Welcome to Tech Stuff, a production from iHeartRadio. Hey there, and welcome to tech Stuff. I'm your host, Jonathan Strickland. I'm an executive producer with iHeart Podcasts. And how the tech are you. I am currently on vacation. Hopefully I'm having a good time, and I hope you're having a good time wherever you happen to be as well. But in the meantime, I thought I would bring you an episode that we published originally on February seventeenth, twenty twenty. It's titled When Secrets Aren't Secret. This is about the curious case of the CIA, the Central Intelligence Agency of the United States of America, owning and operating an encryption company, which seems to be a bit of a conflict. Let's listen in. So I want to talk about the business of communication and secrets and also the business of eavesdropping and why all of this gets real dodgy, real fast. So the initial story doesn't involve China or five G Networks. It goes further back than that. It actually concerns a Swiss company called cryptoag and its ties to the Central Intelligence Agency aka the CIA in the United States. The story is all about the battle between secrecy and surveillance, and it's also about trust, as in, whom do you trust when you want to send a secure communication to someone else? If you're using some sort of technology to encrypt your stuff, who makes that encryption you know, strategy, whether it's it's software or actual device or whatever it may be, who's making that and can they be trusted? And as it turns out, those are difficult questions to answer than would readily seem apparent. Now, the story for this really begins with a Swedish inventor named ARV Gerard Dom who was born in eighteen sixty nine. He worked in textile mills before he would start creating his own version of a cipher machine sometime around nineteen fifteen or so. So, what the heck is a cipher machine? Heck? What's a cipher? Well, a cipher is a code. It's a way of hiding the meaning of a message. And there are a lot of different approaches to encoding information, and there are a lot of strategies that actually employ multiple versions of this, multiple schemes. So, for example, one way to have a code is to use words that refer to something else, So instead of saying a military tank, you might say Thomas. You know, because you got Thomas the tank engine, and you go from Thomas the tank engine to military tank and there you are. So if you referred to a Thomas you might be talking about a tank. That would be a very bad code, or at least a very easy to decipher code. But that's a version of codes where you have a codebook that tells you what certain words or phrases actually are meant to convey. Then you have ciphers in which you replace the letters of a message with some other letter or symbol, and the simplest of these is a shift cipher, sometimes also called a Caesar cipher. And with these ciphers, you write on a message, but you shift all the letters some predetermined number down or up the alphabet. So if you had a shift cipher with just one shift one step, that would mean that you would use the letter B to represent the letter A, you would use the letter C to represent the letter B, and so on down the alphabet. So if someone else were to get hold of the message at casual glance, the message would appear to be gibberish. But of course that particular cipher is super easy to decode, even if you are shifting further up or down the alphabet. Let's say you're shifting up ten spots instead of one. Well, just because of the nature of language, someone with even a little bit of patience would be able to probably break that code pretty quickly. Well. In the early twentieth century and victors were working on mechanical systems that would create stronger ciphers, and initially these were mostly thought of as a way to protect business communications like financial communications between banks, for example, or sometimes political messages between different parts of the world, like a government and its embassy in another country. That over time they would be adopted by militaries around the world to send secret communications back and forth between headquarters and units in the field, and these communications needed to be much more secure than a caesar cipher could potentially offer. So the basic idea behind these cipher machines was that you would have a device. Sometime times it would look like a typewriter. Sometimes it would have a hand crank on it, but typically there'd be at least one dial, if not several dials, and perhaps some other components that would allow the operator to set the machine to establish the cipher. So you choose your settings, and then the operator would take a message that is meant to be encoded and then put it through this machine in some way. Maybe they're using a keyboard, maybe they're using a series of keys and levers. However it may be they're actually typing out the message in plain text. But the cipher machines would have some sort of gears or other chains or systems that would turn with each letter type, and it would change the cipher as it did, so change the nature of it. And this was a really clever way to confound code breakers, particularly if the machine was really well designed. So let's say you are an operator and you have the word book that you need to encode using one of these machines. So you have one of these particular machines. You type the letter B into the device, which, because of the settings for this particular session, will now print out the letter G. So the letter G means B with this particular cipher. The gears inside the machine turn after you've typed in the letter B, which prints out as G, So now the cipher is actually different. You type in the first O in book and you get another G because of the way the cipher works. Then the gears turn again. You type in the second O, and now the machine prints out the letter F. The gears turn again, you type out the letter K, and you get the print out of K, So the printed word says ggf K rather than book. Well, to decode the message, you would typically need the same sort of machine that was used to encode it, and you would need to know what settings the operator had been using when they started the message, and you would have to set up your machine to mirror that, and then you would end up taking the encoded message and you would start typing that out and the process would essentially reverse itself and it would allow the operator to read out the original message. So in our example, the operator on the other side would take GGFK and enter that into their machine and they would get the print out book. Now a couple of caveats here. Not all cipher machines are created equal right or were used to their best advantage. Sometimes people made bad decisions when it came to either designing cipher machines or implementing them. For example, the big wigs might decide that, in no circumstance would you ever have a letter represented by itself. You would never allow that to happen. So in the example I just gave where GGFK means book, that last k wouldn't work. You would have to have the device go to a different letter because it would not allow itself to replicate a letter with a representation of itself. Other rules that could cause problems on the road might be a rule against the doubling of letters like the gg and GGFK. And the reason that these are problems is that if you have a code breaker who's really looking at these codes closely, and that code breaker starts to figure out that there are restrictions to the code, they can build that into their code breaking models in an effort to crack the code. Because as you put in restrictions, that means you're reducing variables. And anyone who has worked in any sort of mathematics, particularly stuff like algebra, you know that to solve complicated problems you need to reduce variables. As you reduce variables, you make it easier to solve problems. So it was actually this sort of thing that would lead to the British cryptographers breaking German codes during World War Two. It wasn't that the technology itself was necessarily faulty. It was that the Germans were kind of using bad methodology with some of their equipment, and that's what gave an inroad for code breakers. Now, if you want to learn way more about how these machines actually work, you can listen to tech Stuff Ponders and Enigma. That's a classic episode that originally published way back on October nineteenth, twenty eleven, and I actually did a tech Stuff Classic rerun of that episode on October twelfth, twenty eighteen. The Enigma machine is the most famous cipher device that was made in the early twentieth century. It was made and used by the Germans, and it was used extensively by the German military during World War Two. And in that podcast, my old co host Chris Paulette and I talk about how a really good cipher one that's super hard to crack, is also a pain in the patookas to use because of that complexity, and that's mainly why officials would put rules in place that ultimately would service the downfall for their technology, because using the tech without those rules in place was possible, but not always fast enough to be practical. This would prove to be a problem with cryptography in general. You want a system that's secure enough that you're reasonably certain a person who intercepts the message would be unable to make header tail of it. Right. That's the whole purpose of cryptography is to make any unauthorized person incapable of reading the message. But you also want your solution to be practical enough that your intended recipient can decode the message with a minimum of fuss, particularly if it relates to a time sensitive issue. So in this case, you had Germans using these same settings on their Enigma machines for longer than they were supposed to, or they were co locating codebooks with the Enigma machines and those fell into Allied hands who were able to use those two decode messages. To this day, balancing out practical applications with security remains a challenge. It may make it take longer for a message to get through from one point to another, which a lot of people don't accept in the age of information traveling at the speed of light. Or it just may be a pain to encrypt and decrypt, which also ends up becoming a barrier to adoption and implementation. Okay, let's get back to our story. So it's the nineteen tens, right, It's around nineteen fifteen. Arred Garaddam has patented an encryption device. He got that patent by nineteen nineteen and to manufacture and market the device, Dom would work with business partners to create a company originally called Cryptograph or ab Cryptograph, and one of Dom's investors was a guy named Carl Wilhelm Heglan who had made his money in Russia in the oil business. But then the Russian Revolution happened and Haglan fled with his family and they returned to Haglund's homeland of Sweden. They brought the family with them, and Boris Haglan was a Carl Wilhelm Hegland's son, and Boris was given a position in Dom's company in return for this financial investment from his father. Now Boris would actually prove to be quite the entrepreneur. In nineteen twenty five, he would take over the company entirely. He became the new head of the company. He would rename it Crypto Technic in nineteen thirty two, and then when the Nazis rose to power, he fled Sweden for Switzerland and re established his company there, and it was this company that he established that would later become known as Cryptoag, the focus of our episode really well. In the meantime, his company continued to produce new cipher machines, incorporating new features in an effort to build machines that were able to create stronger codes. And again, this was mostly for business use or occasional government use, but the rise of World War II would create a new market as military sought ways to send messages securely without fear that their plans would be shown to an enemy. And that's when the United States would enter into the picture, setting the stage for the company's future in ways Hageland could not have anticipated. I'll explain more when we come back, but first let's take a quick break. So when World War two broke out, the United States military would become one of Cryptoag's customers, and when the Nazis invaded Norway in nineteen forty, Hageland would again move