Welcome to Tech Stuff, a production of I Heart Radios How Stuff Works. Hey there, and welcome to tech Stuff. I'm your host, Jonathan Strickland. I'm an executive producer with I Heart Radio and I love all things tech and you know. A few months back, I profiled the Chinese telecommunications company Huawei, which continues to be the focal point of scrutiny around the world. Huawei makes, among lots of
other stuff, critical components for five gene network infrastructure. There's some folks who worry that entrusting telecommunications infrastructure to a Chinese company is essentially inviting the government of China to spy on everybody, companies, other countries, everyone. Other folks aren't as concerned about that, or they took Huawei officials at their word that the company has no real ties to
the Chinese Communist government or its goals. But a recent story in The Washington Post and German broadcaster zd F China light on why it might be a good idea to view Whahwei with a critical eye, and another news item from the The Wall Street Journal showed that Huahwei has maintained a back door access to its networks for ten years So I want to talk about these stories, primarily focusing on the one from the Washington Post to talk about the business of communication and secrets and also
the business of eavesdropping and why all of this gets real dodgy, real fast. So the initial story doesn't involve China or five G networks. It goes further back than that. It actually concerns a Swiss company called Crypto a G and its ties to the Central Intelligence Agent Agency a k a. The c i A in the United States. The story is all about the battle between secrecy and surveillance, and it's also about trust, as in, whom do you trust when you want to send a secure communication to
someone else? If you're using some sort of technology to encrypt your stuff, who makes that that encryption you know, strategy, whether it's it's software or uh actual device or whatever it may be, who's making that and can they be trusted? And as it turns out, those are difficult questions to answer then would readily seem a parent Now, the story for this really begins with a Swedish inventor named Arvid
gerard Dom who was born in eighteen sixty nine. He worked in textile mills before he would start creating his own version of a cipher machine sometime around nineteen fifteen or so. So, what the heck is a cipher machine? Heck? What's a cipher? Well, a cipher is a code. It's a way of hiding the meaning of a message. And there are a lot of different approaches to encoding information, uh, And there are a lot of strategies that actually employ
multiple versions of this, multiple schemes. So, for example, one way to have a code is to use words that refer to something else. So instead of saying a military tank, you might say Thomas, you know, because you've got Thomas the tank engine. And you go from Thomas the tank engine to military tank and there you are. So if you referred to a Thomas, you might be talking about a tank. That would be a very bad code, or
at least a very easy to decipher code. But that's a version of codes where you have a codebook that tells you what certain words or phrases actually are meant to convey. Then you have ciphers in which you replace the letters of a message with some other letter or symbol, And the simplest of these is a shift cipher, sometimes also called a c zer cipher. And with these ciphers, you write on a message, but you shift all the
letters some predetermined number down or up the alphabet. So if you had a shift cipher with just one shift one step, that would mean that you would use the letter B to represent the letter A, you would use the letter C to represent the letter B, and so on down the alphabet. So if someone else were to get hold of the message at casual glance, the message would appear to be gibberish. But of course that particular cipher is super easy to decode, even if you are
shifting further up or down the alphabet. Let's say you're shifting up ten spots instead of one. Well, just because of the nature of language, someone with even a little bit of patients would be able to probably break that
code pretty quickly. Well. In the early twentieth century, inventors were working on mechanical systems that would create stronger ciphers, and initially these were mostly thought of as a way to protect business communications like financial communications between banks, for example, or sometimes political messages between different parts of the world,
like a government and its embassy in another country. That over time they would be adopted by militaries around the world to send secret communications back and forth between headquarters and units in the field, and these communications needed to be much more secure than a Caesar cipher could potentially offer. So the basic idea behind these cipher machines was that
you would have a device. Sometimes it would look like a typewriter, sometimes it would have a hand crank on it, but typically there'd be at least one dial, if not several dials, and perhaps some other components that would allow the operator to set the machine to establish the cipher. So you choose your settings, and then the operator would take a message that is meant to be encoded and then put it through this machine in some way. Maybe they're using a keyboard, maybe they're using a series of
keys and levers. However it may be they're actually typing out the message in plain text. But the cipher machines would have some sort of gears or other chains or systems that would turn with each letter type, and it would change the cipher as it did, so change the nature of it. And this was a really clever way to confound code breakers, particularly if the machine was really well designed. So let's say you are an operator and you have the word book that you need to encode
using one of these machines. So you have one of these particular machines, You type the letter B into the device, which, because of the settings for this particular session, will now print out the letter G. So the letter G means be with this particular cipher. The gears inside the machine turn after you've typed in the letter B, which prints out is G, So now the cipher is actually different. You type in the first OH in book and you get another G because of the way the cipher works.
Then the gears turn again. You type in the second OH, and now the machine prints out the letter F. The gears turn again, you type out the letter K, and you get the print out of K, so the printed
word says G G F K rather than book. Well, to decode the message, you would typically need the same sort of machine that was used to encode it, and you would need to know what settings the operator had been using when they started the message, and you would have to set up your machine to mirror that, and then you would end up taking the encoded message and you would start typing that out and the process would essentially reverse itself, and it would allow the operator to
read out the original message. So in our example, the operator on the other side would take g g F K and enter that into their machine and they would get the print out book. Now a couple of caveats here. Not all cipher machines are created equal right or were used to their best advantage. Sometimes people made bad decisions when it came to either designing cipher machines or implementing them.
For example, the big wigs might decide that in no circumstance would you ever have a letter represented by itself. You would never allow that to happen. So in the example I just gave where g g F K means book, that last k wouldn't work. You would have to have them the device go to a different letter because it would not allow itself to replicate a letter with the
representation of itself. Other rules that could cause problems on the role road might be a rule against the doubling of letters like the g G in g g F K. And the reason that these are problems is that if you have a code breaker who's really looking at these codes closely, and that code breaker starts to figure out that there are restrictions to the code they can build that into their code breaking models in an effort to crack the code, because as you put in restrictions, that
means you're reducing variables. And anyone who has worked in any sort of mathematics, particularly stuff like algebra, you know that to solve complicated problems you need to reduce variables. As you reduce variables, you make it easier to solve problems. So it was actually this sort of thing that would lead to the British cryptographers breaking German codes during World War Two. It wasn't that the technology itself was necessarily faulty.
It was that the Germans were kind of using bad methodology with some of their their equipment, and that's what gave an in road for code breakers. Now, if you want to learn way more about how these machines actually work, you can listen to tech Stuff Ponders and Enigma. That's a classic episode that originally published way back on October nineteen, two thousand eleven, and I actually did a tech Stuff classic rerun of that episode on October twelfth, two thousand eighteen.
The Enigma machine is the most famous cipher device that was made in the early twentieth century. It was made and used by the Germans, and it was used extensively
by the German military during World War Two. And in that podcast, my old co host Chris Pallette and I talked about how a really good cipher, one that's super hard to crack, is also a pain in the patukas to use because of that complexity, and that's mainly why officials would put rules in place that ultimately would serve as the downfall for their technology, because using the tech without those rules in place was possible, but not always fast enough to be practical. This would prove to be
a problem with cryptography and gen role. You want a system that's secure enough that you're reasonably certain a person who intercepts the message would be unable to make head or tail of it, right, That's the whole purpose of cryptography is to make any unauthorized person incapable of reading the message. But you also want your solution to be practical enough that your intended recipient can decode the message with a minimum of fuss, particularly if it relates to
a time sensitive issue. So in this case, you had Germans using the same settings on their Enigma machines for longer than they were supposed to, or they were co locating codebooks with the Enigma machines and those fell into Allied hands who were able to use those to decode messages. To this day, balancing out practical applications with security remains
a challenge. It may make it take longer for a message to get through from one point to another, which a lot of people don't accept in the age of information traveling at the speed of light, or it just maybe a pain to encrypt and decrypt, which also ends up becoming a barrier to adoption and implementation. Okay, let's get back to our story. So it's the nineteen tens. Rights around nineteen fifteen, Ared Garad Doam has patented an
encryption device. He got that patent by nineteen nineteen, and to manufacture and market the device, don would work with business partners to create a company originally called Cryptograph or a b Cryptograph, and one of Dom's investors was a guy named Carl Wilhelm Haglin who had made his money in Russia in the oil business. But then the Russian Revolution happened and Haglin fled with his family and they
returned to Haglin's homeland of Sweden. They brought the family with them and uh and Boris Hagelin was was Carl Wilhelm Haglin's son, and Boris was given a position and in Dom's company in return for this financial investment from his father. Now Boris would actually prove to be quite the entrepreneur. In nineteen twenty five, he would take over the company entirely. He became the new head of the company.
He would rename it Crypto Technic in nineteen thirty two, and then when the Nazis rose to power, he fled Sweden for Switzerland and re established his company there. And it was this company that he established that would later become known as Crypto a g the focus of our episode really. In the meantime, his company continued to produce new cipher machines, incorporating new features in an effort to
build machines that were able to create stronger codes. And again this was mostly for business use or occasional government use, but the rise of World War Two would create a new market as military sought ways to send messages securely without fear that their plans would be shown to an enemy, and that when the United States would enter into the picture, setting the stage for the company's future in ways Haglin could not have anticipated. I'll explain more when we come back,
but first let's take a quick break. So, when World War two broke out, the United States military would become one of Crypto a g s customers, and when the Nazis invaded Norway in Haglin would again move operations. This time he moved to the United States. His company's encryption device, known as the M two oh nine, would be produced
in the US. According to The Washington Post, there was a typewriter factory in upstate New York that would end up making around a hundred forty thousand of these M two oh nine encryption devices, and Haglin negotiated with the U. S. Army and landed an eight point six million dollar contract. A princely some today, but certainly a princely some way back in nineteen Haiglin's devices lacked the sophistication of Germany's
Enigma machine. They weren't nearly as complex, nor were they as capable of creating very tough encryption, so code breakers could suss out the original messages that were created on an M to two oh nine if they were given enough time and attention, and for that reason the army primarily relied on these devices to disguise extremely time sensitive orders.
So the logic was, by the time someone had actually broken the code, the information would be worthless anyway, because whatever was being covered in the message would have already happened. It would have been something that was more imminent, so you wouldn't be able to act on the information, even though you'd be able to at least decode what had been said. So you wouldn't want to use these devices for any sort of long term plans because they were crackable.
People could crack the codes we given enough a time now. Around that same time, Haglin became good friends with another cryptographer named William Friedman. Freeman was born in Russia. Actually, so was Haglin. Haglin's parents were Swedish, but when they had Boris he was the family was in Russia, so Freedman's family left Russia when Freedman was just a baby back in eighteen ninety two due to a rise in anti Semitism in Russia, and Freedman his family is Jewish.
So Freeman grew up loving codes and cryptography and became fascinated with them. Uh, he joined a private research lab. He met and then courted and then married a woman named Elizabeth Smith, who on her own was an accomplished cryptographer, a brilliant cryptographer, and they both sort of worked for George Fabian, and that was the guy who owned the private research lab. Fabian sounds like the sort of person who really belonged in the Renaissance as far as I'm concerned.
In the Renaissance, you had rich nobles who would become patrons of great thinkers and philosophers and artists. Fabian he established this private research lab in order to look into stuff that he just thought was interesting, which I think
is kind of cool, maybe a little eccentric. Well, when the United States entered World War One, the Freedman's husband and wife would work in code breaking for the United States, and the cryptologic division of the research lab became the genesis for the American Cryptography Service, So William Freeman would
later become the chief crypto analyst. In fact, he termed the are, coined the term crypto analysis for the United States, and would lead the future Signals Intelligence Service before going on to serve in other intelligence agencies as a cryptographer, so Freedman was very much working in the same world as Hagland, though you could say that these were from opposing perspectives, right, because Hagland's company was all about producing
machines that could in cipher messages, while Freedman was largely interested in finding methods to de cipher codes. Though Freeman also worked in in theory as well to talk about different ways to create stronger ciphers. And we'll come back
to Freedman in just a moment. So Haglin would stay in the US until World War Two ended in Europe, and he had become extremely wealthy due to the lucrative army contract he had made, and he had built many professional and personal relationships in the United States, so he would have strong ties to the US. He then returned
to Europe to again re establish his company there. Meanwhile, American intelligence officials were starting to get a little worried because code breaking was growing increasingly difficult due to sophisticated machines running complicated systems to create these codes. And if you had little insight into how those machines worked or which systems they were following at any given time, you had really little hope of breaking a code in a
reasonable amount of time. So it's very clear that a lot of people were having really secret conversations that American spies were unable to decipher, and that just rubbed the Americans the wrong way. I'm gonna get a little critical
of my country in this episode. Uh. Anyway, in nineteen fifty one, Haigland's company introduced the c X fifty two cipher machine, and this one was sophisticated enough to present a code that American intelligence agents viewed as practically unbreakable at the time, and that in turn prompted some heated internal discussions within the U. S Intelligence community and what should officials do about this? Because there was a real worry that countries might go out and buy Haglin's products.
I mean, that's what Haglin was making them for, and if they did that, they would all be able to communicate secretly and Americans would be unable to snoop out what was going on. And boy, howdy does America hate that. So American officials gave a sort of carrot and a stick offer to Haglin. So on the one hand, they were a big customer for his company. Right the United States represented a significant potential customer for Hagland's products. He
didn't want that source of revenue to go away. So there was that they also had a whole bunch of old M two o nine cipher devices that were manufactured in America during World War Two, and there was at least the implied threat that if Haglin wouldn't be you know, cooperative with the US, maybe the America can might let a few thousand M two oh nine's get sold off to countries around the world, and that would undercut Crypto's
own sales in the process. I mean, if you are a kind of you know, the head of an agency in a smaller country with limited resources, and the United States says, hey, we'll sell you these old but totally working cipher machines for much less than that brand new, shiny cipher machine. You're gonna go with the cheaper model as long as it works, and that means that Crypto would not be making any sales. Uh. Then there was
William Freedman, Haglin's old buddy. In nineteen fifty one. Freeman was then serving as the head of the cryptographic Division of the Armed Forces Security Agency or AFSA. A f s A. The following year he would become the head of the cryptology Department for the National Security Agency or the n s A. It was in when Freedman would act on behalf of the U. S Government and met secretly with Haglin in Washington, d C. So Freedman goes
up to Haglin with a fairly thorny proposition. The deal was this, Haglin was to continue creating cipher machines just as the company had been, but Crypto would only sell the most sophisticated of those machines to a list of countries that the United States would provide to Haglin, and that would represent countries with whom the US had very good relations, so allies and that sort of thing. They were the only countries who would be allowed to buy
the top of the line products. Crypto would be allowed to sell older, more vulnerable or weak machines to any country that was not on that list. So, in other words, Freeman was asking Haglin to kind of put on a preference list certain countries and then everyone else would get older, more vulnerable technologies. Uh. However, that's the extent of that deal. It didn't go further than that, but it's still a pretty big request. And you can kind of understand where
the US was coming from. At least, you know, they clearly did not want the job to be even harder when it came to breaking codes. And Haglin would ultimately agree to this deal. And whether it was he saw a guaranteed payout from the US and so it was strictly a business decision. He just felt it was impossible to turn down this offer, or he felt a strong sense of loyalty toward a country that had made him a millionaire, or maybe it was some combination of these
and other factors. I don't know, but whatever it was, he said yes. And this would mark the beginning of the U S intelligence community having a direct interest in a company that was selling cryptographic equipment, that is Crypto. But at this point it was still a fairly limited agreement. Crypto could still sell equipment to countries all around the world, though any country that was not on the US Best Buddy list would only have access to the older devices.
Now this wasn't because US officials were feeling benevolent or anything like that. I don't want to paint paint in his that there was a very real desire in America to push Crypto for a much more shady deal. Intelligence officials were hoping that they could work directly with Crypto to design machines that would produced codes that Americans could quickly break. People would think they were sending secure messages, but in reality the Americans would be able to decode
those messages fairly quickly. But William Friedman discouraged anyone from America from going to Hagland with such an offer for several years. He said Haglin would never go for it. It would be deeply offensive to him. You're going to destroy this or relationship we have. Let's not you know, let's let's let's hold back rather than have a loss. And hey, there were other companies out there, right, I mean, it's it's not like you had to buy from Crypto
or else you'd have no way to communicate secretly. You could always get cipher machines and cryptography machines from some other source, right well. Part of the deal that the US made included substantial amounts of money meant to go
toward marketing. The US wanted Crypto to be the world leader in the market for this sort of of device, mostly in an effort to make sure that some other crypto company didn't come along with better, more difficult to crack solutions, because that would just set America back again. So the US supplied money year after year to Crypto to renew this agreement and to keep the company going even if things should get lean. All the while trying to promote cryptos products and hold back any of cryptos
competitors was pretty brutal. Things slowly began to change as time went on. The invention of the transistor would bring on tons of innovation and maniaturization. So in the past, electric circuits were physically enormous because you had to have components like vacuum tubes, and those took up a lot of space, and they also gave off a lot of heat, which generally is bad not just for humans but also for electronics. But in the mid nineteen sixties that was
all starting to change. Electronic circuits could now be made much smaller thanks to the transistor, and they made it possible for all sorts of new gadgets like pocket radios and desktop computers. Further down the line, and yes, new types of cryptographic machines Haglin was facing a very real problem at that point. His company was built around mechanical cryptographic devices. These were machines that relied on physical components
like gears and levers and chains. But the electronic era was heading in a different direction and the crypto company wasn't in a position to keep up. If Haglin wanted to compete, he was going to need help. And when someone needs help, that means they are vulnerable. Now, if you're in a position to help someone, you can more or less selflessly help that person to get them out of that vulnerable position, or you can attempt to exploit it. And the U S Intelligence community, with the n s
A at the forefront, took option number two. The n s A, as I said, the National Security Agency was founded in nineteen fifty two, just five years after the Central Intelligence Agency was founded. It's primarily focused on signals intelligence, and that is the interception and decoding of messages for
the purposes of gathering intelligence. Over at the n s A, an analyst named Peter Jenks hypothesized that with care, you could create an electronic cryptographic system that would seem to be random, but it would actually depend upon a repeated pattern at regular intervals, and a casual glance of the code would make it seem as though the system was following a complicated algorithm and producing an uncrackable code because
of some sort of random element. But the repetition of the pattern would actually make code breakers with sufficient computing power able to decode the messages. It wouldn't be easy, it wouldn't be as simple as just running it through a decoder, but because of that pattern, it would become possible. Again, patterns represent restrictions. Restrictions are vulnerabilities, and vulnerabilities can be exploited, so you can make a system that, at least on
casual glance, appears to be secure, but in reality it's not. So. The n s A reaches out the Crypto, which is really in need of x pertise in the form of building electronic cryptographic machines, and Haglin welcomes the help because otherwise his business is going to completely lose out. So Crypto goes on to produce a machine called the H four sixty based off the NSA's design. The company actually made two versions of the H four sixty. One was compromised.
It used the n s as repeating pattern, so that the agency could, with time and effort to code any messages that were composed on that particular machine. The other one was more secure, it didn't repeat the pattern. So the United States was still fine with Crypto selling those machines, the the good ones two countries that were still on the US Best Buddy list. Everyone else would get the
compromised version. Now. While the n s a's assistance meant that Crypto would remain a viable company as the world moved away from mechanical systems, it also meant that Crypto was a company that was becoming increasingly dependent upon American intelligence agencies. Toward the end of the sixties, folks in the CIA were starting to get a little bit antsy
with the company Crypto. It was a valuable asset, and countries around the world depended upon equipment from Crypto, which met the US had incredible advantages when it came to deciphering intelligence. But Haglin was getting up there in years. He was getting into his eighties, and there was no guarantee that his successor would be as amenable to the intelligence agents as Hagelin had been. Initially, it appeared as though he was going to hand over control of his
company to his son, Bo Haglin. The CIA was not crazy about that idea. The agency was not convinced that bo Haglin would be as pliable as Boris Hagelin had been, and the nature of the company's relationship with the U. S. Intelligence community had been kept a secret from Bow. So Boris Hagelin's own son did not apparently know about this relationship with uh the n s A and later the CIA. So Boris and his son Bow were also not on the best of terms. They frequently had pretty massive fights.
Bo had felt he had been left out of some pretty important patents that he had contributed to, and so he was not on good speaking terms with his father. Uh So this was a complicated issue, and the the U. S. Government wasn't entirely sure how it was going to play out. Meanwhile, over in Europe, you had intelligence agencies in West Germany because you know, after World War Two, Germany was split
up into West Germany and East Germany. So West Germany and an intelligence agency in France were both eager to purchase crypto from Hageland. You know, Hagland's getting very old, and so they think, hey, if we buy this company, then we can benefit from this technology. They they had figured out that the United States had some sort of beneficial relationship with Crypto. I'm not sure if they knew the full extent of it, but they at least knew that there was some buddy buddy stuff going on there,
and they wanted to get in on that action. Haglin rejected this initial offer and told the c I A about it. So then we get to nineteen seventy, and then two really big things happen. First, Bo Haglin Boris's son would die in a car accident. UH. And no conspiracy theorists does not appear that this was, you know, engineered or manufactured in some way. Uh. It appears to have been just a car accident and Bo dies as
a result of this. The CIA cooperates with West Germany's Federal Intelligence Service also known as b n D. It's called that because in German federal intelligence service is a different, very long word that I am not even going to attempt to pronounce, and they create an agreement in which these two agencies would co own the company in secret. UH. The CIA told West Germany, hey will totally go in Z's with you on this one, but you got to cut France out of the deal, and West Germany said,
uh okay by France, uh al vita Zane. Haglin would be presented with this deal and would agree to the terms, and the agencies would rely upon a company in Liechtenstein that was called Mark ser and Goop at the time.
Great name, but Mark Staring Goop would draw up the agreement in such a way that the agency's identities would be protected through a series of shell companies and other you know, ob you skation, So even if you were to dig into it, you would not be able to see that the C, I, A, and B and D were co owners of this company. Instead, you would get all these this sort of a runaround, you know, a
wild goose chase about the ownership of Crypto. It would not appear to be owned by any intelligence agencies, however, So Hagln sold his company for just under six million dollars. Uh. He would pass away in three after a very long illness, so he kind of leaves our story. But meanwhile, the two intelligence agencies now had secret control of a company that manufactured products meant to make communications secret I think
you can see where this is going. Right. If you're if your agency is all about uncovering secrets, and then you get control of a leading company that makes stuff that's supposed to create things secretly, you're like a kid in a candy store. I mean it was like it was like they were selling locks to everyone in the world, but they were holding on to all the skeleton keys that would give them access to those locks. It was incredible. Now, I should be clear that the list of clients for
Crypto did not include everybody. Not everyone in the world was eager to purchase the products from this company. To potential customers in particular were not on the list. China and Russia were both suspicious about Crypto for years by the time the CIA gained partial ownership, so they did not purchase those products. They were figured something was up. But other countries, including lots of US allies, were Crypto
customers frequent ones. While these two agencies would share ownership of the company for a couple of decades, things were not always super smooth between them. The West Germans noted in their own history about the project that was shared with The Washington Post that the Americans were eager to spy on everybody really, enemy or ally alike. The West German officials were really they were focusing on countries that were not allies, but the Americans wanted to snoop on everybody.
CIA historians meanwhile, note that the American officials felt that the West Germans were more interested in running crypto as a straightforward business to earn money, and they were looking at as a revenue generator, not as a way to you know, dip into secrets. So both the CIA and the B and D would take in millions of dollars over the years as they operated crypto, and they would
pour that money into other projects around the world. So if you ever wondered how some CIA operations appear to happen under the radar, it's not all just you know, dark deals that are behind closed doors and d C. Some of that money comes straight from c I A backed operations that are appearing to be you know, honest businesses. So that's fun. We're going to take a break for actual honest businesses, but we'll be right back after these
mess stages. So in the c I A history for this project, and I have not read the entire history because it was not made available. The Post was only granted the right to produce excerpts from the report, not the entire report. But the agency refers to Crypto with a code name. That code name is Minerva, and the project of running Crypto in an effort to UH to produce equipment that could be exploited around the world, had two different code names. The first one was the Saurus
and the second one was Rubicon UH. So German intelligence agents would later bring in officials from Siemens, the company Siemens to serve as advisors, technical advisors and entrepreneurial advisors for Crypto, and in return, Siemens would get five pc of Cryptos sales. The Americans they brought in Motorola to take some of cryptos products and to tweak them to make them, you know, work better, make them more commercially viable.
So we've got two intelligence agencies and two major companies all working together as part of this, and all indications seemed to point that at least some people in those two big companies knew what was up. By the nineteen eighties, more than half of all the intelligence gathered by the CIA that came from places other than China or Russia
were encrypted by crypto machines. So when you look at all the information that the CIA was bringing in, uh, if it wasn't from Russia and if it wasn't from China, more than half of the information had passed through a crypto machine, meaning that the CIA could decrypt it and read the underlying messages. There are sometimes where they said that they could read messages from certain countries with eight to nine success, which is pretty phenomenal in the world
of cryptography and code breaking. While neither Russia nor China would use crypto devices, a lot of countries that we're dealing with, those countries with Russia and China did use crypto devices, so the CIA was able to learn a lot about operations going on in Russia and China indirectly
through that means. This is also a good time to point out a parallel in our daily lives, which is that even if the content of our messages is safe, the act of sending messages can sometimes provide enough information for people to draw some pretty accurate conclusions. It shows us that metadata is really an important thing to remember. Metadata is the formation about information, and sometimes you don't need to know the content of something in order to
draw some pretty damaging or valuable conclusions. I guess it all depends upon your perspective. So this is kind of an example of that that even though Russia and China weren't using crypto devices, countries that we're dealing with, Russia and China were, and that meant the CIA could read at least that side of the messages. In nineteen one, Saudi Arabia would become the biggest crypto customer and it would play a very important role. The crypto technology would
play a very important role in the Middle East. This also leads to a point in the Washington Post article where the authors state that it's kind of an open question as to how much the CIA knew about different operations around the world throughout this time, and what the agency did or didn't do in preparation for the events, like whether or not they should have acted in some cases, like if they were aware of an assassination attempt, did they do anything to prevent that or to let anyone know?
And if not, was it just because they were worried about compromising the fact that they knew about this information. At what point does the value go away? From knowing information if you don't act on that information. These are big questions that are not answered in the article, by the way, uh, and they bring up a lot of
deep ethical problems with what was going on. So crypto would also receive a lot of direction from the CIA and from BND two actively try and disparage competitors to essentially run marketing campaigns that said, you know, cryptography devices from such and such a company are total crap. Don't buy them. Come to us by our stuff, we are secure. Uh. They also were encouraged to bribe government officials to adopt
crypto tech. So there's some pretty awful stories about crypto executives doing all sorts of stuff in order to you know, bribe governments from all over the world to adopt crypto technology.
Skiezy scheezy stuff really makes me proud um. US President Ronald Reagan inadvertently revealed that the US had intercepted and decrypted communications out of a Libyan embassy in East Berlin to Tripoli, and that tipped off Libya that something was up right, that America somehow was able to decrypt messages, and considering the company they were relying upon for their cryptography. That started to raise some doubts about Crypto's authenticity, and
not just with Libya. Other countries took notice to employees at Crypto. Meanwhile, didn't know about the arrangement. Right they were working under the assumption that they were actually making genuine, reliable cryptography equipment, And occasionally an employee might look at something and say, ha, this is weird based upon what I know. This algorithm we're using or this system we're
using has vulnerabilities. Their their problems with it. We should fix those before we ship this because we could make it more secure. They would get discouraged from doing that, they would be told not to implement solutions. In one case, it went much further than that. Uh. There was an employee named Peter Fruitager who was very frustrated with what was going on. He felt that that Crypto was just being complacent or maybe negligent, and not responding to very
real concerns that Furniture had with clients in Damascus. So his clients and Damascus were complaining about their stuff. So he went to Damascus and he fixed their crypto equipment. In other words, he removed the vulnerabilities that had been engineered to go into this stuff, and the Crypto CEO at the time would fire Friutiture as a result, because Frititor had had messed things up. He had actually made a what was supposed to be a secure system and
actual secure system. Of course he didn't know that that was against the goals of the operation itself, and the c i A got very mad at the CEO for Crypto at that point, saying that he should have found a way to sort of bring Frutiture in under the fold to smooth things over, rather than fire him because it brought undoe scrutiny to Crypto and its activities. Crypto also hired an electrical engineer named Manjia Ca Flesh and
I'm sure I'm butchering these names, and I do apologize. Uh. That also upset the n s A this time, not the c i A, but the n s A because N s A knew about this this electrical engineer, and they said, she is way too smart, she's going to figure out something's going on. You should not hire her. But Crypto hired her because she's was brilliant and was seen as a valuable asset. Turns out she was brilliant.
She still is brilliant, and she kept trying to initiate fixes and improvements because she kept finding weaknesses and vulnerabilities in the systems, but she was always discouraged from actually implementing solutions, and she wondered what was going on, but she was a little worried about speaking up because she
wasn't sure exactly what the extent was. The company would actually produce a machine using an algorithm she had designed that the n s A could not crack, So the n s A reached out to the CIA, and the CIA ordered the company Crypto to stop the manufacturing process, saying, we can't produce these machines because we can't crack the code. You've gotta break it. So only fifty or so of
these machines were actually manufactured. The company wind up selling those two banks because the thought was, well, banks have a need for security, and we don't really need to snoop on them. That's not where our concern is. Uh, But from now on, when you make this device, make it with the algorithm that's broken on purpose, because we want to be able to crack those codes. So that's pretty dodgy anyway. There was also a mathematics professor from
Stockholm whose name I would butcher terribly. He actually studied in the United States and his American family, like me, would have trouble saying his name, so they called him Henry Henry Vidman. He was brought into craft more sophisticated but vulnerable out rhythms. So he was actually told about the real relationship between the CIA and then B and
D and crypto. He was given the inside scoop and asked to become part of the team, and his purpose was to design algorithms that looked really super secure but secretly weren't. So he was trying to make stuff that appeared to be more on the up and up, but in fact had vulnerabilities built into it, and meanwhile to have those vulnerabilities designed in such a way that it
created plausible deniability. In other words, if someone found the vulnerability, you could say, oh, that's due to human error or it was an implementation error, but it was not put there on purpose, even though it toats was. The CIA used crypto communications to suss out where Manuel Noriega was based off communications from the Vatican. They intercepted those communications,
decoded them, and were able to find Noriega. As a result, in Iran arrested a Crypto salesman named Hans Bueller, and Bueller didn't know about the relationship between Crypto and the CIA or the B and D. He had no knowledge of any of that. So he was literally an innocent salesman who thought he was selling legit cryptographic equipment. Iran
had figured out something was going on. They had been suspicious ever since that incident with Libya I had mentioned earlier, and so they arrested him and they essentially tortured him for nine months. Uh the Iran demanded a one million dollar ransom from Crypto, and the company did pay it. The CIA did not chip in because the CIA has a policy against paying ransoms. We don't negotiate with terrorists,
is the way America would put it. So this guy suffered for nine months in captivity before Crypto would pay the ransom and get him back. And he legit didn't know anything. He didn't know that the relationship existed, but he certainly suspected it by the time he was released, and he was worried about the fact that this foreign government seemed to know more about the company he was working for than he did. He ended up going to the press and talking about his experiences and it caused
a bit of a stir in Europe. The CIA would actually refer to this entire incident with a code name. That code name was Hydra, so that's fun. Around that same time, Germany was reunified, right the Soviet Union fell,
East Germany and West Germany unified into Germany. The Berlin Wall came down, and it was around that same time that the B and D felt that crypto's usefulness had pretty much expied eared that now it was more of a risk that if the full extent of B and D's involvement in cryptos activities were known, that could put Germany at risk. And so they ended up selling off their interest in Crypto to the CIA for around seventeen
million dollars. So at that point forward, Crypto operated as a c I A backed operation secretly, but yeah, CIA had full ownership from around until two thousand eighteen. That's when CIA would liquidate the company and sold it off to to other companies. Um. The reason they did that is that by the time rolled around, the cryptographic community was very different. It no longer was so dependent upon standalone machines, electronic or otherwise. A lot of solutions are
software based or web based. Uh, they're not based on on physical equipment, so they're The usefulness of Crypto as a company had pretty much gone out the window. Uh. It had provided the CIA with a ton of information, but they were you know, there's no no need to keep it running, so they sold it off for parts essentially. Um And you know, part of me says, this is spy stuff. Of course, spies are going to be sneaky.
That's what spies do. Spies operate in a way where they are trying to avoid detection while they try to figure out what everyone else knows. That is the nature of spying, and everybody does it. At the same time, there's something really sinister about secretly owning a security firm and uh using it to to do the opposite of what the security firm says it's doing. Right. It says it's tecting secrets, but in reality, it's leaving those secrets
open for people to see. Now. I mentioned Huawei at the beginning of this episode, and the reason I did that is because, again, around the same time that this story was breaking, we were hearing about how Huawei, the Chinese company telecommunications company, has had back door access to networks that it it has rolled out for a decade. So Whahwei makes all sorts of telecommunications equipment, including components
for networks. UH they are a leading provider for five G components, for example, And there's been a concern around much of the world, but particularly in the United States, that this would mean that Huawei as a company would have at least some capability of snooping on communications that
go across those networks. And since Huawei has some connections to the communist government of China, because China requires companies that operate in China to have this connection, that that would mean that those networks would be used specifically as surveillance tools. And in America you can kind of understand where they're coming from, because that's what Americans do. Like, if you're the one who spying on everybody, you probably are really paranoid about everyone spying on you. It's just
kind of how it works. Also, again, that report showed that for ten years, Whahwei actually did have that capability. Whether they did anything with it or not, it's still an open question. But with Whahwei, the story goes that they were building in these back door access channels for law enforcement officials. You know, law enforcement wants to have that kind of access so that if they're conducting investigation, they can look into communications going between various suspects so
that they can better do their investigations. Uh. The problem is that Huahwei was not just building these in for law enforcement, but was retaining its own access to those channels. And again, whether it was using it or not, I don't know, but the story goes that they were actually retaining that ability. Uh. And this leads me to another point I want to make before I conclude, which is that back door channels are always a terrible idea, always, always, always,
always Uh. They inherently make systems less secure. So if your job is to make a secure system, building in a way to bypass that security is you might as well not have any security. It's a terrible idea. I get it why law enforcement and intelligence agencies want it, because information is valuable and getting access to the information could mean the difference between life or death in some cases,
and really can. But then you know, if you have those backdoor channels, it means that you don't have to go through the whole security process, and it means that someone else might potentially discover that and expl laid it. So one you've got the danger of the authorized parties
abusing this power. Right, you've got the potential for an agency committing overreach, like we've heard about the n s A and how that agency was collecting way more information than they should have been able to, including information from people that weren't under any direct surveillance, and how that can be abused. That's a terrible thing. So you don't want that capability. You don't want the ability of some agency that had had authorized backdoor access to abuse that power.
You also don't want some third party that is not authorized at all finding out about that back channel and figuring out how to access it, because now your secure system has no security. So I guess the in message I want to give everybody is protect yourself as best you can, which is increasingly difficult when we don't know necessary who is behind the systems that are actually making
the security we depend upon. Another great example is people have pointed out is should we trust the security company Kasperski, which comes from Russia or is it possible that that could be a state backed operation that is slowly or quietly sewing in vulnerabilities from people who are using its products. Uh. I have not seen any specific reports on that. I'm just seeing people ask that question. But that leads us
to start asking questions about everything. Probably not a bad idea, but it starts to, you know, it starts to create this system where we're not trusting anything, and at the end of the day, you either have to figure out you've got to trust somebody, or you've got to just kind of disengage, or I guess you just resign yourself that all of your stuff is going to be findable and readable by everyone at some point or another. Happy Days. That wraps up this episode of text stuff, And this
is a pretty heavy topic. So in our next episode, I'm gonna have a special guest join us, at least that's the plan, and we're gonna have a conversation about misinformation on the Internet and how it can quickly get spread and evolve in rapid succession to the point where it's passed as gospel. But that will be for our next episode. If you have suggestions for future topics I should cover on tech stuff, reach out to me on Facebook. Or Twitter. I use the handle text stuff h s
W at both. I look forward to hearing from you, and I'll talk to you again really soon. Text Stuff is a production of I Heart Radio's How Stuff Works. For more podcasts from my heart Radio, visit the I heart Radio app, Apple Podcasts, or wherever you listen to your favorite show. Ye