Code Warriors

Home > Other > Code Warriors > Page 12
Code Warriors Page 12

by Stephen Budiansky


  The episode raised disturbing questions about justice and the fundamental right of a person accused of a crime to be confronted with the evidence against him, but the consequences of the airtight secrecy surrounding Arlington Hall’s work proved even more fraught in the arena of national politics. Republicans in the 1948 elections were preparing to make as much as they could out of sensational charges that the government was riddled with Communists; Republican senators led by Robert Taft had waged an ugly smear campaign against David Lilienthal, Truman’s nominee for head of the Atomic Energy Commission, claiming that he was “soft on the subject of Communism” and that the Tennessee Valley Authority, which he had headed, was “a hotbed of Communism,” and making thinly veiled anti-Semitic allusions to his parents’ “foreign” origins. Far more reckless charges would follow in the witch-hunting hearings of the House Un-American Activities Committee and Senator Joseph McCarthy’s Permanent Subcommittee on Investigations, culminating in McCarthy’s wild claims to have unearthed a secret Communist conspiracy within the government to do Moscow’s bidding, going all the way up to “the mysterious, powerful” George Marshall, who had “lost China” to the Reds.31

  It was to blunt the charges of Communists in government flogged by the Republicans that Truman reluctantly agreed in March 1947 to order the dismissal of any government employee found by the Civil Service Commission or the FBI to be “disloyal.” He told his aide Clark Clifford that the whole thing was “a lot of baloney” and a “red herring,” and privately expressed fears that the result would be to make the FBI into “an NKVD or Gestapo,” sniffing out citizens’ denunciations. The FBI dragnet of “name checks” that the loyalty program triggered found no Soviet spies; the thousands who lost their jobs in the process had committed no crime more serious than belonging to left-wing organizations or subscribing to periodicals the FBI deemed “subversive.” The government’s refusal to reveal to the public the real evidence from the NKGB’s own messages about real Soviet spies, several of whom who did hold high government positions, left the stage to McCarthy. The Republican junior senator from Wisconsin was a loudmouth, a boor, a lush, and a demagogue, but he knew what to do with the opportunity, and made speech after speech filled with ever darker ravings of secret conspiracies and cover-ups, all utterly unsubstantiated.

  Ironically, McCarthy and the poisoned politics of the 1950s he so helped create gave the real spies the perfect cover: they were able to claim then and ever after that they, along with the many others falsely accused of being Communist agents, were merely innocent victims of the McCarthyite witch hunt. “I think the greatest asset that the Kremlin has is Senator McCarthy,” Truman told reporters during the peak of the senator’s accusatory spree. It was a truer statement than he probably knew. Like most Democrats and those on the left during the Cold War, Truman would staunchly defend to his death several top aides accused by ex-Communists during congressional hearings of having spied for the Soviets. Among them were FDR’s economic adviser Lauchlin Currie, former assistant secretary of the treasury Harry Dexter White, and most famous of all, Alger Hiss, who would be convicted of perjury for denying he had passed secret documents to Soviet agents while a senior State Department official. In fact, their identities as spies had all been confirmed by Arlington Hall’s decodes by the time Truman left office in January 1953.32

  Truman’s ignorance of the truth was astonishing but genuine. It turned out that it was not merely the public, the courts, or Congress to whom Arlington Hall’s work could not be divulged. When the question was raised within ASA of informing the president of the Soviet spy traffic, Carter Clarke vehemently objected, insisting that the FBI, and the British GCHQ, with whom ASA was working so closely on the project, were “the only people entitled to know anything about this source.” Clarke took the matter straight to General Omar Bradley, the chairman of the Joint Chiefs of Staff, and subsequently reported back that Bradley “agreed with the stand taken by General Clarke and stated that he would personally assume the responsibility of advising the President or anyone else in authority if the contents of this material so demanded.” Apparently the military chiefs whom bureaucratic circumstance had placed in charge of U.S. peacetime signals intelligence operations against a foreign adversary decided that the circumstances did not so demand, and the president of the United States remained among those not “entitled to know” about it.33

  —

  Of the five cipher machines the Soviet military employed in the immediate postwar years, the Longfellow teleprinter scrambler was among the most sophisticated: it appeared to have been based on the Germans’ advanced SZ40 device, and, as the Americans and British were finding, its cryptanalysis was a far from trivial computational challenge even after extensive progress had been made on key recovery.

