WEBVTT - Rerun: When Secrets Aren't Secret 0:00:04.440 --> 0:00:12.239 Welcome to Tech Stuff, a production from iHeartRadio. Hey there, 0:00:12.240 --> 0:00:15.520 and welcome to tech Stuff. I'm your host, Jonathan Strickland. 0:00:15.520 --> 0:00:18.400 I'm an executive producer with iHeart Podcasts. And how the 0:00:18.440 --> 0:00:23.320 tech are you. I am currently on vacation. Hopefully I'm 0:00:23.360 --> 0:00:25.799 having a good time, and I hope you're having a 0:00:25.800 --> 0:00:28.000 good time wherever you happen to be as well. But 0:00:28.120 --> 0:00:30.160 in the meantime, I thought I would bring you an 0:00:30.240 --> 0:00:33.960 episode that we published originally on February seventeenth, twenty twenty. 0:00:34.360 --> 0:00:38.400 It's titled When Secrets Aren't Secret. This is about the 0:00:38.680 --> 0:00:42.440 curious case of the CIA, the Central Intelligence Agency of 0:00:42.479 --> 0:00:46.240 the United States of America, owning and operating an encryption company, 0:00:46.680 --> 0:00:50.080 which seems to be a bit of a conflict. Let's 0:00:50.120 --> 0:00:53.360 listen in. So I want to talk about the business 0:00:53.400 --> 0:00:57.680 of communication and secrets and also the business of eavesdropping 0:00:57.840 --> 0:01:02.560 and why all of this gets real dodgy, real fast. 0:01:03.360 --> 0:01:07.920 So the initial story doesn't involve China or five G Networks. 0:01:08.200 --> 0:01:11.080 It goes further back than that. It actually concerns a 0:01:11.160 --> 0:01:15.959 Swiss company called cryptoag and its ties to the Central 0:01:16.000 --> 0:01:20.399 Intelligence Agency aka the CIA in the United States. The 0:01:20.400 --> 0:01:23.920 story is all about the battle between secrecy and surveillance, 0:01:24.319 --> 0:01:27.000 and it's also about trust, as in, whom do you 0:01:27.080 --> 0:01:30.560 trust when you want to send a secure communication to 0:01:30.600 --> 0:01:35.120 someone else? If you're using some sort of technology to 0:01:35.360 --> 0:01:41.640 encrypt your stuff, who makes that encryption you know, strategy, 0:01:41.720 --> 0:01:46.080 whether it's it's software or actual device or whatever it 0:01:46.120 --> 0:01:48.960 may be, who's making that and can they be trusted? 0:01:49.000 --> 0:01:52.120 And as it turns out, those are difficult questions to 0:01:52.160 --> 0:01:56.320 answer than would readily seem apparent. Now, the story for 0:01:56.360 --> 0:02:00.840 this really begins with a Swedish inventor named ARV Gerard 0:02:01.120 --> 0:02:06.240 Dom who was born in eighteen sixty nine. He worked 0:02:06.360 --> 0:02:09.960 in textile mills before he would start creating his own 0:02:10.080 --> 0:02:15.120 version of a cipher machine sometime around nineteen fifteen or so. So, 0:02:15.480 --> 0:02:20.000 what the heck is a cipher machine? Heck? What's a cipher? Well, 0:02:20.040 --> 0:02:23.079 a cipher is a code. It's a way of hiding 0:02:23.360 --> 0:02:25.639 the meaning of a message. And there are a lot 0:02:25.680 --> 0:02:30.639 of different approaches to encoding information, and there are a 0:02:30.639 --> 0:02:33.920 lot of strategies that actually employ multiple versions of this, 0:02:34.040 --> 0:02:37.520 multiple schemes. So, for example, one way to have a 0:02:37.560 --> 0:02:41.000 code is to use words that refer to something else, 0:02:41.520 --> 0:02:44.919 So instead of saying a military tank, you might say Thomas. 0:02:45.600 --> 0:02:48.280 You know, because you got Thomas the tank engine, and 0:02:48.320 --> 0:02:51.680 you go from Thomas the tank engine to military tank 0:02:51.760 --> 0:02:54.520 and there you are. So if you referred to a 0:02:54.560 --> 0:02:57.560 Thomas you might be talking about a tank. That would 0:02:57.560 --> 0:02:59.600 be a very bad code, or at least a very 0:02:59.639 --> 0:03:03.760 easy to decipher code. But that's a version of codes 0:03:03.800 --> 0:03:06.560 where you have a codebook that tells you what certain 0:03:06.600 --> 0:03:11.280 words or phrases actually are meant to convey. Then you 0:03:11.400 --> 0:03:14.880 have ciphers in which you replace the letters of a 0:03:14.919 --> 0:03:18.440 message with some other letter or symbol, and the simplest 0:03:18.520 --> 0:03:21.960 of