In June 1970, the American Central Intelligence Agency (CIA) in partnership with the German intelligence agency Bundesnachrichtendienst (BND) secretly purchased the Swiss coding machine manufacturer, Crypto AG. As one of the most reputable firms in the market, Crypto AG had governments and militaries among their clients allowing the US and West German intelligence agencies unprecedented access to a huge range of classified information and prior knowledge of some of the most significant events of the 20th Century.
Recent revelations of this collaboration between American and West German intelligence agencies, known as Operation Rubicon, have led to the total reevaluation of our perception of intelligence activities during the Cold War, explain Dr Melina Dobson, Dr Jason Dymydiuk and Sarah Mainwaring from PAIS.
Operation Rubicon was one of the largest, longest, and most successful signals intelligence operations of the Cold War. The deal to purchase Swiss cypher machine manufacturer Crypto AG, code named Minerva, was agreed and carried out in utmost secrecy. Enabled through intermediaries the details of Crypto AG’s new ownership would remain hidden from all but a select few individuals, including the company’s employees.
The secret purchase also allowed the CIA and the BND to retain the company’s extensive global customer portfolio. This would be a key component of their success. Crypto AG sold their devices to over sixty countries worldwide - including Argentina, Egypt, Greece, India, Italy, Iran, and Libya. As one of the most reputable firms in the market, it had governments and militaries alike on their books. Now fully under CIA and BND control the company product design was easily manipulated. Under the code name, Operation Rubicon, the two intelligence agencies created an insecure mechanism for their cipher machines, readable only by American and German intelligence.
How significant was this covert operation?
Rubicon can, in many ways, be considered as a singularly successful intelligence operation. Historical CIA and BND documents uncovered by journalists and academics illustrate how this operation allowed for policy makers to have access to the highly sensitive communications data of their enemies, for decades. An untold number of key Cold War events were affected by the communication that was collected through Crypto AG machines including, the Suez Canal Crisis (1956), the Camp David Peace Accords (1978), the Iranian Hostage Crisis (1979), the Berlin Discotheque bombing (1986), and many others. As events played out internationally, officials in America and Germany sat back and enjoyed their harvest.
Knowledge of the partnership has fundamentally challenged some of our core perceptions in intelligence studies. We often associate the CIA with spying ‘behind enemy lines’, covert action and human intelligence collection abroad, meaning we have perhaps misunderstood the CIA by overlooking its role in signals intelligence operations. Reading up on Cold War history, we are confronted by many stories of American and British activities of this time. But information about Rubicon leads us to question whether we have underestimated Germany’s importance and expertise. Was West Germany more active and influential than we believed in the game of espionage?
It started with two friends
The operation started life as an unofficial arrangement between two friends Boris Hagelin, founder of Crypto AG, and William Friedman a National Security Agency (NSA) cryptologist. In 1953, they agreed to restrict the sale of secure products to ‘friendly’ countries. All other machines sold were ‘readable’ by American intelligence. Thus, enforcing the dominance of Western powers. Known as the ‘Gentlemen’s Agreement’, since it was not an officially signed deal, the arrangement existed throughout the 1950s. Its success was limited because the relationship between the NSA and Hagelin grew increasingly strained. The NSA was unwilling to share necessary information with Hagelin and Hagelin grew tired of the restrictions that they placed on his sales.
Eventually, in the late 1950s, the NSA withdrew from the relationship with Hagelin. A decade of negotiations and a five-year licensing agreement between the CIA and Crypto AG followed. In 1969, talks in Washington DC between NSA and a key German intelligence figure, Wilhelm Göing, would trigger the eventual joint purchase of Crypto AG by the BND and the CIA.
The Wizards of Langley and the hierarchy of security
The CIA’s interest in communications intelligence is perhaps the least understood of all its activities. The ‘Wizards of Langley’ is the nickname for those working on technological innovation at the CIA headquarters in Langley, Virginia. For decades these “Wizards” pursued new ways to use science and technology to their advantage, planting bugs in foreign embassies and driving a secret Tunnel into the heart of Berlin. Purchasing a company like Crypto AG offered a further opportunity. Owning the company, Langley could direct less secure machines to be sold to countries of interest across the world. Selling weaker machines to governments across the Middle East, Latin America and Africa, Operation Rubicon created a hierarchy of security, protecting the Global North while making the Global South a key intelligence target.
Initially, the CIA and NSA disagreed on the purchase of Crypto AG. NSA believed that Crypto AG customers used poor processes and therefore weakened their own communications. It left the door open for a potential German-French venture to purchase the company. However, CIA realised the future rewards of owning the firm when communications security was quickly improving. NSA was convinced to take a technical role behind the scenes and both US agencies agreed that the French should not be involved. Eventually, the American’s and Germans agreed on a partnership deal.
Operation Rubicon was primarily a partnership between the CIA and BND. However, its activities often benefitted from the technical expertise of the NSA and Motorola, as well as European based companies such as Siemens. The first objective was to place hidden weaknesses into the security mechanism of Crypto AG machines. This manipulation would ensure that the communication produced by these machines were accessible by the CIA and BND.
Overall, Crypto AG clients were none the wiser that their correspondence had been compromised. When suspicions did arise, Crypto AG quickly covered up the problem or sold the customer an upgraded product. Replacement machines were no more secure, but usually alleviated client concerns.
This raises further questions. Particularly, when we consider the growing list of countries that were Crypto AG customers. How much did America and Germany know about the planned activities of other countries or of assassination plots before they occurred? We will have to wait a while longer for the answers to these direct operational questions as they require legitimate security risks to decrease, freedom of information requests to be made, and past evidence to be revisited.
Considering the ethics
State on state espionage is not a new phenomenon. Most intelligence agency activities are justifiable under the guise of protecting national security. However, Rubicon was also concealed from unsuspecting Crypto AG employees who travelled to client countries to maintain or exchange machines, often completely ignorant of the potential danger that they could face if that country were to discover Crypto AG’s deceit.
Take for example Hans Bühler, a successful Crypto AG salesman, making a routine maintenance visit to Tehran, Iran. Iran had started to suspect the Hagelin machines and took Bühler into custody, where he would remain for nine months, whilst being questioned repeatedly. This incident shows some of the ethically questionable aspects of the operation. What duty of care did the BND and CIA owe the many unsuspecting employees unwittingly putting themselves at risk?
For the CIA, project management was important. Sending officials to Switzerland, they conducted an orchestra of human agents, deceiving Crypto AG employees and government officials across the globe that their communications were secure. Simultaneously, they provided Crypto AG with a stream of new encryption designs, updating systems to ensure Operation Rubicon remained successful.
The involvement of private industry raises even more questions for scholars to ponder. Many of the key civilian staff at Crypto AG were transferred from Siemens. The German technology firm also supplied designs to place and hide manipulation of devices. Despite an unsavory past, Siemens was already a well-respected telecommunications pioneer in the 1950s. The company enjoyed a special relationship with the BND.
Siemens expertise also enabled certain productions for Crypto AG both before and during Rubicon. Siemens was not the only German tech company closely linked with the BND. AEG Telefunken, ANT, Rohde & Schwarz (R&S) and Tele Security Timmann (TST) were all developing encryption technology, and all controlled by BND. This illustrates the crucial association between intelligence agencies and these companies but also how important Germany was for cryptological advancements. These German intelligence activities challenge our idea that signals intelligence during the Cold War was rooted in the US with NSA or in Britain’s GCHQ. Does this mean that we need to look further toward European developments to truly understand Cold War intelligence history?
So, long before Edward Snowden released documents of modern firms colluding with intelligence agencies, we can see evidence for significant cases in the past. It certainly is not a recent phenomenon and leads us to ask just how many firms had been working directly with intelligence agencies in the past and can we believe the assurances of privacy tech-giants give us today?
The building of the European Union and Rubicon
The German exit from Rubicon in 1994 symbolised a change in the German image and its strategy. No longer divided and now part of the European collective, Germany wanted to belong, and to cut ties with old ethically questionable connections. Additionally, the BND was unable and unwilling to produce funds that Crypto AG needed to continue its enterprise. Following a close call of discovery through the Bühler affair, the BND sold its share of the company to the CIA.
The CIA’s ownership and protection of Operation Rubicon continued well beyond the German exit in 1994, until Crypto AG was sold again in 2018. While international attention and news reports speculated about Crypto AG’s connections with the NSA and their treatment of Swiss salesmen, Hans Bühler, the Wizards and Langley remained silent, continuing to enjoy the benefits of their covert operation. As the threat from transnational terrorism crept up political agendas across Washington, access to communications across the Global South remained important, providing access to some of the most difficult to reach areas of the world.
There was definitely collusion
At root, the story of Operation Rubicon is one of international partnership and collusion. Buying the company in June 1970, the BND and CIA established one of the most pervasive and enduring covert operations of modern intelligence history.
Learning about this arrangement informs current debate. As the world speculates about connections between Huawei and the Chinese Government, Operation Rubicon reveals just how significant or important this debate may be. It also encourages us to ask or confront the possibility that Governments across the world have attempted to forge similar agreements, undermining the security of our smartphones and personal computers that contain much of our personal and most sensitive data.
How has espionage changed over the last 80 years? Has the Cold War changed into a cyber-war?
If you are interested in finding out more about Operation Rubicon and espionage during the last 80 years, sign up for this free event.
After Bletchley Park: global tech and trusted devices in Cold War espionage
Thursday 12 November 2020
Register online here: https://bit.ly/3kfg0vb
Part of The ESRC Festival of Social Science
Dr Melina Dobson is an expert in the politics of intelligence. Her research centres on whistleblowers and public exposures pertaining to national security.
Dr Jason Dymydiuk is an expert in US politics and intelligence. His research centres around Operation Rubicon.
Sarah Mainwaring is a PhD researcher in Warwick's Department of Politics and International Studies. Her thesis is on Anglo-American cyber security, with a focus on cryptography.
Terms for republishing
The text in this article is licensed under a Creative Commons Attribution 4.0 International License (CC BY 4.0).