2 January 2010. Cryptome: By comparing redactions of the Tom Johnson document at the National Security Archive with redactions in the one released by NSA to Cryptome, a number of differences were seen which revealed additional information. See NSA document updated after Diffie's comments were received.

2 January 2010

Martin Hellman on NSA and the Joseph Meyer letter: http://cryptome.org/hellman/hellman-nsa.htm

Whitfield Diffie writes 1 January 2010:

Here are my comments on the NSA document you received. It turns out to be from Book III: Retrenchment and Reform of Tom Johnson's multi-volume history of NSA released under a different FOIA request in 2008. On balance this document is less heavily redacted than Johnson's full history but that version does answer some questions about this one. Some of the interlinear commentary was written before I figured out what this was and may look a little odd in that light.

I have put in line breaks where they were in the original in an attempt to produce a type facsimile.

My comments are indented one tab stop [marked Diffie:].

Begin NSA document. [--------------] Indicates redactions in original text.

DOCID: 3417193

[One-half page redacted.]

(U) PUBLIC CRYPTOGRAPHY

(U) Modern cryptography has, since its earliest days, been associated with governments. Amateurs there were, like Edgar Allan Poe, who dabbled in the art, and it has held a certain public fascination from the earliest days. But the discipline requires resources, and only governments could marshal the resources necessary to do the job seriously. By the end of World War II, American cryptology had become inextricably intertwined with the Army and Navy's codebreaking efforts at Arlington Hall and Nebraska Avenue. But this picture would begin changing soon after the war.

Diffie: This seems a mistaken analysis. American 20th-century cryptography stood on the shoulders of Edward Hebern, William Friedman, Gilbert Vernam, and Herbert Yardley, all of whom were outside of government when they made their initial (and perhaps greatest) discoveries. After World War I, there began a period in which governments rose to dominate cryptography.

(U) Modem public cryptography originated with a Bell Laboratories scientist, Claude Shannon, whose mathematics research led him to develop a new branch of mathematics called information theory. A 1948 paper by Shannon brought the new discipline into the

Diffie: Odd for the author to miss the point that the 1949 paper is based on a confidential Bell Labs paper written in 1945.

HANDLE VIA TALENT KEYHOLE COMINT CONTROL SYSTEMS  JOINTLY

231

TOP SECRET UMBRA

Approved for Release by NSA on
9-08-2008 FOIA Case # 2916 [Cryptome: this date corresponds to the release of Tom Johnson's volume.]

DOCID: 3417193

TOP SECRET UMBRA

public domain, and from that time on, cryptography became a recognized academic pursuit.¹¹⁹

Diffie: Not so much. Cryptography was probably at its most secret during the 1950s.

(U) Public cryptography had no market in those days. So when IBM researcher Horst Feistel developed a line of key generators to be embedded in IBM computers, called Lucifer, there was no immediate use for it. But in 1971 Lloyd's Bank of London contacted IBM to ask about the possibility of securing transactions from a cash dispensing terminal. Feistal sent Lucifer to Lloyd's. IBM then formed a group. headed by Walter Tuchman, to develop the idea of encrypting banking transactions.

Diffie: This is at the very least a scanty account. The most important of Feistel's work was done for the Air Force Cambridge Research Center around 1950. AFCRC (later AFCRL) was working on aircraft identification. Its work was not sponsored by NSA (or its predicessors) but did communicate with the Agency and was later very influential. In the 1950s, NSA succeeded in eliminating virtually all other cryptographic work in the U.S. and Feistel's group was put out of business. Feistel remained intersted in little else for the rest of his career and was successively rebuffed in his interests at ARCRL, MIT Lincoln Laboratory, and Mitre before finding a home less subject to government influence at IBM. I suspect, though I do not know, that IBM was already interested in cryptography when it hired Feistel.

