in Chapter 1, but with a broader national vision. Historian Janet Abbate64 speculated that it was because the Office of Computing Activities (and its successor, the Division of Computing Research) had a limited budget or because the importance to researchers was not yet realized. When I arrived in 1976, NSF leadership was not interested in anything of the scale and management demands of an ARPANET-like national network and remained unconvinced that a network for sharing resources and collaboration had value, given the cost.
An opportunity for NSF to be involved in networking arose in 1977. Fredrick Weingarten inherited what was left of the DCR applications efforts in his Special Projects program. I knew that he was supporting research on the economics and social impacts of networks and computer-based collaboration, often jointly with Edward Weiss and others in the Division of Information Science and Technology. An opportunity surfaced at the 1977 Foundations of Computer Science (FOCS) conference in Providence, RI, where I met with several researchers during the conference reception at the Marriott Inn. We discussed whether NSF might entertain a proposal to support an email system for collaboration. The group included Lawrence Landweber, Richard Lipton, Richard Demillo, and Edward Robertson. After the meeting, Fredrick Weingarten and I decided to encourage Landweber to submit a proposal (NSF 7801689, An Electronic Mail-Box and Teleconferencing Network for Theoretical Computer Science). Landweber agreed to add Starr Roxanne Hiltz of Uppsala College to analyze the impact on collaboration and research output.
Thirty or so theoretical computer scientists in the United States and Australia participated in the Theorynet project by using Telemail running on a University of Wisconsin computer and accessing it over Telenet,65 a commercial packet-switched network. Research collaboration rose steadily and the 1978 ACM SIGACT program committee communicated via Theorynet/Telemail. Although she had some difficulty monitoring usage and interviewing users, Hiltz66 was able to show positive outcomes in terms of collaboration and jointly published papers. Theorynet’s modest success lent credibility to the CSNET and NSFNET projects.
2.7Cryptography and Interactions with the National Security Agency
The various controversies that arose around the National Bureau of Standards (NBS) Digital Encryption Standard (DES) were a prologue to issues related to cryptography. IBM submitted a cryptographic algorithm as a candidate for the DES in 1974 and NBS requested that the NSA evaluate it.67 NBS also asked IBM to grant the U.S. government “a nonexclusive, royalty-free license to make, use, and sell apparatus that implemented the algorithm.” NBS published a notice in the Federal Register in August 1975 of the proposed standard and requested comments. Martin Hellman and Whitfield Diffie of Stanford University criticized the proposed DES standard and outlined a potential attack on the algorithm.68 In April 1977, NBS issued the DES standard.69
In November 1976, in the midst of the DES controversy, Diffie and Hellman published “New Directions in Cryptography,”70 which introduced several new concepts: public key cryptosystems, one-way authentication (or functions), trap-door one-way functions, and digital signatures. At about that time, El (Elias) Schutzman, the program director in engineering systems, approached me about co-funding grants to Hellman at Stanford and I agreed. Diffie was at the time a research assistant working with Hellman. I was also funding Ronald Rivest, who was developing a number-theoretic public-key encryption algorithm71 with Leonard Adleman and Adi Shamir (all at MIT), which became the RSA algorithm.
What we did not know at the time was that James Ellis of the British Communications Electronics Security Group (CESG) had published a classified paper72 containing the idea of public key cryptosystems and that Clifford Cocks, also with CESG, had proposed an implementation similar to RSA.73 Both of these British papers predate the Americans’ work by four to five years; however, since they were classified, the NSF-funded researchers would not have known about them before CESG de-classified the work in 1997. The National Security Agency, however, was aware of Ellis’s and Cocks’s work.
In August 1977, J. A. Meyer of Bethesda, Maryland (later identified as an employee of the National Security Agency), wrote to the IEEE suggesting that some attendees at the September 1977 IEEE Symposium on Information Theory held at Cornell might be violating provisions of the International Traffic in Arms Regulations (ITAR) Act. Hellman and Rivest turned the problem over to their universities’ lawyers and opted to wait until the lawyers finished looking into the issue. Cleared to attend, they both limited their public discussion to the mathematical and technical aspects of cryptography and did not discuss possible national security implications of their work.74
In April 1978, the NSA placed under a secrecy order a patent application from the Wisconsin Alumni Research Foundation on behalf of George Davida of the University of Wisconsin-Milwaukee.75 NSA invoked provisions of the Invention Secrecy Act preventing Davida from discussing any aspect of this research and severely limiting his ability to pursue research in cryptology for several months. The secrecy order was later lifted. That fall, Davida joined NSF, replacing me as program director for Theoretical Computer Science.
The American Council on Education (ACE), in response to a request by the NSA, assembled the Public Cryptography Study Group76 in March of 1980. NSA indicated concern that information contained in some articles in professional journals and in monographs might be a risk to national security. The study group held a series of meetings through February 7, 1981, and produced a report77 that recommended a voluntary system of review of papers in cryptology. No author or publisher would be required to participate. Davida contributed a minority report78 that argued against restraints on non-governmental research in cryptography.
According to a report in Science in August 14, 1980,79 Leonard Adleman was told by an NSF program officer that parts of his grant proposal would not be funded. Vice Admiral Bobby Inman, NSA Director, was quoted as saying that the reason the NSF chose not to fund parts of Adelman’s proposal is that NSA wanted to fund the research itself. Soon afterward, NSA Director Inman wrote to Science indicating that NSA, as the government’s primary user of cryptography, was increasingly interested in investing in primary research in cryptography as well as related fields, such as mathematics. He mentioned NSA’s assistance with evaluating NSF research proposals in cryptographic areas but stated, “NSA does not now have and does not intend to seek the authority to prohibit NSF funding in this area.”80 Inman hoped that NSA would become an increasingly important sponsor of research in this area.
In November 1980, NSF Acting Director Don Langenberg clarified the respective roles of NSF and NSA in support of cryptologic research.81 Since 1977, NSF routinely referred proposals with relevance to cryptology to NSA for review. The process I used82 as program director for Theoretical Computer Science, following guidance from the NSF management and attorneys, was to include a designated NSA expert among the referees from whom I solicited proposal reviews.
Langenberg stated that NSF long had a policy of encouraging other agencies to support basic research and had encouraged NSA to establish an unclassified basic research program, but “if an investigator prefers to apply only to NSF, the proposal will be processed in the usual manner, without prejudice.” Langenberg added that the Foundation would ensure reporting requirements that would allow it to meet its responsibilities with respect to classification.83 The Adleman proposal was approved by the NSF on December 9, 1980, and the award letter included a statement of NSF policy and elaborated reporting requirements. After negotiation between NSF and MIT, a grant was made to Rivest on September 25, 1981, with an altered policy on reporting.
Jack Minker of the University of Maryland, who was co-chair of the 1980–1981 computer science advisory subcommittee, asked John Guttag of MIT to head an ad hoc committee to review current NSF policy regarding cryptographic research. At the May 1981 Advisory Subcommittee,84 a three-and-one-half-hour discussion was held on the “Role of the NSF in Supporting Cryptological
