DEPARTMENT OF THE NAVY NAVAL AIR SYSTEMS COMMAND
RADM WILLIAM A. MOFFETT BUILDING 47123 BUSE ROAD, BLDG 2272
PATUXENT RIVER, MARYLAND 20670·1547 JN RePL Y REFER TO
5510 Ser AIR-7.4/14016 22 April 2014
MEMORANDUM
From: Director, Security and Continuity of Operations Planning (COOP)
Subj: AMPLIFYING SANITIZATION GUIDANCE FOR DISCLOSURE OF TECHNICAL DOCUMENTATION TO FOREIGN ENTITIES
Ref:
Encl:
(a) NAVAIR INSTRUCTION 5510.38, "Naval Air Systems Command National Security Program"
(b) SECNAVINST 5510.34A, "Disclosure of Classified Military Information and Controlled Unclassified Information to Foreign Governments, International Organizations and Foreign Representatives"
(c) Navy Foreign Disclosure Manual (d) National Security Agency Guidance, "Redacting with
Confidence: How to Safely Publish Sanitized Reports Converted From Word 2007 to PDF," 18 Mar 08
(e) National Security Agency Guidance, "Redaction of PDF Files Using Adobe Acrobat Professional X," (undated)
(1) Definitions (2) Example of a Document Being Sanitized (3) Example of a Sanitized Document
1. Purpose. Provide Naval Air Systems Command (NAVAIR) guidance for sanitizing Controlled Unclassified Information (CUI) presented for release to foreign entities in support of research, technology development, foreign military sales, training, long term support and U.S. weapon system acquisition from foreign sources. This guidance will be incorporated into reference (a) during the next review and update cycle.
2. Supersession. This guidance supersedes NAVAIR International Programs Office Policy 05-02.
3. Scope and Applicability. This guidance applies to all NAVAIR sites, which includes NAVAIR Headquarters (NAVAIRHQ), Competencies, Program Executive Officers (PEOs), Program Managers, AIR (PMAs), subordinate commands, and field activities.
Subj: AMPLIFYING SANITIZATION GUIDANCE FOR DISCLOSURE OF TECHNICAL DOCUMENTATION TO FOREIGN ENTITIES
a. Reference (a) implements DON policy within NAVAIR and establishes the requirement to sanitize CUI, in all forms, prior to release to a foreign entity.
b. Release of CUI to a foreign entity must be approved by a Designated Disclosure Authority (DDA) . NAVAIR personnel managing Foreign Military Sales (FMS) cases are granted limited authority to release CUI that has been previously approved for release by a DDA.
4. Definitions. Refer to enclosure (1) for a list of terms and their definitions.
5. Guidance. It is a basic tenet of NAVAIR to cooperate with International Purchasers to the fullest extent possible in the acquisition and follow-on support of U.S. Navy weapons systems. Technical data sanitization through the redaction or removal of nonapplicable information ensures the foreign entity receives that information needed to operate and maintain the procured weapons system._ International manufacturers have the desire and ability to deliver technologically advanced military equipment to NAVAIR at competitive prices. Sanitization through the redaction or removal of non-applicable information ensures they receive that information needed to submit technically acceptable proposals during the source selection process and during development, production and lifetime support.
a. Requests received from foreign entities for disclosure of technical documentation must be closely reviewed to limit the transfer of information to that which is authorized and necessary to accomplish their goals.
b. References (b) and (c) provide overarching procedures for sanitization while references (d), located at www.nsa.gov/ia/ files/suooorVi733-028r-2008.pdf, and (e), located at www.nsa.gov/ia/ files/v!echrep/i73 025r 2011.pdf, provide detailed procedures for publishing sanitized documents.
c. Information shall be removed or redacted in such a manner as to prevent reconstruction by the recipient. Enclosures (2) and (3) are provided to assist personnel through the sanitization process.
d. As discussed in reference (c), tactical and procedural manuals developed for U.S. fleet operations are often of great interest to foreign governments. Manuals can be comprehensive in nature and include sensitive information intended for U.S. only.
2
Subj: AMPLIFYING SANITIZATION GUIDANCE FOR DISCLOSURE OF TECHNICAL DOCUMENTATION TO FOREIGN ENTITIES
While the originators of these manuals are encouraged to avoid creating documents that are difficult or impractical to sanitize, FMS Case Managers bear a responsibility in verifying the information proposed for release has been previously approved for the foreign entity.
