Feeds

Museum unscrambles secret agency's past

But recent activity still matter of national security, natch

Internet Security Threat Report 2014

Inside the NSA A few of us got through the metal detectors before the National Security Agency (NSA) realised we were in the wrong place. We had arrived, expunged of all electronic devices from mobile phones to cameras, at the Visitors' Centre, a security outpost for visiting security personnel, instead of the National Cryptologic Museum 370 metres away by eagle. Oops.

There was a time when the very existence of the National Security Agency was completely secret. Many of the sort of people who are interested in it (such as this crowd from the annual Computers, Freedom, and Privacy conference) are, therefore, somewhat surprised by the idea that it has a cryptologic museum.

Approximately 50,000 people a year find their way to Fort Meade, where the museum and NSA's headquarters are located. The curators will tell you openly that the museum's creation in an abandoned hotel in 1993 was a public relations exercise. The Cold War had ended, and although cryptology has been used in American wars all the way back to George Washington, between wars the effort was generally closed down. So the NSA had to answer: why should the nation keep funding it?

You would think that if anyone was likely to say "we shouldn't" it would be this group of gearheads and privacy wonks. Jostling with the NSA tour for pride of place on the programme was a panel on wiretapping featuring James Bamford, author of The Puzzle Palace, the 1982 exposé of the NSA. The NSA hasn't really forgiven him yet; mentioning his name at the museum draws a waspish response. David Kahn, whose 1967 book The Codebreakers drew a government suit when it was published, however, is now a scholar working there.

The curators seem refreshingly open, at least in the sense that they voice opinions they disassociate from the NSA. Still, the last 40 years of increasingly controversial activity is omitted. For national security reasons, of course. No one argues about wiretapping in World War II or even Korea; it's today's warrantless wiretapping that's controversial. So there is no mention of Bush, the class action suit brought on behalf of AT&T customers, or the revelations by AT&T employee Mark Klein that the NSA has been cheerfully and illegally wiretapping US citizens' domestic phone calls. It's a sign of how far the American government monolith has depressed people's free spirits that even this group does not bring up the subject.

When this museum opened it was also the height of the crypto wars, and cryptography was the hottest topic at this conference. Two government efforts made it so. One: continuing to promote the International Traffic in Arms regulations, which restricted the export of strong cryptography, slowing its adoption to protect, for example, ecommerce transactions. Two: backing a government standard known as the Clipper Chip, which would have included encryption in devices such as telephones and modems, but at the price of storing an escrowed key with the government. ITAR was ultimately defeated by the demands of ecommerce; Clipper Chip by the cracking work of Matt Blaze. The museum has a display of secure telephones, but mentions neither the Clipper Chip nor the ITAR battles.

Beginner's guide to SSL certificates

Whitepapers

Driving business with continuous operational intelligence
Introducing an innovative approach offered by ExtraHop for producing continuous operational intelligence.
Why CIOs should rethink endpoint data protection in the age of mobility
Assessing trends in data protection, specifically with respect to mobile devices, BYOD, and remote employees.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Mitigating web security risk with SSL certificates
Web-based systems are essential tools for running business processes and delivering services to customers.