these is a shift cipher, sometimes also called a 0:03:22.080 --> 0:03:26.160 Caesar cipher. And with these ciphers, you write on a message, 0:03:26.320 --> 0:03:30.440 but you shift all the letters some predetermined number down 0:03:30.720 --> 0:03:33.840 or up the alphabet. So if you had a shift 0:03:33.919 --> 0:03:38.040 cipher with just one shift one step, that would mean 0:03:38.320 --> 0:03:40.960 that you would use the letter B to represent the 0:03:41.040 --> 0:03:44.200 letter A, you would use the letter C to represent 0:03:44.240 --> 0:03:47.440 the letter B, and so on down the alphabet. So 0:03:47.440 --> 0:03:49.480 if someone else were to get hold of the message 0:03:49.680 --> 0:03:53.240 at casual glance, the message would appear to be gibberish. 0:03:53.320 --> 0:03:56.840 But of course that particular cipher is super easy to decode, 0:03:57.160 --> 0:04:00.520 even if you are shifting further up or down the alphabet. 0:04:00.760 --> 0:04:04.400 Let's say you're shifting up ten spots instead of one. Well, 0:04:04.600 --> 0:04:08.520 just because of the nature of language, someone with even 0:04:08.760 --> 0:04:11.200 a little bit of patience would be able to probably 0:04:11.240 --> 0:04:14.280 break that code pretty quickly. Well. In the early twentieth 0:04:14.360 --> 0:04:18.159 century and victors were working on mechanical systems that would 0:04:18.200 --> 0:04:22.240 create stronger ciphers, and initially these were mostly thought of 0:04:22.360 --> 0:04:27.000 as a way to protect business communications like financial communications 0:04:27.040 --> 0:04:32.520 between banks, for example, or sometimes political messages between different 0:04:33.360 --> 0:04:36.400 parts of the world, like a government and its embassy 0:04:36.440 --> 0:04:39.760 in another country. That over time they would be adopted 0:04:39.800 --> 0:04:43.080 by militaries around the world to send secret communications back 0:04:43.080 --> 0:04:46.240 and forth between headquarters and units in the field, and 0:04:46.320 --> 0:04:49.960 these communications needed to be much more secure than a 0:04:50.040 --> 0:04:55.680 caesar cipher could potentially offer. So the basic idea behind 0:04:55.680 --> 0:04:59.000 these cipher machines was that you would have a device. 0:04:59.720 --> 0:05:02.000 Sometime times it would look like a typewriter. Sometimes it 0:05:02.040 --> 0:05:05.279 would have a hand crank on it, but typically there'd 0:05:05.279 --> 0:05:09.080 be at least one dial, if not several dials, and 0:05:09.160 --> 0:05:11.760 perhaps some other components that would allow the operator to 0:05:11.960 --> 0:05:16.719 set the machine to establish the cipher. So you choose 0:05:16.720 --> 0:05:20.240 your settings, and then the operator would take a message 0:05:20.640 --> 0:05:23.440 that is meant to be encoded and then put it 0:05:23.560 --> 0:05:26.640 through this machine in some way. Maybe they're using a keyboard, 0:05:27.080 --> 0:05:30.800 maybe they're using a series of keys and levers. However 0:05:30.839 --> 0:05:34.479 it may be they're actually typing out the message in 0:05:34.600 --> 0:05:38.159 plain text. But the cipher machines would have some sort 0:05:38.200 --> 0:05:41.680 of gears or other chains or systems that would turn 0:05:41.880 --> 0:05:44.560 with each letter type, and it would change the cipher 0:05:44.640 --> 0:05:47.360 as it did, so change the nature of it. And 0:05:47.400 --> 0:05:50.880 this was a really clever way to confound code breakers, 0:05:51.040 --> 0:05:55.440 particularly if the machine was really well designed. So let's 0:05:55.440 --> 0:05:58.760 say you are an operator and you have the word 0:05:58.880 --> 0:06:02.839 book that you need to encode using one of these machines. 