March 28, 2022

The phones of Ukrainian president Zelensky

Ever since Russia invaded Ukraine on February 24, Ukrainian president Zelensky bravely leads his country in the fight against the Russian armed forces. As in any war, communications are of vital importance here too.

Among Zelensky's communication systems are some interesting telephone sets, which he also uses for frequent phone calls to foreign leaders, while there are separate secure phones that function as a hotline with US president Biden.

Ukrainian president Zelensky making a phone call

Office of the President of Ukraine

In 2019, former actor and comedian Volodymyr Zelensky became the sixth president of Ukraine since the country's independence in 1991. As president he is supported by the Office of the President of Ukraine, or Presidential Administration, which is located in a massive office building on Bankova street in the center of the capital Kyiv.

The ceremonial residence of the Ukrainian president is the baroque Mariinskyi Palace, located in the Pechersk district of Kyiv. Other presidential residences include the House with Chimaeras and the House of the Weeping Widow, which are both in Art Nouveau style and are used for official visits by foreign representatives.

The building of the Office of the President of Ukraine on Bankova street
(photo: Håkan Henriksson/Wikimedia Commons - click to enlarge)

Two different offices

As president, Zelensky works in the building of the Presidential Administration, where he apparently has two offices, both richely decorated: one with green pilasters and a desk with a desktop and chair in green leather, the other office with wooden paneling and a desktop and chair in brown leather.

The function of these two offices is probably similar to those of the Russian president in the Kremlin, who has a very large and elaborate office for receiving foreign dignitaries and a somewhat smaller and a bit less ornate one for talks with domestic visitors and government officials.

Zelensky in his "brown" office at the Presidential Administration building, June 19, 2019.
(photo: Valentyn Ogirenko/Reuters - click to enlarge)

Phones large and small

Another similarity is the telephone system, which in the Kremlin consists of some old-fashioned white telephone sets without any buttons and somewhat newers models with key pads, as well as a large gray telephone device with numerous direct line buttons to government officials, lawmakers and heads of major companies.

The old white phones each connect to a separate network with only a select number of subscribers. They are a distinct feature of the Russian bureaucracy, but they can also be seen in the presidential offices of other countries that had been part of the former Soviet Union, like that of former president Nursultan Nazarbajev of Kazakhstan.

Dmitri Medvedev on his first day as Russian prime minister, May 8, 2012.
(photo: Russian government - click to enlarge)

A huge phone console

The eye-catcher in the office of the Ukrainian president is also an extremely large telephone, which is ivory-colored and has a rather small display, indicating that it may be over 20 years old.

The left part, next to the handset, has several function keys and direct line buttons, while the dialing pad is in the central black section, in which there's also a gold ornament that could be the trident from the Ukrainian coat of arms.

The right part of the phone is filled with 80 direct line buttons, so the president can make a call to almost anyone by pressing just a single button.

This phone console is most likely part of the internal telephone network of the Presidential Administration and can be used for all regular (non-secure) phone calls.

But as the phone is probably custom made it may also provide access to secure lines, just like the slightly smaller but still impressive telephone consoles of the US Defense Red Switch Network (DRSN).

In Zelensky's more recent video messages from his "green" office the huge white phone seems to have been removed, which is a bit strange as one of its functions is to symbolize the command and control authority of the president (update: meanwhile the white phone has been put back).

President Zelensky in his "green" office with the huge white telephone
(photo: Valentyn Ogirenko/Reuters - click to enlarge)

A phone without buttons

The Ukrainian president also has an old-fashioned telephone set without a key pad, similar to the ones used in the Kremlin. In Ukraine this phone is part of a special network that provides direct lines to a select group of top-level government officials, like the president, the prime minister and the speaker of the Verkhovna Rada, the Ukrainian parliament.

In November 2019, the young minister of the Cabinet of Ministers, Dmytro Dubilet, proposed to abandon this old Soviet phone system, which is managed by the State Service for Special Communications and Information Protection (SSSCIP), as it costs the state "literally billions of hryvnias" - at that time at least some 40 million US dollar.

Dubilet proposed that instead of these "ancient" secure landline phones, the leaders of the country should be given customized smartphones with a special app that encrypts voice and text communications with post-quantum cryptography algorithms. These phones should access the telephone network via secure wifi.

A phone of the dedicated network for the president of Ukraine
(photo: Telegraf - click to enlarge)

"It is more efficient to do peer-to-peer encryption (preferably without a transit server). We could encrypt data simultaneously with two algorithms (for example, Ukrainian Kalyna and foreign AES), which guarantees confidentiality even if one of the two is compromised" - according to Dubilet, who said that the old system could be left behind for military communications.

Dubilet continued: "Why do you need to issue special smartphones and not install an app on ordinary ones? To rule out hardware-level hacking as well as infection through other applications. [...] It's no secret that now top politicians mainly use standard messengers for their communication (including sensitive topics). Such [a secure] application could be an alternative to at least WhatsApp / Telegram."