The statement that there was no public market for cryptography circa 1970, incidentally, is misleading. Unquestionably it was miniscule by comparison with the current market but oil companies and banks were both buyers of crypto equipment.

(FOUO) While IBM was developing a market for public cryptography, computers were becoming more common within the government. The 1965 Brooks Act gave the National Bureau of Standards (NBS) authority to establish standards for the purchase and use of computers by the federal government. Three years later, Dr. Ruth Davis at NBS began to look into the issue of encrypting government computer transactions and concluded that it was necessary to develop a government-wide encryption standard. She went to NSA for help. NBS, it was decided, would use the Federal Register to solicit the commercial sector for an encryption algorithm. NSA would evaluate the quality, [---------------------------------------------------------------------------
-------------------------------------------------------------------]

(FOUO) In 1973 NBS solicited private industry for a data encryption standard (DES). The first offerings were disappointing, so NSA began working on its own algorithm. Then Howard Rosenblum, deputy director for research and engineering, discovered that Walter Tuchman of IBM was working on a modification Lucifer for general use. [----------------------------------------------------------------------------
-----------------------------------------------------------------------------------------------------]

(FOUO) The decision to get involved with NBS was hardly unanimous. From the SIGINT standpoint, a competent industry standard could spread into undesirable areas, like Third World government. communications, narcotics traffickers, and international terrorism targets. [-----------------------------------------------------------------------------------------------------
----------------------------------------------------------------]

Diffie: This is probably mention of some of the evidence that appeared during the 1970s of Soviet exploitation of American communications.

This argued the opposite case - that, as Frank Rowlett had contended since World War II, in the long run it was more important to secure one's own communications than to exploit those of the enemy.¹²¹

(FOUO) Once that decision had been made the debate turned to the issue of minimizing the damage. [-----------------------------------------------------------------------------------------------------
-------------------------------------------------------------------------------------------------------
-------------------------------------------------------------------------------------------------------
-------------------------------------------------------------------------------------------------------
----------------------------------------------------------------------------] NSA worked closely with IBM to strengthen the algorithm against all except brute force attacks and to strengthen substitution tables, called S-boxes. Conversely, NSA tried to convince IBM to reduce the length of the key from 64 to 48 bits. Ultimately, they compromised on a 56-bit key.¹²²

Diffie: The only previous mention I had heard of 48 bits was from Charles Bigelow who said at the second NBS meeting on DES that he though 48 bits might be sufficient. Either Walter Tuchman or Carl Meyer told me that they had a number of keylengths and mentioning 72.

My attempts to get a consistent account of the interaction between IBM and NSA have been a failure. I don't think they were being secretive; I think things must have looked different from Yorktown Heights, Kingston, and Fort Meade.

HANDLE VIA TALENT KEYHOLE COMINT CONTROL SYSTEMS  JOINTLY

232

TOP SECRET UMBRA

DOCID: 3417193

TOP SECRET UMBRA

(FOUO) The relationship between NSA and NBS was very close. NSA scientists working the problem crossed back and forth between the two agencies, and NSA unquestionably exercised an influential role in the algorithm. Thus, when DES became official in July 1977, a debate erupted in the academic community over the security of the standard. Scientists charged that NSA had secretly pressured NBS into adopting a nonsecure algorithm. Not only did they contend that the key length was to NSA's liking, they also alleged that the Agency had built a "trap door" into the system that would allow cryptographers at Fort Meade to read it at will. In 1976 David Kahn, the leading nongovernmental authority on cryptography, lent academic support to this view. Kahn's allegations were repeated by writers and scientists worldwide. The issue became so charged that. a Senate committee in 1977 looked into the allegations. The hearings resulted in a "clean bill of health" for NSA, but it hardly quieted the academic uproar.¹²³

(U) To calm the waters, NBS called a conference in August 1976. It solved nothing. Leading academic figures contended that the DES algorithm was so weak that it could be solved with fairly modest resources (on the order of $9 million), while defenders pronounced it secure against virtually any attack feasible at the time. National Bureau of Standards ultimately promised that the DES algorithm would be reevaluated every five years.¹²⁴

(U) The problem was, in large part, one of timing. During the Church and Pike Committee hearings, NSA had been tarred with the same brush that smeared CIA and FBI, and the exculpatory conclusions of the Church Committee were lost in a sea of fine print. What the public remembered were the sensational allegations of journalist Tad Szulc and the finger-pointing of former cryptologist Winslow Peck.

