NSA's Silicon Valley outreach a work in progress

SAN FRANCISCO -- Like countless other organizations, the National Security Agency made its pitch to attendees of the world’s largest IT security conference this week. But instead of offering flashy gadgets to test or raffling off smart phones, the agency went with a subdued and sober message: come serve your country.

Nearly two years after the revelations of NSA bulk-data collection by former contractor Edward Snowden, the agency was still the elephant in the room at the RSA conference in downtown San Francisco.

“How do we heal their wounds? I think part of it is getting those companies the facts,” retired Gen. Keith Alexander, the former NSA director, said April 24 at the conference. “That’s a classified set of briefings and the director of national intelligence, the White House, or someone, has got to bring them in and show them the facts.”

“The companies have actually done nothing wrong,” he added, referring to tech companies enlisted in the NSA data-collection programs. “They were left here holding this court order to comply with the government and I think all of that has to be more transparent to some of them.”

Alexander, who is now a private cybersecurity consultant, declined to be interviewed by FCW after his appearance at RSA, instead turning to a crowd waiting to shake his hand or snap a photo with him.

Jim Penrose, a former senior intelligence official at the NSA who was at RSA representing his new employer, cybersecurity firm Darktrace, agreed that much of the mistrust stems from the mystery surrounding what data the intelligence community gathers, and how. “To get past the cynicism, there needs to be some kind of transparency that helps people understand” the inter-agency process of intelligence collection, he said.

Alexander’s successor as the head of both Cyber Command and the NSA, Adm. Michael Rogers, has made a point of addressing that cynicism and courting Silicon Valley, partly by traveling here. But those overtures have not always been well received.

At a February conference in Washington, D.C., for example, Rogers had a terse exchange with Alex Stamos, Yahoo’s chief information security officer, who raised the contentious subject of encryption.

“So it sounds like you agree with [FBI] Director [Jim] Comey that we should be building defects into the encryption in our products so that the U.S. government can decrypt,” Stamos said.

“That would be your characterization,” Rogers interjected.

“Well, I think ... all of the best public cryptographers in the world would agree that you can’t really build backdoors into crypto,” Stamos said. “That it’s like drilling a hole in the windshield.”

Rogers said later in the exchange that “we don’t accept each others’ premise” -- an assessment that could also describe the challenges inherent in his quest to rebuild relationships with tech companies in a post-Snowden world.