LETTER TO MR. RANDY McINTOSH

.........?-' pproved For Release 2Qi1/05/23 : CIA-RDP84-00933R0004000W010-8 Mr. Randy McIntosh Box 2400 - L1well Bloomsburg State College Bloomsburg, Pa. 17815 Dear Mr. McIntosh: Thank you for your interest in CIA and our use of com- puters. Your assumption that CIA relies heavily on. computers is correct. Naturally, security prevents us from discussing any particular application in detail, othe than routine administrative functions. However, we can state that the computer is an invaluable and highly powerful tool in collect- ing, analyzing, and producing intelligence. I have enclosed some material which you may find useful in your study of computers and how they are used. The dangers associated with the use of computers have been the subject of numerous studies. For example, Senator Ribicoff reported to the H.S. Senate on a preliminary staff investigation concerning problems associated with computer applications in Federal programs. The investigation placed special focus on the capability of the executive branch to secure its computer systems against compromise, unauthorized access, and physical damage. His report is recorded in the Congressional Record of February 2, 1977, Vol. 123, No. 19. A quote from this report may give you the CIA view on computer security that you are looking for, i.e., page 8, paragraphs 9 and 10. "Owing to their national security mission and the fact that this mission leads them to think in terms of securing an installation as well as attesting to the suitability of those who work there, the defense and intelligence communities have more experience in safe- guarding their own ADP systems. CIA spokesmen, for example, told the committee staff that they operate on the assumption that, first, a computer system can be penetrated, and, second, that an attempt will be made to penetrate it.Ixerefore, the CIA spokesmen said, they try to design and manage their computer systems in a way that makes a single compromise of less impact. Defense Department spokesmen gave the committee staff similar information. Approved For Release 2001/05/23 : CIA-RDP84-00933R000400010010-8  . pproved For Release 2Q1/05/23: CIA-RDP84-00933R000400040010-8 ATINTL D/DCI/PAO, 1F-04, Hq. TATINTL "CIA Director George Lush, in the statement he gave to the committee, said he did not think his organization should serve as a model for other Federal agencies in the computer security field. The committee staff agrees. But it is the staff's view that, in light of the potential for criminal compromise in the computer field, the fundamental principal defense and intel- ligence gathering agencies adhere to--that every system is able to be compromised; and that, therefore, an attempt will be made to achieve that compromise--has value throughout the executive branch. It is a principal all Government ADP officials should keep in mind when they set out to design, purchase, operate and manage their own non-defense computer programs.' A more comprehensive study of computer abuses is con- tained in "Problems Associated With Computer Technology in Federal Programs and Private Industry," prepared by the Committee on Government Operations, United States Senate, dated June 1976, U.S. Government Printing Office Publication No. 72-5380 (sale price $3.95). I have enclosed a copy of this document's Table of Contents for your reference. Another publication you might find of interest is "The Rules and Regulations for Access to the Systems of Records of the Central Intelligence Agency Subject to the Privacy Act of 1974." These rules and a description of the CIA files they apply to are contained in pages 48050 through 48074, and pages 48269 through 48271 of The Federal Register, Vol. 42, No. 184, Thursday, September 22, 1 F.'1his publi- cation makes it clear that the CIA is subject to and is complying with the Federal law that protects U.S. citizens and resident aliens from a misuse of personal data by Federal agencies. Again, thank you for your interest in CIA. I hope the reply is helpful and wish you success in your studies. Sincerely, Att a/s Distribution: Orig - 1 - ODP Registry 2 - O/D/ODP O/D/ODP M:ee/12-15-77 Approved For /05/23: CIA-RDP84-00933R000400010010-8  STATINTL FROM 0/DCI/PAO Approve 400010010-8 RP~- Ieas~'O l 3 : CIA-RDP 4~?~R00 REPLACES FORM 36-8 RFR 55 2 A " q 1 WHICH MAY BE USED. (47) P2 MITT D~ RDP84-00933RD AL SL TRANS 6~ec7~ Executive Officer, ODP ROOM NO. BUILDING 2D00 REMARKS: Attached is a letter we have receive asking for information and pamphlets in the computer field. Would you please draft a reply for me and enclose the appropriate material if any is available. Thank you.  Approved For Releas O01/05/23: CIA-RDP84-00933R0004OW10010-8 Ct~, (:c 1: ,~.LC .Q4Lt) CU? C+ C} d~.