ZURICH (Reuters) - Switzerland said on Tuesday it was probing reports that the U.S. Central Intelligence Agency and the German BND spy service used a Swiss firm’s encryption technology to crack other nations’ top-secret messages.
The company, called Crypto AG, sold code-making equipment to Iran, India, Pakistan, Latin American nations and dozens of other countries.
The technology was modified to let the CIA and BND break codes, the Washington Post reported along with German and Swiss broadcasters ZDF and SRF. They described a Cold War-era caper in which American spymasters and counterparts from what was then West Germany from 1970 were responsible for nearly all Crypto AG operations, from hiring and firing to sales tactics.
The reports cite a classified CIA history to underpin the allegations, some of which date back at least to 1992, when one of Crypto’s employees was arrested and held in Iran for nine months as a suspected spy.
At the time, the company dismissed reports that it was a secret asset of Western intelligence agencies as “an unbelievable conspiracy theory”, according to a report in German magazine Focus detailing a 1994 book on the subject.
In 1995, the Baltimore Sun also reported on Crypto AG’s close ties to the U.S. National Security Agency.
After being told late last year of new research about the company, the Swiss government appointed a former Swiss Supreme Court judge last month to scrutinise Crypto’s activities “to investigate and clarify the facts of the matter”, the Swiss Defence Ministry said.
“The events under discussion date back to 1945 and are difficult to reconstruct and interpret in the present day context,” it added in a statement.
Judge Niklaus Oberholzer is due to report back by the end of June, after which the Swiss cabinet will be briefed.
The reports said that at least four countries - Israel, Britain, Sweden and officially neutral Switzerland - knew of the operation, called “Operation Rubicon”, or were allowed access to some of the secrets it unearthed.
If Swiss authorities permitted its activities, Crypto may not have violated any Swiss laws seeking to limit “unwelcome” espionage activities by foreign agents on its soil.
However, one politician, Green Party member Balthasar Glaettli, told the nation’s state broadcaster that if the country knew of Crypto’s activities, “it would undermine the foundations of our political identity”.
According to one document attributed to the CIA history of the operation, the U.S. foreign intelligence service and its West German counterparts overcame cultural differences and divergent interests “again and again, to fashion the most profitable intelligence venture of the Cold War”.
A reunifying Germany exited the venture in the early 1990s, after the Cold War ended, the Post reported, saying the CIA bought it out for $17 million.
Crypto AG was liquidated in 2018 in a transaction the Washington Post said seemed designed to cover for a CIA exit and that created two successor companies: Crypto International and CyOne Security AG.
Crypto International, owned by Swedish national Andreas Linde, said on its website that the published reports were “distressing”, but that it was now under new ownership and had no connections to the CIA or the German spy agency.
CyOne Security said it was wholly independent of Crypto AG, focused on security solutions for the Swiss public sector and had nothing to do with foreign intelligence services. It could not comment on its predecessor firm’s history.
Swiss Economy Minister Guy Parmelin has suspended the general export licenses of Crypto International and CyOne Security until “the situation and open questions have been clarified”, his office said in an e-mail to Reuters.
Reporting by John Miller; Editing by Mark Heinrich