Shostack + Friends Blog Archive

 

HSPD-12 Does Not Require JPL Background Checks

Adam writes about the brouhaha at NASA over HSPD-12 background checks.

A friend of a friend who is in the business of implementing HSPD-12 sent me a tidbit about it, along with a link so that you can read the primary source — something always needed when you get emails from FOAFs.

In paragraph 3, there is the interesting statement:

The Standard will include graduated criteria, from least secure to most secure, to ensure flexibility in selecting the appropriate level of security for each application.

The FOAF was incredulous at the report, because there it is in paragraph three that it’s okay to have different levels of security, and that which was good enough to defend us against the Godless Commies oughta be good enough to defend us against the Godful Beard-Dyers.

Let’s look down a little further. HSPD-12 is short, it’s only eight paragraphs. What’s that in paragraph 6?

(6) This directive shall be implemented in a manner consistent with the Constitution and applicable laws, including the Privacy Act (5 U.S.C. 552a) and other statutes protecting the rights of Americans.

Which gives the protesters a lot of ammo right there. But wait, there’s more. The HSPD-12 FOAFs say that the hardware JPL has ordered can only support a low-security ID system anyway, not a high-security one, so even if it were reasonable, they can’t implement the high-value security checks anyway. The FOAF gives this site as a reference.

So there you have it, not only abuse at JPL, but waste, too.

One comment on "HSPD-12 Does Not Require JPL Background Checks"

  • Draco says:

    Your breezy interpretation of HSPD-12 is trumped by the implementation standard FIP-201. So in review, background investigations will be required

Comments are closed.