[cap-talk] the value of non-delegatable authority?

[Toby Murray]

On Tue, 2008-01-15 at 05:29 +0000, David Hopwood wrote:
> Toby Murray wrote:
> > On Mon, 2008-01-14 at 01:35 -0800, Jed Donnelley wrote:
> > 
> >> a person with
> >> a clearance does have the authority to delegate the permission
> >> to read any documents that they can themselves read to anybody
> >> with whom they can communicate - however, they have a
> >> responsibility (duty) not to do so.  That is, they are trusted
> >> not to do so.
> >>
> >> Does the above phrasing make sense to you?  If not, what if
> >> I substituted the word "power" for "authority" in the above?
> > 
> > Yes
> > 
> > A security-cleared person can delegate the right to read a particular
> > classified document to someone else by simply passing them the document,
> > or making a copy of it and passing them the copy. They have
> > the /authority/ to do so, because the rules of the game don't prevent it
> > from occurring. But as you say, they have a /responsibility/ not to,
> > i.e. they are trusted not to perform this action that they have the
> > authority to perform.
> > 
> > However, we're talking about different authorities here.
> > 
> > While a cleared individual can delegate the permission to read a
> > particular document, they cannot delegate their clearance to another
> > individual.
> 
> Yes they can, by acting as a proxy.

I said "they cannot *delegate* their clearance". Being able to proxy is
totally different. 

> 
> If human Alice has access to a document, she can always give human
> Bob access to it. 

Of course. But she cannot give Bob her *clearance*. She cannot
instantaneously give Bob the right to read every document that she ever
could. Bob can't gain a clearance from Alice (assuming Alice doesn't
work for a vetting agency, of course). 

The clearance is a much stronger authority than the right to read a
particuular document that Alice chooses to pass to Bob. These are
totally different things.