It's not clear whether Dubilet's proposal has been realized, but in 2020, the SSSCIP began modernizing the government's communications system. This included expanding the functionality of the National Telecommunication Network (NTN) to "ensure the integration of existing special communication systems and unification of secure electronic communications of various government agencies in the general security circuit using modern digital technologies."

Oleksandr Potiy from the SSSCIP with at least six phones
for dedicated networks, November 13, 2020
(photo: Instagram - click to enlarge)

Videoconferencing systems

Already in 2016, the SSSCIP had developed a new system of secure videoconferencing. When he tested this new system, former president Petro Poroshenko explained:
"In late 2013 and early 2014, the situation was terrible. We had completely Russian software. We had completely open access of the aggressor country to all our state secrets and, in fact, from scratch, we had to develop technical and software tools for protecting information, to provide a radical re-equipment and reboot of confidential communication systems."

Current president Volodymyr Zelensky uses both a commercial Cisco DX80 videoconferencing system and the custom-made secure one, which includes quite bulky equipment, indicating that it is TEMPEST-shielded to prevent electromagnetic emanations:

President Zelensky using the secure videoconferencing system, May 12, 2020.
(photo: Presidential Administration - click to enlarge)

Addressing foreign parliaments

Another kind of videoconferences are the virtual addresses to foreign parliaments which Zelensky started to deliver and included the British House of Commons and the US Congress. In these addresses he dramatically pointed out their responsibility to support the people of Ukraine in their fight against the Russian military agression.

Zelensky usually delivered these speeches from a nondescript room, probably in a bunker. The photo below shows him in a very improvised setting, with the Cisco DX80 videoconferencing screen, an Avaya B149 conference phone, an Apple MacBook, camera equipment and an old-fashioned Soviet-style telephone without rotary dial:

President Zelensky delivering a speech from an unknown location
(photo: DPA vía Europa Press - click to enlarge)

Calls with foreign leaders

In February 2022, when the Russian military threat became imminent, president Zelensky had phone calls with a range of foreign presidents and prime ministers in which he urged them to impose sanctions against Russia and requested arms to defend his country.

For these calls he either used the huge white phone console or a commercial Avaya B149 conference phone, like in the photo below, showing Zelensky when he was talking to Dutch prime minister Mark Rutte on February 23:

President Zelensky talks to Dutch prime minister Mark Rutte, February 23, 2022
(photo via Instagram - click to enlarge)

Calls with US president Biden

Zelensky also spoke to US president Joe Biden several times, but for these calls a different telephone set was used: a Cisco 7975G Unified IP Phone. This is a common high-end executive phone which was also used for the secure telephone network of the White House until it was replaced by a newer model from Cisco's 8800-series in 2017.

President Zelensky during a phone call with US president Biden, January 27, 2022.
(photo: Ukrainian Presidential Press - click to enlarge)

In the photo we see Zelensky during a long telephone conversation with Biden on January 27, 2022, discussing diplomatic efforts on de-escalation of the Russian threat. A close look at the Cisco phone shows that the wallpaper of the display has an image of the White House, clearly indicating that it's for calls to the president of the United States:

So here we have a rare occasion in which we can see dedicated telephone equipment for a hotline between heads of state. The connection between Zelenksy's office and the White House was probably relayed by the US embassy in Kyiv, like other secure communications between the Ukrainians and US officials, as was reported by CNN.

Secure satellite phones

In February 2022, as fears mounted about the Russian invasion, the US prepared to evacuate its embassy and provided the Ukrainian government with a secure satellite phone to maintain regular contact with president Zelensky, who now moves around to multiple locations in Kyiv that are protected with a significant security presence.

On March 5, Zelensky used this satellite phone for a 35-minute call with his American counterpart on what more the US could do to support Ukraine without entering into direct combat with Russian forces. A similar phone had been provided to Ukrainian foreign minister Dmytro Kuleba.

CNN reported that these satellite phones require electricity but can operate off of a generator or energy from a car if needed. Initially it took a few days for the Ukrainians to get the satellite phones up and working because the instructions on how to use them were in English.

The US embassy in the Ukrainian capital Kyiv.
(photo: Andrew Kravchenko/AP)

Zelensky's smartphone

Finally, Ukrainian president Zelensky also has a smartphone, which he uses to record some of the messages to his people, like the famous one in which he showed that he hasn't left the capital and can still stay in the building of the Presidential Administration on Bankova street (see below).

For a president and other top government officials, a smartphone imposes the risk of being hacked and tracked, but in Zelensky's case we can assume that, besides other security measures, it only connects to a secure base station or a secure wifi router that merely provides access to a sufficiently secured internal network.

Video message by Ukrainian president Zelensky, March 7, 2022.

Links and sources
- CNN: US in contact with Zelensky through secure satellite phone given to him by the US (March 1, 2022)
- The Guardian: The phone has become the Ukrainian president’s most effective weapon (February 28, 2022)
- Telegraf: Страна в смартфоне: как чиновники перейдут со спецсвязи на приложение в телефоне (November 11, 2019)

See also: Comments at Hacker News

February 2, 2022

Head of Danish military intelligence arrested but independent inquiry finds no wrongdoing

(Updated: April 5, 2022)

Unprecedented developments in Denmark: a former defense minister as well as the head of the military intelligence service FE have been charged for disclosing highly classified information, for which the latter has even been imprisoned.

