NSA Style Manual
National Security Agency (NSA) SIGINT Reporter’s Style and Usage Manual, 2010.
National Security Agency (NSA) SIGINT Reporter’s Style and Usage Manual, 2010.
What about this document struck you as noteworthy, Bruce? A quick skim makes it look like the very definition of mundane.
George • June 23, 2011 2:20 PM
Perhaps the very fact that a style manual is “For Official Use Only” is noteworthy? And the entries are in alphabetical order, which might allow someone to infer the title of a redacted entry (although the ones I noticed had only the discussion redacted, not the titles).
Michael • June 23, 2011 2:20 PM
It’s a decent and clear style manual.
Some of the specifics are amusing. Why, for example, do they note that “amok” (and its variant, “amuck”) is a Malay word? And why is this particular word forbidden?
Archon607 • June 23, 2011 2:22 PM
If you wast to forge a SIGINT report, now you know the format, Jack
The extreme thoroughness of it suggests to me that it is primarily aimed at non-native English speakers. About half the entries seem like typical style issues and mistakes that even native speakers might make, but the other half are so ingrained in native speakers that I have a hard time believing they would be necessary.
I think the real point of the exercise, however, is to unify styles to the point of masking the source of individual reports.
Well, compare to:
Jump to page, say 313….
Not too different.
Henning Makholm • June 23, 2011 4:39 PM
@M: “I think the real point of the exercise, however, is to unify styles to the point of masking the source of individual reports.”
If so, they are doing a rather bad job of standardizing. See, for example, this wishy-washy entry for ‘proved/proven’:
“As a general rule, use proved for the past participle and proven for the adjective. Both forms are acceptable in either situation, but the general rule shows the more common use.”
I’m amazed at how thoroughly reasonable most of the entries are, given the document’s supposed origin at a three-letter spook/bureaucrat agency.
Richard Steven Hack • June 23, 2011 6:38 PM
Off-topic and much more interesting:
Somebody Doesn’t Like Krebs on Security
F-Secure has been tracking references to prominent security experts in malware.
Perhaps Bruce should list the known cases of his own name being referenced. If he isn’t aware of any, perhaps he should check. I can’t believe he isn’t on someone’s list.
Dirk Praet • June 23, 2011 6:49 PM
“The extreme thoroughness of it suggests to me that it is primarily aimed at non-native English speakers”
Not necessarily. Good (technical) writers are scarce, and it makes sense that an agency like the NSA doesn’t want to be embarassed too often for publishing reports that look like they’ve been written by 12 year-olds. Style does matter, and you’d be surprised just how many poorly written academic papers you can find even from the hand of native English speakers. For even worse fails you need to go to France or Greece. It’s just flabbergasting to which extent the average citizen over there is utterly incapable to get his/her spelling and grammar to even secondary school level.
Albert J. • June 23, 2011 7:26 PM
When I worked for a Fortune 100 manufacturer as a software engineer, we had an almost-identical company stylebook. If anything, the document reveals NSA as just another organization struggling with the same challenge: smart people who can’t write clearly.
Richard Steven Hack • June 23, 2011 7:32 PM
Oh, I LOVE this one!
LulzSec releases Arizona law enforcement data
Arizona is one of the more egregious fascist states in the US, especially due to one Sheriff Joe Arpaio, one of the world’s true redneck scumbags.
This gives me the same feeling I had when watching “The Usual Suspects” and hearing Verbal explain the outcome of the robbery targeting New York’s Finest Taxi Service, corrupt NYPD police officers who escort smugglers to their destinations around the city. Fifty corrupt cops go down as a result.
“It was beautiful”, he says.
Richard Steven Hack • June 23, 2011 7:40 PM
Took me a while to find a link, given the meaningless of the name, typical of Lulzsec. 🙂
##################### CHINGA LA MIGRA BULLETIN #1 6/23/2011 ####################
We are releasing hundreds of private intelligence bulletins, training manuals, personal email correspondence, names, phone numbers, addresses and passwords belonging to Arizona law enforcement. We are targeting AZDPS specifically because we are against SB1070 and the racial profiling anti-immigrant police
state that is Arizona.
The documents classified as “law enforcement sensitive”, “not for public distribution”, and “for official use only” are primarily related to border
patrol and counter-terrorism operations and describe the use of informants to infiltrate various gangs, cartels, motorcycle clubs, Nazi groups, and protest movements.
Every week we plan on releasing more classified documents and embarassing personal details of military and law enforcement in an effort not just to reveal their racist and corrupt nature but to purposefully sabotage their efforts to terrorize communities fighting an unjust “war on drugs”.
Hackers of the world are uniting and taking direct action against our common oppressors – the government, corporations, police, and militaries of the world.
See you again real soon! ;D
Richard Steven Hack • June 23, 2011 8:11 PM
To hijack the thread again (sorry), from Cory Doctorow at BoingBoing:
Danish police proposal: Ban anonymous Internet use
How long before the DoJ and DHS start pushing this?
My California State Non-Drivers ID expired four years ago and I’ve failed to replace it due to laziness, since even my bank only requires my bank card to identify myself in person. Only an apartment building I visited while going to a client required an unexpired drivers card (the client vouched for me, so I got in.) And I know I can’t get into the nearby Federal building without an unexpired card.
So eventually I may have to get a new card just to use the Internet? Will ISPs really want to “authenticate” their users? Will the neighborhood WiFi cafe?
Are we heading for the Shadowrun RPG game “SIN” (System Identification Number”) to replace the SSN? And what happens, as in the game, to the “SINless”?
Richard Steven Hack • June 23, 2011 8:46 PM
Browsing over the Arizona data dump, I immediately noticed this: Cyber-Security Toolbox Edition 3, a PDF of 35 pages listing the following topics:
Encrypt an e-mail message in Microsoft Office Outlook 2007
Use Safe Access File Exchange (SAFE) to Securely Exchange Large Files
Use Encryption Wizard (EW) to Secure Your Files
JavaScrypt: Browser-Based Cryptography
Pretty Good Privacy (PGP)
Create a Secure Computing Environment with Lightweight Portable Security
TrueCrypt – Free open-source disk encryption software
Install Anti-Virus Software on Your Home Computer
Participate in IA Education, Training and Awareness Programs
Use Your DoD CAC At Home
Use the Password Function in Microsoft Office to Protect Your Documents
Use a Secure Erase Utility to Destroy Electronic Data
Use Strong Passwords
Store Your Passwords in a Password Safe
Protect Data-At-Rest (DAR) – Enable Microsoft Encrypting File System
United States Postal Service Electronic Postmark
Use AKO/DKO IM & Chat
Enable Secure Logon (CTRL+ALT+DELETE )
Cellular Telephones and PDAs
Vumber – Virtual Phone Number
Whisper Systems (Encrypted voice and texts for your Android Smartphone)
Google Encrypted Search
Google Account 2-step verification
Temporary / Disposable E-mail Addresses
EPIC Online Guide to Practical Privacy Tools
NIST Computer Security Division – Computer Security Resource Center
US CERT Cyber Security Tips
NSA – CSS Cyber Security Factsheets
Nice list of some basic security measures.
Apparently wasn’t enough to keep Lulzsec out. 🙂
Another interesting one I just found: 09-002 cell phones.pdf This is a PDF with a “Hazard to Officer” title which refers to undercover officers using blocked cell phones being at risk from the use of a service called “TrapCall” which “allows blocked and restricted calls to be unblocked without the caller’s knowledge. This new technology reveals caller ID information on your cell phone. TrapCall also has premium packages that have added features, which include recording incoming calls, voicemail transcriptions, showing Caller ID actual name and addresses and more.”
Then there’s this fun in 09-062 Bayer Asprin Mailer.pdf:
“Between May 20th and May 29th, 2009 there will be a nationwide mass mailing of 178,000
envelopes from the Bayer Aspirin Company. Approximately 33,561 of these envelopes will
contain a sample of Bayer Aspirin Crystals, which is a white powder. Police Departments,
Fire Department HAZMAT units, and hospitals should be aware of these mailings and the potential to present as “white powder” calls.”
This was amusing: “FedEx Tractor Trailer Possibly Used for Alien Smuggling” – with pictures of the license plates.
This looks interesting: “(U) STAC Bulletin: Threat of Gang Infiltration to Law Enforcement Agencies”.
The ACLU Report on “Driving While Black or Brown” PDF is included which reports:
Arizona Department of Public Safety Officers made more than 500,000 stops between July 1, 2006 and June 30, 2007. Just under 200,000 stops were made on Arizona’s interstate highways during this period.
Of those 200,000 interstate highway stops, approximately 13,271 resulted in searches.
African Americans and Hispanics stopped by DPS officers were more likely than whites to be searched on all major highways included in this analysis. Native Americans and persons of Middle Eastern descent also were more likely than whites to be searched on most highways.
On average, Native Americans stopped by DPS officers were 3.25 times more likely to be searched than whites stopped by DPS officers.
African Americans and Hispanics were each 2.5 times more likely than whites to be searched by DPS.
Higher search rates for minorities were not justified by higher rates of transporting contraband. In fact, on average, whites were more likely to be carrying contraband than Native Americans, Middle Easterners, Hispanics and Asians on all major Arizona highways. African Americans were at least twice as likely as whites to be searched on all six interstate segments, despite the fact that the rate of contraband seizures for African Americans and whites was similar.
Minorities, including African Americans, Hispanics and Middle Easterners, were consistently stopped for longer periods of time than whites traveling on all interstate highways in Arizona.
In sum, this report concludes that DPS officers treated persons from different racial and ethnic groups unequally between July 2006 and June 2007. Minorities were more likely than whites to be searched and stopped for longer periods of time. This unequal treatment was not justified by higher contraband seizure rates from minority motorists.
There’s tons more stuff in this 464MB data dump that I’m sure will provide hours of fun and a few news stories.
Richard Steven Hack • June 23, 2011 9:22 PM
The FBI stole an Instapaper server in an unrelated raid
Apparently the Fumbling Bunch of Morons believe that any server in the vicinity in a data center is fair game.
Reminds me of the time GURPS got raided for their Cyberpunk RPG being a “hacker training manual”. Apparently the FBI aren’t any smarter these days.
Or perhaps that’s a deliberate policy for intelligence gathering purposes? Just grab servers under any pretext, copy the data, then feign ignorance?
Richard Steven Hack • June 23, 2011 9:24 PM
What could possibly go wrong with this idea?
Card.io Lets You Pay on Mobile by Holding a Credit Card Up to the Phone
With card.io, you simply hold your credit card up to the phone. The software then “sees” the card information using the phone’s camera and the payment is processed. No typing required!
To get the technology into the hands of those who need it most, card.io is targeting iOS developers at launch, specifically those in the e-commerce, local, ticketing, travel and daily deals space.
Hackers of the world will thank you…
Richard Steven Hack • June 23, 2011 9:38 PM
I love my meme… 🙂
Title speaks for itself.
Survey: 90% of Companies Say They’ve Been Hacked
Every intelligence agency has a style manual. Hell, every government agency has a style manual. At least one, if not more. Why? Uniformity. Perpetuation of “best practices”. And because a lot of people in the IC are, sadly, barely literate, and shouldn’t be allowed near a keyboard without adult supervision.
For points of comparison, look at the DHS ‘House Style Guide’ (http://www.slugsite.com/archives/393), ‘The Analyst’s Style Guide’ published by Mercyhurst College, and/or James Major’s ‘Writing Classified and Unclassified Papers for National Security’, which includes an extensive style guide. (Also Major’s ‘Communicating With Intelligence’, which includes his DIA textbook ‘Writing With Intelligence’, which itself contains, yes… a style guide.)
BF Skinner • June 24, 2011 8:27 AM
RSH. Cut back on the coffee man! You’ll begin hallucinating.
What I’m not seeing in the style guide is NSA workers always wear polo shirts, chino’s and dockers.
What are they prepies from the 80s?
Robert in San Diego • June 24, 2011 10:39 AM
A style guide! Every specialized organization should have one, or an appendix to a third-party one, so they can memorialize standard rules, like identifying those pesky acronyms at least during first reference. I am sure everyone else who’s worked in an office setting has routinely heard queries asking “How do you spell [insert word here]?” or “What’s the word for [insert concept here]?”
Encouraging writing staff to discontinue using adjectives like “pesky” helps too. I’m sure there’s a large number of on-line vocabulary enthusiasts who groan when such homonyms as “cite; sight; site” and “rain; reign; rein” get mixed together.
My first paying task with a computer was consolidating three separate acronym guides into one printout. This was back in 1983 or so, on an Apple IIe, using the original AppleWorks package. I remember one of the acronym glossaries was far more “slangy” than the others, including SNAFU (Situation Normal, All Fouled Up) and JANFU (Joint Army-Navy Foul Up). There are some things you want to define, but whose use an editor wouldn’t want to perpetuate.
I’ll close by noting, with some amusement, the organic spell checker in this web browser accepted SNAFU just fine, but did a red underline for JANFU.
Robert in San Diego • June 24, 2011 10:48 AM
Yeah, this would be “For Official Use Only.” I’m not sure one would want to use a government agency style guide to set the tone for a passionate Valentine’s Day greeting.
However, I recently worked, temporarily, in a telephone customer support position for an online florist. We were assumed to have mastery of basic grammar and spelling, as they’d screened for that in the hiring process. Even so, they did send out reminders about the proper ways to spell, capitalize, and punctuate “Valentine’s Day,” “Mother’s Day,” and “Father’s Day.”
And where customers did the messages on their own, some could have used some touch-ups. I believe many were setting up their orders on their internet-connected phones. And others weren’t checking their CAPS LOCK keys and lights.
Jason T. Miller • June 24, 2011 3:31 PM
Annoyingly, the “complete entry for comma” alluded to on p. 41 appears to be missing from the release, leading me to suspect a vast punctuational conspiracy at the highest levels, and leaving me to infer from the reasonable supposition that the style guide, where appropriate, conforms with itself, that the NSA indeed advocates the inclusion of serial commas in SIGINT — and rightly so: “We subsequently learned that the subject regularly met with at least two known prostitutes, a former US ambassador to the Netherlands and one of our own agents.”
I’m very, very tempted to file a “follow-up” request; at the very least, this could brighten the day of some anonymous NSA copy-editor.
vanilla • June 24, 2011 7:23 PM
Now this was downright fun. I was glad to learn that I did not need to send in my $26.50. Thanks, attic …
I am an old lady from the old school who spent 26 years in fed gov service where acronyms were indispensable if one wished to cut down on the number of pages used when printing. Memorizing acronyms was essential.
Alas, I lament the modern usage of ‘a’ instead of ‘an’ with words that begin with an ‘h’ … so many of them are meant to be silent, you know … (g)
Thanks for the lark … van
George • June 25, 2011 12:20 PM
“(U) Bureaucratese speaks in passive voice and buzzwords, and it carefully avoids assigning responsibility for any action or decision. It will bore or put to sleep most readers. Don’t use it unless you have no other way to communicate. ”
I’m surprised this is Unclassified and not redacted. Bureaucratese would seem to be the best and most effective weapon against any enemy. What better way to neutralize, say, a terrorist than to bore or put him to sleep?
Al Dorman • June 29, 2011 12:55 PM
Anyone have a definition for “PDOG” — it was redacted…
@ Dirk Praet:
” (“The extreme thoroughness of it suggests to me that it is primarily aimed at non-native English speakers”)
“Not necessarily. Good (technical) writers are scarce, and it makes sense that an agency like the NSA doesn’t want to be embarassed too often for publishing reports that look like they’ve been written by 12 year-olds. Style does matter, and you’d be surprised just how many poorly written academic papers you can find even from the hand of native English speakers.”
In the US, the quality of public schools has declined steadily over the past half-century or so, especially in the crucial basics of English and math, as measured by standardized test scores. Students are no longer taught the parts of speech, how to parse a sentence, conjugate verbs — even adverbs are disappearing real quick.
(that was a joke – “really quickly”, but you often hear the other, illustrating the point)
So, it’s not just good tech writers; good native-US writers are sorely lacking in general — and especially in journalism.
No Gov agency should be embarrassed by reports prepared by illiterates, but were the schools to do their job properly (subjunctive tense, also disappearing), these style guides would be less necessary. They’re still common at upscale magazines and newspapers, for uniformity, and I agree that it might make it harder to ID the writer. Someone developed sw that can compare posts across the Net and help to ID those written by the same person.
I notice thousands of errors here, but we have commenters from all over the world, and we all make typos. Not the same as a professional paper, tech manual, intel report, etc.
Satire lamenting the decline of these skills:
(A few commenters missed the point entirely.)
p. s. This writer, former spelling-bee winner, and OCD grammar-geek, is open to requests to proofread anyone’s work, on mutually-agreeable terms. To contact, click the signature below and find the email-revealing reCaptcha right after the copyright notice of the posted work on the landing page.
Joe • July 22, 2011 3:13 PM
How refreshing to see a style manual formally bucking the spurious “avoid the passive voice” rule (p. 4): “While the active voice tends to be shorter and more direct, there are good reasons to use the passive voice. Do not use a hard-and-fast rule (‘Avoid the passive voice’) but consider each case carefully before deciding which to use.”
Subscribe to comments on this entry
Sidebar photo of Bruce Schneier by Joe MacInnis.
Leave a comment