Recent news revelations confirmed an old suspicion: The CIA and the BND used encryption machines from Swiss-based Crypto AG to spy on allies and enemies during the Cold War. Guaranteeing data privacy will be a key challenge in the digital age.
It’s almost like a James Bond movie. Secret Services agencies bought an encryption company to spy on governments worldwide. And it all happened in Switzerland and Liechtenstein – under the codename “Operation Rubikon.”
Crypto AG was an encryption machine maker based in the Canton of Zug, which was later secretly bought by a Liechtenstein front company that was 50/50 owned by the CIA and the German BND. According to the reports, Swiss spies have also been involved in the operation, but only a handful of Crypto AG personnel knew about the intentional weakening of its products.
One of the boldest and most scandalous operations
The spy agencies used Crypto AG’s machines that were sold all around the world to extract information. Crypto AG passed the full tech specs to the NSA, which was then able to break the codes.
According to the ZDF, through Crypto AG’s international sales, the NSA and the BND were both able to spy upon hostile and allied countries alike, with spied-upon allies including NATO members Portugal, Spain, and Ireland.
Warwick University political science professor Richard Aldrich reportedly called Operation Rubikon “the boldest and most scandalous operations, because over a hundred states paid billions of dollars for their state secrets to be stolen.”
News revelations confirmed an old suspicion
Although Operation Rubikon was never confirmed until this day, there had been a suspicion already for a while.
Professor Alan Woodward of the University of Surrey commented in The Register, “The original suspicions were raised because Reagan went on TV and talked about diplomatic cables that had been encrypted using a Crypto AG C52 machine. I think it was Der Spiegel who ferreted out the allegations
[in 1996, years before today’s revelations]
by talking to certain Crypto AG staff.”
Can data be safe in the digital age?
The Cold War-era backdooring of Crypto AG’s machines ended in 1993, after Germany’s reunification. At that time, the BND sold its 50 percent shareholding to the CIA. In 2018, Crypto International Group AB bought Crypto AG’s international business and the company was split in half. The Swedish-owned company that acquired the brand name said in connection with the recent news reports that it had “no connections to the CIA or the BND” and “never had.”
The story is too old to have any significant political consequences today. However, it also shows that cryptographic technology can be used to protect data, but it may not always be as safe as we think.
Over the coming decade, the token economy will create a digital society, which will certainly be more efficient, cheaper, and faster. But if everything is digital, those with superior technology can easily see, track, and maybe also manipulate what we do. Creating safety mechanisms to protect businesses and citizens is a key challenge when building our digital future.