter of course). That's about 1:300 (or 1:430 or so depending), say right now there are about 25 million veterans (from the Census), that's already 1 in 12.
During the Manning news, it was reported that currently there are more than 4 million people with clearances and one million of them had Top Secret clearances.
http://www.dailymail.co.uk/news/article-2041326/More-4-MILLI...
That pegs it at 1:75 right now with Secret levels and 1:300 with Top Secrets.
1:50-1:70 for people who do or have had access to classified material is is extremely conservative.
2 replies →
I thought polygraphs didn't work. Or is there classified information showing that they do?
Whether the machine works or doesn't work is irrelevant if they convince you during the poly that it does work. I had one, and the technician was far more intimidating than the machine. If I had something to hide, by the end he would have gotten it out of my I'm sure.
Right, often they are simply used to indicate when a line of questioning is stressing out the subject and to continue on that line.
1 reply →
You might also go through a slightly different polygraph with highly personal questions about your sex habits.
Why do they do this? For blackmail purposes later?
I went through UK security clearance and can tell you that the process is to determine whether your personal/sexual habits are likely to make you vulnerable to blackmail. Not so that the government or agency can blackmail you.
That is: If you happen to be into BDSM and this is something you keep extremely private, then what would you rather give up? Your personal privacy or a piece of sensitive data?
So the interviews at different levels determine whether you can be trusted with the information based on the risk you pose to factors such as blackmail, or financial rewards, etc.
This is mainly why they killed Turing.
4 replies →
It is call a "Lifestyle" Polygraph and it is meant to weed out anything that can be used against you in exchange for divulging secrets. The major component to most of the clearance questions revolve around bribery. People don't divulge secrets typically because they hate the government or the country, but for much more simple reasons like they need to pay rent and they figure they can sell some secrets.