"In today's Age, the public has centered in on government as "the problem." Specifically, the focus is on the potential abuse of the Government's applications of this new information technology that will result in an invasion of personal privacy. For us, this is difficult to understand. We are "the government," and we have no interest in invading the personal privacy of U.S. citizens."
This attitude is similar to Bill Binney's (in that U.S. citizens are off-limits due to FISA)[1]. I presume he wasn't the only person within the NSA who felt like that…and I can't help but wonder what the internal dialog is like these days.
> We are "the government," and we have no interest in invading the personal privacy of U.S. citizens.
That is interesting. That may be true for the people who made that statement, though it's hard to guarantee it for anyone who has ever or will ever have access to NSA information. You don't have to believe in a nefarious Big Brother to be concerned about the perhaps inevitable potential for mistakes or abuse by some individuals behind "Government's applications of new information technology". History offers plenty of examples, after all.
The description of the Director's Summer Program (DSP) for recruiting math undergrad interns sounds almost reminiscent of Ender's Game. These were some brilliant kids who achieved a lot in one summer.
> The students had to learn decades of classified cryptologic mathematics in two weeks, as well as a myriad of details about the four problems presented to them. During these two weeks, some learned to program for the first time. All were proficient programmers by the end of the summer.
> Incredibly, before they met us, two of our DSP students, juniors, had not been planning to go on to graduate school following their senior year. These two were performing exceptionally well in their current, demaning academic programs and, ironically, made the most direct contributions to the most significant results of the workshop. One went home from the DSP with a surge of confidence, applied to all the top graduate schools and is now in a Ph.D. program on a fellowship. The other wished to become an NSA employee, but we talked her out of joining us right away. She took all pure mathematics courses her senior year and is now in graduate school in a Ph.D. program on a fellowship.
It'd be fascinating to know what they're working on now.
(Vol. XX, No. 1 - 1st Issue 1994, #126 on the list)
> It'd be fascinating to know what they're working on now.
They're almost certainly not working with technology that's "ahead by 10 years", as their recruiters like to advertise: Their hardware is basically standard stuff shipped by Sun (... I guess that's Oracle now), running mostly Java.
"Top Secret Umbra" I haven't seen that code word since I worked at a communications monitoring site in Turkey in 1977. I never could have imagined seeing it on a document released to the public. Time does change things.
To save everyone some Google queries, "UMBRA is the highest-level compartment of the three compartments of Special Intelligence—the euphemism for COMINT. The lower level compartments are MORAY and SPOKE."
From the September 1978 article "NONSECRET ENCRYPTION (Public Key Cryptosystems)":
"We in the intelligence community have become accustomed to holding a monopoly on useful advanced cryptologic knowledge, so it is with surprise and apprehension that we have witnessed in recent years an increasing interest in cryptology on the part of American academicians."
Seeing redacted docs like this always makes me wonder - for brief blacked-out passages, couldn't you make measurements of the remaining letters/words on the line, their sizes and spacing, and algorithmically generate a few likely candidates for the blacked-out text?
You could at least estimate the length in characters of the blacked-out text. For a monospaced font this character count is trivial; for a proportionately-spaced font it'd be a little harder but you have lots of other non-censored characters to learn from.
There was a released-but-redacted CIA memo saying, "An Egyptian Islamic Jihad (EIJ) operative told an XXXXXXXX service at the same time..." From analysis of the size and shape of the blob, the missing text could only be "Egyptian".
In fact, a monospace font turns out to be harder for this; with a proportional font, as here, there is more variability in total word length due to the different letter widths, and so a greater ability to reduce the number of possible matches.
November '81 has a cool 8 page article on the coming age of "powerful personal computers", with a good overview of the tech of the time. Soon everyone can have their own VAX or 370!
Page 33, Book Review "Rapid Development" by Steve McConnell. A "top secret" book review now sees the light of day!
edit: The introduction mentions some predecessor magazines targeted to specific groups. "Dragonseeds" to B group, "Keyword" to G group, "QRL" to language, "Command" to traffic analysis and special research. I wonder if anyone has FOIA'd these earlier publications?
I believe that they (government) are just in a business where it's better to overclasify 100 documents than underclasify one.
Think of it from web development perspective. Years ago SSL were used only for financial transactions, then for e-commerce transactions. Nowadays it's considered a good practice to use it anywhere you transfer any user data or session. Isn't that our industry's equivalent of their over-classification routine? I think they basically do the same what we do with SSL - they apply their security layer to all content produced by all their users. It's exactly what we do with our security layers in software development.
