Jeffrey LewisNo PALs For Paks

Sanger and Broad definitively answer the question of whether the US shared Permissive Action Link technology with the Pakistanis (no):

The American program was created after the Sept. 11, 2001, attacks, when the Bush administration debated whether to share with Pakistan one of the crown jewels of American nuclear protection technology, known as “permissive action links,” or PALS, a system used to keep a weapon from detonating without proper codes and authorizations.

In the end, despite past federal aid to France and Russia on delicate points of nuclear security, the administration decided that it could not share the system with the Pakistanis because of legal restrictions.

In addition, the Pakistanis were suspicious that any American-made technology in their warheads could include a secret “kill switch,” enabling the Americans to turn off their weapons.

While many nuclear experts in the federal government favored offering the PALS system because they considered Pakistan’s arsenal among the world’s most vulnerable to terrorist groups, some administration officials feared that sharing the technology would teach Pakistan too much about American weaponry. The same concern kept the Clinton administration from sharing the technology with China in the early 1990s.


Officials said Washington debated sharing security techniques with Pakistan on at least two occasions — right after it detonated its first nuclear arms in 1998, and after the terrorist attack on the United States in 2001.

The debates pitted atomic scientists who favored technical sharing against federal officials at such places as the State Department who ruled that the transfers were illegal under the Nuclear Nonproliferation Treaty and under United States law.

This is an issue that has fascinated me since my buddy Todd wrote an op-ed in 1999 arguing that Pakistan’s coup illustrated the need to declassify basic information about PALs. (The more things change, eh?)

The best arguments for sharing PALs are found in Gregory Giles, “Safeguarding Undeclared Nuclear Arsenals” The Washington Quaterly 16:2, Spring 1993, 173-186 and Dan Caldwell, “Permissive Actions Links: A Description and a Proposal,” Survival, May/June 1987.


  1. Yale Simkin (History)

    As the articles pointed out, a serious sticking point is the interpretation of Articles I and II of the (mis-named) NPT.

    From Article I (Nuclear State duties) –

    … (They must) not in any way to assist…any non-nuclear-weapon State to manufacture …

    Article II

    … (The non-weapons state must)…seek or receive any assistance in the manufacture of nuclear weapons or other nuclear explosive devices.

    What is “assistance in the manufacture”?

    PALs, and other safety and security technologies are not snap-on external options.

    If it were simply adding a coded on/off on a wire between the detonators and a battery, then I don’t think an issue arises.

    However, to be effective, PALs are deeply and inextricably integrated into the very fabric of weapon’s systems.

    Transferring these technologies might seriously impact Article I and II duties.

    I am curious as to how the mentioned legal experts see a workaround for the problem.

  2. Alex W. (History)

    “To get around such legal prohibitions, Washington came up with a system of “negative guidance,” sometimes called “20 questions,” as detailed in a 1989 article in Foreign Policy. The system let United States scientists listen to French descriptions of warhead approaches and give guidance about whether the French were on the right track.”

    The citation for this, for those who are curious, is Richard H. Ullman, “The Covert French Connection,” Foreign Policy 75 (1989): 3-33. It is an interesting read; somehow I’d missed it. People can contact me if they are interested in a copy.

  3. Geoffrey Forden (History)

    Indulge me for a moment while I seem to go off topic, I promise to return to the subject of PALS. I have been advocating a some what related measure to increase the nuclear stability between India and Pakistan: a globally shared missile launch surveillance system (see my papers on it at such as “A Multinational Missile Launch Surveillance Network” or “Global Missile Launch Surveillance for Increasing Nuclear Stability” or “Reducing a Common Danger: Improving Russia’s Early-Warning System” ). This involves setting up an international organization that would share the raw data from a constellation of satellites designed to detect the launches of missiles anywhere in the world. While it would not decrease the risk of terrorists getting nuclear weapons (and hence this is slightly off topic, but wait for it) it would help in the case of an accidental nuclear detonation—neither India nor Pakistan have one-point-safe nuclear designs—by helping prevent a country from believing it had been attacked by showing that no missiles had been launched (radar would show that no planes had been attacked but would not be capable of ruling out missile attacks).

