[rhizome]

When 1% of the nation has similar levels of access as these two, I don't know that it's reasonable to exclude the sneakernet vuln.

[s_q_b]

Not to sidetrack the conversation too much, but I fully agree, and I'm sure those in the agencies do as well. It's a gap they're closing, with two-man rules etc.

[AaronFriel]

3 million people have equivalent security clearances as Bradley Manning or even Edward Snowden? I'm going to guess that's a little high.

[s_q_b]

1% is actually a little low. According to a report provided to Congress, 4.2 million people have a clearance. 1.4 million of those are TS/SCI (Top Secret / Secret Compartmentalized Information), the level Snowden held.

Source: http://blogs.fas.org/secrecy/2011/09/clearances/

[mh-]

the key part of that is the C in SCI. an SCI merely means you've been pre-screened to be allowed access.

it still requires stakeholders delegating access to said individuals for different [sub]compartments.

[s_q_b]

Very true. However, when creating security policy, one should always keep in mind those that have permission to access information, rather than those that have actual access to information.

It's a nightmare to me that there could be 15 people that have actual access to information, but a random official in the chain of command could give any one of 1.4 million people access to it without any further vetting.

[AaronFriel]

I suspect the process is a little more difficult than a random official granting access without vetting.

[computer]

Note that there's a very large difference in clearances and access.

[spiffage]

Snowden had a far higher level of access than Manning.