Documents are classified at the highest classification of any single piece inside the document. In the cryptolog you linked to, there are two large redacted sections. It's not that the book review was classified, it was just published next to stuff that was classified. If you filed a FOIA request, they would have given you the book review with minimal fuss, but kept the redacted parts out of the FOIA. You can tell the information that is unclassified because it is marked (U). Classified info will be marked with different letters depending on the level of classification, and will likely be heavily redacted in anything released to the public.
I usually try to subvert the redaction on PDF files with a reasonable degree of success, but I suspect it would be a waste of time in this case :) Anyway, most interesting, both technically and socially. Had I been born in the US I think I'd have enjoyed working at the NSA.
Anyone stumbled upon Untangling the Web? It's a DOD "book" about web search, classified, remarkably interesting and nothing warranting being classified. I'm sure NSA has tons of actually interesting stuff they could make public
I'm curious what is in the redacted parts that still needs to be classified? Surely nothing from 1974 is still state-of-the-art today. Surely no covert operatives are still in danger from the 70's (though I guess it's possible).
For the specific purposes of redaction, it's not about whether something "needs" to be classified. They redact what is classified. The decision to unclassify lies elsewhere.
And the reason it hasn't all be declassified with a blanket order is no doubt simple bureaucratic conservatism. No one is going to get an award for "brilliant work in declassification", and the last thing any spook wants for her career is to be yelled at for declassifying something embarrassing.
Statistically, real threats are rare, but ambition and corruption are
common. Overwhelmingly, the purpose of censorship is not the protection
of national security, but the protection of individual careers. That's
not ideology, but mathematics. Because there are very, very, few true
national secrets, but a huge amounts of information that someone would
like to bury for one reason or another.
1974 is only 40 years. The terms "career politician" and "career bureaucrat" apply everywhere; someone recruited, say, right out of school, could easily still be working. That's to say nothing of anyone those people may have recruited.
Same goes for technology. What was done 40 years ago may not directly apply, but it might give clues to what's around today.
Not at all. If the original statement was something like, "Top Secret Agent Spongebob Squarepants determined that rot13 is not a good encryption scheme," then redacting the name of the top secret agent while releasing the rest of the statement makes perfect sense.
[+] [-] interknot|13 years ago|reply
https://www.nsa.gov/public_info/_files/cryptologs/cryptolog_...
"In today's Age, the public has centered in on government as "the problem." Specifically, the focus is on the potential abuse of the Government's applications of this new information technology that will result in an invasion of personal privacy. For us, this is difficult to understand. We are "the government," and we have no interest in invading the personal privacy of U.S. citizens."
This attitude is similar to Bill Binney's (in that U.S. citizens are off-limits due to FISA)[1]. I presume he wasn't the only person within the NSA who felt like that…and I can't help but wonder what the internal dialog is like these days.
1: http://www.newyorker.com/reporting/2011/05/23/110523fa_fact_...
[+] [-] joshuahedlund|13 years ago|reply
That is interesting. That may be true for the people who made that statement, though it's hard to guarantee it for anyone who has ever or will ever have access to NSA information. You don't have to believe in a nefarious Big Brother to be concerned about the perhaps inevitable potential for mistakes or abuse by some individuals behind "Government's applications of new information technology". History offers plenty of examples, after all.
[+] [-] starpilot|13 years ago|reply
> The students had to learn decades of classified cryptologic mathematics in two weeks, as well as a myriad of details about the four problems presented to them. During these two weeks, some learned to program for the first time. All were proficient programmers by the end of the summer.
> Incredibly, before they met us, two of our DSP students, juniors, had not been planning to go on to graduate school following their senior year. These two were performing exceptionally well in their current, demaning academic programs and, ironically, made the most direct contributions to the most significant results of the workshop. One went home from the DSP with a surge of confidence, applied to all the top graduate schools and is now in a Ph.D. program on a fellowship. The other wished to become an NSA employee, but we talked her out of joining us right away. She took all pure mathematics courses her senior year and is now in graduate school in a Ph.D. program on a fellowship.
It'd be fascinating to know what they're working on now.
(Vol. XX, No. 1 - 1st Issue 1994, #126 on the list)
[+] [-] GoranM|13 years ago|reply
They're almost certainly not working with technology that's "ahead by 10 years", as their recruiters like to advertise: Their hardware is basically standard stuff shipped by Sun (... I guess that's Oracle now), running mostly Java.
