Foreign Policy Research Institute A Nation Must Think Before it Acts Why So Secret? The Foreign Intelligence Surveillance Court and the Unique Fragility of Communications Intelligence
Why So Secret? The Foreign Intelligence Surveillance Court and the Unique Fragility of Communications Intelligence

Why So Secret? The Foreign Intelligence Surveillance Court and the Unique Fragility of Communications Intelligence

The public debate over the contents of the applications considered by the Foreign Intelligence Surveillance Court (FISC) in authorizing the electronic surveillance of former Trump campaign advisor Carter Page has brought renewed focus to the secrecy in which the FISC operates. Competing partisan releases from the House Intelligence Committee have served only to politicize the Foreign Intelligence Surveillance Act’s (FISA) statutory process governing judicial approval of FISA surveillances directed at U.S. persons. Accompanying this political fencing is renewed criticism of the secrecy in which the FISC operates; notwithstanding that this specific feature of the FISA process received relatively little attention during Congress’s recent extended consideration of whether to renew one of FISA’s most important elements—the collection program conducted under Section 702.

Generally lost in the media calls for less secrecy and greater disclosure of FISC proceedings and operations is any acknowledgement, much less extended discussion, of the reasons and realities that underlie the current operating structure.

What follows is an effort to bring some light to those considerations.

With certain limited exceptions, “electronic surveillance” under FISA contemplates the acquisition of the contents of a wire or radio communication. The effort to extract foreign intelligence information from these contents is the essence of “communications intelligence” (COMINT) activities, and most FISA surveillances are directed at human targets in an effort to acquire COMINT. Given this apodictic feature of the FISA process, it is surprising that COMINT, and the singular fragility associated with its collection and production, is rarely mentioned or acknowledged in the criticisms directed at the secrecy of FISC processes.

A Brief Recounting of the Development of Communications Intelligence Efforts

Through the long history of human diplomacy and conflict, competitors always have sought to gain an edge through intelligence activities that would divulge the intentions and activities of their opponents. The advent of electronic communication devices provided adversaries with the ability to communicate and coordinate their activities over much larger distances, naturally leading to corresponding efforts to collect and derive information from these communications. This is the paradigm of COMINT activities.[1]

World War I represented the first truly international conflict where electronic communication technologies, and efforts to safeguard the communications transmitted with those technologies, were widely used. On a number of occasions during the First World War, nascent efforts at decoding enemy communications significantly impacted both military and diplomatic events. For example, a German mathematics professor attached to the German Army as a cryptographer easily broke Russian codes in August 1914; a success that, along with sloppy Russian communications practices, created significant tactical opportunities that the Germans exploited to defeat the Russians at the critical Battle of Tannenberg.

Three years later, in what has been described as the most significant British intelligence success of the war, British intelligence components intercepted and decoded the contents of the Zimmerman Telegram in which Germany revealed its intent to resume unrestricted submarine warfare while offering the Mexican government inducements to go to war with the United States in the event this action prompted the Americans to enter the war on the side of the British. The decryption of the Zimmerman Telegram marked one of the earliest occasions where COMINT is recognized as having decidedly influenced world events. It would not be the last.

While the United States remained neutral during the early years of WWI, a cipher clerk for the U.S. State Department named Herbert Yardley spent his free time trying to decode encrypted State Department communications. His efforts revealed significant vulnerabilities in the codes being used by the United States and, once the U.S. entered the war, Yardley was given command of an army intelligence unit whose activities focused primarily on breaking enemy codes.

