21 June 1997 See related documents: http://jya.com/whpfiles.htm ------------------------------------------------------------------ 4 March 1997 Source: William H. Payne ------------------------------------------------------------------------- Thursday October 24, 1996 11:11 CERTIFIED - RETURN RECEIPT REQUESTED Lieutenant General Kenneth A Minihan, USAF Director, National Security Agency National Security Agency 9800 Savage Road Fort George G. Meade, MD 20755-6000 Dear General Minihan: Purposes of this letter are: 1 appeal two Freedom of Information Act (FOIA) denials, 2 discuss NSA classification abuse, 3 offer settlement. Purpose 1. June 10 NSA administrator Bruce Bottomly was served the FOIA, In about '91 both you and NSA employee Donald Simard met with me in the conference room of building 855, the seismic verification building, at Sandia National Laboratories. I brought to the meeting the US/USSR comprehensive test ban Treaty seismic data authenticator. Both you and Simard railed against me to stop helping Sandia with its crypto projects. You both told me that this was NSA's job, not Sandia's. You were a graduate student in the late '60s or early '70s at Washington State University (WSU) in computer science. You were on leave from the National Security Agency (NSA). I was a computer science professor at WSU at that time. You told me at the meeting that you nearly told me at that early time to discontinue my work on pseudorandom numbers. The reason was that this area of work was the providence of the NSA. In the evening you, I, John Sobolewski went for dinner at El Pinto in Albuquerque. Sobolewski directed your master's thesis work at WSU. Sobolewski was one of my Ph.D. students. Looking back over the years, I feel that there is evidence that NSA attempts to illegitimately control academic research relating to pseudorandom numbers and machine combinatorics. My National Science Foundation grant NSF DCR75-08822 for building pseudorandom number and machine combinatoric subprogram libraries was funded. Then funding ceased. I learned in the early '90s from Bamford's book the Puzzle Place, page 361, that Bruce Barns, monitor of my grant, was to discontinue funding in research areas NSA felt was its. My concern about a possible improper role of NSA exerts in influencing the lives and careers of American citizens, prompts me to inquire. As you know, "The opportunities for an individual to secure employment, insurance, and credit, and his right to due process, and other legal protections are endangered by the misuse of certain information systems." Congress regulates the collection, maintenance and dissemination of information agencies. The Privacy Act establishes rules governing the use and disclosure of personal information. The Act specifies that information collected for one purpose may not be used for another purpose without notice to or the consent of the subject of the record. The Act also requires that each agency keep a record of disclosures of personal information. This is a request under the Privacy Act of 1974, 5 USC 552a. I request copies of, 1 All documents containing the name of William H. Payne, Bill Payne, etc. between the dates of January 1, 1970 to June 10,1996. The Privacy Act provides legal remedies that permit an individual to seek enforcement of the rights granted under the Privacy Act. Employees who fail to comply with the Act's provisions may be subject to criminal penalties. Please consider that this request is also made under the Freedom of Information Act (FOIA), 5 USC 552b. Please provide any additional information that may be available under the FOIA. I am requesting this information for factual information on a book I am writing on lack of ability and expertise, mismanagement, fraud, waste, abuse, corruption, violations of law, classification abuse, clearance abuse, abuse of national security interests, and cover-up of wrongdoing. And killing Iranians and Libyans. I have been unable to find NSA's mandatory published classification guidelines. So, under 5 USC 522b I request access to, 2 NSA's required published classification guidelines. Simard was a one-year visitor at Sandia from NSA visiting Sandia employee James Gosler. Simard was an NSA Forth programming language expert. Simard also told me that you were involved with the Forth programming language. I arranged a Forth language course for the employees of Gosler's division. Simard even taught part of the class. Gosler's employees told me what they and Simard were doing for NSA/Sandia. Virusing computer software and hardware. Then Gosler attempted to conscript me into NSA's infowar. The Baltimore Sun published a sixteen page six-part series between December 3-15, No Such Agency AMERICA'S FORTRESS OF SPIES by Scott Shane and Tom Bowman Part Four RIGGING THE GAME o Spy sting: Few at