Here I will provide more details about the arrest of FE head Lars Findsen and the charges against defense minister Claus Hjort Frederiksen, followed by a summary of how the crisis has developed, the recent conclusions of an independent investigation and finally the similarities to the Snowden case.

FE head Lars Findsen (left) and former defense minister Claus Hjort Frederiksen
(photos: Liselotte Sabroe/EPA-EFE & Johannes Jansson/Norden)

FE head Lars Findsen arrested and imprisoned

On January 10, the Danish broadcaster DR reported that Lars Findsen had been arrested on Copenhagen Airport on December 8, 2021, after he had been under surveillance by the Danish police intelligence service (Politiets EfterretningsTjeneste or PET).

It's a wry turn of fate as Findsen himself had been the head of the PET from 2002 to 2007. Since 2015 he led the Danish military intelligence service (Forsvarets Efterretningstjeneste or FE), before he was suspended in August 2020.

On April 4, 2022, DR reported that the PET had apparently bugged Findsen's house in order to find out whether he revealed classified information to family members, which is a very intrusive method that is only used in the most serious cases.

According to DR, the PET set up a special investigation after on September 30, 2020 the Danish newspaper Berlingske published a long piece with unprecedented details about the cooperation between the FE and the NSA. The investigation intensified when in May 2021 news media from several European countries provided additional details based upon nine sources with access to classified information (see below).

On the same day as Lars Findsen, the PET arrested three other current and former employees of the FE and the PET. Just like Findsen, they are accused of the unauthorized disclosure of highly classified information in violation of section 109(1) of the Danish criminal code, which is punishable with up to 12 years in prison.

This came quite unexpected because section 109 was only used once before, as it is meant for cases of treason and espionage, comparable to the American Espionage Act of 1917. In Denmark, leaks by government employees were usually charged under a much less strict law which can lead to imprisonment for only up to two years.

The headquarters of the Danish police intelligence service PET

The exact charges against Findsen haven't been made public, but according to DR News it's about leaking information to the press. Just before a hearing behind closed doors at Copenhagen magistrate's court on January 10, Findsen exclaimed to the press: "I want the charges brought forward and I plead not guilty. This is completely insane". Findsen has to stay in prison at least until February 4, the other three have been released on bail.

On February 4, the court gathered behind closed doors again and decided that Findsen has to stay in custody for another four weeks. Highly unusual was the fact that it took some 8 hours to reach that decision. Findsen appeared in court carrying the 2017 war novel All the Light We Cannot See by Anthony Doerr.

On February 17, an appeals court ordered that Findsen had to be released from prison because although there's "a well-founded suspicion" that he violated Danish law by disclosing intelligence information, the court "didn’t find that the conditions for a pre-trial detention are met."

Already in December 2021, the head of the PET and the acting head of the FE visited the main Danish media outlets and warned that their editors could also be charged under section 109. On January 4, eight journalists from six media were summoned for questioning as part of the police investigation into the leaks about the FE.

A possible explanation for this intimidation could be that the Danish government wants to demonstrate that they will punish leakers severely and do everything to prevent any further leaks in an attempt to comfort the FE's foreign partners, especially the Americans, who are likely highly disturbed by the recent developments.

This could risk the continuation of the intelligence cooperation, for which mutual trust is the most important factor: intelligence agencies will only be willing to share their secret information when they are convinced that the other side will keep the information just as secret and will not misuse it in any way.

Lars Findsen in his office as head of the FE, with two Cisco 7900-series IP phones,
apparently one for secure and one for non-secure calls
(photo: Ritzau/Jens Dresling - click to enlarge)

Charges against former Defense minister Frederiksen

The current crisis didn't stop at the imprisonment of Lars Findsen though: on January 14, it was reported that Claus Hjort Frederiksen, who was defense minister from November 2016 to June 2019, is also charged under section 109. This was made public in a brief press release which the Liberal or Venstre Party sent to Danish media.

As a member of parliament, Frederiksen has immunity, but the Liberal Alliance party doesn't want to lift it unless the Danish parliament gets full insight into a possible criminal case against him. In the press release he said that he never had the intention to harm Denmark or Danish interests.
On February 4, 2022, Frederiksen issued a statement on Facebook in which he said that the day before he got insight into the charges against him and that they are only based on newspaper articles and public debates.

During two interviews in December 2021 (with the television programs Deadline and Lippert), Frederiksen had been remarkably talkative about the FE's cooperation with the NSA, but he was also angry about how his successor as defense minister, Trine Bramsen, handled the case by suspending Findsen and some other officials, including a general responsible for the relations with the Americans.

Just recently it was revealed that on February 28, 2019, Frederiksen had arranged a meeting with the Oversight Board to convince them to drop their investigation into the FE in order to not endanger the cooperation with the NSA - a controversial move given the independent position of the Oversight Board, which accordingly continued its investigation that eventually sparked the current intelligence crisis.

