According to The Washington Post and the German ZDF, the CIA and the NSA spied on allies and enemies through a company that manufactured encryption equipment.
Switzerland-based Crypto AG, which was founded in the 1940s as an independent company during World War II, entered into a "dark" deal with the CIA in 1951. Then, in the 1970s, went into CIA ownership and dissolved in 2018. Former company officials, most of whom were unaware that Crypto AG was secretly controlled by the CIA, expressed their dissatisfaction with the revelation.
The Washington Post and ZDF discovered this program, code-named "Rubicon" and "Thesaurus", through a secret CIA historical document of 2004 presented by the agency itself but also through a 2008 verbal document by the German intelligence service. However, it is not known how they managed to extract these "well-kept" documents.
The CIA and the NSA jointly controlled Crypto AG with the West German intelligence agency during the first Cold War.
The CIA described it as a "coup of the century", while the Washington Post said foreign governments were paying well USA and West Germany in order to read at least two (and possibly five or six) foreign countries their most secret communications.
The "five or six overseas countries" are likely to refer to the Five Eyes information exchange agreement between the US, UK, Canada, Australia and New Zealand, while Germany is the sixth country.
The espionage program was a complete success and represented about 40% of all information the CIA had stolen from foreign governments in the 1980s and 90% on the West German BND, according to a CIA historical file published by Washington Post.
The Americans eventually acquired the Germans, who abandoned the espionage deal in the early 1990s to take over exclusively the "reins" of Crypto AG, sometimes referred to by its corporate name Minerva.
Crypto AG machines were designed to encode messages. The NSA did not install backdoors, it just made the encryption weak enough for the organization to be able to encrypt the messages.
The Soviet Union and China never bought Crypto AG technology, but at least 62 countries such as Japan, Mexico, Egypt, South Korea, Iran, Saudi Arabia, Italy, Argentina, Indonesia and Libya has used encryption devices to steal and decipher their most sensitive government communications from the CIA for more than half a century. A prime example is the Carter government that spied on Egyptian President Anwar Sadat during the Camp David Accords.
This raises reasonable questions about whether, at times, US intelligence services have become aware of human rights abuses and have done nothing to stop them. There are also cases in Central and South America where the CIA is suspected of actively contributing to crimes against humanity.
Until the 1980s, some countries suspected that their encryption devices were compromised, but the CIA devised a plan to manage this situation. Specifically, the CIA hired a notable Swedish academic, Kjell-Ove Widman, as a top consultant to the company that was sent whenever a country was ready to disconnect Crypto AG.
In addition, Argentina suspected that its technology had been compromised during the Falklands War, but Widman intervened and insisted that the machines were "unbreakable." In fact, the US Secret Service was decoding Argentina's messages without any problem. This revelation has raised even more questions about the role of organizations, such as the CIA and the NSA, in hundreds of events that took place in the late 20th and early 21st centuries.
This should also awaken the people of the encryption community who claim that today's tools, such as Signal and Tor, it's safe.
Crypto defenders insist that it doesn't matter if something like Tor received money from the US military, as long as the math of the programs keeps everyone's communications secure. But after this revelation it is difficult to argue that all communications are completely secure.