Security

Born in the NSA!

A photo composition of National Security Agency headquarters in Maryland, U.S.

Above: A photo composition of National Security Agency headquarters in Maryland, U.S.

Image Credit: Wikipedia & Harrison Weber / VentureBeat

National Security Agency alumni are coming to a tech startup near you.

Lots of them.

Instead of concealing their backgrounds at America’s largest intelligence agency that has been mired in scandal since contractor Edward Snowden stole and leaked some of the its darkest secrets last year, many leaving the secretive NSA with serious chops in Internet security, data mining, pipeline tapping and software development are proudly promoting their espionage backgrounds.

It is a massive sea change from the days when former NSA staffers were forbidden from telling friends, family and prospective employers what they did for a living.

“I’ve noticed this a great deal. It’s been interesting to see how people who would never before have mentioned where they worked or what they’re doing are posting everything online and you can read all about it. Like Linkedin, where they (NSA alumni) are basically posting their entire resume,” said author James Bamford, widely considered the world’s foremost expert on the NSA.

“Now, with the enormous amount of money going to the private sector from NSA, there’s an enormous amount of people that are putting their resumes in places they wouldn’t have before.”

Besides boasting of their credentials, former NSA staffers are increasingly departing the government sector, securing venture funding, and launching their own startups. Not surprisingly many of them are security-centric: email encryption, database protection, firewall software. The startups have names like Sqrrl, Virtru, Hacksurfer, Synack and Praxis. 

Indeed, 40 to 50 percent of U.S. security IT startups are launched by former NSA staffers or others from this country’s enormous intelligence community, said Hacksurfer founder Jason Polancich, who left the NSA in 2010 after spending 22 years there.

James Bamford

Above: James Bamford

Image Credit: Courtesy James Bmaford

Polancich is emblematic of many who inherit the NSA landscape: middle class, tech smart, and highly educated.

He grew up in Alabama, studied Russian in college, and joined the Army in 1994. The Department of Defense “loaned” the southerner to the NSA because of his language skills, and he later also learned Arabic. While inside he also became a serious gear head, and learned the in’s and out’s of database building, encryption and analytic data architecture.

“This isn’t Apple. It’s a different world. In that context it becomes difficult to understand. I really loved working there. We got to deal with, and tackle, problems no one else could. It is,” Polancich said, “unique resume fodder.”

Hacksurfer employs 20, with around half coming from NSA, and half from the private sector.

The longstanding joke is that NSA stands for “No Such Agency.” Never before has it faced such scrutiny because of Snowden’s leaks that accurately disclosed some of the agency’s meta data collection programs. The agency was signed into executive order by President Harry S. Truman in 1954. Today, from its headquarter’s at Ft. Meade, Maryland, known as the Puzzle Palace, the agency employs around 35,000 staffers, 15,000 contractors and another 10,000 in the U.S. Cyber Command, run under the NSA’s purview, according to Bamford.

The agency’s budget is classified, but Bamford, who has written 5 books on the NSA and knows the inside of the agency like no other, pegged it at $10.5 billion for fiscal 2013.

The constant back and forth of employees and contractors to the NSA and the private sector, and back to the agency, is of enormous benefit to the NSA. It is one way to get a sense of what other’s in the private tech sector are “building” and doing.

“What NSA people learn in private industry is brought back to NSA and vice versa. It’s a huge revolving door. So what private industry is doing, the NSA has a good way of knowing about it because a lot of those people like that go back to NSA,” Bamford said.

Many join the agency right out of college, where prospective students are discovered by academic talent spotters sympathetic to the NSA mission. Or at college job fair’s, which is where Adam Fuchs, 32, discovered the agency and joined at 21. He now is the chief technology officer at Sqrrl, a NoSQL secure data base startup powered by Apache Accumulo, an open source platform Fuch’s worked on while it was being hatched at the NSA.

Adam Fuchs

Above: Adam Fuchs

Image Credit: Courtesy Adam Fuchs

Fuchs, who studied computer science at the University of Washington in Seattle, greatly enjoyed his 10 year stint at the agency. While many of his friends took high paying jobs at Google, for example, Fuch’s instead chose to devote himself to, as he put it, “service to my country.”