0:06:03.240 --> 0:06:05.600 So you have one of these particular machines. You type 0:06:05.640 --> 0:06:08.839 the letter B into the device, which, because of the 0:06:08.880 --> 0:06:12.640 settings for this particular session, will now print out the 0:06:12.720 --> 0:06:16.280 letter G. So the letter G means B with this 0:06:16.320 --> 0:06:20.800 particular cipher. The gears inside the machine turn after you've 0:06:20.839 --> 0:06:23.320 typed in the letter B, which prints out as G, 0:06:23.960 --> 0:06:26.400 So now the cipher is actually different. You type in 0:06:26.440 --> 0:06:29.359 the first O in book and you get another G 0:06:29.960 --> 0:06:33.320 because of the way the cipher works. Then the gears 0:06:33.360 --> 0:06:36.040 turn again. You type in the second O, and now 0:06:36.080 --> 0:06:39.320 the machine prints out the letter F. The gears turn again, 0:06:39.400 --> 0:06:42.120 you type out the letter K, and you get the 0:06:42.160 --> 0:06:47.080 print out of K, So the printed word says ggf 0:06:47.360 --> 0:06:51.960 K rather than book. Well, to decode the message, you 0:06:51.960 --> 0:06:54.840 would typically need the same sort of machine that was 0:06:54.920 --> 0:06:56.920 used to encode it, and you would need to know 0:06:56.960 --> 0:06:59.920 what settings the operator had been using when they started 0:07:00.160 --> 0:07:02.279 the message, and you would have to set up your 0:07:02.320 --> 0:07:06.920 machine to mirror that, and then you would end up 0:07:07.040 --> 0:07:09.840 taking the encoded message and you would start typing that 0:07:10.000 --> 0:07:13.400 out and the process would essentially reverse itself and it 0:07:13.400 --> 0:07:16.640 would allow the operator to read out the original message. 0:07:17.040 --> 0:07:20.640 So in our example, the operator on the other side 0:07:20.640 --> 0:07:24.400 would take GGFK and enter that into their machine and 0:07:24.400 --> 0:07:27.720 they would get the print out book. Now a couple 0:07:27.720 --> 0:07:31.200 of caveats here. Not all cipher machines are created equal 0:07:31.680 --> 0:07:36.160 right or were used to their best advantage. Sometimes people 0:07:36.280 --> 0:07:39.600 made bad decisions when it came to either designing cipher 0:07:39.680 --> 0:07:43.960 machines or implementing them. For example, the big wigs might 0:07:44.000 --> 0:07:47.000 decide that, in no circumstance would you ever have a 0:07:47.080 --> 0:07:52.040 letter represented by itself. You would never allow that to happen. 0:07:52.200 --> 0:07:57.320 So in the example I just gave where GGFK means book, 0:07:57.960 --> 0:08:01.240 that last k wouldn't work. You would have to have 0:08:01.280 --> 0:08:05.040 the device go to a different letter because it would 0:08:05.080 --> 0:08:09.160 not allow itself to replicate a letter with a representation 0:08:09.280 --> 0:08:12.920 of itself. Other rules that could cause problems on the 0:08:12.680 --> 0:08:15.960 road might be a rule against the doubling of letters 0:08:16.320 --> 0:08:20.080 like the gg and GGFK. And the reason that these 0:08:20.160 --> 0:08:23.800 are problems is that if you have a code breaker 0:08:24.120 --> 0:08:28.200 who's really looking at these codes closely, and that code 0:08:28.200 --> 0:08:30.840 breaker starts to figure out that there are restrictions to 0:08:30.920 --> 0:08:34.360 the code, they can build that into their code breaking 0:08:34.480 --> 0:08:37.520 models in an effort to crack the code. Because as 0:08:37.559 --> 0:08:41.240 you put in restrictions, that means you're reducing variables. And 0:08:41.320 --> 0:08:45.040 anyone who has worked in any sort of mathematics, particularly 0:08:45.080 --> 0:08:49.160 stuff like algebra, you know that to solve complicated problems 0:08:49.160 --> 0:08:52.680 you need to reduce variables. As you reduce variables, you 0:08:52.800 --> 0:08:56.320 make it easier to solve problems. So it was actually 0:08:56.360 --> 0:08:58.280 this sort of thing that would lead to the British 0:08:58.360 --> 0:09:02.400 cryptographers breaking German codes during World War Two. It wasn't 0:09:02.520 --> 0:09:06.240 that the technology itself was necessarily faulty. It was that 0:09:06.520 --> 0:09:10.640 the Germans were kind of using bad methodology with some 0:09:10.760 --> 0:09:15.720 of their equipment, and that's what gave an inroad for 0:09:15.840 --> 0:09:19.240 code breakers. Now, if you want to learn way more 0:09:19.600 --> 0:09:22.800 about how these machines actually work, you can listen to 0:09:23.080 --> 0:09:26.920 tech Stuff Ponders and Enigma. That's a classic episode that 0:09:27.040 --> 0:09:31.679 originally published way back on October nineteenth, twenty eleven, and 0:09:31.760 --> 0:09:34.840 