6. Responsibilities.
a. AIR-7.4.1.4 will coordinate with AIR-2.0 to sanitize technical data and statements of work during the pre-solicitation phase of contract awards with or involving foreign entities.
b. AIR-6.8 will develop and maintain a Standard Work Package that details procedures for sanitizing technical data proposed for release to NAVAIR Foreign Military Sales customers and Cooperative Program partners.
c. AIR-1.4/6.8/7.4 will develop and maintain training to ensure USG and USG contractor personnel understand sanitization requirements and procedures.
d. FMS Case Managers will verify information proposed for release has been previously approved by a DDA or, if not, will coordinate a review with a cognizant DDA.
e. NAVAIR Competency, PEO/PMA, subordinate command, and field activity personnel preparing or reviewing technical information proposed for release to a foreign entity will become familiar with and follow this guidance and associated procedures.
7. Questions. My point of contact for this guidance is Mr. Mitch Hamrick, Senior NAVAIR Foreign Disclosure Official who can be reached at (301) 757-2138.
Q)~ft~ DAVID H. ATCHISON
Distribution: AIR-1.0/2.0/4.0/5.0/6.0/7.0 PEO-A/T/U&W NAWCAD NAWCWD COMFRC
3
Page 1 of 3 Enclosure (1)
DEFINITIONS
1. Casual Mention. Unclassified references to weapons or
systems that are not in the receiving government’s inventory
that do not reveal performance parameters, system
vulnerabilities, specific variants released to other foreign
countries, and do not violate any DON or DoD policies
concerning the mentioned weapon or system.
2. Classified Military Information (CMI). Information originated
by or for the Department of Defense or its Agencies or is under
their jurisdiction or control and that requires protection in
the interests of national security. It is designated TOP SECRET,
SECRET, or CONFIDENTIAL, as described in Executive Order (E.O.)
12356. Classified military information may be in oral, visual,
or material form and has been subdivided further into eight
categories described in DoD Directive 5230.11.
3. Controlled Unclassified Information (CUI). CUI is
unclassified information to which access or distribution
limitations have been applied in accordance with national laws,
policies, and regulations of the originating country. It
includes U.S. information that is determined to be exempt from
public disclosure in accordance with DoD Directives 5230.25 and
5400.07 or that is subject to export controls in accordance with
the International Traffic in Arms Regulations (ITAR).
4. Delegation of Disclosure Authority Letter (DDL). In
accordance with references DoD Directive 5230.11 and DoD
Directive 5230.25, the DDL is a letter issued by the appropriate
designated disclosure authority explaining classification
levels, categories, scope, and limitations of information under
a DoD Component's disclosure jurisdiction that may be disclosed
to a foreign recipient. It is used to delegate disclosure
authority to subordinate disclosure authorities.
5. Designated Disclosure Authority (DDA). An official, at
subordinate component level, designated by the Head of a DoD
Component or the Component's Principal Disclosure Authority to
control disclosures of classified military information by his or
her organization. Also known as a Foreign Disclosure Officer.
6. Document. Paper, film, transparency, electronic media or any
other medium that conveys technical data which is required for
the design, development, production, manufacture, assembly,
Page 2 of 3 Enclosure (1)
operation, repair, testing, maintenance or modification of
defense articles. This includes, but is not limited to,
information in the form of printed publications, reports,
blueprints, drawings, photographs, maps, plans, instructions,
correspondence, email, spreadsheets, tables, databases and
graphical slides, software code, and information embodied in
hardware.
7. False Impression. Intentionally or inadvertently indicating
to a foreign government or international organization the
willingness of the USG to enter into an agreement that would
involve the eventual disclosure of classified material,
technology, software or information as discussed in the Navy
Foreign Disclosure Manual.
8. Foreign Entity. Used to collectively describe individuals or
organizations to which USG information or technology may be
discussed or transferred. This includes foreign nationals,
foreign persons and foreign representatives.
9. Foreign National. A person who is not a citizen or national
of the United States.
10. Foreign Person. A natural person who is not a lawful
permanent resident as defined by 8 U.S.C. 1101 (a)(20), or who
is not a protected individual as defined by 8 U.S.C.
1324b(a)(3). It also means any foreign corporation, business
association, partnership, trust, society, or any other entity or
group that is not incorporated or organized to do business in
the U.S., as well as international organizations, foreign
governments and any agency or subdivision of foreign governments
(e.g., diplomatic missions).
11. Foreign Release. Sending or taking a defense article out of
the United States in any manner, except by mere travel outside
of the United States by a person whose personal knowledge
includes technical data; or, transferring registration, control
or ownership to a foreign person of any aircraft, vessel, or
satellite covered by the U.S. Munitions List, whether in the
United States or abroad; or, disclosing (including oral or
visual disclosure) or transferring in the United States any
defense article to an embassy, any agency or subdivision of a
foreign government (e.g. diplomatic missions); or, disclosing
(including oral or visual disclosure) or transferring technical
data to a foreign person, whether in the United States or
abroad; or, performing a defense service on behalf of, or for
Page 3 of 3 Enclosure (1)
the benefit of, a foreign person, whether in the United States
or abroad.
12. Foreign Representatives. Military, civilian or industry
personnel who may also be U.S. Citizens, U.S. Nationals or
Foreign Nationals that are employed by, under contract to, or
otherwise performing work on behalf of any current or potential
foreign government, international organization, or their
designated representatives.
13. Necessary. Prerequisites, or steps, that are required to
achieve a goal or complete an action.
14. Need-to-Know. Information is only provided to those
individuals that require the information to perform their
official duties. Under need-to-know restrictions, even if one
has all the necessary official approvals (such as a security
clearance) to access certain information, one would not be given
access to the information unless one has a specific need to
know; that is, access to the information must be necessary for
the conduct of one's official duties. As with most security
mechanisms, the aim is to make it difficult for unauthorized
access to occur, without inconveniencing legitimate access.
Need-to-know also aims to discourage "browsing" of sensitive
material by limiting access to the smallest possible number of
people.
15. Proprietary Information. Classified or unclassified
proprietary information, the rights to which are owned by
private firms or citizens (for example, patents, copyrights, or
trade secrets). Disclosure cannot be affected without the
owner’s consent unless such disclosure is authorized by relevant
legislation, and then release will be subject to such
legislation.
16. Technical Information. Knowledge, including scientific
knowledge, that is in communicable form and relates to research,
development, engineering, testing, evaluation, production,
operation, use, and maintenance of munitions (arms, ammunition,
and implements of war) and other military supplies and
equipment.
Page 1 of 3 Enclosure (2)
© 2013 FDE Solutions Corporation, Rev 10 Jan 2013, Used with FDES permission
3.3 VOICE COMMUNICATION SURVEILLANCE SYSTEMS.
3.3.1 Description. The mini-HELO UAS is capable of carrying a voice communication surveillance sensor capable of scanning and monitoring up to two voice conversations on a single selectable frequency spectrum. The frequencies monitored by the sensor include up to three (depending on the type of sensor installed on the UAS): (1) CDMA and analog cellular telephone frequencies; or (2) UHF hand-held clear radio-to-radio communications; or (3) cordless Digital Enhanced Cordless Telephone (DECT) telephone frequencies. Only one frequency spectrum can be monitored at a time, as selected by the operator. 3.3.2 Equipment Variants. There are three types of voice communication surveillance sensors that can be installed on the mini-HELO UAS. Each of these devices is built to MIL STD 899 that specifies the frequency range, scanning rate, and for cordless DECT transmissions, the frequency-hopping algorithm requirements for these sensor. The type of sensor installed on the UAS will be dependent on the frequency spectrum(s) of interest to the intelligence tasking authority. The location of the voice communication surveillance sensor as shown in Figure 3-9.
WARNING
Switching from one voice frequency spectrum to another significantly drains battery life from the mini-HELO battery and will shorten the
endurance (and potentially the range) of the air vehicle. Operators should avoid switching frequencies if at all possible.
