Tag Archives: classified

Security

“Eyes Only” Security Marking

Leave a comment

[This post has been UPDATED since first published]

Occasionally in the news (and more often in spy fiction) people pass around super-secret documents marked “Eyes Only.” The United Kingdom and Canada use “Eyes Only” to indicate specific countries with whom a document may be shared. “UK Eyes Only,” for example, means that the document is only distributed within the UK and not to other countries. The marking may also have a list of countries, often the “five eyes.” The US has traditionally used other markings like REL TO (release to) or NOFORN (no foreign dissemination) for this purpose. This type of marking is often called a caveat as opposed to being a classification level, compartment, or codeword.

Classified document markings are treated seriously, and government agencies have published explicit definitions of them. US classification guides (for example, this one from the intelligence community) discuss “Eyes Only” exclusively in terms to the UK definition. This does not, however, cover all examples. The only other US definition I’ve found dates from 1974:

c. Eyes Only Messages.-A privacy communication from one named individual to another individual. Delivery of this type of message is restricted to the named addressee or to those personnel (contacts) the addressee has authorized to receive such messages. No further dissemination is permitted unless so directed by addressee or authorized member of his staff.

Defense Intelligence Agency (DIA), Special Operations Branch Office Procedure No. 35-2, January 13, 1974 (quoted from a Senate hearing transcript later that year).
Continue reading “Eyes Only” Security Marking
Security

This photo should not exist

pin.it/fnnc4j6fjamugy

Once we get past the creep factor of Nazi army uniforms, we see a communications team sending a secret message. They are using the legendary Enigma machine to encrypt the message.

But why, why did that officer allow a photographer to record this highly sensitive activity?

A failure of operational security (OPSEC). Allies in Bletchley Park would have sacrificed lives for this photo, or any photo showing the device in operation.

Continue reading This photo should not exist

Security

Comparing Leaks: Trump vs. Hillary

1 Comment

Lattice for Secret, Top Secret, and compartmentsAs I said in an earlier post, no crime is committed if the appropriate official leaks sensitive classified information. This applies to both Secretary Clinton’s email server and President Trump’s unfortunate meeting with Russian diplomats. Both carried the authority to disclose what they disclosed. One question remains: what damage might have ensued from each leak?

I would argue that in both cases the initial lapse of judgement did not explicitly damage the United States. In both cases, however, the subsequent brouhaha may have leaked classified information. I personally doubt that the country will suffer much from either leak, though that is based on my own assessment of national threats (a political opinion).

Continue reading Comparing Leaks: Trump vs. Hillary

Tech History

A Yank at Bletchley Park

A friend and colOne of Turing's Bombe devicesleague introduced me to a 94-year-old gentleman with a rare tale to tell. John McCallister was recruited during World War II to be a US Army liaison officer at “Station X,” the UK’s highly secret codebreaking operation at Bletchley Park. Station X collected intercepted German radio messages, all encrypted with the supposedly-unbreakable Enigma cipher, and broke the encryption. The resulting data was distributed to a handful of senior UK and US military commanders.

At first, McCallister worked at Bletchley and learned about the codebreaking operation. He met Alan Turing, now recognized as a giant in computer science. Turing developed codebreaking machines at Bletchley, including the “bombe” (left). Then McCallister prepared for his own role: to handle and distribute the highly secret information to senior US military commanders.

Following the war, McCallister left the crypto world. After college and reserve service for the Korean War, he applied his mathematic skills to business accounting at General Electric and Zenith Electronics. He retired in 1984.

[Postscript added]

Continue reading A Yank at Bletchley Park

Security

NSA re-releases Boak’s Lectures

Boak's History of US COMSECI’m a fan of Boak’s Lectures – they cover the fundamentals of military cryptography just before the information revolution.David Boak developed the lectures for the National Security Agency’s Cryptologic School.

Even though the lectures are from the ’60s and ’70s, they remain relevant to today’s cybersecurity threats. Cryptographic techniques that were classified Secret in Boak’s work are prominent in modern commercial cryptosystems. A sanitized version of Boak’s Lectures (Vol 1, Vol 2) was released in 2008.

I’m happy to report that the Interagency Security Classification Appeals Panel has released a more complete (less redacted) version. It’s available from the Government Attic.

Continue reading NSA re-releases Boak’s Lectures

Security

Clinton’s Email Server Isn’t Her Scandal

Hierarchical security levelsEarly last month, Edward Snowden criticized former Secretary of State Hillary Clinton for obviously and intentionally mishandling classified information by using a private email server. A recent Huffington post argues that, if true, Snowden’s comments could cost Clinton the Democratic Presidential nomination.

This rests on technical questions of security and classified information. Based on the information I have seen, Clinton committed no crime. Her security mistakes are typical of politicians of her (my) generation. She was exercising the authority and discretion (or lack thereof) belonging to her role as Secretary of State. I will explain why.

DISCLAIMER: I personally neither support nor oppose Hillary Clinton’s bid for a Presidential nomination.

UPDATE (March 22, 16): Richard Lempert, a professor of law and sociology, has posted a more detailed parsing of the laws and regulations to come to the same conclusion.

Continue reading Clinton’s Email Server Isn’t Her Scandal

Security

Boak’s Puzzle: Disposing of Classified Trash

Boak's History of US COMSECRecently I was skimming through the NSA’s “classified history of COMSEC” (Volume 1 and Volume 2).  This “history” is a transcription of lectures by David G. Boak, who liked to explain NSA-related topics from a historical perspective. He clearly inspired a generation of NSA’s employees. The last “real” page of the document contains a humorous story and a crypto puzzle (link to extract in pdf).

The NSA had an incinerator in their old Arlington Hall facility that was designed to reduce Top Secret crypto materials and such to ash. Someone discovered that it wasn’t in fact working. Contract disposal trucks had been disposing of this not-quite-sanitized rubish, and officers tracked down a huge pile in a field in Ft. Meyer.

How did they dispose of it? The answer is encrypted in the story’s text! Continue reading Boak’s Puzzle: Disposing of Classified Trash