I actually did a tech Stuff Classic rerun of that 0:09:34.920 --> 0:09:40.000 episode on October twelfth, twenty eighteen. The Enigma machine is 0:09:40.080 --> 0:09:43.520 the most famous cipher device that was made in the 0:09:43.559 --> 0:09:47.640 early twentieth century. It was made and used by the Germans, 0:09:47.800 --> 0:09:50.840 and it was used extensively by the German military during 0:09:50.840 --> 0:09:53.679 World War Two. And in that podcast, my old co 0:09:53.720 --> 0:09:56.880 host Chris Paulette and I talk about how a really 0:09:56.880 --> 0:10:00.760 good cipher one that's super hard to crack, is also 0:10:01.200 --> 0:10:04.679 a pain in the patookas to use because of that complexity, 0:10:05.160 --> 0:10:08.720 and that's mainly why officials would put rules in place 0:10:08.760 --> 0:10:12.920 that ultimately would service the downfall for their technology, because 0:10:13.240 --> 0:10:15.960 using the tech without those rules in place was possible, 0:10:16.080 --> 0:10:20.040 but not always fast enough to be practical. This would 0:10:20.120 --> 0:10:23.080 prove to be a problem with cryptography in general. You 0:10:23.120 --> 0:10:26.760 want a system that's secure enough that you're reasonably certain 0:10:26.800 --> 0:10:30.120 a person who intercepts the message would be unable to 0:10:30.160 --> 0:10:32.520 make header tail of it. Right. That's the whole purpose 0:10:32.559 --> 0:10:36.840 of cryptography is to make any unauthorized person incapable of 0:10:36.880 --> 0:10:41.080 reading the message. But you also want your solution to 0:10:41.120 --> 0:10:44.800 be practical enough that your intended recipient can decode the 0:10:44.840 --> 0:10:48.679 message with a minimum of fuss, particularly if it relates 0:10:48.679 --> 0:10:52.200 to a time sensitive issue. So in this case, you 0:10:52.280 --> 0:10:55.720 had Germans using these same settings on their Enigma machines 0:10:56.160 --> 0:10:59.360 for longer than they were supposed to, or they were 0:10:59.559 --> 0:11:03.200 co locating codebooks with the Enigma machines and those fell 0:11:03.240 --> 0:11:06.240 into Allied hands who were able to use those two 0:11:06.440 --> 0:11:11.600 decode messages. To this day, balancing out practical applications with 0:11:11.679 --> 0:11:16.160 security remains a challenge. It may make it take longer 0:11:16.400 --> 0:11:19.040 for a message to get through from one point to another, 0:11:19.360 --> 0:11:22.720 which a lot of people don't accept in the age 0:11:22.720 --> 0:11:26.240 of information traveling at the speed of light. Or it 0:11:26.440 --> 0:11:30.760 just may be a pain to encrypt and decrypt, which 0:11:30.840 --> 0:11:35.440 also ends up becoming a barrier to adoption and implementation. Okay, 0:11:35.720 --> 0:11:39.400 let's get back to our story. So it's the nineteen tens, right, 0:11:39.440 --> 0:11:44.000 It's around nineteen fifteen. Arred Garaddam has patented an encryption device. 0:11:44.040 --> 0:11:48.000 He got that patent by nineteen nineteen and to manufacture 0:11:48.080 --> 0:11:51.680 and market the device, Dom would work with business partners 0:11:51.880 --> 0:11:57.360 to create a company originally called Cryptograph or ab Cryptograph, 0:11:57.840 --> 0:12:00.800 and one of Dom's investors was a guy named Carl 0:12:01.080 --> 0:12:04.880 Wilhelm Heglan who had made his money in Russia in 0:12:04.920 --> 0:12:08.480 the oil business. But then the Russian Revolution happened and 0:12:08.520 --> 0:12:12.079 Haglan fled with his family and they returned to Haglund's 0:12:12.120 --> 0:12:15.520 homeland of Sweden. They brought the family with them, and 0:12:16.240 --> 0:12:21.360 Boris Haglan was a Carl Wilhelm Hegland's son, and Boris 0:12:21.440 --> 0:12:25.440 was given a position in Dom's company in return for 0:12:25.480 --> 0:12:29.360 this financial investment from his father. Now Boris would actually 0:12:29.400 --> 0:12:32.960 prove to be quite the entrepreneur. In nineteen twenty five, 0:12:33.080 --> 0:12:36.080 he would take over the company entirely. He became the 0:12:36.120 --> 0:12:39.480 new head of the company. He would rename it Crypto 0:12:39.679 --> 0:12:43.760 Technic in nineteen thirty two, and then when the Nazis 0:12:43.880 --> 0:12:47.719 rose to power, he fled Sweden for Switzerland and re 0:12:47.880 --> 0:12:51.800 established his company there, and it was this company that 0:12:51.840 --> 0:12:56.040 he established that would later become known as Cryptoag, the 0:12:56.120 --> 0:12:59.600 focus of our episode really well. In the meantime, his 0:12:59.640 --> 0:13:04.120 company continued to produce new cipher machines, incorporating new features 0:13:04.160 --> 0:13:06.440 in an effort to build machines that were able to 0:13:06.440 --> 0:13:09.800 create stronger codes. And again, this was mostly for business 0:13:09.880 --> 0:13:13.080 use or occasional government use, but the rise of World 0:13:13.160 --> 0:13:16.360 War II would create a new market as military sought 0:13:16.360 --> 0:13:19.720 ways to send messages securely without fear that their plans 0:13:19.720 --> 0:13:22.600 would be shown to an enemy. And that's when the 0:13:22.679 --> 0:13:26.000 United States would enter into the picture, setting the stage 0:13:26.040 --> 0:13:30.840 for the company's future in ways Hageland could not have anticipated. 0:13:31.440 --> 0:13:34.319 I'll explain more when we come back, but first let's 0:13:34.360 --> 0:13:47.200 take a quick break. So when World War two broke out, 0:13:47.480 --> 0:13:51.959 the United States military would become one of Cryptoag's customers, 0:13:52.480 --> 0:13:56.000 and when the Nazis invaded Norway in nineteen forty, Hageland 0:13:56.040 --> 0:13:59.160 would again move operations. This time he moved to the 0:13:59.240 --> 0:14:03.400 United States. His company's encryption device, known as the M 0:14:03.520 --> 0:14:06.839 two nine, would be produced in the US. According to 0:14:06.920 --> 0:14:10.440 the Washington Post, there was a typewriter factory in upstate 0:14:10.480 --> 0:14:12.920 New York that would end up making around one hundred 0:14:12.960 --> 0:14:18.319 and forty thousand of these M two nine encryption devices, 0:14:18.400 --> 0:14:21.680 and Hagland negotiated with the US Army and landed an 0:14:21.760 --> 0:14:27.800 eight point six million dollar contract, a princely sum today, 0:14:28.120 --> 0:14:31.440 but certainly a princely sum way back in nineteen forty. 0:14:32.120 --> 0:14:37.360 Hegland's devices lacked the sophistication of Germany's Enigma machine. They 0:14:37.360 --> 0:14:41.560 weren't nearly as complex, nor were they as capable of 0:14:41.640 --> 0:14:48.320 creating very tough encryption, so codebreakers could suss out the 0:14:48.360 --> 0:14:52.280 original messages that were created on an M two nine 0:14:52.480 --> 0:14:55.400 if they were given enough time and attention, and for 0:14:55.440 --> 0:14:59.080 that reason, the Army primarily relied on these devices to 0:14:59.160 --> 0:15:03.360 disguise extra dreamly time sensitive orders. So the logic was, 0:15:03.800 --> 0:15:06.600 by the time someone had actually broken the code, the 0:15:06.680 --> 0:15:10.640 information would be worthless anyway, because whatever was being covered 0:15:10.640 --> 0:15:13.440 in the message would have already happened. It would have 0:15:13.480 --> 0:15:16.440 been something that was more imminent, so you wouldn't be 0:15:16.480 --> 0:15:18.360 able to act on the information, even though you'd be 0:15:18.360 --> 0:15:21.520 able to at least decode what had been said. So 0:15:21.800 --> 0:15:24.040 you wouldn't want to use these devices for any sort 0:15:24.080 --> 0:15:29.480 of long term plans because they were crackable. People could 0:15:29.640 --> 0:15:33.880 crack the codes with given enough a time. Now. Around 0:15:33.960 --> 0:15:38.240 that same time, Haglan became good friends with another cryptographer 0:15:38.560 --> 0:15:42.840 named William Friedman. Freedman was born in Russia. Actually, so 0:15:43.000 --> 0:15:48.400 was Haglan. Hegland's parents were Swedish, but when they had 0:15:48.440 --> 0:15:52.600 Boris he was the family was in Russia. So Friedman's 0:15:52.600 --> 0:15:55.880 family left Russia when Friedman was just a baby back 0:15:55.880 --> 0:15:59.160 in eighteen ninety two due to a rise in anti 0:15:59.160 --> 0:16:03.880 Semitism in Russia and Friedman his family's Jewish. So Freedman 0:16:04.280 --> 0:16:09.200 grew up loving codes and cryptography and became fascinated with them. 0:16:10.160 --> 0:16:14.120 He joined a private research lab. He met and then 0:16:14.440 --> 0:16:18.080 courted and then married a woman named Elizabeth Smith, who 0:16:18.240 --> 0:16:22.280 on her own was an accomplished cryptographer, a brilliant cryptographer. 