On September 5, The Guardian, The New York Times and ProPublica jointly revealed that NSA has a top secret program to break encryption systems used on the internet. This is done by for example inserting vulnerabilities into commercial encryption and IT systems. This program is codenamed BULLRUN, which, according to NSA documents, is not a regular sensitive information compartment, but a "secure COI".
COI or CoI stands for Community of Interest, a more common computer security feature by which network assets and/or users are segregated by technological means. This is done through a logical or physical grouping of network devices or users with access to information that should not be available to the general user population of the network. According to the 2011 Classification Manual (pdf), information residing on secure COIs may not be taken out of the COI or moved to other databases without appropriate approval.
ECI = Exceptionally Controlled Information; PTD = Penetrating Target Defences
IIB = Initial Infrastructure Build ?
IIB = Initial Infrastructure Build ?
According to a GCHQ briefing sheet about BULLRUN, there are at least two other COIs: ENDUE and NOCON, both for sensitive materials. These Community of Interest codenames were revealed here for the first time. For classification purposes they are treated as dissemination markings: they appear at the very end of a classification line, separated from other markings (like NOFORN and ORCON) by a single forward slash. For example: TOP SECRET//SI//NOFORN/BULLRUN
Surprise
As the COI codenames BULLRUN, ENDUE and NOCON are used within a Top Secret environment for highly sensitive NSA operations, it was quite a surprise to find the NOCON marking on another document too: an appendix (pdf) of a very secret NSA document. This appendix is about Public Key crypto systems and has no date, but seems to be from the 1980s. It was declassified by the NSA in March 2007 upon request of the Cryptome website:
The document was marked TOP SECRET UMBRA LACONIC NOCON. This old style classification marking (without slashes between the categories and terms) means that the document has the overall classification level TOP SECRET and was protected by putting it in the UMBRA compartment, which was designated for the most sensitive communications intercept material. The LACONIC and NOCON markings will be explained below.
LACONIC
The function of LACONIC is clarified in the NSA's internal Cryptolog (pdf) magazine, 2nd issue from 1988, which says that LACONIC is not a clearance or a classification, but a handling control marking. It's described as a restrictive distribution indicator for certain techniques - what kind of techniques is blacked out. Access to documents marked with LACONIC does not require a special clearance, but the reader must have a need to know certain details about those undisclosed things.
An indication about what kind of techniques are blacked out can be found in the Cryptolog (pdf) issue of January/February 1986. There it's said that "LACONIC access" is required for attending the CRYSCO-86 conference about computer technology and cryptanalysis, so it seems likely that LACONIC is about sensitive computer codebreaking techniques.
This comes close to the BULLRUN program and therefore it's not unthinkable that LACONIC was one of its forerunners, allthough according to the New York Times, the direct predecessor of BULLRUN was a program codenamed MANASSAS.
The LACONIC marking was retired as of October 2006 and apparently replaced by a new compartment within the control system for Exceptionally Controlled Information (ECI).
NOCONTRACT
In addition to restricting access to people with the need-to-know, the 1988 Cryptolog explanation says that LACONIC was also designed to deny access to contractors and consultants. Therefore, LACONIC had always to be accompanied by the NOCONTRACT marking. Apparently this marking could also be shortened to NOCON, as can be seen in the aforementioned document about public key crypto systems.
The Director of Central Intelligence Directive (DCID) 1/7 from April 12, 1995 ruled that as from that date, the NOCONTRACT marking should not be used anymore. This because it had "clearly outlived [its] usefullnes". Officials could now release intelligence bearing the NOCONTRACT marking to appropriately cleared and access-approved contractors. It's no surprise that this came at a time when US intelligence agencies started their large-scale outsourcing to private contractors.
However, it seems strange that Directive 1/7 eliminated the NOCONTRACT marking in 1995, but at the same time we still see NOCON as a COI in recent BULLRUN documents. A possible explanation could be that NSA still wanted to keep some sensitive materials out of the hands of contractors, and therefore continued to use the NOCON marking internally.
This could also explain the fact that NOCON, like the BULLRUN and ENDUE COI markings, are not listed in the extensive classification marking manuals for the intelligence community. The 2010 BULLRUN Classification Guide confirms that "the BULLRUN data label (for use in databases) and marking (for use in hard- or soft copy documents) are for NSA/CSS internal use only".
Conclusion
At least since the 1980s, NSA used the LACONIC marking to protect sensitive information, which was probably related to computer codebreaking techniques. Whether LACONIC was for internal NSA use only is not entirely clear, but as LACONIC material was not meant for contractors and consultants, it had to be accompanied by the NOCONTRACT marking which was used throughout the intelligence community.
After the general use of NOCONTRACT or NOCON was prohibited in 1995, NSA seems to have continued it as an internal marking. Similar are the probably more recent markings ENDUE and BULLRUN, which are all used for highly sensitive information that is protected by putting it in separated and secured parts (COIs) of NSA's internal computer networks.
0 comments:
Post a Comment