3.3.2.1 Nokia Cell Interceptor. The Nokia sensor (like the other two sensors as well) The Motorola Airwave Capturer is designed to seek cellular telephone conversations originating by known cellular devices using either a 32-bit Electronic Serial Numbers (ESNs, an 11-digit number) or 56-bit Mobile Equipment IDentity numbers (MEID, an 18-digit identifier). Because the ESN or MEID are both automatically transmitted to the wireless network each time a cellular telephone is used, the location of the phone and its target user may be found and tracked. To find the target of interest, however, either the ESN (one out of 4 billion unique identifiers) or the MEID (one of 4 billion time 16 million unique numbers) must be known through other intelligence sources. The method of obtaining those identifiers and the number of identifiers that can be stored by the sensor are classified and can be found in the classified TRP for the mini-HELO UAS.
3.3.2.2 Motorola Airwave Capturer. The Motorola sensor relies on the same ESN and MEID identifying technologies outlined above. In addition, the Motorola sensor scans and captures clear (non-encrypted) voice communications being transmitted by short-distance UHF handheld radios (i.e., “walkie-talkies”). The Motorola sensor can intercept these UHF transmissions and determine the direction and distance from the transmitter from the signal strength of the transmission. The operator must select either Cellular or UHF when using this sensor. Only one frequency can be monitored at a time.
3.3.2.3 Panasonic Wave Tapper. The Panasonic sensor relies on both of the same technologies of the Nokia and Motorola sensors, but layers an additional capability to monitor DECT cordless telephone frequencies as well, including U.S., Coloria, and Directiona configurations and frequency spectrums. To monitor DECT, the detector must be programmed with the frequency-hopping spread spectrum algorithm since DECT cordless telephones hop frequencies to decrease interference and
Page 2 of 3 Enclosure (2)
© 2013 FDE Solutions Corporation, Rev 10 Jan 2013, Used with FDES permission
background noise during telephone conversations. Since the hopping is only “pseudorandom,” intelligence sources are capable of programming the system to intercept DECT conversations. Figure 3-9 mini-HELO Voice Communication Surveillance Sensor Location.
3.3.3 Operations. As specified in MIL STD 899, all Voice Communication Surveillance Sensors above 100 grams (0.22 lbs) must use a central controller configuration that is compatible with the Multi-Service Small UAS Ground Control System Operator Station (GCSOS).
3.3.3.1 GCSOS. The Ground Control System Operator Station consists of a ruggedized laptop computer that runs separate software to display sensor information being streamed by the mini-HELO encrypted data link (see Figure 3-10). The data link is capable of displaying full screen video only on the GCSOS, or the operator can split the screen to display video and the data from either the voice communications surveillance sensor, the IED magnetic field detector sensor, or the nuclear, biological, and chemical detector sensor.
Figure 3-10 GCSOS.
Page 3 of 3 Enclosure (2)
© 2013 FDE Solutions Corporation, Rev 10 Jan 2013, Used with FDES permission
NOTE: The GCSOS is not able to arm the mini-HELO’s high explosive payload. This can only be done from the UAS Flight Operator’s Air Vehicle Controller. 3.3.3.2 Voice Communications Surveillance Sensor Frequency Switching. Depending on whether the mini-HELO is equipped with a Nokia, Motorola, or Panasonic surveillance sensor, the The voice communication surveillance sensor may be turned to intercept communications in the cellular, or UHF, or DECT frequency ranges. Switching from one frequency to the other on the GCSOS (assuming the operator is running the voice communication sensor control software) is performed through the following keystroke combinations:
To select cellular: ALT + C To select UHF: ALT + U To select DECT: ALT + D
3.3.4 Controls and Indicators. There are no direct controls with regard to the voice communication surveillance sensor. The operator simply monitors the data being sent to the GCSOS for indications of activity. The GCSOS displays a frequency line and pointer display as it scans the spectrum that has been selected by the ALT key combination. Upon making contact, the display shows the exact frequency, the relative direction from the mini-HELO (derived from the GPS navigation system), and the range from the air vehicle in the UHF mode. The GCSOS is also capable of showing a flashing light yellow exclamation point display in the right side split screen when the voice communication surveillance sensor is selected (F7), and in the cellular mode (ALT + C) or DECT telephone mode (ALT + D), when a target of interest in the voice recognition database in the GCSOS has been identified. Pressing the ALT + R, then S on the keyboard will start recording the telephone conversation. Pressing E on the keyboard stops the recording. The ALT + R, then S and E combination may also be used to record UHF conversations, but the quality is generally insufficient to match to any voice files in the recognition database. This limitation is planned to be resolved in the next upgrade to the voice recognition software used in the GSCOS. 3.3.5 Intelligence Reporting and Recording Transmissions. See Intelligence Manual 3-02.45 or local operation intelligence order or plan for initial intelligence reporting and voice recording transmission procedures.
