I Wore a Red Badge Inside the NSA. Here's What Happened.
I mastered probabilistic thinking in my algorithm. Then made every wrong bet with my business.
The red light on the ceiling won’t stop flashing.
We’re in a conference room inside a secured area at Fort Meade—the kind with a dial lock like a bank vault. Four people from the National Security Agency across the table. Two of us from ThumbScan. The red badge clipped to my visitor pass marks me as Secret clearance—the lowest level in the building. Everyone working here has Top Secret or above.
Through the window in the door, I can see fifteen people in the open workspace. They’ve pulled thick black covers down over their computer screens and entire workstations. They’re reading newspapers. Magazines. Paperback novels. They can’t work while we’re here. Not with our clearance level.
We’ve been in this room for an hour.
The older mathematician—late forties, wrinkled shirt that looks like he slept in it—leans forward. He’s been mostly quiet, letting the others drill into the technical details. Now he’s looking directly at me.
“You understand this never gives you certainty.”
“Yes.”
“You’re always making a bet.”
“Yes.”
“And you’re comfortable with that?”
I think about the sleeping bag stashed under my tech bench in Naperville. The investors back in Chicago who look at me like I’m speaking a foreign language when I try to explain feature extraction and spatial relationships. The company burning through cash while the commercial market still doesn’t understand why they need what we’ve built.
“I’m comfortable that we’ve quantified the bet,” I tell him. “What people do with those numbers—that’s on them.”
He nods. First smile I’ve seen in the room.
What I don’t say: I’m making another bet right now, sitting in this room. I’m betting that giving NSA everything they want—access to our algorithm, unprotected circuit boards, complete technical transparency—will somehow save our dying company.
I’m betting wrong.
But I won’t know that for another eighteen months.
How I Got Here
Summer 1986. I’d set up a consulting practice in Sunnyvale, California—Millennium Partners, operating out of an office on Oakmead Parkway, across from the original Fry’s Electronics.
The call came from Peter Dignan. We’d worked together years before at Deltak, a division of Prentice-Hall publishing. Now he was CEO of ThumbScan, a Chicago startup. Two engineers from the University of Illinois had an idea: a fingerprint reader that cost under $1,000. Every biometric system on the market cost tens of thousands.
“The hardware’s fine,” Pete said. “We can capture the image. But the matching algorithm keeps failing. Too many false positives. Too many false negatives. Can you fix it?”
I didn’t know. But I said yes anyway.
Episode 5 drops this Wednesday: This article reveals what happened when I mastered probabilistic thinking in the algorithm but failed to apply it to the business. Episode 5 shows you the complete framework for thinking in probabilities—including how to quantify uncertainty, manage Type 1 and Type 2 errors, and make better decisions when nothing is certain. Subscribe to the series here
The Mathematics of Always Being Wrong
Here’s what nobody tells you about biometric security: you are always wrong. Not sometimes. Always. The only question is which kind of wrong you choose to be.
Type 1 Error—False Rejection: The system rejects a legitimate user. They try again. And again. They call IT. Productivity dies. Users hate you.
Type 2 Error—False Acceptance: The system accepts an imposter. They walk into the secure facility. They access classified data. Security dies.
You cannot eliminate both errors. It’s mathematically impossible. Lower the matching threshold and users are happy, but security suffers. Raise it and security is tight, but users are miserable.
You are always wrong. Not sometimes. Always. The only question is which kind of wrong you choose to be.
Every biometric system ever built lives on this knife’s edge. You pick your poison. You place your bet. You accept the consequences.
The 3 AM Breakthrough
The breakthrough came at 3 AM on a Tuesday in early 1987. We’d been solving the wrong problem. Everyone was trying to compare entire fingerprint images—thousands of pixels, massive computational overhead, tens of thousands of dollars in specialized hardware.
What if we didn’t compare images at all? What if we compared signatures?
BlitzMatch extracted the unique characteristics of a fingerprint—the minutiae, the ridge patterns, the spatial relationships between features—and compressed them into 180 bytes. One hundred and eighty characters. Less data than this paragraph.
Then we built a matching algorithm that gave you a probability score. Not “yes” or “no.” Not “match” or “no match.” A number between 0 and 1. A bet.
And then—the critical part—we let the customer choose their threshold. High-security military facility? Set it at 99.9% confidence. You’ll get false rejections, but you’ll never let an imposter through. Corporate office building? Set it at 95%. Users get in faster, security is still reasonable.
