As the first post of this weblog about top level telecommunications we start with a nice video about the White House Situation Room, released by the White house on December 18, 2009:
As we can see from this video, the 2006-2007 renovation transformed the Situation Room from one simple conference room with a small office space into a multi room facility with high tech communications equipment, much like we see in fictional movies and tv-series.
At the same time, we also see that the Situation Room isn't the exclusive space for the president anymore. Many other government officials use the new conference rooms too for their (video conference) meetings.
The telephone equipment which is used in the Situation Room, will be discussed on this weblog later on.
More pictures and information about the White House Situation Room and its history can be found on the following website: www.whitehousemuseum.org.
An interesting article about the functioning of the Situation Room can be found amongst the CIA's Studies in Intelligence.
About the history of the Situation Room you can also read: Michael K. Bohn, Nerve Center: Inside the White House Situation Room, Brassey's Inc. Washington 2003.
In April last year, US president Obama told some fundraisers that he was disappointed by the communications equipment he found in the White House:
"I always thought I was gonna have like really cool phones and stuff," he said during a Q&A session with contributors at a fund-raising meeting in Chicago on April 14, 2011.
"We can't get our phones to work." Acting out his exasperation, he said: "Come on, guys. I'm the president of the United States! Where's the fancy buttons and stuff and the big screen comes up? It doesn't happen."
Obama made these remarks after the press pool had left and may not have realized some reporters back at the White House could still hear his comments. The president was probably responding to a question about bottlenecks in technological innovation and he used his White House experience as an example.
A lot of people would probably like to believe these remarks of the president, symbolizing the outdated state of the federal government. But in fact, what Obama said, isn't quite true.
In 2006-2007 president George W. Bush had the White House Situation Room completely renovated, providing it with state-of-the-art communications facilities. Since then the real Situation Room has all the phones and videoscreens and other stuff, which was before only seen in movies.
Also, when Obama took over the office in January 2009, he found quite a cool phone on the presidential desk in the Oval Office: an Integrated Services Telephone version 2, or IST-2. This is a so called red phone (I'll explain that term in a later blog post) capable of making both secure and non-secure calls from one single instrument:
Not a cool phone? An IST-2 telephone on Obama's desk, March 29, 2009 (White House photo by Pete Souza)
The IST-2 was installed in the White House in 2007. It's a phone specially designed for the US Defense Red Switch Network (DRSN), which connects the president and the Pentagon with all major military command centers. These new phones were part of an upgrade of the communications system, which became necessary after some serious communication problems occured during the 9/11 attacks.
Therefore, the problems caused by outdated equipment should have been solved under president Bush. This would leave nothing to complain about for Obama anymore.
But there's an other interesting fact. Only a few weeks before Obama made his aforementioned remarks in April 2011, the rather rare IST-phone had just been replaced by two more ordinary sets:
The Cisco 7975 and the Lucent 8520 on Obama's desk, July 31, 2011 The other thing on the desk appears to be the iPad Obama got from Steve Jobs in May 2011 (White House photo by Pete Souza)
Now we see a Cisco 7975G Unified IP Phone (with expansion module 7916) behind a Avaya/Lucent 8520T on Obama's desk. This Lucent phone is from the most widely used business phone series worldwide, but is dating back to the mid-nineties. The Cisco 7975G is a VoIP (Voice over IP) telephone, and as such also one of the most widely used.
Both are high-end multiline models, with many functions and large displays, with the Cisco one even having a full colour touchscreen. This phone is also "cool", not because of having the military grade specifications or the exclusiveness like the IST-2, but because the phone (and its ringtone in particular) became an almost iconic item from the highly popular tv-series 24:
A Cisco 7970 IP Phone used in the CTU operations center in the tv-series 24 (screen cap by www.24tv.de)
This series, which was broadcasted between 2001 and 2010, shaped people's imagination of the presidency and was in many ways a forerunner of reality. For example there was a popular black president (David Palmer) years before Obama was elected, and much of the fancy communications equipment from the series, like video teleconferencing, was implemented in the real White House Situation Room in 2007. And now the real president also has the same cool Cisco phone as the heroes used in the tv-series.
So, as we have seen, Obama didn't really tell the truth. The story he told the fundraisers was true during the beginning of the Bush administration, but not during his. Obama actually has some quite cool phones at his disposal, but maybe the only thing is that he just doesn't realize that ;-)
In the previous post we saw the cool phones the American president uses in his Oval Office. This time we take a look at the telephone equipment he uses when he is on vacation, because "Presidents don't get vacations, they just get a change of scenery." as a former president once said.
For this purpose we have two nice pictures from the vacation of president Obama from August 18 to August 29, 2011 on the Blue Heron Farm in Chilmark on the island of Martha's Vineyard, Massachusetts.
In the first picture we see president Barack Obama, reflected in a mirror, conducting a conference call on the situation in Libya with his national security staff. Also participating is John Brennan, Assistant to the President for Homeland Security and Counterterrorism, who sits on the right:
President Barack Obama and his assistant John Brennan in a conference call. August 22, 2011 Note how the telephone and power cables are taped onto the table (White House photo by Pete Souza - click for a bigger version)
On the table we see two sets of the Secure Terminal Equipment (STE), made by L3 Communications. This is a telephone capable of making secured calls up to the level of Top Secret. The STE is the successor of the legendary STU-III system and is used for secure end-to-end communications throughout the government and the military of the US. For the President Of The United States (POTUS), these phones are used when he is travelling or staying somewhere outside the White House.
In the second picture we see Obama monitoring Hurricane Irene with John Brennan, Assistant to the President for Homeland Security and Counterterrorism (in light blue shirt) and some other officials. They are waiting for a conference call on the hurricane with affected governors and mayors:
Obama monitoring Hurricane Irene with his assistant John Brennan and some other officials. August 26, 2011 (White House photo by Pete Souza - click for a bigger version)
This picture shows the same table as in the previous one, but with different chairs and different phones. There are two telephone sets on each side of the table: an ordinary white phone, and a Cisco 7975G Unified IP Phone.
The white phone sets are most likely part of the private branch exchange (PBX) of the holiday house and therefore have no special security features. As we can see in this picture, the conference call is made using these white phones.
The Cisco phones are more interesting, because they belong to the highly secure Executive Voice over Secure IP (VoSIP) phone network, which was installed in 2007-2008. For this network the common high end Cisco IP telephone sets are used, but with a bright yellow bezel faceplate, instead of the standard silver one. Yellow indicates that this network is cleared for conversations up to Top Secret/SCI, the highest classification level.
As the second picture is taken some days later than the first one, it looks like the White House Communications Agency (WHCA) eventually installed this secure network instead of the STE phones. In the pictures you can see that the cables of the STE-phones are only provisionarily taped onto the table, but the cables of the Cisco ones are neatly bound by tie bands. The latter phones allows the president to make calls with the highest classification level.
A bit strange however, is the fact these phones are sitting in what seems to be a not very secure room (note the open door in the first and the open window in te second picture and that it's a temporarily hired location). For example former president G.W. Bush had such communications equipment in a special room without windows at his ranch in Texas.
For (non-secure) mobile communications during president Obama's vacation, the telecommunications company Verizon installs two temporary cell towers, known as cell on wheels, on Martha's Vineyard. Apparently the island normally lacks a sufficient cell phone coverage, so these extra towers are needed to provide the president and his staff with a good reception.
This also leads to the somewhat odd situation that local people only have a good cell phone reception during the time the president is on the island. Then suddenly their phones ring and text messages arrive in places where it's quiet during the rest of the year!
This is an informative video from the Swiss television program Einstein, about the potential threats and risks of mobile cell phones:
The phone shown in this report is the Secure Mobile Phone Omnisec 230 (fact sheet in PDF), made by the Swiss firm Omnisec AG. This is a modified HTC smart phone, with a hardened Android operating system, and with all risk providing applications (like bluetooth and GPS) removed. The microSD Security Module provides encryption with 256-bits key length to secure communication for classification levels up to Top Secret. But, the cost for two of such phones is around 50.000,- Swiss Franks!
UMTS
For most people, a far more affordable way to get better security for cell phone communication is just to use the UMTS or 3G mobile network, instead of GSM. Where GSM only has authentication of the user to the network, UMTS uses mutual authentication, which means the mobile user and the network authenticate each other. This prevents a so called "man-in-the-middle attack" by using false base stations. Also UMTS uses stronger encryption algorithms (KASUMI-based 128-bit key algorithms) for securing the voice and data during the radio transmission between the handset and the base station. For this, GSM uses the rather weak A5/1 algorithm with only a 64-bit key.
Nowadays, UMTS services are widely available in western countries and accessible through high-end smart phones like the popular iPhone 3G and the Samsung Galaxy i9000 series. However, it should be noted that the use of the UMTS-network still bear the risks of intrusions through unsafe applications and malware. Furthermore, UMTS does not provide any end-to-end encryption or authentication between one user and the other. Traffic between between the fixed network stations is still unencrypted and there's authentication only between users and the network provider.
BlackBerry
Another affordable option for more secure mobile communication is by using the BlackBerry smart phone, which is very popular amongst business people and government officials. A BlackBerry encrypts data (including e-mail, but excluding voice) that travels between the handheld device and the BlackBerry Enterprise Server by using either Triple DES or, for the latest models, AES with 256-bit key. This allows the BlackBerry to be the only consumer handheld devices certified for use by government agencies of the US, the UK, Canada and Australia. But again: this only applies to e-mail messages and not for voice conversations.
So, people who want or need the certainty of strictly private phone calls from one person to another, have to assure that through extra applications or specialized hardware features, for example like the aforementioned Omnisec phone. Some other possible solutions wil be talked about later.
In the previous post we saw that ordinary mobile phones offer only limited protection against eavesdropping. Therefore, special devices are designed to keep conversations safe. Here we will list a range of mobile phones, which offer a high level of security and are therefore suited for top level telecommunications.
The following information is gathered from the internet, only to provide a general overview. For more information, provided by the manufacturer, please click the title links or the fact sheet.
General Dynamics: Sectéra Wireless GSM Phone - Produced from 2002 - 2012 by the American company General Dynamics Corp. - For GSM and GPRS networks. - Ordinary Motorola Timeport GSM phone, with a special Security Module attached at the back side of the phone, replacing the battery cover. - Approved by the NSA for conversations up to the level of Top Secret* and by NATO for up to Cosmic Top Secret. This phone is also used by the British government for mobile communications up to the level of Secret.* - Encryption with US Type 1 and approved Suite B (including AES and ECDH) encryption algorithms. - There are slightly modified modules for the UK, Canada, Australia and New Zealand. There's also a version, using the AES algorithm only, which is exportable to other countries. - The price of this phone is 2.095,- US dollar. - Fact sheet (PDF)
Sectra: Tiger XS - Produced since 2005 by the Swedish company Sectra AB. - For GSM and UMTS networks. - This is a personal encryption device, which is connected in between a headset and an ordinary mobile phone (via Bluetooth). Voice data are encrypted by the device, before going into the non-secure telephone. - Approved in the Netherlands, by the European Commission and by NATO for conversations up to the level of Secret. - Since 2007, a sligthly modified version of this device is used by Dutch cabinet ministers and high officals of government departments and the Dutch armed forces.* - Fact sheet (PDF)
Sectra: Tiger 7401 - Produced since 2012 by the Swedish-Dutch company Sectra BV. - For GSM and UMTS networks. - Special made mobile telephone, with red and black interfaces, for secure and non-secure connections. - Approvement by Dutch, European Union and NATO agencies for conversations up to the level Secret is pending. - For Dutch government officials this phone will replace the Tiger XS device in the course of 2012.* - Fact sheet (PDF)
Omnisec: Secure Mobile Phone Omnisec 230 - Produced by the Swiss company Omnisec AG. - For GSM, EDGE and UMTS networks. - Common HTC smart phone with hardened Android operating system. The encryption engines are stored on a single chip, which is inserted into the phone like a SIM-card. - Encryption with Omnisec proprietary algorithms using 256-bit keys. - The price of this phone is said to be around 25.000,- Swiss franks. - Fact sheet (PDF)
Crypto AG: Crypto Mobile HA-2400 - Produced by the Swiss firm Crypto AG. - For EDGE and UMTS networks. - Common high-end Nokia smart phone from the E-series, with Symbian operating system. The crypto capabilities are provided by a single tamper proof chip (the Crypto Mobile HC-9100) on the format of a microSD Card, which is inserted in the memory card slot of the phone. - Encryption with a customer specific cipher algorithm HCA-820, using 128 or 256-bit keys. - Fact sheet (PDF)
Telsy: TSM T3 - Produced since 2009 by the Italian company Telsy S.p.A. - For GSM and UMTS networks. - Special made telephone handset, with proprietary hardware and software design. - Encryption with AES, using 256-bit keys or, on demand, proprietary and custom made algorithms. - Fact sheet (PDF)
Rohde & Schwarz: TopSec Mobile - Produced since 2008 by the German company Rohde & Schwarz GmbH. - For GSM and UMTS networks. - This is a separate encryption device, which is connected in between a headset and a smart phone (both iPhone and Android) with Bluetooth connection. Voice data are encrypted by the device, before going into the non-secure telephone. - Approved in Germany for conversations only up to the level of Restricted. - The device secures the key exchange with a 384-bit key ECC algorithm and encrypts the voice data with AES, using a 256-bit key. - Fact sheet (PDF)
Thales: Teorem - Produced since 2008 by the French company Thales Group SA. - For GSM, GPRS, EDGE and UMTS networks. - Special made handset, with a second display, showing whether the call is secure or not. - Approved in France for conversations up to the level of Secret. - In 2010, the French government ordered over 14.000 of these phones, to be used by the president, ministers and high officials of the armed forces and the various ministries that deal with classified defence information.* - The price of this phone is said to be around 1.500,- euros.
