Saturday, August 24, 2024

Enigma and the Poles

Chris Smith (@spy_historian) tweeted a series of tweets about the Polish contribution to Enigma cryptanalysis this morning. I copy them here, adding some comments, and then write a bit more broadly about the issue. 

CS: Polish work on Enigma was truly impressive. They broke it while the British basically ignored it because they deemed it insoluble. A waste of time.

TC: The British had broken the commercial variant of Enigma early in 1927, and an improved solution was developed in time to exploit its use by the Spanish and Italian Navies during the Spanish Civil War and subsequently. I don't think it's fair to say that they thought the military variants insoluble, but up to 1939 they had no idea how to approach the problem. Put crudely, people who broke book-based codes, and simple electromechanical ciphers couldn't break more complex machine-based ciphers.

CS: They recognised the value of machine-based approaches. Though the Bomba was rapidly rendered obsolete by upgrades to Enigma systems, the Bomba was proof of concept. Use machines to break machines. I've argued elsewhere that Enigma and Bombas were an industrial revolution.

TC: Mechanical support to cryptanalysis wasn't new: Hollerith machines had been used in Room 40 during the First World War and other machines were being proposed in the second half of 1939 as GC&CS recruited from a deeper pool. The specific Polish breakthrough was to design, build and deploy a machine that mimicked Enigma. Following Turing's meeting in Parish with Rejewski he adopted the same concept for his (otherwise very different) Bombe.

CS: The contribution of the Poles, who shared their successes with the British, paved the way for upscaling that culminated in the SIGINT phenomenon that was #BletchleyPark. The BP Trust were right to create a Polish memorial, Prince Andrew was right to gift Poland an Enigma.

TC: Although the BP Trust were wrong to give one of the Enigmas GCHQ had loaned to them to Prince Andrew to gift to the Poles … !

CS: However, it has become a trope that this Polish contribution has been largely unrecognised in Britain and the US. My argument is that this is simply untrue. In fact, from the early days of Ultra becoming public knowledge - 1974 - the Poles were recognised.

CS: It is almost impossible to find a book that doesn't recognise their *massive* contribution. Yet these same texts often state that they have been under-recognised while recognising them. It is a weird, self-replicating myth. 

TC: The problem is that the nature, and particularly the source, of the Polish contribution was either ignored or grossly oversimplified (as largely was the case with the UK's own cryptanalytic work): so little was released by GCHQ in the first twenty years after the 1974 revelation that mythology filled the gaps. 

CS: So powerful is the myth, it has caused minor international spats. The Polish ambassador to the UK complained about Polish elision and misrepresentation (arguably rightly) in the 2001 film Enigma. In 2016, the Polish state commissioned a touring exhibition to correct the record.

TC: Both Enigma and The Irritation Game played their part in reinforcing the mythology (just as U-571 ignored the UK) but Hollywood blockbusters aren't documentaries.

CS: But the record didn't actually need correcting. The early British lit on BP/Ultra was clear that Poles did the lion share of early work. See: Lewin (1978), Calvocoressi (1979), Hinsley et al (1979), Collier (1982), etc.

------------------------------

Actually, Hinsley et al were wrong and their record did actually need correcting. Vol 3 pt 2 (1988), Appendix 30 (pp 945-939) was written by Joan Murray (née Clarke) and Henry Dryden, both wartime Siginters who had stayed on to work at GCHQ, and who were retained after retirement to update the version of the Polish contribution recounted in Appendix 1 of Vol 1 which was written on the basis of records and knowledge which was later proved – for example by the publication of Rejewski’s memoirs – to be incomplete. At best, I don't think it's unreasonable to have expected Hinsley et al to have done rather better first time.

CS: So where does this all come from? As ever Group Captain F.W. Winterbotham. His big splash book, The Ultra Secret (1974), which (sort of) revealed Ultra totally got the Polish work wrong. He was writing from memory and, besides, didn't know everything. Loads of that book is wrong.

CS: Yet as soon as it was published, key people in the know, not least Tadeus Lisicki, a wartime Polish intelligence officer and cryptanalyst, wrote to the papers, in 1974, to point out the Polish work. Lisicki compiled a dossier that formed the basis of important books by Poles.

TC: By Poles, in Polish, and while some were later translated, their impact was limited, not least because the authors weren't appearing at book festivals, on Radio 4 or in broadsheet review pages.

CS: Examples include Garlinski (1979), Woytak (1979) and Kozaczuk (1984). All of which have appeared in English. Newspapers, TV shows, radio comedies and even movies have made the point - though poorly in the case of Enigma. So why does this myth of anglo 'chauvinism' persist?

CS: None of this is to dispute the role Poles such as Marian Rejewski, Jerzy Różycki and Henryk Zygalski played. Quite the reverse. What fascinates me is the endurance of a myth that these pioneers have been elided from English language historiography. They haven't.

I remember telling a friend, when I became GCHQ's Historian-designate in 2008, that the two things I didn't see myself getting involved in were Enigma and VENONA. How wrong I was! Enigma remains a live issue for many – perhaps most – people outside the academic Intelligence Studies community who were interested in Intelligence history.

In the British public imagination the Bletchley Park story was the acme of the Boffinry: the British had been successful in the Second World War because they had out-thought their enemies. To the list of back-room boys coming up with Spitfire, Radar and bouncing bombs, was added the super-smart mathematicians who in complete secret helped win the war by breaking all German cryptographic systems. As with the Battle of Britain, Bletchley Park became part of a mythology of plucky little Britain fighting on alone and prevailing against all the odds, in spite of the evidence. The Polish contribution became merely transactional: a Pole handing over to the British an Enigma machine which was reverse engineered.

This popular narrative would not survive unchallenged the changes in Poland after 1989: the return to democracy, Poland joining NATO and the EU, and the move to the UK of younger Poles who had learned at least some of the story of Poland's contribution to the Enigma story. A Polish/UK Historical Commission reported in the first decade of the twenty-first century and described in English for the first time the breadth and depth of the Polish contribution to intelligence across the board, while GCHQ's massive 1994-2004 release of Second World War records had been absorbed and it was possible to begin to approach the question of Anglo-Franco-Polish cooperation on Enigma rather more reasonably than had been the case previously. Pioneering work by Dermot Turing and Marek Grajek also produced new accessible historical information that could be shared in English and Polish.

The problem I found as GCHQ Historian was that while 'the record' was becoming clearer, the Polish sense of their contribution having been slighted for so long had allowed a mythological counter-narrative to develop in which the UK and France would never have come near to solving Enigma without the Polish contribution. It was for that reason that I coined the term 'Enigma Relay' to try to make two points: first, that the credit of solving Enigma belonged to the allied team, the Poles, French, British and Americans each running separate laps and passing the baton; and second, that solving Enigma wasn't something worth 100 brownie points and that each of the four nations should scrabble to establish how many of the 100 they could each claim. International Intelligence cooperation doesn't work like that; solving Sigint problems doesn't work like that. I tried the 'Enigma Relay' out on a few people and then, when Polish, UK and French Sigint representatives agreed to meet in Warsaw in 2014 to celebrate the seventy-fifth anniversary of the tripartite meeting at which the three countries agreed to share all they knew, put the 'Enigma Relay' concept into the speech given there by Iain Lobban, Director GCHQ (https://www.gchq.gov.uk/news/director-gchq-commemorates-crucial-pre-war-enigma-information-sharing-meeting-poland).

Did this resolve all of the issues? No, of course not. Narratives and counter-narratives, and mythologies, have a life of their own and accurate history will always find it hard to compete against what non-historians would like a two dimensional 'truth' to look like. But reinforcing on every possible occasion the fact that success against Enigma took a lot more than a couple of very bright mathematicians thinking great thoughts, however crucial those great thoughts were, is part of the job. And making British audiences realise that most Sigint successes since 1939 are due to GCHQ's partnerships with Sigint agencies in other countries goes beyond mere intelligence history, and, hopefully, leads people to reflect that intelligence doesn't happen in a vacuum.

Tuesday, August 13, 2024

Sigint Communications (part 1)

This follows on from my previous post, in which I said, referring to a twitter discussion: 

'Part of agreeing with @jock_bruce here is a belief that environmental awareness is an essential precursor for Sigint, and that all is a waste of time without adequate Sigint Comms from intercept site to HQ. Sigint is about the whole of Comms.'

Sigint relies on having a dedicated, high-quality, high speed communications network, linking its national headquarters, intercept stations, intelligence allies and customers. High quality is absolutely essential; high speed will always be necessary in some parts of the network but not in others; a dedicated network is the outcome of two factors: the need for the highest levels of security across the whole of the network, and the need to ensure that prioritisation of traffic flow is something decided on by the Sigint agency and not by the organisation that supplies the comms infrastructure.

The first issue is to ensure that the headquarters can communicate with its intercept stations and with its customers. Preparing for the Second World War, one of the advantages of choosing Bletchley Park as the war station for GC&CS was the fact that the GPO had laid trunk cabling along the LMS railway. When the military elements of GC&CS returned to London after having deployed temporarily to Bletchley during the crisis of autumn 1938, they were able to make reasonable guesses about the comms capacity they would need in wartime, and by August 1939 BP had been well linked by teleprinters and telephones both to intercept stations in the UK and to Whitehall. This network of landlines was expanded and improved during the war under the aegis of the Y Committee. Overseas, however, underpinning the whole question of Sigint communications was the GC&CS policy of centralising UK cryptanalytic effort in the UK, partly from the increasing complexity of cryptanalytical problems, partly from the dearth of trained cryptanalytical staff if a large number of service centres were to be established overseas. (Later experience and the development of cryptanalytical machinery tended to confirm the original policy.) Three overseas cryptanalytical centres were in existence in 1939: the FECB for which GC&CS trained first naval and subsequently military officers; Sarafand, an Army commitment insofar as staffing was concerned, and Simla for which the Government of India found the personnel.

The Mediterranean campaign produced the CBME and the various commands in the field. The FECB was replaced by Delhi and Colombo/Kilindini on the entry of Japan which brought into existence the American organisations in Washington and the SWPA and the inter-allied Combined Bureau in Brisbane. The American policy was likewise to centre cryptanalytical work in Washington. Interception was spread right round the world and intercepted traffic had to be sent to the main centres as rapidly as possible. Long distance air mails were as a rule neither rapid nor certain enough as a principal means of conveyance, so that the whole or nearly the whole burden of carrying the signal correspondence of the Japanese Armed forces round the world fell upon Allied telecommunications. The intelligence produced from the intercept then had to be redisseminated by the same means.

The main source of material from GC&CS between the wars was Diplomatic correspondence which passed over the ordinary commercial WT services, for which interception in the United Kingdom was pure routine, or by cable, the lines of which in very many cases transited British territory. By special arrangements copies of all such Diplomatic correspondence were supplied to GC&CS, coming from overseas where required by sea bag. This was a leisurely proceeding but adequate for the Government' s purposes.

On the military side, and recognising that timeliness was likely to be a bigger issue for military Sigint than for diplomatic, the first meeting to investigate improvements in timeliness was held December 1937 but resulted in little other than an agreement that specified military intercept might be sent by air bag (under diplomatic protection) rather than by sea. The collection of DF bearings, however, needed a more real-time solution. 'C' wrote in April 1938 that 'cable companies claimed that the result of the Derby could be received in the uttermost corners of the earth within 5 seconds of the result being known' and that this must be mirrored by the Signal branches of the Services if DF was to be of any value. This didn't result in any specific action.

In September 1939 the problem of Y communications did not loom very large. The Army interception units that accompanied the BEF only had eleven intercept sets and ten DF sets between them and no plan was in place to site them near the network of telegraph and telephone lines established by the Royal Corps of Signals. The use of wireless for passing DF results was forbidden on security grounds. It was assumed that any Sigint would only be relevant to the BEF Staff so no dedicated link to the UK was planned. The RAF intercept unit sent to France was linked by WT to Cheadle, and thus, if necessary, with GC&CS but was regarded as an offshoot of Cheadle rather than an independent unit, since there was no Air GHQ in France until the end of January 1940. In other words no special system of communications for Y formed a part of the BEF pre-war plan, while in the case of the RAF the deployed unit was part of the home defence system. After a reorganisation of the Army Y system an I(s) staff was formed and sited near GHQ, as was 2 Company GHQ Signals, and a cryptanalytic party formed from the Military Section of GC&CS was sent to the French GQG. Smaller intercept units were moved to Corps HQs at Roubaix and Douai but the only communication with them was by bad telephone lines or by dispatch rider over singularly bad roads. I(s) was, however, in touch with MI8 by unreliable teleprinter though it was recognised that these links would only work while units were static. Material intercepted close to the Front could not be sent to GHQ in a timely manner, so I(s) missed many of the perceived advantages of being in the operational theatre rather than in the United Kingdom. The only means of any military intercepted traffic reaching the United Kingdom was by air bag, though a new DF station erected near Chartres was linked to Chatham by telephone and formed part of the Chatham DF network.

The first RAF unit at Fismes placed two DF units in Bar sur Seine and Amiens in order to form a baseline. These stations were linked by French Post Office landlines and Fismes was eventually linked to AI1(e) through the British controlled Rheims Central. This, it would seem, was led through to Leighton Buzzard Defence Teleprinter Network Switchboard and so, when working, gave them access to Cheadle and GC&CS (though all traffic has to pass en clair). The DF telephone lines connecting Bar sur Seine and Amiens with Fismes constantly broke down and when the organisation was later linked to the Intelligence Staff at AASF and BAFF the same occurred: 'our greatest handicap is landlines' reported the unit. The result was that Fismes seldom got more than a single line bearing, which made DF (and the DF units) essentially useless. A second RAF unit was formed to intercept Italian Air Force traffic from the south of France. This unit had no communications with GC&CS (which produced a lot of good IAF reports) and was handicapped by having few if any trained operators: it was of no real value. It used a courier service, French as far as Paris and British thereafter, which was expected to get the material intercepted through to GC&CS in 24 hours but, in fact, took about a week.

The Admiralty claimed to have a satisfactory teleprinter line to pass naval intercepts from the South of France and told AI1(e) who managed to obtain one, but only in May 1940. In the same way efforts to connect the Bar sur Seine station by British line to Fismes were only successful on the day when the station was handed over to the French during the retreat.

There were, however, arrangements for GC&CS communications with the French: in May 1939 it was agreed that Paris should telephone London at 3 p.m. each day and reports would be exchanged and confirmed later by bag. By August 1939 there was some level of communication between Bletchley Park and the Deuxième Bureau by RT, presumably conducted by Section VIII SIS. A courier service carrying cryptanalytical information continued and was extended to cover meteorological intercepts. The cryptanalytical party from GC&CS sent to the French GQG to collaborate on German Police ciphers and medium echelon Army traffic s needed no dedicated communications with the UK.

The 'Manual of Military Intelligence in the Field' current in 1940 stated that 'Wireless telegraphy is such a reliable and efficient medium of intercommunication that its use in war is indispensable to a modern army. Indeed it is likely that it may prove the only practicable method of signal communication in campaigns involving rapid movement over long distances' but in terms of Sigint nothing had actually been planned to make this a practical proposition.

There are several points to be made about this first phase of Sigint communications. First, nobody had thought about the problems of dealing with the dissemination of high echelon traffic that had to be worked at the centre. Second, there was no solution of German Enigma and no optimism in GC&CS that there might be, so there was no reason to think out a plan for disseminating it. When the Norwegian key was broken in April 1940 there were only normal signals channels and normal signals crypt systems to disseminate the intelligence. When the main GAF key was broken during the Battle of France it was far too late to institute a new communications plan.

The Army view of field Sigint was that it would be wanted in the field and they arranged for interception and for DF on a local scale. They foresaw 'rapid movement' by the enemy but not the corollary: that this would need rapid Sigint communications to cope with it. They had been slow to interest themselves in strategic DF and the development of the Chatham DF network was, at the outbreak of war, still a comparatively recent idea. Chartres DF was an outpost of this network and was given communications in conformity with the scheme. But that the same principle applied to the field units seems to have been overlooked. Very much the same may be said of the RAF field organisation.

Lastly, the Battle of France was over so quickly that there was nothing to inform planning for better communications: either between units; or between units and the deployed Intelligence Staffs; or between any deployed unit and the centre in the United Kingdom. Given the overwhelming defeat of the Allied Armies it would have been hard to show that lack of Sigint communications had in any way affected the issue or that the contribution of Sigint to the general pool of intelligence had been other than comparatively meagre. So when the focus of the war moved to the Mediterranean, Sigint as a whole was still lacking in experience of its real requirements for either long distance communications or with Command Headquarters or for field communications between Y units, and between them and any base organisation formed in the rear.

 

Thursday, May 9, 2024

Environmental Knowledge as a Precursor to Sigint

 

This post arises from a brief discussion on Twitter recently of a comment by Jock Bruce that 'If amateurs talk tactics, and professionals talk logistics, then intelligencers talk comms' to which I answered 'Part of agreeing with @jock_bruce here is a belief that environmental awareness is an essential precursor for Sigint, and that all is a waste of time without adequate Sigint Comms from intercept site to HQ. Sigint is about the whole of Comms.' This post addresses environmental knowledge, the first part of my reply.

Everything below refers to Sigint as practised in the Second World and Cold Wars. This is mainly because it's simpler and easier to explain and understand, but also because none of it is in any way classified. The principles are as true today as they always have been, but I don't intend to explain how they have been adapted in the digital era. How does an Analyst Catch a Terrorist? might give you a start if you are interested. Also, and for the record, no Danes were harmed in the production of this blog post, and the memory of regular attendance at a NATO committee whose Chair, a (retired) Danish Army officer, offered a shot of Gammaldansk to all attendees at 8.00 each morning the committee met, has always drawn me to an idea that Denmark's marauding past might be a lot nearer to the surface than people think.

Let us imagine that the UK and Denmark have become bitter enemies and that the threat of armed conflict is no longer a matter of fantasy. GCHQ's Director goes to a series of meetings in Whitehall and is told that GCHQ must start producing intelligence on the Danish military to assess the level of threat posed to the UK. He gets back to Cheltenham and finds that GCHQ has never really targeted Denmark: there are a few diplomatic and Comintern reports, as well as a bit of  Venona, but nothing since the early 1940s, and nothing of significance ever. So what does it do?

We know that the Danish armed forces will be highly structured and that there will be a radio communications system that closely mirrors the command structure, and therefore the order of battle, of the Danish military. We know that there will be formal processes for transmitting orders from higher to lower levels in the hierarchy and for these orders to be acknowledged, as well as for other information to be exchanged. We know that these processes will be highly structured. We know this because military communications are pretty well standardised. There is a best way of using the electromagnetic spectrum to support military activity and this was discovered and developed in the first half of the twentieth century in much the same way by everybody.