the Swiss factory knew the mysterious visitors were pulling off a stunning intelligence coup - perhaps the most audacious in the National Security Agency's long war on foreign codes. tells of the case of Swiss Crypto AG, Hans Buehler and the spiked crypto units. Shane and Bowman write in Part Four of their series, Engineers 'turning white' IF CRYPTO AG WAS OFFERED a deal by NSA in return for rigging its products, it would not be alone. The approach to American firms usually come during discussions with NSA's export licensing office. "It is not unheard of for NSA to offer preferential export treatment to a company if it built a back door into its equipment," says one person with experience in the field. "I've seen it. I have been in the room." NSA's pitch varies. "Generally with high-level executive it's an appeal to patriotism - how important it is for us to listen to the world," this source says. "With the midlevel commercial types, it's 'Do this and we'll give you preferential export treatment.' To the real technical people, it's 'why don't you do this?' And you don't realize what's being suggested until you see the engineers are turning white." In addition to the carrot of export approval, NSA also can brandish a stick, this source says. "There's the threat" You'll never get another export approval if you don't start to play ball." Journalist Loring Wirbel in the January 22, 1996 issue of Electronic Engineering Times wrote, "Next in my in-basket was a set of reprints from the Baltimore Sun from the paper's NSA series, which ran in early December. The series reveals the setup by the NSA and CIA of a new covert collection agency, the Special Collection Service, and details the case of Hans Buehler, an employee of Crypto A.G. who was thrown into an Iranian Prison after getting snared in Crypto/NSA string against that country." Buehler phoned me from Zurich on December 31, '94. And we began to put the story together. The story appears to be developing into The most audacious spy story, in terms of killing human beings, in the history of "intelligence." Germany only lost as killed about 28,000 and 5,000 captured out of a force of about 39,000 WWII U boat personnel, reports Hoyt. Some of these deaths were directly attributable to deciphering enigma messages, Kahn reports. The Longest War: The Iran-Iraq Military Conflict by Dilip Hiro states on the cover text, "How was Iraq - at a 3 to 1 disadvantage in population - able to sustain an eight year war and arm one-tenth of its entire population?" ... "It had been a bloody and expensive conflict. Conservative Western estimate put the total number of war dead at 367,000 - Iran accounting for 262,00 and Iraq 105,000. With more than 70,000 injured, the total casualties were put at over one million. The official figures, given a month later by Iran's minister of Islamic guidance in a radio interview, put the Iranian dead at 123,220 combatants, and another 60,711 missing in action. In addition 11,000 civilians had lost their lives. Tehran's total of nearly 200,000 troops and civilians killed was in stark contrast to Bagdad's estimate of 800,000 Iranian dead." page 250. It appears that NSA/US government was giving Iranian tactical war messages to Iraq during the Iran/Iraq war. And then there is the unfortunate case of former Iranian opposition leader Baktiar's death by stabbing in France. NSA apparently knew in advance of the plot. But did not disclose this information to French authorities until after Baktiar was killed. Therefore, under 5 USC 522b I request access to, 3 all NSA intercepted Iranian messages and translations between January 1, 1980 and June 10, 1996, 4 all NSA intercepted Libyan messages and translations between January 1, 1980 and June 10, 1996. 5 USC 552(b) permits withholding only properly classified documents from a Freedom on Information Act (FOIA) request. Therefore, I ask NSA to perform the mandatory declassification review ordered by EO 12356 if NSA feels that any of the documents are properly classified under its required published classification guidelines which I cannot find. If there are any fees for searching for, or copying, the records I have requested, please inform me before you fill the request. As you know, the Act permits you to reduce or waive the fees when the release of the information is considered as "primarily benefiting the public." I believe that this requests fits that category and I therefore ask that you waive any fees. If all or any part of this request is denied, please cite the specific exemption(s) which you think justifies your refusal to release the information and inform me of your agency's administrative appeal procedures available to me under the law. I would appreciate your handling this request as quickly as possible, and I look forward to hearing from you within 