THE CODEBREAKERS
Page 98
The free world engages in practical cryptanalysis too, and it has had its triumphs. In the nature of things, they are less publicized than the failures. Two former N.S.A. employees reported that “the United States Government gave money to a code clerk working in the Washington embassy of a United States ally [later identified as Turkey] for supplying information which assisted in the decryption of that ally’s code messages.” They also revealed that cryptanalytic “success in at least one case has also been facilitated by the fact that the United States supplied to other nations cipher machines for which it knew the construction and wiring of the rotors.” Another ex-employee disclosed that “N.S.A. also obtains the originals of national ciphers from secret sources. This indicates that someone steals the ciphers of the Near East countries for the Americans. In N.S.A. I actually saw photocopies of ciphers of the Syrian General Staff, and also instructions for using them.” In Sofia in 1963, former Bulgarian Communist diplomat Ivan-Asen K. Georgiev pleaded guilty to charges of spying that included having disclosed the code of the Bulgarian mission to the United Nations to an American professor, who was probably a C.I.A. agent.
How lax security can be at some places is indicated by the experience of two American girls doing secretarial work for the Iranian mission to the United Nations. From time to time, when the mission’s Hagelin machine jammed and the Iranians could not clear it, they called in the girls, who seemed to have a mechanical knack, to get it working again. The gross security blunder of letting two Americans—who might have been (but were not) reporting to the C.I.A.—examine so vital a secret seems never to have occurred to the Iranians.
Practical cryptanalysis has even been acknowledged at the highest level. The source is none other than Nikita Sergeyevitch Khrushchev. While sightseeing in Los Angeles with U.S. Ambassador to the U.N. Henry Cabot Lodge during his 1959 visit to the United States, the Soviet Premier boasted that he had seen a message that President Eisenhower had sent to Prime Minister Nehru of India about border troubles with Red China, as well as a message to Eisenhower from the Shah of Iran. Earlier, in Washington, he remarked to C.I.A. chief Allen Dulles that C.I.A. agents gave their codebooks to the Russians, which the Soviets used to feed false information to the C.I.A. and to demand and receive money. He suggested that the U.S. and the U.S.S.R. save money by pooling intelligence services.
It was no joke to American security officials, particularly those involved in cryptology. They go to extraordinary lengths to prevent security leaks. The United States channels cryptologic information through a separate security category of its own. Cryptographic equipment and documents are distributed, stored, and registered separately from other classified equipment and documents. Top-secret security clearances will not automatically permit their holders to see cryptologic information: this requires a special crypto clearance. Army Regulation 380-5 on military security accords cryptology an entire special section. President Kennedy’s Executive Order 10964 on security exempts cryptologic material “from automatic downgrading or declassification,” and adds: “Nothing in this order shall prohibit any special requirements that the originating agency or other appropriate authority may impose as to communications intelligence, cryptography, and matters related thereto.”
Similarly, Congress in 1950 agreed with Defense Department contentions that neither the Espionage Law of 1917 nor the Yardley Law of 1933 (which covered only diplomatic codes) afforded sufficient protection to American cryptologic affairs. It enacted* Public Law 513, codified as Title 18, Section 798, United States Code, which specifically made it a crime, punishable by a fine of $10,000 and a jail term of 10 years, to disclose classified information concerning American or foreign cryptosystems, “the communication intelligence activities of the United States or any foreign government,” or material “obtained by the processes of communication intelligence.”
This special protection stems in part from the extraordinary damage that betrayal of cryptosystems can do. Knowledge of a cipher system can give an enemy insight into quantities of information, whereas knowledge of, say, a particular weapon is limited to that item. In part, the protection is needed because of the special sensitivity of cryptanalytic intelligence. A nation can change its codes upon the merest suspicion that they are being read and can thus deprive its foe of an important source of intelligence. But to deprive the foe of intelligence obtained by a spy means first finding that spy in a large population.
The presidential directive that created the National Security Agency was and is classified as security information, and the veil thus thrown around the agency at its very birth has cloaked it to this day. N.S.A. is even more still, more secret, and more grave than the C.I.A., whose basic functions are set forth in the 1947 law that created it. C.I.A. officials have occasionally issued statements to the press and have more often leaked favorable publicity. N.S.A. officials never have. The National Security Agency thus remains the most reticent and least known organ of the entire hush-hush American intelligence community.
