Schneier on Security
A blog covering security and security technology.
« WikiLeaks Insurance File |
| More Brain Scans to Detect Future Terrorists »
August 5, 2010
NSA and the National Cryptologic Museum
Most people might not be aware of it, but there's a National Cryptologic Museum at Ft. Meade, at NSA Headquarters. It's hard to know its exact relationship with the NSA. Is it part of the NSA, or is it a separate organization? Can the NSA reclassify things in its archives? David Kahn has given his papers to the museum; is that a good idea?
A "Memorandum of Understanding (MOU) between The National Security Agency (NSA) and the National Cryptologic Museum Foundation" was recently released. It's pretty boring, really, but it sheds some light on the relationshp between the museum and the agency.
Posted on August 5, 2010 at 6:36 AM
• 58 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
The concept of the NSA having a museum; but keeping it a secret is somewhat amusing.
I actually know the full story behind this!
As I was told by someone involved with this, one evening an employee was working late there on an interesting project, and when he left the building he was in, decided he was too tired to safely drive home. There was a little hotel nearby, so he went and got a room there to sleep. Next morning he got up, looked out, and realized he had a good line-of-sight to where his office was. He went, got a pair of binoculars, and checked if it was possible to see into any offices, which it indeed was.
Apperently the next day the owners of the hotel got an offer to buy the hotel they could not refuse, so it was purchased by the NSA. It sat unused for a while, and was used as storage, but eventually someone suggested turning it into a museum, blocking off access to the areas that previously (but no longer) had a view into the complex.
This was well accepted, and now you have the only museum I have ever had armed guards point weaons at me while I was trying to find the right entryway to drive in. Honestly there is a lot of very interesting displays there, and it is the most enjoyable museum I have ever been in, with a very nice library (but I still was unable to complete my copy of the Rainbow Series, as they were missing more books then my collection.)
@uk visa: it's not exactly secret (there are signs for it on the Baltimore-Washington Parkway and on Maryland Route 32), but it's not well-publicized either. That said, it's definitely worth a visit if you're in the area!
Section9 Bateau -
Sounds apocryphal but it does fit their overkill image.
I've never been but it's been reported that the outside covering of the building that makes it look ordinary is a shell. Mostly for TEMPEST but I've gotta believe they also evaluated the risk and controlled for peeping.
@ section 9 bateau great story.
I'm pretty sure they wouldn't even let me in the gift shop. I'm trying to picture what would be sold in the gift shop.
It's got a great gift shop ... and there is a working enigma coder. Geek paradise.
Also check out the nearby mueum of defense electronics ... also free. Your tax dollars at work ... as filtered through various defense contractors.
@BF Skinner: I can neither confirm nor deny the story Section9 Bateau heard, but the building that houses the National Cryptologic Museum definitely used to be a motel.
You can still see its former swimming pool in the middle of the parking lots in photos on Google Maps: http://preview.tinyurl.com/3xyndek
"Sheds some light on the relationshp between the museum and the agency"
It seems that the museum itself is part of the agency, which "operates, funds and maintains" it and owns all contents and artifacts. The eponymous foundation is more like a "friends of X" organization that donates some level of support, publicity and manpower without actually having any say-so.
Back in 2004 I photographed my hand on an Enigma at the NSA muesum. As the NSA web site has had a page about the museum since at least 2004 I can't imagine why anyone would consider it to be at all secret.
The gift shop has similar things to most gift shops, items relevant to the museum manufactured in China (seriously). But NSA relevant stuff is neat, they have some good puzzles.
As for the environment, they often have "NSA Police" vehicles parked outside the museum and there are signs inside the museum reminding NSA employees that they are not permitted to wear their official ID tags in the museum as it's a public place. It makes things a little more subdued than the average museum - it seemed prudent to avoid taking photos outside the building...
It's definitely one of the world's best museums, I recommend that everyone visit it.
It's a great museum to visit, and they have docent led tours if you ask in advance - most of them are retired NSA, so there are some interesting stories. The docent I had most recently worked with operations hiding (troop movements, etc) and enigma and had all kinds of neat (historical) information about figuring out where troops really were. The only downside to it is that it's only open two Saturdays out of the entire month (first and Third), so if you want to see it, the best bet is during the weekday.
This museum is amazing and their staff is incredibly knowledgeable. There was no question I heard asked of them that they didn't know the answer to in detail.
Last summer my spouse and I planned a week in and around DC with a 'spy' theme. (We'd both just finished reading some historical fiction and real historical accounts of enigma and I'd spent a month or 2 coding a working software replica.) On back-to-back days we saw the National Cryptologic Museum and the International Spy Museum.
The Spy Museum was really fun and had a lot of great info all presented in an entertaining way. The NSA museum had none of the flash. It's a much more typical museum. But what it lacks in presentation it makes up for in substance.
Especially amusing was seeing a cold war artifact in the NSA museum that you could touch then seeing in the Spy museum a replica of this item in a glass case.
By the way, you're allowed to use the enigma machines but you're not supposed to open them up or take them apart. Before this trip, I'd spent a month or so obsessed with learning everything I could about them. I was so giddy at having a real enigma in my hands that I could caught fire and not have noticed, much less have noticed a little sign.
Highly recommended. When we went, there were fantastic cryptography related math and puzzle handouts. Gave them to a math teacher friend and she loved them.
True story. We went to the Smithsonian the day before. One exhibit had a thumbprint scanner with a label identifying it as the FBI's latest and greatest. We tried it out and were impressed.
The next day at the cryptology museum, there was also a thumbprint scanner. The label told us that it was an old, outdated model and assured us that if we tried it, our fingerprints would not be recorder or stored. The fingerprint image was astonishingly superior to the FBI's. Good laugh.
What I really enjoyed was that the equipment on exhibit had obviously been used. Reminded us of the Flea at MIT.
We took the kids there earlier in the summer, and they have a great set of code wheel puzzles for the kids to work out while the adults read more detailed descriptions of the artifacts. We listened in on a tour given by one of the most knowledgable docents I've ever heard.
After they were done with their puzzles, our kids ended up spending most of the time encoding (and decoding) messages on the *two* functioning enigma machines.
The museum is a hidden treasure for geeky families.
I certainly hope they sell Ovaltine in the gift shop.
There are three outdated super computers in there, a nice sized working robotic tape library, tons of history behind the code making and breaking in the united states. In addition to the enigma machines, they also have the cryptoanalytic bombes. They have the History Channel video that was done on the history of the NSA. They have a couple of sections on the language analysis that is done at the NSA. They show a lot of the various crypto communuications equipment used throught the years, satellites, and a section on authentication mechanisms. They have a monument to the people that have died in the service of the NSA as well.
It is an amazing place to visit. The hours are a little odd, and it is only open 2 saturdays a month, so check out the hours before you go.
Just up from there, very close to the BWI Airport, is supposed to be an amazing electronics museum. However, I've never managed to get there while they were open.
It's a wonderful museum, and as noted it has a great gift shop. The material and programs for kids is fantastic as well, plus you get to see everything from hobo code to encrypting equipmnt sorted by the decade. Plus, there are even a few planes on display outside. It's pretty easy to find, as there are signs to it on the Baltimore-Washington Parkway - the only trick is to make sure you actually turn into th emuseum, not the NSA campus. For some reason, they frown on that.
The story I have heard is that the gift shop is manned by NSA employees/recruits who are waiting for the paperwork on their clearance to finish processing. Not sure it's true, but given that there are different people there every time I go, and they're always very sharp and engaged, it wouldn't surprise me.
@Rob Donoghue: "the only trick is to make sure you actually turn into th emuseum, not the NSA campus. For some reason, they frown on that."
Our GPS mysteriously went a little bit wonky as we approached the museum, and directed us to use the exit marked "employees only". Needless to say, I didn't follow its directions, but I hadn't been to the museum in years, so I wasn't exactly sure where to turn (I remember there being an exit directly from route 32 onto Colony Rd.). I ended up driving up and down route 32 until I found the right place to turn, and probably set off a few alarm bells in the process.
As for the gift shop, the employee working on the day we visited told us he was retired, and asked whether we worked at the agency. I've never heard the story that they're new recruits waiting on paperwork.
@Section9 Bateau: "He went, got a pair of binoculars, and checked if it was possible to see into any offices, which it indeed was."
Sounds like another security vulnerability in windows...
Installing a firewall in front of the windows would remedy this.
Homer Simpson: "Good things don't end in-eum. They end in -mania... or -teria"
It may have been cheaper if they installed a Beowulf Local Inter Network Detection System (BLINDS for short)
Mr. Schneier, as a retired employee of the "No Such Agency" I can only discuss facts and events surrounding the museum in broad generalities. I (along with many others) help move and setup the first few original displays when the museum first opened to the public (it was much smaller than it is today). The original name of the motel was called "Colony 7" and there are many rumors as to why NSA purchased the property. The museum is not "classified" in any way. There is always a certain amount of "security" presence in and around that building simply because it falls within one of the Agency's serveal layers zones of security. The museum falls into the outermost zone (the 3Km.) and that is why you will always see NSA's own security force in the area. As an aside, most of the public might not know that most "classified" items (documents and physical devices) do have a "shelf live". It starts from the day of classification and starts to progressively become less and less classified until somewhere between 10-15 years normally, the information is considered not to be no longer "sensitive" and a decision to release into the public domain is made. It is true about our "badges". It is policy that badges "are not to be displayed outside of secured areas", and most employees simply stick them inside their jackets or inside their shirts when "outside". That habit becomes automatic after about 2 weeks working at the Agency or any IC facility for that matter. Not surprised that someone's GPS might behave strangely within close proximity of the Ft.Meade complex. There are "many" sources of RF (radio frequency) signals surrounding the complexes, some are ours so are not ours! All that said I would highly recommend the museum tour to anyone whom has ever been curious about NSA or the IC (Intelligence Community) in general. It a glimpse into a very private community doing a very necessary job during very difficult times.
Its a fun place to go. As I live in the area I've been several times. It looks small and unimpressive (being the shell of an old motel) from the outside but once inside its a goldmine.
A few years ago I organized a guided tour for the local LUG. I arrived early for my group and my [now] wife and a friend came down separately. On their way in they stopped so he could take a picture or two of the observable buildings. Very quickly a guard came up and told them to move on....
Everyone had a great time and, as often happens, the group grew in size as we went around. Our guide was excellent and knew the answers to all the questions asked. So if you're going with a group of people be sure to call ahead to arrange a guided tour (I had to book it almost three months out!), it is well worth it. And if you cannot do that, tag along on one that is going on. I've yet to be told to go away when I do that.
As others have said, they have a first rate, if small, gift shop to end the visit with and pick up souvenirs.
We finished up our day there with a GPG keysigning event in the lobby.
If you're in the area and read this blog, you will likely enjoy the place.
Don't think you need to worry about making a wrong turn. Once on Canine Road, you have three options and they are all pretty obvious.
Right - NSA Visitor center (unless you have a prearranged visit scheduled, won't do you much good to go that way)
Straight ahead - security checkpoint with a lot of guards (definitely don't want that way)
Left - takes you to an extra parking lot, a small Shell gas station, and eventually the museum. There are signs to make sure you are going the right way. I'm sure the guards are used to handling people that go the wrong way.
I live about 5 or so miles from there and haven't found anyone (friends or family) with enough interest to visit the museum yet.
I visited with my son just after the embassy bombing. He got a t-shirt which he wore to the pentagon later in the day raising some eyebrows. There is a guest log you can sign and comment, it's worth a look.
ITSAG REATM USEUM
You know how knowing the pizza ordering frequency in certain places is an interesting metric in activity, as is observing late-night parking in large open parking lots like those next to that big building google inexplicably fails to tag with a company name?
I never understood why, knowing this, they didn't put a tarp over it, or perhaps more sensibly put up a stacked parking house instead of a large open lot. It's not like the intelligence-commercial complex is wanting for money or anything. Maybe the idea is an anathema for a nation of ugly automobile worshippers with too much space to play with.
So now that this story about an ex-motel is out, and this comment is sure to be read by ex- and therefore also non-ex-unnamed not-a-company types, I fully expect to suddenly see a large building dedicated to parking cars unseen pop up in the vicinity of the article-mentioned location on google maps. Since I don't have to kill you now that I mentioned it, I do expect royalties for the idea, thanks.
I have an NSA coffee mug on my desk from that gift shop. I sometimes sing to it, just in case anyone is listening.
after visiting museum home
a little and black
vehicles with privacy
glass now drive
house at pseudo
@smee 'coffee mug'
check the bottom. I've got a bunch of TLA swag all marked "Made in China"
@smee - Your comment made me laugh out loud.
I have an NSA digital camouflage pen sitting right beside me that I won at a hacking/risk assessment competition at the Air Force Academy. Your comment kinda makes me want to rock out to it so I can entertain any listening agency employees.
If the Electronics Museum mentioned earlier is the one in Linthicum Heights, MD, then it's just a stone's throw from Friendship Annex -- the Agency's branch campus used for recruit processing, administrative work, and other stuff. Don't know if that implies Agency involvement with that museum or if it's just a coincidence.
, This may still be classified material, but what I want to know: is there is either a replica or original ice cube tray used by Tom Lehrer in the development of the NSA's most important contribution to Freedom -- the Jello Shot?
@Tyler Thompson: How can you find the pen if it's truly camouflaged? Maybe it's camouflaged to look like a camouflaged pen.
The ISSA National Capital Chapter is having its August meeting there. Details are available at http://www.issa-dc.org/
Instead of firewalls, major American consulates [in Latin America],
in the post Saigon Embassy era, installed penetrated shade facades,
with holes just too small for standard issue grenades to pass through.
'check the bottom. I've got a bunch of TLA swag all marked "Made in China"'
That's what a TLA would mark their devices with, no?
If I am ever in the area you have convinced me that I want to see this museum.
@Henry: "ITSAG REATM USEUM"
@Smee: "I sometimes sing to it"
That made me smile! Do you consider your singing to be a gift or retribution?
@Smee LOL!! Your own little Patriot Act Radio broadcast
@setec astronomy you forgot to check your mailbox its got a barcode with the note Managed Service Point
Ok I'm convinced. When I get deactivated from the terror watch system I'll be sure to pop by the museum and gift shop. Though I've got a feeling that might reactivate me. Perhaps they sell the gifts online?
It's a great visit! Been there three times, and hope to return again. Can encrypt a message on a real Enigma machine (OK, a couple keys broken...), try to spoof a biometrics fingerprint reader (hint: breathe warm arm to reactivate an older fingerprint), pick up cryptologic coloring books for your kids, plus fascinating historical works in the Library. If you get a chance to visit when in the Baltimore area, don't miss it!
@John J. Baglione: Thanks for the original name of the motel. A quick search turned up this great vintage postcard: http://www.flickr.com/photos/hollywoodplace/...
If you look at the photo on the bottom right, you can see the cheesy arched masonry wall that is still visible in the museum today. I had always wondered why the building looked the way it did, and when I found out had been a hotel, it suddenly made sense.
@BF Skinner: [made in China] I've got the mug with "National Cryptologic Museum" written on the back in the Templar Freemason cipher, and when you pour in hot liquid, it reveals the plaintext. Apparently they used a different version of the cipher than I'm familiar with (I've used http://www.borderschess.org/... ). They have M where I expected L, K where I expected M, and Z where I expected Y.
@Austin Mills: thanks for the excellent photos!
The former motel owners did not want to invest the money needed for needed improvements in the late 80s/early 90s. The current owners took advantage of this real estate opportunity, and used it for a series of administrative activities until the open-to-the-public museum concept was approved...
@John J. Baglione: "the outermost zone (the 3Km.)"
You're sure you're ex-NSA? You're sure they won't take your pension away for unamerican activities like this? You're sure you didn't mean: "(the 15 furlong)"? :-)
Remember: All terrorist-supporting-axis-of-evil countries use metric units!
(Next thing you'll be writing on ISO A4 paper - the terrorists will have won)
@Adrian Leverkuehn "(Next thing you'll be writing on ISO A4 paper - the terrorists will have won)"
Ah so they HAVE won in Europe. I knew it!
Great museum! I have a aquintance in the NSA and was told to NOT listen to what Garmin told me when trying to get to the museum. Just follow the signs!
As mentioned often here, this is a wonderful museum. The staff guided tours are chock full of interesting tidbits - but what most impressed me (aside from the WWII devices) was the display about the USS Liberty. Not to be missed.
>I never understood why, knowing this,
>they didn't put a tarp over it, or perhaps
>more sensibly put up a stacked parking
>house instead of a large open lot.
This day and age, I'd kind of be disappointed if they relied on photographs.
Rather then rely on point-in-time photos (which also depend on time of day and weather), IIWTR (if I was the Russians...) I'd rent a nearby office and setup some Yagi antennas pointed towards the gate(s).
A nice computer database consisting of passively sniffing the electronic serial numbers of cell phones coming and going would be trivial to convert to a chart of activity levels.
Of course, they may already be so paranoid that employees are directed to turn them off on approach to the exit...which would at least force an adversary to monitor more points along the road network and calculate what ESNs mysteriously disappear...
As a Radio Research vet who served in Vietnam, I looked forward to a visit with my son while living in the DC area in the late 90s. I found the Vietnam exhibit fairly modest, but was pleased to see the SEMA aircraft on display outside. http://www.nsa.gov/about/cryptologic_heritage/...
I've been there twice. I would recommend it for anyone with crypto-interest. Sadly it closes *sharp* at 4:00 PM Eastern. On, my first trip I showed up at 3:40 PM and was met with grudging acceptance.
Interestingly, anything that is bought in the gift shop is billed as "Civilian Welfare Fund" which I assume means it aids the pensions of the Civvies in Ft. Meade.
I visited with my son in 2005. The place made me feel a bit nervous -- black helicopters were expected. There seemed to be no security at all, we just strolled in with my large camera bag. I have wondered what they might have known about me by the time we parked.
@Adrian Leverkuehn: Please refer to http://en.wikipedia.org/wiki/...
"The U.S. military uses metric measurements extensively to ensure interoperability with allied forces, particularly NATO STANAGs, "standardization agreements". Ground forces measure distances in "klicks", slang for kilometers."
"It is the only unbroken code in modern military history. It baffled the Japanese forces of WWII. It was even indecipherable to a Navajo soldier taken prisoner and tortured on Bataan. In fact, during test evaluations, Marine cryptologists said they couldn't even transcribe the language, much less decode it." It belongs in a museum http://www.navajocodetalkers.org/the_museum/
WikiTKELE-CHO-G will get wiped off KAH-YA-NESH-CHAI.
I've been to that museum while visiting Fort Meade as an employee of another one of the "five eyes" countries' governments. I was told that it was a former motel that had been purchased because it was on the direct line of a comms link.
There is a lot of NSA memorabilia in and around the museum, including an aircraft monument with a list of names of fallen NSA officers marked "they served in secrecy". USS Liberty crew were listed, for instance.
At the time I visited there was little about the British / Polish break of Enigma, but I guess that's understandable. Plenty of VENONA material, though.
DM Praecox "on the direct line of a comms link"
This sounds more likely. Still all around Fort George is heaviliy built up. There's got to be lots of properties on direct lines with their comm links.
Be careful going to this museum there are numerous NSA police officers everywhere make sure u read the signs!!!
Found this museum by accident as we stopped for gas on the way to the airport. It was a great museum and an unexpected treat. Great stuff for Communications Activity Pin in the Webelos BS program.
Schneier.com is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc.