Thursday, August 4, 2022

Source Protection

 

Sigint End Product (EP) is the intelligence sent to customers which contains the producing agency's considered view of what material it has intercepted actually means, and is therefore carefully protected, as it can reveal both the source of the intelligence and the methods by which it has been produced. As early as the First World War, was separated into two types depending on whether it had been derived from cryptanalysis or traffic analysis (TA, though up to 1940 it was more commonly referred to as Wireless Telegraphy Intelligence (WTI)). TA reporting was given a wider circulation than cryptanalytic, as it was reasonable to assume that people in other countries knew that their wireless traffic could be intercepted and that it might be possible to draw inferences from it, but both types of reporting were classified. Protecting the source of the intelligence, to ensure that it was not compromised as a source, was part of the process.

There was a rough and ready demarcation between the Services and GC&CS pre-Second World War. The Services believed that they 'owned' TA and GC&CS was prepared to see the Army and RAF distribute TA-derived EP to a wider circulation than was given to decrypts. GC&CS controlled its own product but applied the 'Most Secret' classification indiscriminately to all of its EP, meaning that decrypted diplomatic EP and a decrypted tactical aircraft signal were each given the same classification

With the solution in January 1940 of the current Enigma settings of the German Air Force and later Army the situation changed: 'C' agreed with the service Directors of Intelligence not only to restrict the circulation of Enigma-derived intelligence, but to sanitise EP so that it looked like intelligence from agents rather than Sigint. This meant that 'Most Secret' now covered two different levels of protection: the old 'Most Secret' and the new 'Most Secret CX/JQ' (most intelligence recipients knew that CX meant that the report came from an agent; JQ was used as these were the next two letters to IR (Intelligence Report)).

During the Battle of Norway Sigint was of such operational value that its dissemination became a problem but the battle was over before any handling mechanism could be set up to handle it. The Battle of France came next but it was not until May 22nd, not long before the end, that the German Air Force Enigma was solved regularly. Neither the UK nor France knew how to handle a flood of highly classified material, and neither knew how to interpret it or assess its validity (neither had any idea about how to manage the bilateral exchange either). Some EP reached the British GHQ but is unlikely to have been of any use (see my Sigint Historian: Locking a Stable Door below). The War Office's teleprinter links were of poor quality and completely insecure in France, so an SIS radio link was established in the last few days.

The Admiralty was somewhat better placed. They were already disseminating information to their ships at sea and by using encryption systems with a restricted distribution believed that they could send Most Secret and CX/JQ to their commanders securely (but see Sigint Historian: Ten avoidable problems which made the Royal Navy's encryption exploitable in 1939). Lower-grade decrypts were marked Most Secret by the Admiralty so there was no essential difference in the dissemination of this and CX/JQ.

This was over-complicated. It meant that the value of the intelligence was not at first recognised by recipients and subsequently gave rise to the theory that source CX/JQ was more reliable than (other) Sigint.

Before sending CX/JQ to the Middle East the Y Board agreed two significant principles for overseas dissemination: only to use the most secure cipher systems; and to give Sigint a minimum distribution, and to prohibit redissemination to subordinate commands, except in orders to formations which needed the intelligence for operational reasons, in which case the intelligence would be further sanitised. This clearly established the principle that control of Sigint lay in the UK.

Mobile SIS radio units (SCUs) were used as channels of communication within the Middle East theatre: they weren't intrinsically more secure, but were a time-saving convenience, and a means by which security policy mandated by the UK could be maintained. Any GC&CS EP could be disseminated direct to Commands from Bletchley Park rather than through the Service Ministries. Security of the handling of both decrypted and paraphrased texts was controlled absolutely at either end by 'C'. ('C' wrote to the Director of Military Intelligence in December 1940: "on the question of Security I am directly responsible to the Minister of Defence (i.e. the PM) regarding certain aspects of Y work"; by 1944 he claimed that he was responsible for its Security, not just 'certain aspects' of it: nobody demurred. Did he ask the PM? Did he simply assert his authority?)

When naval machine ciphers were added to the CX/JQ product the Admiralty no longer continue to disseminate Sigint to its naval recipients in the Mediterranean, where this new material was handled in the same way as material for the Army or RAF. But the rest of the output of GC&CS and of service Sigint, both lower-grade decrypts and TA, continued to be disseminated the channels instituted before the war and their security was governed by the Service regulations laid down for Secret and Most Secret documents.

The first attempt formally to classify Sigint and standardise dissemination protocols began in 1941 when it was felt that a 'looseness' had grown up in the way various forms of Signal Intelligence were described and that this looseness was in itself a source of misunderstanding and consequently a danger to security. 'Y Intelligence' was defined as a category of 'Intelligence obtained from a scrutiny of foreign messages intercepted, particularly as to callsigns, frequencies, volume of traffic, indications of priority and from DF bearings'.

A generic codeword ULTRA now covered high grade traffic: in other words, the marking MOST SECRET ULTRA would appear on documents. Its use meant that Sigint no longer needed to be sanitised to suggest that the originator was an agent. As high grade diplomatic became important to Service commands ULTRA began to cover a lot more than Enigma, and needed to be handled and disseminated to many more locations. To avoid duplication and a consequent risk to cipher security all ULTRA now had to be passed through GC&CS. This also meant that security regulations governing both the use and the handling of the ULTRA intelligence should be promulgated from the UK to all recipients. It was difficult to get an agreed set of regulations which would meet the security requirements and the practical requirements of overseas centres, while giving sufficient latitude to the Commands to use the intelligence: this took until June 1942.

In the summer of 1943 Edward Travis negotiated an agreement with the War Department in Washington which included the principles of the existing ULTRA Regulations and Sigint Security, meaning that US would in principle conform to UK regulations. The first step was the issue in October 1943 of an agreed 'Nomenclature', a set of definitions, most important of which was that the words 'Signal Intelligence' included the whole Sigint  process: interception, decryption, analysis (cryptanalysis and TA) and reporting; and 'Y' was limited to interception at stations and DF. More Sigint codewords were set up so that ULTRA was used for the EP from high grade codes and ciphers; PEARL, for EP from low and medium grade codes and ciphers; and THUMB for EP from TA.

The drafting of the complete instructions took much longer, not because they were controversial, but because it was hoped to produce a set of regulations applicable worldwide (in Europe the US had simply adopted UK procedures). They were produced in three separate documents, finally issued on 1 February 1944, but the Admiralty refused to bind itself, adding a statement saying effectively that it would do its own thing, though that just happened to be the same thing as promulgated by the regulations.

The next necessary step was to ensure that analogous regulations covering both British, Australian and American Forces were promulgated in the Far East and SWPA. UK regulations applied in India, but not in Australia, and the Americans, while they had subscribed in Washington and in Europe to the British regulations, had specifically not done so for the Pacific theatre. In July 1944 agreed regulations for ULTRA were promulgated, and in November 1944 for PEARL and THUMB. The USN, however, did not accept them and issued their own regulations in April 1945, dividing Special Intelligence into two categories only – ULTRA, which they extended to cover what in Europe would be considered PEARL, and PINUP, which was essentially THUMB.

It took the formation of STANCIB as an overarching authority in the US, equivalent to the Sigint Board in the US, and, in the UK, the Admiralty's grudging acceptance that GCHQ was the 'owner' of Sigint to allow negotiations for a single set of regulations to take place after the signing of the BRUSA Agreement in 1946, regulations which were to be applied in the US and US, and eventually in Canada, Australia and New Zealand.

So much for handling and dissemination: like Protective and Personnel Security, both of which I have written about before, they are aspects of security around which it was possible to write regulations (however difficult it might be to get sailors to sign up to them) and to enforce. There are still two more aspects of security to deal with, however, and these were much more subjective: 'Need to Know' and 'Action On' are integral parts of Source Protection. 'Action On' is a core issue: there is no point collecting information and turning it into intelligence if nobody can use it; but equally, there is no point using intelligence if its use will make the enemy realise that its secret information is known. 'Need to Know' makes obvious sense: nobody thinks that all secret information should be widely available to everybody; but who decides who needs to know what?

1 comment:

  1. Protection of SIGINT was a fascinating topic, and beyond its distribution, it’s use of course created serious issues in the Middle East at least twice in 1941:

    https://rommelsriposte.com/2012/07/10/protecting-ultra-must-try-harder/

    And

    http://rommelsriposte.com/2010/05/22/the-tragedy-of-the-pows-killed-at-sea/

    ReplyDelete