At N.S.A. security begins outside. Three fences ring the headquarters building. The inner and outer are Cyclone fences topped with V’s of barbed wire. The middle one is a five-strand electrified wire. These are pierced by four gatehouses manned by Marine guards. When the gates are closed, a complicated electronic apparatus involving mirrors and lights buzzes warningly. Gatehouse 3, on the north side of the building, is open 24 hours a day.
Security permeates N.S.A.’s interior as well. Both the agency’s organization and the physical arrangements that reflect this organization are highly compartmented, with numerous checkpoints, and employees are not permitted to enter areas in which they do not work without special permission. Colored badges limit them to their own areas. Pistol-packing guards block the entrance to specially restricted areas. The most secret documents must be locked in three-tumbler safes except when analysts are actually working on them—and these areas are also patrolled night and day. Offices that generate the least confidential documents in quantity may store them in desks or in file cabinets, sometimes unlocked, but these offices are under constant armed guard. When classified papers must be taken from N.S.A. to other agencies, employees must not go alone if they use a private car but must travel in pairs. They must keep the papers in a locked briefcase and must store them overnight in a safe stowage either at the other agency or at N.S.A.; they may not take them home.
Similar precautions are taken wherever cryptologic material is used. At the United States mission to the United Nations in New York, the code room is protected by a solid steel door three and a quarter inches thick. Guards patrol the corridor outside. Windows are frosted. White plastic domes on the ceiling emit ultrasonic rays that sound a warning if anyone moves in the room after hours. The cipher machines themselves stand in an alcove around a corner, hidden from the eyes of anybody at the door or admitted to the main message area. And to cut down on the number of times that the door has to be opened, the code room has its own pantry—and its own toilet.
N.S.A. security extends even to unclassified letters to private citizens. Unlike other government agencies, its envelopes are imprinted on the inside with markings that prevent anyone from reading the text of the letter through the envelope. And N.S.A. carefully words these letters to reveal as little as possible about itself. One minor slip-up gave away the agency technique. An amateur cryptologist offered N.S.A. his translation of a German doctoral dissertation in mathematics with cryptologic applications. He did not refer to it as a dissertation. N.S.A. declined the offer by saying that it “has no need of this dissertation”—a clear indication that the agency knew of the document and probably had it as well, but did not want to admit an interest in cryptology by saying so. N.S.A. supervisors tell new employees that this apparently obsessive preoccupation with security constitutes a large margin of safety: If the employee does not talk about even the obvious, he will not come close to talking about secret matters. In addition, this blanket coverage makes it much easier for N.S.A. to
maintain security than a selective discrimination and release of items, such as textbooks, that are not really secret.
Among the agency’s deep secrets is its annual budget. N.S.A. does not appear in the federal budget. All its funds, like those of the C.I. A., are cunningly concealed by adding a few million dollars to each of several line items in other parts of the budget. The chiefs of the agencies whose budget figures are thus padded know only that the money is for a classified project, but in many cases Congress is told in executive sessions what the figures are for these projects. The Secretary of Defense can legally shift the funds from one unit to another, within certain limits. Unlike the C.I.A., N.S.A. finances are audited by the Government Accounting Office. The results, however, have not been shown to Congress, G.A.O.’s boss.
The employees themselves must pass the strictest security standards in the Department of Defense. A prospective employee must pass the National Agency Check, in which several investigative agencies report any facts they have bearing on his loyalty. He must also pass a lie detector test.* He may then be hired for training, but final clearance depends upon a full Background Investigation. This involves verification of birth, education, and employment records, interviews with friends, neighbors, and former co-workers and employers on his trustworthiness and maturity, analysis of credit records, and a further check for membership in subversive organizations. No one who has close kin in an Iron Curtain country may be hired. Even after having passed these requirements and been hired, all employees undergo follow-up checks every four years to make sure that their security clearance should be maintained. All except some of the older employees must pass repeated lie detector tests. They must also periodically sign a certificate that they have read Public Law 513.
