Secret Information Is More Trusted

This is an interesting, if slightly disturbing, result:

In one experiment, we had subjects read two government policy papers from 1995, one from the State Department and the other from the National Security Council, concerning United States intervention to stop the sale of fighter jets between foreign countries.

The documents, both of which were real papers released through the Freedom of Information Act, argued different sides of the issue. Depending on random assignment, one was described as having been previously classified, the other as being always public. Most people in the study thought that whichever document had been “classified” contained more accurate and well-reasoned information than the public document.

In another experiment, people read a real government memo from 1978 written by members of the National Security Council about the sale of fighter jets to Taiwan; we then explained that the council used the information to make decisions. Again, depending on random assignment, some people were told that the document had been secret and for exclusive use by the council, and that it had been recently declassified under the Freedom of Information Act. Others were told that the document had always been public.

As we expected, people who thought the information was secret deemed it more useful, important and accurate than did those who thought it was public. And people judged the National Security Council’s actions based on the information as more prudent and wise when they believed the document had been secret.

[…]

Our study helps explain the public’s support for government intelligence gathering. A recent poll by the Pew Research Center for the People and the Press reported that a majority of Americans thought it was acceptable for the N.S.A. to track Americans’ phone activity to investigate terrorism. Some frustrated commentators have concluded that Americans have much less respect for their own privacy than they should.

But our research suggests another conclusion: the secret nature of the program itself may lead the public to assume that the information it gathers is valuable, without even examining what that information is or how it might be used.

Original paper abstract; the full paper is behind a paywall.

Tags: academic papers, FOIA, NSA, psychology of security, secrecy, trust

Posted on July 26, 2013 at 6:25 AM • 42 Comments

Comments

Mike B • July 26, 2013 6:31 AM

I have some diplomat friends who actually saw the whole initial Wikileaks release of diplomatic cables to be a positive thing because it exposed all sorts of truths about the actions of various Middle Eastern foreign leaders that if officially exposed would have been portrayed as American propaganda. Because it was being leaked by a third party source various popular movements saw the information as more credible which added fuel to the Arab Spring movements.

The obvious end point is to start using places like Wikileaks as a conduit for fake classified information. Such a campaign at the very least will serve to discredit such outfits so that in the future people won’t be able to trust anything they say.

Nicholas Bohm • July 26, 2013 6:38 AM

Governments have long argued that the minutes of high-level government meetings must be secret so as to preserve the frankness of exchanges. So it seems reasonable for the rest of us to believe that when we read a once-secret document, it may well be more frank than one originally released for public consumption.

Nicholas Weaver • July 26, 2013 7:02 AM

In addition to the hopeful honesty factor mentioned by Mr Bohm, a secret document’s universe of possible information sources is a strict superset of the unclassified document’s.

Lacking independent information to gauge the real quality of the two documents and their arguments (which, in the end, is probably the deciding factor), it would be natural to give the classified document more weight.

Ross • July 26, 2013 7:08 AM

This story was once classified as well.

Anderer Gregor • July 26, 2013 7:36 AM

So why do people believe this? Is there any other explanation that people assuming that “The Government” does not tell them (in public documents)?

Stephen Morley • July 26, 2013 7:53 AM

I’m not convinced the research cited supports the conclusion drawn. Like the subjects in the study, I would place more trust in a document that I was led to believe had been secret (all other things being equal), as a document originally intended for public consumption is subject to PR management. I don’t however see an inconsistency between holding this view and opposing widespread surveillance.

Anne Oni • July 26, 2013 8:07 AM

Mr. Bohm’s comment rings true for the fact that many people see info disseminated from the government for public consumption is more often than not mere propaganda.

FTA, I’d hate to be the defendant in a trial that uses “secret evidence”.

nikoteen • July 26, 2013 8:16 AM

Full text article is available for free at Leaf Van Boven’s: http://psych.colorado.edu/~vanboven/VanBoven/Publications_files/travers-secrecy-polpsy2012.pdf

K.Street Irregular • July 26, 2013 8:19 AM

This phenomenon has been known for years. Analysts have been using it to sneak OSINT into official intel collections since the late 80’s, when the first pay-for-use online data sources started. Robert Steele wrote about this at length in his last book.

