This has some great stuff:<p>> I might have seen trouble coming. One of the first questions in the Q&A that followed my talk was:<p>> “In the presentation you just gave, you were showing documents that were TS/SCI [top secret, sensitive compartmented information] and things like that. Since documents started to become published, has the NSA issued a declass order for that?”<p>> I took the opportunity to explain the government’s dilemmas when classified information becomes available to anyone with an Internet connection. “These documents, by and large, are still classified," I said. "And in many cases, if you work for the government and you have clearance, you’re not allowed to go look at them… Now, it’s perfectly rational for them to say, we’re not going to declassify everything that gets leaked because otherwise we’re letting someone else decide what’s classified and what’s not. But it gets them wound up in pretty bad knots.”<p>> My remarks did not answer the question precisely enough for one post-doctoral research engineer. He stood, politely, to nail the matter down.<p>> “Were the documents you showed tonight unclassified?” he asked.<p>> “No. They’re classified still,” I replied.<p>> “Thank you,” he said and resumed his seat.<p>> Eugene Spafford, a Purdue professor of computer science who has held high clearances himself, wrote to me afterward. “We have a number of ‘junior security rangers’ on faculty and staff who tend to be ‘by the book.’ Unfortunately, once noted, that is something that cannot be unnoted.”<p>> Sure enough, someone filed a report with the above-mentioned Information Assurance Officer, who reported in turn to Purdue’s representative at the Defense Security Service. By the terms of its Pentagon agreement, Purdue was officially obliged to be <i>shocked to find that spillage is going on</i> at a talk about Snowden and the NSA. Three secret slides, covering perhaps five of my 90 minutes on stage, required that video be wiped in its entirety.<p>> This was, I think, a rather devout reading of the rules. (Taken literally, the rules say Purdue should also have notified the FBI. I do not know whether that happened.) A more experienced legal and security team might have taken a deep breath and applied the official guidance to “realistically consider the potential harm that may result from compromise of spilled information.”