N.S.A. dins security security security security into its employees with remorseless persistence until it becomes more than habitual, more than second nature—it becomes virtual instinct. Many, perhaps most, N.S.A.ers never tell their wives and children just what their jobs are. “N.S.A.,” they explain, stands for “Never Say Anything.” The Security Education Program pulls out all stops: “Our job with N.S.A. is essential to the preservation of our American way of life. As part of that job, fulfilling our security obligations is equally essential to the success or failure of this Agency in the accomplishment of its mission.” So thorough is the indoctrination that one employee wondered in a poem whether being not allowed to say what he did in this world would have dire effects in the next:
But to St. Peter, must I say,
“I learned my lesson well.
You see, I worked at N.S.A.,
So send me on to-----.”
The bitter irony of all this is that, despite all the precautions, N.S.A. has been involved in security breaches more spectacular and more damaging to the free world than any others in the Cold War except those of the atomic spies.
The first involved Joseph Sidney Petersen, Jr. His arrest October 9, 1954, for taking classified documents from A.F.S.A.-N.S.A. made front-page news in both the largest U.S. daily—the New York Sunday News—and the most respected—The New York Times. Petersen, 39, a former physics teacher, had taken the Army correspondence course in cryptanalysis in 1940 and 1941 and had joined the Signal Intelligence Service in mid-1941. In his 13 years at Arlington Hall he worked on almost every problem and, on his own initiative just after the war, began giving sorely needed and “very successful” instruction in cryptology for new employees and for old ones who had become over-specialized. This training program was made official in 1953, becoming the basis for the present N.S.A. School. Petersen said he took two of the classified documents to help in preparing lessons. One was Chinese Telegraphic Code SP-D, with addenda and errata, dated July 1, 1945, and classified “secret”; this is the Ming commercial code in which 10,000 Chinese ideographs are assigned four-digit codenumbers so that they can be sent by telegraph, with some agency annotations. The other was A.F.S.A. 23 0763; KC 037, “Routing of North Korean Political Security Traffic as Indicated by Group A2,” dated February 20, 1951, a traffic analysis classified “top secret.”
During World War II, the tall, myopic Petersen had become friends with short, trim Colonel J. A. Verkuyl of the Royal Netherland Indies Army, one of Holland’s finest cryptanalysts (with two others, he drew up the report on the cryptography of NORDPOL for the Dutch government). Verkuyl, a liaison officer, sat at the desk next to Petersen in Arlington Hall as together they solved Japanese diplomatic code messages—a field in which Verkuyl had had considerable prewar experience. Through Verkuyl, Petersen met Giacomo Stuyt, communications officer at the Dutch embassy. Their mutual interest in mathematics and in their work led them into discussions of cryptology.
After the war, when Verkuyl returned to Holland, Petersen mailed him ideas about instructional methods and other details helpful to his setting up of a cryptologic corps in Holland. Stuyt stayed in America and Petersen remained friendly with him. The Dutch at this time were using the Hagelin machine for their diplomatic communications, and in 1948 Petersen, for reasons that have never been explained, copied top-secret notes indicating American success in breaking Netherlands cryptosystems and removed a 1939 Signal Intelligence Service document entitled “Analysis of the Hagelin Cryptograph, Type B-211,” and showed them to Stuyt. (The B-211 was not the M-209 widely used in World War II: it was the printing version of the machine that Hagelin had invented in 1925, nine years before he created the C-36, ancestor of the M-209.) Verkuyl thinks that Petersen was motivated, not by any intent to harm the United States’ cryptanalytic effort, but to help secure the communications of his friends from other nations’ prying.
When F.B.I. agents searched Petersen’s apartment in the fall of 1954, they found the notes and documents. It was the first case to come under Public Law 513. Perhaps for that reason the Justice and Defense departments decided to prosecute instead of handling the matter administratively within N.S.A. to prevent publicity. Possibly they sought to make an example out of Petersen. But, as his lawyer said, “they had a bear by the tail after the decision was made,” for the arrest attracted tremendous news coverage. The prosecution urged him to withdraw his plea of not guilty and to plead guilty to prevent the exposure of evidence that a trial would require. Petersen, filled with remorse, eager to repair the damage he had done to his country, and hoping to lighten his sentence, agreed. It seems likely that the government hinted at a light or suspended sentence. Federal District Judge Albert V. Bryan did dismiss two of the indictment’s three counts. But, declaring that “The pith of this offense is not what the defendant withdrew, but that he withdrew, records from the National Security Agency,” he sandbagged Petersen with a seven-year term. Petersen served four years before being paroled. The government thus managed to create an example for other potential offenders without the risks of a trial. How fair it was to Petersen remains an open question. But perhaps one should not argue with success: since Petersen, there have been no more prosecutions for leaking cryptologic information.
