DUCS  (Dial Up Crypto System)

Keep Your “DUCS”  In A Row
By David Smith

In 1990, a new system called DUCS (Dial-up Crypto System) was DFAIT’s first communications/ crypto system to take advantage of the then rapidly expanding use of Personal computers.  It was also a “made-in-house” system with the planning and development of DUCS done by technical employee expertise from within DFAIT.  First begun as a system produced by two technicians, the DUCS program expanded quickly and with advances in computer technology, software development (also in-house) and improvement in world-wide communications mediums, it became a quick and efficient means of providing communications to the majority of consulates and embassies world-wide.  Advances in tempest-compliant PC’s and printers made this a very viable form of communicating with a minimum of training.

The premise of DUCS was to connect a Tempest-compliant  Datawatch X86 PC,  a Tempest-compliant  3184 printer , a V.32 modem (maximum speed of 9600 baud) and a KG84C crypto unit to existing MITNET [1] lines.  The minimum (and normal speed of transmission at many missions) was 1200 baud.   Because the traffic consisted of text only, the speed was sufficient to meet most needs.   MITNET lines would normally use local phone lines from Embassies to local telecom companies within the various countries and from there; MITNET would use reasonably high-quality lines direct to DFAIT headquarters in Ottawa.  All communications were fed into NOCAMS, the computerized message switch of the day. The process was quite simple. Embassy communications personnel would activate the software which would place a call to NOCAMS. Upon connection, NOCAMS would deliver any messages being held in queue and then incoming messages from our missions would be transmitted.  It was really quite fast since it was pure text and the printers used could pretty well keep up with the incoming traffic.   It was a simple as starting the process using software driven programs and then enjoying a coffee while all traffic was cleared in both directions.

The Datawatch X86 computers were fitted with two removable hard disks with the “C” drive containing program files and  the “D” drive holding the incoming/outgoing messages.  In the early days, the drives had a capacity of 40 Mbytes but as larger hard drives became available, some missions with heavier workloads received upgrades.

As a backup in case of any malfunctions, there was a second PC on standby and operators were trained to “exercise” the backup units at least once a month to ensure they remained operational. The KG84C crypto units were filled monthly using a KOI-18 fill reader – a two foot long cable attached to the KG with the reader fixed to the other end of the cable.

Jeffrey Hargiss provides some generic information on the Datawatch PC.  "The Datawatch PC was a regular-spec XT that was housed in a plate steel case with copper mesh or copper "fingers" around the openings.

Each I/O connector on the back of the unit (ie RS-232, Parallel, Centronics, video, keyboard, AUI, and Ethernet) went through a special filter board [one per port] to choke any radiated signals. (I am not aware of token-ring or RJ45 interfacing, but we didn't use that).

Video output was anything from EGA to VGA. Incidently, the mouse system [optical on a grid pad] was a pain to use [2] . The keyboard was painted on the inside with a copper colored paint, and a heavy shielded cable was used for connection to the PC. Default configurations were usually one floppy and one hard drive [3]. Datawatch also made an 80386 system, I do not know if they ever made a 486.

The users who were not running 24 hours really loved the Datawatch PC. Pulling the hard drive out of the PC was very easy as it was locked in the safe when they left for home.

Techs thought the PCs were OK, but there were lots of screws that had to be removed if servicing the unit. Tempest compliant equipment is generally "overscrewed". There were specific inch-pound settings for these fasteners and you were given a calibrated inch-pound screw driver when you went to the factory for certification. Apple also made Tempest-compliant systems, as did AT&T, IBM".

What began as a small project quickly morphed into a very large system with more than 60 missions retiring their former communications/encryption equipment in exchange for DUCS.   Missions which were still using BID770 off-line systems were some of the first to receive DUCS. A schedule was developed to install DUCS around the world but DUCS began in the Far East with Kuala Lumpur, Malaysia possibly being the first mission to use DUCS.

The installation project was quite a process. For the most part, it was a challenge to install DUCS while maintaining operation of the existing Alvis or Tenec equipment that DUCS was replacing. The Communications Centres at most embassies were tight on space but once DUCS was installed and former equipment decommissioned, the additional space was greatly appreciated.

When the introduction of DUCS began, most communications personnel had very little background or familiarity with computers with a few exceptions.  To address the training requirements, two trainers and a technician (who had developed the software) flew to Amsterdam for 3 weeks. In the Hilton Hotel, the team set up three or four PC’s in each of two connecting rooms and ran a training program in those rooms.  Six communicators at a time were flown in to Amsterdam from various parts of the world for three days and during that time, they would be brought up to date on the software required to use the program and be given a crash course in Computers 101.  When they returned to their respective missions, another six would arrive until gradually, all communicators could operate DUCS.

Although DUCS was first implemented in 1990, it is in fact still going strong, now highly refined and under the name of SIGNET.  Our former DUCS simply became significantly geared to the demands of the day and with every new release of software (produced and released by DFAIT employees), it transformed the entire world of Departmental communications into a high-speed secure (and easy) means of communicating between DFAIT’s missions abroad and Headquarters in Ottawa.  The days of Communicators were over and a new breed of worker, the Computer System specialists now keep the electronic traffic flowing around the world.

Above and Below: The DUCS installation in the Beijing embassy. The system consisted of two Tempest-compliant Datawatch Personal Computers, two Penril modems and DFAIT developed custom software based on the Crosstalk application. Included were two Model 3184 printers (Tally/Genicom?) and  two KG84C encryptors. 
Mounting details of the KG-84C's.
All photos in this table are from the Foreign Service Telecommunications photo pool. 

The modular PC used with DUCS was the Datawatch X86. It came in both tower and desktop configurations and it appears that two floppy drives and two hard drives were standard peripherals. 
X86 rear connections for tower type configuration.
 All photos in this table are from the Foreign Service Telecommunications photo pool. 

As of April 2011, DFAIT provides communications support for the Local Area Networks (LANs) at Canada's 160 missions in 111 countries, and directly serves more than 10,000 people. More than 6,000 of these work outside Canada.


[1] MITNET provides a single departmental network infrastructure to support data and voice applications.  It incorporates low-level network connectivity protocols and the physical infrastructure.

[2] DFAIT did not use the optical mouse with their system.

[3] The usual configuration for DFAIT machines was two floppies and two hard drives.

Credits and References:

1) Robert Stewart <rmstewart(at)rogers.com>
2) David Smith <drdee(at)sympatico.ca
3) Jacques Larose <Jacques.larose (at) bell.net>
4) http://www.international.gc.ca/about-a_propos/atip-aiprp/infrastructure.aspx?lang=eng
5) Jeffrey Hargiss <kc9fat(at)aol.com>

 Back To Canadian Embassies
Feb 5 /13