  Likewise resisting solution were the systems code-named Albatross and Pagoda by Arlington Hall. Little was known for certain about Albatross, but it seemed to be a strong variant of a special version of the Enigma used by the Abwehr, the Nazis’ military intelligence service; that model had four rotors that turned in a far more complex pattern than the standard Enigmas.34

  Pagoda (or sometimes Pogoda) was a double-tape teleprinter encipherment system that, as William Friedman concluded in a 1948 internal report, was almost certainly derived from an identical American machine developed by AT&T thirty years earlier and openly described in a published paper in 1926. The AT&T device, attached to a standard teleprinter machine, used two random Baudot key tapes that were changed daily. One tape was 1,000 characters long, the other 999, and each was formed into a loop that was fed through a paper tape reader. The tapes automatically advanced one position as each character of text was transmitted. By adding the characters from each of the tapes together, an extraordinarily long sequence of nonrepeating key, 999,000 characters long, was generated. Friedman had cracked it in 1919: taking up a challenge from the U.S. Army Signal Corps, which insisted the system was “invulnerable,” he was provided 150 enciphered messages representing a typical day’s traffic. He found that even without any overlapping depths, it was possible to separate out the two key cycles by assuming a crib of commonly repeated characters, notably those used for spaces and carriage returns. After two months’ arduous work, he triumphantly sent a message back to the Signal Corps enciphered in the same key that had been used in the challenge messages. The Soviets’ version, however, was “a much more difficult” problem, Friedman acknowledged, and “the odds against our present workers” were much greater than those he had faced in 1919.35

  The other two main Russian cipher machines were knockoffs of far less complex foreign designs. In April 1946, GCHQ passed on to their American colleagues the “surprising discovery” that the Soviet machine cipher they called Coleridge was apparently a “subtractor device a little like a Hagelin.”36 The Hagelin machine was something the Americans and British knew how to deal with. The invention of a Swedish mechanical engineer, Boris Hagelin, and sold on the commercial market by his firm AB Cryptoteknik in Stockholm, the device had been adopted by the military services of a large number of countries, including Italy, the Netherlands, France, and the United States. It offered only modest security, and the U.S. Army employed its version, known as the M-209, only for tactical communications at the division level or lower. But it was small and portable, operated without electricity with an ingenious, purely mechanical mechanism, and offered ease in changing its key settings from one message to the next. A letter to be enciphered (or deciphered) was selected on a rotating alphabet disk; turning a hand crank operated the cipher mechanism and caused a type wheel to print the corresponding letter on a strip of paper.

  During the war Arlington Hall had produced a compendium of technical articles on its cryptanalysis and was routinely reading Hagelin traffic of other countries. The major cryptographic strength of the machine lay in an intricate system of pinwheels that produced an irregular, nonrepeating key pattern more than one hundred million letters long. Its considerable weakn
ess was that at any one of those positions there was a choice only of the same twenty-six different substitution alphabets, and each of those alphabets followed a completely predictable pattern. (The Enigma, by contrast, could in principle generate any of nearly eight million million different cipher alphabets.)*1 Just as with the Russian teleprinter ciphers, two Hagelin messages in depth could often be cracked by assuming a short crib of likely plaintext and building up a solution from the words that started to emerge in each of the matching pair of messages (see appendix C).