Page 1 of 3 Enclosure (3)
© 2013 FDE Solutions Corporation, Rev 10 Jan 2013, Used with FDES permission
3.3 VOICE COMMUNICATION SURVEILLANCE SYSTEMS.
3.3.1 Description. The mini-HELO UAS is capable of carrying a voice communication surveillance sensor capable of scanning and monitoring up to two voice conversations on a single selectable frequency spectrum. The frequencies monitored by the sensor include: (1) CDMA and analog cellular telephone frequencies or (2) UHF hand-held clear radio-to-radio communications. Only one frequency spectrum can be monitored at a time, as selected by the operator. 3.3.2 Equipment. The location of the voice communication surveillance sensor as shown in Figure 3-9.
WARNING
Switching from one voice frequency spectrum to another significantly drains battery life from the mini-HELO battery and will shorten the
endurance (and potentially the range) of the air vehicle. Operators should avoid switching frequencies if at all possible.
The Motorola Airwave Capturer is designed to seek cellular telephone conversations originating by known cellular devices using either a 32-bit Electronic Serial Numbers (ESNs, an 11-digit number) or 56-bit Mobile Equipment IDentity numbers (MEID, an 18-digit identifier). Because the ESN or MEID are both automatically transmitted to the wireless network each time a cellular telephone is used, the location of the phone and its target user may be found and tracked. To find the target of interest, however, either the ESN (one out of 4 billion unique identifiers) or the MEID (one of 4 billion time 16 million unique numbers) must be known through other intelligence sources. In addition, the Motorola sensor scans and captures clear (non-encrypted) voice communications being transmitted by short-distance UHF handheld radios (i.e., “walkie-talkies”). The Motorola sensor can intercept these UHF transmissions and determine the direction and distance from the transmitter from the signal strength of the transmission. The operator must select either Cellular or UHF when using this sensor. Only one frequency can be monitored at a time.
Page 2 of 3 Enclosure (3)
© 2013 FDE Solutions Corporation, Rev 10 Jan 2013, Used with FDES permission
Figure 3-9 mini-HELO Voice Communication Surveillance Sensor Location.
The Ground Control System Operator Station consists of a ruggedized laptop computer that runs separate software to display sensor information being streamed by the mini-HELO encrypted data link (see Figure 3-10). The data link is capable of displaying full screen video only on the GCSOS, or the operator can split the screen to display video and the data from either the voice communications surveillance sensor, the IED magnetic field detector sensor, or the biological and chemical detector sensor. Figure 3-10 GCSOS.
NOTE: The GCSOS is not able to arm the mini-HELO’s high explosive payload. This can only be done from the UAS Flight Operator’s Air Vehicle Controller. 3.3.3 Voice Communications Surveillance Sensor Frequency Switching. The voice communication surveillance sensor may be turned to intercept communications in the cellular or UHF frequency ranges. Switching from one frequency to the other on the GCSOS (assuming
Page 3 of 3 Enclosure (3)
© 2013 FDE Solutions Corporation, Rev 10 Jan 2013, Used with FDES permission
the operator is running the voice communication sensor control software) is performed through the following keystroke combinations:
To select cellular: ALT + C To select UHF: ALT + U
3.3.4 Controls and Indicators. There are no direct controls with regard to the voice communication surveillance sensor. The operator simply monitors the data being sent to the GCSOS for indications of activity. The GCSOS displays a frequency line and pointer display as it scans the spectrum that has been selected by the ALT key combination. Upon making contact, the display shows the exact frequency, the relative direction from the mini-HELO (derived from the GPS navigation system), and the range from the air vehicle in the UHF mode. The GCSOS is also capable of showing a flashing light yellow exclamation point display in the right side split screen when the voice communication surveillance sensor is selected (F7), and in the cellular mode (ALT + C) when a target of interest in the voice recognition database in the GCSOS has been identified. Pressing the ALT + R, then S on the keyboard will start recording the telephone conversation. Pressing E on the keyboard stops the recording. The ALT + R, then S and E combination may also be used to record UHF conversations, but the quality is generally insufficient to match to any voice files in the recognition database.