0:16:22.840 --> 0:16:25.840 And they both sort of worked for George Fabian, and 0:16:25.880 --> 0:16:28.000 that was the guy who owned the private research lab. 0:16:28.320 --> 0:16:32.800 Fabian sounds like the sort of person who really belonged 0:16:32.800 --> 0:16:35.480 in the Renaissance as far as I'm concerned. In the 0:16:35.520 --> 0:16:39.840 Renaissance you had rich nobles who would become patrons of 0:16:39.960 --> 0:16:45.880 great thinkers and philosophers and artists. Fabian he established this 0:16:45.960 --> 0:16:48.560 private research lab in order to look into stuff that 0:16:48.600 --> 0:16:50.720 he just thought was interesting, which I think is kind 0:16:50.720 --> 0:16:54.240 of cool, maybe a little eccentric. Well, when the United 0:16:54.280 --> 0:16:58.440 States entered World War One, the Friedman's husband and wife 0:16:58.440 --> 0:17:01.680 would work in code breaking for the United States, and 0:17:01.880 --> 0:17:06.600 the cryptologic division of the research lab became the genesis 0:17:06.880 --> 0:17:11.359 for the American Cryptography Service. So William Freeman would later 0:17:11.440 --> 0:17:15.159 become the chief cryptoanalyst. In fact, he termed the or 0:17:15.160 --> 0:17:18.719 he coined the term cryptoanalysis for the United States, and 0:17:18.840 --> 0:17:23.399 would lead the future Signals Intelligence Service before going on 0:17:23.520 --> 0:17:27.800 to serve in other intelligence agencies as a cryptographer. So 0:17:28.040 --> 0:17:32.160 Friedman was very much working in the same world as Hegeland, 0:17:32.240 --> 0:17:35.280 though you could say that these were from opposing perspectives, right, 0:17:35.359 --> 0:17:38.280 because Hegeland's company was all about producing machines that could 0:17:38.280 --> 0:17:43.080 incipher messages, while Freedman was largely interested in finding methods 0:17:43.119 --> 0:17:47.560 to decipher codes. Though Freeman also worked in theory as 0:17:47.560 --> 0:17:51.320 well to talk about different ways to create stronger ciphers. 0:17:51.400 --> 0:17:53.560 And we'll come back to Freedman in just a moment. 0:17:53.960 --> 0:17:56.880 So Hegelan would stay in the US until World War 0:17:56.920 --> 0:18:00.600 Two ended in Europe, and he had become extremely wealthy 0:18:00.720 --> 0:18:03.479 due to the lucrative army contract he had made, and 0:18:03.520 --> 0:18:06.080 he had built many professional and personal relationships in the 0:18:06.200 --> 0:18:09.639 United States so he would have strong ties to the US. 0:18:10.160 --> 0:18:13.560 He then returned to Europe to again re establish his 0:18:13.680 --> 0:18:18.800 company there. Meanwhile, American intelligence officials were starting to get 0:18:18.840 --> 0:18:22.760 a little worried because code breaking was growing increasingly difficult 0:18:23.080 --> 0:18:28.320 due to sophisticated machines running complicated systems to create these codes. 0:18:28.880 --> 0:18:31.920 And if you had little insight into how those machines 0:18:31.960 --> 0:18:36.720 worked or which systems they were following at any given time, 0:18:37.400 --> 0:18:39.960 you had really little hope of breaking a code in 0:18:40.000 --> 0:18:42.520 a reasonable amount of time. So it was very clear 0:18:42.600 --> 0:18:45.959 that a lot of people were having really secret conversations 0:18:46.280 --> 0:18:50.040 that American spies were unable to decipher, and that just 0:18:50.200 --> 0:18:53.560 rubbed the Americans the wrong way. I'm going to get 0:18:53.600 --> 0:18:58.720 a little critical of my country in this episode, anyway. 0:18:58.920 --> 0:19:03.280 In nineteen fifty one, on Hageland's company introduced the CX 0:19:03.520 --> 0:19:07.520 fifty two cipher machine, and this one was sophisticated enough 0:19:07.560 --> 0:19:11.080 to present a code that American intelligence agents viewed as 0:19:11.240 --> 0:19:15.520 practically unbreakable at the time, and that in turn prompted 0:19:15.600 --> 0:19:21.680 some heated internal discussions within the US intelligence community and 0:19:21.920 --> 0:19:24.359 what should officials do about this? Because there was a 0:19:24.400 --> 0:19:29.440 real worry that countries might go out and buy Hageland's products. 0:19:29.640 --> 0:19:32.359 I mean, that's what Hagland was making them for. And 0:19:32.520 --> 0:19:34.560 if they did that, they would all be able to 0:19:34.600 --> 0:19:38.280 communicate secretly, and the Americans would be unable to snoop 0:19:38.320 --> 0:19:42.000 out what was going on. And boy, howdy does America 0:19:42.040 --> 0:19:46.040 hate that. So American officials gave a sort of carrot 0:19:46.040 --> 0:19:49.720 and a stick offer to Hagland. So on the one hand, 0:19:50.200 --> 0:19:53.080 they were a big customer for his company, right, the 0:19:53.160 --> 0:19:59.240 United States represented a significant potential customer for Hageland's products. 0:19:59.560 --> 0:20:01.800 He didn't want that source of revenue to go away. 0:20:01.920 --> 0:20:06.439 So there was that They also had a whole bunch 0:20:06.480 --> 0:20:11.320 of old M two nine cipher devices that were manufactured 0:20:11.359 --> 0:20:15.359 in America during World War Two, and there was at 0:20:15.440 --> 0:20:19.879 least the implied threat that if Hagelan wouldn't be you know, 0:20:20.280 --> 0:20:24.919 cooperative with the US, maybe the Americans might let a 0:20:24.960 --> 0:20:28.040 few thousand M two nine s get sold off to 0:20:28.119 --> 0:20:31.760 countries around the world, and that would undercut Crypto's own 0:20:31.920 --> 0:20:35.879 sales in the process. I mean, if you are a 0:20:36.200 --> 0:20:39.439 country you know, the head of an agency in a 0:20:39.720 --> 0:20:44.119 smaller country with limited resources, and the United States says, hey, 0:20:44.200 --> 0:20:49.240 we'll sell you these old but totally working cipher machines 0:20:49.600 --> 0:20:52.880 for much less than that brand new, shiny cipher machine. 0:20:53.200 --> 0:20:55.040 You're going to go with the cheaper model as long 0:20:55.080 --> 0:20:58.439 as it works, and that means that Crypto would not 0:20:58.560 --> 0:21:04.520 be making any sale. Then there was William Friedman, Hageland's 0:21:04.560 --> 0:21:08.159 old buddy. In nineteen fifty one, Freeman was then serving 0:21:08.200 --> 0:21:11.320 as the head of the Cryptographic Division of the Armed 0:21:11.440 --> 0:21:16.800 Forces Security Agency or AFSA AFSA. The following year he 0:21:16.800 --> 0:21:19.679 would become the head of the Cryptology Department for the 0:21:19.840 --> 0:21:24.359 National Security Agency, or the NSA. But it was in 0:21:24.440 --> 0:21:27.080 nineteen fifty one when Friedman would act on behalf of 0:21:27.119 --> 0:21:31.920 the US government and met secretly with Hagelan in Washington, 0:21:32.040 --> 0:21:35.800 d c. So Friedman goes up to Hagelan with a 0:21:35.840 --> 0:21:42.159 fairly thorny proposition. The deal was this, Hageland was to 0:21:42.200 --> 0:21:45.880 continue creating cipher machines just as the company had been, 0:21:46.640 --> 0:21:51.040 but Crypto would only sell the most sophisticated of those 0:21:51.119 --> 0:21:54.399 machines to a list of countries that the United States 0:21:54.440 --> 0:21:59.320 would provide to Hageland, and that would represent countries with 0:21:59.400 --> 0:22:02.879 whom the un U had very good relations, so allies 0:22:02.920 --> 0:22:05.280 and that sort of thing. They were the only countries 0:22:05.320 --> 0:22:08.520 who would be allowed to buy the top of the 0:22:08.600 --> 0:22:13.160 line products. Crypto would be allowed to sell older, more 0:22:13.720 --> 0:22:17.600 vulnerable or weak machines to any country that was not 0:22:18.000 --> 0:22:20.760 on that list. So in other words, Freeman was asking 0:22:20.800 --> 0:22:25.359 Hegeland to kind of put on a preference list certain 0:22:25.440 --> 0:22:33.680 countries and then everyone else would get older, more vulnerable technologies. However, 0:22:33.960 --> 0:22:36.600 that's the extent of that deal. It didn't go further 0:22:36.680 --> 0:22:38.800 than that, but it's still a pretty big request, and 0:22:39.280 --> 0:22:42.560 you can kind of understand where the US was coming from. 0:22:42.920 --> 0:22:46.119 At least, you know, they clearly did not want the 0:22:46.200 --> 0:22:50.120 job to be even harder when it came to breaking codes. 