How long have intelligence agencies been keeping tabs on the internet? And what role did these agencies play in creating the internet we use today? For the most part, these kinds of questions have been relegated to comments sections on random blogs and the occasional tweet from researchers. So we’re hoping to remedy that in whatever small way we can, starting with a look at the 1960s and 70s.
This is part two in our five-part series looking at the history of surveillance on the internet.
The common mythology about the birth of the internet is that it evolved organically to produce this new frontier filled with hackers and geeks and new opportunities. The part everyone forgets to mention? The intelligence community, and specifically the NSA, was there from the beginning. The connections between the birth of our modern internet and the military community have long been established. But the part of the story that deserves further exploration is the ties to the intelligence community.
To be clear from the outset, broad surveillance of the ARPANET (the seed of our modern internet) in the 1960s and ’70s was almost certainly legal. This was a network that the defence and intelligence communities had built under the aegis of the Advanced Research Projects Agency (ARPA), the precursor to DARPA. And it would make perfect sense that these agencies would keep a close eye on their own creation. But their work paved the way for our modern internet, and understanding how they monitored and infiltrated their new toy is crucial to developing a clear-eyed view of the security landscape we currently face. There are people alive today who recall when the internet was, practically speaking, transparent to the whims of their curiosity.
The Origins of the Internet
The ARPANET, the first packet-switched network, gasped its first breaths on October 29, 1969 when researchers at UCLA made the first host-to-host connection with researchers at Stanford University. The project was funded by ARPA, the “mad scientist” wing of the Department of Defence research community. But the ARPANET wasn’t an immediate success, nor was it birthed overnight in 1969. It was borne of the work of tireless researchers funded by ARPA throughout the 1960s and spread across the entire country — from contractor Bolt Beranek and Newman (BBN) in Cambridge, Massachusetts to UCLA in Los Angeles.
ARPANET had a tough time getting off the ground. In fact, its funding was nearly pulled for lack of results in the early 1970s. In the classic internet history, Where Wizards Stay Up Late, Katie Hafner described it as “like a highway system without cars.” But it wouldn’t be too long before that highway would be filled with plenty of traffic from university researchers, students, and members of the military and intelligence communities. It became so full, in fact, that the ARPANET would be split in the early 1980s to form a network called the MILNET for sensitive military information, and cloned in the late 1970s for a networked called COINS II to share intelligence information.
Screenshot of J.C.R. Licklider from a 1972
Just a week before ARPANET came online, internet pioneer J.C.R. Licklider was giving a presentation at NSA headquarters in Ft. Meade, Maryland, about the future of networked computing. Specifically, what the world of internetworking would look like in 1979, ten years into the future. Sadly, I have no idea what Licklider said at the NSA-sponsored conference, which also featured ARPA chief scientist and internet pioneer Larry Roberts.
I reached out to the NSA to ask about the ways that they might have monitored the early internet and, to their credit, they sent me a paper by intelligence researcher Michael Warner titled "Cybersecurity: A Pre-History." The paper doesn't answer many questions about how intelligence agencies did or did not monitor early networks like the ARPANET. But it still makes for fascinating reading, and does provide some context for Cold War concerns about information sharing.
Whatever Licklider said to the NSA, it's probably a safe bet that it was visionary. It's hard to overstate how influential Licklider was to early thinking about the potential of the internet. While so many of his peers were focused on how to get machines to talk to one another, Licklider was one of the few who immediately saw how the human might fight into the equation. And it wasn't just one person to another. Licklider, writing with Bob Taylor in 1968, imagined quite correctly that entire communities would build up online.
What will on-line interactive communities be like? In most fields they will consist of geographically separated members, sometimes grouped in small clusters and sometimes working individually. They will be communities not of common location, but of common interest. In each field, the overall community of interest will be large enough to support a comprehensive system of field-oriented programs and data.
The fact that that Licklider and Roberts were talking to the NSA at the birth of the internet hints at the role that intelligence agencies had in building the powerful networking tools we use today. Snowden's revelations of collaboration between the major internet companies and the NSA were a shock to a generation raised to think of the digital world as somehow free of government control and influence, at least in the United States. But they perhaps weren't so surprising to the men and women who worked hand in glove with the NSA and other government agencies to build the technologies that gave those companies life. It's an important relationship to keep in mind when asking the question: Just how long have organisations like the NSA and CIA been keeping tabs on networked computing in the United States?
NSA and Other Nodes
So what about the technical evidence? The most obvious and striking thing that pops out at you while looking at old maps of the ARPANET is that the NSA became a node in the mid-1970s. What does being a node mean? It meant that there was a computer at the NSA that was responsible for routing traffic on the ARPANET. The NSA could connect any computer it wanted to their IMP (the refrigerator-sized modems of the 1960s and 70s) and access the ARPANET and any networks to which it connected -- other networks like COINS, which we'll get to shortly.
Beyond just being a node, the NSA became a network sponsor in 1975, meaning that it had an administrative role and allocated money to keep the network humming. Other sponsors in the 1970s included the Army, the Air Force, the Department of Commerce, and NASA, among others.
By 1975, authority over the ARPANET was also transferred to the Defence Communications Agency (DCA) because it was no longer an experiment and no longer under the purview of ARPA, the folks who handled the "mad science" projects. The DCA is responsible for communications within the DoD, and with that the ARPANET became both stable and officially mainstream within the defence and intelligence communities.
