Crypto

The other week, the Washington Post published a comprehensive article about a Swiss company, Cryto AG, which until 2018 was in the business of making and selling machines to encrypt messages to dozens of governments all over the world.

The twist: Crypto AG belonged to the CIA, until 1993 jointly with the German BND, but then the latter sold its shares to the CIA. Crypto sold their machines to friends and foes of the “West” alike. But, under the direction of their owners, Crypto made three variants of each of their products. One for friends with strong encryption, one for frenemies with weakened encryption, and one for the foes with weak encryption. Which allowed the agencies to easily break the code and listen to all secret, “safe” messages.

Now there’s is hemming and hawing about this “affair” or even “scandal”. Who knew about this? Who profited from the information gathered? How could the CIA “secretly” own a Swiss company? OK, that last one is easy: bearer shares.1 “AG” in Crypto’s name stands for “Aktiengesellschaft”, ie. a limited company owned by its shareholders. You know, like, IBM, or Daimler, or… well, every big corporation. Usually, companies know who their shareholders are. Bearer shares are anonymous. The ones that have the share certificates in their possession are shareholders. There’s no registry of shareholders. You can distance yourself one step further by creating a front, like a foundation in Liechtenstein, and have that front hold the shares. All this should sound pretty familiar to everyone in the business of tax evasion. You know, like, rich people.

Knowing the American agencies with their insatiable hunger for data, they probably were spying even on friendly governments. Remember when we learned that the CIA had bugged Angela Merkel’s mobile phone? So every customer that used Crypto product should ask themselves in which category they belonged, and the ones still using them should probably stop doing so.

Read all about it in the Washington Post article. It’s comprehensive.

Now, putting political and ethical questions aside, if you think about it, technically the plan and set-up was brilliant. Sell flawed equipment to your enemies, through a trustworthy looking channel, and exploit the flaws to your benefit. If you think about it some more, you might ask yourself, if we are exploited and spied upon via similar schemes right now. And I am not just talking about governments.

We all use encryption each and every day.

When you log into your e-banking, your communication is encrypted. The data transferred to, and from, Dropbox is encrypted. Your e-mail client hopefully uses an encrypted connection to the server. Your messages – iMessage, WhatsApp, Signal – are encrypted.2 The data on your iPhone is – hopefully! – encrypted.

Consequently, we put a lot of trust into the providers of the encryption technology we use – just as Crypto’s customers did. If these providers were really serious about encryption, they would let independent experts inspect the corresponding program code. Good encryption does not rely on some secret algorithmic sauce, but on maths. And the length of the encryption keys.3, 4

There are Open Source products for messaging, such as Signal. But what about WhatsApp, which belongs to Facebook, or Apple? Apple is pretty forthcoming and has publicly documented their multi-layer security infrastructure, and hopefully has independent experts review their code. But at the end, we need to trust them.

What’s interesting about the Crypto case is that they did not build in so called backdoors, ie. the possibility to simply read the communications and data in clear text, eg. by using a master key. The CIA still had to intercept the messages, and decrypt them by breaking the encryption, ie. by finding the key that was used for each specific message – which was made easy by the weak encryption used by the flawed machines.

Maybe you have read about the allegations against the Chinese provider Huawei, namely that their communications equipment has backdoors, which allows the them – and then the Chinese government – to read all messages and data flowing through their devices. Hence, no interception needed, and simply siphoning off the unencrypted data directly from the infrastructure components. Crypto on steroids so to speak. Huawei has denied the allegations, and the jury is still out as of now.

The bottom line, or take away, is that, in particular regarding the privacy of our communications and data, we’re all very much dependent on the trust we put into the providers of our personal devices, but also, by extension, and invisibly and implicitly, the providers of the whole communication infrastructure. So as much as we can scorn Crypto’s clients for not being careful when selecting and operating their government-level encryption machinery, the story should remind us to be vigilant as regards our own use of all the nice technology we’ve become so used, or addicted, to.

Obviously, there’s only so much we can do. We cannot technically check all channels and layers involved. But we can, on a technical level, at least keep our operating systems, as well web browsers and other programs, up-to-date. We know not to click on links in the e-mail from the Nigerian prince. But don’t click on links in e-mails in general, unless you know exactly what you are doing. Don’t believe the random person from your bank who calls you about some account problem. Social engineering is as powerful a tool to harm you as flawed encryption technology. And don’t open and document your personal life on-line. It’s a starting point for social engineering. Or for a break-in to your apartment if you post those vacation pictures from Italy on Facebook while you’re there.


  1. Called “Inhaberaktie” in Switzerland. ↩︎

  2. What’s happening on the server side – storage, backup –, intentionally or not, is a different story. Let’s not go there for now. ↩︎

  3. Aside from the quality of the encryption algorithm, and the flawlessness of its implementation in program code, the length of the encryption key is, well, key. The longer the key, the longer it will take to detect it, and break into your communication, or data. I remember when 56 bits were considered good enough, and maybe they were then, back in the eighties, but today an Apple Watch could probably break that cypher within reasonable time. Then we had 128 and 256 bits, which are still good enough for volatile communications that last only so long, such as with your bank. Fairly safe keys are 2048 or 4096 bits now, but with the advent of more powerful computers, also keys of that length will become breakable. ↩︎

  4. If you own an iPhone and – hopefully! – have it protected by a passcode, using a four-digit passcode means basically no protection. A six-digit passcode is somewhat better, but the time to break in extends only by a few hours – yes, hours – compared to the four-digit code. Using a six letter alphanumeric code is way better, as the number of possible passcodes is so much bigger, due to using an extended alphabet, ie. digits and letters. The break-in time increases to dozens of years, potentially beyond your lifetime. Use eight or ten alphanumeric letters, and you’re golden even against heavy computational artillery, for now. Just don’t forget to disable TouchID or FaceID before any encounter with, say, US or Chinese customs agents. You can do that by simply turning your phone off – when you turn it on again, it will require the passcode. Or pressing the on/off switch and volume-up keys together for a few seconds will make the phone require the passcode as well. You can do that even while the phone is in your jeans pocket, or purse, without looking at it. ↩︎