0:22:50.680 --> 0:22:54.120 And Hegeland would ultimately agree to this deal, and whether 0:22:54.160 --> 0:22:56.679 it was he saw a guaranteed payout from the US 0:22:56.720 --> 0:22:59.040 and so it was strictly a business decision. He just 0:22:59.400 --> 0:23:02.000 fello was in Goswel to turn down this offer, or 0:23:02.040 --> 0:23:05.120 he felt a strong sense of loyalty toward a country 0:23:05.160 --> 0:23:07.520 that had made him a millionaire, or maybe it was 0:23:07.600 --> 0:23:10.639 some combination of these and other factors. I don't know, 0:23:10.720 --> 0:23:14.280 but whatever it was, he said yes, and this would 0:23:14.320 --> 0:23:18.040 mark the beginning of the US intelligence community having a 0:23:18.160 --> 0:23:23.200 direct interest in a company that was selling cryptographic equipment, 0:23:23.240 --> 0:23:26.320 that is Crypto. But at this point it was still 0:23:26.359 --> 0:23:30.000 a fairly limited agreement. Crypto could still sell equipment to 0:23:30.080 --> 0:23:33.119 countries all around the world, though any country that was 0:23:33.240 --> 0:23:36.439 not on the US Best Buddy list would only have 0:23:36.520 --> 0:23:40.680 access to the older devices. Now this wasn't because US 0:23:40.680 --> 0:23:44.240 officials were feeling benevolent or anything like that. I don't 0:23:44.280 --> 0:23:46.960 want to paint it as that. There was a very 0:23:47.040 --> 0:23:51.560 real desire in America to push Crypto for a much 0:23:51.600 --> 0:23:55.520 more shady deal. Intelligence officials were hoping that they could 0:23:55.600 --> 0:24:00.000 work directly with Crypto to design machines that were produced 0:24:00.119 --> 0:24:04.680 codes that Americans could quickly break. People would think they 0:24:04.680 --> 0:24:07.840 were sending secure messages, but in reality the Americans would 0:24:07.840 --> 0:24:11.200 be able to decode those messages fairly quickly. But William 0:24:11.200 --> 0:24:16.000 Friedman discouraged anyone from America from going to Hageland with 0:24:16.040 --> 0:24:19.040 such an offer for several years. He said Hageland would 0:24:19.040 --> 0:24:22.280 never go for it. It would be deeply offensive to him. 0:24:22.359 --> 0:24:25.560 You're going to destroy this relationship we have let's not 0:24:26.480 --> 0:24:29.919 you know, let's let's hold back rather than have a loss. 0:24:30.560 --> 0:24:33.000 And hey, there were other companies out there, right, I mean, 0:24:33.320 --> 0:24:36.159 it's not like you had to buy from Crypto or 0:24:36.200 --> 0:24:38.400 else you'd have no way to communicate secretly. You could 0:24:38.400 --> 0:24:42.800 always get cipher machines and cryptography machines from some other source, 0:24:42.920 --> 0:24:46.520 right well. Part of the deal that the US made 0:24:47.040 --> 0:24:50.879 included substantial amounts of money meant to go toward marketing. 0:24:51.200 --> 0:24:55.040 The US wanted Crypto to be the world leader in 0:24:55.119 --> 0:24:59.679 the market for this sort of device, mostly in an 0:24:59.720 --> 0:25:02.560 effort to make sure that some other crypto company didn't 0:25:02.560 --> 0:25:07.040 come along with better, more difficult to crack solutions, because 0:25:07.040 --> 0:25:09.560 that would just set America back again. So the US 0:25:09.800 --> 0:25:13.119 supplied money year after year to Crypto to renew this 0:25:13.200 --> 0:25:16.360 agreement and to keep the company going even if things 0:25:16.359 --> 0:25:19.879 should get lean, all the while trying to promote cryptos 0:25:20.000 --> 0:25:23.720 products and hold back any of Crypto's competitors. It was 0:25:23.760 --> 0:25:28.280 pretty brutal. Things slowly began to change as time went on. 0:25:28.720 --> 0:25:32.199 The Invention of the transistor would bring on tons of 0:25:32.200 --> 0:25:36.680 innovation and miniaturization. So in the past electric circuits were 0:25:36.800 --> 0:25:41.200 physically enormous because you had to have components like vacuum tubes, 0:25:41.560 --> 0:25:43.439