Following the war, the U.S. Army and the State Department decided to fund Yardley’s continued codebreaking efforts. Reflecting a problem that still defies solution today, Yardley established his “Cipher Bureau”[2] in New York City because, it has been said, he feared the spies and leaks that abounded in Washington, D.C. Yardley’s group enjoyed considerable success in its early cryptanalytic efforts, particularly those directed at Japanese communications systems, which allowed the Black Chamber to make a significant contribution to American negotiating efforts during the Washington Naval Conference in 1921. Those successes, however, were inadequate to preserve the Black Chamber’s operations and, in 1929, the State Department terminated its funding at the direction of then-Secretary of State Henry Stimson, who famously commented that: “Gentlemen do not read each other’s mail.”[3]

Extraordinary Security Measures Become a Cornerstone of Protecting the Historic Cryptologic Achievements of World War II

The Second World War saw unprecedented communications intelligence efforts directed against German and Japanese communications systems that produced historically significant outcomes in terms of technique, achievement, and impact. The British codebreaking efforts attacking the German Enigma system have been widely recounted in books and films with varying degrees of accuracy;[4] but, what is less well-publicized are the security protocols implemented to protect the secrecy of both the cryptanalytic effort and the intelligence produced by that effort. The need to preserve security for these activities led to the creation of an entirely separate distribution process for product coming from Ultra, the codename for the intelligence product resulting from the exploitation of Enigma, characterized by a plethora of use and dissemination restrictions.

Similar limitations were applied to the use and dissemination of intelligence product resulting from the COMINT successes achieved by American cryptanalysts against Japanese diplomatic and military codes.[5] Magic was considered so valuable and its compromise so potentially harmful to the American war effort that, in 1944, Army Chief of Staff George Marshall wrote a personal letter to Thomas Dewey (the Republican candidate running for president against Franklin Roosevelt) who had threatened to make a major campaign issue of the intelligence failures associated with the Pearl Harbor attack. In his letter, Marshall warned: “To explain the critical nature of this set-up, which would be wiped out in an instant if the least suspicion were aroused regarding it, the Battle of Coral Sea was based on deciphered messages and therefore our few ships were in the right place at the right time. Further, we were able to concentrate our limited forces to meet their naval advance on Midway when otherwise we almost certainly would have been some 3000 miles out of place. We had full information on the strength of their forces.”

In response, Dewey promised not to raise the issue—and kept his word.

The Venona project provides one more illustration of both the singular value and unique fragility of communications intelligence. Beginning in 1943, the Army’s Signal Intelligence Service began a program (later continued by the National Security Agency) that, for 37 years, sought to decrypt messages transmitted by the intelligence elements of the Soviet Union (i.e., the NKVD, KGB, and GRU). The program had its origins in one of those fortuitous occurrences that often mark the difference between cryptologic success and failure.

Soviet message traffic was encrypted using a one-time pad system but, due to a serious blunder, some of this traffic was vulnerable to cryptanalytic attack.[6] Under pressure created by the German advance on Moscow in 1941, the Soviet company that produced the one-time pads inadvertently produced roughly 35,000 pages of duplicate key numbers. The duplication, which undermines the security of a one-time pad system, was discovered, and the Soviets sought to eliminate the vulnerability by dispersing the keys among widely separated users. The effort failed, and American cryptanalysts discovered the duplicate keys.

Even with the flaws in the one-time pad system, breaking the codes proved an exhaustive task but, by December 1946, Venona messages had been decrypted showing the first Soviet penetrations of the Manhattan Project. Ultimately, Venona decryptions also revealed the espionage activities of both the Rosenbergs and the Cambridge Five.[7] Yet, despite these successes, Venona also demonstrated the difficulties encountered in any communications intelligence effort. Ultimately, fewer than 3,000 messages were decrypted out of hundreds of thousands sent, in part because the cryptanalytic effort was at least partially compromised to the Soviets, and in part because the Soviets continually altered certain aspects of the communications system producing the Venona traffic.

Notwithstanding the limited exploitation achieved by the Venona effort, the intelligence derived from the undertaking was significant and security surrounding the Venona project was extraordinary. So concerned was Army Chief of Staff Omar Bradley about suspected leaks emanating from the White House that he camouflaged the origins of Venona-derived information even from President Harry Truman—a protection of intelligence sources and methods perhaps unmatched in U.S. history. Not until 1995, 15 years after its last decryption effort and more than 40 years after its inception, did the bipartisan congressional Commission on Government Secrecy direct the public release of details of the Venona project.

Security Considerations Impacting U.S. Cryptologic Activities

The cryptologic successes of Ultra, Magic, and Venona were all fresh in the minds of senior American officials as they reconfigured the country’s defense and intelligence structures in the aftermath of the Second World War. A 1950 National Security Council directive, records that “[t]he special nature of Communications Intelligence activities requires that they be treated in all respects as being outside the framework of other or more general intelligence activities.”[8] Contemporaneously with these reorganization efforts, Congress demonstrated its own recognition and concern for protecting the nation’s communications intelligence programs by enacting 18 U.S.C. § 798; a part of the espionage statutes that specifically punishes the unauthorized disclosure of classified information concerning the communication intelligence activities of the United States. As the House Report accompanying the passage of § 798 observes, the bill “is an attempt to provide . . . legislation for only a small category of classified matter, a category which is both vital and vulnerable to an almost unique degree.”[9] No other form of intelligence product is specifically identified for such singular protection and this criminal provision is complemented by an equally unique civil statute that precludes disclosure of virtually any substantive information concerning the activities of the National Security Agency.[10]

This acknowledgement of “[t]he special nature of Communications Intelligence activities” is a succinct recognition that COMINT carries both singular value and unique vulnerability. The very purpose of cryptography is preservation of the secrecy of the underlying communication. Correspondingly, a cryptologic success that permits access to what an adversary believes to be secret provides valuable intelligence while simultaneously leaving the adversary ignorant of its own communications vulnerability. Thus, secrecy is an axiomatically essential element of success to any COMINT effort in no small measure because it is relatively easy for an adversary to frustrate a prodigious cryptologic effort by, for example, altering the frequency on which a radio communication is transmitted, using a different transmission pattern or mode of transmission, or changing the code. Even worse, in the eyes of many intelligence experts, an adversary who becomes aware that an opponent believes it has achieved a cryptologic success may exploit that belief by using the ostensibly compromised communications to transmit deliberately false or misleading information.[11]

Venona, with its fortuitous discovery of a singular communications mistake (the Soviet’s use of duplicative one-time pads), illustrates the circumstances that can produce a unique cryptologic opportunity. That opportunity was protected by extraordinary security measures, yet periodic changes in Soviet communications practices still adversely impacted Venona’s success. Simultaneously, suspicions that the Soviets had become aware of aspects of the Venona effort produced concerns that communications decrypted later in the Venona effort actually carried disinformation deliberately transmitted to mislead. Such is the paradox often facing cryptologists and intelligence analysts demonstrating, again, the singular frangibility of the COMINT process.

Congress Recognized the Need for Secrecy in its Newly Created FISA Court

As noted at the outset of this article, FISA-authorized electronic surveillance principally seeks and produces COMINT, and the fragility of COMINT was well-known to legislators as they crafted the FISA statute in the mid-1970s. Nothing in the legislative history surrounding the enactment of FISA in 1978 indicates that Congress intended the operations of the newly created FISC to pose any jeopardy to the security considerations essential to safeguarding the country’s COMINT operations previously recognized in earlier congressional legislation.

The FISC was created to interpose a level of judicial review into the process of conducting electronic surveillance for foreign intelligence in the United States. That level of review was intended to scrutinize applications for electronic surveillance to assure such surveillance was conducted consistently with rights secured by the Fourth Amendment to the U.S. Constitution. As one of those judges, Dennis Saylor, recently observed, “[w]e are the only country in the world, the only one of 197 sovereign nations, that interposes a court between the government and its citizens [in connection with foreign intelligence surveillance].”[12]

Notably, for all the recent squabbling regarding the FISC process, it largely resembles the ex parte procedures used with any “conventional” law enforcement wiretap: a single judicial official decides whether or not to permit surveillance based on an application presented in a closed proceeding by representatives of the executive branch (i.e., generally employees of the Justice Department).[13] Moreover, the judicial officials serving on the FISC and charged with reviewing and approving FISA applications or certifications are Article III judges (chosen by the Chief Justice of the United States) who, aside from their FISC responsibilities, perform the duties regularly assigned to U.S. district and circuit court judges in adjudicating civil and criminal proceedings. Consequently, they already are fully conversant with overseeing the safeguards governing the conduct of electronic surveillance for law enforcement purposes and can bring that knowledge and experience to bear in applying FISA’s provisions to electronic surveillance initiated for foreign intelligence purposes.