Current Danish defense minister Trine Bramsen (left) and her predecessor
Claus Hjort Frederiksen (photo: Linda Kastrup/Scanpix)

After the revelations in the media, Frederiksen apparently felt free to explain and stress that the FE did nothing wrong: that spying on European countries is common practice and that to protect Danish citizens (i.e. to keep within the law) the FE had installed filter systems.

He was especially concerned about the relationship with the NSA, because in recent years, Denmark had reached almost the same level as the Five Eyes partnership, an achievement that his successor had put at risk now, according to Frederiksen.

There are actually several countries that claim a position very close to the Five Eyes, but fact is that Denmark is a so-called Third Party partner of the NSA already since 1954 and, as such, a member of the SIGINT Seniors Europe (SSEUR) and, between 2009 and 2014, of the Afghanistan SIGINT Coalition (AFSC).

Development of the intelligence crisis

The Danish intelligence crisis started on August 24, 2020, when the ministry of Defense issued a short statement saying that Lars Findsen and two other officials of the military intelligence service had been suspended from duty until further notice.

The same day, the Intelligence Oversight Board (Tilsynet med EfterretningsTjenesterne or TET) issued a press release with the unclassified results of an investigation that had been initiated by information provided by one or more whistleblowers. The main accusations were:
- The FE withheld key and crucial information and provided the Oversight Board with incorrect information;
- There were risks that the FE's collection activities led to unlawful collection against Danish citizens;
- The FE failed to investigate indications of espionage within the Ministry of Defense;
- There's a culture of insufficient legal awareness within the FE's management;
- There were activities in violation of the Danish law, including obtaining and sharing information about Danish citizens;
- The FE has unlawfully processed information about an employee of the Oversight Board.

On December 21, 2020 the Danish justice minister established the FE Commission (FE-kommissionen) to further investigate the allegations against the FE and to present a report within a year.

The Kastellet fortress in Copenhagen, the workplace of most of the FE's employees
(photo: Danish Air Force Photo Service)

The FE uses XKEYSCORE to process data from the cable tap

Meanwhile, Danish media came with unprecedented disclosures: on September 13, the newspaper Berlingske revealed how in the mid-1990s the FE, in cooperation with the NSA, started to tap a backbone cable containing communications from countries like China and Russia - very similar to Operation Eikonal (2004-2008) in which the NSA cooperated with the German foreign intelligence servce BND.

According to Berlingske, the communications of interest were extracted from the cable in Copenhagen and were then sent to the Sandagergård complex of the FE on the island of Amager. Part of the agreement between the US and Denmark was that "the USA does not use the system against Danish citizens and companies. And the other way around".

On September 24, 2020, the Danish broadcaster DR reported that after 2008, NSA employees traveled to Denmark to build a data center for a new system to process the data from the cable tap. The heart of this system is formed by XKEYSCORE, the sophisticated processing and filtering system for internet data used by the NSA and GCHQ.

The Sandagergård complex of the FE on the island of Amager,
where a data center was built specifically to store data
from the joint NSA-FE cable tapping operation.
(Click to enlarge)

According to DR News, the FE tried to develop a number of filters to ensure that data from Danish citizens and companies is sorted out and not available for searches. Former defense minister Frederiksen confirmed the existence of such filters, but also admitted that there can be no 100% guarantee that no Danish information will pass through.

Berlingske had also identified the whistleblower as a young IT specialist of the FE, who in 2013 became increasingly concerned, after which then head of the FE Thomas Ahrenkiel ordered an internal investigation, which found no signs of abuse by the NSA. The IT specialist, however, was not satisfied with this result and informed the intelligence oversight board somewhere in 2018 and provided them with new information in November 2019.

The NSA tried to spy on Danish and other European targets

On November 15, 2020, the Danish broadcaster DR published a story about two internal assessments from the FE, one from 2012 and another one from 2015 (or 2014?), which contain an analysis of the phone numbers and e-mail addresses (also known as selectors) which the NSA sent to the FE for collecting information from the cable tap.
- According to the analysis from 2012, the NSA submitted selectors for Danish targets, including the ministry of Foreign Affairs and the ministry of Finance, as well as the Danish defense company Terma.

- The 2015 analysis of selectors showed that the NSA also used the cable tapping cooperation to spy on targets in European countries like Sweden, Norway, the Netherlands, Germany and France, according to DR News.
On May 30, 2021, joint reporting by DR, SVT, NRK, Süddeutsche Zeitung, NDR, WDR and Le Monde revealed that the internal investigation which FE boss Ahrenkiel initiated in 2014 was codenamed Operation Dunhammer and concluded in May 2015 that the NSA had provided telephone selectors for Norwegian, Swedish, German, Dutch and French politicians and officials, including former German chancellor Angela Merkel and then foreign minister Frank-Walter Steinmeier.

This outcome is actually not very surprising, because from the German parliamentary investigation (2014-2017) into the cooperation between the NSA and the BND it also became clear that, among hundreds of thousands of identifiers for legitimate targets, the NSA had provided the BND with thousands of selectors related to European and even German targets, which in 2015 resulted in the "Selector Affair".