GSMK: CryptoPhone 400 - Produced by the German company Gesellschaft für Sichere Mobile Kommunikation mbH (GSMK). - For GSM and UMTS networks. - Customized HTC mobile phone, with the operating system being a stripped down version of Windows Mobile. There are various other models available. - Encryption with Twofish and AES in parallel, both with 256-bit key length, exchanged using a 4096-bit key Diffie-Hellman algorithm. - In 2001, the Dutch hacker and digital rights activist Rop Gonggrijp started to work on highly secure phone, which was eventually launched in 2003 as the CryptoPhone 100. - The price of this phone is 2.618,- euros.
Tripleton: Enigma E2 - Produced since 2012 by the British company IntSec Ltd. - For GSM and GPRS networks. - The phone uses the Enigma encryption system developed by Deutsche Telecom. This was following a request from former German Chancellor Gerhard Schröder, after he was hacked in the 1990s.* - This Enigma system was first used in a mobile phone, which is sold since 2002 (for 3.200,- euro) in Germany by the Beaucom Group.* - Encryption with AES, using a 256-bit key, which is exchanged via 1024-bit RSA. - The price of this phone is 1.320,- pound sterling.
All these phones use a hybrid cryptosystem, in which the conversation is encrypted with a very strong symmetrical cipher, often AES with 256-bit key. This key is then encrypted with a public-key cryptosystem, like RSA or ECC, and transmitted together with the encrypted message. Only the intended recepient can then decrypt the key and henceforth the message. By this method, end-to-end security all the way through the telephone networks is provided.
A number of these mobile phones are made by defense contracters, often primarily for being used by national government and military officials. This is because using telephones, or any other communication device, made by a foreign company always bears the risk of secret backdoors, allowing easy access to the encrypted conversation.
Countries, and also international organisations, without their own production facilities for military grade encryption equipment often go to companies in small or neutral nations, where they expect to have the least damage in case there would be a hidden backdoor.
Another inevitable risk of mobile phones is using them in (public) places where conversations can easily be overheard by other people or by listening devices. Secure wireline desk top phones can counter this threat by installing them in rooms which are secured against eavesdropping. This is also one of the reasons why conversations at the highest level (Top Secret/SCI in the United States, Top Secret elsewhere) are restricted to dedicated wireline circuits only.
In the previous post we presented a range of highly secure mobile phones. Because of their nature we almost never see officials using them, but here we have a rare picture of US president Obama using a Sectéra Wireless GSM Phone, made by General Dynamics and approved by the NSA for conversations up to the level of Top Secret:
President Obama using a Sectéra Wireless GSM Phone, March 19, 2011. (White House photo by Pete Souza - click for a bigger version)
The picture shows president Obama giving the final authorization for the United States Armed Forces to begin a limited military action in Libya, in support of an international effort to protect Libyan civilians. This call was made during a short visit to Brazil.
Sitting next to Obama is his National Security Advisor Tom Donilon, using one of the two secure STE desk top telephone sets, which are always standing by in case the president has to make a phone call. As can be seen in the bigger picture, the other STE phone seems to be used by another official, so probably for convenience, Obama was given the secure cell phone to participate in this conference call.
Today it's exactly 50 years ago that the Cuban Missile Crisis of 1962 ended without the world falling into a nuclear war. In order to prevent such a risk in the future, the US and the Sovjet Union decided to set up a direct communication line between their two capitals. This became the Washington-Moscow Hotline - one of the most famous top level communications systems in modern history.
In popular culture, the Washington-Moscow Hotline is often called the Red Phone, and therefore many people think it's a telephone line, with a red phone set on the president's desk. However, this is false: the Hotline was never a phone line, but instead set up as a teletype connection, which in 1988 was replaced by facsimile units. Since 2008 the Hotline is a secure computer link over which messages are exchanged by e-mail.
TIMELINE
1963: Hotline established as a land line teletype link between the Kremlin and the Pentagon 1967: Ancillary terminal installed at the White House. 1978: The land line replaced by a satellite link. 1980: Old teletype and encryption machines replaced by newer ones. 1988: Teletype equipment replaced by facsimile units. 199?: Further modernizations 2008: E-mail capability established
IDEAS
Given the growing threat of a nuclear war, leaders in Washington and Moscow realized already in 1954 that a direct line of communications between their two nations was needed to prevent such a disaster. The Soviets floated the idea publicly for the first time that year, and in 1958 the United States proposed that both nations take part in the Conference of Experts on Surprise Attack in Geneva, Switzerland.
Also in 1958 the political economist and nuclear strategist prof. Thomas Schelling proposed the idea of a hotline between both super powers. A direct phone line also featured in the novel Red Alert by Peter Bryant from the same year. Based upon this novel was Stanley Kubrick's 1964 film Dr. Strangelove, both showing how a nuclear war breaks out because of bad communications.
What shaped people's imagination: the American president (right), assisted by the Russian ambassador (left), calling his Soviet counterpart in the 1964 film Dr. Strangelove
In 1960, Jess Gorkin, editor of the magazine Parade, published an open letter in his magazine to President Dwight D. Eisenhower and the Soviet leader Nikita Khrushchev, concluding with: Must a world be lost for want of a telephone call? However, the military and diplomats of the State Department didn't like the idea of the president talking behind their backs with the Russians and reportedly objected the proposal of a direct line.
URGENCY
During the Cuban Missile Crisis in October 1962 it clearly came out that the existing ways of communicating between Washington and Moscow were too slow for the events happening. It took Washington nearly 12 hours to receive and decode Khrushchev's 3,000 word initial settlement message. By the time a reply had been written and edited by the White House, Moscow had sent another, tougher message. Under severe time pressure, both leaders ultimately decided to communicate through the media. After the crisis was resolved, the hot line proposal became an immediate priority.
After some negotiations, the United States and the Sovjet Union signed an agreement about establising a Direct Communications Link on June 20, 1963 in Geneva. The official American name for the Hotline is Direct Communications Link (DCL), but US technicians often call it MOLINK, being a military style abbreviation for "Moscow-link".
INSTALLATION
On July 13, 1963, only a month after signing the agreement, the United States sent four sets of teleprinters with Latin alphabet to Moscow for their terminal. This was done via US ambassador Averell Harriman's plane. Another month later, on August 20, the Soviet equipment, four sets of teleprinters with Cyrillic alphabet, arrived in Washington. The cipher machines for encrypting the Hot Line messages came from Norway. According to the agreement, all these machines should be accompanied by a one years supply of spare parts and all the necessary special tools, test equipment, operating instructions and other technical literature.
Russian technicians preparing the equipment for the new Hotline in the Central Telegraph Bureau in Moscow. In the foreground we see the East German T-63 cyrillic teleprinter. (Photo: TASS via AP, July 17, 1963)
News report of the Russian teleprinters being installed at the Pentagon
Two unique color film fragments of the Russian teleprinters arriving and being installed at the Pentagon can be seen here: Part 1 - Part 2
The new Hotline became operational on August 30, 1963, by transmitting the first test messages. Washington sent Moscow the text The quick brown fox jumped over the lazy dog's back 1234567890, which is a so called pangram of all letters and numbers of the Latin alphabet. The Soviets sent back a poetic description of Moscow's setting sun.
LAND LINE
When the Hotline was established in 1963, it was a full-duplex teletype channel, which was routed trough telephone cables from Washington, over the undersea Transatlantic Cable No. 1, to London, and from there to Copenhagen, over Stockholm and Helsinki to Moscow. In London, the Washington-Moscow Hotline cables were connected by a secure telephone exchange, situated in a huge underground tunnel complex, The Kingsway Tunnels, built during World War II:
This cable connection was for the political communications, but appeared not fully fail safe: the cable was accidently cut several times, for example near Copenhagen by a Danish bulldozer operator and by a Finnish farmer who plowed it up once.
Besides this wire line link, there was a full duplex teletype radio circuit, routed from Washington via Tangier (Morocco) to Moscow. This was for service communications and served as a back-up.
HOT LINE TERMINALS
In Moscow, the terminal of the Hotline was supposed to be in the Kremlin, somewhere next to the office of the prime minister. However, Soviet leader Leonid Brezhnev once told a group of Moscow-based American journalists, that their terminal was on the opposite side of Red Square, in the Communist Party headquarters. The Russian terminal was manned by civilians, the American one by the military.
An East German T-63 teleprinter, used at the Moscow terminal of the Hotline (Photo from an exhibition at the Russian Archives)
On the American side, there are three Hotline terminals: - at the National Military Command Center (NMCC) in the Pentagon - at the Alternate National Military Command Center (ANMCC) in the Raven Rock Mountain - at the military communications center in the White House
Pentagon Terminal
The primary US terminal is at the National Military Command Center (NMCC) in the Pentagon. There the Direct Communications Link is a joint staff operation under the control of the Joint Chiefs of Staff J-3 Operations Directorate. The NMCC is responsible for routine testing of the Hotline and for the receipt, transmission and translation of the messages by highly qualified translators.
The terminal is manned by six teams of two man each, working in 8-hour shifts and led by a commissioned officer acting as Presidential Translator (PT). For the routine shift operations, the Hotline personnel falls under the command of the flag officer in charge of the NMCC. But when a real message from Moscow arrives, the doors of the terminal room are closed and locked and the personnel becomes subject directly to the president himself.
White House Terminal
When in June 1967 the Soviets sent their first message, secretary of defense Robert McNamara found out that the Hotline ended in the NMCC, instead of at the White House, as he had expected. McNamara ordered a quick patch from the Pentagon to the White House, which was later formalized by installing an ancillary terminal in the military communications center of the White House Communications Agency (WHCA) in the East Wing basement. From there, incoming messages from the Hot Line were sent to the Situation Room under the West Wing, first by pneumatic tube, later on, after computers were installed in both rooms, by data transmission.
The White House terminal also has the capability to send and receive messages and has additional privacy and override features which will allow it to "lock out" other Hotline terminals. The White House terminal is manned and operated by White House personnel of the WHCA.
Other US Terminals
Another Hotline terminal is located at the Alternate National Military Command Center (ANMCC), which is situated in the Raven Rock Mountain and serves as a back up facility for the Pentagon. This terminal has the capability to serve as an alternate center for originating and receiving messages. The ANMCC terminal is manned and operated by NMCC personnel, which is also responsible for the periodic testing of this terminal.
In a paragraph classified as Secret of the 1985 presidential directive about the operation of the Hot Line, which in the meanwhile has been declassified, it was said that at the sole discretion of the president, additional locations for access to the Hotline may be established. The existence of these sites should be classified as Secret.
The interior of an East German Siemens T-63 SU12 teletype printer as photographed in the National Cryptologic Museum of the NSA. At the left we see a green box containing the key tape. (Photo: Wikipedia - click for a bigger version)
RECORD COMMUNICATIONS
Contrary to the myth of a phone line, the Washington-Moscow Hotline has always been for record communications. The idea behind this is that a telephone link could increase the possibility of misunderstanding rather than eradicate it. In times of crisis, mistakes come at a high price. Exchanging written messages gives both parties time for reflection and responding after deliberation. The telephone does not allow this latitude, but on the contrary compels a response of some sort, which can result in a misguided reply or a misunderstood answer.
Another reason for the Hotline not being for phone conversations was of technical nature: in the sixties it was hardly possible to realize voice encryption strong enough for top level communications. From the mid-seventies some better techniques were developed, but these were secret national algorithms, which of course couldn't be shared with the Soviets. Unclassified commercially available voice encryption was hardly secure.
TELETYPE EQUIPMENT
The original teletype equipment of the Washington-Moscow Hotline consisted of the following machines: - Teleprinters with Latin alphabet, Model 28 ASR, made by the Teletype Corp. - Teleprinters with Cyrillic alphabet, T-63 SU12, made by Siemens in East Germany.
For the encryption of the messages, each of these teleprinters was connected to an ETCRRM II machine, which will be discussed later on. We can clearly see the equipment in this picture of the Hotline terminal room at the Pentagon:
The Washington-Moscow Hotline terminal room in the NMCC at the Pentagon, 1966. At the left side, there's the Teletype Corp. Model 28 ASR teleprinter in the foreground, two black ETCRRM II encryption machines in the middle, and top left a Siemens T-63 SU12 teleprinter. This arrangement is mirrored at the right side of the room. (Photo: June 1966)
As we can see by comparing the previous picture with the next one, the Hotline equipment in the Pentagon was rearranged, and maybe also replaced to another room, after 1966. Maybe this happened in 1967, when defense secretary McNamara ordered that the Hotline should be extended to the White House.
The Hotline terminal room in the NMCC at the Pentagon, 1976 With two Latin alphabet and two cyrillic alphabet teletype machines (light coloured) and four ETCRRM II cipher machines (black). (Photo: UPI, July 9, 1976)
In 1980, the equipment was replaced by newer teletype printers and Siemens M-190 encryption machines, as can be seen in the picture of the Hotline room from 1985:
The Hotline terminal room in the NMCC at the Pentagon, 1985 With the new teletype and encryption equipment, installed in 1980. In the foreground we see a Siemens M-190 cipher machine. (Photo: AP, August 27, 1985)
Shortly after the previous picture was taken, facsimile units and personal computers with printers were added to the Washington-Moscow Hotline. For a couple of years they were tested and used alongside the existing teletype equipment, as can be seen in the picture:
The Washington-Moscow Hotline terminal room in the NMCC at the Pentagon, 1985 We see four personal computer terminals with printers for the coordination channel Just like the teleprinters, two of the computers had a Cyrillic keybord and two a Latin keybord In the foreground we still see a teleprinter and a Siemens M-190 cipher machine (Photo: Time-Life/Scott Davis, November 14, 1985)
Teletype encryption
From the beginning, the confidentiality of the messages through the Washington-Moscow Hotline was assured by encrypting them using the one-time pad method, which has been proved unbreakable if used correctly.
The encryption of the teletype transmissions was realised by an Electronic Teleprinter Cryptographic Regenerative Repeater Mixer II, short ETCRRM II. As one of many one-time pad tape machines sold by commercial firms in those days, this one was produced by the Standard Telefon og Kabelfabrik (STK) in Oslo, a Norwegian subsidiary of the American telecommunications company ITT. It was also commercially available for about 1000,- USD, so for securing the Hot Line, neither party had to disclose any of their own secret cryptographic methods.
The ETCRRM II used the Vernam stream cipher method, in which plain text message is eXclusively OR'ed (XOR'ed) with a random stream of data of the same length to generate the ciphertext. Once a message was enciphered the keytapes were destroyed. At the receive end, the process was reversed to decode the meassage, for which an identical keystream tape was needed.
In 1980 the ETCRRM II was replaced by the German Siemens M-190 cipher machine, which also uses the Vernam principle for one-time pad encryption. This device stayed in use until the teletype connection was terminated in 1988.
According to the agreements, each country prepared the keying tapes used to encode its messages and delivered them, through a courier, at their embassy in the other country, from where they were brought to the counterpart's terminal. So, the keys used for encrypting the messages sent from Washington, were brought to the American embassy in Moscow, who delivered them to the Russian hotline terminal.
In the US, the key tapes were provided by the Office of Communications Security of the NSA. Just imagine the logistics needed for providing not only the Pentagon and the White House terminals, but also the American embassy in Moscow with these key tapes every single day!
A Siemens M-190 encryption machine (Photo: CryptoMuseum.com)
SATELLITE LINK
On September 30, 1971, both countries signed an agreement in Washington to modernize the Hotline. The primary cable link was replaced by two satellite circuits: the United States was to provide one circuit via the commercial Intelsat IV system, with satellites in a geosynchronous orbit. The Soviet Union would provide another circuit via four satellites of their Molniya II system on a highly elliptical orbit.
This modernization program started in 1971 and, after four years of testing, the satellite link finally became operational on January 16, 1978. This link provided more flexible communications and made the Hot Line less vulnerable than the original landline. The teletype circuit over the undersea and land line cable was retained as a backup to the satellite links, but the teletype radio circuit from Washington over Tangier to Moscow was terminated.
Maybe it's because the 1971 agreement says: "The two circuits shall be duplex telephone band-width circuits (...), equipped for secondary telegraphic multiplexing", that some sources erroneously say that in the seventies a telephone capability was added to the Hot Line.
Sign at the US hotline satellite earth station at Fort Detrick (photo by Tim Tyler)
Earth stations
Both in the United States and in the Soviet Union satellite earth stations were equipped for the Hotline transmissions. For the signal of the Russian Molniya satellite, a new earth station was built at Fort Detrick, Maryland. For the Intelsat link, the US used the commercial Intelsat ground station at Etam, West Virginia. Commercial circuits connect these earth stations to the Hotline terminal at the National Military Command Center in the Pentagon.
The Soviets originally intended to use an earth station in the suburbs of Moscow for the Intelsat link and a Molniya station at Vladimir. However, because of severe winter weather conditions in the Soviet Union, the Russians constructed a second Intelsat earth station, approximately 50 miles from L'vov, to ensure increased dependability.* Since 1991 L'vov is in Ukraine, so it's likely the Russians moved their Intelsat earth station to another location.
Detrick Earth Station
The US ground station at Fort Detrick was built by the Radiation Division of the Harris Corporation, and became operational in the Spring of 1974. Harris operated and maintained the station and its equipment through 1977. Since 1981 Honeywell Technology Solutions Inc (HTSI) provides 24/7 Russian linguist support and technical support for the operation of the Detrick Earth Station (DES), ensuring that the availability is maintained at greater than 99.97 percent.
The US earth station at Fort Detrick, Maryland with dishes for the Russian satellites. (Photo: www.bfec.us)
The Detrick earth station was modernized by the Satellite Communications Systems of the US Army in 2007. Outdated equipment was replaced by state-of-the-art systems and new 15-meter satellite dishes were installed. Now the station has a multi-carrier, multi-satellite capability, instead of the previous point-to-point, single-satellite, single-carrier system. The station supports not only the Hotline, but also a number of other critical Government-to-Government Communications Links (GGCL) between the United States and Russia.
The modernized US earth station at Fort Detrick with dishes for the Russian satellite link (Photo: www.bfec.us)
FACSIMILE EQUIPMENT
In May 1983, president Reagan proposed to upgrade the Hotline by the addition of high-speed facsimile capability. This was followd by bilateral negotiations, leading to an agreement signed by the United Stated and the Soviet Union on July 17, 1984. This agreement was subsequently updated by an exchange of diplomatic notes in Washington, on June 24, 1988.
According to the agreement, at each end of the Hotline facsimile terminals of the same make and model were installed. It was specified that (digital) Group III facsimile units had to be used, operating at 4800 bits per second. Faxes like this take between 6 and 15 seconds to transmit a single page, which was much faster than the 66 words per minute capability of the existing teletype connection.
All facsimile equipment was provided by the United States, as well as the IBM personal computers used for the secure orderwire channel to allow coordination between the distant ends. These computer had standard USSR Cyrillic and United States Latin keyboards and "cathode ray tube displays to permit telegraphic exchange of information between operators". Printers had to provide record copies of all information exchanged on the orderwire channel.
The installation of the new facsimile and computer equipment was completed in the summer of 1985. It was tested and used alongside the existing teletype connection for several years, and after it had proved to be reliable enough, the teletype circuits were turned off in 1988.
The Hotline terminal room in the NMCC at the Pentagon, 1985 Two of the IBM personal computers, each with an Epson FX-85 dot matrix printer next to it The units on top of the desks are maybe early Epson FX-100 laser printers (Photo: Time-Life/Scott Davis, November 14, 1985)
Now, not only plain texts could be sent, but also maps, charts and photographs. The fax units also made it possible to send handwritten messages, like the 13-page handwritten letter which Soviet leader Gorbachev sent to president Reagan using the Hotline in 1986.*
As part of the facsimile upgrade, the Soviets transferred the Hotline transmissions over to a newer, geosynchronous satellite of the Gorizont-class, which was part of their Statsionar system. This eliminated the US ground station at Fort Detrick from having to hand off the transmissions every four hours between the four Molniya satellites.* In 1996, a new Molniya-3 satellite took over the Russian satellite link for the Hotline.
Facsimile encryption
Based upon the 1984 agreement, it seems that the digital data from both the facsimile units and the personal computers were digitally encrypted using the Vernam stream cipher, the same method as was previously used for the teletype transmissions.
This encryption was done by "information security devices", which consisted of microprocessors located in computers with floppy disk drives. These combined the digital facsimile output with buffered random data, which was read from standard 5.25 inch floppy disks. It's not clear whether this encryption was done by the IBM computers of the coordination channel, or by separate ones.
The agreement said that the United States had to provide a specification describing the key data format and necessary keying material on a floppy disk for both parties, until the Soviets had developed this capability as well. Also, the necessary security devices, as well as spare parts for the equipment had to be provided by the American side, in return for payment of costs thereof by the Soviets.
E-MAIL COMMUNICATIONS
It's not clear for how long the presidential Hotline kept using facsimile machines. For example, the communication links of the Nuclear Risk Reduction Centers (NRRC) were modernized in 1995, by replacing the facsimile capability with a scanned files transfer (an impression of how this NRRC communication link works will be given later).
In 2007 the Direct Communications Link got a fifth upgrade. As we saw earlier, the US earth station at Fort Detrick was modernized and also the link itself was upgraded to a dedicated computer network linking the Washington and Moscow terminals. This network runs over redundant circuits of two existing satellite links and a new fiber optic cable, which replaced the old back-up cable link.
This computer link uses commercial software for both chat and e-mail. The chat function is used by the operators for coordination of link operations, while e-mail is used for sending the actual messages. Transmission time is literally near instantaneous. These capabilities became operational on January 1, 2008.*
OPERATION OF THE HOT LINE
As the Hotline isn't used very often, test messages have been transmitted daily: every even hour from Washington and every odd hour from Moscow. For that purpose a wide variety of poems, short stories and other texts are exchanged. Messages coordinating the operation of the Hotline are probably formatted by so called Standard Operating Procedures or SOPs.
From Washington all messages are sent in English, using the Latin alphabet, from Moscow in Russian, using the cyrillic alphabet. Translation is done by the receiving party in order to preserve the nuance of each language.
Air Force Sgt. John Bretoski (left) and Army Lt. Col. Charles Fitzgerald (right) during a test run of one of the cyrillic teleprinters at the Pentagon terminal of the Hotline At the left we see a black ETCRRM II encryption machine (Photo: AP, between 1963 and 1967)
The US terminals are manned by a team of military personnel, headed by a commissioned officer functioning as the Presidential Translator on duty. His primary job is to render into English all messages received through the Hot Line. When a message comes in, he makes a first sight translation to decide if it's so urgent that the president should be called on a secure line to give him an immediate oral translation.
If the Russian message is a bit less urgent, the Presidential Translator makes a rough written translation and sends that to the White House via a secure fax, but later a secure network channel. Later on, a final official translation of the message is made in cooperation with State Department translators.
James O'Beirne (left) and Benjamin W. Randal (right) using one of the personal computers for sending a test message at the Pentagon Hotline terminal. (Photo: Time-Life/Scott Davis, November 14, 1985)
The 1985 presidential directive about the operation of the Direct Communications Link ordered two man-rule procedures to be established at all operating locations, to ensure against inadvertent release of the messages. Hotline messages may only be released with explicit approval of the president, and even releasing information about the sole fact whether this link has been used is a presidential prerogative.
USAGE OF THE HOTLINE
The Washington-Moscow Hotline was mainly used to inform the other party about sudden movements of their fleet or troops, to prevent that the other could see that as a provocation or preparation of agression. Reportedly, the Hotline was first used by the Americans on the day of the assassination of president Kennedy, November 22, 1963, only a few months after the link was established.
The first time the Kremlin used the Hotline, was on June 5, 1967, when the Six-Day War broke out between Israel and some Arab countries. On that day Soviet prime minister Kosygin sent the following message, which was received in Washington at 7:59 AM:
The first message which the Soviets sent through the Hot Line, June 5, 1967 Left: message in Russian - right: translation in English (Click for a bigger version)
This first message was followed by nineteen other transmissions during the Six-Day War of 1967, mostly to inform each other of the intentions and maneuvers of the Soviet Black Sea Fleet and the US 6th Fleet, which approached each other dangerously closely in the Mediterranean. Three of the messages were related to the incident with the American spy ship USS Liberty.
Later, the Hotline was also used during the following international conflicts: - 1971: the war between India and Pakistan - 1973: the Yom Kippur war - 1974: the Turkish invasion of Cyprus - 1979: the Russian invasion in Afghanistan - 1981: the threat of a Russian invasion in Poland - 1982: the Israeli invasion of Lebanon
President Jimmy Carter once used the Hotline for a more personal message to Sovjet leader Leonid Brezhnev, but the Russians didn't appreciate that and saw it as an improper use of the Direct Communications Link.
It is said that in 1986 president Ronald Reagan used the Hotline to threaten the Soviets over their arrest of the US journalist Nicholas Daniloff on espionage charges.
After the end of the Cold War and the collapse of the Sovjet Union in 1991 the Hotline between both super powers lost some of its significance. Also, world leaders tended more towards personal contacts, calling each other more often using a regular phone.*
Nevertheless, the Washington-Moscow Hotline was used by president George Bush sr. and Soviet leader Gorbachev to communicate during the Gulf War of 1991, and also the presidents George W. Bush and Vladimir Putin used it to discuss plans to rebuild Iraq after the Iraq War of 2003.*
TELEPHONES
The phone calls which the American and Russian presidents make nowadays, are probably via the Direct Voice Link (DVL). That's a dedicated phone line between the White House and the office of the Russian president, which was installed in 1990 or 1999 and uses the same satellite link as the Hotline. The DVL is meant for routine matters and the calls are usually scheduled in advance, so interpreters can be present. * This voice link is not part of the Washington-Moscow Hotline. By agreement only the latter is designated for top level crisis communications.
Red phones
The Washington-Moscow Hotline is often called the Red Phone, because many people think it's a phone line with a red handset on each side. As we have seen this was never the case - even though the Wikipedia articles in almost every language say so up to this day.
Also president Obama used the popular myth of the red phone, when at a joint press conference in June 2010, he joked about how social media might help to move past the traditional Cold War communications. Speaking of the Russian president Medvedev starting a Twitter account, Obama said: "I have one, as well, so we may be able to finally throw away those red phones that have been sitting around for so long".
The image of the red phone is derived from many books and movies, in which world leaders call each other with a red phone to discuss a crisis, for example the 1964 movie Fail Safe, which was also based on the 1958 novel Red Alert. Because only very few people knew how the actual Hotline worked, also many US government officials assumed the direct communications link was a phone line.
This confusion is probably also caused by the fact that the White House and the military did use red phones, not for international, but for internal communications. Quick and easy contact between the president and the military command centers is of course just as important as contact with the Kremlin, and this is achieved through a secure military telephone network, called the Defense Red Switch Network (DRSN). For this network, a number of different handsets have been used, including a red one without a dial in the early years.*
These real red phones will be discussed on this weblog later.
- Michael K. Bohn, Nerve Center. Inside the White House Situation Room, Brassey's Inc, Washington DC, 2003, p. 89-96. - Paul E. Richardson, The hot line (is a Hollywood myth), in: Russian Life, September/October issue 2009, p. 50-59. - Leland McCaslin, Secrets of the Cold War: US Army Europe's Intelligence and Counterintelligence Activities Against the Soviets, Helion, Solihull 2010, p. 111-114.
Last week, David Petraeus resigned as director of the Central Intelligence Agency (CIA), after admitting he had an extramarital affair with his biographer Paula Broadwell. This led to many news reports and also many pictures on the internet.
Some of them give a nice look at the telecommunications equipment which general Petraeus used when, from July 2010 to July 2011, he was commander of the International Security Assistance Force (ISAF) in Kabul, Afghanistan:
ISAF Commander Petraeus being interviewed by Paula Broadwell (Photo: paulabroadwell.com, date unknown)
In this picture we see the following telecommunication devices:
Video conferencing screens On Petraeus' desk we see two Centric 1700 MXP video teleconferencing screens, made by the Norwegian manufacturer Tandberg. In 2010 this company was bought by Cisco Systems, and so the 1700 MXP screens are often used by US military officials. They are equipped with a HD camera and have a widescreen LCD screen, which operates both as a video conferencing system and PC display.
STE Left of the personal computer screen we see a Secure Terminal Equipment (STE), made by L3 Communications. The STE is a phone capable of encrypting calls up to the level of Top Secret/SCI. This phone can be used to have a secure line to anyone with a similar device.
IST-2 Right behind the chair of commander Petraeus is an Integrated Services Telephone 2 (IST-2), made by Telecore Inc. This is a so called "red phone", which is part of the Defense Red Switch Network (DRSN), connecting the President, the Secretary of Defense and all mayor US command centers. This is the primary telephone network for military command and control communications.
VoIP phones In the picture above we see three of four Voice over IP (VoIP) phones: at the right end a Cisco SPA and the other three being phones from the Cisco 7970-series. It's likely each of these phones is part of a separate telephone network. Nowadays many military phone networks use Voice over IP, often with Cisco IP phone sets. These phones have no encryption capability, but their voice data networks can easily be secured with specific network encryptors. In the picture below we can see al four VoIP phones, neatly aligned on a shelf and with an organizational chart at the left side of them:
General David Petraeus in his office at the ISAF headquarters in Kabul. (Photo: Adam Ferguson/The New York Times, March 8, 2011)
Printers Also in this picture we see three printers on a table at the left side of the room. Apparently there are separate printers for different computer networks, in order to keep documents of different classification levels separated. At the upper left corner of the front of at least the first two printers we can see the colored classification labels: a green sticker for Unclassified materials on the printer in the foreground and a red sticker for materials classified as Secret on the printer in the middle. The third printer seems to have no marking, but we can assume this one is for Top Secret (orange sticker) or Top Secret/SCI (yellow sticker) documents.
This kind of communications equipment is typical for US military commanders in similar positions. Therefore one can quite easily recognize it also on other pictures of American military commanders and command centers. Contrarily, pictures in which we can see the equipment used in Petraeus' last office, that of director of the CIA, are very rare - but we keep looking!
In a previous article we discussed the Washington-Moscow Hotline, being the most famous bilateral hotline. It was soon followed by direct communication links between a number of other countries with nuclear capabilities. In general these hotlines started as teletype connection, being upgraded with facsimile units in the eighties and were eventually turned into dedicated secure computer networks. An exception is the hotline between Washington and London, which was a phone line already since 1943.
These hotlines between the heads of governments, are meant to prevent (nuclear) war in times of severe crisis. For preventing misunderstandings and miscommunications in less critical situations, countries have also set up lower level telephone hotlines between their defense or foreign ministers. For example, the United States has so called Defense Telephone Links with at least 23 other states.
Overview of both top level and lower level bilateral hotlines worldwide reflecting political and military relationships between countries (Click for a bigger version)
UNITED STATES - RUSSIA - In 1963 the United States and the Soviet Union established the Direct Communications Link (DCL) or Washington-Moscow Hotline. This highly secured connection originally used teletype machines, which were replaced by facsimile units in 1988 and is using e-mail since 2008. - In 1990 both countries agreed to establish a direct, secure telephone link between Washington and Moscow. This maybe the Direct Voice Link (DVL), which is maintained by the White House Communications Agency.
Between the US and Russia there are also the following lower level communication links:
- In 1988 the Nuclear Risk Reduction Center (NRRC) was established at the US Department of State, which is used to exchange information in support of arms control treaties. After the split-up of the Soviet Union this secure data exchange connection, called Government-to-Government Communication Link (GGCL), was extended to Ukraine, Belarus, and Kazakhstan. - In 2000 the US and Russia signed an agreement for the establishement of a Joint Data Exchange Center (JDEC) to share early warning information on missile and space launches to reduce the risk that a test launch could be misread as a missile attack. It's not clear whether this center has already been realized or not.
Besides these bilateral hotlines with Russia, the United States also has the following lower level communication links with other nations:
- There is a secure telephone line called Foreign Affairs Link (FAL) between the US Department of State and Russia (since 1999), Japan, Mexico, Germany and Israel.
- There is a Defense Telephone Link (DTL) between the US Department of Defense and Russia, China (since 2008), Albania, Oman, Qatar, Latvia, Lithuania, Slovenia, Saudi Arabia, Ukraine, Bulgaria, Kuwait, Estonia, Slovakia, Kazakhstan, Macedonia, Bahrain, Israel (since 1996), United Arab Emirates, Poland, Romania, Czech Republic and Austria.
- In September 2011, the United States proposed opening a direct military hotline with Iran to avoid a possible conflict erupting over the Iranian nuclear program. Tehran declined the offer.
UNITED STATES - UNITED KINGDOM - During World War II, two decades before the hotline Washington-Moscow was established, there was a hotline between the Cabinet War Room bunker under Downing Street and the White House in Washington. From 1943-1946 this link was made secure by using the very first voice encryption machine, called SIGSALY. In the fifties and sixties the Washington-London hotline was secured by the KY-9, probably succeeded by the KY-3 voice encryption devices. Eventually, the British prime minister was directly connected to the US Defense Red Switch Network (DRSN).
UNITED STATES - GERMANY - In 1969 president Nixon offered the German prime minister (Bundeskanzler) to set up a secure teletype hotline, like the US already had with Moscow and London. Earlier, president Johnson had called kanzler Erhard by using a standard phone line.
UNITED STATES - CHINA - On April 29, 1998 the United States and China signed an agreement to set up a direct telephone link between the presidents of both countries. - On February 29, 2008 both countries agreed to set up a Defense Telephone Link (DTL) between the US Department of Defense and China’s Ministry of National Defense, which became operational in April 2008. Until 2011 this hotline was used only four times.
RUSSIA - CHINA - A hotline connection between Moscow and Bejing was used during the 1969 frontier confrontation between the two countries. The Chinese however refused the Russian peace attempts, and informed Moscow that the direct communications link "was no longer "advantageous" and normal diplomatic channels would suffice". After a reconciliation between the former enemies, the hotline between China and Russia was revived in 1996.* It's not clear whether this hotline is for record or voice communications. - A telephone hotline between the defence ministries of Russia and China became operational on March 14, 2008.
RUSSIA - FRANCE - Since 1966 there was a direct teletype connection between the French president and the Kremlin. In 1989 the teletype equipment was replaced by high speed facsimile units.*
RUSSIA - UNITED KINGDOM - Since 1967 there was a direct teletype connection between the British prime minister and the Kremlin. In 2011 this hotline was upgraded to a better-encrypted telephone link.
RUSSIA - GERMANY - In 1989 a facsimile connection was established between the West-German capital Bonn and Moscow.* The Soviet Union also had a hotline with Erich Honecker as leader of the former East-German Republic (DDR).
ISRAEL - EGYPT - In 2009 Israeli prime minister Ehud Olmert and Egyptian president Hosni Mubarak agreed to pass on relevant intelligence information immediately using a hotline, primarily to combat smuggling from Sinai into the Gaza Strip.