We gave them the numbers and let them decide how much risk they could tolerate.
Phil McKinney
The Mystery Orders
By 1987, I’d joined ThumbScan full-time in Chicago. The orders started arriving that summer—maybe three months after we shipped the first units.
Twenty units to a strip mall address in Annandale, Virginia. Forty units to Springfield. Fifty-three units to a mailbox rental location that turned out to be nothing but a forwarding service.
Always the DC suburbs. Always wire transfers that cleared instantly. Always addresses that led nowhere.
Then came the special requests.
“Don’t install the security screws on this batch.”
“Skip the potting compound.”
That second request told us everything. Potting compound is an opaque epoxy that encases a circuit board—it makes the electronics nearly impossible to reverse-engineer without destroying them. If someone wanted us to skip the potting, they wanted to open our boxes and see exactly how BlitzMatch worked.
Then the phone calls started. Technical questions. Detailed questions about our error rates, our testing methodology, our confidence intervals.
After the third or fourth call, they identified themselves: National Security Agency.
Fort Meade
The flight from Chicago to Baltimore. The rental car. The drive to Fort Meade. The NSA headquarters looks almost ordinary from the road—office buildings, parking lots. It’s only later you learn how many floors go down.
At the security desk, they issued visitor badges. Then they clipped on the red badges. Secret clearance. The lowest level in the building.
Inside the Secure Zone
We walked to the elevator. Three people were already inside. The moment we stepped in—the moment they saw those red badges—conversation stopped. Dead silence. Eyes forward. No one spoke until they got off at their floors.
Our escort led us down a corridor, hitting switches on the wall that made red lights flash overhead. Not alarms. Warnings. Lower clearance personnel approaching. Secure your workspace.
We turned through a door that required a keypad code. Into a large open workspace—maybe fifteen cubicles. The red ceiling light started flashing.
One by one, people reached up and pulled thick black covers down over their computer screens, over their entire desks. They picked up newspapers. Magazines. Books. They leaned back in their chairs and started reading.
They couldn’t work. Not while we were there. They’d sit there for the next hour, unable to do whatever classified work they’d been doing, because our clearance level wasn’t high enough to be in the same room with their screens uncovered.
The conference room in back. No windows. A dial lock on the door like you’d find on a safe. The red light kept flashing the entire time we were inside.
Four people from NSA. Two of us from ThumbScan.
The Interrogation
For an hour, we talked mathematics. Not “does it work?” but “when does it work, how often, and under what conditions?”
They pushed hard. These were people who’d been working on biometric security for decades. They’d seen every approach. Every failure. Every promise that didn’t deliver.
We hadn’t. We’d come at the problem completely differently—not because we were smarter, but because we didn’t know what wasn’t supposed to work.
When they asked questions we couldn’t answer, we said so. No bullshit. No “smartest person in the room” games. We wanted to learn from them as much as they wanted to understand what we’d built.
Near the end of the meeting, the older mathematician in the wrinkled shirt leaned forward. “You’re comfortable making decisions without certainty?”
“I’m comfortable that we’ve quantified the uncertainty.”
He nodded.
They never said “this is impressive.” They never said “good work.” But I left that meeting knowing we’d built something they hadn’t seen before.
When we walked out, the people in the cubicles were still reading. They’d been sitting there for an hour. They pulled the black covers off their screens and got back to work. We never knew what they’d been doing.
Black Monday
October 19, 1987.
The Dow Jones Industrial Average dropped 22.6% in a single day. The largest one-day percentage decline in history.
We were six months into selling ThumbScan. We had a product that worked. We had NSA and FBI interested. We had a clear technical advantage over everything else on the market.
We also had investors who suddenly stopped returning phone calls.
Too Early for the Market
The commercial market we’d been counting on—corporate security, access control systems, enterprise IT—didn’t care. Computer security in 1987 meant a password on a login screen. Maybe. News articles about hacking were rare. Companies that got breached kept it quiet. This was a decade before most people had email addresses. A decade before the Internet became a consumer product.
We were too early. By about ten years.
But the government? The government was all over it. NSA kept ordering. FBI came calling. They wanted to integrate BlitzMatch into AFIS—Automated Fingerprint Identification Systems. Crime scene print goes in, BlitzMatch pre-screens millions of stored prints, returns the fifty most likely matches, human analyst makes the final call.