The FE Commission finds no wrongdoing

On December 13, 2021, the independent FE Commission finally presented its report about the accusations against the FE. Surprisingly, the commission found no evidence of wrongdoing by the FE and also found no basis to hold the former and current head of the FE, Ahrenkiel and Findsen, accountable.

The report from the FE Commission is classified, but its conclusion have been published on the commission's website. Because they are only available in Danish, I made a preliminary translation using Google Translate with some manual corrections, which can be found here.

Focusing on the most important accusations, the commission found no evidence that the FE provided incorrect information to the subsequent defense ministers nor to the Intelligence Oversight Board. The commission also found no basis for assuming that the FE has generally obtained and passed on information about Danish citizens in violation of the law.

Given everything that emerged from the various revelations by Danish media this conclusion came as a surprise, but it can probably be explained by the fact that spying on other European governments is not prohibited by Danish law, how embarrassing it may be when it becomes public.

And if the FE has a similar filter system as used by the German BND, then the Danish selectors which the NSA provided to the FE would have been blocked before they were entered into the actual collection system (see diagram below). This means no Danish data were selected and so there was also no violation of the law.

It's unclear whether the commission found any minor deficiencies at the FE. As we have seen during the German parliamentary investigation, employees of the BND's signals intelligence units often had little feeling with political sensitivities, while government officials didn't know about the complexities and limitations of the collection systems. Similar issues may have been the case at the FE.

Similarities to the Snowden case

Most recently, Edward Snowden also commented on the Danish intelligence crisis in an interview with the newspaper Politiken from January 22, 2022. In the interview, however, Snowden acted as if the cooperation between the NSA and the FE is a mass surveillance program that "violates the rights of hundreds of thousands, if not millions, of people every single day" while it's actually about selectors for individual and generally legitimate targets.

Snowden also seems convinced that "Danish communication will be intercepted in these programs. No country possesses the capabilities to filter out all the information of its citizens", but according to previous press reports, the controversial selectors were telephone numbers and those are quite easy to filter, because they include a country code. For internet communications this is much more difficult.

In the interview, Snowden said, again with maximum exaggeration, that he is impressed by the young IT specialist at the FE who started the current crisis: "it is hard not to be inspired by this person's courage and ability to do so. The person has investigated the investigators and caught them in breaking the law and the rights of everyone in Denmark and the whole world."

Edward Snowden during the interview with the
Danish newspaper Politiken, January 22, 2022

Unlike Snowden, the FE's IT specialist didn't go straight to the press when he became concerned about certain things at his work place, but initially followed the proper channels and addressed his concerns to the FE management. However, an internal investigation found no abuse of the cable tapping operation by the NSA.

Then the IT specialist acted very similar to Snowden: because he was not satisfied with this result he secretly started to gather internal information on his own: he "smuggled a recorder into his workplace, arranged meetings with colleagues and bosses for several months and recorded them in secret". In November 2019 he provided this to the intelligence oversight board, which also started an investigation.

Then defense minister Claus Hjort Frederiksen (now 74 and liberal conservative) tried to keep this behind closed doors in order not to endanger the longstanding cooperation with the NSA - which is the common way governments handle such intelligence issues.

What made the Danish case different is that his successor Trine Bramsen (40 and social democrat) followed the concerns of the oversight board and suspended FE chief Findsen. At that moment it seemed the IT specialist was right and that things were wrong at the FE.

But Frederiksen and maybe Findsen and other FE officials fought back by telling the press about the joint cable tapping operation in an apparent attempt to convince the public of the importance of the cooperation with the NSA.

Several months later it was revealed that the NSA had tried to spy on European and even on some Danish targets - highly classified information that may have been leaked by insiders hat shared the concerns of the IT specialist.

This fight through press leaks seriously threathened Denmark's intelligence position and therefore the government apparently saw only one option left, that of unprecedented tough measures against leakers, even when they defended the cooperation with the NSA.


Ultimately, the whole issue in Denmark boils down to the same positions we saw earlier in other countries that were affected by the Snowden revelations:
- People close to the intelligence agencies claim that their interception operations are strictly within the law, particularly by using filter systems to protect the communications of their own citizens.

- Outsiders usually think that bulk cable tapping is wrong anyway and that spying on governments and companies of friendly countries is also wrong, even when that's not prohibited by law.

Despite being seen as a former insider, Snowden represents the outsider position by claiming that cable tapping automatically means bulk collection and mass surveillance. In reality, bulk collection is usually limited to metadata, which are not used to monitor as many people as possible, but to find targets that were not yet known. Selectors for individual targets are then used to pick their communications from the cable just as targeted as a traditional wiretap.

It's likely that the NSA also acquired metadata from the cable tap in Copenhagen, but the Danish press reports didn't provide further information on this. During the similar operation Eikonal in Germany, the BND made sure the NSA only got 'technical metadata' and no 'personal metadata' like phone numbers and e-mail addresses (see diagram below).

