LETTER TO MR. DONALD L. EIRICH, FROM GEORGE L. CARY

STAT Approved For Release 2005/07/13 : CIA-RDP77M00144R000600020002-5 Approved For Release 2005/07/13 : CIA-RDP77M00144R000600020002-5  Approved For Release 2005/07/13 : CIA-RDP77M00144R00060002000, 5 ._ ff CENTRAL INTELLIGENCE AGENCY 7C/ !7 WASHINGTON,D.C. 20505 OLC 75-2682/a 24 NOV1975 Mr. Donald L. Eirich, Associate Director United States General Accounting Office Washington, D.C. 20548 This is in reply to your letter of 6 October 1975 to the Director requesting that the Agency respond to several questions to assist in your evaluation of the computer and communication security pro- posed for the Internal Revenue Service's new Tax Administration System. As was explained to you by computer and communication systems are clearly vulnerable to technical compromise unless protected by encoding and other protective measures. Our concern is solely the foreign threat to national security information which is clearly recognized and the systems maintained by the Central Intelligence Agency are so protected. Also, we can only comment on the foreign intelligence aspects of the problem since the domestic threat is clearly a matter for comment by the Federal Bureau of Investigation. The efforts of certain foreign intelligence organizations against national security agencies and national security information to acquire communications information by wiretapping and other means are clearly documented. Documentation concerning efforts against other targets is not clear, however, if tax data is so maintained as to allow the compro- mise of specific targets, the threat would be decidedly increased. - Qty ~%~ c~i m { _r~~6-19T6 Approved For Release 2005/07/13 : CIA-RDP77M00144R000600020002-5  Approved For Release 2005/07/13 : CIA-RDP77M00144R000600020002-5 In sum, this Agency recognizes a degree of importance of tax data to a foreign intelligence organization in specific cases. We feel, however, that a judgment as to the sensitivity of tax data overall is a matter for the Internal Revenue Service to decide and we offer no comment in that regard. Sincerely, George L. Cary Legislative Counsel Distribution: Orig . - Addressee I - DA OLC/Subj. STAT I - OLC Chrono OLC/PLC/dlw X31 Oct. 19715) 2 Approved For Release 2005/07/13 : CIA-RDP77M00144R000600020002-5  1. IG L12 v LC L101 GC INFO 8 D/DCI/IC 13.1 -4 Compt D/Pers 18 19 AO/ DCI 20 2 22 SUSPENSE Remarks: ,grovel Fob. 2 1 e 2 fl f1.3` -1 Qf ;7 E~ S1i ACTION DDS&T DDO 20002-5  ~1ive Registry proved For Release 2005/07/13 : CIA-RDP77M00144R00060002000~2~' UNITED STATES GENERAL ACCOUNTING OFFICE ~2 j- C. 7 S7,,-) WASHINGTON, D.C. 20548 LOGISTICS AND COMMUNICATIONS DIVISION -The Honorable William Colby Director, Central Intelligence Agency Washington, D.C. 20505 Attention: office of Legislative Counsel STAT Dear Mr. Colby: In a recent telephone conversation with STAT we informed him that we are conducting an evaluation o the computer and communication security proposed for the Internal Revenue Service's new Tax Administration System (TAS). We asked him whether the CIA had encountered any cases where electronic interception techniques had been employed to acquire and compromise data that was proprietary or con- fidential--but not of a National Security or defense nature. uggested that it might be desireable to submit a forma request for the information, in order to obtain an official CIA response. TAS will be designed as a transaction or application system employing a decentralized data base at each of 10 service centers. The service centers will be interconnected by a data communication network with a switching center located at Martinsburg, West Virginia. Remote terminals will be located at the various regions, district and field offices. All communication will employ dedicated lines. The current IRS position is that the threat to individual or corporate tax information does not warrant the cost to encrypt the data communications or to protect against electro- magnetic radiation from the CRT terminals. Conversely, OMB feels it necessary to encrypt the data communications between service centers for compliance with the Privacy Act of 1974. In order for us to make a judgement in this area, we have discussed network vulnerabilities with NSA and the domestic threat with the FBI. We would like to have your agency's opinion as to the following: 1. Is there a realistic threat, foreign or domestic, to taxpayer data? OCT 6 1975 Approved For Release 2005/07/13 : CIA-RDP77M00144R000600020002-5  Approved For Release 2005/07/13 : CIA-RDP77M00144R000600020002-5 2. Is there any case history of wire tapping or electro- magnetic interception of data communications within the U.S. where a foreign government or private source was involved? If yes, did any intercept(s) involve information that was of a proprietary, private or confidential, but not National Security, nature? 3. Considering all factors including cost, risk assessment, etc., would your agency consider encryption of communication links and radiation protection necessary for taxpayer data? We would appreciate your assistance in this matter. Sincerely yours, r~J~1i D6nald L. Eir ch Associate Director ::,;,oaf Approved For Release 2005/07/13 : CIA-RDP77M00144R000600020002-5  Apps oved'For Release 20050/33 ,~WDPgrM00144R000600020002-5 . w N F, m 6 ;, o 00 t:J ;u ti S- CD - C) En CD Q9 o y m m N CD P Approved For Release 2005/07/13 : CIA- C 0 C U) Z .-{ -I > 0 1) F) m  STAT Approved For Release 2005/07/13 : CIA-RDP77M00144R000600020002-5 Next 2 Page(s) In Document Exempt Approved For Release 2005/07/13 : CIA-RDP77M00144R000600020002-5