So GCHQ's first stop is Defence Intelligence to ask what it knows about the Danish armed forces. Through the Defence Attaché in Copenhagen they will have at least a top level understanding of the structure of the Danish military. It is likely that they will quickly be able to come up with a diagram like this from open source (NB not Osint – more on this later):


(see https://en.wikipedia.org/wiki/Royal_Danish_Army#/media/File:Royal_Danish_Army_-_Organization_2021.png)

I will stick to the Danish Army from now on, but developing intelligence on the other two arms of service will happen in the same way.

This is the first concrete information GCHQ has about the organisation of the Danish Army and is of great importance because we can predict from the order of battle how different elements of the Danish Army will communicate with each other. For example, there will be a top level Command network linking Army Command, 1 Bde and 2 Bde. It may well include each of the regiments listed on the Orbat (plus or minus the Guards units: are they purely ceremonial or do they have war roles?) depending on how the military is structured to transition from peacetime to war. Defence Intelligence will be developing its understanding of how the rectangles on the Orbat diagram translate into working relationships with the Danish Army and there will be an ongoing dialogue between DI and GCHQ over this. There will of course be a host of subordinate units: each regiment is likely to have battalions, and each battalion companies: but how many, and where, and what comms structures support them?

GCHQ's collection sites will have been tasked to look for Danish military comms. This is like looking for needles in a haystack, but search specialists have a range of skills and tools which make this less frightening that it might seem to the layman. Direction Finding (DF), for example, makes it easy to say that various unidentified comms aren't from Denmark, as well as giving more or less confidence that other comms are. Linguists will be preparing working aids to teach operators basic differences between Danish, Norwegian and Swedish, so that operator chat can be made use of.

Typically at each level of the hierarchy, from the top level Command network described above, to brigade or regimental networks, the search specialists will be looking for patterns: a Control station calls up subscriber stations to its network at fixed times (say morning and late afternoon) one by one. They acknowledge the call up. Control then says which stations it has messages for, and the subscribers say whether they have messages for Control. Some of the messages in both directions will be relays: for example Control asks the subscriber to forward the message to a subordinate subscriber on a subordinate network or the message might be travelling upwards.

But who is who is not very clear: each entity will have a callsign by which it is identified, and it is highly likely that the callsign will be encrypted and so will change every day. Networks at each level of the hierarchy will work in the same way, so it won't be immediately obvious whether an operator is listening to a top level or a low level. Operator chat will give clues; DF will help; analysis of the messages being relayed to see how many levels of hierarchy they pass through; information from allies will give other clues. You will notice that the content of messages doesn't need to be decrypted for this activity to be carried out. Decryption is a very-nice-to-have short cut, but most of this traffic analysis needs to be done anyway. Hopefully, after a few months, a reasonably clear idea of how the Danish Army communicates will have been developed.

But this is no more than a snapshot. Periodically, each network will change the frequencies it works on and its callsign systems. It will have different procedures for use in wartime, procedures which may or may not be the same as the procedures it uses when the units with which each subscriber is linked deploy on exercise.

But the Danish Army has been brought to the same position as the military forces of countries which GCHQ has been monitoring to 'maintain continuity'. There is an art in making sure that the minimum amount of collection resource (because nobody has ever been able to collect everything) can be applied to making sure that the maximum amount of information about the comms structures of potential targets will be produced. For example, a fortnightly check on the comms structure of a logistics battalion in northern Jutland may be enough to reassure you that nothing has changed; a monthly DF check that the callsign associated with a Headquarters element in a bunkered command post is still in situ may be enough for reassurance, but the frequency with which these checks take place has to be adequate to give adequate notice if there is any change.

The key aim of 'maintaining continuity' is ensuring that regular patterns are known and understood. No country can afford to keep its military on high alert for long, and certainly can't keep it on any sort of alert level for ever. Units have to be rotated between more or less forward roles, have to be reskilled to take on new responsibilities, have to be adapted to new roles, as well as having to respond to random events like weather, but these are all more or less predictable, and the manner in which units adapt, as seen from their comms, can give the clue to how they might adapt to future conditions: to war.

So after a few months we have a good handle on the Danish Army. We know what normality looks like. We know what it looks like when it changes its alert level. We know how its comms are likely to change when readiness levels change. We are confident that if they are ordered to war stations, we will be aware and will be able to report it, and to follow them as their comms move to wartime modes.

But none of this is intelligence. We have developed all of the sources of information available to us to be able to keep a handle on how the Danish Army is communicating. But it is only when we take that information and extrapolate from it, for example to say that a major comms change is a regular occurrence rather than an indicator that the Army is preparing for its war role, that we are producing intelligence.