All this shows once more that in order to make a good judgment about signals intelligence operations it's often necessary to look at even the smallest details of the technical systems that are involved.

Overview of the joint NSA-BND operation Eikonal (2004-2008)
(Click to enlarge)

Links and sources

- Politiken: Edward Snowden: Det, der foregår i Danmark lige nu, er en demokratisk skandale (Jan. 22, 2022)
- Peter Kofod: FindsenGate 1½ | Anbefaling & forbehold (Jan. 21, 2022)
- DR: Claus Hjort ville beskytte spionsamarbejde: Forsøgte at bremse kulegravning af Forsvarets Efterretningstjeneste (Jan. 21, 2022)
- Politiken: Eksperter: Claus Hjort afslørede meget dårligt bevarede statshemmeligheder (Jan. 19, 2022)
- De Volkskrant: Staat de veiligheid en geloofwaardigheid van Denemarken op het spel nu de inlichtingenchef in de cel zit? (Jan. 18, 2021)
- BBC: Danish spy scandal: Ex-minister accused of state secrets leak (Jan. 15, 2022)
- Intel News: Ex-director of Danish spy agency charged with treason in ‘unprecedented’ case (Jan. 12, 2022)
- DR: Hemmelig PET-taskforce aflyttede spionchef Lars Findsen i månedsvis for at afsløre læk til medierne (Jan. 10, 2022)
- DW: Danish spy chief detained over 'highly sensitive' leak (Jan. 10, 2022)
- Politiken: Kommission afviser alle anklager mod spiontjeneste og hjemsendte chefer (Dec. 13, 2021)
- DR: Forsvarets Efterretningstjeneste lod USA spionere mod Angela Merkel, franske, norske og svenske toppolitikere gennem danske internetkabler (May 31, 2021 - including timeline)

December 21, 2021

From the Hotline to the first video call between presidents Biden and Putin

(Updated: March 19, 2022)

Among the most special telecommunication links are those between the presidents of the United States and Russia. The first and most famous one is the Hotline from 1963, but contrary to popular belief it never had red telephone sets, because it started as a teletype link that evolved into a secure e-mail system.

Only in 1990, a separate secure telephone line was established between the Kremlin and the White House, which was integrated into a digital computer network in 2008. This also enables video calls, a capability that was first used by US president Biden and Russian president Putin only two weeks ago, on December 7, 2021.

US president Biden talking to Russian president Putin from
the White House Situation Room, December 7, 2021.
(photo: White House - click to enlarge)

The Biden-Putin video call

The Russian news agency TASS reported that "the video conference was organized via a secure video conference line, designed for communication between world leaders, and used for the first time today" - a memorable moment, but hardly any other news outlet mentioned it.

Maybe that's because the American and the Russian president had already participated in several multilateral video conferences, like for example the G20 summit in Riyadh in November 2020, and therefore this first bilateral video call seemed not that special anymore.

US president Joe Biden attended the virtual meeting from the large conference room in the White House Situation Room, which is in the basement of the West Wing of the White House. Also present were national security adviser Jake Sullivan, secretary of State Antony Blinken and Eric Green, a senior advisor on Russia.

Russian president Putin talking to US president Biden at
his Bocharov Ruchei residence, December 7, 2021.
(photo: Kremlin via EPA - click to enlarge)

Russian president Vladimir Putin conducted the video call from a conference room in Bocharov Ruchei, which is the summer residence of the Russian president in the Black Sea resort of Sochi. In the photos and video released by the Kremlin no aides or other officials were visible.

An interesting little detail is that the security camera in the corner of the room seems to be covered in black plastic, likely to prevent the ordinary security personnel from watching and/or listening to the video call with president Biden:

Another detail is that president Putin seems to have a white button in front of him, probably similar to the call button in the White House which the American president can use to summon assistance. Under Trump this became known as the "Diet Coke Button".

Close-up of the white button in front of president Putin,
next to an ivory Prestige-CB phone made by Telta
(photo: Mikhail Metzel, Sputnik, Kremlin Pool Photo via AP)

Start and duration of the video call

A brief snippet broadcast by Russia state television shows that the two leaders offered friendly greetings to each other: "I welcome you, Mr. President," Putin said, but US president Biden seemed to fumble with his microphone, awkwardly waving to his Russian counterpart during the silence.

After a few seconds, Biden leaned forward and pressed a button on the control panel of the video teleconference (VTC) system. This apparently turned his microphone on: "There you go" he said, suddenly audible, chuckling and waving to Putin.

The AMX control panel of the videoconferencing
system in the White House Situation Room

After president Biden expressed his hope for an in-person meeting with the Russian leader in the future, further talks proceeded in private. Biden and Putin spoke to each other for just over two hours, according to the White House from 10:07 a.m. to 12:08 p.m. Eastern Time, or 18:08 to 20:10 Moscow Time.

Putin's foreign affairs adviser Yuri Ushakov described the presidents' video conference as "candid and businesslike," adding that they also exchanged occasional jokes. Biden's national security adviser said the meeting was "useful", the discussion "direct and straightforward" and "There was no finger wagging."

