In Dutch: Volg de actuele ontwikkelingen rond de Wet op de inlichtingen- en veiligheidsdiensten via het Dossier herziening Wiv 2017

December 21, 2021

From the Hotline to the first video call between presidents Biden and Putin

(Updated: March 19, 2022)

Among the most special telecommunication links are those between the presidents of the United States and Russia. The first and most famous one is the Hotline from 1963, but contrary to popular belief it never had red telephone sets, because it started as a teletype link that evolved into a secure e-mail system.

Only in 1990, a separate secure telephone line was established between the Kremlin and the White House, which was integrated into a digital computer network in 2008. This also enables video calls, a capability that was first used by US president Biden and Russian president Putin only two weeks ago, on December 7, 2021.


US president Biden talking to Russian president Putin from
the White House Situation Room, December 7, 2021.
(photo: White House - click to enlarge)


The Biden-Putin video call

The Russian news agency TASS reported that "the video conference was organized via a secure video conference line, designed for communication between world leaders, and used for the first time today" - a memorable moment, but hardly any other news outlet mentioned it.

Maybe that's because the American and the Russian president had already participated in several multilateral video conferences, like for example the G20 summit in Riyadh in November 2020, and therefore this first bilateral video call seemed not that special anymore.

US president Joe Biden attended the virtual meeting from the large conference room in the White House Situation Room, which is in the basement of the West Wing of the White House. Also present were national security adviser Jake Sullivan, secretary of State Antony Blinken and Eric Green, a senior advisor on Russia.


Russian president Putin talking to US president Biden at
his Bocharov Ruchei residence, December 7, 2021.
(photo: Kremlin via EPA - click to enlarge)


Russian president Vladimir Putin conducted the video call from a conference room in Bocharov Ruchei, which is the summer residence of the Russian president in the Black Sea resort of Sochi. In the photos and video released by the Kremlin no aides or other officials were visible.

An interesting little detail is that the security camera in the corner of the room seems to be covered in black plastic, likely to prevent the ordinary security personnel from watching and/or listening to the video call with president Biden:



Another detail is that president Putin seems to have a white button in front of him, probably similar to the call button in the White House which the American president can use to summon assistance. Under Trump this became known as the "Diet Coke Button".

Close-up of the white button in front of president Putin,
next to an ivory Prestige-CB phone made by Telta
(photo: Mikhail Metzel, Sputnik, Kremlin Pool Photo via AP)



Start and duration of the video call

A brief snippet broadcast by Russia state television shows that the two leaders offered friendly greetings to each other: "I welcome you, Mr. President," Putin said, but US president Biden seemed to fumble with his microphone, awkwardly waving to his Russian counterpart during the silence.

After a few seconds, Biden leaned forward and pressed a button on the control panel of the video teleconference (VTC) system. This apparently turned his microphone on: "There you go" he said, suddenly audible, chuckling and waving to Putin.


The AMX control panel of the videoconferencing
system in the White House Situation Room


After president Biden expressed his hope for an in-person meeting with the Russian leader in the future, further talks proceeded in private. Biden and Putin spoke to each other for just over two hours, according to the White House from 10:07 a.m. to 12:08 p.m. Eastern Time, or 18:08 to 20:10 Moscow Time.

Putin's foreign affairs adviser Yuri Ushakov described the presidents' video conference as "candid and businesslike," adding that they also exchanged occasional jokes. Biden's national security adviser said the meeting was "useful", the discussion "direct and straightforward" and "There was no finger wagging."

After the video call with Putin, president Biden had a telephone (conference?) call with France's president Emmanuel Macron, German chancellor Angela Merkel, the British prime minister Boris Johnson and Italian prime minister Mario Draghi to brief them about the conversation with the Russian president.

Updates:

On December 30, 2021, US president Biden and Russian president Putin had their second conversation within a month. This time it was a 50-minute telephone call, which was requested by Putin and was about the ongoing crisis around Ukraine.

President Biden speaks on the phone to president Putin
from his home near Wilmington, Delaware on December 30, 2021
(photo: AFP/Getty Images - click to enlarge)


On February 12, 2022, Biden and Putin had a phone call of just over an hour again about a possible Russian invasion of Ukraine. This time, the American president conducted the call from the conference room in Camp David, the presidential country retreat near Thurmont in Maryland:

President Biden having a call with president Putin, February 12, 2022
(photo: White House/Reuters - click to enlarge)



US-Russian communication links

It should be noted that neither the video call, nor the telephone conversations between the presidents of Russia and the United States are conducted through the famous Hotline between Washington and Moscow. This Hotline, which is officially called the Direct Communications Link (DCL), was established to prevent nuclear war and is formally based upon a memorandum between the United States and the Soviet Union from June 20, 1963.

In popular culture the Washington-Moscow Hotline is often called the Red Phone, and therefore many people think it has red telephone sets, but this is false: the Hotline was never a phone line. It was set up as a teletype connection, which in 1988 was upgraded to inlcude facsimile (fax) units. Since 2008 the Hotline is a highly secure computer link over which messages are exchanged by e-mail.



The Washington-Moscow Hotline terminal room at the Pentagon in 2013
(photo: www.army.mil - click to enlarge)


The American president did use a red telephone though, although not for foreign, but for domestic communications. Quick and easy contact between the president and military commanders is of course just as important as contact with the Kremlin, and this was achieved through a secure military telephone network, called the Defense Red Switch Network (DRSN).



The Direct Voice Link (1990)

While president Reagan used to write letters to his Soviet counterparts, his successor George H.W. Bush had his first phone call with general secretary Mikhail Gorbachev already on January 23, 1989, three days after his inauguration. This established the practice of direct calls to the Soviet leadership, which were to prove very productive.*

Therefore, the United States and the Soviet Union signed an agreement on June 2, 1990 to set up a "Direct, Secure Telephone Link between Washington and Moscow". This agreement was updated by the memorandum of understanding between the United States and the Russian Federation from October 15, 1999.

The official name of this telepone line is Direct Voice Link (DVL) and it connects the White House with the office of the Russian president, initially via the same satellite link as the Hotline. But while the Hotline is designated for top level crisis communications, the Direct Voice Link can be used for routine matters and the calls are usually scheduled in advance, so interpreters can be present.*


President Obama using his telephone for secure calls in the Oval
Office to talk to Russian president Putin, March 1, 2014.
(White House photo by Pete Souza - click to enlarge)


A Russian integration proposal

From the declassified Presidential Review Directive/NSC 51 by president Clinton's national security advisor Anthony Lake from February 28, 1995, we learn that:
"The Russian government has recently tabled a proposal to upgrade existing government-to-government communications links between Washington and Moscow by installing a secure digital network with voice, data and teleconferencing capabilities. Significantly, the Russian proposal would integrate the existing Direct Communications Link, the secure Direct Voice Link, and the Nuclear Risk Reduction Center communications network in a manner that would permit intergovernmental communications between the U.S. and Russian presidents as well as other government officials; it would also provide the capability to convene conference communications involving Washington, Moscow and "third parties," e.g., other capitals of the Newly Independent States."

In reaction to this proposal, the senior director for Defense Policy of the US National Security Council set up an interagency working group, to "reexamine the purpose, function and overall architecture of direct communications networks between Washington and Moscow."

I haven't found the conclusions of this working group, but given the fact that the different communication systems continued to exist, indicates that at the time the US did not agree to the Russian proposal.



The Direct Secure Communications System (2008)

Eventually, the Russians partly got what they wanted, because on October 30, 2008, an agreement was signed on the establishment of a "direct secure communications system between the United States of America and the Russian Federation".

This agreement supersedes and terminates the earlier agreements and memoranda of understanding about both the Hotline (from 1963, 1971, 1984 and 1988) and the Direct Voice Link (from 1990 and 1999).

The new system consists of "networked equipment and communications circuits and [is] intended for secure emergency and non-emergency communications between the highest leadership of the two countries." To make the system suitably reliable, the "communications circuits shall follow geographically diverse paths" and both countries agreed to equally share the cost of leasing communication circuits that run outside their territory.




According to the agreement it was up to the Defense Information Systems Agency (DISA) on the American side and the Federal Protective Service (FSO) on the Russian side to "determine the configuration and technical parameters of the communications circuits, as well as the specific types of encryption devices and equipment to be used."

It was also agreed that "the secure communications system shall be reequipped and updated every five years" while it may also be used to transfer classified information, but only up to the level Secret, as the agreement only mentions the classification markings Secret (Russian: Совершенно секретно) and Confidential (Секретно).


Since the new system became operational, probably in the course of 2009, there's one secure network between Washington and Moscow which is used for the e-mail capability of the old Hotline as well as for the direct telephone line between both presidents.

Since 2013 the network is also used for "a direct secure voice communications line between the U.S. Cybersecurity Coordinator and the Russian Deputy Secretary of the Security Council, should there be a need to directly manage a crisis situation arising from an ICT security incident."

And likewise the video call between Biden and Putin must also have been conducted through the Direct Secure Communications System, although it's not clear why it took so long before this capability was first used.