    Now, as part of the effort to promote this idea, I gave a series of talks about it to the nuclear establishments in Pakistan where I was asked if it would not be easier and better to simply help those two countries get one-point-safe designs. My answer, and I think it applies to PALS as well, is that one-point-safety involves such detailed knowledge of nuclear design that the US would have to custom design the bomb anew. Would Pakistan, I asked, really want the US “improving” India’s bomb design? Would Pakistan really want the US messing about with Pakistan’s design? (Sanger and Broad nicely capture this thought. Similarly, would the US really want to take on the moral responsibility of assisting any country improve its nuclear weapons? It was apparently willing to do that for France and Britain but at least we were allies against the Soviet Union together and had a good idea who they would be used against.) Interestingly enough, the Pakistani military officer who asked the question immediately said no to both questions. Its clear, in retrospect, that Pakistan had thought through the idea before for the example of PALS. Sanger and Broad’s article helps explain that!

  4. Bill Arnold (History)

    The Pakinstani engineers involved aren’t stupid. Letting slip a comment or two that a certain approach won’t work, perhaps augmented with more overt hints, e.g. that a PAL design neglects defenses against a class of attacks, would at least get them on the right track. The article’s description of the assistance to the French (negative guidance) sounds like a description of a formalized version of this.
    Making the Pakistanis completely revinvent PALs from scratch was/is a really really bad idea. One can easily imagine the basics but getting the details all rigorously covered is very hard.

  5. Rodger (History)

    Thanks for the citations, Jeffrey, but geezers like me would point readers to an even older literature. As it happens, Dartmouth’s 1980-1981 debate team advocated transfer of PALs and related technology to new proliferants. My colleague and I also started running that case in the second semester…

    In any event, the debate case drew heavily on a 1977 issue of <i>The ANNALS of the American Academy of Political and Social Science</i>, Vol. 430, No. 1. See especially the articles by Lewis Dunn and Colin Gray. See also Robert Lawrence and Joel Larus, <I>Nuclear Proliferation, Phase II</I> (Kansas, 1974).

    At least those are the citations I can readily find in the yellowed copy of my undergrad honor’s thesis: “Pondering the Perils of Nuclear Proliferation; American Foreign Policy Choices” (1983).

    By the time I wrote it, Dunn also had produced a book addressing this policy proposal: <i>Controlling the Bomb</i> (Yale, 1982).

  6. Daniel

    Could someone with some knowledge of the issue clarify what exactly PAL technology entails? I’ve always (naively, it seems) assumed that in practice PALs were essentially a kill switch in the arming process, but it seems there’s more to it.

  7. Anonymous

    How do you all know that Pakistan does not have at least some form of basic technical use control a la early U.S. PALs? These types of controls are fairly easy to develop and implement. Of course, these PALs would also provide far less security than would advanced modern U.S. PALs.

  8. Bill Arnold (History)

    A few questions:

    – Do we know whether the Pakistani arsenal is purely implosion designs? (one hopes they are.)

    – What are the arguments against sharing PAL technology even at the level of hints? Is there some screwball argument that if Pakistanis aren’t confident of their PALs that they will be more diligent about procedures? I’m having a hard time believing that the current or even previous administration is worried about possible violations of the NPT.

  9. Anon

    For anyone interested, here is a link to On the Risk of an Accidental or Unauthorized Nuclear Detonation, the abridged version of the 1958 Rand Corporation report that helped to inspire what came to be known as “permissive action links” and the “two-man rule.”

    RM-2251 was authored by political scientist (and future USECDEF/P) Fred Iklé,
    psychiatrist Gerald Aronson, and economist/statistician Albert Madansky.

