OK, I'll try again. First, as I recall, SECRET clearance is actually not very high: when I got it, I had to answer a bunch of questions (do you abuse illegal drugs? are you now or have you ever been a member of any organizations? have you ever been _arrested_ for anything?) and fill out some forms and get fingerprinted. They probably did a credit check, and that was about it. Nobody I knew got any calls asking about my habits (that is reserved for higher clearances). So now I'll rename the thread again: "Inherent Insecurity of Internet Commerce" -- <sarcasm>maybe now the NYT will feature me on the front page for "discovering" this inherent flaw in the Internet.</sarcasm> My purpose in renaming the thread in the first place was to start another thread relating to the types of security in places like, say, Netscape or Spyglass or CyberCash or First Virtual or Interramp or any other ISP or software company. Because I want to know how susceptible these companies are to hiring the wrong people. So, here's the "bug": if some agency of crime/espionage wants to subvert any of these systems, all they need do is employ the same blackmail/bribe techniques used to recruit actual spies on some employees of these companies. They then slip in some hacked versions of the software with the good ones, or modify distribution servers, or slip code into servers that forwards every tenth credit card number somewhere. Or how about getting a janitor to plug a wireless tap into one of the major Internet backbones to sniff for cc#s as well as interesting e-mail? Also, since there's enough noise here already (and even I don't see that much crypto-relevance) I won't post again on this topic, but I am very interested in hearing concrete examples of how Internet companies are protecting themselves, and also in hearing about specific instances of security failing (e.g., has anyone ever found a tap on a backbone?) -Pete Loshin pete@loshin.com