While the ARPANET evolved and started to become more accountable (even if it was in fits and starts), the NSA helped oversee the development and approved the use of technologies that kept communications encrypted. Overseeing encrypted communications was, of course, part of the NSA's core mission. But NSA wasn't too excited about civilian encryption. In fact, they fought tooth and nail against any encryption that they didn't like.
In 1977 Cryptolog, the NSA's classified in-house magazine, explained that their state-of-the-art computer networking tools were based on technology that had been developed by ARPA.
NSA's computer networking is based on technology developed for the Department of Defence Advanced Research Projects Agency (ARPA). It is a packet switched network in which every node is connected to at least two other nodes. This gives additional reliability to inter-host connections.
So why does it matter that NSA was a node, a network sponsor, and a partner with the pioneers of the internet? Because their work with ARPA gave them many opportunities to learn from and influence the methods of surveillance that would become integral to modern networks. And they were always tapped in.
COINS and COINS II
One way to understand how intelligence agencies may have been tapped into the ARPANET is to look at the networks and databases they used internally. COINS, the (Community On-line Information System) was a database that started in the mid-1960s. COINS was a star network, meaning that it was composed of many different terminals tapping into one central database. By the end of the 1970s, COINS II was established as an NSA network for sharing intelligence. COINS II was not only an ARPANET clone, meaning it used packet-switching, but it also had gateways connecting it to the ARPANET.
In its own series of books on the Cold War (now declassified but heavily redacted), the NSA briefly mentions COINS:
Initially a join NSA/DIA project, it became a community-wide database at the SI/TK level. COINS became a substitute for various product reports, and customers were simply given direct access to massaged SIGINT data rather than having NSA take the data and manufacture a product report of mind-numbing length and detail. Still another database, then called SOLIS, was created in 1972 to hold all NSA electrical product reports.
But it's a rare mention indeed. COINS and COINS II pop up in only a handful of declassified places, most extensively in a 1982 thesis by Thomas R. Malarkey at the Navy Postgraduate School. The big takeaway from the document is that COINS II, the NSA's secret intelligence sharing network, was directly linked to the ARPANET sometime before 1982.
Curiously, while reading the Michael Warner paper the NSA sent me, I found mention of a database network from 1972 that was supposed to share intelligence across different agencies. Part of me assumed that it could have been some precursor to COINS II; perhaps a stepping stone between COINS and COINS II. As Warner notes, this arrangement -- allowing, say, the NSA and CIA to share information -- would have been incredibly progressive for the time allowing. But it was a complete disaster. They ran tests to see if the network could be penetrated, and sure enough, they were completely owned.
Warner cites the NSA's Cold War history books:
The Defence Intelligence Agency had created several intelligence community databases designed for multilevel security access, and DIA contacted [the United States Intelligence Board] about running a security check of the system so that they could get their systems accredited for SI and TK [signals and imagery intelligence] information. NSA and other members of the intelligence community, with participation from defence contractors, obliged. By the time the attacks terminated, the penetration was so thorough that a penetrator at a distant remote terminal had actually seized control of the system. DIA never got its accreditation, and the results of the exercise made many at NSA sceptical that multilevel security could ever be achieved.
Suspecting they could be talking about COINS II, I asked NSA directly what program or network Warner is referring to. They said that it wasn't COINS and that they'd get back to me to see if they could reveal that information. I have yet to hear back from them on that. But if it was something akin to COINS II, it means that not just the NSA, but the entire U.S. intelligence community was briefly integrated with ARPANET back in its earliest days.
Putting the Pieces Together
Grappling with the rough sketch of what was occurring in networked computing in the United States means shifting our understanding of internet history. The NSA was always there. We don't know what they were doing all the time -- but we know that organizationally, technically, and financially they had their hands in all of it.
I suppose it's easy to understand why few have taken up study of early internet surveillance. We're talking, after all, about questions of history. And most people aren't concerned with whether some computer science nerds at Stanford or MIT had their email monitored back in the mid-70s. There's naturally less sense of urgency and personal consequence than when we talk about how the NSA might be monitoring your own porn browsing habits from last week.
But the question of how long internet surveillance has been taking place isn't just important for historians. The history of the internet is increasingly the history of where some of us spend the majority of our lives. And stepping back to understand the internet's infrastructure and monitoring in the 1970s, 80s and 90s might just give us the perspective we need to make decisions about the definitions of internet freedoms in the 21st century.
Many early internet pioneers worked intimately with American intelligence agencies at some point during the internet's creation. In the late 1960s, even before the ARPANET was taking its first baby steps, we've seen that early internet pioneers like J.C.R. Licklider and Larry Roberts were giving presentations to the NSA at conferences in Fort Meade, Maryland. Vint Cerf has talked about his work with NSA that started in 1975. These are the people who were instrumental in building the internet that we know today. And they all were working side by side with the American intelligence community.
As I said in my first post, I'm barely beginning to scratch the surface in an attempt to better understand the role that intelligence agencies have had in creating our modern internet. But maybe you can help. As always, we'd love to hear from you. You can send an email to [email protected] (PGP Key), or deadtree documents to: Gawker Media c/o Matt Novak, 210 Elizabeth Street, New York, NY 10012.
Next week: The Go-Go '80s
Top image: NSA supercomputer in the 1970s via NSA