Nothing in the history of FISA indicates that the FISC was meant to serve as an ombudsman arbitrating disagreements that require balancing foreign intelligence secrecy against public disclosure demands. The FISC exists solely to insure that electronic surveillance conducted for foreign intelligence purposes is conducted consistently with the requirements of the FISA statute and with Constitutional guarantees. While critics vociferously call for greater transparency in FISC proceedings, the judges handling those proceedings recognize both the unique nature of their duties and the dangers to national security mandating that those duties be performed in secrecy. As the Foreign Intelligence Surveillance Court of Review recently observed:

Although the movants and the court-appointed amicus suggest that the argument for a First Amendment right of access to FISC opinions is parallel to the First Amendment right of access to court opinions in other settings, the work of the FISC is different from that of other courts in important ways that bear on the First Amendment analysis.

The FISC is a unique court. It is responsible for reviewing applications for surveillance and other investigative activities relating to foreign intelligence collection. The very nature of that work, unlike the work of more conventional courts, requires that it be conducted in secret. Moreover, the orders of the court, including orders that entail legal analysis, often contain highly sensitive information, the release of which could be damaging to national security. See generally In re Motion for Release of Court Records, 526 F. Supp. 2d 484, 487-90 (FISC 2007) (Bates, J.).

Apart from the highly sensitive nature of the work, the FISC is not well equipped to make the sometimes difficult determinations as to whether portions of its orders may be released without posing a risk to national security or compromising ongoing investigations. For those determinations, the court has relied on the judgments of the Executive Branch, in the form of classification decisions. Accordingly, while we agree with the movants that they have standing to litigate the issue of access to the redacted portions of the court’s opinions, our decision should not be taken as an endorsement of their suggestion that First Amendment analysis applies to the FISC in the same manner that it applies to more conventional courts.[14]

This is a heartening exercise of judicial deference reflecting an appreciation for the COMINT security concerns that have been virtually ignored in the recent reporting critical of FISC secrecy. It is essential that citizens maintain such perspective in these highly turbulent, highly politicized times to insure that valuable intelligence sources and methods are not compromised.

[1] Unless a communication is sent in the “clear” without the use of any code or encryption process to mask its contents, the transmission necessarily involves the use of “cryptography.” “Cryptography” is, essentially, the science of encoding and decoding communications to keep their content secret. “Cryptology” is the study of cryptography; generally undertaken for the purpose of solving or breaking an encryption.

[2] In a later book recounting the activities of the Cipher Bureau, Yardley called it the “American Black Chamber,” and this is the name by which Yardley’s organization is now remembered.

Parenthetically, the publication of Yardley’s book, The American Black Chamber, in 1931 was a bombshell. To furnish perspective on its impact, it is often described as the most famous book ever published about American cryptology and, today, it would be comparable to a National Security Agency (NSA) employee publicly revealing and accurately recounting the complete communications intelligence operations of NSA for the past 12 years.

[3] Stimson’s concerns were focused on directing codebreaking efforts at the communications of allied nations and not, in general, with communications intelligence activities. Ironically, as Secretary of War in WWII, Stimson presided over some of history’s most renowned communications intelligence efforts directed at exploiting German and Japanese communications systems.

Directing COMINT efforts at allies’ communications continues to create international tensions, as witnessed by the Edward Snowden revelation of NSA COMINT activities directed at Germany (and other “friendly” nations), for example, and by the disclosure that Britain’s signals intelligence agency (i.e., GCHQ) was intercepting and reading foreign diplomatic emails during the G20 conference in London in 2009.

[4] Contrary to the recounting portrayed in The Imitation Game, initial success in exploiting Enigma was achieved not by Alan Turing but by Polish intelligence operatives prior to the start of WWII. Poland shared its progress with British intelligence, and Turing and his confederates continued the efforts directed against Enigma through that system’s many evolutions as the war progressed.