I said above that the organogram showing the high level Danish Army Orbat wasn't intelligence: it's information. It assembles readily available data into readily usable information, but it doesn't answer what for a Sigint organisation – as well as the subsequent all source assessment that Sigint feeds into – is the key question: 'so what?' The same question applies to Osint: yes, finding the data and assembling it into information is important, but the 'intelligence' part of Osint should mean that it explains how the information illuminates what the target's intentions and realistic capabilities are.

All of this is environmental knowledge. Until this level of knowledge has been built up, a Sigint organisation can't begin to produce intelligence. It has to expend significant resource to maintain the environmental information that enables it to turn into an intelligence producer when a target turns active, and is no longer just watched on a 'care and maintenance' basis. And if it has been difficult and complicated with a nation state's military forces, how much more difficult is it with an individual with a telephone? And if state interception of HF signals in free space where users had 'no expectation of privacy' was once unconstrained by the law, as the state (in the UK at least) 'owned' the way in which the electromagnetic spectrum was used, how much more complex is it today to navigate all of the necessary oversight and legislative constraints to obtain and retain information which might never be used?

I suppose that what I want you to go away with is that Sigint is a much more complicated business than you might have thought, and certainly isn't about intercepting and listening to every telephone conversation between London and Washington. The art and science of Sigint happens a lot further back than the point at which intelligence reports are produced, much as a military force's achieving significant effect on the battlefield owes almost everything to what had happened in the background, over a long period of time.

Saturday, January 6, 2024

One Pip Instead Of Two Toots

 

I promised another extract from Signal. This is another story about the Royal Navy's need for comms discipline, and the lengths to which they would act to protect it. This time, instead of chummy telegraphists sending each other messages on the back of official signals, we have a solitary one, onboard a vessel or at a shore station so far down the hierarchy of importance that although present every time his network controller carried out a scheduled call up of his correspondents, our poor hero never once had a signal to send. So one day …  


A nondescript nonentity, a limb of the oppressed,

I wear no badges on my arm, no medals on my chest,

But though my past is colourless, my future dim and bleak,

I cherish a distinction which is probably unique.


Of all the mass of traffic through the tortured ether hurled,

By all the busy Tels of all the navies of the world,

No morse of mine impinged upon a fellow sparker's ear;

I never sent a signal in the whole of my career.

 

I used to wonder meekly when control would let me in

To add my little quota to the universal din.

Then realised my destiny, surrendered to my fate,

Eternally to sit and serve by being told to wait.

 

But once - and only once - I found my baser self constrained

To break the wireless silence I so rigidly maintained.

My weary watch was over, my relief was overdue,

I gently, briefly, pressed the key to see what it would do.

 

I often sit and wonder where that blameless dot has gone,

If still through endless time and space it hurries bravely on,

Disowned by its creator, and dismissed its parent ship,

Unauthorised, attenuated, lonely little pip.

 

But though beyond our universe its travels may extend,

It still will bear my fingerprints on reaching journey's end

And beings in some unknown world may trace it back to me,

As surely as the Flagship did in 1943.

 

Thursday, January 4, 2024

Comms Indiscipline In The Royal Navy

 


In 1993 Captain Barrie Kent RN (Retd) published Signal! A History of Signalling in the Royal Navy. It is one of my favourite books, a serious history interlaced with anecdotes varying from the poignant to the slightly scurrilous. Captain Kent was Head of RN 'Y' during the 1950s, but his book has much more to offer than cryptology in the RN. This is the first of two extracts from the book: they show how seriously the RN took comms discipline. The first is a story from 1931 about Lord Louis Mountbatten when he was Fleet Wireless Officer in the Mediterranean Sea and comes from Arthur McCulloch, a Telegraphist in 1931, but who retired eventually as a Lieutenant Commander.  

'Our transmissions were taped resulting in caustic signals to those not up to his high standard. One 'habit' Mountbatten deplored was the sending of cryptic private messages during the night watches: for example in Coventry we might receive 'INT KYE' from the operator in Bulldog, which meant 'request permission to close down for five minutes to make the cocoa?' If things were quiet the reply would be 'AF'. This procedure would be followed in turn by each ship on the destroyer frequency until all had made their kye. '

Drafted to the Royal Sovereign, McCulloch became a watchkeeper on Fleet Wave, a frequency believed to be monitored by Lord Louis.

At a conference for off-watch telegraphists in the Corradino canteen, Lord Louis said that since he had started monitoring, the efficiency of the fleet's communications had improved dramatically, but the making of private messages was to stop, "The sending of one single 'toot' on the key will constitute a private message and the culprit will be severely dealt with.'

That afternoon things were fairly quiet when McCulloch was handed a message to send to Curacao. Switching on the transmitter, he sent the signal, then reached behind his morse key to break the heavy duty switch; in the process he accidentally caught his elbow on the key, blasting out a loud 'toot' for all to hear!