operations. This time he moved to the United States. His company's encryption device, known as the M two nine, would be produced in the US. According to the Washington Post, there was a typewriter factory in upstate New York that would end up making around one hundred and forty thousand of these M two nine encryption devices, and Hagland negotiated with the US Army and landed an eight point six million dollar contract, a princely sum today, but certainly a princely sum way back in nineteen forty. Hegland's devices lacked the sophistication of Germany's Enigma machine. They weren't nearly as complex, nor were they as capable of creating very tough encryption, so codebreakers could suss out the original messages that were created on an M two nine if they were given enough time and attention, and for that reason, the Army primarily relied on these devices to disguise extra dreamly time sensitive orders. So the logic was, by the time someone had actually broken the code, the information would be worthless anyway, because whatever was being covered in the message would have already happened. It would have been something that was more imminent, so you wouldn't be able to act on the information, even though you'd be able to at least decode what had been said. So you wouldn't want to use these devices for any sort of long term plans because they were crackable. People could crack the codes with given enough a time. Now. Around that same time, Haglan became good friends with another cryptographer named William Friedman. Freedman was born in Russia. Actually, so was Haglan. Hegland's parents were Swedish, but when they had Boris he was the family was in Russia. So Friedman's family left Russia when Friedman was just a baby back in eighteen ninety two due to a rise in anti Semitism in Russia and Friedman his family's Jewish. So Freedman grew up loving codes and cryptography and became fascinated with them. He joined a private research lab. He met and then courted and then married a woman named Elizabeth Smith, who on her own was an accomplished cryptographer, a brilliant cryptographer. And they both sort of worked for George Fabian, and that was the guy who owned the private research lab. Fabian sounds like the sort of person who really belonged in the Renaissance as far as I'm concerned. In the Renaissance you had rich nobles who would become patrons of great thinkers and philosophers and artists. Fabian he established this private research lab in order to look into stuff that he just thought was interesting, which I think is kind of cool, maybe a little eccentric. Well, when the United States entered World War One, the Friedman's husband and wife would work in code breaking for the United States, and the cryptologic division of the research lab became the genesis for the American Cryptography Service. So William Freeman would later become the chief cryptoanalyst. In fact, he termed the or he coined the term cryptoanalysis for the United States, and would lead the future Signals Intelligence Service before going on to serve in other intelligence agencies as a cryptographer. So Friedman was very much working in the same world as Hegeland, though you could say that these were from opposing perspectives, right, because Hegeland's company was all about producing machines that could incipher messages, while Freedman was largely interested in finding methods to decipher codes. Though Freeman also worked in theory as well to talk about different ways to create stronger ciphers. And we'll come back to Freedman in just a moment. So Hegelan would stay in the US until World War Two ended in Europe, and he had become extremely wealthy due to the lucrative army contract he had made, and he had built many professional and personal relationships in the United States so he would have strong ties to the US. He then returned to Europe to again re establish his company there. Meanwhile, American intelligence officials were starting to get a little worried because code breaking was growing increasingly difficult due to sophisticated machines running complicated systems to create these codes. And if you had little insight into how those machines worked or which systems they were following at any given time, you had really little hope of breaking a code in a reasonable amount of time. So it was very clear that a lot of people were having really secret conversations that American spies were unable to decipher, and that just rubbed the Americans the wrong way. I'm going to get a little critical of my country in this episode, anyway. In nineteen fifty one, on Hageland's company introduced the CX fifty two cipher machine, and this one was sophisticated enough to present a code that American intelligence agents viewed as practically unbreakable at the time, and that in turn prompted some heated internal discussions within the US intelligence community and what should officials do about this? Because there was a real worry that countries might go out and buy Hageland's products. I mean, that's what Hagland was making them for. And if they did that, they would all be able to communicate secretly, and the Americans would be unable to snoop out what was going on. And boy, howdy does America hate that. So American officials gave a sort of carrot and a stick offer to Hagland. So on the one hand, they were a big customer for his company, right, the United States represented a significant potential customer for Hageland's products. He didn't want that source of revenue to go away. So there was that They also had a whole bunch of old M two nine cipher devices that were manufactured in America during World War Two, and there was at least the implied threat that if Hagelan wouldn't be you know, cooperative with the US, maybe the Americans might let a few thousand M two nine s get sold off to countries around the world, and that would undercut Crypto's own sales in the process. I mean, if you are a country you know, the head of an agency in a smaller country with limited resources, and the United States says, hey, we'll sell you these old but totally working cipher machines for much less than that brand new, shiny cipher machine. You're going to go with the cheaper model