Secure Speech and Insecure Speech

The story of the inadequacy of allied communications security (Comsec) at the beginning of the Second World War and its gradual improvement tends to focus on signals carrying textual messages, the transition to machine-based rather than book-based encryption systems, and eventually to on-line encipherment, enabling the 'BRUSA Circuit' which linked the UK and US, Australia, Canada, and communications centres serving major allied commands around the world on secure HF radio. It was always possible, though, to deny adversaries any chance of intercepting a message by not transmitting it on a channel accessible to them. For example, transatlantic cables, while theoretically tappable, weren't vulnerable in practice. That meant that the most sensitive material could be sent between the UK and the US without danger of enemy interception. The material would still be encrypted so that as few as possible of the people handling the traffic would see the content, but the authorities on both sides of the Atlantic could be confident that the material would not be seen. This was incredibly expensive – at busy periods a million dollars a month just to US cable companies – but uninterceptable.

But what about telephone calls? There were no secure speech systems before SIGSALY was first used in July 1943. Instead, scrambler systems were used to invert the voice signal. For calls within the UK this was a weaker analogue of the cables: scrambling would be enough to stop operators at exchanges from overhearing the content of a call even though they would know that a call was taking place. There was no doubt that the Germans would be able to 'deinvert' the signal and hear the clear speech if they had access to the telephone lines, but the UK authorities were confident that they hadn't.

The one problem was international telephony. There were no voice grade cables across the Atlantic until the mid-1950s, so international calls had to be made a) on HF which was interceptable and b) protected only by a scrambler, which under certain conditions was processable by German Sigint. Add to the mix the fact that the Prime Minister and the President valued personal contact, and weren't prepared only to communicate in writing, and the potential for significant breaches of security was very high indeed.

Three days after Mussolini was sacked by the King Victor Emmanuel, and after the Italian Government had begun secretly to negotiate armistice terms with the allies, President and Prime Minister had a conversation which led to such a breach. Here is the German report:

'At 0100 hours a radiotelephone conversation between Churchill and Roosevelt was intercepted. It concerned a proclamation by Gen Eisenhower and an imminent armistice with Italy.

Churchill: "We do not wish any armistice terms to be recommended by us until we are formally requested to do so."

Roosevelt: "That's right."

Then they discussed the matter of British prisoners of war in the hands of the Italians with regard to preventing their (the British POW's) removal to the "land of the Huns". Therefore, Churchill wanted to send a dispatch to the King of Italy. Roosevelt took it upon himself to address a statement of his own to "Emmanuel". "I don't quite know just how I'm going to do it."

This is clear proof that secret negotiations between the Anglo-Saxon powers and Italy have been under way.

The Deputy Chief of the Armed Forces Operations Staff made the following observation on this subject: There are some 60,000 British POW's in Italy. The proposals of the Commander in Chief South that these POW's be evacuated from Sardinia and southern Italy have not been acted upon. The Office of Foreign Affairs has been requested to consider the matter.'

This was almost certainly not the first the Germans knew of Italian plans to request an armistice, and, anyway, they had begun to send more troops to Italy as soon as Mussolini had been deposed, but this was, as the German report of the conversation said, clear proof that Italy was ready to change sides.

When I was GCHQ Historian I liked to show a copy of this report to visitors and ask what they thought. The reaction was always the same: the President and the Prime Minister shouldn't have been allowed to speak on insecure links that the Germans could intercept and process. If I then asked who had the authority to tell them that they weren't allowed to speak to each other there was less certainty. It would be a brave official who would attempt to stop them and few people thought that Churchill would meekly accept such advice. 'The King?' one visitor said.

My reaction – at least my first reaction – is different: why was there no secure means for Churchill and Roosevelt to speak to each other? Why did it take until July 1943 (ironically, a fortnight before this particular conversation took place) to develop and field a workable system and why did the UK have to adopt a US system?

I've written enough about the fact that GC&CS didn't take Comsec seriously enough to explain this in part, but I think it's also the case that securing voice communications, which has to be done on-line, was too difficult, and was therefore left to one side until the UK heard that the US was working on a solution. At just about the same time as Alan Turing visited the Bell laboratories and was briefed on the progress of SIGSALY Tommy Flowers was proposing an entirely new sort of machine, Colossus – what would eventually become the computer – to solve the biggest cryptanalytical problem facing GC&CS, and the GPO effort required to make that work probably precluded similar investment in secure speech as well.

The British answer was to copy the US system, but a project (BANGLE) which began in 1944 and which aimed to build 20 machines, based on SIGSALY but miniaturised sufficiently to be used from a 4-ton truck, was unsuccessful and was eventually abandoned in 1953. PICKWICK at the end of the 1950s was the first entirely British system.

A Valuable New Book on Second World War Communications Security

 

Anybody who reads this blog will know of my interest in cryptography: the opposite side of the coin to cryptanalysis. How poor UK cryptography was until the middle of the Second World War, and why that should be the case is something I have written about several times.

Today, however, I want to introduce a new book about communications security, mainly from the German side. How secure did the Germans think Enigma really was? Did they really believe that the allies were not breaking their encryption?

Dermot Turing's lates book, Enigma Traitors: The Struggle to Lose the Cipher War addresses these questions. He has trawled through the reports of interrogations of German cryptographers in the postwar TICOM series as well as material in German, American and British archives to come up with a wealth of evidence to support the contention that the potential vulnerability of Enigma to a concerted machine-based attack was well known to German cryptographers. 

Why they continued to use the machine is explained by a number of factors: the inability to envisage the amount of technological resource the US and UK would be prepared to put into the attack; how difficult it was to accept that a system in whose security you have invested so much might in fact not be so secure; and the sheer impossibility of replacing over 30,000 Enigma machines in wartime by something better.

Some of this ground has been trodden previously, and R A Ratcliff's Delusions of Intelligence is still the leading work looking at a strategic level at the consequences of allied and German cryptologic policy during the Second World War. This book is very much bottom up, and focuses on the individuals who were involved, their doubts, their blind spots and their successes.

It isn't only about German cryptography either. It looks at the the insecurity of the codes used by the Royal Navy, and examines in more detail than I have seen elsewhere the claims that the Germans may have read Typex. However, a more detailed look at allied - British, at least - will have to wait until more material has been released.

This isn't so much a review as a recommendation. There really hasn't been enough  research into Second World War communications security and this books brings together so much that either has been lying unread in various archives, or which has been cited for a particular purpose, outside of the context of communications security policy, that it would be odd not to recommend it to anybody interested in the subject.

There is a tendency to think that cybersecurity is a completely new discipline, something which has nothing to learn from the past. While that might be true technologically, the way that humans think about security, and the way in which they persuade themselves that things are secure in spite of evidence that they might not be, suggests that research into the history of security might shed as much light on today's circumstances as the history of  intelligence has. This book illuminates the present as well as the past.

