[ExI] Security clearances

Anders Sandberg anders at aleph.se
Sun May 15 08:31:17 UTC 2016

On 2016-05-15 08:00, spike wrote:
>
> Sure, but I would be far more comfortable with it if we can go back to
> WW2.  The allies broke the Nazi codes, but they had to keep secret the
> fact that they had done it.  Plenty of people knew about it at
> Bletchley Park and some over on this side of the pond, but this would
> be a perfect example of a SAR program. We know they did an excellent
> job of keeping that secret.

Yes, I agree Bletchley Park worked realy well. As far as I know they
never had a leak. I have also heard oldtimers in the UK establishment
worry that they do not think they could maintain the same organisational
culture today.

> To your other points, we know that this process works if it filters
> out plenty of good capable people who should have been cleared.  But
> these are sacrificed to cleanse the system of those few who would have
> leaked what happened at Bletchley.
>

I don't think this follows. It is trivial to make a system that filters
out good people without being effective against bad people.

A simple model of a filter: "security quality" of people is N(0,1)
normally distributed. Measurements (vetting) has a normal error
distribution N(mu,sigma^2), we remove everybody below a certain
threshold. The probability of letting through a bad guy (SQ < 0) is
integral_-\infty^0 f(x) (1-Phi( (-x-mu)/sigma)) dx =
1-\integral_-\infty^0 f(x) Phi((-mu-x)/sigma) dx where f(x) is the
N(0,1) distribution finction and Phi is the cdf. No neat analytic
solution, but when you plot it versus the probability of filtering out
good guys you get a classic ROC curve, where the goodness depends on
sigma. The problem is that security quality is not well defined
(circumstances may make a would-be leaker not do it, or a secure guy
decide to leak) so there is an extra "noise" term that would make a
perfect measurement of the initial state uncertain: this can be added to
the variance of the measurement, and reduce the ROC curve.

So my question can maybe be turned into: do we know the parameters for
the security ROC curves?

> How to document it?  I don’t know.  Do we have any evidence that
> anyone inside at Bletchley Park talked?  We have evidence that Klaus
> Fuchs from Los Alamos leaked, but I think that was after the program
> was already well along.  Roosevelt told Joe Stalin after he had
> already heard that Joe Stalin had been briefed by a spy at Los Alamos,
> but then-VP Harry Truman had not received any word on what was going
> on with the A-bomb program.
>
Manhattan leaked *a lot*, I have found papers on that. They were worried
about Germans, who never even heard of it, while the commies were
getting the prime information.

> What other big-secret programs do we have that are now public domain?
> Oh how about that caper where the US recovered a commie submarine?  Is
> there any evidence that the Glomar Explorer was leaked?
>
That is a good case. I think it remained quiet for a long while.

We should look for more examples like that; I can actually turn loose an
intern to investigate in detail.

--
Anders Sandberg
Future of Humanity Institute
Oxford Martin School
Oxford University

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.extropy.org/pipermail/extropy-chat/attachments/20160515/94bd09d4/attachment.html>