“It had its ups and downs. It’s actually a really great culture. A lot of brilliant people there are experts in their field. There’s a great sense of mission. So I enjoyed a lot of those aspects. But it’s a different lifestyle working for the government. I spent a lot of my time working in a basement with no windows. I would certainly choose something different than that.”

Accumulo was an NSA in-house database constructed as an open source platform to serve certain sectors of the agency. Work on Accumulo at NSA began in 2008, and today it is the backbone of Sqrrl.

“At NSA, we started looking at infrastructure and technology that some of the tech companies were publishing like Google. Distributed file systems and databases for example. We began looking at that as an opportunity to work with some of the stovepipping to consolidate databases and do more interesting analysis. We looked at how to do infrastructure for big data,” Fuchs said.

The effort to develop Accumulo, according to Fuchs, spanned through different intelligence agencies. Today, having done his agency stint, Fuchs feels the tech acumen he accumulated at the NSA is an ideal fit for the commercial sector. Today, Sqrrl has offices in Cambridge, Mass. and in Maryland.

Will Ackerly spent eight years at the NSA specializing in cloud analytic architecture — specifically protecting the agency’s in-house data transfers. As soon as he left, he co-founded Virtru in 2012, and the startup has raised $4.2 million in venture funding.

Virtru is an encryption security startup focused on the secure sending and transmission of email across all major email platforms, including Gmail, Yahoo, and Outlook. Virtru encrypts the contents on your device then sends the transmission to the recipient but separates the encryption key from the message.

Like Fuchs, Ackerly was delighted at having served. But it was time to take his skill set to the private sector, he said.

“From the insight I received at NSA on protecting data, I really wanted to shift from working on government systems to the private sector,” said the affable Ackerly, whose brother John is the startup’s chief executive.

Sqrrl’s co-founder Ely Khan, who worked closely with NSA teams during his stint as a National Security adviser at the White House, said his clients aren’t concerned about reports of NSA hacking Google and Apple servers, or even monitoring the phone calls of ordinary Americans. What they want, he said, “is NSA grade security that we can provide.”

“We haven’t tried to hide our NSA heritage,” Khan, who originally hails from Boston, said.

Former NSA staffer’s interviewed for this article all resoundingly denied that NSA alumni were out to form companies with the express intent of spying on their clients. Some of the startups featured count banks, telecommunication giants, entertainment players and federal government agencies as clients.

Snowden, from his dacha outside Moscow courtesy of Russian president Vladimir Putin, said the NSA spies on everybody.Jason Polancich

“I’ll tell you this. I spent my career there. This international outcry of ‘they’re doing this, they’re doing that,’ is just horseshit. The NSA doesn’t care about 99 percent of this stuff,” Hacksurfer’s Polancich said.

As for the NSA, they’ve simply gotten too big to do the job they were originally formed to do: eavesdrop and spy on then Soviet diplomats and its communist military. Much has changed since then, Bamford said, and pointed to three of the NSA’s most recent colossal failures: the inability to detect “Underwear Bomber” Umar Farouk Abdulmutallab in 2009; Pakistani Times Square bomber Faisal Shahahzad in 2010; and the bombing of the 2013 Boston Marathon by two terrorists from Dagestan.

“The NSA is focused on what (NSA director) Gen. Keith Alexander called “collect everything.” You can’t possibly have the ability to analyze it all.”

As for Snowden, traitor to some and hero to others, former NSA staffers agree that the former contractor stole agency property, but many were more circumspect when it came to calling him Benedict Arnold.

“Snowden was in a position where he really understood all of the compliance requirements that were in place, and all of the restrictions that were in place, and yet he decided to go outside the established channels. At the root of this is the fact that the intelligence community had restrictions that had a balance,” between the Constitution and government activity, Fuchs said.

“It’s safer if the terrorists don’t know what restrictions you have. Can the public actually deal with these compliance restrictions being secret? So to go outside these channels showed a lot of hubris. Showed a lot of ego. It was definitely criminal.”