Factors affecting the Use of Sigint

Cdr Alexander Mackay Scobie “Mack” Mackenzie RNVR was a senior member of Naval Section at Bletchley Park for most of the Second World War. He led TICOM Team 4 for a few months in Germany in 1945 and returned to GC&CS/GCHQ to be part of the History Section staying on to the early 1950s (at least). More than some other members of the section, he was less keen simply to document what had happened at Bletchley Park and why, as to draw out lessons that might be applicable to the National Sigint Organisation during some future conflict.

What follows is a short extract from the first chapter of his classified volume (HW 43/61) about the use of Sigint by the Army and Air Force (Volume XVIII of Army and Air Force Sigint.) I’ve chosen it as it makes several timeless points: the limitations of Sigint; how Sigint should be assessed (he uses the verb ‘appreciate’ where we would say ‘assess’) and by whom; the need for those receiving it at commands to know that the secret intelligence they were reading came from intercepted communications; and the limitations imposed by the strict security regime in place. It is an antidote to the view that Sigint was (and is) produced by an organisation able to hoover up, process, understand and disseminate all of the communications of an adversary.

CATEGORIES OF SPECIAL INTELLIGENCE

The three main categories of Special Intelligence relating to the enemy armies and air forces that became available have been classified as "background", "strategical" and "tactical" (or "operational"). The term "background intelligence" was used to cover the information about the outline and detail of the whole enemy war-making machinery which accumulated with the inflow of decrypts from day to day, and was not only the basis for informed judgment of what might be expected of the enemy in any given set of circumstances, but also the main source of interpretation of new decrypts as they became available. These new decrypts, when they appeared, took their place in the store of background intelligence and at the same time, as productive of either strategic or tactical information, might fall into one or both of the other categories. Strategic Special Intelligence fed the Ministries and planning staffs with the enemy's long-term plans and capabilities. Tactical Special Intelligence fed the commands in the field with the enemy's intentions and provided current reports of his operations. Any one decrypt might be productive of Special Intelligence in any or all of these categories, but there were few that did not make some part of background intelligence, since, in the construction of the complicated pattern of the enemy's organisation for and behaviour in war, every item of information was of value.

FACTORS AFFECTING PRODUCTION

Special Intelligence has been defined and divided into the categories in which it became available; now, consideration must be given to the factors affecting the production of the basic decrypt material. For any high-echelon decrypts to be produced at all, the enemy had to use his W/T services, and these communications had then to be intercepted by the Allies. This problem of interception was solved to a greater or lesser degree in relation to the positions of the original transmission of the signals and the strength of those transmissions. Owing to the enemy's possession of the interior line in Europe, transmissions of army and air force communications were not particularly suited to interception by the Western Allies holding part of an outer ring, and this produced the situation in which decryption could never provide complete access to the enemy's communications relating to the war on land and in the air, or to any part of it. The problem of interception therefore produced an unevenness, detrimental to intelligence, in the cover of the enemy's communications which was exaggerated by the next factor, the cryptanalytic problem. Here the question was further complicated by the fact that with cryptanalysis it was not a matter of enemy communications being readable or unreadable in the way that they could or could not be intercepted. The success of cryptanalysis was, to some extent, conditional. That is to say that, given time, certain enemy cyphers yielded to cryptanalysis, while others yielded to increase in cryptanalytic effort. This implies, of course, a system of priorities for cryptanalytic effort, and such a system was in force in the Sigint centre throughout the war; but, in a situation where cryptanalytic machinery was normally in short supply, a concentration of cryptanalytic effort to produce materially more information on any given area or subject would be certain to produce a corresponding weakness elsewhere. At all times a balance had to be struck between the needs of Service Ministries, which wanted everything they could get about the enemy armed forces as a whole, and the requirements of commands in the field, who wanted everything they could get about their own areas and matters of strategic importance elsewhere.

The third factor affecting the production of Special Intelligence was one of interpretation, which could only be solved by the application of intelligence processes to such decrypts as became available of such messages as had been intercepted. The object in the application of these processes was to convert the decrypt into a form in which it could be appreciated by an intelligence officer outside the Sigint centre. The decrypted text of the enemy signal in the original language had first to be emended into reasonable German, Italian, Japanese or other language of origin by the removal, so far as was possible, of corruptions, and by the expansion of abbreviations or conventional signalese. When this had been done the original text had then to be translated into English (usually into technical or Service English, involving knowledge of the meanings of a large special vocabulary), and when finally the English text was available there still remained the problems created by the enemy systems for disguising originators, addressees, positions or intentions, or proforma introduced for convenience in signalling.

Thus, the access to the enemy's communications that was provided in Special Intelligence was access only to such of his high-echelon WT communications as could be intercepted, decrypted and interpreted. While the comprehensiveness and sheer bulk of Special Intelligence might give an impression of complete cover, and while its accuracy and reliability might give it a further use in the evaluation, interpretation and direction of intelligence from other sources, the intelligence officer had at all times to bear in mind its actual incompleteness. It was never safe to discount evidence from other sources or overlook possibilities on the ground that, since there was nothing in Special Intelligence relating to a possibility, it was not worth entertaining.

FACTORS AFFECTING USE

Such Special Intelligence as became available, therefore, provided a literal English version – or as literal as was possible in the circumstances – of what the enemy was saying in his communications and such interpretation of his statements as was necessary to make his meaning clear; and at this point, in theory, the responsibility of the Sigint centre in the provision of Special Intelligence ended. The product was available in its finished form, and that form was not likely to be improved, except through a later amplification of the information it contained.

It remains to consider the factors affecting the use of Special Intelligence after it became available. The first of these factors was the need for its appreciation as evidence of the enemy's capacity or his intentions in conjunction with evidence from other sources. Once the Special Intelligence was available, there was no doubt as to what certain enemy authorities were saying to each other, it remained to discover what this implied – that is to say that although, from the point of view of Allied Intelligence, what the enemy said was of great value, the real worth of Special Intelligence lay in what the enemy's signals implied.

This appreciation of Special Intelligence was, in theory, the business of the intelligence staffs in the Ministries and at commands, it was specifically not the business of the Sigint centre, but such was the nature of the material that degrees of appreciation went on at all stages of interpretation, appreciation and use, in that the better the intelligence officers handling Special Intelligence, the more information they wrung from the decrypt while it was in their hands. Decrypts of course possessed an almost infinite variation in the degree of intelligence that might be hidden behind their literal translation, but apart from hidden implication and in spite of reliability, comprehensiveness and currency, Special Intelligence was liable to two main types of error. The intelligence officer had to ask himself two questions. First, was the originator of the signal stating the facts? And, secondly, what was the true significance of the signal as decrypted? In reaching a decision on the first question the intelligence officer had to bear in mind that the originator of the signal might have been ignorant of the facts or distorting them for his own purposes, so that a decrypt might be factually wrong or deliberately misleading. It could be wrong, for example, when an air force liaison officer was reporting on army formations, it could be misleading when an anti-aircraft battery, reporting "no damage” after an air attack, was reporting the condition of the battery rather than the state of the target. As to the significance of the decrypt, an intercepted signal might only be a part of the whole message or it might be confused with jargon or cover-names to the point of being meaningless; or, and this was the case with the greater part of the Special Intelligence that became available, the text in itself might be unimportant or apparently routine, an isolated scrap of information for which an operational or intelligence context had to be built up before it assumed any significance at all. This problem of interpretation was dealt with by the intelligence officer attaching such comment to the signal as he considered necessary for its use in the next stage – its appreciation either at the Ministries or at commands.