INDIA - PAKISTAN - In 2004 India and Pakistan agreed to set up a secure hotline between their foreign ministers, aimed at preventing misunderstandings that might lead to nuclear war. - In 2011 both countries agreed to set up a 24/7 non-encrypted hotline between their interior ministers, that will facilitate real-time information sharing on terrorist threats. The Director-General of Military Operations of the two countries already had a hotline.
INDIA - CHINA - Since 2005 there's a non-encrypted hotline between the foreign ministers of India and China for building "mutual political trust". - In 2009 both countries agreed to set up a hotline between their prime ministers, which was meant as a confidence building measure and to maintain regular contacts at the highest level.
INDIA - RUSSIA - There's also a non-encrypted hotline between Delhi and Moscow, which was established before 2009.
SOUTH KOREA - NORTH KOREA - An existing direct communication line between North and South Korea was cut off by North Korea on May 26, 2010. This hotline was reopend in January 2011, together with Red Cross communication channels.
When more information about these hotlines becomes available, it will be added here. Some of the most notable bilateral hotlines will be discussed later on this weblog.
Last month, on November 4, 2012, the National Security Agency (NSA) of the United States celebrated it's 60th anniversary. The NSA is one of the world's largest intelligence agencies, responsible for gathering foreign signals intelligence and protecting domestic communications.
For this diamond anniversary, NSA published a full color illustrated publication (available here in PDF) with an interesting overview of its history. In this booklet there are also nice pictures, some of them unseen until now:
President George H.W. Bush using a secure Motorola STU-III telephone. Such a phone was placed everywhere where the president stayed during a travel, so he was able to always place secure calls. This purpose is also indicated by the plate below the phone. It's not clear what the white device is for. This black Motorola STU-III still served in this function, when president George W. Bush was calling during his stay at the elementary school on September 11, 2001. (Photo: NSA - Click for a bigger version)
The new National Security Operations Center (NSOC) at the NSA This center was established in 1968 as the National SIGINT Watch Center (NSWC) and renamed into National SIGINT Operations Center (NSOC) in 1973. This "nerve center of the NSA" got its current name in 1996. (Photo: NSA - Click for a bigger version)
The NSA/CSS Threat Operations Center (NTOC) at the NSA From left to right we see a black STE secure phone, an unidentified, but quite common black phone, and a white Nortel M3904 phone, which is connected to the NSA Secure Telephone System (NSTS). (Photo: NSA - Click for a bigger version)
Many more new pictures and also newly declassified documents can be found via the timeline at the 60th anniversary-page on the NSA-website!
Earlier this year, NSA also cooperated with the National Geographic Channel in making what is said to be the first documentary about this agency since the 9/11 attacks in 2001:
With a close look at this video, we can recognize a number of different telephone systems used at the NSA. Some of them we already mentioned here earlier, more of them we will discuss sometimes later on at this weblog.
Earlier, we discussed some of the phones which are used by the US president in his Oval Office. Now we have a picture of a telephone set which was used by White House staff members, presumably in the years around 1990, during the presidency of George H.W. Bush:
A White House staff phone from around 1990. (Click for a bigger version)
This is a quite common corded telephone from the 900-series of AT&T. It has standard buttons for program, pause, flash, mute, hold, redial, volume and speaker, and also 16 programmable buttons for two entries each. Red lights indicate when the mute, hold and speaker functions are enabled.
Most distinctive is the big, customized sticker with the security warning "OFFICIAL USE ONLY - WHITE HOUSE NON-SECURE TELEPHONE - DO NOT USE FOR CLASSIFIED OR SENSITIVE INFORMATION"
Allthough there's always a small chance such a sticker could be fake, in this case it's most likely real. Apart from the fact that in real life such warnings are often different from what most people think based upon popular movies, we can also compare this phone with an earlier White House staff phone, which is shown below. On that phone we see almost exactly the same warnings (in black and red capitals) as on the first phone, only slightly different arranged:
A White House staff phone from the eighties. (Click for a bigger version)
The phone in this picture is probably the same one as being displayed in the Icelandic Telecommunication Museum, and which seems to be left there by the presidential staff after the Reagan-Gorbatchev Reykjavík Summit in 1986.
For a nice overview of all earlier phones used in the White House, check the website of Adam Forrest. As we can see there, the president had another telephone in the Oval Office: a Western Electric 18-button Call Director, a type of phone which dates back to the 1960's.
The white AT&T phone in our first picture was probably used until 1996, when the White House got a completely new telephone system. This consisted of an automated private branch exchange (PBX) with black executive phone sets (models 8410 and 8520) from Lucent. Only by then, the old Western Electric at the president's desk was replaced by a high-end Lucent 8520 telephone. Except for a break of a few years, this phone is still there today. White House staff members nowadays also still use the Lucent/Avaya 8410 and 8250 phones.
Based upon popular culture, many people think both the US and Russian presidents have a red telephone on their desks, as part of the famous Hotline between both countries. In a previous article we showed that the Washington-Moscow Hotline is not even a telephone line, let alone there are red phones at both ends. But, as we can see in the picture below, the prime minister of Isreal does have a red phone on his desk:
Israeli prime minister Benjamin Netanyahu (right) and defence minister Ehud Barak hold talks in the prime minister's office (Photo: Ariel Hermoni/Defense Ministry/Flash90, November 2012)
The dark gray phone at the right, which Netanyahu is using, is a high-end Nortel M3904 executive phone - a model which is also used at the NSA headquaters and at the office of the British prime minister. Nortel was a big Canadian telephone equipment manufacturer, but was dissolved in 2009. The Enterprise Voice and Data division of Nortel was bought by the US telecommications company Avaya (formerly Lucent)
The red telephone seems to be a phone from the UD-series of the Taiwanese manufacturer Uniphone, but remarkable is that it has no cord! That makes it looks like this phone was placed there more like a prop, demonstrating the (military/nuclear) power of the Israeli prime minister.
However that may be, in the video below we get an ever closer look at the red phone set. There it sits next to two black phones, one used by Netanyahu for calling the Russian president:
Israeli prime minister Netanyahu calling the Russian prime minister Vladimir Putin thanking for Russia's assistance in fighting the fire in Israel's North (December 3, 2010)
The flat black phone is the Telrad Executive Phone 79-100-0000 from the Israeli telecom equipment manufacturer Telrad. This phone can also be seen at the sitting corner of the prime minister's office and in the office of the defense minister. Therefore that phone must be part of the internal private branch exchange (PBX) system of both ministries. At least at the desk of the prime minister they were replaced by the Nortel M3904 by November 2012.
It's not clear what the red telephone is for, but a likely option is that it's connected to a military command and control telephone network, just like the Defense Red Switch Network (DRSN) in the United States, for which long ago also red phone sets were used.
The day before yesterday, queen Beatrix of the Netherlands announced that she will abdicate on April 30, when she will have been on the throne for exactly 33 years. Her efficient, professional and even perfectionist style is also reflected by the telephone which is on her desk at her office in the palace of Huis ten Bosch: a modern sleek white phone from the Unifoon series:
The Dutch queen Beatrix in her office at the Huis ten Bosch palace in 1987 On the right side of her desk we see a white Unifoon telephone (Photo: Thuring/RVD)
Allthough the Netherlands is a very liberal society, the government and the royal family are still less open. Opposite to the United States, where we can get almost day-to-day pictures of the president and the White House, pictures of queen Beatrix and her surroundings are quite rare.
Queen Beatrix in the same office and with the same phone more recently
The Unifoon was one of the standard telephones sold by the Dutch national telephone administration PTT during the eighties, and therefore could be found in many homes during the last two decades of the 20th century. The phone was available in white, ivory, beige and red. There were also some modified versions, for example for usage with a small private branch exchange (PBX).
The phone at the queen's desk is also connected to an internal network for the palace. Besides that, her Unifoon has no other functions, like for example programmable memory buttons. This fits her style too, as it's known that queen Beatrix isn't very fond of modern technology, apparently she didn't even had a mobile phone for many years. It fits also with the predominantly ceremonial role of the queen of the Netherlands, working at a certain distance of the actual government.
The Unifoon telephone, as advertised in a 1987 brochure from the Dutch national telephone administration PTT (the 149,- guilders would now be 67,- euro)
The Unifoon was developed and initially made by the Nederlandse Standard Electric Maatschappij (NSEM), a company providing telephone equipment to the Dutch national telephone administration. The roots of this company go back to the Bell Telephone Manufacturing Company (BTMC), which started to make telephone equipment for the Dutch and Belgian markets at a plant in Antwerp in 1882. By the end of the 19th century nationalistic policies favoured local manufacturers, and so there came a plant of BTMC in The Hague, for providing equipment to the Gemeentelijke Telefoondienst Den Haag and the Rijkstelefoon. This plant became independent in 1940 and was named Nederlandse Standard Electric Maatschappij (NSEM), manufacturing telephone sets and exchanges from 1948 to 1983. In 1984 or 1985 this company was taken over by ITT and renamed ITT Nederland NV. After the merger of the telecommunications divisions of ITT and CGE, the name was changed to Alcatel Nederland BV.
Besides her office at the palace of Huis ten Bosch, which is the place where she lives, queen Beatrix also has an office at the palace of Noordeinde, which is in the city center of The Hague. Pictures of the interior of this palace are very rare, but from a 2008 book about the palace, we have one great picture of her spacious office room:
The office of queen Beatrix at the palace of Noordeinde
Unfortunately we can't recognize what kind of phone is on the desk, but it seems to be different from the Unifoon which is at the palace of Huis ten Bosch.
Queen Beatrix will be succeeded by her son Willem-Alexander, who will be installed as king of the Netherlands on April 30. In the years to come we will see what will be the telephone equipment of his choice.
On February 1st, senator John Kerry became the new US Secretary of State, succeeding Hillary Clinton, who held this office since January 2009. John Kerry is just two weeks in office, but we already have a nice picture of him in his new office:
U.S. Secretary of State John Kerry speaks by telephone with UN Secretary-General Ban Ki-moon from his Inner Office at the Department of State, February 5, 2013. (State Department photo)
This picture is taken in the so called inner or private office, which is next to the bigger ceremonial office, where the secretary of state is most often seen, receiving and talking to his guests. The smaller private office is used for the actual work, and therefore that's also where the phones are (the US president also has a rarely seen private office, next to the ceremonial Oval Office).
On the desk we see a Cisco 7975 unified IP phone with a 7916 expansion module. With a close look we can see that the phone has a yellow faceplate (like the one in the header of this weblog), instead of the standard silver one, which indicates that it's part of the new, highly secure Executive Voice over Secure IP-network. This network connects the president with all major decision makers.
The phone which secretary Kerry is using in the picture, is a high end Avaya/Lucent 6424D phone set, which is part of the internal State Department telephone network. This phone can also be seen in many pictures of the ceremonial office. Finally, we see a really large videoteleconferencing (VTC) screen with camera on top.
It seems the Cisco phone and the VTC-screen are installed quite recently, because when former secretary of state Hillary Clinton showed her inner office in May 2010, there was at least one other type of phone, which was there already when Madeleine Albright held this office:
Video still of former Secretary of State Hillary Clinton showing her private office to Scott Pelley of the CBS show 60 Minutes. (click to watch the video!)
Former Secretary of State Madeleine Albright in her private office (Date unknown)
In both these pictures, we see a big white Integrated Services Telephone (IST) at the lower right corner of the bookshelfs. This futuristic looking phone was designed by Electrospace Systems Inc. and later on produced by Raytheon. It was part of the Defense Red Switch Network (DRSN), which is the main secure telephone network of the US military.
As we saw in an earlier posting, the president had a newer version of this phone, the IST-2, on his desk in the Oval Office. In 2011 that phone was also replaced by a Cisco 7975 IP phone, just like the one which is now at the desk of the secretary of state. So it looks like these new IP phones of the top secret executive VoIP network are gradually replacing the so called red phones of the DRSN, which is still an old fashioned switched telephone network.
The phones of the Defense Red Switch Network are still sometimes called "red phones", because in the sixties and seventies, the telephones sets connected to this network were often red. A nice example of such an early day red phone is the one in this picture:
This is a very common phone without rotary dial, made by ITT. Phones like this are still available today, for example for hotlines or emergency lines of any kind. That this phone was used for the Defense Red Switch Network (DRSN) is indicated by the label, which says: "Up to TOP SECRET Information may be processed on this system" with next to it, the eagle from the seal of the United Stated and the words "Bureau of Diplomatic Security":
The Bureau of Diplomatic Security (DS) is an agency of the State Department, which is responsible for protecting US embassies and diplomatic personnel and securing critical information systems, like for example the telephone networks.
Therefore, the red telephone in the picture was probably used for a DRSN connection at one of the major embassies, at the State Department operations center, or maybe even in the office of the secretary of state of that time!
Here we see a great and very rare, maybe even unique picture of former US president Ronald Reagan using a STU-II secure telephone:
President Reagan making an early morning telephone call regarding the invasion of Grenada (Photo: Reagan Library, October 22, 1983)
In this picture we see president Reagan making a phone call to his staff regarding the invasion of Grenada. Because he was staying at the Eisenhower cabin on the Augusta National Golf course in Georgia, it was necessary to create a secure telephone line with the White House.
This was done by installing a STU-II, which was the second generation Secure Telephone Unit (STU). This system was introduced by the NSA in the early 1980s, and replaced older systems, like the extremely bulky KY-3, and was the successor to the STU-I.
In the picture we see the STU-II telephone, with handset, a normal keypad, some indicator LEDs and three extra buttons at the bottom, for selecting secure or nonsecure mode. This phone only acted as terminal or user interface, because the actual encryption system was located in a large metal cabinet, with which it was connected through a thick 9-way cable. The STU-II was built by ITT with Northern Telecom as a sub-contractor.
The same room with left to right: national security advisor Bud McFarlane, secretary of state George Shultz and president Ronald Reagan. The STU-II secure phone is on the table at the far right. (Photo: Corbis)
As of 1987, the STU-II was replaced by the much smaller STU-III, which was a secure phone that consisted of one single desktop device only and had much better speech quality. This new phone became available for president Reagan by the end of his second term:
Ealier this month, pope Benedict XVI announced his historical decision to step down from his office on February 28, 2013. This makes him the first pope to resign since 1415! Therefore, a good moment to take a look at the telephone equipment, which is used by this leader of almost 1.2 billion catholics.
Pope Benedict XVI, assisted by his private secretary, signs a papal bull.
In this picture we see pope Benedict XVI at work in his private study in the papal apartment of the Apostolic Palace in Vatican City. At the far right we can see two white telephones sitting on a side table: an older one with a rotary dial and a newer one with a keypad.
The same combination of a somewhat older rotary dial phone and a newer keypad telephone can be seen at the table of the guard, next to the main entrance door of the papal apartment:
Swiss Guard soldier garding the door to the papal apartment, ca. 1989
To prevent people from directly calling the pope, the extension number of the papal apartment is listed nowhere, not even in Vatican phone books. Only a handful of people chosen by the pope himself have his number, which also changes with each new pope. Pope Benedict XVI does not have a beeper or cell phone, but he can be reached through the cell phone of his personal secretary, msgr. Georg Gänswein.
The Vatican receives almost 2,000 calls a day, and there are always a handful of people saying they must speak with the pope for whatever reasons. One of them was Steve Wozniak, the co-founder of Apple, who once dialed Vatican City, using a so called blue box. He identified himself as Henry Kissinger by imitating Kissinger's German accent and asked to speak to the pope. But due to the different time zone, he was sleeping at that time.*
A very rare picture of pope Benedict XVI using a telephone
The papal telecommunications started in 1886, at the beginnings of telephony, thanks to Giovanni Battista Marzi who invented the world's first automatic telephone exchange, which linked 10 separate phones, but could only make internal calls. A few decades later, Guglielmo Marconi effected the first Italian link via radio, connecting the Vatican and the papal summer residence at Castel Gandolfo.
After the 1929 Lateran Pacts agreement with Italy, by which the Vatican City State was created, the Vatican was finally allowed to send and receive calls to and from the rest of the world. Therefore, in 1930 a new central telephone exchange was donated by the International Telephone & Telegraph (ITT). It was installed in the Belvedere building and provided telephone services for approximately 360 end users in the various Vatican offices and residences. The telephone exchange was consecrated by pope Pius XI on November 19th, 1930.
The first Vatican telephone switchboard, with the upper left lines 2 and 3 are for the pope The book is the Annuario Pontificio, the directory of the Holy See (Photo: David Seymour, 1948)
The Bell Rotary Telephone-system was state of the art at the time and had the following functions: 1. Dial a direct phone set inside the Vatican 2. Get a connection with any phone with only two numbers 3. Get an automatic connection with someone in Rome by just dialling the number and adding a "0" in front for an external line 4. Answer calls from outside the Vatican at a post with 2 seating areas 5. priority for some telephone sets for emergencies and important calls
Together with the new exchange, catholics in the United States donated pope Pius XI the first papal telephone: an apparently solid gold phone set, inlaid with mother-of-pearl, emblazoned with the papal arms and decorated with blue enamel. The phone is now for display at the Vatican State Telecommunications Department:
The first papal telephone, donated to pope Pius XI by catholics in the United States. (Photo: Dancejill @ TripAdvisor)
This golden papal telephone was used by several popes, until the end of pope John XXIII's pontificate in 1963. Later, the phone in the pope's apartments was a standard phone in 'papal' white.
In 1957 the International Telephone and Telegraph (ITT) also presented a ceremonial golden telephone to the Cuban dictator Fulgencio Batista. This was depicted in the 1974 movie The Godfather Part II, where "United Telephone and Telegraph" and American industrialists present a solid golden telephone to the Cuban dictator.
Pope Pius XI sitting at his desk, with the golden telephone.
Postcard showing pope Pius XII writing a letter. In the background we can see the golden phone of Pius XI and another white telephone set, probably made by the Italian manufacturer Olivetti.
In the forties and fifties it was very special when the pope was calling. For example, when Pius XII picked up the phone and said his (original family name) "que Pacelli", the receiving end would kneel to hear the papal message.
In 1960 the Bell telephone system was replaced by an ITT Pentaconta exchange with a capacity of 1,500 numbers, which was later extended to 3,000. In June 1992 the Vatican's third central telephone exchange was inaugurated, providing the Vatican with an advanced technological interface, qualifying the Vatican State amongst the first to have a completely numeric telephone network.
The new telephone plant was installed in a forepart of the Belvedere building and consists of a modern numeric telephone exchange with 5,120 terminations. The exchange is also equipped with a numeric switch for operator call management and it is linked via radio to the San Giovanni in Laterano, the Palazzo di San Callisto and the Palazzo della Cancelleria. These Roman buildings are extra-territorial zones under jurisdiction of the Holy See.
Since 1948, the Telephone Service of the Vatican State has been run by members of the religious order of the Society of St. Paul. It employs over 30 laymen, a few priests and a dozen nuns, who are members of the Pious Disciples of the Divine Master. On account of their in-depth knowledge of foreign languages, they work for 24 hours a day in six-hour shifts as operators of the manual switchboard:
Two nuns operating the Vatican telephone exchange (Photo: 30giorni, date unknown)
The Vatican Telephone Service is the telecommunications provider of Vatican City, which is part of the Governorate’s Department of Telecommunications since 2002. The Telephone Service maintains a complex infrastructure of telephone and data networks, designed and maintained by its own personnel. In 2005, the Vatican telephone service handled 8.5 million outgoing calls.
In November 2005 the telecommunications department moved into a new three-story brick building, with sleek, comfortable and modern facilities. They also include historical items, such as papal telephones and early technological equipment, on display in glass cases.
Today, it seems there's also a Voice over IP (VoIP) telephone network inside the Vatican, as the Cisco 7911G Unified IP phone in the picture below indicates:
A Cisco 7911G Unified IP phone on a side table in the Vatican (Photo: Orbis Catholicus Secundus, December 2010)
So, maybe soon the new pope will have the same high-end Cisco IP phone at his desk, as the president of the United States in the Oval Office ;-)
Last week, North Korea said that it entered a "state of war" with neighboring South Korea. According to a report from the state-run Korean Central News Agency (KCNA) this includes a threat to "dissolve" the United States mainland too.
On Friday, March 29, KCNA also released some pictures of the North Korean leader Kim Jong-un, giving a rare look at some of his communications equipment:
North Korean leader Kim Jong-un presides over an urgent operation meeting at the Supreme Command in Pyongyang, March 29, 2013. (Photo: KCNA through Reuters)
Quite surprisingly we see that at the right side of the table, there's an aluminum unibody iMac computer (with a corded keybord and mouse). This computer is made by the American manufacturer Apple and is an iconic capitalist lifestyle item.
If this isn't a fake remake, it's a bit strange that we see this computer here, because there's a full US embargo for exporting products to North Korea. Probably the iMac came in from China, the only ally of the communist republic.
The whole arrangement looks very much like propaganda, and we can doubt whether the iMac is very functional: with a close look we can see that the yellow ethernet cable lies disconnected next to it.
At the left side of the table there are three white telephone sets (no red one!). These phones seem to be the same as the one we can see in the picture below, which looks like a quite ordinary office phone:
Kim Jong-un smoking a cigaratte in an empty looking launch control center, after Pyongyang successfully launched a satellite into space
Earlier in March, North Korea already disconnected various hotlines with South Korea. One hotline, which is maintained by the international Red Cross and runs through the truce village of Panmunjom, was cut off on March 11. This also happened with another hotline, which connects to the US-led United Nations Command at the border.
On March 27, North Korea also cut off a military hotline with South Korea, that allows cross-border travel to the jointly run Kaesong industrial complex in the North. This hotline, which actually consists of four telephone lines, is used to communicate about the daily cross-border traffic of about 900 workers and cargo traveling back and forth to the Kaesong complex.
Now there is still one active hotline left (consisting of three phone lines), linking the civil aviation authorities of North and South Korea.
Around January 20, 2009, when Barack Obama took over the office of president of the United States, there was quite a lot of media attention about the fact that he had to give up his BlackBerry, because it was considered to be a security risk.
This caused almost world wide media attention, but the follow-up was less accurately covered and a number of different stories were told. Here we will show that Obama actually kept his beloved BlackBerry, but only after it had been secured by special encryption software and some additional security measures.
Barack Obama using his BlackBerry 8830 during the election campaign in 2008 (Photo: Getty Images)
Obama's predecessor, George W. Bush, also used a BlackBerry during the 2000 presidential campaign, but had to give it up, as well as the use of any e-mail software, upon taking office. Three days earlier, he sent out a final e-mail to 42 friends and family members to inform them that he would no longer correspond electronically.
Eight years later, Barack Obama was also forced to give up his BlackBerry, not only because of concerns that its communications and e-mail could be intercepted, but also because of the Presidential Records Act of 1978. This makes all written White House communications public property and subject to examination under the Freedom of Information Act (FOIA).
However, this time Obama definitely wanted keep using this popular business phone to stay in touch with people outside the White House bubble. Therefore, the Secret Service, The White House Communications Agency (WHCA) and the National Security Agency (NSA) went looking for a solution.
US President Obama using a silver BlackBerry 8830
Sectéra Edge
Some media suggested Obama had to change his BlackBerry for the Sectéra Edge, a highly secured PDA, which is produced by General Dynamics for the US military. But the Sectéra Edge is quite big, heavy (340 grams) and bulky and therefore hardly convenient for someone used to a BlackBerry. This solution would also require everyone that Obama would like to communicate with to have the same phone, which is priced between 2650,- and 3350,- USD. Secure communications are only possible if both ends use the same encryption method.
According to other sources, the Sectéra Edge was only used in addition to Obama's BlackBerry, until a permanent solution was worked out. Reports weren't clear about how exactly these two devices were combined. Probably the Sectéra Edge acted like an encryptor, which was plugged into the BlackBerry, so Obama could keep using this device to make a call or send out an e-mail, which then went through the Sectéra Edge, encrypting it, before going over the telecommunications network.
The Sectéra Edge, manufactured by General Dynamics
Compromise
That latter, temporary solution must have been even more cumbersome, so a compromise was made, in which president Obama could keep using a BlackBerry, but equipped with a software package to encrypt phone calls and text and email messages up to the level of Top Secret.
For this purpose, the security agencies choose the SecurVoice application, which was developed by The Genesis Key, in cooperation with engineers from BlackBerry manufacturer Research In Motion (RIM). After the NSA did all the necessary tests and checking to make sure the software met federal standards like FIPS 140-2, the highly secured BlackBerry was delivered to the president somewhere in May or June 2009. He also gave up his old e-mail address and switched to a new one, which is kept secret.
Maybe we can see the new, secured BlackBerry in this picture below, where there are two BlackBerrys lying in front of Obama. The silver one seems to be the BlackBerry 8830, which he already used during the election campaign. The black one, probably a BlackBerry 8900, could then be the new secure one, as we can see the president using this one in later pictures:
President Barack Obama works with Jon Favreau, director of speechwriting, on the Normandy speech aboard Air Force One enroute to Paris. In front of him are a black and a silver Blackberry. (White House photo by Pete Souza, June 5, 2009 - click for a bigger picture!)
Detail from the picture above, showing the two BlackBerrys
The secure BlackBerry was not only issued to the president, but also to a small group of people with whom he likes to stay in close contact with. This because, as said, it's only possible to have secure communications if both ends are using the same device. This limited Obama's goal of keeping in touch with the outside world: encryption (still) means exclusion.
The number of people able to message and call the president is probably only between ten and twenty. Included are vice-president Biden, Obama's chief of staff and some of his top advisers, his press secretary, first lady Michelle Obama, a few other family members, and a small group of personal friends from Chicago.
The Genesis Key
The SecureVoice software for the presidential BlackBerry was developed for a small company called The Genesis Key, Inc., based in Washington DC. This company was founded in October 2008 by W. Steven Garrett, who took the name from an item used in the 1986 computer game The Legend of Zelda.
The software was developed in the previous four years, apparantly for one of the projects of Steve I. Cooper, a former CIO (Chief Information Officer) for the White House, the Department of Homeland Security and the American Red Cross. He is now a member of the advisory board of SecurDigital, Inc., a firm founded in October 2009 by Bruce Magown and Steven Garrett to distribute the SecurVoice software applications.
Steven Garrett is a man with a quite surprising background. His Linked-In profiles show that he has been involved in a very wide range of businesess, like manufacturing plants (Fannies Fat free Cheesecakes and Fat Free Burger, providing microwave-ready cheeseburgers to military commissaries!) and marketing & sales (Lion Sportswear and Faded Glory Jeans). He also developed a highly secure appartment building, named Garrett Place. At his twitter account he describes himself as "Proven Rainmaker, Change Agent, Strategist, and Driving Force for Unprecedented, Exponential Growth in Revenues, Earnings, and Market Valuation".
SecurVoice
The Genesis Key released the SecurVoice software in December 2008, claiming this to be the world's first completely secure voice and data encryption solution (SecurVoice should not be confused with Secure-Voice.com).
Allthough there were already a number of other hardware and software encryption solutions, the SecurVoice application should able to protect global voice connections between and within all types of cell, satellite, PBX, SDR and VOIP phones and phone systems. SecurVoice is 100% Java based, which should make it device- and carrier-independent and compatible with all legacy systems.
Each phone can be loaded with up to three levels of security, each one accessible through a separate icon and recognizable by a different ringtone. When dialing a number and this number has a cryptographic key associated with it, then the call is automatically placed as a secured call. If a phone number has no cryptographic key associated with it, then the cell phone operates normally and the call is placed unencrypted.
The SecurVoice software comes in two versions: - Phone-to-Phone (P2P), where secure calls are made directly from one cell phone to another. The price for government users is 1795,- USD per application. - Phone-to-Server (P2S), where secure calls are routed from the phone to an enterprise server and back. The price of a server license is between 2500,- and 25.000,- USD.
It's likely, that for Obama the server solution was chosen. This allows a centralized key management, monitoring of all secure calls and record keeping of the messages. One source says the president may have to wait up to 50 minutes for an e-mail reply, as the system actively sniffs out incoming messages for viruses or Trojan horses.
Overview of the SecurVoice application options (by The Genesis Key/SecurDigital)
Encryption
The SecurVoice software features a dual-layered, or hybrid encryption scheme, which means it combines symmetrical and asymmetrical encryption algorithms. It performs the voice encryption in real time by using a fast symmetric cipher, using a strong key. This key is then encrypted with a public-key or asymmetrical cryptosystem, like RSA or ECC, and transmitted together with the encrypted message. This is also how the vast majority of present-day communications encryption works.
The SecurVoice symmetric encryption uses a 256-bit session (conversation) key, which replaces the encryption every second with non-reoccurring numbers. This session key is a combination (salted hash) of the sender Base Secure Key (stored in the recipient key store) and a random session key. According to the manufacturer, SecurVoice uses classified Type 1 encryption algorithms, which are restricted to government and military users. For corporate users, public crypto algorithms like Triple DES and AES are used.
In case of a SecurVoice enterprise server, the software converts voice into encrypted data, which is then sent over the carrier network to the SecurVoice Enterprise Server where it is decrypted. It is then re-encrypted and sent back over the carrier network to the receiving phone, where it is decrypted and converted back to voice. It's also possible to select different encryption algorithms, so that, for example, encryption from a cell phone to the enterprise server may be the AES algorithm with a 128-bit, while from the server to the receiving phone this may be done by using Elliptic Curve Cryptography (ECC).
President Obama using his BlackBerry 8900 in the limousine while traveling from the University of Indonesia to the airport in Jakarta, Indonesia. (White House Photo by Pete Souza, November 10, 2010)
Security risks
As Obama wanted to keep using a BlackBerry device, the security solution is software only. This still leaves risks like compromised hardware and hacking by means of social engineering. Therefore, some security specialists say that it's not impossible to hack Obama's BlackBerry and that foreign states and other hackers will likely try to do so.
To minimize these risks, the secured BlackBerrys prevent forwarding e-mail messages from the president and sending him attachments. His secret e-mail address is likely to be changed regularly as well and Obama's friends and staff members were lectured about these security issues.
Another risk of the president using a BlackBerry, like a cell phone in general, is that enemies can try to track the president's location in real-time, even when GPS is disabled. Every cell phone regularly transmits it's IMEI-number to the cell tower, and this can be intercepted by devices like a Triggerfish. How this tracking can be done, and countered, is described in this, respectively this article.
One source says the presidential BlackBerry can only connect to a secure base station, which can be used to hide the IMEI-number of the device and thus prevent tracking it. This would mean the White House Communications Agency has to carry such a secure base station wherever the president goes.
There must be even a secure base station inside the presidential limousine, as we can see in the picture above. First because using a foreign cell phone network would be a big security risk, but also because the limousine is most likely constructed like a Faraday cage, and therefore a BlackBerry could only be used if there's a base station in the car itself.
In February this year, the communications division of defense contractor General Dynamics presented a software platform called GD Protected. This is the first product that secures commercial available Android smartphones in a way that they can be allowed to handle classified information.
For decades, General Dynamics has been manufacturing devices for securing top level communications of the US government and armed forces, like the Sectéra voice encryption family. One of those products was a highly secure cell phone for GSM, which was produced from 2002 until 2012.
Securing common cell phones generally requires hardware solutions, but to keep in pace with the fast evolving commercial smartphone technologies, security measures are now being implemented by using software applications. For smartphones there are already quite a number of apps for encrypting voice and data, but GD Protected also secures the Android operating system in order to meet the requirements for handling classified communications.
Initially, GD Protected comes in two different versions, one for the LG Optimus 3D Max, and one for the Samsung Galaxy S IV smartphone. General Dynamics is looking to converge the two approaches in the future, as well as supporting a broader range of Android devices. The pricing has yet to be disclosed, but the company said it would be licensed on a "very competitive" basis.
Both versions make it possible to use the same smartphone for both accessing commercial phone and internet services as well as making encrypted voice calls, using secure email and even accessing classified networks.
Secure voice and data apps
These secure communications are provided by a number of approved apps from a controlled government or enterprise app store. These include a Secure Voice over IP (SVoIP) app which encrypts voice communications and runs over the data network. Other app offerings, available from the third quarter of this year, will include secure chat and secure video conferencing.
With these apps the (voice) data will be secured using two independent layers of encryption, one at the VoIP layer, and the other at the VPN layer, using IPsec. Finally, these double encrypted data will go through servers of the NSA to be verified, logged, and re-encrypted, before being sent back out to the carrier data network and on to its destination.
For authentication there are a pair of authentication certificates residing on the handsets, as well as users being required to log-in with a password before they can use the SIP server.
GD Protected for the LG Optimus
General Dynamics first presented GD Protected at the Mobile World Congress (MWC), which was held in Barcelona from February 25-28, 2013. For this occasion, the product was installed on an LG Optimus 3D Max smartphone and demonstrated to press and public:
Demonstration of the LG Optimus 3D Max, secured by General Dynamics
For this phone, GD Protected provides two separate copies of the Android operating system, one for personal use and the other for business use. A dedicated hardware button on the phone is used to flip between the two environments. This so-called dual-persona feature allows users to seamlessly switch between personal and secure operating modes, indicated by thin green and red borders, respectively.
The personal side is completely open and acts just like a conventional smartphone, whereas the secure side is more restricted. Data is firewalled between the two sides so, for example, data from the secure side cannot be accessed or copied over to the personal side, and the secure side cannot be tampered with by malware.
This partition of the handset into two separate virtual smartphones is controlled by the OKL4 mobile hypervisor or "microvisor" platform, which was gained by General Dynamics from its acquisition of Open Kernel or OK Labs in September 2012.
Additional security is provided by the Fixmo Sentinel Integrity Services. This offers an integrity verification through advanced monitoring and remediation techniques, proactively detecting and preventing mobile device operating system tampering, policy violations, system-level state changes, and the presence of unverified third party apps. The Fixmo Sentinel Integrity Service was developed as part of an agreement with the NSA and is also used by other governments.
Overview of the GD Protected solution for the LG Optimus smartphone (source: Engadget.com)
Compared to the solution for the Samsung Galaxy smartphone (see below), the use of a dual Android operating system for the LG Optimus offers slightly less security, but almost complete freedom on the personal side of the phone. The secured LG Optimus 3D Max will be available through General Dynamics from the end of July 2013.
GD Protected for the Samsung Galaxy
For the new Samsung Galaxy S IV smartphone, the GD Protected software comes on top of Samsung's KNOX platform, which was also presented at the Mobile World Congress in February and was developed in cooperation with General Dynamics. KNOX runs a Security Enhanced version of Android, or SE Android, which has been developed by the US National Security Agency (NSA).
The KNOX platform, which is available for government and enterprise users only, protects both data which are stored on the smartphone and data which are sent and received. KNOX creates an isolated and secured container within the memory area, with its own home screen, launcher, applications, and widgets. Applications and data inside the container are separated from applications outside the container.
Stored data are encrypted using an Advanced Encryption Standard (AES) algorithm with a 256-bit key. For secure communications the Samsung KNOX container comes with a FIPS-certified VPN client called "per-app VPN". This supports strong IPSec VPN encryption, including Suite B cryptography, which is suited for the majority of sensitive communications by government agencies.
Overview of the KNOX platform for the Samsung Galaxy S IV (source: Samsung.com)
With the additional GD Protected the original Android operating system of the Samsung Galaxy S IV will be replaced by a hardened Android version with even more security measures. This replacement is done by simply calling General Dynamics with the IMEI number and then the Android operating system will be replaced via an over-the-air reflash.
The hardened operating system includes root certificates from General Dynamics that replace those from Samsung. This means that any subsequent changes need to be digitally signed by General Dynamics, ensuring the integrity of the Android operating system.
Compared to the dual Android operating systems on the LG smartphone, the Samsung solution of installing new firmware offers a slightly higher level of security but at the expense of user freedom. The GD Protected platform for the Galaxy S IV will be available from May 2013.
Access to US Department of Defense networks
General Dynamics' GD Protected platform was developed according to the requirements of the program for secure mobile communications, codenamed FISHBOWL, which was presented by the NSA in February 2012. The goal of this program is to provide a secure Voice over IP capability using commercial available devices that can be approved for handling classified information.
In October 2012, the US Department of Defense (DoD) announced that they were looking for industry contractors to develop a secure communications system for at least 162.500 iPhones, iPads and Android systems. This should provide alternatives to the BlackBerry, which was until then the only device approved for secured email access to the Pentagon’s unclassified networks.
An interesting coincedence was, that when General Dynamics presented their GD Protected product last February, DoD published a plan to equip up to 600.000 mobile device users with "secure classified and protected unclassified mobile solutions" based on commercial-off-the-shelf (cots) products. This program may eventually be expanded to handle up to 8 million devices.
For use by the US military, General Dynamics already offers a two-factor sign-on process. This is done by inserting a military Common Access Card (CAC) into a separate card reader, which connects to the smartphone through Bluetooth. When a PIN code is entered on the phone, it will validate the PIN against the CAC. This was also shown in a demonstration at the MWC in Barcelona, using a Samsung Galaxy S III:
Demonstration of the two-factor sign-on process using a Common Access Card (CAC)
On May 3 it was announced that mobile devices equipped with the Samsung KNOX platform were approved by the US Department of Defense (DoD) for use in DoD networks. The BlackBerry 10 phones, the PlayBook tablet and the BlackBerry Enterprise Service 10 were also approved, and it's expected that Apple's iPhone and iPad should gain DoD approval later this month.
However, these approvals only grant access to unclassified DoD networks (like the NIPRNet), which is often not specifically stated in press reports. Until now, the only mobile devices approved for access to classified networks are General Dynamics' Sectéra Edge and an NSA directed test version of the Motorola Razr Maxx.
When equipped with GD Protected the LG Optimus and Samsung Galaxy S IV will be the first commercial available smartphones to get access to classified networks. At the moment this can only be used for Sensitive But Unclassified (SBU) communications, but General Dynamics is hoping to attain an NSA certification for classified communications (Confidential, Secret or even Top Secret) in the third quarter of this year. Only by then may these phones get access to secure networks like the SIPRNet.
A Boeing alternative?
Early 2012 not only General Dynamics announced the development of a secure smartphone solution, but also the aerospace and defense company Boeing. The announcement of the latter company got most media attention, but this was probably mainly because (secure) phones seemed quite a strange new product for Boeing, which is by most people only known for its civil aircrafts. A preview can be found in this PDF-brochure of the Boeing Secure Mobile Enterprise program.
Unlike General Dynamics, Boeing has no history in making encryption products and as General Dynamics already presented it's software last February, nothing was heard from Boeing anymore. After a request in March, a Boeing spokesperson told this weblog, the company is still developing a trusted mobile device that will serve the US government, defense and security market. When this phone will be launched is not known yet.
Yesterday, Thursday June 6, The Washington Post and The Guardian came with a breaking news story about a Top Secret NSA program called PRISM, which reportedly collects data directly from the servers of nine major internet companies like Microsoft, Google, Facebook, Skype and Apple.
Many of these firms have already denied that the government has access to their networks. Today both president Obama and director of National Intelligence James Clapper said there is no gathering of information about US citizens or of any person located within the United States.
The Guardian claimed to have obtained 41 slides of an NSA presentation about the PRISM collection program, and showed some of them on its website. But some strange looking details caused a number of people, especially on Twitter, think the slides might be fake.
Here we take a more close look at these slides, which, if genuine, give a very rare look at a recent Top Secret document from the US National Security Agency.
The strangest thing about the slides is probably the PRISM program logo, which is shown at the top right side of each slide. On the Guardian website this logo is also shown separately with an orange background box - the same way it appears on their slides. But as we look at the same slides on the website of The Washington Post, we see that the orange background has been cropped away.
This can only mean that the logo was added somewhere afterwards, and therefore wasn't part of the original slide deck. On Twitter, it was also noticed, that the PRISM logo was made by using a standard clipart image.
UPDATE: One of the journalists of The Guardian explained on twitter, that these differences between the slides are caused by using different powerpoint readers.
Details and explanation of the first PRISM slide
This does not automatically mean the whole slide deck is fake, so let's take a closer look at the rest of the slide contents:
- At the top left and the bottom right corner of each slide we see the standardized classification marking line, showing the classification level and the dissemination control markings. In this case the slides are marked: TOP SECRET//SI//ORCON//NOFORN, which combines: TOP SECRET - the classification level, meaning that public disclosure of the document would cause 'exceptionally grave damage' to national security. SI - Special Intelligence, formerly known as COMINT or COMmunications INTelligence, which means this document is part of a control system for Sensitive Compartmented Information (SCI). ORCON - ORiginator CONtrolled, meaning the originator controls dissemination and/or release of the document. Therefore these are always viewed in secured areas that are cleared for top-secret data and one cannot view or copy such a document without leaving an audit trail. NOFORN - NO FOReign Nationals, meaning distribution to non-US citizens is prohibited, regardless of their clearance or access permissions.
- At the top of each slide we also see the logos of the internet companies involved in the PRISM program. The way these logos are grouped at the top of each slide looks not very professional, it distracts from the content and there's also no good reason for showing them on every slide. Therefore this part is also seen as a typical photoshop work.
- Top left we also see a seal with the words Special Source Operations, which is a department of the NSA responsible for important intelligence collection programs. This seal cannot be easily found elsewhere on the internet and looks well designed, so is most likely real.
- The title of the presentation is: PRISM/US-984XN Overview or The SIGAD Used Most in NSA Reporting Overview. SIGAD is the abbreviation of SIGINT Activity Designator, which is a unique addresss for every signals intelligence collection station, ship, or method and consists of a country code followed by alphanumeric characters. Thus the second part of the title (The SIGAD Used Most in NSA Reporting) refers to the first part, where US-984XN is the SIGAD of the PRISM program.
- Underneath the title there's a line which is partly (Guardian) or fully (Washington Post) blacked out. From what we can read, this line most likely started with the name of the person being the PRISM collection manager, followed by a kind of service/department number. Understandably the name has been blacked out because of privacy and security reasons, and the American paper even blacked out the rest.
- Finally, at the bottom right we see a red bordered box with three lines: Derived from: NSA/CSSM 1-52 - meaning this was derived from the NSA/CSS Manual 1-52 about Classified National Security Information, which describes additional responsabilities of holders of NSA/CSS protected information. Dated: 20070108 - meaning the presentation was derivative of work dated January 8, 2007, which appears to be the date of the NSA/CSS Manual 1-52. Declassify On: 20360901 - meaning the slide deck was meant to be declassified on September 1, 2036. In general, this has to be 25 years from the date of the document’s origin, which seems to indicate that this presentation was classified on September 1, 2011, allthough the first slide itself is dated April 2013.
After this close look at the first slide of the PRISM presentation we have seen that there are a few strange elements, but also that most of the content looks realistic.
Another difference between the slides
Not only there's a difference between the PRISM logo on the slides at the Guardian and the Washtington Post websites, but, as noticed at this website, also on the slide showing in which years the various internet companies were "added" to the program:
As we can see in the picture, the slide on the Guardian website shows a different green arrow underneath the yellow circles than the Washington Post slide does. Both papers each seem to have some slightly different slides, which is quite strange if they really obtained a copy of such a higly classified slide deck. UPDATE: One of the journalists of The Guardian explained on twitter, that these differences between the slides are caused by using different powerpoint readers.
As the presentation concerns signals intelligence, it has to be handled either trough the highly secured JWICS network used by the US intelligence community, or through NSAnet, which is the classified intranet of the NSA. It looks like PRISM is related to NSAnet, as one of the slides says: "Complete list and details on PRISM web page: Go PRISMFAA". Using a command like this appears to be common practice for NSAnet.
As it is very difficult and risky to get the slides themselves out of NSA's control, it is of course far more easy for someone who has seen the presentation, to tell a journalist what was in it. Then some graphic artist at the newspaper could have made these slides according to what was told to him. In this way, the differences between the slides of both newspapers can easily be explained by an internal messing up of some different versions.
The story revised?
Meanwhile, the Washington Post (because they had rushed the publication?) had to walk back a bit from its initial claims by citing a second classified report that identified PRISM as a program to "allow ‘collection managers [to send] content tasking instructions directly to equipment installed at company-controlled locations,’ rather than directly to company servers."
Also the New York Times came with a story which says that each of the large internet companies negotiated with the government about handing out information. As far as this concerns non-US citizens, they are legally required to share the data under the Foreign Intelligence Surveillance Act (FISA) and in this way these companies are providing intelligence agencies like NSA with specific data in response to individual court orders.
These FISA orders can range from inquiries about specific people to a broad sweep for intelligence, like logs of certain search terms. Last year there were 1856 of such FISA requests. In order to make this more easy, some companies agreed with NSA to transmit these data electronically, using company’s servers or even government equipment at a company location. This however is different from giving the NSA wholesale bulk access to user data.
This version of the PRISM story was more or less confirmed by Director of National Intelligence (DNI) James Clapper, who released a statement with a fact sheet (PDF), which says "PRISM is not an undisclosed collection or data mining program. It is an internal government computer system used to facilitate the government’s statutorily authorized collection of foreign intelligence information from electronic communication service providers under court supervision".
More about classification markings
Earlier on the evening of June 8, The Guardian published another slide, to clarify that PRISM, which involves data collection from servers, is distinct from four different programs involving data collection from "fiber cables and infrastructure as data flows past".
This newest slide (shown left in the picture above) seems to have an omission, which can also be seen in some of the earlier slides: allthough they have the obligatory classification line (as described above), and the slide title is marked with the so called portion marking (the (TS//SI//NF) which is an abbreviation of the full classification line), this portion marking is missing in the content.
As the DoD and intelligence community Classification Markings Manuals prescribe, all content of briefing slides, including bullets, captions, titles, and embedded graphs, charts and figures, have to be marked with portion markings at the beginning of each portion (except when a waiver for the portion marking has been obtained). This because parts of a document classified as Top Secret can have a lower classification level or can even be unclassified, which also clearly applies to some of the paragraphs of the slides.
Again, this omission alone does not mean these slides are fake, it's also possible that the author of the presentation was simply somewhat lazy. At least in case of the slide titled "Introduction. U.S. as World's Telecommunications Backbone" the content is public information, for which the overall Top Secret classification would clearly not be justified.
A correct implementation of the portion marking can be seen in some slides about the NSA's BOUNDLESSINFORMANT data mining tool, which were disclosed by The Guardian on June 8. Here we see the slides are marked as TOP SECRET//SI//NOFORN within an orange bar, which is the color code for Top Secret, but with the separate text portions marked as (U//FOUO) as they are Unclassified//For Official Use Only:
With correct markings and a more professional look, these new slides look more credible than those of the PRISM presentation. As government agencies apparently often produce bad looking presentations, this alone doesn't make the PRISM slides fake, but we always should be aware of things like hoaxes, sensationalism and disinformation from whatever source, and at the same time don't get trapped into conspiracy theories.
Other PRISM programs
As there are still questions about what exactly NSA's PRISM program does, it became clear that there are also a number of other intelligence and security related programs called PRISM, which may cause some confusion:
The journalist Matthew Keys discovered that in 2007 a classified Defense Intelligence Agency (DIA) intelligence job listing mentions "national intelligence community collection management systems" like PRISM, COLISEUM and HOT-R. A DIA job listing from earlier this year requires "Experience working in collection requirements management systems and procedures, to include PRISM, HOT-R, GIMS, NSRP, TORS, OSCR, COLISEUM, and CMST"
As this are DIA jobs, it seems however that this PRISM system is different from the one of the NSA. At the website of defense contractor IIT, PRISM is explained as an abbreviation of the "Planning tool for Resource Integration, Synchronization and Management", which just like COLISEUM, seems to be used in the field of Geospatial Intelligence, which analyses satellite imagery of the earth. In this way, PRISM is also mentioned in a number of documents on the Cryptome website. These are dating back to 2003, which is four years before the alledged start of the NSA PRISM internet program in 2007.
The existence of what looks like a third PRISM system was unveiled by this PDF document at the Cryptome website. This document, dated March 21, 2004, describes PRISM (Protect, Respond, Inform, Secure, and Monitor) as a Homeland security Command and Control (C2) decision support system, providing a single end-user application for messaging, alerting, geo-referenced mapping, and asset tracking.
A program called PRISM is also used by the US Secret Service, where this is an acronym which stands for Protective Research Information System Management (PRISM-ID). This system is used to record information that required to assist the agency in meeting its protective mission that includes the protection of the President, and other top level officials. More about this program can be found in this PDF document from 2010 at the Cryptome website.