as long as it works, and that means that Crypto would not be making any sale. Then there was William Friedman, Hageland's old buddy. In nineteen fifty one, Freeman was then serving as the head of the Cryptographic Division of the Armed Forces Security Agency or AFSA AFSA. The following year he would become the head of the Cryptology Department for the National Security Agency, or the NSA. But it was in nineteen fifty one when Friedman would act on behalf of the US government and met secretly with Hagelan in Washington, d c. So Friedman goes up to Hagelan with a fairly thorny proposition. The deal was this, Hageland was to continue creating cipher machines just as the company had been, but Crypto would only sell the most sophisticated of those machines to a list of countries that the United States would provide to Hageland, and that would represent countries with whom the un U had very good relations, so allies and that sort of thing. They were the only countries who would be allowed to buy the top of the line products. Crypto would be allowed to sell older, more vulnerable or weak machines to any country that was not on that list. So in other words, Freeman was asking Hegeland to kind of put on a preference list certain countries and then everyone else would get older, more vulnerable technologies. However, that's the extent of that deal. It didn't go further than that, but it's still a pretty big request, and you can kind of understand where the US was coming from. At least, you know, they clearly did not want the job to be even harder when it came to breaking codes. And Hegeland would ultimately agree to this deal, and whether it was he saw a guaranteed payout from the US and so it was strictly a business decision. He just fello was in Goswel to turn down this offer, or he felt a strong sense of loyalty toward a country that had made him a millionaire, or maybe it was some combination of these and other factors. I don't know, but whatever it was, he said yes, and this would mark the beginning of the US intelligence community having a direct interest in a company that was selling cryptographic equipment, that is Crypto. But at this point it was still a fairly limited agreement. Crypto could still sell equipment to countries all around the world, though any country that was not on the US Best Buddy list would only have access to the older devices. Now this wasn't because US officials were feeling benevolent or anything like that. I don't want to paint it as that. There was a very real desire in America to push Crypto for a much more shady deal. Intelligence officials were hoping that they could work directly with Crypto to design machines that were produced codes that Americans could quickly break. People would think they were sending secure messages, but in reality the Americans would be able to decode those messages fairly quickly. But William Friedman discouraged anyone from America from going to Hageland with such an offer for several years. He said Hageland would never go for it. It would be deeply offensive to him. You're going to destroy this relationship we have let's not you know, let's let's hold back rather than have a loss. And hey, there were other companies out there, right, I mean, it's not like you had to buy from Crypto or else you'd have no way to communicate secretly. You could always get cipher machines and cryptography machines from some other source, right well. Part of the deal that the US made included substantial amounts of money meant to go toward marketing. The US wanted Crypto to be the world leader in the market for this sort of device, mostly in an effort to make sure that some other crypto company didn't come along with better, more difficult to crack solutions, because that would just set America back again. So the US supplied money year after year to Crypto to renew this agreement and to keep the company going even if things should get lean, all the while trying to promote cryptos products and hold back any of Crypto's competitors. It was pretty brutal. Things slowly began to change as time went on. The Invention of the transistor would bring on tons of innovation and miniaturization. So in the past electric circuits were physically enormous because you had to have components like vacuum tubes, and those took up a lot of space, and they also gave off a lot of heat, which generally is bad not just for humans but also for electronics. But in the mid nineteen sixties that was all starting to change. Electronic circuits could now be made much smaller thanks to the transistor, and they made it possible for all sorts of new gaps like pocket radios and desktop computers further down the line, and yes, new types of cryptographic machines. Hagelan was facing a very real problem at that point. His company was built around mechanical cryptographic devices. These were machines that relied on physical components like gears and levers and chains. But the electronic era was heading in a different direction, and the crypto company wasn't in a position to keep up. If Hagelan wanted to compete, he was going to need help. And when someone needs help, that means they are vulnerable. Now, if you're in a position to help someone, you can more or less selflessly help that person to get them out of that vulnerable position, or you can attempt to exploit it. And the US intelligence community with the NSSA at the forefront took option number two. THESA, as I said. The National Security Agency was founded in nineteen fifty two, just five years after the Central Intelligence Agency was founded. It's primarily focused on signals intelligence, and that is the interception and decoding of messages for the purposes of gathering intelligence. Over at the NSA, an analyst named Peter Jenks hypothesized that with care, you could create an electronic cryptographic system that would seem to be random, but it would actually depend upon a repeated pattern at regular intervals, and a casual glance at the code would make it seem as though the system was following a complicated algorithm and producing an uncrackable code because of some sort of random element. But the repetition of the pattern would actually make code breakers with sufficient computing power able to decode the messages. It wouldn't be easy, it wouldn't be as simple as just running it through a decode, but because of that pattern, it would become possible. Again, Patterns represent restrictions. Restrictions are vulnerabilities, and vulnerabilities can be exploited. So you can make a system that, at least on casual glance appears to be secure, but in reality it's not. So. The NSA reaches out to Crypto, which is really in need of expertise in the form of building electronic cryptographic machines, and Hageln welcomes the help because otherwise his business is going to completely lose out. So Crypto goes on to produce a machine called the H four to sixty based off the NSA's design. The company actually made two versions of the H four to sixty. One was compromised. It used the NSA's repeating pattern so that the agency could with time and effort, to code any messages that were composed on that particular machine. The other one was more secure, it didn't repeat the pattern, so the United States was still fine with Crypto selling those machines, the good ones to countries that were still on the US Best Buddy list. Everyone else would get the compromised version. Now. While the NSA's assistance meant that Crypto would remain a viable company as the world moved away from mechanical systems, it also meant that Crypto was a company that was becoming increasingly dependent upon American intelligence agencies. Toward the end of the sixties, folks in the CIA were starting to get a little bit antsy with the company Crypto. It was a valuable asset and countries around the world depended upon equipment from Crypto, which meant the US had incredible advantages when it came to deciphering intelligence. But Hagelin was getting up there in years, He was getting into his eighties, and there was no guarantee that his successor would be as amenable to the intelligence agents as Haglin had been. Initially, it appeared as though he was going to hand over control of his company to his son, Bo Hageln. The CIA was not crazy about that idea. The agency was not convinced that Bo Haglan would be as pliable as Boris Hagelin had been, and the nature of the company's relationship with the US intelligence community had been kept a secret from Bo. So Boris Hagelnd's own son did not apparently know about this relationship with the NSA and later the CIA. So Boris and his son Bo were also not on the best of terms. They frequently had pretty massive fights. Bo had felt he had been left out of some pretty important patents that he had contributed to, and so he was not on good speaking terms with his father. So this was a complicated issue and the US government wasn't entirely sure how it was going to play out. Meanwhile, over in Europe, you had intelligence agencies in West Germany because you know, after World War Two, Germany was split up into West Germany and East Germany. So West Germany and an intelligence agency in France were both eager to purchase Crypto from Hageland. You know, Hagland's getting very old, and so they think, hey, if we buy this company, then we can benefit from this technology. They had figured out that the United States had some sort of beneficial relationship with Crypto. I'm not sure if they knew the full extent of it, but they at least knew that there was Someboddy Buddy stuff going on there and they wanted to get in on that action. Haglan rejected this initial offer and told the CIA about it. So then we get to nineteen seventy and then two really big things happen. First, Bo Haglan Boris's son would die in a car accident, and no conspiracy theorist does not appear that this was engineered or manufactured in some way. It appears to have been just a car accident and Bo dies as a result of this. The CIA cooperates with West Germany's Federal Intelligence Service also known as bn D. It's called that because in German federal Intelligence service is a different, very long word that I am not even going to attempt to pronounce, and they create an agreement in which these two agencies would co own the company. In secret, the CIA told West Germany, hey, we'll totally go in z's with you on this one, but you got to cut France out of the deal, and West Germany said, okay. By France, alf Vida zey Hageln would be presented with this deal and would agree to the terms, and the agencies would rely upon a company in Liechtenstein that was called Marxer and Goop at the time. Great name, but Marxer and Goop would draw up the agreement in such a way that the agency's identities would be protected through a series of shell companies and other you know, obfuscation, so even if you were to dig into it, you would not be able to see that the CIA and B and D were co owners of this company. Instead, you would get all these this sort of a run around, you know, a wild goose chase about the ownership of Crypto. It would not appear to be owned by any intelligence agencies. However, so hag Glen sold his company for just under six million dollars. He would pass away in nineteen eighty three after a very long illness, so he kind of leaves our story. But meanwhile, the two intelligence agencies now had secret control of a company that manufactured products meant to make communications secret. I think you can see where this is going, right. If your agency is all about uncovering secrets and then you get control of a leading company that makes stuff that's supposed to create things secretly, you're like a kid in a candy store. I mean, it was like they were selling locks to everyone in the world, but they were holding on to all the skeleton keys that would give them access to those locks. It was incredible. Now, I should be clear that the list of clients for Crypto did not include everybody. Not everyone in the world was eager to purchase the products from this company. Two potential customers in particular were not on the list. China and Russia were both suspicious about Crypto for years. By the time the CIA gained partial ownership, so they did not purchase those products. They were figured something was up. But other countries, including lots of US allies, were Crypto customers frequent ones. While these two agencies would share ownership of the company for a couple of decades, things were not always super smooth between them. The West Germans noted in their own history about the project that was shared with The Washington Post that the Americans were eager to spy on everybody really, enemy or ally alike. The West German officials were really they were focusing on countries that were not allies, but the Americans wanted to snoop on everybody. CIA historians, meanwhile, note that the American officials felt that the West Germans were more interested in running Crypto as a straightforward business to earn money, and they were looking at as a revenue generator, not as a way to dip into secrets. So both the CIA and the B and D would take in millions of dollars over the years as they operated Crypto, and they would pour that money into other projects around the world. So if you ever wondered how some CIA operations appeared happen under the radar, it's not all just you know, dark deals that are behind closed doors in DC. Some of that money comes straight from CIA backed operations that are appearing to be you know, honest businesses. So that's fun. We're going to take a break for actual honest businesses. But we'll be right back after these messages. So in the CIA history for this project, and I have not read the entire history because it was not made available. The Post was only granted the right to produce excerpts from the report, not the entire report. But the agency refers to Crypto with a code name. That code name is Minerva, and the project of running Crypto in an effort to to produce equipment that could be exploited around the world had two different code names. The first one was the Saurus and the second one was Rubicon. So German intelligence agents would later bring in officials from Semens the company Semens to serve as advisors, technical advisors and entrepreneurial advisors for Crypto, and in return, Siemens would get five percent of cryptos sales. The Americans, they brought in Motorola to take some of Crypto's products and to tweak them to make them work better. Make them more commercially viable. So we've got two intelligence agencies and two major companies all working together as part of this, and all indications seem to point that at least some people in those two big companies knew what was up. By the nineteen eighties, more than half of all the intelligence gathered by the CIA that came from places other than China or Russia were encrypted by crypto machines. So when you look at all the information that the CIA was bringing in, if it wasn't from Russia and if it wasn't from China, more than half of the information had passed through a crypto machine, meaning that the CIA could decrypt it and read the underlying messages. There were some times where they said that they could read messages from certain countries with eighty to ninety percent success, which is pretty phenomenal in the world of cryptography and code breaking. Well, neither Russia nor China would use crypto devices, a lot of countries that were dealing with those countries with Russia and China did use crypto devices, so the CIA was able to learn a lot about operations going on in Russia and China indirectly through that means. This is also a good time to point out a parallel in our daily lives, which is that even if the content of our messages is safe, the act of sending messages can sometimes provide enough information for people to draw some pretty accurate conclusions. It shows us that metadata is really an important thing to remember. Metadata is the information about information, and sometimes you don't need to know the content of something in order to draw some pretty damaging or valuable conclusions. I guess it all depends upon your perspective. So this is kind of an example of that that even though Russia and China weren't using crypto devices, countries that were dealing with Russia and China were, and that meant the CIA could read at least that side of the messages. In nineteen eighty one, Saudi Arabia would become the biggest crypto customer and it would play a very important role. The crypto technology play a very important role in the Middle East. This also leads to a point in the Washington Post article where the authors state that it's kind of an open question as to how much the CIA knew about different operations around the world throughout this time and what the agency did or didn't do in preparation for those events, like whether or not they should have acted in some cases, like if they were aware of an assassination attempt, did they do anything to prevent that or to let anyone know? And if not, was it just because they were worried about compromising the fact that they knew about this information. At what point does the value go away from knowing information if you don't act on that information. These are big questions that are not answered in the article, by the way, and they bring up a lot of deep ethical problems with what was going on. So crypto would also receive a lot of direction from the CIA and from B and D to actively try and disparage competitors, to essentially run marketing campaigns that said, you know, cryptography devices from such and such a company are total crap, don't buy them. Come to us by our stuff, we are secure. They also were encouraged to bribe government officials to adopt crypto tech. So there's some pretty awful stories about crypto executives doing all sorts of stuff in order to you know, bribe governments from all over the world to adopt crypto technology. Skeezy skeezee stuff really makes me proud. US President Ronald Reagan inadvertently revealed that the US had intercepted and decrypted communications out of a Libyan embassy in East Berlin to Tripoli and that tiptf Libya that something was up right, that America somehow was able to decrypt messages, and considering the company they were relying upon for their cryptography, that started to raise some doubts about Crypto's authenticity, and not just with Libya, other countries took notice too. Employees at Crypto, meanwhile, didn't know about the arrangement right. They were working under the assumption that they were actually making