[+] [-] anemic|13 years ago|reply
what's in them. I think that
████████████████████████████████████████████████
████████████████████████████████████████████████
████████████████████████████████████████████████
███████████████████████. Would that just make my day!
[+] [-] mootothemax|13 years ago|reply
"An Example of Intelligence Community Synergy"
[four blank pages]
https://www.nsa.gov/public_info/_files/cryptologs/cryptolog_...
[+] [-] joezydeco|13 years ago|reply
http://www.theonion.com/articles/cia-realizes-its-been-using...
[+] [-] vinkelhake|13 years ago|reply
[+] [-] davidroberts|13 years ago|reply
[+] [-] apaprocki|13 years ago|reply
[+] [-] alvarosm|13 years ago|reply
[+] [-] malingo|13 years ago|reply
"We in the intelligence community have become accustomed to holding a monopoly on useful advanced cryptologic knowledge, so it is with surprise and apprehension that we have witnessed in recent years an increasing interest in cryptology on the part of American academicians."
[+] [-] DanBC|13 years ago|reply
[+] [-] wgrover|13 years ago|reply
You could at least estimate the length in characters of the blacked-out text. For a monospaced font this character count is trivial; for a proportionately-spaced font it'd be a little harder but you have lots of other non-censored characters to learn from.
[+] [-] alex-g|13 years ago|reply
There was a released-but-redacted CIA memo saying, "An Egyptian Islamic Jihad (EIJ) operative told an XXXXXXXX service at the same time..." From analysis of the size and shape of the blob, the missing text could only be "Egyptian".
In fact, a monospace font turns out to be harder for this; with a proportional font, as here, there is more variability in total word length due to the different letter widths, and so a greater ability to reduce the number of possible matches.
[+] [-] Spooky23|13 years ago|reply
[+] [-] bitwize|13 years ago|reply
[+] [-] Mithrandir|13 years ago|reply
[+] [-] Groxx|13 years ago|reply
[+] [-] waterlesscloud|13 years ago|reply
https://www.nsa.gov/public_info/_files/cryptologs/cryptolog_...
[+] [-] NelsonMinar|13 years ago|reply
[+] [-] negativity|13 years ago|reply
[+] [-] apaprocki|13 years ago|reply
https://www.nsa.gov/public_info/_files/cryptologs/cryptolog_...
Page 33, Book Review "Rapid Development" by Steve McConnell. A "top secret" book review now sees the light of day!
edit: The introduction mentions some predecessor magazines targeted to specific groups. "Dragonseeds" to B group, "Keyword" to G group, "QRL" to language, "Command" to traffic analysis and special research. I wonder if anyone has FOIA'd these earlier publications?
[+] [-] racbart|13 years ago|reply
Think of it from web development perspective. Years ago SSL were used only for financial transactions, then for e-commerce transactions. Nowadays it's considered a good practice to use it anywhere you transfer any user data or session. Isn't that our industry's equivalent of their over-classification routine? I think they basically do the same what we do with SSL - they apply their security layer to all content produced by all their users. It's exactly what we do with our security layers in software development.
[+] [-] olympus|13 years ago|reply
[+] [-] lallysingh|13 years ago|reply
[+] [-] xyzzy123|13 years ago|reply
[+] [-] vegasbrianc|13 years ago|reply
[+] [-] anigbrowl|13 years ago|reply
[+] [-] TheCondor|13 years ago|reply
Anyone stumbled upon Untangling the Web? It's a DOD "book" about web search, classified, remarkably interesting and nothing warranting being classified. I'm sure NSA has tons of actually interesting stuff they could make public
[+] [-] pyre|13 years ago|reply
[+] [-] ajross|13 years ago|reply
And the reason it hasn't all be declassified with a blanket order is no doubt simple bureaucratic conservatism. No one is going to get an award for "brilliant work in declassification", and the last thing any spook wants for her career is to be yelled at for declassifying something embarrassing.
[+] [-] bediger4000|13 years ago|reply
Seth Finkelstein
http://grep.law.harvard.edu/article.pl?sid=03/12/16/0526234&...
[+] [-] fotbr|13 years ago|reply
Same goes for technology. What was done 40 years ago may not directly apply, but it might give clues to what's around today.
[+] [-] thirsteh|13 years ago|reply
[+] [-] ZachWick|13 years ago|reply
[+] [-] davidroberts|13 years ago|reply
[+] [-] Achshar|13 years ago|reply
[+] [-] jimm|13 years ago|reply