The path forward was obvious to me: pivot to government contracts. That’s where the customers were. That’s where the money was. That’s where we could actually survive.
I started pushing for it. Hard.
The Demo That Killed Us
The conference room in downtown Chicago. Winter, early 1988. Pete and I had prepared for this. We had the product roadmap. The government pipeline. The technical advantages.
Six people from the VC firms sat around the table. They’d invested a couple million plus money from the State of Illinois. This was their quarterly review.
Pete presented the financials first. Revenue was growing, but not fast enough. The commercial pipeline was thin. Enterprise customers were interested but not buying. The sales cycle was too long.
Then I stood up to show them the technology roadmap.
“The government market is moving fast,” I said. “NSA has been buying steadily. FBI wants to integrate BlitzMatch into their fingerprint identification systems. We’re talking about potentially massive contracts.”
I pulled up the product pipeline. The technical work we’d need to do. The timeline to scale for government requirements.
“If we pivot now—focus resources on government contracts instead of commercial—we can capture this market before anyone else.”
I looked around the table. Arms crossed. Blank stares.
The Calculation
One of them leaned back in his chair. “What’s the size of the government market?”
“It’s hard to quantify exactly, but—”
“Ballpark.”
“Tens of millions annually. Maybe more.”
“And the commercial market?”
“Potentially billions, but—”
“But it’s not materializing.”
“Not yet. The market isn’t ready. But government is ready now.”
Another investor spoke up. “How long until government contracts pay back?”
“It depends on the contract structure, but—”
“Ballpark.”
“Five to ten years. Maybe longer.”
Silence. Long enough that I could hear the heating system kick on.
“That’s not our model,” the first investor said. “We need three to five times return in five to seven years maximum. Government contracts don’t fit that timeline.”
“But the commercial market isn’t—”
“The commercial market is where the volume is. That’s what we invested in. Not decade-long government procurement cycles.”
Pete tried to interject. “If we could get bridge financing—”
“How much?”
I’d run the numbers. “Two to three million to get us through to the first government contracts.”
You could see it in their body language. The meeting was over before Pete finished the sentence.
“We’re not interested in doubling down on a pivot,” one of them said. “Either the commercial market materializes or it doesn’t.”
They left forty-five minutes later. Pete and I sat in the conference room in silence.
This was 1988. Venture capital wasn’t what it is today. Fewer firms. Less sophistication. “Pivot” wasn’t in their vocabulary. You executed the original plan perfectly, or they flushed you and moved on to the next bet.
The Leverage
Three months later. Spring 1988. I was at my bench testing a new version of BlitzMatch when the phone rang.
Our contact from NSA. We’d built a relationship by this point. Periodic calls. Technical questions. More orders.
“We’ve been following your progress,” he said.
“Okay.”
“We’ve also been hearing things. Sounds like funding is tight.”
I didn’t ask how he knew. “We’re working through some challenges with our investors.”
“That’s unfortunate. We’d hate to see this technology get compromised.”
“Compromised how?”
A pause. “You’re aware of the Invention Secrecy Act of 1951?”
The Threat That Wasn’t a Threat
I was. Under the Invention Secrecy Act of 1951, the USPTO can impose a secrecy order on a patent application if a defense or intelligence agency requests it. The order prevents the inventor from disclosing the invention and withholds the patent grant indefinitely. It can kill a business overnight.
“I’m aware,” I said.
“Good. Then you understand why we’re concerned. If ThumbScan were to fail, if the technology were to end up in the wrong hands—or even just become public through a fire sale—that could create complications.”
“What kind of complications?”
“The kind that would require us to take protective measures. Secrecy orders. Patent restrictions. That sort of thing.”
My stomach dropped. If NSA slapped a secrecy order on our patents, the business was over. Not just failing—legally dead. We couldn’t sell the technology. We couldn’t license it. We couldn’t even talk about it.
“That would be unfortunate,” I said.
“It would. Which is why we’d like to avoid it.”
“How?”
“Full cooperation. Complete transparency. Give us everything—documentation, source code, full access to your engineers. Make sure we can use this technology regardless of what happens to ThumbScan. Do that, and we’ll make sure you can keep doing business.”
It wasn’t a threat. Not explicitly. But the calculation was clear: give them everything they wanted, or they’d take it anyway and we’d be done.
“I’ll need to discuss this with our CEO.”
“Of course. But don’t take too long. We’d like to resolve this quickly.”
After we hung up, I sat at my bench for twenty minutes, staring at the circuit boards in front of me.
I was making a probabilistic bet. Give NSA full access, hope it bought us time to find new investors or turn the business around. Maybe 10% chance of survival. Maybe less.
The alternative was a secrecy order and 0% chance.
Ten percent beats zero. I made the bet.
The Unraveling
We gave them everything. No potting compound on the circuit boards. No security screws. Full technical documentation. Complete access to BlitzMatch’s source code. Everything.
NSA embedded our technology into systems I’ll never see. Used it for purposes they’ll never tell me about. The FBI integrated BlitzMatch into AFIS. Crime scene prints started getting pre-screened by our algorithm, identifying likely suspects for human analysts to review.
The technology worked perfectly. Type 1 and Type 2 error rates better than anything else on the market. Our Crossover Error Rate—the point where false acceptance and false rejection were equal—was lower than systems costing thirty times more.
But the company kept dying.
The End
By late 1989, we were running on fumes. Twenty employees wondering when the axe would fall. Payroll getting harder each month. Pete was on the phone constantly, trying to raise money, getting nowhere. The hangover from Black Monday lingered. VCs weren’t taking risks, especially not on companies that had already missed their original projections.
I could see the writing on the wall. I’d been sleeping under my tech bench more nights than I’d been home. My parents’ health was declining—my mother’s multiple sclerosis getting worse, my father’s heart condition worsening. My wife was managing their care while raising our three kids. We’d moved back to Chicago to be close to them, bought a house three blocks away, but I was never there.
When Advanced Analytics Corporation in Champaign offered me the presidency of TeraPlex, Inc.—a supercomputer company working on revolutionary microprocessor architecture—I took it.
I called Pete to tell him. The conversation lasted maybe three minutes.
“You’re leaving.”
“Yes.”
“To work with them.” The original University of Illinois inventors. The ones he’d never gotten along with.
“It’s not about sides, Pete. It’s about—”
“It’s always about sides.”
“I need to think about my family. The company isn’t going to make it.”
Silence on the other end.
“Good luck,” he said, and hung up.
We never spoke again.
ThumbScan lasted another six months. It was eventually acquired by Cominvest AB for scraps. The company abandoned its patent applications. The U.S. government secured permanent access to BlitzMatch and the underlying technology without any dependency on the company existing.
I was one of the original five employees. We’d grown to twenty. My equity evaporated like it does for most startup executives.
The business bet failed completely.
The Ghost in the Machine
Over the years, every once in a while, an email would arrive. Or a phone call from someone I didn’t know.
“I’ve been given access to BlitzMatch for a project. I need some clarification on how the spatial relationship algorithm works.”
“Where are you working?” I’d ask.
They’d hesitate. “I can’t really say. It’s classified.”
I’d help where I could with technical questions. Sometimes they’d push for more details about the original implementation. Sometimes they’d just thank me and disappear. I gave up whatever security clearance I had when I stopped working with NSA, so I never knew what systems they were building or what problems they were trying to solve.
It seems that BlitzMatch is still running. Somewhere. In systems I’ll never see, doing work I’ll never know about, protecting things I’m not cleared to understand.
The algorithm I built at 3 AM on a Tuesday in 1987 worked. The NSA mathematician in the wrinkled shirt was right—I was comfortable making bets without certainty, as long as I’d quantified the uncertainty.
Type 1 errors. Type 2 errors. False rejection rates. False acceptance rates. I understood the tradeoffs. I made them consciously. The technology succeeded.
The business failed because I was optimizing for the wrong variables. I understood the algorithm’s error rates perfectly. I didn’t understand the market’s error rates at all.
BlitzMatch is still running decades later. Helping identify people I’ll never meet. Solving crimes I’ll never hear about. Embedded in systems that don’t exist on any org chart.
99.99% of people will never know it existed.
But it worked, and it still seems to be working.
And that’s the bet that mattered.
Next week in Episode 6: I wish I had known about second-order thinking when NSA came calling. I saw the first consequence (give them access, keep the business alive) but missed what came next—and next after that. Episode 6 reveals the framework for tracing decisions through multiple consequences, anticipating unintended effects, and asking “and then what?” before it’s too late. Subscribe so you don’t miss it
Phil McKinney
