Cryptocurrencies, Blockchain and Fraud

Understanding Security Clearances – What Blockchain Users Should Know

Main Points For Consideration:

  • Transmitting classified information requires strict adherence to complex rules.
  • Intentional misuse of security classifications can result in severe penalties.
  • Unintentional misuse of security classifications can also result in adverse actions.
  • Blockchain users doing business with the United States Government are responsible for compliance with existing security rules and regulations.
  • Proper training and knowledge may prevent unauthorized disclosure of classified information into an existing Blockchain shared ledger.

The rapid expansion of Blockchain technology demonstrates increasing involvement with government entities at the local, state and federal levels. Local and state governments are incorporating permissioned shared ledger processes for voting records, real estate records, medical records and other uses. It is not publicly known to what extent the federal government intelligence community is evaluating or using Blockchain technology. It is, however, reasonable to assume that Blockchain technology may be tested and used in a variety of roles to protect and exchange sensitive government information. If so, Blockchain technology will interact with the complex rules overseeing the use of government classified information.

What Are the Different Classification Levels?

Current descriptions of the different levels of U.S. government classifications can be found on multiple open-source resources such as:
http://govcentral.monster.com/security-clearance-jobs/articles/2330-3-levels-of-security-clearance. National security information that requires protection against unauthorized disclosure are classified at one of the following levels:

Top Secret Clearance is applied to information that reasonably could be expected to cause exceptionally grave damage to the national security to unauthorized sources.

Secret Clearance is applied to information that reasonably could be expected to cause serious damage to the national security if disclosed to unauthorized sources.

Confidential Clearance is applied to information that reasonably could be expected to cause damage to the national security if disclosed to unauthorized sources. The vast majority of military personnel are given this very basic level of clearance.

Unclassified is not technically a classification but is the default term referring to information that can be released to individuals without a clearance

What is Sensitive Compartmented Information (SCI)?

SCI information may be either Top Secret or Secret, but in either case it has additional controls on dissemination beyond those associated with the classification level alone. The “need to know” principle is formally and automatically enforced. The SCI designation is an add-on, not a special clearance level.

What is the Special Access Programs (SAP)Designation?

The U.S. Government provides security protocols for highly classified information with safeguards and access restrictions that exceed those regular classified information. In addition to collateral controls, a SAP may impose more stringent investigative or adjudicative requirements, specialized non-disclosure agreements, special terminology or markings, exclusion from standard contract investigations and centralized billet systems. This information can also be found by researching open-source sites such as: https://en.wikipedia.org/wiki/Special_access_program.

U.S. Government Documents:

To be properly classified, an individual or individual charged by the U.S Government with the right and responsibility to properly determine the level of classification and the reason for the classification must determine the appropriate classification level, as well as the reason the information is to be classified. A determination must be made as to how and when the document will be declassified, and the document marked accordingly. Individual agencies within the government develop guidelines for what information is classified and at what level. Classified U.S. Government documents must be stamped with their classification on the cover and at the top and bottom of each page. Authors must mark each paragraph, title and caption in a document with the highest level of information it contains. Persons with lower clearance levels are not permitted to have access to information classified at higher levels. Conversely, persons with higher levels of clearance have access to information from lower classifications. .

Who is Eligible for Obtaining Security Clearances?

Eligibility for access to classified information is granted only to those for whom an appropriate personnel security background investigation has been completed. It must be determined that the individual’s personal character and professional history indicates loyalty to the Unites States, strength of character, trustworthiness, honesty, reliability, discretion, and sound judgment, as well as freedom from conflicting allegiances and potential for coercion, and a willingness and ability to abide by regulations governing the use, handling, and protection of classified information. A determination of eligibility for access to such information is a discretionary security decision based on judgments by appropriately trained adjudicative personnel. Eligibility will be granted only where facts and circumstances indicate access to classified information is clearly consistent with the national security interests of the United States. Access to classified information will be terminated when an individual no longer has need for access.

Unauthorized Disclosure of Classified Information: .

I found in open-source research that the U.S. Department of Defense states that an unauthorized disclosure is the communication or physical transfer of classified or controlled unclassified information to an unauthorized recipient. An unauthorized recipient can be anyone. Unauthorized disclosure of classified information can be either intentional or accidentally and can occur through leaks, spills, espionage, or not following proper safeguarding procedures.

Leaks are deliberate disclosures of classified information to the media. Classified data spills are accidental or intentional disclosures of classified information that occur across computer systems.

Spills are considered and handled as a possible compromise of classified information involving information systems, networks, and computer equipment until it is determined whether an unauthorized disclosure occurred.

Espionage includes activities designed to obtain, deliver, communicate, or transmit information relating to the national defense with the intent or reason to believe such information will be used to harm the United States or to the advantage of a foreign nation or transnational entity.

Unauthorized disclosure of classified information due to improper safeguarding procedures, although usually unintentional, can be just as damaging to national security as intentional unauthorized disclosures.

Duties to Disclose Unauthorized Disclosures:

Prior to receiving authorization to handle classified information, a classified information nondisclosure agreement is executed between participants. Within this agreement are requirements to receive a security indoctrination concerning the nature and protection of classified information, including the procedures to be followed in ascertaining whether other persons to whom I contemplate disclosing this information have been approved for access to it. The security training will include procedures to be taken when a security breach is discovered. Once discovered, the classified information must be protected to prevent further disclosure. Then, the disclosure must be reported to appropriate authorities who will, in turn, investigate the incident and impose sanctions, if warranted.

Gaining Knowledge of Government Regulations:

Blockchain developers and users conducting business with the U.S government as vendors, employees, or contractors may find themselves interacting with classified information. If so, they, like all others, are responsible for compliance with existing rules and regulations which oversee the exchange of sensitive information.

Conclusion: The Blockchain shared ledger system promises an unalterable time-stamped recording of events that is relatively fraud-proof and un-hackable. When considering the use of classified information, it is imperative that classified information be handled properly.

One unanswered question certainly emerges: What happens to an existing Blockchain system if an unauthorized release of classified is somehow added to the shared ledger? One result could be a freezing of the information per government regulations to prevent further use of the unauthorized leak. Another result may well involve a damage assessment conducted by authorized representatives of the government.

To prevent misuse of classified material, Blockchain developers and users will have to be mindful of the risks and consequences of unauthorized leaks.

(The above information was obtained from open-source research of publicly available web sites).