'That was bad enough but the operator in Curacao forgot the forenoon's instructions and sent back a cheery 'toot toot'. With hardly a pause, out came a signal from the C-in-C

'Report name and rating of operator of the watch'.

'On the Saturday I felt I had better have a final run ashore, all sorts of dire punishments having been forecast by my messmates. While enjoying a few pints one of my pals saw a poster for the Flagship's Farewell Ball that evening; we decided to join in! The dance hall was packed with officers and men from every ship in the fleet, together with their ladies, and a great time was being had by all. Our chance to join in came with the announcement: "Take your partners for the Paul Jones."

'My third partner was obviously an officer's wife, she was a superb dancer and I said so. Just then Lord Louis danced by and gave her a big smile which she acknowledged with a discreet wave. "I see you know my Chief,” I said. "I ought to, "she replied, "I'm married to him!" "If you are one of his telegraphists" she went on, "you'll know he is furious with two of you for making 'toots' or something, In fact we've heard so much of these men that we've christened them 'Toots No. I, and 'Toots No. 2"'. I paused for a moment and then said "I'm afraid' I'm Toots No. I ", She stopped in the middle of the floor and held me at arm’s length, "I don't believe it -I'm actually dancing with 'Toots' himself! You must come and meet everyone."

'Having escorted her to her seat, I set off towards the bar. "McCulloch", Lord Louis' voice boomed behind me, "So, you're the culprit are you? What have you to say for yourself?" The ladies of his party caught up with us and Lord Louis introduced me. "Now, what have you to say for yourself?" I explained what had happened: "Bad luck really Sir, particularly coming on top of your lecture." Lady Edwina spoke up: "I'm sure he is telling the truth Dickie, don't be too hard on him," "Fortunately for you, young man, I'm familiar with the layout of the wireless gear and I can see how it could have happened. Perhaps I should give you the benefit of the doubt. I'll write to your Captain before he sees you, but remember to be more careful in future." I thanked him and shot off to tell my pals what had happened.

'In due course I found myself in front of the Captain. "Ah! I've had a letter about you. I see you had an interview with the FWO ashore and he recommends that I give you another chance. Case dismissed. Don't do it again!" Sad to say my oppo in Curacao was not so fortunate; his Commander had been at Jutland and blamed all telegraphists for allowing the German fleet to escape, so he got a month’s stoppage of leave.'

There is more to this story than meets the eye: the memory of Jutland; Lord Mountbatten's determination that RN signalling would be as good as it could be (I have written about this before (Sigint Historian: Ten avoidable problems which made the Royal Navy's encryption exploitable in 1939)); the sophistication of the RN monitoring process; and the way comms operators can undermine security without even realising that they are doing so.

Monday, December 18, 2023

Secure Speech and Insecure Speech


The story of the inadequacy of allied communications security (Comsec) at the beginning of the Second World War and its gradual improvement tends to focus on signals carrying textual messages, the transition to machine-based rather than book-based encryption systems, and eventually to on-line encipherment, enabling the 'BRUSA Circuit' which linked the UK and US, Australia, Canada, and communications centres serving major allied commands around the world on secure HF radio. It was always possible, though, to deny adversaries any chance of intercepting a message by not transmitting it on a channel accessible to them. For example, transatlantic cables, while theoretically tappable, weren't vulnerable in practice. That meant that the most sensitive material could be sent between the UK and the US without danger of enemy interception. The material would still be encrypted so that as few as possible of the people handling the traffic would see the content, but the authorities on both sides of the Atlantic could be confident that the material would not be seen. This was incredibly expensive – at busy periods a million dollars a month just to US cable companies – but uninterceptable.

But what about telephone calls? There were no secure speech systems before SIGSALY was first used in July 1943. Instead, scrambler systems were used to invert the voice signal. For calls within the UK this was a weaker analogue of the cables: scrambling would be enough to stop operators at exchanges from overhearing the content of a call even though they would know that a call was taking place. There was no doubt that the Germans would be able to 'deinvert' the signal and hear the clear speech if they had access to the telephone lines, but the UK authorities were confident that they hadn't.

The one problem was international telephony. There were no voice grade cables across the Atlantic until the mid-1950s, so international calls had to be made a) on HF which was interceptable and b) protected only by a scrambler, which under certain conditions was processable by German Sigint. Add to the mix the fact that the Prime Minister and the President valued personal contact, and weren't prepared only to communicate in writing, and the potential for significant breaches of security was very high indeed.

Three days after Mussolini was sacked by the King Victor Emmanuel, and after the Italian Government had begun secretly to negotiate armistice terms with the allies, President and Prime Minister had a conversation which led to such a breach. Here is the German report:

'At 0100 hours a radiotelephone conversation between Churchill and Roosevelt was intercepted. It concerned a proclamation by Gen Eisenhower and an imminent armistice with Italy.

Churchill: "We do not wish any armistice terms to be recommended by us until we are formally requested to do so."

Roosevelt: "That's right."

Then they discussed the matter of British prisoners of war in the hands of the Italians with regard to preventing their (the British POW's) removal to the "land of the Huns". Therefore, Churchill wanted to send a dispatch to the King of Italy. Roosevelt took it upon himself to address a statement of his own to "Emmanuel". "I don't quite know just how I'm going to do it."

This is clear proof that secret negotiations between the Anglo-Saxon powers and Italy have been under way.

The Deputy Chief of the Armed Forces Operations Staff made the following observation on this subject: There are some 60,000 British POW's in Italy. The proposals of the Commander in Chief South that these POW's be evacuated from Sardinia and southern Italy have not been acted upon. The Office of Foreign Affairs has been requested to consider the matter.'

This was almost certainly not the first the Germans knew of Italian plans to request an armistice, and, anyway, they had begun to send more troops to Italy as soon as Mussolini had been deposed, but this was, as the German report of the conversation said, clear proof that Italy was ready to change sides.

When I was GCHQ Historian I liked to show a copy of this report to visitors and ask what they thought. The reaction was always the same: the President and the Prime Minister shouldn't have been allowed to speak on insecure links that the Germans could intercept and process. If I then asked who had the authority to tell them that they weren't allowed to speak to each other there was less certainty. It would be a brave official who would attempt to stop them and few people thought that Churchill would meekly accept such advice. 'The King?' one visitor said.

My reaction – at least my first reaction – is different: why was there no secure means for Churchill and Roosevelt to speak to each other? Why did it take until July 1943 (ironically, a fortnight before this particular conversation took place) to develop and field a workable system and why did the UK have to adopt a US system?

I've written enough about the fact that GC&CS didn't take Comsec seriously enough to explain this in part, but I think it's also the case that securing voice communications, which has to be done on-line, was too difficult, and was therefore left to one side until the UK heard that the US was working on a solution. At just about the same time as Alan Turing visited the Bell laboratories and was briefed on the progress of SIGSALY Tommy Flowers was proposing an entirely new sort of machine, Colossus – what would eventually become the computer – to solve the biggest cryptanalytical problem facing GC&CS, and the GPO effort required to make that work probably precluded similar investment in secure speech as well.

The British answer was to copy the US system, but a project (BANGLE) which began in 1944 and which aimed to build 20 machines, based on SIGSALY but miniaturised sufficiently to be used from a 4-ton truck, was unsuccessful and was eventually abandoned in 1953. PICKWICK at the end of the 1950s was the first entirely British system.

Tuesday, November 21, 2023

A Valuable New Book on Second World War Communications Security

 


Anybody who reads this blog will know of my interest in cryptography: the opposite side of the coin to cryptanalysis. How poor UK cryptography was until the middle of the Second World War, and why that should be the case is something I have written about several times.

Today, however, I want to introduce a new book about communications security, mainly from the German side. How secure did the Germans think Enigma really was? Did they really believe that the allies were not breaking their encryption?

Dermot Turing's lates book, Enigma Traitors: The Struggle to Lose the Cipher War addresses these questions. He has trawled through the reports of interrogations of German cryptographers in the postwar TICOM series as well as material in German, American and British archives to come up with a wealth of evidence to support the contention that the potential vulnerability of Enigma to a concerted machine-based attack was well known to German cryptographers. 

Why they continued to use the machine is explained by a number of factors: the inability to envisage the amount of technological resource the US and UK would be prepared to put into the attack; how difficult it was to accept that a system in whose security you have invested so much might in fact not be so secure; and the sheer impossibility of replacing over 30,000 Enigma machines in wartime by something better.

Some of this ground has been trodden previously, and R A Ratcliff's Delusions of Intelligence is still the leading work looking at a strategic level at the consequences of allied and German cryptologic policy during the Second World War. This book is very much bottom up, and focuses on the individuals who were involved, their doubts, their blind spots and their successes.

It isn't only about German cryptography either. It looks at the the insecurity of the codes used by the Royal Navy, and examines in more detail than I have seen elsewhere the claims that the Germans may have read Typex. However, a more detailed look at allied - British, at least - will have to wait until more material has been released.

This isn't so much a review as a recommendation. There really hasn't been enough  research into Second World War communications security and this books brings together so much that either has been lying unread in various archives, or which has been cited for a particular purpose, outside of the context of communications security policy, that it would be odd not to recommend it to anybody interested in the subject.

There is a tendency to think that cybersecurity is a completely new discipline, something which has nothing to learn from the past. While that might be true technologically, the way that humans think about security, and the way in which they persuade themselves that things are secure in spite of evidence that they might not be, suggests that research into the history of security might shed as much light on today's circumstances as the history of  intelligence has. This book illuminates the present as well as the past.