10 working days, as the law stipulates for the FOIA.. I ask that acknowledgment of my Privacy Act request be made within 10 working days. And the records be provided within 30 days. Otherwise, I will consider my request denied. ... Second FOIA was issued to NSA crypto-mathematician Brian Snow, R division, on June 10. Text of the FOIA reads, Dear Brian: Let me refresh your memory. I was project leader of the Missile Secure Cryptographic Unit (MSCU) Sandia labs from about '82 until late '86. You designed the crypto algorithm for the MSCU, and I having access to it, analyzed it in preparation for its implementation on a 8085 microprocessor and 8051 microcontroller. The MSCU project was funded by NSA. On one trip to NSA, FANX building, you gave a talk on reliability of NSA's hardware KG crypto units. You showed us schematics and devices of many KG units and told us about field failure reasons. You concluded by stating that dual redundant implementation had stopped NSA's field failure problems - in the sense that "red" data was never inadvertently released. My impression of NSA's crypto algorithm technology, from the MSCU and the schematics you showed us, was that it was quite ordinary shift register and machine combinatoric technology. But simple and reliable. And slow. I went on to design and build the data authenticator of the US/USSR CTBT. I wrote SAND91-2201 technical report which as critical of NSA "deficient" crypto work. The seismic algorithm was designed by NSA employee Ronald Benincasa. Benincasa later released a modification that compensated for the adverse algorithm procedure that any communication error caused a data authentication failure. In a DRAFT memorandum addressed to NSA deputy director James Hern on June 21, 1989 I specifically enumerated 7 serious NSA generic crypto algorithm deficiencies. In one response to my June 21 letter NSA crypto employees Mark Unkenholtz and Scott Judy released a new algorithm code named GRANITE which attempted to correct for some of the deficiencies I pointed out. In fact, NSA senior employee Bob Delan even talked to me in person about my concerns with NSA's deficient algorithms. I recently read, Crypto pan report may sink Clipper chip By George Leopold EE Times, June 3, 1996 In a move that could sound the death knell for the controversial Clipper chip, a long-awaited report to Congress last week endorsed widespread commercial use of encryption technology and rejected key facets of the Clinton administration's key-escrow scheme. ... NSA's crypto advice is embarrassing the Clinton administration. And NSA may even be giving the government bad advice on other crypto-related matters. NSA has apparently created the impression that it possesses some secret knowledge and techniques in crypto matters which those, uncleared, are not able to see. But I was cleared and understood what NSA was doing both theoretically and practically. I found no evidence that NSA possesses any special crypto skills, and apparently hides its deficiencies behind the veil of classification abuse. To the contrary, I discovered generic deficient crypto work. We brought this to the attention of NSA. Sandia even offered to help NSA fix its deficient crypto work. And NSA attempted to correct its deficient crypto work. Therefore, under 5 USC 522b I request access all technical documentation on, 1 Benincasa's original NSS/USO algorithm, 2 Benincasa's revision of 1, 3 The Unkenholtz - Judy GRANITE algorithm, 4 Your MSCU algorithm, 5 the clipper algorithm, 6 the STU III algorithms. I feel that published analyses of the above 6 algorithms will show the Clinton administration, congress, and the public that NSA possess no superior knowledge of crypto matters. But, in fact, suffers at least the same problems as everyone else in implementing field-reliable crypto equipment. I am requesting this information for factual information on a book I am writing on lack of ability and expertise, mismanagement, fraud, waste, abuse, corruption, violations of law, classification abuse, clearance abuse, abuse of national security interests, and cover-up of wrongdoing. And killing Iranians and Libyans. 5 USC 552(b) permits withholding only properly classified documents from a Freedom on Information Act (FOIA) request. Therefore, I ask NSA to perform the mandatory declassification review ordered by EO 12356 if NSA feels that any of the documents are properly classified under the required published NSA classification guidelines which I cannot find. If there are any fees for searching for, or copying, the records I have requested, please inform me before you fill the request. As you know, the Act permits you to reduce or waive the fees when the release of the information is considered as "primarily benefiting the public." I believe that this requests fits that category and I therefore ask that you waive any fees. If all or any part of this request is denied, please cite the specific exemption(s) which you think justifies your refusal to release the information and inform me of your agency's administrative appeal procedures available to me under the law. I would appreciate your handling this request as quickly as possible, and I look forward to hearing from you within 10 working days, as the law stipulates for the FOIA.. I enjoyed your practical talk and made mental notes. I sat directly across the table from you at lunch in the FANX cafeteria after your talk. Green return receipt requested postcards from NSA did not return. September 8 NM Eldorado postal substation issued two yellow follow-up postcards. September 17 clerk RAW acknowledged that NSA received the two FOIAs on June 13. I never received any response from NSA to theses two FOIAs. Under the law NSA is required to respond within 10 days. NSA never requested an extension of time as required by law. No reasons for extension of time, required by law, were given. Congress does not condone failure to meet time limits without reason. Therefore, I assume, as specified by law, my requests were denied. NSA never gave any reasons, as required by law, for NSA's denial. NSA did not furnish, as required by law, my right of appeal notification. FOIA request denial appeals, according to law, can be made to head of the agency. You, General Minihan. I appeal these two denials. Further, if you grant my appeal, then I ask that NSA provide the material in ascii text diskette files. Or post the information on Internet. Purpose 2: Classification abuse In 1991 I authored the Sandia National Laboratories technical report, SAND91-2201 Data Authentication for the Deployable Seismic Verification System NSA furnished Sandia the data authentication algorithm. Page 14 of SAND91-2201 presents NSA's algorithm. Data Bits | \ / | 16 Bit | --> V Register ------> + ^ | | |________________| | | 63 Bits | 14 Bits --> F Register ------> + --------> R Register ^ |_+_| ^ |___+___| |__________| |_______________| Figure 6. Diagram of the data authenticator algorithm structure. The algorithm is bit-oriented. Each data bit is exclusively OR-ed with the low-order bit of a 16-bit V register. This output is exclusively OR-ed with the low- order bit of a 63-bit linear feedback shift register. This is called the F register. This output is exclusively OR-ed with a boolean function, 14-bit R register. The high-order 10 bits of the R register are the authentication checksums. The V and R registers contain the 79-bit key. The NSA R Register feedback function is classified. For each data bit processed, both the F and R registers are stepped multiple times. The number of steps is classified. All remaining parts of the algorithm are unclassified. ... Sandia ordered me to build unclassified hardware. Therefore, the classified step value is stored in hardware latch U20, HC '374 seen in the schematic on pages 55-56. An unclassified number [between the limits of 0 and 255] was stored in the latch. Page 166 show code for storing the unclassified value of 29. : >STEP 29 STEP C! ; The conclusion of my SAND report was that DOE wasted millions of dollars of the taxpayers money on deficient NSA algorithm work over about a 20 year period. This is documented in my SAND report. APPENDIX T Benincasa's Algorithm Deficiencies This draft memorandum was circulated at NSA. No final copy was required. Sandia Labs received one new algorithm. OFFICIAL USE ONLY 181 [ ] is used to indicate penciled changes in the typed text. Appendix T reads, DRAFT June 21, 1989 Dr James J. Hearn Deputy Director of Information Security National Security Agency Fort George G. Meade, MD 20755-6000 Dear Dr. Hearn: The National Security Agency provided an approved data authentication algorithm for the SALT II seismic verification program in the middle 1970's. It is called the National Seismic Station - unmanned [U] Seismic Observatory data authentication algorithm and [ .It] is authored by Ronald Benincasa. The algorithm is currently being used for the Deployable Seismic Verification System. Data rates increased so the NSS-USO algorithm implementation technology is upgraded. The algorithm continues to serve well [well is crossed out] for this particular program. We considered using this approved algorithm for other treaty verification programs but is has several major [major is crossed out] deficiencies which make it awkward to apply. These deficiencies are: [include is penciled above 'are'] 1. The algorithm is bit oriented as opposed to bye, 16 bit word, 32 bit double word or 64 bit quad word oriented. 2. The algorithm required stepping two of its internal registers at a rate many times the data rate. This limits the maximum rate at which data can be authenticated. 3. The algorithm, because of deficiency 2, is only suitable for implementation in hardware. 4. The hardware implementation requires too much hardware using low technology chips releasable to treaty participants. The device is too big and expensive. 5. The original algorithm specification was amended by NSA to handle resynchronization in event of data transmission errors. It requires additional information to be added to a data frame to preserve adequate security. DRAFT 182 OFFICIAL USE ONLY DRAFT 6. The algorithm is currently classified SECRET although its declassification to a level so its details can be given to the Soviet Union has been promised. 7. We expect to have data authentication applications with bilateral and multilateral treaties. We feel it is [is is crossed out] advisable to use different algorithms for different treaties. We need a number of unclassified data authentication algorithms which apply to different data widths and speeds. The algorithms should permit inexpensive implementation in small packages. I ask that NSA assist us by providing us these algorithms. Sincerely, TBD by DOE DRAFT To: Mark and Ed, R From Bill FAX 505-846-6652 phone 505 -292 [292 is crossed out. 884 penciled above] -6847 Tom read and approved this. We wait for you comments. When we all agree we'll forward this to Doug at DOE. cc Amy Johnston [ in pencil] OFFICIAL USE ONLY 183 Abuse of classification by NSA is also a subject of an on-going lawsuit. The Electronic Privacy Information Center (EPIC) has filed a federal court brief challenging the "national security" classification of information concerning the "Clipper Chip" encryption system and the underlying SKIPJACK algorithm. The brief was filed in opposition to the National Security Agency's attempt to withhold the data from disclosure under the Freedom of Information Act. Urging disclosure of the disputed information, EPIC argues that: 1) Clipper's technical details have been withheld for "law enforcement" reasons, not "national security" reasons. As such, the information is not properly classified; 2) The security of the Clipper encryption system does not require the secrecy of the SKIPJACK algorithm or other technical details; 3) Disclosure of the withheld information will not (as NSA claims) constitute a violation of U.S. export control laws; and 4) The withheld information was part of the government's decision- making process that culminated in the adoption of FIPS 185, the "Escrowed Encryption Standard." The brief was filed in a FOIA case initiated on behalf of EPIC's co-sponsoring organization, Computer Professionals for Social Responsibility, in May 1993. NSA was granted a delay of more than two years in order to process relevant documents. The agency recently moved for summary judgment in the case, arguing (among other things) that the disputed information is properly classified. Executive Order 12356 states: Documents may not be classified in order "to conceal violations of law, inefficiency, or administrative error, to prevent embarrassment to a person, organization or agency, to restrain competition, or to prevent or delay release of information that does not require protection in the interest of national security. General Minihan, classification of the ruinous large STEP value violates Executive Order 12356 in that NSA's generic deficient crypto work has caused embarrassment to NSA. So NSA abused classification. And I subtly pointed this out in my SAND report. EPIC has challenged NSA in court on classification abuse. The improperly-classified STEP value NSA supplied is 31. But this is clearly a abuse of classification. And this, General Minihan, leads to purpose 3 of this letter. Settlement. Not only did NSA have my NSF grant continuation denied in 1975. I was fired from Sandia National Laboratories in 1992. But I did nothing wrong. I violated no rules. I advocated DOE's interests. I did refuse to do NSA "spiking" work. And would not sign my civil rights away to do this work! The document, WORKING AGREEMENT BETWEEN SANDIA NATIONAL LABORATORIES AND THE NATIONAL SECURITY AGENCY CONCERNING RESEARCH IN CRYPTOGRAPHY AT SANDIA NATIONAL LABORATORY Sandia National Laboratories (SNL) and the National Security Agency (NSA) have established a working relationship which has gown substantially over the last decade. Currently, there exist several joint project areas of mutual interest. Different policies and administrative procedure exist at SNL and NSA which govern the handling of sensitive and classified material, and the documentation and dissemination of such work. It is the purpose of the Agreement to specify the general guidelines under which work will be administered in the area of cryptography research at SNL. First, SNL, in its role as systems integrator, requires and indigenous cryptographic capability to support its Department of Energy mission in the design and development of safe and secure nuclear weapons and in treaty verification. SNL and NSA agree to a cooperative effort to support SNL's needs in a manner consistent with the role of such work to national security. Second, NSA, in its role as the U.S. Government approval authority for cryptographic systems developed for and used in national security applications, recognizes its responsibility to provide support and guidance to SNL's activities in applying cryptography. Third, SNL will regard cryptographic research work as classified when it is initiated or created, i.e., will protect such work as "created classified", and will consult with NSA prior to handling such work as unclassified. Periodic technical and managerial discussions between SNL and NSA will be held to increase the awareness of the security concerns of both organizations and to develop and maintain an SNL cryptographic classification guide which will protect the national security interests of both organizations. This working agreement shall be effective on the date of the last signature and will be reviewed annually by SNL and NSA. It will be valid until terminated by mutual agreement. AGREED: ALBERT NARATH RADM JAMES MCFARLAND (USN) President Plans and Policy TITLE TITLE SANDIA NATIONAL LABORATORIES NATIONAL SECURITY AGENCY June 10, 1991 22 July 1991 DATE DATE paves the way for abuse of classification. For criticisms of NSA deficient crypto work would be automatically classified SECRET to prevent embarrassment to NSA. Also I refused to do illegal FBI electronic lock breaking work. Clearly, both DOE and NSA need to get on to important post-Cold War tasks. I quote from a report of the National Academy of Public Administration, On November 6, 1993, DOE Secretary Hazel R. O'Leary delivered the keynote speech at "The Second Annual Protecting Integrity & Ethics Conference," sponsored by Public Employees for Environmental Responsibility (PEER). Although the conference addressed issues affecting federal employees in general, a special segment was dedicated to the issue of whistleblowing in DOE. In her speech the Secretary committed herself to "zero tolerance for reprisal" and to celebrating whistleblowing. The Secretary also asserted that "we can't look forward until we look back and correct what's happened in the past." These statements were widely quoted in the press coverage of the conference. Heart of America paid my way to hear O'Leary. So, General Minihan, perhaps you too might be well-advised to correct what has happened in the past so that NSA can look forward too? July 16 I forwarded criminal complaint affidavits to DC chief judge Harry Edwards naming Gosler and others involved in "spiking" hi tech terrorism for violating my civil rights. July 17 TWA 800 crashed. While the events in the above two paragraphs were mere coincidence, this rare event raises a serious problem for NSA and others, like Sandia Labs, involved in hi tech terrorism. Financial liability. Reasonable assumption must be that ANY unfortunate event is possibly an understandable and justifiable anti-terrorism attack for NSA's and other's hi tech terrorism activities. Like the US retailiatory attack on Libya for the La Belle disco bombing the Reagan administration attributed to Libya. Or a frame-up of those who are justified to commit anti-terrorism retaliatory strikes. By their enemies, of course. There is figure for settlement. July 3, 1988 Iran Air A300 Airbus was shot down by the USS Vincennes over the Persian Gulf. 273 were killed. The Clinton administration apparently settled with the families of the Iranian victims for $300,000 wergild. US victims families' will likely want more. Now, General Minihan, perhaps NSA might considering escrowing at least this amount for each victim of ANY unfortunate incident, either past, or in the future? And, of course, there is the wergild for those Iranians killed by Iraq as a result of the tactical messages given to Iraq during the Iran/Iraq war. But we will not know the magnitude of the damages until NSA complies with my FOIA to Bottomly. But, my primary purpose is to settle with NSA. Here is my proposal: 1 $200,000 lost wages and benefits for my NSF grant non- continuation. 2 $2,000,000 for the years 1997-2003 for my salary, benefits, and money to complete the work proposed in my NSF grant renewal and new work - related to pseudorandom number generation and machine combinatorics, of course. The law allows you 20 working days to respond to the appeal. You can ask for an additional 10 day extension for a valid reason. I ask that you respond to my settlement offer within this time too. Sincerely, William H. Payne 13015 Calle de Sandias NE Albuquerque, NM 87111 ------------------------------------------------------------------------- [End]