Dissemination was the next factor affecting use. Once the best possible sense had been made of the Special Intelligence available, it had to be pushed out, some part of it to the Ministries and some part to commands. Throughout the war the handicap imposed by communications on the use of Special Intelligence was gradually reduced from an absolute prohibition in the Norwegian campaign of 1940 to a situation where, in 1944, the Ministries and certain headquarters in Europe were being fed continuously by teleprinter, and other commands, up to fifty or so in all, through the SLU/SCU organisation. To cover the reduction of this handicap in a few words, it can be said that in the Norwegian campaign the comparatively small amount of Special Intelligence available could get no farther forward than the Ministries, as no means of communication capable of carrying material of such secrecy existed between the Ministries and commands in Norway. In the campaign in France in 1940 Special Intelligence could be got as far forward as British GHQ and AHQ and French GQG, but only in a disguise calculated to give the impression that it was a series of reports from agents. As a result, and in the general confusion of the campaign, it was never used effectively. In the Balkan campaign of 1941 Special Intelligence reached as far forward as the British GOC and AOC in Greece in the form of appreciations, and by now recipients were aware of the nature of the source and had begun to benefit from it. It was considered, in the case of GOC Crete that, in his exposed position, Special Intelligence could only be provided under its Secret Service disguise, and this was done on the Prime Minister's decision. It was not until the campaigns in the Western Desert, however, that Special Intelligence began to reach in an organised manner the commands organised to use it, and not until the Battle of Alamein that, in the words of Brigadier Williams, later BGS(I) 21st Army Group (who subsequently wrote a history of the Army’s use of Ultra), Special Intelligence put Army Intelligence on the map and "henceforward we were going to use it".

By the date of the first of the combined landing operations in the Mediterranean (November 1942), the arrangements for the supply of Special Intelligence to commands in the field were being laid on as part of the normal intelligence requirement; and with successive landings in Sicily and Italy the dissemination of Special Intelligence developed into the organised services provided for the landing in Normandy in 1944.

The limitation on the use of Special Intelligence in the field imposed by the need for security was, of course, a part and a cause of the difficulty in the provision of adequate communications; that is to say, that dissemination to a prospective user of Special Intelligence could be as effectively restricted by the danger to the security of the source as by the lack of adequate communications, and the one, the need for security, might be the cause of the other. By 1944 the regulations governing the security of Special Intelligence covered some eight pages of foolscap, and were the result of several years of trial and error in the handling of the material during which it had been discovered that the value of the source was so great, and access to it could have been terminated so certainly by the enemy, that opportunity for effective action that might however have exposed its true nature had constantly to be denied to commands in the field. As an example, no direct action on Special Intelligence was permitted unless there was a possibility, which the enemy would consider reasonable, that the information might have become available from lower grade Sigint or non-Sigint sources. Of course, specific action could be taken to provide such camouflage, as, for instance, in the case of the development of the Allied sea and air offensive against the merchant shipping that carried military supplies to the Axis forces in North Africa. Very full information on the shipping engaged on this traffic was available from several sources, but the cargoes carried in individual ships and the exact routes they would follow were known only from decrypts; other Special Intelligence at the same time showed what commodities – fuel was usually the chief of these – were in short supply, and as a result the Royal Navy and RAF were able to devote attention primarily to those ships whose loss would do the enemy most harm. In order to overcome the suspicion that might be aroused in the mind of the enemy through the continued success of this policy of selection, it became the practice to fly aerial reconnaissance to spot ships whose course or location at a given time had been revealed in Special Intelligence. Once the enemy had been made aware of this reconnaissance the information provided in Special Intelligence as to which ships would make the most profitable target could be used to the full.

That these precautions were effective is shown by the fact that time and again the right ships were sunk, and at no time did the enemy consider that his cyphering systems were vulnerable; but the necessary restriction on the use of Special Intelligence was severe and caused many practical difficulties. Apart from the actual prohibition of use because the Special Intelligence was not covered by information from a more open source, there was, certainly up to the end of 1942, the danger that the disguise of the source as an agent would have the effect of reducing its reliability in the eyes of the recipient and so make him less inclined to take the information provided at its actual value. Moreover, as Brigadier Williams discovered, "once you began to pretend that it was an agent, not only was the story highly unconvincing to those who bothered to think about it (there were surprisingly few who did) but it entailed a lessening of security in discussing it".

The need for security therefore placed a double restriction on the use of Special Intelligence in operations. Not only could disguise adopted for security purposes lower the worth of the information in the eyes of the prospective user, but the lack of a possible open source of the information might prohibit its use altogether.

 

Postwar Development of New Cipher Machines in the UK

Typex Mark 22

Although there were a few other encryption machines available to the UK at the end of the Second World War (eg Rockex, Morsex and 5 UCO), Typex and the CCM were the only general purpose off-line cypher machines available to the British Services. A new machine was needed, though it was clear that this would take some time – years – to be delivered and so modifications were made to the Mark II Typex (the model in most extensive use) and it was rechristened the Mark 22, or Mark 23 when adapted to take a CCM adaptor. 

At GC&CS Gordon Welchman had thought about a successor to Typex and had devised a rotor scrambler both to replace it and to be field-deployable. A key security feature was a daily change carried out using multi-point plugs, but in January 1945 Alan Turing's investigations showed this to be practically impossible. Welchman therefore decided to dispense with plugboards and found a solution, which he embodied in a paper of 6th March 1945, describing his final specifications for a 26-way scrambler - the RM 26.

A Canadian Army officer, Lt Col B de F "Pat" Bayly had developed Rockex, a one-time tape machine during the war, and thought a small and light machine embodying Welchman's scrambler could be made for use in the field.  In November 1945 he signed a five year contract with the Foreign Office to develop such a machine from his base in Canada. Bayly was told in 1946 that there was no idea of tying him down to a specification, because the whole object of the contract was to enable him to do some free research into the electromechanical application of the RM 26 principles.

In August 1947, a further letter requested a technical write up of progress: the Services were looking on RM 26 with interest, and had asked how Bayly might react to a US development engineer's being seconded to work with him. Bayly replied promptly, saying that he had completed his progress report, and reminded GCHQ that he had been told that this was a long-term project. As there were so many innovations and as considerable improvement in reliability would be necessary before this machine would be useful, Bayly did not believe the machine would be ready to show the Americans for another three or four years. (He also believed it would be a bad thing to attach an American to him, as the result might be the development of a purely American machine incorporating RM 26 ideas.) Further delays were incurred due to a serious illness suffered by Mrs Bayly.

