[ih] Formerly classified secure NCP and TCP systems

[John Gilmore]

Karl Auerbach via Internet-history <internet-history at elists.isoc.org> wrote:
> Unfortunately we've never been given clarification about how much we can say, even though the work is more than 40 years old. (Those three letter agencies in Maryland tend to like to err (and oh, how much) on the side of over-protection, even after decades and decades have passed.)
> This much I can say: we had operational multi-level secure flows via TCP a few years before the NCP-TCP cut over.

Let me introduce you to a website: muckrock.com.  They exist to help you
file Freedom of Information requests (FOIA requests).  They digitize and
track all the answer letters and responses, and post them publicly.

The FOIA does not apply to "properly classified" records; that is one of
the exemptions in it.  But the structure of the statute is that if any
member of the public asks for a record (such as a report or a design
document), the agency has to decide, NOW, whether it is properly
classified and whether it remains classified.

Almost everything is automatically declassified 25 years after its
publication.  That's why historians can get all sorts of WW2 and Vietnam
War records today.  Unfortunately crypto-related stuff is exempt from
that 25-year limit -- so it's not AUTOMATICALLY declassified -- but if
you ask about particular documents, with a FOIA request, the agency
still is required to decide: is this still secret now?  How secret?
Is only this paragraph secret, while the rest of the document can be
released?

Insiders who merely happen to know what the NAME of an interesting
classified program was, 40 years ago, can file a request for "all
records of Project XYZ done at the Aberdeen Kinetic Mortuary between
1965 and 1986" and you will get some kind of response.  If you add more
details, like the names of personnel involved, or the name of the
beltway bandit who did some of the work and who worked on it there, or
what overall effort it was part of (e.g. Army logistics?  State
Dept. secure communications?), or copies of any public mentions of the
program or the contracts, or the names or authors of any reports on the
program (classified or not), that can help the FOIA people in the
agency find what you want in the government's vast attics of records.

Usually because of agency sloth, or poor description by the requester of
where the records might be, the first response is "never heard of that"
or "we can't provide any of that".  But if you appeal that response (by
merely writing a letter), then it gets looked at by somebody with half a
brain, and often results in more (or more than zero) pages of documents
actually coming out.  In extreme cases it's possible to successfully sue
them for failing to disclose records that you know they have.

And the beauty of this, for former insiders, is that anything that comes
out in the FOIA process is by definition declassified, and you or anyone
can publish, refer to, and spread it around at will.  It's your one-stop
shop for getting useful old stuff (possibly) declassified if the agency
agrees that its classification has outlived its usefulness.

Don't expect fast results.  The agencies get weeks to respond, and they
usually violate their deadlines, and then even when they respond, you
usually have to appeal, etc, etc, etc.  Expect it to take years to get
actual useful documents.  But you can fire off half a dozen of these
requests, for different things, in different agencies if you like, with
just a day or two's work.  And then you can handle the responses with a
few hours here and there, as they trickle in over the months.  With
luck, you will get some gold released, and then the history of secure
communications (or government malfeasance, or meritorious conduct, or
whatever you're looking for) can be revised with some actual formerly
secret information.

	John
	
PS: It's much harder for an outsider to know what to ask for.  If I sent
in a request for "multi-level secure flows carried via TCP before 1991"
to three or four agencies, I doubt I would get anything useful.  (I sent
in a similar request years ago for "sensor fusion" records, for example,
and got back nothing but a shrug.)  But you insiders will know and can
explain more about where these bodies are buried, like by asking for
documents related to the Frobnitz Secure Packet Puncher developed by
BandiCorp and deployed at six secure Minute-man sites in North Windswept
Prarie.  FOIA does not require agencies to write new documents, nor to
summarize; all you can get is existing documents, so if you can't
describe 'em, or at least describe how they might be indexed or in what
department's file cabinet they might be found, you probably won't get
'em.