Newly Declassified NSA Document on Cryptography in the 1970s
This is a newly unclassified NSA history of its reaction to academic cryptography in the 1970s: “NSA Comes Out of the Closet: The Debate over Public Cryptography in the Inman Era,” Cryptographic Quarterly, Spring 1996, author still classified.
Tatütata • May 10, 2021 11:00 AM
FOIA request placed 25 November 2009
Final reply 30 April 2021
Phew, don’t hold your breath. It’s like if they’re gambling on the requester passing away before they begin to agitate their derrière.
On the plus side, there was an actual response, not like some idiotic and/or disappointing [non-]replies I got from US and foreign authorities… At least John Young had a specific starting point reference for the records sought, but requesting “all documents pertaining to a letter written by X…” seems vague and risky. In my limited experience (as compared to the Cryptome über-professional), when you’re poking in the dark, the authority will either interpret your request so narrowly that it will claim that the information demanded doesn’t exist (despite your precautions), or reply with “buffer overflow”, or ask for “clarification”, depending on their mood that day.
Shouldn’t the title to this post read “DEclassified” rather than “UNclassified”? The documents are after all stamped with “TOP SECRET UMBRA”.
According to https://bit.ly/2RJO0ag :
For a document concerning itself with a “public debate”, this does sound like overclassification, it is already apparent for the “(S)” passages. Why are some passages even merely labeled “(FOUO)” — “For Official Use Only”. Classification by magic 8-Ball? All the “(TSC)” passages where all deleted, so you might still be somehow obliged to give them the benefit of doubt.
From the dates and the title, the George Davida patent application which NSA unsuccesfully tried to block (memo, p. 16) would have been US4202051A, for a key stream generator based on a LFSR combined with a non-linear feedback circuit. According to the preamble of the disclosure, “The Government has rights in this invention pursuant to Grant No. NSF-77-36-DCR 74-23653 and IPA No. 0001 awarded by the National Science Foundation.” A bit ironical, IMO. This patent would have been applied for under the regime prior to the Bayh-Dole Act of 1980, about which Wikipedia says that “The [NSF and others] had implemented programs that permitted non-profit organizations to retain rights to inventions upon notice without requesting an agency determination.” The government’s tentacles are fighting each other, Commerce vs. Justice vs. Defense.
Another case concerned a patent application made by one Carl Nicolai (et al) is discussed on p. 17 of the memorandum in a passage labeled “(S)”. That would be US4188580A filed 20 October 1977, for a “secure communication system”. When I read this patent for a speech scrambler (yawn), I can’t understand why anyone would fret about this, even back in the day. Apparently, many at the NSA were of a similar opinion.
A bad move… Erred, Inman did indeed. The applicant reacted vigourously, weakening the NSA’s stance. I deduce that it took 5-6 months for the application to get from the USPTO to the NSA, but during that time the clock was ticking on the one year Paris priority year. The applicant apparently managed to secure the foreign filing licence in time, as they were also issued CA1113567. If it had arrived too close to, or after 20 October 1978, all foreign patent rights would have been lost. (That the patent was–IMO–worthless is besides the point).
By itself, spread spectrum doesn’t equate with secrecy. Ten years later Qualcomm based their success in the CDMA cellular business on their strategic patent portfolio. What would have happened in their case if the NSA had been similarly prickly?
The USPTO still slaps secrecy orders on applications, on recommendation of other US federal departments. According to the FAS, at “the end of fiscal year 2020, there were 5,915 secrecy orders in effect.” ( https://bit.ly/3uzUFT3 ) From the USPTO link, the number of orders imposed went down from 121 in FY16 to 45 in FY20, of which about 40-50% are “John Doe” (in their own words) Secrecy Orders imposed on private inventors. The most recent recommendations were a couple made by the NSA in FY17. Extrapolating from the Bloomberg article linked, such declarations are essentially equivalent to expropriation without any real compensation, if one truly can equate a patent privilege with a “property” covered by the takings clause of the fifth amendment.
Many non-US applicants still routinely select the US as their office of first patent filings, even though the disadvantages for foreign applicants mostly disappeared with the America Invents Act of 2012. The seemingly random (but rare) secrecy orders are one reason to avoid US initial filings.
Returning to an earlier case, the Crypto AG revelation first originated with a German freelance journalist close to ZDF, who got on board the Swiss SRF, the Washington Post, as well as the Dutch Cryptomuseum in Eindhoven, and Argos, an investigative program of the public radio broadcaster VPRO. The latter centered their pieces on more local angles.
One was the production and sale by Philips of “Aroflex” compromised crypto teletypewriters based on the Siemens T1000 Telex terminal. (Crypto AG too used that terminal, and this choice was apparently the subject of minuted meetings with NSA and Motorola. But I digress.)
The other one was a small device developed in Amsterdam in the late 1970s called “Pocket Telex PX-1000” , which allowed users to exchange encrypted message over the PSTN using an acoustic coupler.
Philips bought the company, but promptly modified the algorithm from DES (thus the connection to the current story) to, er, whatever, and marketed the weaked product.
Huub Jaspers (?) essentially made the claim that Philips was directly instructed by the NSA to do so, without adducing much in evidence besides the general association with the Aroflex and Crypto AG stories.
I think the truth is probably more nuanced.
DES based products would have been covered by COCOM export restrictions, without even having to refer back to US authorities. NL was a COCOM member.
Another on is the mention made by the DES FIPS standard to patents licensing. Reference was made to a notice made in the Official Gazette of the USPTO, Patents section, Volume 949, issue 5, 31 August 1976, in the section titled “Patents available for licencing or sale”, on page 1717.
Here it is, slightly edited for length.
In short: you can build DES in the US and elsewhere devices for use in the US, but if you sell them anywhere else, watch out!
US3798359 together with US3796830 had effective foreign coverage in at least BE, DE, NL, FR, GB, IT, JP, and SE. (Did NSA ever fuss about these patents?).
The Philips patent department certainly had a lot of competent practitioners in its employ, and must have considered the PX-1000 like a grenade with the pin off. I don’t think you want to have a squadron of rutty IBM patent counsels on your back [ouch], spooks are probably nicer people to deal with…