  By April 1947, Op-20-G’s liaison in London was reporting to Captain Wenger that the British believed that “with the possible exception of Longfellow and the B-211, Coleridge is the most important, high-level system from which intelligence may be produced,” and while it “has not, of course, ceased to be a cryptanalytic problem,” the feeling was that enough traffic was exploitable to set up a section to concentrate on current production. Hugh Alexander, who had headed Hut 8, the naval Enigma section at Bletchley, was placed in charge of the “Coleridge Party.” Several special-purpose relay machines were built to aid the process of testing cribs on pairs of Coleridge messages in depth. The Navy built a device called Stork that could “drag” a thirty-letter crib through successive locations and measure the statistical roughness of the resulting plaintext in the paired message: when the crib was correctly placed, the matching plaintext would have the characteristically uneven frequency distribution of letters in natural language, as opposed to the perfectly even distribution of random text. Another Navy device, Piccolo, automatically printed out twenty letters of paired plaintext for each position of a crib.37

  The B-211 that the British mentioned was another Hagelin machine, and one that Friedman’s three assistant codebreakers—Rowlett, Kullback, and Sinkov—had also thoroughly analyzed before the war, even having the Government Printing Office publish a pamphlet in 1939 (it was classified Confidential, the lowest secrecy level) describing the machine’s solution. Although it gave a convincing illusion of security, in fact the machine was extremely vulnerable. Friedman’s team rather dismissively observed that “it offers no more security than does the cylindrical cipher device with known alphabets”—in other words, a manual device consisting of alphabet disks arranged on a spindle that had been around so long that Thomas Jefferson had once described an identical ciphering scheme. The B-211 employed what was known as a fractionating cipher: as a letter was typed on its keyboard it was replaced by a pair of letters according to a fixed 5 × 5 table. These bigrams were then further scrambled by the machine’s plugboard and rotating commutators to generate a new enciphered bigram, which was then transformed back to a single enciphered letter. (The 5 × 5 table covered twenty-five possible letters, so one letter of the alphabet, either X or W, was omitted from the keyboard.)38

  The 5 × 5 bigram fractionation table used in the Hagelin B-211 machine to replace each letter with a bigram for further encipherment. The letter G, for example, becomes the bigram IR. The Russian version of the B-211, known to the United States as Sauterne, employed a 5 × 6 table to include most letters of the larger Cyrillic alphabet.

  A schematic of the B-211, tracing the encipherment of a plaintext letter (J) to its cipher equivalent (F). Pressing the keyboard connects an electrical voltage to a unique vowel and consonant combination specified by the 5 × 5 bigram table (EN in this case); each letter of the bigram is separately scrambled by a rotor and switchboard to create a new bigram (AS) that is then transformed in the output matrix according to the same 5 × 5 table, causing a bulb to illuminate on the lampboard.

  As complex as the system appeared to be at first glance, the fractionation procedure actually made the problem vastly simpler to solve. Although the rotating commutators moved in an irregular fashion, sometimes stepping with each letter and sometimes not, if the codebreakers had even a short crib—literally no more than a word or two of matching plaintext and cipher text—it was possible to quickly place the crib by ruling out certain impossible sequences in the way the vowel or consonant commutators would have to advance from one five-letter cipher alphabet to the next. The fractionation of a letter into a bigram in fact gave twice as many opportunities for such contradictions to show up, making it a fairly swift procedure to recover the wheel settings and plugboard connections.

  Before the war, Boris Hagelin had been “obliged” (in his words, presumably by the Swedish government) to sell two B-211 machines to the Russian Trade Commission in Stockholm. The Soviets then proceeded to produce their own version, replacing the 5 × 5 grid with a 5 × 6 grid to encompass the most commonly used thirty letters of the Cyrillic alphabet. The French and Dutch were also good customers for the B-211. None appeared to be fully aware of its extreme weakness. The Germans had captured one of the Russian versions of the machine during the war and figured out how to break it with a ten-letter crib, but were never able to intercept any traffic. But after the war B-211 traffic transmitted by Morse code on military networks in the Soviet Far East began to appear, and on March 1, 1946, Op-20-G reported the “excitement” of reading the first B-211 message. The codebreakers figured out that the Soviet version, which the U.S. and British code-named Sauterne, had repluggable wheels whose connections could be changed for each message, which was undeniably a significant complication, but with the use of several of Op-20-G’s electromechanical analytic machines it was possible to crack that obstacle, and by the next month a regular “watch” working sixteen hours a day had been established to process current traffic.39

  The U.S. and British codebreakers rightly feared that knowledge of their wartime success against the Enigma would bring about a swift end to the cryptographic naïveté that made these Soviet systems and others like them exploitable into the postwar era. The Russians never succeeded in breaking the Enigma themselves during the war, and although on several occasions the British government cautiously shared with the Soviets intelligence derived from German army and Luftwaffe Enigma traffic—usually disguised as coming from “a well-placed source in Berlin” or some other similar formula, and often warning of strategic troop movements or plans to carry out air attacks on Soviet positions—British intelligence adamantly refused to divulge to the Russians GC&CS’s cryptanalytic success in this area. The concern at that time was not so much that it might help the Russians down the road, but rather that since GC&CS knew from the Enigma traffic itself that the Germans were reading much of the Russians’ coded messages, any information given the Russians would likely get back to the Germans. Menzies warned Churchill that the result “would be fatal”: it would only be “a matter of days before the Germans would know of our success, and operations in the future would almost certainly be hidden in an unbreakable way.”40

  And while the Soviets had at least two spies at Bletchley—that would be discovered much later, in part from the one-time-pad NKGB messages—both worked in Hut 3, which produced the decrypts and translations, not Huts 6 and 8, which did the cryptanalysis.*2 Thus the Soviets never gained any direct information from GC&CS about the precise cryptanalytic vulnerabilities of the Enigma’s design.41 But the Soviets did capture some Enigmas during the Germans’ retreat at the end of the war, and the former chief of the KGB’s cipher section told the historian of cryptology David Kahn in 1996 that Soviet cryptanalysts had worked out the mathematics of breaking it, though they lacked the means to produce the equivalent of the bombes required to carry out the task.42 In the light of subsequent crushing events, it would become all too clear that the Russians had not taken very long after the end of the war to catch on to the inherent insecurity of most existing rotor machine designs in the face of the new cryptanalytic resources available, and how to fix it.

  —

  The 1946 agreement between the Army and Navy to “coordinate” their separate signals intelligence operations had merely sidestepped glaring deficiencies in the entire arrangement, which was quickly proving itself unequal to the new technical and intelligence challenges they faced in attacking th
e Russian problem. The rivalry between the two agencies was a long story of mutual suspicion and secret maneuvering, punctuated by ad hoc compromises that served only to underscore the absurdity of the situation. For over a year before the Pearl Harbor attack, in one particularly bizarre deal, the Army and Navy divvied up responsibility for decrypting Japanese Purple traffic simply by alternating days: the Navy took the odd-numbered days, the Army the even ones. It was a travesty of the bedrock cryptanalytic principle of continuity, but bureaucratic politics trumped even common sense. Wenger later observed that, ridiculous as it was, the arrangement was actually an improvement over the previous situation, in which each service completely duplicated the work of the other, and whenever an important message was broken each would “immediately rush to the White House with a copy of the translation in an effort to impress the Chief Executive.”43

  The Navy was especially suspicious of sharing its most important cryptologic secrets with the Army, taking the view that the large number of civilians at Arlington Hall could not be trusted to handle classified information. At one point the Navy insisted that its rule forbidding civilians to operate or know anything about the SIGABA cipher machine, a joint Army-Navy device used for the highest-level traffic, should apply to the Army as well. The Army pointed out that such a directive would mean that William Friedman, who had overseen the machine’s development, would not be allowed to touch his own invention. There were also some basic cultural differences between Op-20-G’s traditionally hierarchical military structure and Arlington Hall’s more freewheeling, civilian-heavy organization, not helped by what one visiting British naval officer astutely and correctly diagnosed as an ugly strain of anti-Semitism that was a serious source of friction at times: “The dislike of Jews prevalent in the U.S. Navy is a factor to be considered,” he reported, “as nearly all the leading Army cryptographers are Jews.”44

 

‹ Prev