In the most spectacular of the security breaches, the only reason for the failure to prosecute was the venue of the potential defendants, well beyond the jurisdiction of federal authorities. They had gone to Soviet Russia. These were the turncoat American cryptologists, William Hamilton Martin and Bernon Ferguson Mitchell, who in 90 minutes of blabbing at a Moscow press conference in 1960 told more to a bigger audience in less time about any nation’s intelligence effort than any other traitors have ever done.
Though much is known about these two young men, nothing is really known about why they betrayed their country. Both were West Coast boys, both extremely bright, both raised in an atmosphere as American as apple pie, and both “clean” enough to pass the rigorous Navy cryptologic clearance. Bernon Mitchell, born March 11, 1929, grew up in Eureka, California, where his father had a successful law practice. He concentrated on science in high school and engaged in such adolescent pranks as filling balloons with hydrogen and exploding them in airbursts that frig
htened the neighbors. When a teacher would lead him no further into the theory of relativity than he himself had gone, he abruptly quit Eureka High School and transferred to another school 80 miles north. He declared himself an agnostic, debated philosophy aggressively, played poker with a few close friends, read deeply in the philosophy of mathematics. A tall, lean youth with dark wavy hair and regular features, he seldom dated. In 1951, after a year and a half at the California Institute of Technology and under pressure from the draft, he enlisted in the Navy. He was cleared for cryptology and assigned to that work at the Yokosuka Naval Base.
There he met William Martin, a soft-faced youth who was born May 27, 1931, in Columbus, Georgia. The Martins had moved to Ellensburg, Washington, when Bill was 15. He was so brilliant a student in junior high school that a psychologist tested him to see if he should skip high school altogether and enter the University of Chicago in a program for gifted children. He was scholastically qualified for it, but his principal thought he was neither mature nor socially developed enough to bypass high school. Nevertheless, he finished three high school years in two. His interests lay in hypnotism, reading, psychology, and chess; at 17, he won the chess championship of the Northwest. He always wore a white shirt and tie but evinced no interest in girls. His personality was almost overbearing: he was quite capable of giving gratuitous and insulting advice to adults. He studied a year at Ellensburg’s Central Washington College of Education—where he developed an interest in mathematics—before joining the Navy and meeting Mitchell in cryptologic work.
The two became firm friends during their four-year tours. After Mitchell returned to the United States to study mathematics at Stanford University, where he had a B average in the subjects that N.S.A. needed, Martin stayed on in Japan to do cryptologic work for the Army, then came back home to major in mathematics at the University of Washington. He had almost straight A’s for his last two years. Both were separately approached by N.S.A. recruiters a few days apart in February and March, 1957, and offered employment. Both accepted and were hired as mathematicians, Civil Service grade GS-7, at about $6,000 a year, reporting for duty July 8, 1957, apparently under an interim security clearance. Later, under a lie detector examination, Mitchell admitted that he had engaged in sexual experiences with dogs and chickens when he was between 13 and 19; the agency’s security office felt that this adolescent experimentation did not furnish sufficient basis for denying final clearance, which was eventually granted. Martin’s investigation revealed that acquaintances considered him an insufferable egotist, slightly effeminate, not wholly normal, somewhat irresponsible, and susceptible to flattery. His superiors almost unanimously said that they would not want to have him work for them again, but all except one affirmed that he was loyal to the United States. Both men attended the N.S.A. School during the summer, then studied at George Washington University in the fall. Both reported to N.S.A.’s Office of Research and Development on January 27, 1958, for cryptologic duties. Mitchell’s final clearance had come through four days earlier; Martin’s was not granted until May 12.