[5] The intelligence effort (and corresponding product) resulting from the exploitation of the Japanese Red, Blue and Purple codes was (and is) collectively referenced by the code name Magic.

[6] One-time pads are an encryption technique that cannot be broken, but requires the use of a one-time pre-shared key the same size as, or longer than, the message being sent. In this technique, plaintext is paired with a random secret key (also referred to as a one-time pad). Each character of the plaintext is then encrypted by combining it with the corresponding character from the pad. If the key is truly random, is at least as long as the plaintext, is never reused in whole or in part, and is not compromised, then the resulting enciphered text will be impossible to decrypt.

[7] Kim Philby, Donald Maclean, Anthony Blunt, Guy Burgess and John Cairncross were Englishmen who spied for the Soviet Union. The sobriquet Cambridge Five arises from their first having met during time spent at Cambridge University. Ironically, Philby first became aware of Maclean’s potential exposure as a spy through information he gained that was derived from Venona decrypts. This allowed Philby to alert Maclean so that Maclean could escape capture. Philby, too, later escaped to Moscow.

[8] National Security Council Intelligence Directive No. 9: Communications Intelligence Activities (USCID No. 9), March 10, 1950.

[9] H.R. Rep. No. 81-1895 at 2 (1950).

[10] Sec. 6 of P.L. 86-36 (the ‘National Security Agency Act of 1959’ provides that: (a) Except as provided in subsection (b) of this section, nothing in this Act or any other law (including, but not limited to, the first section and section 2 of the Act of August 28, 1935 (5 U.S.C. 654) [repealed by Pub. L. 86-626, title I, Sec. 101, July 12, 1960, 74 Stat. 427]) shall be construed to require the disclosure of the organization or any function of the National Security Agency, or any information with respect to the activities thereof, or of the names, titles, salaries, or number of the persons employed by such agency. 50 U.S.C. § 402. Note: emphasis added.

[11] For example, by early 1942, U.S. Navy cryptanalysts had achieved considerable success in exploiting Japanese naval communications using the Japanese Navy’s Jn-25b code. 

In early 1942, Navy cryptanalysts began seeing traffic describing a massive attack intended against a target identified as “AF.”  There was some suspicion that the target was Midway Island but the identity of “AF” remained unknown so the Americans sought to use their secret success in decrypting Japanese communications in an effort to confirm that Midway was the intended target.

An unencrypted, clear text message was circulated among American units stating that Midway’s water purification system was broken.  It was expected that the Japanese would intercept the clear text message, and they did.  When encrypted Japanese communications were sent using the Jn-25b code informing Japanese naval units that the water purification systems at “AF” were broken, the U.S. intercepted these messages and the subsequent decrypts confirmed that Midway was “AF.”

With this information, the United States was able to concentrate its numerically inferior forces and achieve one of the most stunning victories in the history of naval warfare.

[12] A Rare Look Inside America’s Most Secretive Court, Boston College Law School Magazine, January 21, 2018.

[13] Indeed, with the introduction of amicus curiae counsel through the passage of the USA Freedom Act in 2015, the FISC process now often incorporates an external participant not present in the law enforcement context.

[14] In re Certification of Questions of Law to the Foreign Intelligence Surveillance Court of Review, Docket No., FISCR 18-01 (FISCR March 16, 2018) available at The emphasis added to the quotation is mine and is not in the original.

It should be noted that this opinion addresses only the question of whether the claimants (the ACLU, et al.) have standing even to assert a claim of access to the classified parts of FISC opinions. While the opinion concludes that the claimants possess the necessary standing, it emphasizes that standing to assert the claim does not presage success on the merits of that claim. As the FISCR states, “Importantly, our decision-like that of both the FISC majority and the dissent-is limited to the issue of Article III standing. We do not address the merits of the question whether the movants are entitled to have access to any of the materials in dispute in this case or, more broadly, whether the FISC is authorized to order that members of the public be granted access to portions of FISC opinions that have not been declassified by the Executive Branch.”