Expatica news

No official outcry in Swiss Crypto spying affair

The Swiss company Crypto produced manipulated encryption devices for decades. The CIA and the BND, Germany’s intelligence agency, were able to use them to spy on half the world. This spy thriller was first exposed in February 2020 and a few weeks ago, an official report was released.

On May 13, 1952, a Swede called Boris Hagelin founded Crypto AG. The first headquarters were in the founder’s chalet in the central Swiss town of Zug. The secretary worked in the living-room while the technicians assembled the machines in the garage. But Crypto was not what we would today call a start-up: Hagelin had arrived in Switzerland four years earlier well equipped for success; he had expertise, connections and above all, a well-established company in Sweden, A.B. Crypoteknik.

Hagelin devices and the US

Before the Second World War, Hagelin had developed an encryption machine that was about the size of a lunch box and therefore particularly suitable for use in the field: the M-209. The United States bought it and produced about 140,000 under licence. The Americans were able to consult closely with the inventor – after Norway and Denmark were occupied by the Nazis, Hagelin decided to emigrate to the US in 1940. There he worked closely with the cryptologist William F. Friedman, one of the founders of the Signal Intelligence Service, the precursor of the NSA. The two men became close friends and Friedman visited Hagelin after the war in Switzerland. In 1944, Hagelin returned to Sweden and in 1948, he emigrated to Switzerland.

One reason for this was Switzerland’s stance in the Cold War: Sweden, like Switzerland, was a neutral country, but it defined its neutrality more rigidly. Sweden restricted exports of encryption devices after the war because they were viewed as armaments. Switzerland tried to keep the definition of neutrality as vague as possible in order to leave no scope for criticism. So Hagelin determined that it was more favourable for his plans to be in Switzerland, even though, for example, the NATO export restrictions also applied there.

Hagelin needed money to start his business in Switzerland. William F. Friedman helped him to look for investors. This was not a selfless act of friendship: Hagelin was required to consider US interests in producing his machines in future. Hagelin in turn received a guarantee that the US wouldn’t hassle him with further export restrictions.

What is cryptography?

Cryptography is the science of coding. It was used in ancient Rome, and there are also known coding methods from the early modern period. In the 20th century, machine coding began to take off. From the 1970s, the machines became electronic and completely new encryption processes were developed. Modern encryption processes are today the basis of secure data transfer and they are integrated into every mobile phone or computer.

In the Cold War, cryptography was a secret science. But in fact it is nothing more than applied mathematics and can be precisely described. The first person to advocate the publication of the mathematical bases of cryptography was the German mathematician Friedrich L. Bauer (1924-2015). His standard reference work “Decrypted Secrets: Methods and Maxims of Cryptology” has been published in countless editions and translated.

The first machine that Hagelin produced in Switzerland shocked the Americans. It was too good. In order to be able to read the messages it had encoded, Crypto had to produce a special handbook that deliberately recommended settings that were easy to crack. His American partners were serious – they wanted to be able to read the messages – even those encrypted by other states. So from then on, Hagelin produced machines that had good cryptographic algorithms for Switzerland, Sweden and the NATO states and devices that were very easy to crack for all the other countries, in particular Arab states. So it was an easy job for the American secret service to decode encrypted radio messages.

When Hagelin, the founder, withdrew from the company in 1970, the CIA and Germany’s BND bought the company – via middlemen – for just $8.5 million, the equivalent of about CHF35 million today. The secret services could now give direct instructions to the developers. Known as “Operation Minerva,” it was one of the biggest secret-service operations since World War II. Now German and American agents could read the most secret messages from more than 100 countries – they were informed about intrigue in Argentina’s terror regime and the plans of Iran, Libya and Panama. The CIA and BND had information about the Falklands War in 1982, about the Libyan bomb attack on the Berlin discotheque La Belle in 1986, and about the Iran hostages affair in 1979 – all because of a small Swiss firm in Zug. 