The Head-of-State Network

The new secure communications network between Washington and Moscow has probably been integrated in the Head-of-State (HoS) network which the president of the United States uses to communicate with foreign leaders.

According to the 2009 budget of the White House Communications Agency (WHCA), which is part of DISA, this Head-of-State network was upgraded to an IP network and expanded with "new suites and additional network capacity", a project that was finally completed in the fiscal year 2013.

There's very little information about the Head-of-State network, but we can assume that it includes at least the countries that previously had a bilateral top-level hotline with the White House: Russia, the United Kingdom, Germany, India and probably China. Other allied countries are likely also included.




A small room within the White House Situation Room where the president
"can make a head-of-state phonecall from the Situation Room itself"
(screenshot from a White House video)



Head-of-State phone calls

Presidential phone calls to other heads of state are usually prepared by the senior duty officer (SDO) of the White House Situation Room who negotiates date and time with the designated contact in the foreign capital and arranges an interpreter from the Language Service of the State Department.* Subject-matter experts from the National Security Council (NSC) may also listen in to the call.

These phone calls are not recorded, but duty officers in the Situation Room take verbatim notes which are put together in a Memorandum of Conversation (MemCon). An example is this one of the famous last phone call between presidents George H.W. Bush and Mikhail Gorbachev on December 25, 1991. Nowadays these MemCons are stored on TNet, the internal computer network for the NSC staff.


When the Situation Room has no dedicated link to a particular foreign leader, then the call would be set up through the so-called Signal switchboard, which is staffed by military personnel from the White House Communications Agency.*

The Signal switchboard is also used for all other secure phone calls and thus we see that the IST2-telephone used by presidents George W. Bush and Barack Obama had separate buttons not only for the Situation Room, but also for the Head-of-State conference calls, the Signal switchboard and its operator for secure calls:




Securing the networks

For obvious reasons there's no information about how the Head-of-State network and the Secure Communications System between the US and Russia are secured. For its own classified IP networks, the US military uses advanced network encryptors, like the TACLANE series made by General Dynamics. These devices are certified by the NSA as Type 1 product that use classified Suite A algorithms to encrypt communications data up to the highest classification level (Top Secret/SCI).

For such an encryption system, however, both parties have to use the same equipment, or at least the same algorithms and that's a problem when it comes to bilateral communications: one country will of course never provide it's best encryption systems to another country. One solution is to use less secret methods, like the Advanced Encryption Standard (AES), which is considered one of the best publicly available encryption algorithms.

Responsible not only for securing the Direct Voice Link (DVL), but also for Obama's BlackBerry, was Richard "Dickie" George, who served as technical director of the NSA's Information Assurance Directorate (IAD) from 2003 until his retirement in 2011.


One-time pad

When head-of-state communications should be as secure as possible, then they could use a one-time pad (OTP), which is unbreakable if implemented correctly. Instead of an algorithm, the OTP method uses a completely random key that is as long as the message that has to be encrypted.

In this way both the original Hotline and the communication links of the Nuclear Risk Reduction Center (NRRC) were secured: "The information security devices shall consist of microprocessors that will combine the digital message output with buffered random data read from standard 5 1/4 inch floppy disks" which each party provided to the other through its embassy.


Russian equipment?

In August 2018, several Russian state media came with a somewhat confusing story saying that "a sophisticated scrambler developed by Concern Avtomatika was tested by US specialists and recommended for use in the direct telephone link connecting Washington with Moscow."

Avtomatika and its predecessors have been manufacturing cryptographic equipment for secure top-level telecommunications already since 1930. In 2014 Avtomatika became part of the state-owned defense conglomerate Rostec.



Links and sources

- ABC News: Biden confronts Putin over Ukraine in high-stakes meeting (Dec. 8, 2021)
- TASS: Putin-Biden video conference over (Dec. 7, 2021)
- The New York Times: The White House relies on a secret system for calls with world leaders. (Dec. 7, 2021)
- Bloomberg: Outdated White House Situation Room Getting Needed Overhaul (Oct. 21, 2021)
- Syracuse.com: I listened to dozens of presidential phone calls. Here’s why it’s done (Sept. 25, 2019)
- National Security Archive: The Last Superpower Summits (Jan. 23, 2017)
- CNN Business: 'I made Obama's BlackBerry' (May 22, 2014)
- Michael K. Bohn: Nerve Center. Inside the White House Situation Room, Brassey's Inc, 2003, p. 67-101.

December 4, 2021

About Intellipedia and other intelligence wikis from the Snowden trove



For years, the NSA and other US intelligence agencies have their own internal versions of the collaboration tools that most of us are using day-to-day. Documents from some of these tools have been published as part of the Snowden revelations, which allows a closer look.

It turns out that besides the US Intelligence Community's Intellipedia, which was already publicly known, the Snowden trove also contains entries from the NSA's WikiInfo and the British GCWiki, systems that were hitherto unknown.





Intellipedia

The oldest and best known internal collaboration tool used by the US Intelligence Community is Intellipedia, which is similar to the public Wikipedia and uses the same software called MediaWiki.

Intellipedia started as a pilot project at the CIA in 2005 and was formally announced in April 2006. Later it was brought under the Intelligence Community Enterprise Services (ICES) of the Office of the Director of National Intelligence (ODNI).

A big difference with the public Wikipedia is that Intellipedia has three different versions, according to the main classification levels (with the number of users by the end of 2012):
- Unclassified, on the DNI-U network, with some 75.000 users

- Secret, on the SIPRNet network, with some 147.000 users, mostly from the Defense Department and the State Department

- Top Secret/SCI, on the JWICS network, with some 188.000 users, mostly from the intelligence agencies


Each of these Intellipedia versions can be used by both civilian and military employees with appropriate clearances from the 17 agencies of the US Intelligence Community as well as from the US military and other federal government departments.

In 2006, the NSA had only about 20 registered Intellipedia users, the smallest number of any of the big intelligence agencies. At the time, the CIA had the most registered users: more than 200.

An example of the address format of a TopSecret/SCI Intellipedia page is: http://intellipedia.intelink.ic.gov/wiki/Anna_Politkovskaya


An article from the Unclassified version of Intellipedia
This one from the CIA's AIN network
(Click to enlarge)


Intellipedia entries from the Snowden revelations

Probably a bit surprising is that among the numerous Snowden documents there are only five Intellipedia entries. A close look shows that they were published in two forms:

1. Three of the Intellipedia entries are in pdf-format or a pdf-image (or a combination thereof) and in full color, in this case much yellow, which is the color code for information classified as Top Secret/Sensitive Compartmented Information (TS/SCI).

These three entries are this one about Anna Politkovskaya, this one about Air-Gapped Network Threats and this one about BIOS threats.


Intellipedia entry about Anna Politkovskaya

Snowden's username redacted on Intellipedia? (source)


2. Two Intellipedia entries from the Snowden cache don't have color, images and formatting and seem to be a scan or a photo of a printed document, like this entry titled "Manhunting Timeline 2008", which was released by The Intercept in July 2015.

The other entry was published last October by the American journalist Spencer Ackerman and is titled "Targeted Killing: Policy, Legal and Ethical Controversy". This document not only has a very similar form as the "Manhunting Timeline 2008" but is also about the same topic.



Intellipedia entry titled Manhunting Timeline 2008



Intelink

Intellipedia is part of the Intelink network, which was set up in 1994 and also has three versions: for Unclassified, Secret and Top Secret/SCI information. Besides Intellipedia, Intelink also provides a range of other collaboration tools for members of the US Intelligence Community (IC), like:
- Intelink Search
- Inteldocs (shared files)
- IntelShare (the IC's SharePoint)
- Intelink Blogs
- eChirp (IC version of Twitter)
- Jabber (instant messaging)

A more official version of Intellipedia, called Living Intelligence, was created for collaboratively writing official intelligence reports, but this failed because each agency stuck to its own process for writing such reports or "products for their customers".

More succesful is A-Space (or Analytic Space), which is also a common collaborative workspace for analysts of the US Intelligence Community, but unlike the Intelink tools, A-Space can also be used for information classified as GAMMA or HCS. A-Space went live on the JWICS network in 2008 and is managed by the DIA. In July 2013, A-Space was widened to i-Space (Integrated Space) so access is no longer restricted to analysts.


Intelink homepage with icons of the various collaboration tools (source)


Under the huge modernization project called Intelligence Community IT Enterprise (IC ITE or "Eye Sight") the NSA will provide an Apps Mall with collaboration tools that can be used as part of the Desktop Environment (DTE) for all intelligence users.

All the Intelink collaboration tools on the JWICS network are marked NOFORN, which means their content may not be shared with foreign nationals. Therefore, NSA employees apparently prefer their own tools on NSANet which do allow sharing with the other agencies of the Five Eyes partnership.



WikiInfo

The name of one such NSA tool was already found in a very interesting report from 2016 about how the US Intelligence Community uses internal collaboration tools: WikiInfo. This very unimaginative name refers to the NSA's internal wiki, parts of which were published during the Snowden leaks.

WikiInfo runs on NSANet, the network that connects all the Five Eyes signals intelligence agencies, and has a maximum classification level of TOP SECRET//SI-GAMMA/TALENT KEYHOLE//ORCON/PROPIN/RELIDO/REL TO USA, FVEY.

This really long marking says that information on NSANet may include highly sensitive communication intercepts (GAMMA) and intelligence from spy planes and satellites (TALENT KEYHOLE), including material that is closely controlled by the originator (ORCON) or contains proprietary information (PROPIN).

For even more sensitive information that should not be shared with the Five Eyes partners there's a separate platform called WikiInfo-NF (No Foreign nationals).


WikiInfo entries from the Snowden revelations

The Snowden trove provided only 12 WikiInfo entries, which is not much, but still twice the number of Intellipedia pages. Most of them just contain the text of the article, like this one about QUANTUM shooters, but this one shows the full WikiInfo interface, apparently made with a full page screen capture tool:


The WikiInfo interface with an entry about SIGINT targeting scenarios
Note that "Edward snowden" doesn't seem to match the redacted username


WikiInfo is only one of the NSA's own series of internal collaboration tools. Others are Tapioca, JournalNSA, SpySpace, Giggleloop, RoundTable and Pidgin. Tapioca was described as the "impressive NSA system for social networking and collaboration" and combines multiple functionalities. In 2016, Tapioca also got a version on Intelink, making it available for other US intelligence users.



GCWiki

Most wiki entries that have been published during the Snowden revelations, some 23, are actually not from an American system, but from the internal wiki that is used by the NSA's British counterpart GCHQ. This platform is called GCWiki and has a maximum classification level of TOP SECRET STRAP1 COMINT.


An example of the address format for GCWiki pages is: https://wiki.gchq/index.php/TWO_FACE


GCWiki entries from the Snowden revelations

Among the GCWiki entries published as part of the Snowden revelations there are no examples of how the GCWiki interface looks like. All entries are like this article about the PHANTOM PARROT program, which was published by The Intercept in September 2017:


GCWiki entry about the PHANTOM PARROT program

Snowden's username on GCWiki (source)


Besides GCHQ, the other Five Eyes signals intelligence agencies, the Canadien CSEC (now CSE), the Australian DSD (now ASD) and GCSB from New Zealand, also have their own internal wikis, but from these platforms no entries have been published.



What's in the Snowden cache?

Regarding the content of these intelligence wikis, probably most of it is about people, places and events that are of interest for intelligence analysts. But as we can see from the pages that have been published since June 2013, these internal wikis are also used to share more technical information about collection programs and hacking tools.

It's not clear whether Snowden picked out those topics or journalists did so, or in other words: whether or not Snowden also downloaded the complete content of Intellipedia, WikiInfo and GCWiki, like he did with the NSA's internal newsletter SIDtoday. If so, that would have amassed a huge number of files, as in January 2014, the Top Secret/SCI version of Intellipedia alone contained some 113.000 pages.



A final thing to consider is how the Intelligence Community's internal collaboration tools relate to Snowden's exfiltration efforts. As we have seen here, the NSA and the US Intelligence Community both have a whole series of tools, ranging from instant messengers to file sharing systems and almost anything in between.

In his 2016 book Permanent Record, Snowden writes about what he calls "readboards", a kind of digital bulletin boards where each NSA site posted news and updates (p. 220). This sounds a bit like the "shared bookmarking" function which is available on Intelink, according to this diagram:


Collaborative tools used by the US Intelligence Community in 2016
(click to enlarge - source)


Snowden said that he started hoarding documents from all these readboards and then shared this personal collection with his colleagues, as a justification, or "the perfect cover", for collecting material from more and more sources.

This system, which Snowden called Heartbeat, also pulled in the full documents so NSA Hawaii would still have access to them in case they would be disconnected from NSA headquarters. And, according to Permanent Record: "Nearly all of the documents that I later disclosed to journalists came to me through Heartbeat" (p. 221-222).

Heartbeat isn't mentioned in the diagram above, which makes sense because if the system existed like Snowden described it was probably only used at NSA Hawaii and not throughout the NSA as a whole - and most likely completely abolished after he left the agency.



Links and sources
- SpyTalk: Classified US Intelligence Chat Rooms a 'Dumpster Fire' of Hate Speech, Says Ex-NSA Contractor (2022)
- The Atlantic: The Government’s Secret Wiki for Intelligence (2017)
- Wired: The Wikipedia for Spies—And Where It Goes From Here (2017)
- Center for Strategic and International Studies: New Tools for Collaboration. The Experience of the U.S. Intelligence Community (2016)