Snowden Archive
——The SIDtoday
Files Browse the Archive

HIGHTIDE Switching Over to PKI

SUMMARY

November 20, 2004 is the when NSA's new public key infrastructure system comes to HIGHTIDE, a reporting tool that will use the new system for end-to-end encrypted email. Thanks to this new system, NSA "will have achieved an unprecedented level of information security."

DOCUMENT’S DATE

Nov 19, 2004

PUBLICLY AVAILABLE

Feb 05, 2018

1/2
Download
Page 1 from HIGHTIDE Switching Over to PKI
DYNAMIC PAGE -- HIGHEST POSSIBLE CLASSIFICATION IS TOP SECRET // SI / TK // REL TO USA AUS CAN GBR NZL (U) HIGHTIDE Switching Over to PKI FROM: Chief, Reporting Tools Branch (S1221) Run Date: 11/19/2004 (U//FOUO) "It will more than likely take significant trial and error...and not all of your applications will be able to make use of PKI and those that do will not use it in a uniform manner...(at) least not today, but...it will eventually and this is where the patience factor enters into the picture...." -- AD23 (U//FOUO) 's sage advice notwithstanding, we in Reporting Tools (S1221) are confident that, on 20 November 2004, when Public Key Infrastructure encrypted e-mail becomes fully operational in the HIGHTIDE reporting tool, the Agency will have achieved an unprecedented level of information security. (U//FOUO) On that date, PKI will replace the legacy ICARUS encryption service in HIGHTIDE since ICARUS no longer meets Agency policy requirements. The following functions within HIGHTIDE will support PKI-encrypted e-mail, using Outlook for Windows systems and Mozilla for Unix: EGRAM Readdressal -- PKI encryption optional TELIR -- PKI encryption optional Free Field (tipper) -- PKI encryption required if sent via email Sensitive Series -- PKI encryption required if sent via email (U//FOUO) Please be advised that, effective 20 November, all e-mail recipients of encrypted HIGHTIDE reports will require PKI certificates . HIGHTIDE will verify that the recipient has a registered PKI certificate before releasing the report to that person. PKIencrypted e-mail may be sent by or to any users who have a registered PKI certificate in Searchlight or in the Second Party database. The Full Service Directory (FSD) that supports Intelligence Community recipients will be rolled into HIGHTIDE at a later date. The ICARUS Transition Team estimates the current Initial Operating Capability date for the FSD to be the December 2004 timeframe. Once the FSD is available, we will support it in HIGHTIDE. (U//FOUO) While ICARUS should no longer be used in e-mail (as of October 2004), ICARUS services will continue to operate until June 2005, to permit conversion of stored ICARUS data to PKI encryption. Those concerned with the maintenance of corporate archives (collections of files from various sources) that might contain ICARUS material, those with processes that employ ICARUS encryption, or others with specific ICARUS-related concerns should contact the JESI Trusted Communications Program Manager ( @nsa.ic.gov). The ICARUS Replacement Plan is available at URL: . (U//FOUO) As a reminder, the SKYWRITER/HIGHTIDE first-tier "Help Desk" transferred its functions from the Customer Response Reporting Tools Branch to ITSC ('Remedy') on 24 May 2004. The SKYWRITER/HIGHTIDE homepage ("go skywriter or "go hightide") remains on line as a valuable resource for help, with links to the SKYCAST Working Aid, Policy, and FAQs. Stay tuned for updated messages on changes to SIGINT On Demand ("go sod"), the NSA Reporting Platform of the future. "(U//FOUO) SIDtoday articles may not be republished or reposted outside NSANet without the consent of S0121 (DL sid_comms)."
Page 2 from HIGHTIDE Switching Over to PKI
DYNAMIC PAGE -- HIGHEST POSSIBLE CLASSIFICATION IS TOP SECRET // SI / TK // REL TO USA AUS CAN GBR NZL DERIVED FROM: NSA/CSSM 1-52, DATED 08 JAN 2007 DECLASSIFY ON: 20320108