Does the Crypto affair taint Swiss neutrality?

The Crypto story was reported in the US and German media. But so far, there has been no torrent of international criticism: there was hardly any official reaction from state authorities. From the US, the only comment was that there is no comment on secret service operations. Only the former German chancellery minister, Bernd Schmidbauer, confirmed the operation in full. The states that were under surveillance remained particularly quiet. Any comment by a government would have been an admission of its own negligence.

In early November 2020, the Swiss parliament’s audit committee presented its report. A part of the report is public: this part says that the operation as such was legal, both under the law of the time and under current law, including the cooperation with other secret services. The report is critical of the Swiss secret service. It should have let the government know what was going on with regard to this sensitive operation. The government has until next summer to respond to this report.

What did the Swiss government know?

Were Crypto’s activities compatible with Swiss neutrality? The Zurich international law expert Oliver Diggelmann views the affair as a clear violation of neutrality law. “In a conflict between two states, a state with permanent neutrality cannot almost automatically act as the ally of one of these states, and Switzerland was in this case a sidekick for America’s spying activities against potential enemies.” Laurent Goetschel, a political scientist, sees it differently: “The question is only relevant if the authorities knew.”

According to the report published in early November, the Swiss government only officially learned of the Crypto affair in autumn 1993 and has been able to read messages coded using manipulated devices since 2002. But before that there were indications that Crypto was cooperating with other secret services.

What did Crypto AG know?

The Swiss authorities have concluded that Crypto AG, the firm at the centre of a spying scandal, did not violate any laws when applying for export licences for what turned out to be compromised encryption devices.  

The Office of the Attorney General of Switzerland has dropped criminal proceedings in connection with the Crypto affair, it said on December 21. A criminal complaint had been filed in mid-February by the State Secretariat for Economic Affairs (SECO) to find out whether Crypto had misled the Swiss authorities and concealed facts in the export licence applications and/or falsely declared important information. Other questions, such as espionage, were not at issue in the complaint.

The federal prosecutor’s office concluded that although Crypto’s devices had indeed been tampered with, there was no evidence of a “deliberate and unjustified violation of the Export Control Act”.

Since the Swiss secret service was involved, the case should be considered an official action and its legal basis was covered by the Military and Intelligence Service Act, it said. Therefore those people responsible for exporting the encryption devices must therefore have thought that the exports were legal, it concluded.

As long ago as the mid-1970s, a development engineer who left the company in 1977 told officers in the Swiss army and a former state prosecutor that Crypto was deliberately making devices that produced easily unscrambled messages. The state prosecutor’s investigation at the time, using the cover-name “Code,” led nowhere. An intriguing element is that the files were believed lost in early 2020, and then surfaced last summer at a secret command centre. (The 2020 investigation report is critical of the handling of the files, among other things.)

Crypto came to attention again in 1992: The Swiss sales engineer Hans Bühler was arrested in Tehran, accused of espionage. He was imprisoned for nine months. On his return he was fired by Crypto. Bühler told the media why he was really arrested: The Iranians suspected that the Crypto devices had a secret backdoor accessible to the US secret service. The Zurich journalist Res Strehle researched this story for years and wrote his first book on the subject in 1994.  In the summer of 2020, he published a second book on the subject – now he was in a position to give hard and fast evidence. “We have known for more than 25 years that Crypto cooperated with the secret services but we could never prove it,” he said.

After the so-called Bühler affair, the Swiss police also launched an investigation in 1994 and interviewed more than 20 people – and just like in the 1970s, it bore no results. But the authorities knew from this point at the latest that Crypto was in the hands of the US secret services. Spy experts believe that the intelligence agency knew about the secret service operations much earlier and protected the company. They say that the rule of thumb for the executive branch during the Cold War was: Don’t ask, don’t tell. Or: What you don’t know won’t hurt you. 

Translated from German by Catherine Hickley