Report confirms encryption company was a long-running CIA front

On Tuesday, February 11, the Washington Post reported that the United States and Germany had used a Swiss-based encryption company, Crypto AG, as a front to spy on allies and enemies for decades. The Guardian now reports that the Swiss government has ordered an inquiry into the company, which was headquartered in Zug until it closed in 2018.

Though the new report has drawn considerable attention, reports of the company’s ties to the CIA have been around for decades.

Using Crypto AG to spy

A joint investigation by the Washington Post and the Germany-based ZDF uncovered that the Swiss company Crypto AG was actually owned and operated by the Central Intelligence Agency (CIA) and Germany’s Federal Intelligence Service (Bundesnachrichtendienst, BND). BND’s ownership ended in 1993, shortly after German reunification.

After that point, the CIA continued to own the company, in alignment with the National Security Agency (NSA), using it as a means of spying on nations around the world. Operating under the guise of an unaffiliated communications encryption firm, Crypto AG sold products to more than 120 countries, including Iran, Iraq, Saudi Arabia, and the Vatican.

The Washington Post reports that the joint venture between the CIA and the BND began in 1970, originally under the code name “Thesaurus,” and later, “Rubicon.” The report, based on internal CIA documents, said the operation “ranks among the most audacious in CIA history.”

The operation appears to have ended in 2018.

Following the report, the Swiss government vowed to open an investigation into the company. Niklaus Oberholzer, a former federal supreme court judge, has been appointed to look into the matter and is due to provide a report to the Swiss defense ministry in June.

What did Crypto AG produce?

Crypto AG began during World War II as a legitimate encryption company, designing and selling technology designed to allow secure communication. Like its home country, Crypto AG operated under the presumption of neutrality, making it a secure source for clients around the world.

Dating back to its origins, Crypto AG has produced various products as technology has advanced. The Washington Post says the company has had a part in producing mechanical gears, electronic circuits, silicon chips, and software.

In 2018, after the CIA shuttered the operation, a different encryption company, Crypto International Group, bought Crypto AG’s name and assets. On their website, they say they are completely separate companies with unrelated ownership. They’ve called the Post/ZDF report “very distressing” and have vowed to further assess the situation.

The Five Eyes are watching

While the Crypto AG operation was run by the US and Germany, it wasn’t the only country that had access to the information gained through spying. One CIA report cited by The Washington Post stated that foreign governments had “the privilege of having their most secret communications read by at least two (and possibly as many as five or six) foreign countries.”

According to the Guardian, that reference to “five or six” countries likely alludes to the so-called “Five Eyes.” The Five Eyes is a post-Cold War intelligence sharing alliance between the US, the UK, Australia, Canada, and New Zealand. In addition to spying on other countries, the Five Eyes monitors global internet activity and digital communications.

The rumors are true

Prior to the Post/ZDF report, it had long been claimed that Crypto AG was a front for the CIA. A 1995 Baltimore Sun article titled, “Rigging the Game,” said that behind company doors, “America’s National Security Agency hid what may be the intelligence sting of the century.”

Presciently, that article’s authors, Scott Shane and Tom Bowman, wrote, “The whole story will be told only when US documents are declassified, probably well into the next century.”

In 1996, a story in the German newspaper Der Spiegel essentially laid out everything Tuesday’s report revealed. For instance, it was alleged that NSA agents visited Crypto AG often and that the company’s technology was used to spy on Iran and the Vatican.

The Buehler affair

Suspicions about the company appear to have begun with a former sales engineer for Crypto AG, Hans Buehler. As discussed in the Der Spiegel story, Buehler was arrested on March 18, 1992 on a trip to Tehran, Iran. He was held in solitary confinement for nine and a half months and interrogated on his role in leaking Iranian secrets.

It appears Buehler, like many employees at the company, was uninformed of any spy activities on the part of Crypto AG. The company paid “about one million German marks” for his release from Iran. However, the sales engineer was subsequently let go for the bad publicity the whole affair brought to Crypto AG.

As detailed further in National Security Agency Surveillance: Reflections and Revelations 2001-2013, by journalist Wayne Madsen, Buehler went on to investigate the circumstances of his firing. He came to believe that what the Iranians accused Crypto AG of doing was true, with one employee of the company telling Buehler, “I saw American and German engineers doctoring our machines.”

[article_ad]