Electronic Security Measure Capice
Originally, "Electronic Security Measure Cap-R-ICE", renamed to Cap-O-ICE, then Cap-Y-ICE, then simply Cap-ICE as the paperwork to conform the protocol with its creator was left unfilled-out and she (then having just attained Indigo clearance) executed someone she believed to be treasonously referring to her by an incorrect (Yellow) clearance.
Based upon the facts that traitors are fundamentally lazy (as industry is mandatory, they must lack it) and that a treasonous intrusion requires immense luck to bypass the nigh-perfect security systems already provided by Friend Computer, Cap-R-ICE, then and now a researcher at Syntelligent_Systems, designed a stochastic, Quasi-Random system which, when it deems the time right, requires the user to re-enter their security information in full, and can, additionally, simply terminate the user-session, or, if it so chooses, the user.
Two things need explanation. The first is how this improves security, and the second, what is meant by "choose". Security improvement comes, initially, from the simple increase in use-difficulty experienced on a system using Electronic Security Measure Capice, but ultimately, by re-requiring user-verification, it increases the likelihood that a traitorous intruder will fail to penetrate other security layers, and by sometimes outright terminating the current user, it doubtless catches a traitor or two. Productivity and personnel loss among legitimate users is non-minimal (frustration is 78% among long-term users of Electronic Security Measure Capice, and fatality is at 20% among all long-term users, higher among those with longer terms), but this is certainly acceptable in light of the 90% reduction in successful and effective traitorous intrusion (only 10% of intrusions and non-authorized acceses now result in success, defined as a loss of 5 or more Property_Value_(Computer)_Units).
As far as "choice", it is produced by the aforementioned stochastic, Quasi-Random process. The security system simply determines, by that rather complex process, when to (most often) require re-verification, terminate the session, or (least often) terminate the user.