Also, “official” intel sources are notoriously unreliable because they are basically the words of people who are sticking their necks out (i.e., spies) who on one hand have some motivation to pass along classified information, but on the other hand are highly motivated to protect themselves by not giving away so much information that the source of the leak is made apparent to CI.

bcs • July 26, 2013 8:23 AM

Secret allows candid in some situations. This might be what the bias comes from.

Bert • July 26, 2013 8:28 AM

This phenomenon may be far more powerful than they’ve even realized. This helps show why otherwise normal people believe some of the crazy paranoid propaganda from conspiracy theorists. If it’s a secret someone discovered, as opposed to the otherwise rational normal information available to everyone, it must be more credible.

In my case, this lends insight into understanding why my dad buys so heavily into the idea of a shadow government. It’s all a super secret and because it’s nature is to keep things a secret, it must be true.

Look at the power of this in marketing, people are always more interested in finding the ‘secret’ cure for their problems. People buy the ‘secret’ formula for cookies, cleaning products, vehicle optimizers, and a whole host of other goods. Even when those things have been shown to be no better than their competition, they continue to sell on the idea that because it was a secret before, it must be better.

greggles • July 26, 2013 8:53 AM

Best line in the article:

the full paper is behind a paywall.

I wonder if the authors had any sense of irony in doing that.

Not Your Mother • July 26, 2013 9:08 AM

Two Words: Milgram Experiment

WhatDidYouExpect? • July 26, 2013 9:12 AM

“State secrets” are seldom classified as such to protect any national interest. More than likely, it is to protect against national embarrassment. Ostensibly, secrets are to protect the interests of the people in the meetings or that create the documents (also protects the businesses that make money off the arrangements, whether directly or indicrectly).

guess.my.name • July 26, 2013 9:15 AM

Interesting observation about “how” “because the surveillance programs were secret”, people assume “it must have good reasons”.

I do believe all this ties to the basic human component of having their own nakedness of body hidden. Which ties to their own nakedness of being. They keep secret their inner heart, something one usually only gets through time spent with them and the varying interplay of emotional investment through a relationship.

One insightful comment I have observed is on disinformation: If someone has to work for information, they will more strongly believe it. In context, this also means that they have to work to get through, for instance, encryption, or other efforts to keep that information secret.

But, because this is so core to the human experience, it has many implications in how the world and humans who perceive the world operate. Nations, for instance, wear a sort of clothes, whether they are good nations or bad. There is the naked truth, then the dressing on top of that.

Whether a person is ugly in their nakedness or beautiful, they want to make it very difficult for anyone else to know. The exceptions to these rules also tell us a lot about the rules.

With intelligence, national secrets, you see a great deal of sacredness about it all, even though if anyone steps back — if they emotionally detach themselves and scope out: they can see that what they are actually keeping a secret is really very boring and mundane information.

In this scope, you can see a lot of conspiracy theories, then, as a type of fantasizing about what “she” (the US Government, for instance) looks like naked. Maybe there are aliens in Nevada. Maybe there are brain reading machines in trucks. 🙂

And when someone comes along and says, “Oh, I slept with her”, people tend to see that as a conspiracy theory. “Oh, no you did not”. For instance, Snowden, the government came out and said, “Yes he did”. But with Tice, on the disclosures they wiretapped Obama, McCain, and everyone, no word is said.

Back to disinformation, which I find is a key topic, especially when one is talking about “total” surveillance programs: if the information is too easy to get, no one believes it. (Think here of a person that is just sleeping with you for your money, or to get information.)

The Mincemeat Program or “Man who did not exist” is a great example. The Brits went through a lot of effort on small details to make sure the corpse with the suitcase full of false secrets that ended up on the beach…. was a real corpse. And the secrets were real.

Undress her (check the details), and it all comes out as valid. In this case, the “work” is backwards. Like if they slept with a woman and then wondered if she didn’t really just sleep with them for money. It was too easy. Looking into the matter, they discover the many details that say she was authentic: “she had a crush on you and said that here and there”, “she always liked overly fat men”, and so on.

Then, there is the key part of all of this: teasing and flirting. This is where you can see information leaks indirectly. One spy chases another, they would grow suspicious if they are too easy, but if it appears like teasing or flirting (implying or indirectly saying what the nakedness is)… they find it plausible.

Everyone is a spy with these national disclosures.

And everyone is being spied on.

The us government did not have to spread that information around so openly in their circles.

There is a thing called “compartmentalization”. They know about that, just a little, you know.

I think there is some teasing and flirting going on there with the US and the world: why did the US create these systems? They could already track back known terrorists by phone numbers. Who did they call? Call records. What are these numbers on the call records? Who did those numbers call? And so on.

Maybe five years down, you want to look. Maybe the phone companies do not keep the data that long. But if the government gets it they could.

But why also all these social sites and the need to map out human networks there?

Are there no interesting networks they have found?

Who did Anna Chapman call? Who did Edward Snowden call? Who are all those numbers, and who did all of them call? How long did they speak?

guess.my.name • July 26, 2013 9:33 AM

Nothing is easy, nothing is free. But, then, there is porn, hookers, and easy men and women.

So people know that is not necessarily true.

You see these ads which have the same kind of porn ad feel to them.

Tech porn. Info porn. Spy porn.

But what people really want is something deeper. They can go, “Oh it is nothing but a superficial thrill”. Like mistaking an everyday action for flirting.

Everybody had the wrong idea about Stalinist Russia and Nazi Germany. Now we have all seen them naked.

Some came out of there when everyone was fantasizing and said, “I slept with them, and it is bad”.

They were not believed, because everyone was daydreaming on fantasies.

Play hard to get, people are attracted. Once they get it, they lose interest.

There is circumstantial evidence plenty there may be some kind of shadow government. On the other hand, humans are humans. They only live so long. They are bad at keeping secrets. They sleep around, they are not devoted.

Secrets are harder to keep when your spouse is sleeping around. Devotion dwindles. If you believe your spouse is a pinnacle of virtue (“we are fighting communism, nazis, and always do the best we can, we fight for liberty and human rights”), it is easier to be devoted. (To keep the secrets.)

When that is shattered, you go to bars and try and find someone else.

In otherwords, leaks come out. People say things indirectly or “anonymously”. A comment at a bar or on a forum, “They are assassinating people regularly, good people”.

Devoted secret keepers are like devoted virgins.

“Oh she/he is as devoted to me as I am to them and full of virtue that means they will always be perfectly devoted to me — even beyond my comprehension”.

When they find the truth, they are no longer naive. “My wife/husband is a drunk that sleeps around with everyone who looks their way. They throw pots and pans at the kids.”

And tell everyone they can.

paul • July 26, 2013 9:38 AM

I think the reasoning to the conclusion is definitely not fallacious. It’s not secret data that people think is more accurate, it’s secret opinion and analysis. The beliefs about keeping surveillance secret appear to be more about security by obscurity, in other words, the idea that opponents will act in less guarded ways if they’re not constantly reminded of the panopticon.

JP • July 26, 2013 10:19 AM

People who don’t know any better think the Government is highly competent to the point of being almost omniscient (as portayed by hollywood).

So the classified stuff must be brilliant!

How far from the truth 🙂

Smog • July 26, 2013 10:46 AM

That intelligence agency secret intel has been completely worthless has been an admitted fact for those near the intelligence community for YEARS.

The CIA, and the rest of the Intelligence agencies don’t generate anything worthwhile at all. They are money holes with the added bonus of secret, unaccountable armies that do what they want to their own ends.

All of the 3 letter agencies should never have been created in the first place (WWII). It is an incredible understatement to claim they are simply a liability. Having these agencies in existence is analogous to giving one’s self stage 4 bone cancer. Governments should not have secrets from their own people in a democratic republic.

If you are not familiar with the work and videos made by former insiders from CIA and FBI, please look up:

Chalmers Johnson
Ray McGovern
Sibel Edmonds
Then watch the congressional hearings of the Church Committee and Bill Colby

Petréa Mitchell • July 26, 2013 11:37 AM

nikoteen: Thanks for posting that link.

greggles: Having read the whole thing, I think the funniest line is in the acknowledgements.

Clive Robinson • July 26, 2013 11:40 AM

Classified documents come in all forms as do none clasified documents.

In both cases the documents have two parts, the basic information and the interpretation on which the conclusions are based.

Where they tend to differ is the input source on which the documents are based, and the interpretation or analysis this input information gets.

The input can be “factual” as the product of scientific and technical measurment or “assement” as the product of human assets/agents on the ground.

In both cases they are the “dots” of intel that analysts try to join together in a realistic way to reach their conclusions. Most analysts are thus the equivalent of investagative journalists and likewise what they make of the source input is dependent on their abilities, and the time scales they have to work to.

Electronic intel (Elint) gives you hard factual information it is then upto analysts to decide what it means, the factual information gathered by a government has in the past tended to be considerably better than that available to private organisations (although that is changing fairly rapidly). A real issue with Elint/Sigint is that although factual in that a signal with a certain type of modulation was transmitted from a given point at a given time etc it does not tell you much even if you can decode the information impressed on it (it’s one of the reasons “numbers stations” give endless fasination for individuals and government organisations). Another problem with most Elint is it only provides “Real Time” factual intel which then needs analysis which makes the final intel “stale” and under certain circumstances sufficiently out of date as to be effectivly usless for many purposes.

Human Inteligence (Humint) is markadly different in that it can if well placed give intel on future plans and direction long before any other evidence is available. But Humint is not factual in of it’s self at the very least it is subject to the viewpoint of the asset/agent supplying it, and can be frequently subject to future change due to a large number of factors. This makes analysis of Humint considerably more difficult than Elint. There are also other issues with Humint, both the UK and US suffered from insiders in the intel community that for greed or political belifes handed over information to what was considered at the time the enemy. One of the results of this was the death or imprisoment of people in the enemy nations who had supplied the US with human inteligence (Humint).

Thus the US made a stratigic choice to move from human to technical intel in the various forms of Elint and photo reconosance etc (which turned out to be a significant mistake even before the end of the Cold War).

At various points over the past 50-60years various US Presidents authorised the public release of information from technical inteligence. These brief glimpses and the reason they were released gave the impression of technical resources for intel that gave omnipresent omnipotence which were infact false but was belived by the public.

Thus for the past two or three generations the public perception is greater “secret intel” capability than actually exists in reality, which has been encoraged as a viewpoint for various political reasons.

Thus the public viewpoint on secret intel has been biased deliberatly and the result of this experiment explainable.

The question now is will the revelations of Ed Snowden going to change peoples viewpoint and if so in which direction.

Petréa Mitchell • July 26, 2013 11:41 AM

Stephen Morley:

The paper notes that obscure topics were selected for the experiment on the assumption that the participants would already have formed attitudes about topics they were familiar with. Thus, since you are the sort of person who reads this blog, the experiment is not relevant to how you evaluate information about NSA surveillance.

J. J. Angleton • July 26, 2013 12:02 PM

I have absolute proof that all of the above comments are correct, but it’s secret, so you’ll just have to trust me on this.

Justin • July 26, 2013 12:52 PM

I feel like they’re jumping to conclusions. What they’re describing could equally also be indicative of an underlying assumption that information released to the public is less believable or reliable than information kept secret — in other words, an assumption that the government is BSing the public.
Something that’s scarily believable in a lot of places, Western or otherwise.

Claudio Puviani • July 26, 2013 1:34 PM

A simple rationale may be that information is classified because it’s deemed to offer some strategic advantage, and is therefore valuable. It’s a reasonable, if incorrect, assumption that one wouldn’t bother to classify information that has no value or is incorrect. Information that’s freely available, on the other hand, is seen as not important enough to be classified and therefore less valuable. Think of it as boxes that hold a jewel. You lack the expertise to judge the value of the jewel, so you assume that the jewel in the locked box must be worth more than the jewel in the unlocked box.

Douglas Knight • July 26, 2013 1:41 PM

It reminds me of the famous advice Ellsberg gave to Kissinger.

Ken • July 26, 2013 3:03 PM

Classified is perceived as “better” than unclassified–and this is a surprise to anyone?

Human beings value image (numerous studies verify this on various arenas–such as taller candidates getting elected; handsomer candidates getting hired; better dressed people perceived as more competent [“clothes make the man” — we humans have much more, and more complex, plumage of the sort animals such as peacocks display]; etc.).

Information that is classified is thereby deemed to be “special” in some particular way–it has a classification.

Its a discriminator. It is a form of plumage.

It’s partly why authors at Intelligence Communities routinely find a way to insert the highest level of classified information possible — even when its totally unnecessary and thus renders the entire document the classification level of that one little, often superfluous, snippet of info.

It gives the document an aura of specialness, exclusivity, & so forth. Its a compelling tactic–even when the audience is well-versed on the game being played.

They are, after all, still human…and have that same human vulnerability to be receptive to such plumage.

carpe • July 26, 2013 4:41 PM

@Bert

Be careful with your logic there. Having done a fair bit of CoG research (Continuity of Government), I can tell you that it is really not that far fetched, and perhaps the logic you attribute to your father is off.

“It’s all a super secret and because it’s nature is to keep things a secret, it must be true.”

No, it’s all secret and therefore we can’t posit to know what is true and what is not except based on OSINT information (or leaks, or declassified info). There is wider philosophical and psychological analysis to be had on what the ability to have secrets does to a person/entity. In this case a reading of Dana Priest’ Top Secret America might be in order… when there are no controls, and no oversight, on what can be put in the “secret” category, it becomes ripe for abuse and overuse of all sorts.

Coyne Tibbets • July 27, 2013 1:14 AM

I like the conclusion. Since the NSA is composed of people, too: Wouldn’t this same effect, by itself, be expected to provide them a confirmation bias in favor of surveillance?

Figureitout • July 27, 2013 1:42 AM

Secret information is more trusted
–Bit of an overstatement; this is just in regards to politicos, gossip, and spying. Plenty of information yearning to be learned, just not a lot of willing and excited brains. Not to mention a very high level network being cracked and, yeah that information is totally “secret” lol. Phreaky.

Petréa Mitchell • July 28, 2013 12:51 PM

Coyne Tibbets:

Yes, it would. And the same goes for anyone involved in the supposed oversight of the NSA.

Ron Ruble • July 28, 2013 1:58 PM

Interesting bit of psychology. I wonder if the same logic applies in why so many businesses insist on using “secret” proprietary encryption algorithms rather than those that are mathematically proven.

Yusuke • July 28, 2013 11:11 PM

Huh, this reminded me of the psychology about counterfeit paintings. Apparently people have a “oldness heuristic” to artistic works too – the older is the better. It is a common practice for people selling fake stuff to artificially soil their artwork to make it look better.

Dirk Praet • July 29, 2013 5:38 AM

I believe the most simple of explanations to be that secrecy has the same effect on the human psyche as money and cocaine have, and at which point all logic goes through the window.

name.withheld.for.obvious.reasons • July 29, 2013 3:53 PM

As two related issues, one concerns secret documents are the purview of companies engaged in advanced research. The other is the knock on effect of secrecy in public and private domains. I want to relate the experience I had this week.

For years I have used a variety of tools to insure the integrity and propriety of various research reports that after proper review is released without restriction–even though the work remains copyrighted we have never sought to restrict its use. The latest work is on operations and management theory, the use of open source business practices, and the nexus between efficiency and collapsing the compliance, assurance, and change/config control.

This week I had to send a redacted version of the thesis to a colleague for review. Even though the document was encypted (sha256) the sufficiency is not enough to meet our due diligence requirements given what we know about government collection programs. We cannot at a later date answer the question–“Well, you know the government was listening and private contractors were involved, why didn’t you do more to protect company confidential information?”

We do have a policy to allow disclosure using key lengths of at least 4096 bits. The signatures must be at least 1024 bit key lengths. Doesn’t leave a whole lot a people on your TO: list.

Nick P • July 29, 2013 4:54 PM

@ name.withheld.for.obvious.reasons

“This week I had to send a redacted version of the thesis to a colleague for review. Even though the document was encypted (sha256) the sufficiency is not enough to meet our due diligence requirements given what we know about government collection programs. We cannot at a later date answer the question–“Well, you know the government was listening and private contractors were involved, why didn’t you do more to protect company confidential information?”

“We do have a policy to allow disclosure using key lengths of at least 4096 bits. The signatures must be at least 1024 bit key lengths. Doesn’t leave a whole lot a people on your TO: list.”

You’re post confuses me for both practical and technical reasons. SHA-256 is a hash algorithm, not encryption. I figure you’re thinking AES-256. Also, 4,096 bit keys are the maximum you’ll see (and rarely at that) with most applications: 1,024 to 2,048 are more typical. There’s really little reason to use over 2,048. There’s also many low power and accelerating devices that max out lower than 4,096.

For the practical, I’m not sure why NSA or other TLA collection efforts have anything to do with your security requirements or “due diligence”. Most laws and regulations, even government, have a specific baseline they require people use. NSA-proof isn’t in it. It’s always been assumed that anyone not doing SAP-like security can be hit by a TLA, especially a local one. Many, in fact, have been hit by non-TLA black hats despite all their crypto and firewall gadgets. If (1) anti-NSA is in your security requirements and (2) you people are Americans working in U.S., then it seems like a foolish policy/preference: High Robustness software, TEMPEST hardware, and business process/personnel requirements to stop TLA’s cost much more than most I.P. is worth.

This is probably why I don’t know anyone in defense or government worrying about NSA spying. Like libertarian opposite, they’ve always just assumed it was happening. Plus, one must comply if ordered by courts else he or she faces serious trouble. Most people who have discussed the various security regulations just do the minimum (or just above it) while working with those experienced in the review process to avoid trouble spots. Last I checked, there’s also already a ton of people doing good work in operations research, compliance efforts, assurance, and occasionally configuration control without worrying much about these things. And they get paid, published, etc.

If the common approaches aren’t possible for you, then why is that? And why would you consider the NSA a threat to your operation?

name.withheld.for.obvious.reasons • July 29, 2013 6:01 PM

Thanks Nick! Yup, fat fingered the sha aes (should have been blowfish or two fish) in my head–read right past it even after I had realized it. Must be old age.

The new PKI CA’s have all gone to 4k key lengths. I’m surprised that no one on this blog, or Bruce, have commented about the “For official use only” CA’s that have recently appeared. I don’t know if anyone is checking their CRL or issuer databases but there is a whole new class of CA’s using EC 384/512 for signature/hashing. I have a feeling everyone is going to have to revisit their data encryption policies.

name.withheld.for.obvious.reasons • July 29, 2013 6:10 PM

@nick p

If the common approaches aren’t possible for you, then why is that? And why would you consider the NSA a threat to your operation?

Simple answer, PPD 20!!!

Dirk Praet • July 29, 2013 7:51 PM

@ name.withheld.for.obvious.reasons

Well, you know the government was listening and private contractors were involved, why didn’t you do more to protect company confidential information?

Are you saying that under PPD20 company confidential information needs to be NSA-proof ? That would be pretty hilarious !

Nick P • July 29, 2013 9:08 PM

@ name.withheld.for.obvious.reasons

I’ve read the unclassified parts of PPD20. I’m sure there’s more interesting stuff in the unreleased portions. However, all security stuff sounds like more of the same INFOSEC and Joint Operations type regulations they’ve had in the past. Magic isn’t necessary to be compliant: it’s just products, processes and paperwork. Like most government standards.

Gotta be clever and use tricks to be profitable anyway. Big regulations are always a pain for the little guy. Still hard for me to believe the hidden standards are so great that a TLA couldn’t beat them: how would the NSA spy on you? 😉

Nick P • July 29, 2013 9:13 PM

@ name.withheld

“The new PKI CA’s have all gone to 4k key lengths. I’m surprised that no one on this blog, or Bruce, have commented about the “For official use only” CA’s that have recently appeared. I don’t know if anyone is checking their CRL or issuer databases but there is a whole new class of CA’s using EC 384/512 for signature/hashing. I have a feeling everyone is going to have to revisit their data encryption policies.”

EC 384/512 and 4k crypto aren’t the same. Are you saying it supports both?

Also, I hadn’t heard about new PKI’s. Are you talking about the DOD-specific PKI system that they’ve been expanding for past decade? Just an upgrade of it? Or is there a new parallel system entirely of them? (And any public links in that case?)

name.withheld.for.obvious.reasons • July 30, 2013 1:04 AM

@ nick p
I can say that PPD 20 will modify expectations because of the level of egis and sense of authority cyberwar operatives believe is necessary to execute this damn thing. Bruce talked about two of the components but left out one that is frankly–dangerous. Sorry for the cryptic description, but, I haven’t even discussed the kinetic response profiles that are also part of this mess. It is not so much from a sense of the problem, it is because of the problem. I understand what you mean when you say magic as so much in the a INFOSEC realm is a collection of folklore, speculation and a darn hefty amount of lying. Look at all the commercial information security products and what a mixed bag that is. Even in the secure OS realm (EAL or DO178,256) and with practices and standards such as ISO 15408, 27000, and BS 7799 there are significant failures. Today qualifying a workstation, from supply chain to the software installation there are any number of vendor idiosyncratic issues that make qualifying a host a job for an IT priestess.

It’s late, I’ll have to get back to you with more info on the CA’s. One hint I gave earlier is the “For official use only” that appears in the OU portion of the cert.

Secret Information Is More Trusted

Comments

Leave a comment Cancel reply