For decades, US and Germany owned Swiss crypto company used by 120 countries
Crypto AG, a Swiss cryptographic communications gear company that got its big break building code-making gear for the US Army in World War II, has been a provider of encryption systems for more than 120 countries. And according to a report by The Washington Post and German broadcaster ZDF, the company was owned outright for decades by the Central Intelligence Agency and Germany’s intelligence agency, the BND—allowing the CIA, the National Security Agency, and German intelligence to read the most sensitive communications of practically everyone but the Soviets and Chinese.
That unprecedented level of access allowed the US to monitor Iranian communications during the Iranian hostage crisis, Argentine communications during the Falklands War (shared with British intelligence), the communications of Egyptian President Anwar Sadat during negotiations of an Egypt-Israel peace deal at Camp David, and communications from Libya that confirmed the Qaddafi regime’s involvement in a 1986 West Berlin disco bombing. During the Iran-Iraq War in the 1980s, Iranian communications were “80-90 percent readable,” according to documents viewed by the Post and ZDF.
While German intelligence cashed out of the company in the 1990s, the CIA’s ownership persisted until 2016, even though the intelligence value of the company diminished with the widespread availability of other digital cryptography tools—and a series of missteps, including what a CIA history described as a “storm of publicity” after the arrest of a Crypto AG salesman in Iran in 1992. But the history also informs the US government’s concerns over the potential threat that comes from other countries’ ownership of parts of communications infrastructure, including concerns over China’s Huawei.
Details of the operation, referred to as “Thesaurus” and later “Rubicon,” came from a 2004 paper from the CIA’s Center for the Study of Intelligence and a 2008 oral history of the program collected by BND officials. In CIA documents, Crypto AG was referred to by the codename Minerva. The US government began its relationship with Crypto AG’s founder Boris Hagelin, who fled from Norway to the US during World War II,
in the late 1950s, the US persuaded him to limit the strength of cryptographic gear sold to other countries in exchange for a “licensing agreement” that would compensate the company for lost sales. As the company moved to electronic encryption, US intelligence began to have an even greater role—with the NSA essentially designing the entirety of the company’s first all-electronic encryption system released in 1967. Crypto AG sold two versions of the system—one strongly encrypted for friendly governments, and one with “rigged” encryption for the rest of the world.
Even as Crypto AG provided a wealth of intelligence—by 1980, it provided about 40 percent of NSA’s take from other countries’ diplomatic cables and other encrypted communications—it also generated millions in revenue that the CIA and BND split and plowed into other operations.
More than a dozen countries still use encryption systems from Crypto AG. But on the eve of publication of the Post/ZDF story, the Swiss government revoked the company’s export license.