After the video call with Putin, president Biden had a telephone (conference?) call with France's president Emmanuel Macron, German chancellor Angela Merkel, the British prime minister Boris Johnson and Italian prime minister Mario Draghi to brief them about the conversation with the Russian president.


On December 30, 2021, US president Biden and Russian president Putin had their second conversation within a month. This time it was a 50-minute telephone call, which was requested by Putin and was about the ongoing crisis around Ukraine.

President Biden speaks on the phone to president Putin
from his home near Wilmington, Delaware on December 30, 2021
(photo: AFP/Getty Images - click to enlarge)

On February 12, 2022, Biden and Putin had a phone call of just over an hour again about a possible Russian invasion of Ukraine. This time, the American president conducted the call from the conference room in Camp David, the presidential country retreat near Thurmont in Maryland:

President Biden having a call with president Putin, February 12, 2022
(photo: White House/Reuters - click to enlarge)

US-Russian communication links

It should be noted that neither the video call, nor the telephone conversations between the presidents of Russia and the United States are conducted through the famous Hotline between Washington and Moscow. This Hotline, which is officially called the Direct Communications Link (DCL), was established to prevent nuclear war and is formally based upon a memorandum between the United States and the Soviet Union from June 20, 1963.

In popular culture the Washington-Moscow Hotline is often called the Red Phone, and therefore many people think it has red telephone sets, but this is false: the Hotline was never a phone line. It was set up as a teletype connection, which in 1988 was upgraded to inlcude facsimile (fax) units. Since 2008 the Hotline is a highly secure computer link over which messages are exchanged by e-mail.

The Washington-Moscow Hotline terminal room at the Pentagon in 2013
(photo: - click to enlarge)

The American president did use a red telephone though, although not for foreign, but for domestic communications. Quick and easy contact between the president and military commanders is of course just as important as contact with the Kremlin, and this was achieved through a secure military telephone network, called the Defense Red Switch Network (DRSN).

The Direct Voice Link (1990)

While president Reagan used to write letters to his Soviet counterparts, his successor George H.W. Bush had his first phone call with general secretary Mikhail Gorbachev already on January 23, 1989, three days after his inauguration. This established the practice of direct calls to the Soviet leadership, which were to prove very productive.*

Therefore, the United States and the Soviet Union signed an agreement on June 2, 1990 to set up a "Direct, Secure Telephone Link between Washington and Moscow". This agreement was updated by the memorandum of understanding between the United States and the Russian Federation from October 15, 1999.

The official name of this telepone line is Direct Voice Link (DVL) and it connects the White House with the office of the Russian president, initially via the same satellite link as the Hotline. But while the Hotline is designated for top level crisis communications, the Direct Voice Link can be used for routine matters and the calls are usually scheduled in advance, so interpreters can be present.*

President Obama using his telephone for secure calls in the Oval
Office to talk to Russian president Putin, March 1, 2014.
(White House photo by Pete Souza - click to enlarge)

A Russian integration proposal

From the declassified Presidential Review Directive/NSC 51 by president Clinton's national security advisor Anthony Lake from February 28, 1995, we learn that:
"The Russian government has recently tabled a proposal to upgrade existing government-to-government communications links between Washington and Moscow by installing a secure digital network with voice, data and teleconferencing capabilities. Significantly, the Russian proposal would integrate the existing Direct Communications Link, the secure Direct Voice Link, and the Nuclear Risk Reduction Center communications network in a manner that would permit intergovernmental communications between the U.S. and Russian presidents as well as other government officials; it would also provide the capability to convene conference communications involving Washington, Moscow and "third parties," e.g., other capitals of the Newly Independent States."

In reaction to this proposal, the senior director for Defense Policy of the US National Security Council set up an interagency working group, to "reexamine the purpose, function and overall architecture of direct communications networks between Washington and Moscow."

I haven't found the conclusions of this working group, but given the fact that the different communication systems continued to exist, indicates that at the time the US did not agree to the Russian proposal.

The Direct Secure Communications System (2008)

Eventually, the Russians partly got what they wanted, because on October 30, 2008, an agreement was signed on the establishment of a "direct secure communications system between the United States of America and the Russian Federation".

This agreement supersedes and terminates the earlier agreements and memoranda of understanding about both the Hotline (from 1963, 1971, 1984 and 1988) and the Direct Voice Link (from 1990 and 1999).

The new system consists of "networked equipment and communications circuits and [is] intended for secure emergency and non-emergency communications between the highest leadership of the two countries." To make the system suitably reliable, the "communications circuits shall follow geographically diverse paths" and both countries agreed to equally share the cost of leasing communication circuits that run outside their territory.

According to the agreement it was up to the Defense Information Systems Agency (DISA) on the American side and the Federal Protective Service (FSO) on the Russian side to "determine the configuration and technical parameters of the communications circuits, as well as the specific types of encryption devices and equipment to be used."

It was also agreed that "the secure communications system shall be reequipped and updated every five years" while it may also be used to transfer classified information, but only up to the level Secret, as the agreement only mentions the classification markings Secret (Russian: Совершенно секретно) and Confidential (Секретно).