After a couple of visits by British specialists to the Canada, Bayly was asked to send the model he had made to the United Kingdom no later than the end of August 1948, together with a detailed statement setting out what items in the project had been incorporated in the model, what had been found impracticable, and what had not been attempted. British experts concluded that the RM 26 proposals used unnecessarily over-complicated mechanical arrangements and that conventional engineering was preferred; and that the project was not worth while pursuing unless there was a specific operational need for a machine operating on RM 26 principles. The experimental model offered little prospect of providing a successful solution. As a result of this report the project was cancelled.

RM 26 is a good example of how not to organise a project. The aim was changed twice and lost clarity in the process; direction was faulty and supervision inadequate; resources were lacking for proper research and development; and both time and money were wasted through delay in investigating the practicability of the design. It probably didn't help either that the work was being carried out in Canada. In terms of development of a Typex replacement, these years of development had been wasted.

Meanwhile, a member of GCHQ had spoken about the need for a small, secure cipher machine with a tape output to the GPO, which produced a draft specification (codenamed Fruitex Minor) of a battery-operated machine, which the services accepted in December 1947 as a basis for design effort, though with the more prosaic name of DUP 1 (Development Unit Project No 1). This quickly ran into trouble. Its specification proved to be over-fussy: if a reliable machine were ever produced from it, it would be too delicate for use in forward areas, and it would be impossible to mass produce. A new specification was drawn up, and subject to security endorsement which was given in December 1949, was offered as a basis for contract discussions. Early in 1950, the Creed company agreed that if a contract were signed by September 1950, it would deliver 5 units a week starting in September 1951, and that 150 units would be delivered by March 1952. This was subject to the prototype passing service acceptance trials and the specification not changing subsequently. In the event, the trials overran, and the specification was developed into four variants, under the overall codename of Portex, delaying production further.

In exchange for an offer from the US for the UK to inspect a pinwheel machine designed for use by merchant shipping, the US authorities were sent the details of Portex. However, in May 1952, a US security evaluation for Portex was issued, saying that it was too weak for its use to be allowed. It turned out that the security approval given in December 1949 should not have been granted, and more design work was need to correct the errors. In the event it was only in September 1954 that production of Portex began, just under seven years from its being proposed.

The specification for a new Typex replacement specification (DUP 2) was only agreed in January 1949. The basic requirements were:

(a) it must be suitable for UK/US communications, which entailed a 26-way keyboard and scrambler;

(b) since many ships in the Fleet could only carry one machine, it would be required for intra-Naval communications, as well as for communications between the Navy and the other two Services;

(c) for Naval use size and weight should be kept to a minimum, and for ease of maintenance it should be mechanically and electrically simple;

(d) in the Army and RAF it should provide a satisfactory replacement for Typex 22, and it should be suitable for use at higher formation headquarters, where page printing and 32-way operation, needed for the rapid handling of traffic, were more important than limitations on size and weight.

It was clear that the small machine that could satisfy (a), (b), and (c), was a different machine from (d). Work on the former began under the codename Singlet, while a new specification was to be drawn up for the second (codenamed Pendragon). This work was delayed because the US was designing a new CCM and there weren't enough British specialists to work on the two projects simultaneously.

A prototype Singlet was completed in 1951 according to the 1949 specification, but the specification was modified in 1951 and a new prototype had to be developed. A prototype Pendragon had been built, but no subsequent modification was carried out. By October 1952, the Service requirements for Pendragon had changed sufficiently that it was decided that while design work would continue on both Singlet and Pendragon, for delivery as soon as possible, planning for a successor to both of them, with an expected delivery date of some five to seven years, should begin under the codename Copperfield.

In the event Singlet deliveries began in 1959, ten years after its first specification was issued, while the requirements for both Pendragon and Copperfield were subsumed into Alvis (which in its first incarnation had been codenamed Cheapex).

This piece complements other posts here about Sir Edward Bridges' thinking about whether the security mission belonged inside GCHQ. None of the machines being used at the end of the war had been designed by GC&CS (indeed, in the case of Typex, GC&CS input had been sedulously avoided) and the project management of RM 26, Portex and Singlet was so deficient, that it is probably not hard to see members of the Cypher Policy Board dreading the agenda item 'Machine Development' at their meetings.

There was a similar lack of development of machinery to support cryptanalysis at GCHQ during this period, though this was because the machines which were moved from Bletchley to Eastcote, and subsequently to Cheltenham, were believed adequate to the tasks at hand, and it was only the development of General Purpose Computers later in the 1950s that began to change ideas about how computers could be used.

There was a requirement for better cipher security after the Second World War, but, separate from the status of communications security in a primarily signals intelligence organisation, the Services' grip on Comsec was much greater by 1946 than it was on Sigint, and the Cypher Policy Board, which was where GCHQ and the Services met to collaborate on security, operated at too high a level to be able to provide the detailed oversight of development activity.

 

 

 

"A Matter of High Policy"

Harold Charles 'Ken' Kenworthy is one of the less well-known of the technical experts of Second World War Sigint. He was Head of the Metropolitan Police Sigint unit when he became part of GC&CS in 1939, asked to oversee the work of the GPO operators at Brora, Cupar and Sandridge as well as that of his operators. He became Head of the GC&CS Research Station at Knockholt which took German teleprinter traffic. He designed the original 'Tunny' machine to process enciphered teleprinter signals. He progressed in GC&CS during the war, and continued to work in GCHQ afterwards.

Even less known is the story of how he came to be employed by the Police. He had become interested in Sigint when, as a Lieutenant RNVR, he was Port Wireless Operator at Gibraltar during the First World War. He carried out interception of Spanish government traffic to prove that it was they who were deliberately jamming British reporting of enemy submarine traffic, and developed the first British D/F network in the Mediterranean to focus on Austrian submarine traffic. After the war, he took up a post with the Marconi company. In 1922 he went with a party from Marconi to India: he demonstrated the state of the art in High Speed Working to the Indian PTT which immediately placed a large order for the equipment. Kenworthy was therefore moved on to help demonstrate transportable radio telephony to the Indian authorities, and set up and carried out successful experiments designed to show that radio telephones could be operated from moving vehicles. On his return to the UK he demonstrated this capability to Scotland Yard in January 1923, and when the Metropolitan Police ordered this equipment for their vehicles, Kenworthy was loaned to them by Marconi, a loan which eventually became a transfer. By 1926 he was Head of the Met's Sigint Station which was based at Scotland Yard until 1936. 

He wrote a short memoir of his Sigint service in 1957 when he retired which is now in TNA in Kew (in HW 3/81). One of the stories he tells is of illicit wireless usage during the 1926 General Strike which was exposed by innovative technical equipment he designed pretty well on the fly and which might have resulted in acute public embarrassment for a certain party had not 'higher policy' intervened to keep the matter secret. Now read on …

"During the years 1923 to 1926 a certain amount of interest was taken in the use of short wave and out of petty cash an experimental transmitter and one or two receivers were gradually constructed. It was on one of the latter that the first strange unknown signal was intercepted which had a direct bearing on future Foreign Office interception. It occurred on the first day of the General Strike in 1926 when one of the PC operators reported a station on short wave with a very strong generator hum using a German call sign 'ABA'. At least it appeared to be German but several things were observed. Firstly Berne three letter call sign allocations for Germany had not passed AD; secondly the station was so strong (from Scotland Yard) that a local station was suspected. Thirdly, it was assumed that as it was apparently working in London and using a false call sign, it must be unauthorised. Immediate contact was made to the Assistant Commissioner Special Branch Sir Wyndham B Childs. The Assistant Commissioner rang up Chief SIS with the result that a Col Peel arrived shortly with Mr L P Lambert [Wireless Technical Expert of GC&CS]. As soon as they were convinced of our reliability as communication personnel they agreed that we should endeavour to locate this station as it appeared to belong to a subversive organisation having some bearing on the General Strike. For some reason best known to SIS and Assistant Commissioner it was decided that the problem should be tackled by ourselves without calling in the GPO. To this end Mr G M Wright and Mr S B Smith, both well versed in DF practice were asked to co-operate and the Marconi Company set about improvising two mobile DF installations and installing the apparatus in Crossley Tenders loaned by the police. This work took time but in the meanwhile the author [i.e. Kenworthy] made a portable DF set and put it in a Gladstone bag. During this period all transmissions were being logged even to the number of callsigns. The signals which were being passed made it clear that other stations were being set up.

The portable set was put to good use. Influence by Assistant Commissioner and SIS made it possible to get access to roofs of buildings in the vicinity of the suspected source of signal which had been roughly located by taking a completely empty van and sitting on the floor with the Gladstone Bag. It was as well that this small piece of apparatus had been made because the two vans fitted by Marconi proved to be wash-outs owing to reflections from buildings making 'cuts' impossible. It was gratifying that the work put in by the Wireless Telegraphy staff of Scotland Yard and Mr Lambert was finally rewarded by actually 'walking in' from the roof tops into the top floor of a building housing the transmitter whilst the operator was using it. The result was an anticlimax as the transmitter had been set up by the Daily Mail, who thinking that Post and Telegraph personnel would be joining the strike at any moment decided to try and be ready for a 'coup'. The call sign ABA was derived from Alfred Harmsworth. As a matter of high policy nothing was ever published of this exploit."

Where in the System should Comsec Belong?

I have written before about the parlous state of cryptography – communications security – before the Second World War, and until the point late in 1941 when Sir Edward Bridges, the Cabinet Secretary, began to interest himself in the subject. In January 1944 the Prime Minister accepted a proposal from the Chiefs of Staff Committee. It agreed that: 

1. A controlling authority should be established with responsibility for:

(a) Policy regarding the security of British encryption systems, including decisions on any new encryption devices and on any safeguards which might be necessary in their use.

(b) Ensuring due supervision of encryption by the Services and by Government Departments.

2. The Controlling authority should be known as the Cypher Policy Board (CPB), and its decisions should be regarded as having ministerial approval. It should consist of:

(a) The Director General of the Government Code and Cypher School ('C') – Chair

(b) A representative appointed by the Chiefs of Staff Committee

(c) The Cabinet Secretary.

3.  A new section of GC&CS should be established to deal with the security of British encryption (and of Allied systems in so far as British commands were concerned). This section would have as its head an Assistant Director of GC&CS known as CSA (Communications Security Adviser) who would also act as Secretary of the CPB and Chair of the existing JIC Cypher Security Committee would now be responsible to the CPB.

(Not included in this plan was 'wireless security'. MI5 was responsible for ensuring that the only people transmitting were those authorised to do so, and for monitoring their use of transmitting equipment; and for ensuring that the physical security of transmitters was maintained. It carried out those responsibilities without reference to GC&CS: indeed, for practical purposes their main direct relationship during the Second World War was in connection with the encryption systems used by German agents. The transfer of the Radio Security Service (RSS) to GCHQ after the war would eventually lead to an increased collaboration between GCHQ and MI5 on the intercept of illicit transmissions, but that is another story.)

This structure paralleled the structure for oversight and management of Sigint: a board of stakeholders (CPB for Comsec, LSIB for Sigint) oversaw the tasking and budget for the two parts of GCHQ, leaving Director GCHQ and CSA to operate within the framework they were assigned.

The structure for Comsec was maintained for some years but the services were unhappy about the pace of development of new encryption machines, and felt that the proliferation of committees (for example the Services Cypher Policy Committee, the Speech Secrecy Panel, the Cypher Machine Development Panel) was pulling the CPB away from its original terms of reference. The matter was formally discussed at a meeting of the Cypher Policy Board in October 1952. Sir Edward Bridges gave his opinion that it was inappropriate that a Sigint organisation – GCHQ – should be responsible for cryptographic policy. A review of the CPB was commissioned which eventually concluded that a different agency, independent of GCHQ, and to be known initially as the London Communications Security Agency, should be responsible for Comsec, under the oversight of a new London Communications Security Board. The Board was chaired by 'C' initially, and the Heads of the Signals and Intelligence Divisions of each of the Service ministries, as well as representatives of the Foreign Office and GCHQ, were members. From 1956 the Foreign Office nominated a Chairman (Pat Dean) common to the JIC, LSIB and LCSA. 'C' remained on the Board, and for the first time the Director General of MI5 (Sir Roger Hollis) was invited to be a member.

A new Director LCSA, Captain Stannard, was appointed in November 1957 and the LCSB Chair wrote a letter to Hollis in which he referred to a decision taken by the PUS of the Foreign Office, the Joint Permanent Secretary to the Treasury, and the Chiefs of Staff (to whom collectively the LCSB was responsible) that Director LCSA should be responsible under the general direction of the Director-General of the Security Service for day-to-day decisions on behalf of the LCSB. This would entail an amendment to the terms of reference of the Director LCSA who wrote a paper outlining the role of the LCSA and its relationship to DG MI5 and Director GCHQ.

These can be summarised as:

(a) Transmission Security: LCSA should advise on the transmission security of all communications and non-communications equipments and techniques and agree with the authorities concerned on the principles of protection.

(b) Cryptographic Security: LCSA should, in addition to its current work on the protection of communications against cryptanalysis, advise on the means of cryptographic security protection in all new forms of communications and develop the appropriate security techniques and equipments required.

(c) Requirements for Communications Electronics Security Equipment: LCSA should be responsible for:

(i) Evaluation and determination of requirements

(ii) Development of appropriate security techniques

(iii) Coordination of research, development, and production to meet new requirements.

(d) Consultation with the Security Service

The provision of advice on all aspects of Transmission and Cryptographic security should be the joint responsibility of the Security Service and LCSA. The former should advise on personal, documentary and other physical security measures to protect the equipment and related information, whilst the latter should advise on measures to protect the transmissions. LCSA should provide the Security Service with the technical guidance which it might require in this connection and incorporate Security Service advice in the communications-electronics measures which it recommended.

(In fact it proved impossible to define exactly the respective responsibilities of LCSA and the Security Service, and agreement on the advice to be given depended on the close personal relationships (which always existed) between the contact officers of the two departments.)

From these conclusions the new terms of reference were framed, and these included the following:

'The LCSA will be under the charge of a Director who, under the general direction of the Director General Security Service, will be responsible for day to day decisions on behalf of the LCSB … The Director LCSA will:

(a) consult Director General Security Service on all matters concerning general security policy

(b) consult Director Government Communications Headquarters on all appropriate aspects of

communications-electronics security and ensure that his advice and assessments are fully taken

into account.'

However sound all this may have been in theory, it had two serious weaknesses. First, DG MI5 had no understanding of communications, which largely determined Comsec policy; and second, the UK's Comsec release policy (ie which systems could be released to which foreign nations) was governed by Intelligence interests which were not the responsibility of DG MI5.

The LCSB approved the new terms of reference. However, in discussion it became clear that while 'Communications Electronics Security' meant the security of communications and non-communications transmissions, Hollis thought that it was simply some sort of elegant variation on 'Electronic Communications'.

Stannard also tried to change the status of the LCSB from Ministry of Defence Committee to Cabinet Committee. This proposal took the lid off a can of worms: LCSB (like LSIB) were each subordinate to Official Committee on Communications-Electronics which was set up in 1958. The terms of reference of neither the LCSB nor the LSIB referred to this supervision because they were in existed before the Official Committee had been established. Dean pointed out, however, that a proposal to transfer the LCSB from the Defence List to the Cabinet List might give rise to a review of the status of LCSA The Director LCSA was under the general direction of DG MI5 but his salary was paid by the Foreign Office. The arrangements for paying the staff of the Agency were complicated because they were those used for paying GCHQ staff and were hidden in the budgets of five other ministries. LSIB, in a closely related position to LSIC's was, for security reason, not listed as either a Cabinet or a Defence Committee. It was agreed at the meeting that no action would be taken, but that Dean would mention the anomaly of the Board's present status to the Cabinet Secretary and make sure that the service Chiefs were aware of the increasing civil functions of the Board and Agency. The Ministerial responsibility for the Agency was also discussed. This matter had not been covered when the terms of reference were drafted which placed the Director LCSA under the general direction of DG MI5. It was agreed at the meeting that it was important to make it clear whether the Home Secretary or the Foreign Secretary should be answerable to Parliament for the Agency. Dean suggested that representatives of the Security Service, LCSA, the Security Department of the Foreign Office, and GCHQ should meet and submit recommendations. In spite of lengthy discussions no change was either suggested or made in the Ministerial responsibility for LCSA: the lid was put back on the can before any of the worms could escape. It seems clear that the decision to alter the status of the Director LCSA was made hastily and without any detailed examination of the implications.

In April 1965 there was a radical change in the organisation when LCSA, SCDU (Services Communications Development Unit), and JSRU (Joint Speech Research Unit) were integrated into one department. Up till this time, although LCSA exercised operational control of SCDU and JSRU, they were administered by the GPO. This division of responsibility had never been a very satisfactory arrangement and, following an interdepartmental enquiry in 1964, LCSA took over full control of both units. It was also decided that a new title was needed to show that a new organisation was coming into being. In a letter to Burrows, the LCSB Chair, copied to DG MI5 and Director GCHQ, Stannard suggested "Government Communications-Electronics Security Agency", pointing out that the existing title had on occasions given the impression of a commercial concern and was unlikely to appeal to those who had worked for such a well-known department as the GPO. He did not propose that the title of the Board should be changed, since it was well-known and fitted in with that of its signal intelligence counterpart. Hollis did not like the proposed title, first because it was too close to GCHQ, and GCB, both of which were already in use, second because LCSA's responsibility extended beyond Government communications, and third because he did not think the organisation was an agency. He suggested 'Electronic Communications Security Department' (he still didn't understand the meaning of the order of the words). Hooper, Director GCHQ, commenting on both Stannard's and Hollis's letters, pointed out that communications electronics security was correct, because electronics security referred to non-communications transmissions and suggested that if it was the word 'agency' which implied a commercial status, then 'Communications Electronics Security Department', with the abbreviation CSD would be appropriate. Stannard wrote to Sir Bernard Burrows accepting this, but proposed the short title CESD. Hollis objected to 'communications security' as being too wide and doubted the responsibility for 'electronics security'. Burrows, however, agreed with Hooper's proposal as amended by Stannard, and this was accordingly submitted for acceptance by the Board.

From this point on, the influence of DG MI5 in CESD affairs waned rapidly. Like LCSA before it, CESD administration services were provided by GCHQ; its London Headquarters were in GCHQ's Palmer St building; its cryptographic services were underpinned by mathematicians from GCHQ; and the JSRU technical staff now joining CESD were members of the Royal Navy Scientific Service attached to GCHQ. It was too small to stand alone, and in 1969 it returned to GCHQ, though with a conscious and generally accepted autonomy within the organisation.

Putting its direction under MI5 was a mistake: Comsec had to be linked in policy terms to its opposite, Sigint, rather than to its complement, physical security. Comsec policy must take account of Sigint policy; whereas physical security policy has little bearing on the matter at all. This doesn't mean Comsec and physical security are not closely connected, particularly at the practical level, and it doesn't mean that the Comsec should be subordinated to Sigint, even if both are part of the same organisation: that was why there were separate oversight boards – LSIB and LCSB – for the two disciplines.

Sir Edward Bridges had been correct in identifying the cause of the weakness of British cryptography in 1941 as the lack of attention which the primarily Sigint organisation had devoted to Comsec between the wars, and was right to be suspicious that service complaints about the slow pace of development of new cryptographic equipment in the postwar period might be used to GCHQ not giving enough priority, but the solution was better informed and detailed oversight by the Sigint and Comsec Boards, not organisational change. Bridges retired in 1956, and it is not hard to imagine that Stannard's proposal that Hollis should become his boss was as much a search for somebody to protect him from Director GCHQ as for a more coherent structure for Comsec.

Should Sigint/IA and Humint be Together? Where?

These notes have been prompted by the news that two former BND Presidents have called for "a new technical intelligence service based on the models of NSA in the US and GCHQ in the UK" and for the intelligence services to be resubordinated from the Chancellor to the MOD.  A link to this story is here. (They also suggest that the German oversight regime is burdensome and that new legislation is needed in Germany for interception, but this is an area in which the national context makes comparison with other countries difficult.)

I don't think that there's a "right model" for the structure of intelligence services in different countries but there are some points worth considering. 

The first is that the US isn't a model for any other country: nobody else can even begin afford such a massive structure with so much overlap (redundancy? - you pay your money and you take your choice). The fact that even the US Coastguard has its own Sigint service illustrates this point.

The second is whether Sigint and Humint ought to be part of one organisation. The UK model works for the UK but is a product of the way intelligence and security were organised after the First World War (when SIS was on the Secret Vote and GC&CS on the Open Vote) rather than of any great and lasting axiom. In recent years there have been moves to streamline support functions across the agencies where it makes sense, and to have senior members of staff do tours in each other's organisations, but as an aid to understanding and to introduce new ways of thinking rather than as a prelude to some sort of merger.

So I don't think that there's any reason in principle to insist that Sigint and Humint must be part of separate agencies; but I do think that they need to be separate within their agencies below the 'very senior management' level. That's because they are fundamentally different disciplines, meeting only at the point of producing intelligence. To generalise, but not, I believe, to caricature: Humint depends on maximum security to preserve the anonymity of its sources. If the Foreign Minister of Ruritania is secretly passing information to your service, you really, really don't want the fact to be common knowledge within it, and the effort that will go into de-sourcing and sanitising the intelligence produced from what he gives your agency, and controlling its handling outside will be critical. Within the intelligence production part of a Sigint agency, on the other hand, information sharing is just as critical. The starting point for Sigint production is knowing what communications links are available to you, and whether they might carry the potential sources of the intelligence you have been tasked with producing: that's a corporate task, not the work of an individual.

And to generalise once again: Humint and Sigint need teams with different mixes of people. Sigint will do best when it has a lot of deeply analytic people who will look at very large datasets methodically and not rush to judgement; Humint officers will often be people who able to make crucial decisions on the fly, trusting that their instincts are sufficiently developed and informed to generate good decisions. Sigint decisions are made once all relevant information has been considered; Humint decisions are made once enough information has been considered. Of course each discipline needs a good mix of personality types, but there is a fundamental difference in information processing between the two.

This means that for each of Sigint and Humint to be able to flourish in one agency, they have to be largely autonomous. Neither Humint nor Sigint is 'better' than the other: in fact they aren't really comparable. At different times there might be different emphasis put on the two disciplines and resource for one might be increased at the expense of the other, but the way they work, the timescales in which they plan, they way their product is disseminated, and the relationships they have with agencies in other countries is fundamentally different.

It goes without saying, I hope, that the process of assessment of Sigint and Humint, and the production of a considered all source view should be carried out of the agency or agencies that have produced the original intelligence.

As far as subordination is concerned: I think the vast majority of national intelligence agencies are responsible to their Ministers of Defence, and all have a greater or lesser military element as part of their structure. I think this is an area in which the national context is important, but in my opinion British Sigint was fortunate that GC&CS was transferred from the Admiralty to the Foreign Office in 1921, that control of all but the tactical activity of service Sigint elements became the responsibility of GCHQ during the Second World War, and that all service Sigint became formally part of GCHQ under section 3 (3) of the Intelligence Services Act of 1994

'In this Act the expression “GCHQ” refers to the Government Communications Headquarters and to any unit or part of a unit of the armed forces of the Crown which is for the time being required by the Secretary of State to assist the Government Communications Headquarters in carrying out its functions.'

This doesn't absolve GCHQ of having to produce the intelligence required by the UK and allied military, and it adds a cost of having to embed GCHQ civilian staff with military formations to make sure that the right intelligence is being produced and disseminated to those who need it, but being outside the chain of command, deploying rank-less civilians, and controlling the development of the technical facilities it deploys give GCHQ a flexibility that it is hard to imagine if the military still "owned" Sigint. This is only an opinion, but it is an informed opinion about Sigint in the UK: I have seen how military-managed Sigint works in NATO allies, and it can work just as well; but the context in which capabilities have been developed is very different.

I haven't talked about communications security/information assurance/cyber here: I'll address that soon. Responsibility for it in the UK was changed a couple of times in the twentieth century but it eventually returned to the UK's national Sigint organisation as a conscious change.

The Other Side...

'The Other Side' was the name given by members of GC&CS to SIS (and quite possibly vice-versa) when the two organisations shared premises at Broadway Buildings. SIS occupied the fourth floor while GC&CS occupied the third, and while there was a lot of reorganisation of office space (by the time of the move to Bletchley all nine floors of the building had been taken over), GC&CS never left the third floor. There was almost no contact between the two organisations other than at senior level and in the Distribution and Reference Section whose terms of references explicitly included liaison with SIS. This is not as odd as it might sound. The two organisations had totally separate functions (signals intelligence and communications security for GC&CS, human intelligence for SIS) and were funded differently: the Secret Vote for SIS, the Open Vote for GC&CS; all they shared was an address and a man in charge: 'C' who was Chief of SIS and Director of GC&CS.

When the two organisations moved to Bletchley Park in August 1939 the situation didn't change - in fact most of the SIS personnel who moved to Bletchley moved back to London in September once the Luftwaffe hadn't destroyed the capital, but not before a GC&CS member of staff Henry 'Pope' Dryden had written a poem - 'The Other Side' - about their near neighbours. (Dryden had joined GC&CS in February 1939: on his first day after reporting to the War Office he discovered that he would be based at 54 Broadway and was told never to speak to or indeed acknowledge anybody close to the building and after going in, only ever to say 'Third' to the lift operator.)

Such little knowledge of SIS that Dryden had acquired became vitally important in June 1940. he had been in France in uniform as part of the Sigint staff attached to GHQ, and as France collapsed, found himself and his team moving ever further south. He takes up the story:

'The next morning we almost missed the train, but found ourselves that evening in Vichy.  We spent the following morning, Sunday, stripped to the waist in the cellars of our hotel, burning in the furnace all our material except the keys we had recovered. We were not altogether surprised to learn after breakfast on 17 June that Marshal Pétain had announced that France had asked for an armistice, and also that we would be moving again that afternoon.   This time the train took us via Clermont-Ferrand, where we were told by our French friends that they had been ordered to stop.   We indicated that we thought we ought to try to get to England, and they immediately gave us a large lorry and advised us to make for Bordeaux.  We arrived there via Périgeux soon after dawn on 18 June.  Thanks to that uniquely British institution, the schools connection, the oldest member of our party, who had been at preparatory school with him, got in to see the Military Attaché in his bath at 6 a.m., and was given a chit authorising us to board the frigate Arethusa, then lying at the mouth of the Gironde with the primary task of evacuating the Polish Government-in-Exile and the Czech Intelligence Staff.  Embarkation was being supervised by a Guards officer, who took one look at our chit and said:  “This is no good. You need a chit from the Naval Attaché.” Recognising him as a member of what GC&CS called ‘The Other Side’, with whom I had often shared a lift at Broadway Buildings, I murmured in his ear: “We’re from the third floor”. Fortunately this had the desired effect; having spent the night on board, we sailed, unescorted, on a zig-zag course for Devonport. There we were received by the Women’s Voluntary Service with cups of tea such as we had not enjoyed for many weeks.'

(Incidentally, if anyone has a copy of the poem I would be really interested to see it.)

 

 

 

Who was 'Jumbo' Travis?

I've had a couple of questions recently about 'Jumbo' Travis, Sir Edward Travis. He was Deputy Head of GC&CS from 1919-1942, then Deputy Director (Services) 1942-44, then Director GCHQ until he retired in 1952. Apart from three cryptanalysts (Alexander, Tiltman and Turing) he was the only person to have a room named after him in the Doughnut when GCHQ moved there in 2001. He was obviously a key figure, but he really isn't well known.

He passed for Paymaster in 1909 and might have had a normal Paymaster career, but found himself posted as Secretary's Clerk to Admiral Jellicoe, the  Commander in Chief on 4 August 1914. By 1916 he had been loaned to the Admiralty by Jellicoe for the compilation of cryptosystems to be used by the Fleet, Jellicoe having being astounded at Travis's breaking the codes used by the C in C himself.

When GC&CS was formed in November 1919 Travis became its number two, responsible for GC&CS's over mission, cipher security. He had a public persona as the UK's representative at international naval communications conferences, and was also responsible for acquiring the UK's first Enigma machine (now in the possession of GCHQ). He was unsuccessful as the person responsible for cipher security: although only able to advise, and not mandate, standards for security to UK ministries, his advice was dire, and he must carry a significant share of responsibility for the fact that all of UK military systems (with one exception) were being read by the Germans by June 1940. (It's interesting that the one exception, Typex, an Enigma clone made more complex than Enigma), was  designed by an RAF officer who refused to allow GC&CS any say in the design of his machine.

By 1938 Travis had been given responsibility for the Service sections of GC&CS - though I'm not aware that anybody has looked at how this came about. (Was 'C' - at that time 'Quex' Sinclair - already looking for a wartime alternative to Denniston, GC&CS's Head?) The first period of GC&CS's time at Bletchley Park is normally told in terms of Denniston's increasing  inability to manage the rapid expansion of wartime Sigint and gradually losing control, but rarely in terms of Travis's being able to be seen by everyone as the man who could make Bletchley work. 

A year after Denniston's dismissal from Bletchley Park with the diplomatic and commercial mission, Travis was able for the first time to enunciate (at least in part) a vision for Sigint in which he would create an organisation in which GC&CS/GCHQ would be in command of Sigint and the military would merely provide manpower and intelligence requirements. His mastery over the 'comitology' - bending the committee structure created to oversee Sigint to give him what he wanted - gave him complete control over Second World War Sigint in the UK. He not only achieved this, but also made himself (and GCHQ) independent of SIS, allowing 'C' to retain the title of Director-General Sigint without any control or responsibility for it. He also developed Denniston's vision of UKUSA and developed a system of Sigint sharing that neither 'C' or anybody else was able to stop (perhaps better, that neither 'C' or anybody else was able to understand).

After the war, Travis created the GCHQ which would be so successful during the Cold War. He redrew the boundary between cryptanalysis and traffic analysis and allowed Sigint to become the predominant supplier of intelligence on the Soviet bloc to defence Intelligence.

Ironically, he never understood communications security beyond the basic codebook level of the first part of the First World War, and, after having some responsibility for the dire state of British insecurity until Sir Edward Bridges began to knock heads together in 1942, was happy to see Comsec as, first of all semi-independent of GCHQ, and eventually as an agency completely (well, almost completely) independent of GCHQ.

Travis isn't well known because he falls between the stools on which the myth of Second World War British Sigint balances. He understood cryptanalysis but wasn't a cryppie. He was a manager in an organisation which thought it could do without management. He saw the big picture of 'ownership of Sigint' before anybody else, and manipulated the committee structure to enable him to 'bag' ownership for GCHQ. But mainly he had a vision for what a Sigint organisation - an intelligence organisation in which each discipline needed to produce intelligence from the interception antenna to the finished end product report - might look like, a global vision he had conceived while the people with whom he was meeting were simply fighting to place their towels on deckchairs.

Britain's Greatest Female Codebreaker

Last week I spoke at the Irish Embassy in London at the launch of Jackie Uí Chionna's biography: Queen of Codes: The Secret Life of Emily Anderson, Britain's Greatest Female Code Breaker.

 

I am part of the first generation of Siginters who joined GCHQ after the Bletchley Park story had become avowed, and after the myth of Bletchley had begun to take hold (How a Tiny Number of Boffins and Chess Players Defeated Hitler and Won the War). For those of us interested in accurate history, it was a bit hard to situate the myth against the realities of Sigint in the Cold War, and I suppose it was the realisation that the myth was a myth, and that by taking back bearings from where GCHQ was at the end of the 1980s it might be possible to achieve a better and more three-dimensional understanding of wartime Sigint.

 

That in turn, under the guidance of Peter Freeman, developed into an interest in pre-Second World War Sigint: what happened in the period leading up to 1914 to turn Sigint from a vague idea in August 1914 into two going concerns by November 1914? What had the inter-war GC&CS achieved that meant that it had been factored in to war planning as a 'must-have' by 1938?

 

It was in this context that I first began to come up against references to Miss Emily Anderson. She had joined MI1(b) in 1918 from Galway University and was the only woman to become a Junior Assistant in GC&CS. She was formidable as a cryptanalyst, leading the Italian Section and recovering both Italian codebooks and the key material the Italians used for superencipherment. She trained new staff in cryptanalysis: not just members of staff, such as Wilfrid Bosworth and Josh Cooper, but also the military staff attached to GC&CS before being sent out to India or Palestine (Tiltman said that she seemed to bully his attached officers). In 1940 she had gone to Combined Bureau Middle East in Cairo to head up a detached GC&CS element to ensure that intelligence to support allied operations in that theatre was received as messages were decrypted, rather than depending on the vagaries of communications with Bletchley Park. She stayed there throughout the Western Desert Campaign, then returned to Berkeley Street to resume her work on enemy diplomatic telegrams and retired before GCHQ moved to Cheltenham. Awarded the OBE for her service in Cairo, she received after retirement the Cross of the Federal German Order of Merit for her work on transcribing the letters of Mozart and Beethoven.

 

I am normally chary of expressions like 'Britain's Greatest Female Codebreaker': if she was the 'greatest' shouldn't we be able to say who was second greatest, and third, and fourth? It strikes me, though, that in this case (as in Tiltman's) her claim to the title arises from the fact that there is nobody else at all on the same level. Margaret Rock, and Joan Clarke, for example, were exceptionally talented cryptanalysts, but achieved their results as parts of a team working on different elements of the same problem, able to draw on the successes of others to take their own work forward, and at a time, and in an organisation that recognised and accepted the fact that women were as able to do this work as men. Emily Anderson's talents were such that the Admiralty effectively ignored the fact that she was a woman and turned her into an honorary man (she was the only woman Junior Assistant) and paid her at much more than the top of the female pay scale in order that she would work for GC&CS. Her work on Italian diplomatic cryptosystems was a unique triumph: she made the recoveries and built the Italian books herself, and trained staff to be able to do as she did. Her insistence on going to Egypt so that the value of her work could best be realised by allied forces was another example of an indomitable desire to ensure that her skills weren't wasted.

 

I heartily recommend Jackie's biography of Emily Anderson, and have tried to be careful here not to reveal the fruits of her research. Her book makes clear that her achievements in musicology were as important as her work on cryptanalysis – and shows that she was able to use the same techniques in both fields; and the story of her family adds an unexpected element to her story. I have followed this story for six years since I was first in contact with Jackie and am astounded at the amount of new material she has been able to find.

 

Most importantly, the book confirms that Emily Anderson really was Britain's Greatest Female Codebreaker and deserves a much more prominent place in the Pantheon than she has enjoyed hitherto.