Diffie: I must admit that I don't remember either thing. According to German Wikipedia and a reprint of the articles on jya.com, Winslow Peck is a pseudonym of Perry Fellwock who wrote two articles "U.S. Electronic Espionage: A Memoir, parts 1 and 2," in Ramparts in July and August of 1972.

Whether NSA was an apolitical collector of foreign intelligence information or truly a governmental "Big Brother" had not yet been adjudicated in the public mind. The concern for individual privacy, largely an outgrowth of the Watergate period, exercised an important sway on the American public, and even Walter Mondale, with years of experience watching over intelligence agencies from his Senate perch, was consumed by this issue when he was Carter's vice president. Any endeavor that would make NSA out as an inspector of private American communications would play negatively. The DES controversy was one of those issues.

(U) In 1976 a related chain of events began which was to flow together with the DES controversy. In that year Martin Hellman of Stanford, one of the world's leading practitioners of the cryptographic arts, and his graduate student, Whitfield Diffie, published "New Directions in Cryptography" in the November issue of IEEE Transactions on Information Theory. It contained the first public exposition of what was to become known as public key cryptography. In the Hellman-Diffie scheme, it would be possible for individual communicants to have their own private key and to communicate securely with others without a preset key. All that was necessary was to possess a publicly available key and a private key which could be unlocked only with permission. This revolutionary concept freed cryptography from the burdensome periodic exchange of key with a set list of

HANDLE VIA TALENT KEYHOLE COMINT CONTROL SYSTEMS  JOINTLY

233

TOP SECRET UMBRA

DOCID: 3417193

TOP SECRET UMBRA

correspondents and permitted anyone with the same equipment to communicate with complete privacy.¹²⁵

Diffie: Time has shown this to be a somewhat over-enthusiastic assessment.

(S) This was the public face of the issue. But like public key cryptography itself, it contained a private story that was much more complex. Hellman, it turned out, had been one of the leading opponents of DES, for the very reason that he distrusted NSA's hand in the algorithm. He had obtained a National Science Foundation (NSF) grant to work on the project. It turned out that there was no legal prohibition against a governmental entity funding private research into cryptography, despite the possibility that such research would break the governmental monopoly on leading edge techniques. And in fact.

Hellman and Diffie had discovered a technique that [----------------] James Ellis had

Diffie: There are two likely possibilities for the deleted portion; a careful look at the exemptions might help resolve them.

On one had, it might say ``British mathematician'' or ``GCHQ mathematician'' or ``CESG mathematician'' and there may be some rule against mentioning the British service without their permission. This would seem silly given GCHQ's trumpeting of its work but much in the redaction of this document has that quality. I find mention of Ellis alone plausible because the earliest draft of Ellis's work of which I am aware is late 1969 his paper is dated 1970, so the time is right.

On the other it may be that the deleted portion mentions Clifford Cox and Malcolm Williamson, both still alive. That seems less likely.

discovered six years previously. NSA regarded the technique as classified; now it was out in the open.¹²⁶

(U) In April 1977 David Boak and Cecil Corry of NSA visited Dr. John Pasta, director of NSF's division of mathematical and computer research, to discuss the issue. Since the early 1970s there had been sporadic contact between NSA and NSF, and NSF had agreed to permit a certain amount of NSA "assistance" on these types of projects, but only to examine grant proposals on their technical merits rather than to institute a formal coordination process. Pasta, believing that academic freedom was at stake, held fast to the NSF position and refused to permit NSA to exercise any sort of control over future grants.¹²⁷

(FOUO) The difficulties with NSF did not end with the Hellman imbroglio. In 1977 Ronald Rivest of MIT published an NSF-funded paper expanding the public key cryptography idea. He postulated a method of exchanging public and private keys, protecting the private key based on the known fact that large integers are extremely difficult to factor. The new RSA technique (named after its inventors, Rivest, Shamir, and Adleman) depended on finding very large prime numbers, upwards of 100 digits long, a [-------------------------------] NSA's problem with it was

Diffie: Probably a mention of Clifford Cocks's work on this subject.

[WD amended comment] No. The line is in a different redaction of Tom Johnson's history of NSA. It is: "a technique that was later adapted for STU-III key exchange."

that it had been discovered within the cryptologic community five years earlier and was still regarded as secret.

Diffie: If the reference is to Cocks's work, it is about 3 years earlier; the paper is dated 20 November 1973.

In fact, NSA had reviewed the Rivest application, but the wording was so general that the Agency did not spot the threat and passed it back to NSF without comment.

Diffie: This doesn't really square with R, S, and A's account of the work. Rivest discovered the problem from reading New Directions and brought it to the attention of Shamir and Adleman with whom he was working on other mathematical issues. Adlemen, in particular, recalls resisting the work on cryptgraphy as insignificant. He recalls thinking when he allowed his name to be on the paper "This will be the least noticed paper I ever write." It seems unlikely that Rivest filed a new grant proposal in the fairly short interval between beginning to work on the public-key problem and disocvering RSA.

Since the technique had been jointly funded by NSF and the Office of Naval Research, NSA's new director, Admiral Bobby Inman, visited the director of ONR to secure a commitment that ONR would get NSA's coordination on all such future grant proposals.¹²⁸

(S) In 1977, a patent controversy stirred the already-choppy waters. George Davida, a University of Wisconsin professor, applied for a patent on a cryptographic device using advanced mathematics techniques and [----------------] shift registers. The COMSEC

Diffie: I would have thought the most likely phrase here would be "maximal period" or "maximal cycle length" but the patent, 4202051, contains endless repetition of the phrase "linear feedback shift register" and that is probably it. The text does contain one occurrence of the phrase "maximal length period shift registers," thereby covering all bases.

organization was unruffled, but DDO, fearing the spread of shift register techniques that would give the SIGINT side problems, recommended a secrecy order, which was duly put in place by the Patent Office. The inevitable public debate turned on the issue of academic freedom. NSA answered that if Davida had published the technique in an academic journal he would have been protected, but since he had instead applied for a patent, it

HANDLE VIA TALENT KEYHOLE COMINT CONTROL SYSTEMS  JOINTLY

234

TOP SECRET UMBRA

DOCID: 3417193

TOP SECRET UMBRA

appeared that he was in it for the money and thus lacked First Amendment protection. This was incontrovertible logic but bad politics, and once again NSA was forced to back down. The Davida patent was reinstated.¹²⁹

(S) Inman, who had just arrived at Fort Meade, clamped down hard on patent review procedures, directing that before secrecy orders could be imposed a senior team headed by the general counsel would review the decision. But the new procedures did not work right away. An independent inventor named Carl Nicolai had invented a "phaserphone," which would encrypt voice communications at an estimated cost of about $100 per commercial model. Again the issue split NSA, with DDO opposing the patent release and COMSEC recommending approval. NSA requested another secrecy order, which the commissioner of patents duly imposed. This generated the predictable storm of academic protest. Davida sought the protection of Warren Magnuson, a friend of the family and a power in

Diffie: This looks like an editing error. Magnuson was the senator from Washington, so it probably meant to say Nicolai.

the Senate. In the face of the commotion, NSA backed down and the Patent Office lifted the secrecy order.¹³⁰

(FOUO) NSA hunted diligently for a way to stop cryptography from going public. One proposal was to use the International Traffic in Arms Regulation (lTAR) to put a stop to the publication of cryptographic material. ITAR, a regulation based on the 1954 Mutual Security Act, was intended to control the export of items that might affect U.S. security by establishing a Munitions List, including SIGINT and COMSEC equipment and cryptographic devices. Companies desiring to export items on the list would have to secure licenses. Within NSA the controversy centered on the academic use of cryptography, absent a specific intention to export the techniques. The legislation granted general exemptions in cases where the information was published and publicly available, but skirted First Amendment issues and focusing on commercial motivations.¹³¹

(U) This idea was pushed internally by one [----------------------] but was just one

Diffie: Context suggests that the deletion reads "Joseph A. Meyer."

of several techniques being considered. In July 1977 took [-----] matters into his own

Diffie: Presumably deletes the name Meyer. The deletion of the name of the subject of the request (who has been dead several years) is a disturbing afront to both common sense and good public relations. From here on I have just changed [-----] to [Meyer] where appropriate.

hands. The Institute of Electrical and Electronics Engineers would be holding a symposium on cryptography in Ithaca, New York. Concerned about the potential hemorrhage of cryptographic information [Meyer] sent a letter to E. K. Gannet, staff secretary of the IEEE publications board, pointing out that cryptographic systems were covered by ITAR and contending that prior government approval would be necessary for the publication of many of the papers. The letter raised considerable commotion within IEEE, with scholars racing to secure legal opinions and wondering if the federal government might arrest them and impound the information.¹³²

(U) The issue did not stop with IEEE. Someone notified the press, and journalist Deborah Shapley published the entire controversy in an issue of Science magazine. Although [Meyer] wrote the letter on plain bond paper, Shapley quickly discovered his association, and she claimed that NSA was harassing scientists and impeding research into public cryptography. In her view, the lack of direct traceability constituted smuggling NSA's official view covertly to academia, with plausible deniability. Congressional reaction was swift, and the Senate decided to hold hearings on the issues.¹³³

HANDLE VIA TALENT KEYHOLE COMINT CONTROL SYSTEMS  JOINTLY

235

TOP SECRET UMBRA

DOCID: 3417193

TOP SECRET UMBRA

(U) The [-----] letter was dispatched, recalled Inman ruefully, on virtually the same date that he became director. It presented him with his first public controversy, only days into his new administration.

(FOUO) lnman began cautiously enough with that all-purpose bureaucratic solution, the study committee. That fall and winter he had two groups, NSASAB and a committee

Diffie: The NSA Scientific Advisory Board.

of NSA seniors, looking at public cryptography and proposing options. To this extremely complex issue the board of seniors proposed three alternatives:

a. Do nothing. This school of thought, championed by G Group, held that any public discussion would heighten awareness of cryptographic problems and could lead to nations buying more secure crypto devices. This threat was especially acute in the Third World.

b. Seek new legislation to impose additional government controls.

c. Try nonlegislative means such as voluntary commercial and academic compliance.¹³⁴

(FOUO) The panel concluded that the damage was already so serious that something needed to be done. [------------------------------------------------------------------------------------------------------------
-------------------------------------------------------------------------------------------------------------
-------------------------------------------------------------------------------------------------------------
-------------------------------------------------------------------------------------------------------------
-------------------------------------------------------------------------------------------] It was essential, then, to slow the rate of academic understanding of these techniques in order for NSA to stay ahead of the game. (There was general recognition that academia could not be stopped, only slowed.)

(U) Inman first chose the legislative solution. Daniel Silver, the head of NSA's legal team, circulated a draft of a new Cryptologic Information Protection Act. This proposed creating a new entity, the U.S. Cryptologic Board, which could restrict dissemination of sensitive cryptologic material for up to five years and would impose severe penalties (five years in prison, a $10,000 fine) for violation.¹³⁵

(U) But Inman himself recognized the unlikelihood of getting Congress to act. NSA's proposed legislation would run against a strong movement in the opposite direction in both Congress and the White House, where the desire was to unshackle U.S. commerce from any sort of Pentagon-imposed restriction on trade. Even as the NSA seniors were recommending strengthening NSA's control over cryptography, President Carter was signing PD-24. This presidential directive divided cryptography in half. "National security cryptography," that which pertained to the protection of classified and unclassified information relating to national defense, would remain with NSA. But the directive also defined another sort of issue, "national interest" cryptography, which pertained to unclassified information which it was desirable to protect for other reasons (international currency exchange information, for instance), Protecting this type of

HANDLE VIA TALENT KEYHOLE COMINT CONTROL SYSTEMS  JOINTLY

236

TOP SECRET UMBRA

DOCID: 3417193

TOP SECRET UMBRA

information and dealing with the private sector on such protection (for instance, on DES), would become part of the domain of the Commerce Department. The National Telecommunications and Information Administration (NTIA), within Commerce, would be responsible for dealing with the public. NTIA moved promptly to assert its authority in the area of cryptographic export policy and to deal with academia over cryptography. NSA mounted strong opposition to both moves.

(FOUO) Daniel Silver's draft legislation was basically dead on arrival, and there is no evidence that it was ever seriously considered. But the war between NSA and Commerce was only beginning. Congressman L. Richardson Preyer, who had taken over Bella Abzug's House Subcommittee on Government Information and Individual Rights, led a series of hearings on NSA's "interference" in academia. Preyer worked under the direction of Congressman Jack Brooks, chairman of the full House Government Operations Committee, who was the most vocal sponsor of Commerce's encroachment on NSA's COMSEC turf. Bolstered by the testimony of David Kahn and George Davida, he was predictably critical of NSA's role in public cryptography. Inman, upset with the draft subcommittee report, went to Congressman Edward Boland, who chaired the HPSCI.

Diffie: House Permanent Select Committee on Intelligence.

Boland, agreeing with Inman's complaint, told Brooks that future matters of this sort, which affected national security and intelligence operations, should be coordinated in advance with his committee. This did not end the sniping between NSA and Brooks, but did give the Agency a powerful ally.¹³⁶

(FOUO) Within the administration it was guerrilla warfare. The Carter people came to town temperamentally allied with Brooks and Preyer. Their bent was to loosen Pentagon control of anything, especially anything that might affect individual rights and academic freedom. But Inman was a tough infighter and got the Department of Defense to line up behind NSA's position in opposition to NTIA. Through four years of Carter, the matter dogged the White House and frustrated compromise between the Commerce position and the Pentagon determination to gain back its authority. By the time Dr. Frank Press, Carter's advisor on technology policy, was ready to adjudicate the dispute, the 1980 elections were upon the administration, and the solution was deferred to the incoming Reagan people. In the meantime, Inman had succeeded in dividing Congress and securing allies in the fight.¹³⁷

(U) Inman was convinced from the start that the legislative approach, even if successful, would have to be supplemented by some sort of jawboning with academia. Early in his administration, he decided to visit Berkeley, a center of opposition to any sort of government intervention, and a hotbed of raw suspicion since the early days of the Vietnam War. He found himself in a room with antiestablishment faculty members, and "for an hour it was a dialogue of the deaf." Then the vice chancellor of the University of California, Michael Heyman, spoke up. Just suppose, he said, the admiral is telling the truth and that national security is being jeopardized. How would you address the issue? Instantly the atmosphere changed, and the two sides (Inman on one side, the entire faculty on the other) began a rational discussion of compromises. This convinced him that he was on the right track, and he pursued this opening to the public.¹³⁸

HANDLE VIA TALENT KEYHOLE COMINT CONTROL SYSTEMS  JOINTLY

237

TOP SECRET UMBRA

DOCID: 3417193

TOP SECRET UMBRA

(U) Inman followed this with a visit to Richard Atkinson, head of the National Science Foundation, to discuss the ideas that had emerged at Berkeley. The faculty had expressed a desire to get an "honest broker," one that both sides trusted, to sort through the issues and get to a compromise. Atkinson suggested that they approach the American Council on Education (ACE), and agreed that if ACE would agree to sponsor the effort, the National Science Foundation would fund it.¹³⁹

(U) This presented NSA with a historic opportunity to engage in a rational debate with the private sector, and it drove Inman to bring the issue to the attention of the American public. His forum was the annual meeting of the Armed Forces Communications Electronics Association in January 1979. It was the first public speech by an NSA director, and as Inman said at the outset, it was "a significant break with NSA tradition and policy." He then laid out the conflicting interests - academic freedom versus national security. He advocated a problem-solving dialogue, but also acknowledged that the government might on occasion have to impose restrictions on extremely sensitive technology to protect national security. "I believe that there are serious dangers to our broad national interests associated with uncontrolled dissemination of cryptologic information within the United States. It should be obvious that the National Security Agency would not continue to be in the signals intelligence business if it did not at least occasionally enjoy some cryptanalytic successes." On the other hand, the government might have to permit the free exchange of technology, taking action in only the most difficult cases. The important thing, he stressed, was to talk through these issues so that both sides understood what was at stake and could appreciate the position of the other side. And he articulated the long-range importance of the problem: "Ultimately these concerns are not those merely of a single government agency, NSA. They are of vital interest to every citizen of the United States, since they bear vitally on our national defense and the successful conduct of our foreign policy."¹⁴⁰

(U) The public opening was followed by a series of meetings, sponsored by ACE, to devise a forum to begin the dialogue. Some members (most notedly George Davida) held out for a complete absence of any controls on academia, but the majority concluded that controls would be necessary when national security was involved. What emerged was a procedure for prior restraint, involving a board of five members, a minority of whom would be from NSA, to review publication proposals. Submissions would be voluntary, and the area of examination would be very limited. The proposal passed with the unlikely Yes vote of Martin Hellman, who had earlier been subjected to some private jawboning by Inman. He, along with others in academia, had come to believe that there was, indeed, a legitimate national security interest in what they were doing.¹⁴¹

(U) Prepublication review turned out to be less of a real than an imagined threat to First Amendment freedoms. The committee requested very few changes to proposals, and most of those were easily accomplished. In one case, NSA actually aided in lifting a secrecy order placed on a patent application. The submitter, Shamir of RSA fame, thanked NSA for its intervention. At the same time, NSA established its own program to fund research proposals into cryptography. Martin Hellman was one of the first applicants.¹⁴²

HANDLE VIA TALENT KEYHOLE COMINT CONTROL SYSTEMS  JOINTLY

238

TOP SECRET UMBRA

DOCID: 3417193

TOP SECRET UMBRA

(U) As for DES, the controversy quieted for a period of years. DES chips were being manufactured by several firms and had become a profitable business. In 1987, NSA proposed a more sophisticated algorithm, but the banking community, the prime user of DES, had a good deal of money invested in it and asked that no modifications be made for the time. By the early 1990s it had become the most widely used encryption algorithm in the world. Though its export was restricted, it was known to be widely used outside the United States. According to a March 1994 study, there were some 1,952 products developed and distributed in thirty-three countries.¹⁴³

Notes

[Three-fourths of a page redacted with "Non - Responsive" inserted]

HANDLE VIA TALENT KEYHOLE COMINT CONTROL SYSTEMS  JOINTLY

239

TOP SECRET UMBRA

DOCID: 347193

TOP SECRET UMBRA

[Full page redacted with "Non - Responsive" inserted]

HANDLE VIA TALENT KEYHOLE COMINT CONTROL SYSTEMS  JOINTLY

240

TOP SECRET UMBRA

DOCID: 347193

TOP SECRET UMBRA

[Full page redacted with "Non - Responsive" inserted]

HANDLE VIA TALENT KEYHOLE COMINT CONTROL SYSTEMS  JOINTLY

241

TOP SECRET UMBRA

DOCID: 347193

TOP SECRET UMBRA

[Full page redacted with "Non - Responsive" inserted]

HANDLE VIA TALENT KEYHOLE COMINT CONTROL SYSTEMS  JOINTLY

242

TOP SECRET UMBRA

DOCID: 347193

TOP SECRET UMBRA

[One-fourth page redacted with "Non - Responsive" inserted]

119. (U) DDIR files, 96026, Box 4, Drake Notebook, Proto Paper.

120. (U) Ibid [--------------] draft history of COMPUSEC, in CCH files; [-------] "NSA Comes Out of the Closet: The Debate over Public Cryptography in the Inman Era," Cryptologic Quarterly, Spring 1996) 15: 6-7.

121. (U) Ibid.

122. (U) Ibid.

123. (U) DDIR files, 96026, Box 4, Drake Notebook, Proto paper; David Kahn, "Cryptology Goes Public," Foreign Affairs (Fall 1979) 147-51 [-------] "NSA Comes Out of the Closet," 13-14.

124. (U) [-------] "NSA Comes Out of the Closet," 8-9.

125. (U) [-------] "NSA Comes Out of the Closet," 10 [--------------] Fifty Years of Mathematical Cryptanalysis (Fort Meade), Md. NSA, 1988), 80.

126. (U) [-------] "NSA Comes Out of the Closet," 10 [--------------] Fifty Years of Mathematical Cryptanalysis (Fort Meade), Md. NSA, 1988), 78.

127. (U) [-------] "NSA Comes Out of the Closet," 10.

128. (U) [-------] "NSA Comes Out of the Closet," 10 [--------------] Fifty Years of Mathematical Cryptanalysis (Fort Meade), Md. NSA, 1988), 80.

129. (U) Kahn, "Cryptology Goes Public," 154-55 [-------] "NSA Comes Out of the Closet," 16.

130. (U) Kahn, "Cryptology Goes Public," 155 [-------] "NSA Comes Out of the Closet," 16.

131. (U) [-------] "NSA Comes Out of the Closet," 11; DDIR files, 96026, Box 4, Drake Notebook.

132. (U) Kahn, "Cryptology Goes Public," 155-56 [-------] "NSA Comes Out of the Closet," 13.

133. (U) [-------] "NSA Comes Out of the Closet," 12.

134. (U) Ibid. 20-21.

135. (U) Ibid. 25.

136. (U) Ibid. 17-18, 32-35.

137. (U) Ibid.

138. (U) Interview, Norman Boardman, by Robert D. Farley, 1986, OH 3-86, NSA.

139. (U) Ibid.

140. (U) CCH Series VI.D.2.30.

141. (U) [-------] "NSA Comes Out of the Closet," 28-31.

HANDLE VIA TALENT KEYHOLE COMINT CONTROL SYSTEMS  JOINTLY

243

TOP SECRET UMBRA

DOCID: 3417193

TOP SECRET UMBRA

142. (U) Boardman Interview; Report of a Special Panel of the ACM U.S. Public Policy Committee (USACM), Codes, Keys, and Conflicts: Issues in U.S. Crypto Policy (New York: ACM, 1994).

143. (U) Kahn, "Cryptology Goes Public [------------------------] Comes Out of the Closet," 13; Codes, Keys, and Conflicts, 4-5; Telephone interview [-----------] uary 1998.

[Balance of page blank.]

HANDLE VIA TALENT KEYHOLE COMINT CONTROL SYSTEMS  JOINTLY

244

TOP SECRET UMBRA