Since the new system became operational, probably in the course of 2009, there's one secure network between Washington and Moscow which is used for the e-mail capability of the old Hotline as well as for the direct telephone line between both presidents.

Since 2013 the network is also used for "a direct secure voice communications line between the U.S. Cybersecurity Coordinator and the Russian Deputy Secretary of the Security Council, should there be a need to directly manage a crisis situation arising from an ICT security incident."

And likewise the video call between Biden and Putin must also have been conducted through the Direct Secure Communications System, although it's not clear why it took so long before this capability was first used.

The Head-of-State Network

The new secure communications network between Washington and Moscow has probably been integrated in the Head-of-State (HoS) network which the president of the United States uses to communicate with foreign leaders.

According to the 2009 budget of the White House Communications Agency (WHCA), which is part of DISA, this Head-of-State network was upgraded to an IP network and expanded with "new suites and additional network capacity", a project that was finally completed in the fiscal year 2013.

There's very little information about the Head-of-State network, but we can assume that it includes at least the countries that previously had a bilateral top-level hotline with the White House: Russia, the United Kingdom, Germany, India and probably China. Other allied countries are likely also included.

A small room within the White House Situation Room where the president
"can make a head-of-state phonecall from the Situation Room itself"
(screenshot from a White House video)

Head-of-State phone calls

Presidential phone calls to other heads of state are usually prepared by the senior duty officer (SDO) of the White House Situation Room who negotiates date and time with the designated contact in the foreign capital and arranges an interpreter from the Language Service of the State Department.* Subject-matter experts from the National Security Council (NSC) may also listen in to the call.

These phone calls are not recorded, but duty officers in the Situation Room take verbatim notes which are put together in a Memorandum of Conversation (MemCon). An example is this one of the famous last phone call between presidents George H.W. Bush and Mikhail Gorbachev on December 25, 1991. Nowadays these MemCons are stored on TNet, the internal computer network for the NSC staff.

When the Situation Room has no dedicated link to a particular foreign leader, then the call would be set up through the so-called Signal switchboard, which is staffed by military personnel from the White House Communications Agency.*

The Signal switchboard is also used for all other secure phone calls and thus we see that the IST2-telephone used by presidents George W. Bush and Barack Obama had separate buttons not only for the Situation Room, but also for the Head-of-State conference calls, the Signal switchboard and its operator for secure calls:

Securing the networks

For obvious reasons there's no information about how the Head-of-State network and the Secure Communications System between the US and Russia are secured. For its own classified IP networks, the US military uses advanced network encryptors, like the TACLANE series made by General Dynamics. These devices are certified by the NSA as Type 1 product that use classified Suite A algorithms to encrypt communications data up to the highest classification level (Top Secret/SCI).

For such an encryption system, however, both parties have to use the same equipment, or at least the same algorithms and that's a problem when it comes to bilateral communications: one country will of course never provide it's best encryption systems to another country. One solution is to use less secret methods, like the Advanced Encryption Standard (AES), which is considered one of the best publicly available encryption algorithms.

Responsible not only for securing the Direct Voice Link (DVL), but also for Obama's BlackBerry, was Richard "Dickie" George, who served as technical director of the NSA's Information Assurance Directorate (IAD) from 2003 until his retirement in 2011.

One-time pad

When head-of-state communications should be as secure as possible, then they could use a one-time pad (OTP), which is unbreakable if implemented correctly. Instead of an algorithm, the OTP method uses a completely random key that is as long as the message that has to be encrypted.

In this way both the original Hotline and the communication links of the Nuclear Risk Reduction Center (NRRC) were secured: "The information security devices shall consist of microprocessors that will combine the digital message output with buffered random data read from standard 5 1/4 inch floppy disks" which each party provided to the other through its embassy.

Russian equipment?

In August 2018, several Russian state media came with a somewhat confusing story saying that "a sophisticated scrambler developed by Concern Avtomatika was tested by US specialists and recommended for use in the direct telephone link connecting Washington with Moscow."

Avtomatika and its predecessors have been manufacturing cryptographic equipment for secure top-level telecommunications already since 1930. In 2014 Avtomatika became part of the state-owned defense conglomerate Rostec.

Links and sources

- ABC News: Biden confronts Putin over Ukraine in high-stakes meeting (Dec. 8, 2021)
- TASS: Putin-Biden video conference over (Dec. 7, 2021)
- The New York Times: The White House relies on a secret system for calls with world leaders. (Dec. 7, 2021)
- Bloomberg: Outdated White House Situation Room Getting Needed Overhaul (Oct. 21, 2021)
- I listened to dozens of presidential phone calls. Here’s why it’s done (Sept. 25, 2019)
- National Security Archive: The Last Superpower Summits (Jan. 23, 2017)
- CNN Business: 'I made Obama's BlackBerry' (May 22, 2014)
- Michael K. Bohn: Nerve Center. Inside the White House Situation Room, Brassey's Inc, 2003, p. 67-101.

Some older articles on this weblog that are of current interest: