CIA, cyber lock
© Getty Images / matejmo; (inset); Wikipedia
The CIA's role in the Crypto AG case makes clear that spies don't need a way into messaging apps, but a secret bird's-eye view from the word go. This is far more effective than any 'backdoor' foreign powers may have access to.

On May 12, the head of Switzerland's federal intelligence service (Nachrichtendienst des Bundes, NDB), Jean-Philippe Gaudin, announced his resignation.

Local media reports say Gaudin's departure stems from a falling-out with Defense Minister Viola Amherd over his handling of the Crypto AG scandal - namely, he failed to inform her about the affair until it was already public knowledge.

In February 2020, it was revealed that the company, which produced encryption machines for use by foreign governments, was secretly bought in 1970 and controlled thereafter by the US Central Intelligence Agency and West Germany's Bundesnachrichtendienst. This connivance meant the pair - and by extension the US National Security Agency (NSA) and its UK counterpart and close collaborator, Government Communications Headquarters (GCHQ) - could easily decode any messages sent on Crypto AG's devices.

Allegations that the company was compromised to some degree by Western intelligence had swirled for many years prior. In March 1992, suspicions to this effect on the part of Iranian intelligence led to the arrest of Crypto AG salesman Hans Buehler in Tehran. Completely unaware of his employer's ultimate owners, the luckless staffer was nonetheless detained and interrogated for nine months, only being released after the company paid a $1 million ransom.

However, the extent of the infiltration came as a shock even to those who'd long suspected the NSA had somehow managed to crack Crypto AG's coding. The exposure also sparked intense outcry in Switzerland, with citizens so appalled that their allegedly neutral country had been exploited in this manner, the parliament's intelligence oversight committee launched an official probe into the matter.

It issued a final report in November 2020, and the document is rife with bombshell disclosures. For example, it notes that Swiss domestic security service Strategischer Nachrichtendienst (SND) had, since late 1993, been well aware that Crypto AG was owned by foreign intelligence agencies. Sometime later, after fruitlessly attempting to crack the company's encryption codes, the CIA granted it formal access to all communications harvested by the company's machines.

In return, the SND kept the ruse a very well-kept secret, hiding it even from other Swiss spying agencies, and the government. The NDB was created in 2010, and its first director was completely in the dark throughout their tenure. It was only in summer 2019, a year after Crypto AG's closure, that Jean-Philippe Gaudin commissioned a positioning paper on the company. It's uncertain when and how he learned about its American owners prior.

Still, once the review was complete, the NDB chief declined to investigate any further, didn't seek to clarify the legality of the set-up, and apparently didn't consider the political implications if it was exposed, instead downplaying the relevance of the discovery. One reason for this inaction is hinted at in a separate section of the report, which notes that while a company and/or individual assisting a foreign intelligence service in operations targeted overseas is a criminal offense, such activities are permissible if the foreign agency's collection of information is conducted in concert with the NDB.

In other words, Gaudin may have been considering getting in on a similar act, or knew the NDB was already reaping intelligence from another front company, and didn't want to disturb a mutually beneficial covert relationship. That Switzerland is an attractive location for Western spies to set up such entities was noted by the committee. As companies and organizations operating on Swiss soil benefit from the country's image as a neutral state, "foreign intelligence services may have an interest to operate under the guise of a Swiss company to the detriment of other countries."

Fittingly, the same month the committee's report dropped, it emerged that one of Crypto AG's key national competitors, Omnisec AG, was also a front for US intelligence. The NSA inserted backdoors into all the firm's voice, fax and data encryption equipment, which were duly bought by a number of governments, including Switzerland's own, and UBS, the country's largest bank.

National governments being entirely ignorant of what their constituent security services are actually getting up to in the shadows is nothing new. For instance, David Lange, New Zealand's prime minister between 1984 and 1989, was completely unaware throughout his time in government that his country formed part of ECHELON, a global surveillance network led by the NSA and GCHQ that collects every phone call, text message, and email transmitted the world over.

"It is an outrage that I and other ministers were told so little, and this raises the question of to whom those concerned saw themselves ultimately answerable," he has since said.

A vital question for sure, but an equally grave riddle raised by the Crypto AG furore is, to what extent are encrypted communications services ever truly secure? Although in recent years there has been much mainstream alarmism about the Chinese government potentially inserting backdoors into all Beijing-made hardware exported abroad, as the Swiss company's case underlines, Western intelligence has clearly long possessed a far more effective, direct means of spying on sensitive foreign communications.

This is especially relevant when one considers that two of the world's premier 'anonymizing' platforms, internet browser Tor and encrypted messaging app Signal, have received extensive funding, support, and promotion from the US government.

The former was first developed by US Naval Research Laboratory employees in the mid-1990s, and quickly caught the attention of the Defense and Research Projects Agency (DARPA). Ever since, Tor has almost entirely bankrolled by assorted state agencies, including the Pentagon, to the tune of tens of millions.

The browser's original purpose was to shield spies in the field from detection, by insulating them from the open web. However, Tor's backers well understood that if only US agents used the system, their activities would be all too easily tracked if a hostile foreign intelligence service managed to tap into it - hence, the browser was "democratized" to allow average citizens access.

Tor is supported by the Open Technology Fund (OTF), launched in 2012 by Radio Free Asia, an asset of the US Agency for Global Media (USAGM), which receives $637 million annually from Congress. In August 2018, USAGM's then-CEO acknowledged the outlet's priorities "reflect US national security interests." OTF also provided $2,955,000 to Signal between 2013 and 2016, in order to ensure access to the app "at no cost around the globe."

Strikingly, documents leaked by Edward Snowden in 2013 revealed that the NSA and GCHQ devote considerable time and resources to identifying ways of de-anonymizing Tor users, while also going to great pains to ensure people aren't discouraged from using the browser.

One leaked file - titled 'Tor: Overview of Existing Techniques' - reveals that the agencies attempt to direct traffic toward NSA-operated servers, attack other software used by Tor users, and even undertake efforts to influence Tor's future development.

It's unclear to what extent those endeavors have been successful in the years since, and how the development of Tor - if not other encrypted messaging platforms - has been impacted as a result. However, in a perverse irony, Snowden's exposure of mass global surveillance by GCHQ and the NSA mass global surveillance programs led to a significant increase in the number of people using the browser, and apps like Signal, meaning anyone and everyone with something or other to hide is now congregated on a number of central networks - in turn, making identifying who they are and what they're doing all the easier.