The Cold War collaboration between the CIA, the spies at Germany’s Bundesnachrichtendienst (BND), and Swiss encryption company Crypto AG was an intricate dance of power and manipulation - a stark reminder of the morally ambiguous nature of intelligence operations between allies as well as foes.

Russian-born Swedish businessman Boris Hagelin invented and sold cipher machines in the 1920s and ‘30s, eventually founding one of the largest and most successful manufacturers of its kind: Crypto AG.

Hegelin’s inventions included the popular M-209, a portable mechanical cipher machine patented in 1940 and widely used to transmit coded information during WWII and beyond. Crypto AG counted more than 100 of the world’s leading governments and militaries as customers.

The genesis for Operation Rubicon purportedly began in the 1950s as an unofficial arrangement between Hagelin and NSA cryptologist William Friedman and soon became a formal arrangement.

‍

The Crypto AG spy operation

Crypto AG’s reputation was rooted in providing impenetrable encryption solutions to safeguard sensitive information and, as a neutral Swiss entity, Crypto became the epitome of confidentiality, solidifying its role as a guardian of secrets. But beneath its facade of security lay a covert operation that would reshape the world of international diplomacy and intelligence-gathering.

By the late 1950s, the NSA withdrew from its relationship with Hagelin and the ‘gentleman’s agreement’ was replaced with a five-year licensing deal between the CIA and Crypto AG. By 1970, the CIA and BND had agreed to buy the Swiss manufacturer in a 50-50 arrangement that enabled them to jointly control Crypto AG, its algorithms, and its customers. 

Amid the backdrop of escalating Cold War tensions between the US and Russia, the intelligence agencies recognized the potential of covertly influencing encryption technology at the expense of foes and allies including Algeria, Argentina, Belgium Brazil, Chile, Egypt, Greece, Indonesia, Iran, Iraq, Italy, Jordan, Kuwait, Lebanon, Libya, Malaysia, Mexico, Morocco, Pakistan, the Philippines, Portugal, Saudi Arabia, South Korea, Spain, Syria, Tunisia, Turkey, the Vatican, and Yugoslavia.

Iran purportedly produced some of the “best” intelligence stolen by the CIA and BND. “In 1988, 19,000 Iranian messages were decrypted, which was 80-90% of their total traffic,” according to the Crypto Museum.

Crypto AG: guardian of secrets?

Operation Rubicon exposed untold Cold War operations including the the Suez Canal Crisis (1956); the 1973 coup in Chile and overthrow of Salvador Allende’s government; negotiations on the Middle East conflict in the course of the 1978 Camp David Accords negotiations; the 1982 Falklands War between Argentina and UK; the US invasion of Panama; the Iranian Hostage Crisis (1979); and the Berlin Discotheque bombing (1986).

The CIA eventually took over running Crypto AG but all good things must come to an end.

By the late ‘80s, foreign countries were becoming more sophisticated in analyzing crypto­graphic algorithms and there was an international debate around Public Key Cryptography. Countries began developing their own crypto solutions including Iraq under Sadam Hussein who insisted on domestic production to tighten security.

‍

‍

Exposing the covert collaboration

In 1993, the BND sold its shares in Crypto AG for a reported $17m. Three years later, the German publication Der Spiegel reported that Crypto AG had sold manipulated cipher devices until the late ‘80s, and connected the company to the BND and CIA.

In 2015, investigative efforts by The Washington Post, German public broadcaster ZDF and others unraveled the intricate operation, exposing the collaboration between Crypto AG and the intelligence agencies.

Bernd Schmidbauer, the German Minister of State to the Federal Chancellor under Helmut Kohl, confirmed the Rubicon operation to ZDF in 2020, claiming that it helped make the world a little "safer and more peaceful". The revelations sent shockwaves through the global intelligence community, however.

Operation Rubicon: a success or ethical failure?

The operation raised significant ethical questions about the extent to which intelligence agencies were willing to compromise the trust of allies to further their strategic objectives. The US withdrew from Crypto AG in 2018 but the questions surrounding Operation Rubicon didn’t end.

The BND and CIA established one of the most pervasive and enduring covert operations of modern intelligence history.

“Long before Edward Snowden released documents of modern firms colluding with intelligence agencies, we can see evidence for significant cases in the past,” the academics of Warwick University write. “It certainly is not a recent phenomenon and leads us to ask just how many firms had been working directly with intelligence agencies in the past and can we believe the assurances of privacy tech-giants give us today?”