The White House, National Security Decision Directive 145 (NSDD-145): National Policy on Telecommunications and Automated Information Systems Security (Sept. 1984) (full-text).
NSDD-145 provided initial objectives, policies, and an organizational structure to guide the conduct of federal activities toward "safeguarding systems which process or communicate sensitive information from hostile exploitation," established a high-level interagency group to implement the new policy. It gave leading roles to the National Security Council, DoD, and NSA. These roles include defining what information to protect, deciding on the appropriate technology for safeguarding unclassified information, developing technical standards, and assisting civilian agencies in determining the vulnerabilities of systems to misuse.
One result of NSDD-145 was to authorize NSA to develop information safeguards for Government agencies to protect unclassified information. In effect, this meant that responsibility for certifying DES as a national standard and other safeguard technologies was transferred from the National Bureau of Standards to NSA.
NSDD-145 raised numerous questions from critics in other Government agencies as well as from civilian sources, some of which relate to the broader issues mentioned above. They include concern for:
- intermingling defense and civilian matters;
- public access to Government information;
- the legislated responsibility of NBS to develop computer standards for the Federal Government under the Brooks Act of 1965, as amended;
- private sector development and use of safeguard technology;
- and expanding the responsibilities of NSA in civilian matters, particularly in light of the conflict of interest between its intelligence mission and commercial needs, and its lack of direct public accountability.
The level of public concern was elevated further with the release by the National Security Council in October 1986 of a policy statement defining what information is sensitive and therefore possibly in need of safeguarding. The release coincided with well-publicized Government activities aimed at identifying and possibly restricting access by selected foreign governments to unclassified, but sensitive data in Government and commercial databases. As a result, the issue of Government restrictions on public access to unclassified information, whether or not in Government systems, became a public concern. The statement, though rescinded in early 1987, caused public alarm that illustrated the extent of sensitivities among diverse organizations concerning controls on unclassified information.
These efforts raised such a protest from scientific and civil liberties organizations and the business community that the directive was rescinded during the course of congressional hearings in 1987 and NSDD-145 itself was put under review.
In 1990, National Security Directive 42 replaced National Security Decision Directive (NSDD) 145, except for ongoing telecommunications protection activities mandated by NSDD-145 and Presidential Directive 24.