  10. Bill Arnold (History)

    <i>Could someone with some knowledge of the issue clarify what exactly PAL technology entails?</i>
    There is not much in the public literature about PALs. Those who know can’t talk, and those who don’t know (like me, mostly, excepting some glimmerings encountered while working on civilian crypto hardware) speculate. Try this <a href=“”>“Permissive Action Links”</a> for some hints. It is full of speculation but is pretty clear.

  11. Anon

    The proper hyperlink to RM-2251 is

  12. mark F (History)

    From the Sanger and Broad excerpt, I really like “ The (Bush)administration decided it could not share the system with the Pakistanis because of legal restrictions”

  13. Captain Canuck

    Michael Calderone at has published a story on the NYT holding this story on the PALs for Pakistan, at the White House’s request, for 3 years.

  14. FSB

    Regarding Daniel’s question above. Giles article cited by Jeffrey sez:

    Permissive Action Links Devices that block critical arming systems
    until proper codes have
    been entered

    Range from simple
    (though less tamperresistant)
    locks to electronic
    switches requiring dual

    Other features
    — “limited try” switches
    that lock themselves
    after a few incorrect
    code entries
    — membrane sensors that
    can detect other entry
    attempts and disable
    the weapon
    — command disable codes
    that can be entered to
    render a weapon
    useless if its
    security is in

    I think only sure way to render the device useless is prob. to explode some fraction of the high explosive chemical trigger (?)

  15. Lao Tao Ren (History)

    PALs can come from super simple to extremely sophisticated devices. I think what Lewis and co. is suggesting is whether it is in US interest to declassify some of the broad outlines of it so that there is the possibility of a common architecture in the implementation of PALs, at least at the block diagram level.

    Basic versions of the device are hardly any more complicated than what you might find in a sophisticated lock on a Bank Safe and certainly not beyond the capabilities of a competent group of Pakistani engineers.

    The issue goes beyond PALs, but selection of crews, training, etc. which a comprehensive ‘safeguard assistance’ program would have to provide Pakistan.

    I wonder whether the Chinese have shared some of their safeguards knowhow with Pakistan —- having helped them out so much in this area, it would seem to make sense.

    A common architecture for PALs would also enable a competent group of technicians, with a bit of help, to deactivate someone else’s device even if they did not plant a back door in it. Is that such a bad thing?

    Slightly off the topic, but I wonder if Musharraf picked the wrong country to be President of?

    His actions: imposing a state of emergency, detaining Supreme Court justices, arresting lawyers, civil rights leaders, liberal political party hacks, etc. might be just the thing to do in a country overrun with 50,000 lawyers (or 1 for every 3,300 people) in an impoverished country that need peace, order and good government more than it need haggling about legal fine points before the courts.

    Imagine what he could do for a country that is infested with about 1,000,000 lawyers (1 lawyer for every 300 persons or so)?

    If Musharraf is President of the US here, he could declare a state of emergency and then bring the number of lawyers, judges, etc. down to Pakistan levels in the US! The surplus he can exile to China. That will eliminate any chance of the Chinese being a peer competitor for at least a few centuries.

    Let’s have the Democrats and Republicans draft Musharraf for 2008!

  16. Alex W. (History)

    As a detonation hardware aside, the original Fat Man/Gadget X-Unit component which sent the electrical signal to each of the detonators was patented and is now in the public domain. (Note the long period between the application ands its date of issue; it was classified during this period—secret patent applications are not granted until they are declassified.)

  17. Bill Arnold (History)

    For an inkling of the sorts of challenges faced by PAL designers, see the FIPS 140 civilian standard for cryptographic equipment:
    Its classifications go from level 1 to level 4. FIPS 140 doesn’t describe some of the attacks defended against by high-end civilian crypto hardware.

    Add defenses against exotic attacks on the hardware devised by government researchers over the past 30-40 years, and additional paranoia, and secure entanglement of some sort (I have no clue here) with the actual nuclear device.

  18. FSB
  19. Andreas Persbo

    Speaking of good PALs. The UK used a simple bike lock: