2 January 2010. Whitfield Diffie on NSA and the Joseph Meyer letter: http://cryptome.org/0001/diffie-nsa.htm

1 January 2010. The NSA FOIA documents have been transcribed:

http://cryptome.org/0001/nsa-meyer.htm

31 December 2009

This is in response to the NSA FOIA documents on a 1977 letter of Joseph A. Meyer to the IEEE:

http://cryptome.org/nsa-meyer.zip

From: Martin Hellman <hellman[at]stanford.edu>
Subject: Re: NSA Docs on Joseph Meyer 1977 Letter to IEEE
Date: Thu, 31 Dec 2009 16:02:04 -0800
To: John Young <jya[at]pipeline.com>

Dear John,

Your email brought some ancient history back to mind. Ah, the infamous Meyer letter! I didn't see Meyer's letter in the file to which you linked, but assume it's the same as the attached -- which also includes correspondence showing how it got to me, an interesting story in itself.

http://cryptome.org/hellman/1977-0707-Meyer-letter.pdf (940KB)

Here are a few comments that came to mind as I skimmed your file and combed my memory banks.

1. Your FOIA request may be the first that documents that NSA tried to get IBM to reduce the key size from 64 to 48 bits, and they compromised on 56. See the bottom of page 5 of the PDF = page 232 of the document. At least it's the first I remember seeing the 48 bit number spelled out. But my memory is far from perfect.

2. Page 6 of the PDF says "NSA scientists working the problem crossed back and forth between the two agencies." Dennis Branstad and another former NSA person moved over to NBS (now NIST) to handle the DES, and I felt like I was talking with NSA, not NBS. Dennis and I later became friends, but at the time it felt quite adversarial.

3. This same paragraph (FOUO) on PDF page 6 says we "alleged that the Agency had built a 'trap door' into the system." That is not quite true, though I imagine that's how it felt at Ft. Meade. The principles behind the design of the DES were secret and we found suspicious structures in the S-boxes. We therefore pressed for public disclosure of the design principles to ensure that no trap doors were built into the system. That is not the same as alleging they were present.

4. The third paragraph on this page says NSA was unfairly tarred with the same brush as the CIA. While there were certainly differences in how the two agencies acted, if memory serves me (and as I get older it does so less and less), NSA was involved in domestic intelligence operations against anti-war protesters during the Viet Nam era. Operation Shamrock is another questionable action on the Agency's part. That said, the fact that the DES controversy erupted so soon after Watergate did create extra concern about possible abuses. Whether that was fortunate or unfortunate may largely be a question of perspective.

5. Page 7's description of NSA-NSF interactions is more benign than was related to me by one of my grant monitors at NSF. He told me that someone at NSA had called him, telling him that NSF was not allowed to support crypto research, that NSA had a government monopoly in that area (a term used in this document as well. Fortunately, my NSF contact stood up to this pressure and asked the person at NSA to put that in a letter so he could run it by NSF's General Counsel. If I remember correctly, the letter never came.

6. Page 8 of the PDF starts talking about the Meyer letter, though his name is deleted. While at first, Meyer's letter appeared to be an NSA warning shot across our bow, later information leads me to believe that what this document says is correct, that Meyer wrote the letter on his own initiative. Many years ago, I started writing an autobiography (a project I dropped), but have attached the first chapter which deals with this issue.

http://cryptome.org/hellman/hellman-ch1.doc

7. I do have some thoughts on pages 9-10 of the PDF about NSA considering and dropping a legislative solution. While what's said there is probably correct, it is something of which I was unaware. My remembrance is that, when Inman and I first started our dialog, he was strong on getting legislation of the type described here, but I pointed out that it would not work. Academic crypto researchers were already mad at NSA and such legislation would only increase the level. Further, if the law required us to get prepublication approval, even if we followed the letter of the law, we would likely first give lots of talks (which would be much harder to control legally) and otherwise disseminate the information before the prepublication review. I argued that NSA needed the cooperation of the authors, and that legislation would almost surely have the opposite effect. When Inman moved to a voluntary prepublication review, I therefore assumed that my arguments had played some role. But perhaps they didn't and this description is what transpired. Of course, the author of this document was probably unaware of my conversations with Inman.

8. Page 11 (last line) says I was one of the first applicants to the NSA program to fund unclassified research in cryptography. While technically correct, my perspective is a little different. While Inman and I started out as adversaries, we became tentative friends and then true friends, who trust one another. As a recent example, he signed a statement supporting an approach I have been pioneering to solve the nuclear threat. See

http://nuclearrisk.org/statement.php.

In the early phases of our relationship, he instituted this program at NSA but none of the major figures in academic research were willing to buy in. I offered to be the first.

Turning to the Meyer letter and related correspondence which I've attached, it's interesting to note that the IEEE forwarded it to me as a member of the Information Theory Group's Board of Governors, not as the primary author to whom Meyer was referring. (I had papers in the November 1976 and May 1977 issues of the IT Transactions, the June 1977 issue of Computer magazine, and gave papers at the Ronneby and Ithaca symposia mentioned.) It seems to be how people respond to anything involving codes and NSA -- they start talking in code themselves!

Hoping this is helpful.

Martin

--

Martin Hellman
Member, National Academy of Engineering
Professor Emeritus of Electrical Engineering, Stanford University
http://www-ee.stanford.edu/~hellman/

On Dec 31, 2009, at 9:12 AM, John Young wrote:

> Dear Professor Hellman,
>
> We have received FOIA documents from the NSA on the
> 1977 letter of Josephy Meyer to the IEEE warning that export of
> crypto information would likely violate ITAR munitions control.
> It also reviews NSA attempts to hinder development of public
> cryptography:
>
> http://cryptome.org/nsa-meyer.zip (Zipped PDF, 2.4MB)
>
> You are mentioned prominently in the principal document,
> formerly classified as Top Secret. If you have the time and
> interest your comments on the accuracy of the NSA claims
> would be appreciated for publication on Cryptome.org, my
> web site.
>
> If you would know of a source for a copy of the Meyer letter
> I would appreciate it. (NSA says it does not have the letter.)
>
> Best regards,
>
> John Young
> 251 West 89th Street
> New York, NY 10024
> 212-873-8700