ORLANDO – The National Security Agency, America’s high-tech spy agency and guru for military information security, is a secretive sort of creature that doesn’t like to come out in the daylight, especially to deal with the media. So inviting the tech media, such as myself, to attend the NSA’s first-ever “NSA Trusted Computing Conference and Exposition” this week was not an easy decision.
After all, they were letting some of their more prominent and smart NSA technical personnel out of the confines of places like Ft. Meade, Md.., the NSA headquarters, to talk about how much the agency wants to make use of commercial security products and virtualization — and influence its development so it’s good enough for the Top Secret mission-critical needs of the military.
But while the NSA had apparently decided to include the press at this first-ever conference, it was a decision fraught with much hand-wringing. Which leads me to tell you how I got thrown out of an NSA party — a first for me, I might add.
Just to show how tortured they were about this conference and inviting the press, NSA’s public affairs split the conference apart, telling press like me that we could attend one full day of the three-day conference, but the last two days were off limits except for two one-hour sessions and a couple of demos. (Yikes, I’ve been invited to less than half a conference!)
One vendor trying to help NSA deal with its press-phobia issues was flabbergasted, saying, “It’s like they don’t really want you to come.”
Right, but I did anyway, with misgivings. Even after I read the NSA invitation, which reminded me that photography was prohibited and NSA would not (gasp!) pay for my food. The NSA public affairs lady — an amazingly pleasant person, by the way — even left me a voicemail in my hotel room to remind me that Wednesday and Thursday sessions were basically off limits with just two exceptions.
The anguished tolerance of the press was on display from the start. NSA’s Matt Van Kirk (his title: Project Director of Technology Commercialization for Trusted Computing and the High Assurance Platform Program in the National Security Agency/Central Security Service Commercial Solution Center) kicked off the conference by declaring, “The press is here. Be mindful of that.”
But it’s not like the NSA is no fun at all. Van Kirk encouraged his audience to visit the vendor exhibit area and pick up special “trading cards” related to the Trusted Computing Platform (they gave me eight of them. My favorite is the picture of the “Trusted Boot Code Card” with its enormous boot and chains). He said maybe if you get enough trading cards, you get a gift prize.
So how did I get thrown out of an NSA party Tuesday evening in the courtyard of the Doubletree Hotel?
Well, the nice NSA press affairs lady had unexpectedly given me a ticket to join this NSA soiree. But as soon as I had situated myself in a corner of this outdoor gathering, where it was impossible to hear anything above the steel drums, another conference-management lady told me to leave, saying it had been decided that as press, “you make people nervous.”
So I was thrown out. I went back to my hotel room and spent the evening watching one of those documentaries on the evolution of man that shows how close we as homo sapiens are to the Neanderthals. The background music of steel drums hammered on for hours.
Later I spoke with Steve Hanna, distinguished engineer with Juniper Networks Inc., who attended the conference to speak on the topic of Trusted Network Connect (TNC) technology from the Trusted Computing Group. I asked him whether he thought it made sense to shut media out of more than half the conference, and was it so sensitive anyway.
Hanna said as a person involved in helping the standards-development process along, he’s in favor of “a maximum amount of openness. We all benefit from fresh air and sunlight.”
He said he’d understand it if the press weren’t invited to check out the development of the next Stealth fighter, but the Trusted Computing Group technologies and product implementations need the benefit of public participation.
The TCG technologies are mature, and although the NSA has participated in standards development, those at the NSA “are not the only or even the leading participant,” Hanna said. Technologies such as TNC and TPM have gained wide following in the commercial sector, Hanna pointed out, but lag in the government and the military certainly in part because of barriers such as the “length of time to get things approved.”
That was an impression I got, too, attending just one day of this all-too-secret conference.
So at the end of all this, I had to think back to well over a decade ago to the old NSA-sponsored conferences in Baltimore where the NSA came out of the shadows once a year to bring together industry, government and the private sector on behalf of public awareness about the trusted systems described in what was called the old “Orange Book” and “Red Book.” It was always right around Halloween, so we took to fondly calling them the spookfests.
These old Baltimore NSA conferences, long gone, were open to the press with no restrictions. But as a new generation at the NSA takes charge over national security and tries to create a new series of trusted-computing conferences, will they forget that “sunlight is the best disinfectant,” as U.S. Supreme Court Justice Louis Brandeis once put it?