It is hard for anybody whose experience of Sigint was of the Cold War or afterwards to realise how immature Traffic Analysis (TA) was at Bletchley Park as an analytical tool. I am confident that this is another illustration of the point I made in my last post about TA against the Brown Network suffering because of a belief that any intelligence produced through cryptanalysis was necessarily more valuable than intelligence produced through plain text, or 'inference', as the product of TA was often described.
The system used to express confidence in analytical results was straightforward: A% (reliable), B% (probable), C% (possible) and D% (what, before footballers' wives and girlfriends became an item of interest, might have been described as a WAG). A% was reserved for statements in plain language or decrypts, results which came verbatim from the horse's mouth. A result from TA, an 'inference', could never be rated higher than B%, because it hadn't been confirmed by an enemy source. It took the Cold War, during which TA was the principal source of Sigint on the Soviet Armed Forces, for this almost theological insistence on TA's being secondary to cryptanalysis to disappear.
The reason for this is pretty clear: GC&CS was a cryptanalytical bureau between the wars, and for all that it developed into an intelligence organisation, its leadership was still mainly derived from cryptanalysts: after the January 1942 reorganisation for example, the Naval, Military and Air Sections were led by Birch, Tiltman and Cooper, while the important Huts (3, 4, 6, 7 and 8) were led by Jones, Birch, Welchman (later Milner-Barry), Freeborn and Turing (later Alexander). In their worldview, centralised TA existed to support cryptanalysis. GC&CS increasingly lost its ability to break military Enigma in the last year of the war, as German cryptography continued to improve:
"We now live precariously from week to week" (7 April 1945) and "A close finish is in prospect between the end of the war and the Hut 6 hold on the GAF” (14 April 1945) (both quotations in de Grey citing HW 77/6).
This shows the inability of the senior staff to understand that predictive intelligence of equal value to that produced by cryptanalysis was available from TA.
On the other side of the world, a Sigint organisation less encumbered by this single focus was demonstrating a different way of doing things. Central Bureau in Brisbane (CB) had little choice but to develop TA into a major intelligence source This wasn't just because of the difficulty of processing encrypted Japanese traffic, but because the shortage of intercept sets and operators and the difficulty in intercepting frontline transmissions which only used enough power to connect sender and receiver meant that CB had to focus on mainlines, and develop an understanding of Japanese military Orbat from the way messages were transmitted.
At the end of the war CB produced a technical report explaining what it had done, and how it did it, along with recommendations for doing something similar in the future if Australia needed to create such a structure in the future. (It can be downloaded from the National Archives of Australia: Series number B5436, Barcode 3207588.) Part H, which deals with Traffic Analysis at CB, describes the sort of mature TA recognisable to Sigint's Cold War warriors. It describes, for example, the preambles to Japanese military messages, and how they were interpreted; it explains the relay system which the Japanese had to use because of the immense range of their transmissions and the atmospheric problems which could complicate matter; and shows how communications structures reflected military structures, meaning that changes in comms structures presaged changes in military structures.
One section of Part H looks at TA inference methods, under thirteen headings: traffic volume; regular traffic associations; multi-addresses; redirected traffic; home depot connections; new locations and disappearance of old; general pattern and changes in nets; use of logs; use of technical features of messages; establishment of precedents; use of other forms of intelligence; co-ordination with Ultra; and co-ordination of methods. (I'm not going to copy out the whole of Part H here.)
Perhaps
as important as the way in which communications security wasn't properly
managed by Bletchley Park because there was nobody in the leadership to speak
up for it, GC&CS's belief in the primacy of cryptanalysis for signals
intelligence production, with only a handmaiden's role for TA, was a drag on
the performance of the organisation as a whole, one that both limited the
production of current intelligence and didn't promote an analytical mindset applicable
to more than just one target.
No comments:
Post a Comment