genuine, reliable cryptography equipment, and occasionally an employee might look at something and say, huh, this is weird based upon what I know. This algorithm we're using or this system we're using has vulnerabilities, their problems with it. We should fix those before we ship this, because we could make it more secure. They would get discouraged from doing that, they would be told not to implement solutions. In one case that went much further than that, there was an employee named Peter Fritiger who was very frustrated with what was going on. He felt that Crypto was just being complacent or maybe negligent, and not responding to very real concerns that Fritiger had with clients in Damascus. So his clients in Damascus were complaining about their stuff. So he went to Damascus and he fixed their Crypto equipment. In other words, he removed the vulnerabilities that had been engineered to go into this stuff. And the Crypto CEO at the time would fire Fritiger as a result, because Fritiger had messed things up. He had actually made what was supposed to be a secure system and actual secure system. Of course, he didn't know that that was against the goals of the operation itself, and the CIA got very mad at the CEO for Crypto at that point, saying that he should have found a way to sort of bring Friutiture in under the fold to smooth things over, rather than fire him because it brought undue scrutiny to Crypto and its activities. Crypto also hired an electrical engineer named Mindia k. Flish and I'm sure I'm butchering these names, and I do apologize that also upset the NSSA, this time, not the CIA. But this NSSA because NSA knew about this electrical engineer, and they said, she is way too smart, she's going to figure out something's going on. You should not hire her. But Crypto hired her because was brilliant and was seen as a valuable asset. Turns out she was brilliant. She still is brilliant, and she kept trying to initiate fixes and improvements because she kept finding weaknesses and vulnerabilities in the systems, but she was always discouraged from actually implementing solutions, and she wondered what was going on, but she was a little worried about speaking up because she wasn't sure exactly what the extent was. The company would actually produce a machine using an algorithm she had designed that the NSA could not crack, So the NSA reached out to the CIA, and the CIA ordered the company Crypto, to stop the manufacturing process, saying, we can't produce these machines because we can't crack the code. You got to break it. So only fifty or so of these machines were actually manufactured. The company wind up selling those to banks because the thought was, well, banks have a need for security and we don't really need to snoop on them. That's not where our concern is. But from now on, when you make this device, make it with the algorithm that's broken on purpose because we want to be able to crack those codes. That's pretty dodgy anyway. There was also a mathematics professor from Stockholm whose name I would butcher terribly. He actually studied in the United States, and his American family, like me, would have trouble saying his name, so they called him Henry Henry Vindman. He was brought in to craft more sophisticated but vulnerable algorithms, so he was actually told about the real relationship between the CIA and then B and D and crypto. He was given the inside scoop and asked to become part of the team. And his purpose was to design algorithms that looked really super secure but secretly weren't. So he was trying to make stuff that appeared to be more on the up and up, but in fact had vulnerabilities built into it, and meanwhile to have those vulnerabilities designed in such a way that it created plausible deniability. In other words, if someone found the vulnerability, you could say, oh, that's due to human error or it was an implementation error, but it was not put there on purpose, even though it toats was. The CIA used Crypto communications to suss out where Manuel Noriega was based off communications from the Vatican. They intercepted those communications, decoded them, and were able to find Noriega as a result. In nineteen ninety two, Iran arrested a Crypto salesman named Hans Buehler, and Buehler didn't know about the relationship between Crypto and the CIA or the B and D. He had no knowledge of any of that, so he was literally an innocent salesman who thought he was selling legit cryptographic equipment. Iran had figured out something was going on. They had been suspicious ever since that incident with Libya I had mentioned, and so they arrested him and they essentially tortured him for nine months. The Iran demanded a one million dollar ransom from Crypto, and the company did pay it. The CIA did not chip in because the CIA has a policy against paying ransoms. We don't negotiate with terrorists, is the way America would put it. So this guy suffered for nine months in captivity before Crypto would pay the ransom and get him back, and he legit didn't know anything. He didn't know that the relationship existed, but he certainly suspected it by the time he was released, and he was worried about the fact that this foreign government seemed to know more about the company he was working for than he did. He ended up going to the press and talking about his experiences and it caused a bit of a stir in Europe. The CIA would actually refer to this entire incident with a code name. That code name was Hydra, so that's fun. Around that same time, Germany was reunified, right the Soviet Union fol East Germany and West Germany unified into Germany. The Berlin Wall came down, and it was around that same time that the B and D felt that Crypto's usefulness had pretty much expired, that now it was more of a risk that if the full extent of B and D's involvement in Crypto's activities were known, that could put Germany at risk, and so they ended up selling off their interest in Crypto to the CIA for around seventeen million dollars. So at that point forward, Crypto operated as a CIA backed operation secretly. But yeah, CIA had full ownership from around nineteen ninety three until twenty eighteen. That's when CIA would liquidate the company and sold it off to two other companies. The reason they did that is that by the time twenty eighteen rolled around, the cryptographic community was very different. It no longer was so dependent upon standalone machines, electronic or otherwise. A lot of solutions are software based or web based. They're not based on physical equipment. So the usefulness of Crypto as a company had pretty much gone out the window. It had provided the CIA with a ton of information, but they were, you know, there's no need to keep it running, so they sold it off for parts essentially. And you know, part of me says, this is spy stuff. Of course, spies are going to be sneaky. That's what spies do. Spies operate in a way where they are trying to avoid detection while they try to figure out what everyone else knows. That is the nature of spying, and everybody does it at the same time. There's something really sinister about secretly owning a security firm and using it to do the opposite of what the security firm says. It's doing right. It says it's protecting secrets, but in reality, it's leaving those secrets open for people to see. Now, I mentioned Huawei at the beginning of this episode, and the reason I did that is because, again around the same time that this story was breaking, we were hearing about how Huawei, the Chinese company telecommunications company, has had backdoor access to networks that it has rolled out for a decade. So Huawei makes all sorts of telecommunications equipment, including components for networks. They are a leading provider for five G components, for example, and there's been a concern around much of the world, but particularly in the United States, that this would mean that Huawei as a company would have at least some capability of snooping on communications that go across those networks. And since Huawei has some connections to the communist government of China, because China requires companies that operate in China to have this connection, that that would mean that those networks would be used specifically as surveillance tools. And in America you can kind of understand where they're coming from, because that's what Americans do. Like, if you're the one who's spying on everybody, you probably are really paranoid about everyone spying on you. It's just kind of how it works. Also, again, that report showed that for ten years, Huawei actually did have that capability. Whether they did anything with it or not is still an open question. But with Huawei, the story goes that they were building in these backdoor access channels for law enforcement officials. You know, law enforcement wants to have that kind of access so that if they're conducting investigation, they can look into communications going between various suspects so that they can better do their investigations. The problem is that Huawei was not just building these in for law enforcement, but was retaining its own access to those channels. And again, whether it was using it or not, I don't know, but the story goes that they were actually retaining that ability. And this leads me to another point I want to make before I conclude, which is that backdoor channels are always a terrible idea, always, always, always, always They inherently make systems less secure. So if your job is to make a secure system, building in a way to bypass that security is you might as well not have any security. It's a terrible idea. I get it. Why law enforcement and intelligence agencies want it because information is valuable and getting access to the information could mean the difference between life or death in some cases really can. But then you know, if you have those backdoor channels, it means that you don't have to go through the whole security process, and it means that someone else might potentially discover that and exploit it. So one, you've got the danger of the authorized parties abusing this power. Right, you've got the potential for an agency committing overreach like we've heard about the NSSAY and how that agency was collecting way more information than they should have been able to, including information from people that weren't under any direct surveillance, and how that can be abused. That's a terrible thing. So you don't want that capability. You don't want the ability of some agency that had had author backdoor access to abuse that power. You also don't want some third party that is not authorized at all finding out about that back channel and figuring out how to access it, because now your secure system has no security. So I guess the end message I want to give everybody is protect yourself as best you can, which is increasingly difficult when we don't know necessarily who is behind the systems that are actually making the security we depend upon. Another great example is people have pointed out is should we trust the security company Kaspersky, which comes from Russia, or is it possible that that could be a state backed operation that is slowly or quietly sewing in vulnerabilities from people who are using its products. I have not seen any specific reports on that. I'm just seeing people ask that question. But that leads us to start asking questions about everything. Probably not a bad idea, but it starts to, you know, it starts to create this system where we're not trusting anything, and at the end of the day, you either have to figure out you've got to trust somebody, or you got to just kind of disengage, or I guess you just resign yourself that all of your stuff is going to be findable and readable by everyone at some point or another. Happy Days. I hope you enjoyed that episode of tech Stuff When Secrets Aren't Secret. Back from February seventeenth, twenty twenty. Just a quick update. Tomorrow we're going to have a special episode of a different podcast published in the tech Stuff feed is called Technically Speaking, and I hope that you enjoy it. I will be back next week with all new episodes, and I hope you're all well, and I'll talk to you again really soon. Tech Stuff is an iHeartRadio production. For more podcasts from iHeartRadio, visit the iHeartRadio app, Apple Podcasts, or wherever you listen to your favorite shows.