One point that is made more often is: "It's very probable that the NSA has newer techniques that remain undiscovered in academia."
How does one go around maintaining such an omerta?
Most cryptographic math is not that hard that it requires a team to remember. So anyone working in this field at NSA could (if true) become professor by working out that math in academia after his/her career at NSA. Or is there such strong commitment to secrecy that not one former NSA cryptographer would try to follow that route?
The Brits invented Sonar in 1916, and the Admiralty kept it secret for long enough that when World War 2 broke out, they had it fitted on 5 types of ships as part of an integrated anti-submarine suite; they were the only ones that had this operational capability.
If you were a scientist who worked on that project, and in 1920 you published "On Quartz-Based Range Detection In Water", you would have definitely gone to jail.
(Or, of course, the Enigma cracking -- but that's not really the best example; it wasn't a long-maintained operational advantage consisting of abilities the rest of the world didn't have, but rather an emergency skunk-works that got jump-started by the Poles; it did, however, have a pretty good record of secrecy after the fact!)
You make the lives of people revealing secrets pretty unpleasant, and do so publicly. This acts as a deterrent to others. (This phenomena is well known and probably has a name.)
See Peter Wright, David Shaylor[1], or Katharine Gunn.
The other edge of that sword is to use the loyalty of your workers, and keep reminding them of the good work that they're doing.
Don't forget that GCHQ keeps secrets, even if those are known to the world at large - they kept Diffie-Hellman style key exchange secret for many years, and they kept RSA style public key encryption secret for many years, even though both became very well known and used. GCHQ had these for a few years before DH and RSA developed them.
> Or is there such strong commitment to secrecy that not one former NSA cryptographer would try to follow that route?
Imagine a bunch of people working together in a secret institution. One of them says something, which causes another of them to develop an algorithm. The group tries to attack this, and it feels good. As a group they've done some work. Then one of the group leaves and publishes this algo. Well, what's the benefit to that person? What do they get out of it? Because it seems they'd be generating a bunch of bad feeling.
> So anyone working in this field at NSA could (if true) become professor
GCHQ / NSA employ professor grade mathematicians already. Those mathematicians might not publish much publicly, and they might not have the formal title, but they do have the skills.
It is an interesting question: How do we make sure our staff keep secrets, for as long as we need secrets to be kept?
Especially when we take into account the apparent rise in dementia-type illnesses. I wonder if we're going to see an equal rise in secrecy-vetted nursing homes?
They probably have a rule against it- requiring you to ask permission at the least. But yeah, the commitment is strong. You really think that what you are doing is helping and important, right up until you don't.
How does one go around maintaining such an omerta?
Most cryptographic math is not that hard that it requires a team to remember. So anyone working in this field at NSA could (if true) become professor by working out that math in academia after his/her career at NSA. Or is there such strong commitment to secrecy that not one former NSA cryptographer would try to follow that route?