WEBVTT - When Secrets Aren't Secret 0:00:04.240 --> 0:00:07.240 Welcome to Tech Stuff, a production of I Heart Radios 0:00:07.320 --> 0:00:13.880 How Stuff Works. Hey there, and welcome to tech Stuff. 0:00:13.920 --> 0:00:16.919 I'm your host, Jonathan Strickland. I'm an executive producer with 0:00:16.960 --> 0:00:20.040 I Heart Radio and I love all things tech and 0:00:20.120 --> 0:00:23.400 you know. A few months back, I profiled the Chinese 0:00:23.400 --> 0:00:27.960 telecommunications company Huawei, which continues to be the focal point 0:00:28.120 --> 0:00:32.159 of scrutiny around the world. Huawei makes, among lots of 0:00:32.200 --> 0:00:37.360 other stuff, critical components for five gene network infrastructure. There's 0:00:37.400 --> 0:00:41.239 some folks who worry that entrusting telecommunications infrastructure to a 0:00:41.360 --> 0:00:45.680 Chinese company is essentially inviting the government of China to 0:00:45.840 --> 0:00:51.640 spy on everybody, companies, other countries, everyone. Other folks aren't 0:00:51.680 --> 0:00:55.360 as concerned about that, or they took Huawei officials at 0:00:55.360 --> 0:00:58.000 their word that the company has no real ties to 0:00:58.080 --> 0:01:02.080 the Chinese Communist government or its goals. But a recent 0:01:02.120 --> 0:01:05.720 story in The Washington Post and German broadcaster zd F 0:01:05.840 --> 0:01:07.640 China light on why it might be a good idea 0:01:07.680 --> 0:01:11.240 to view Whahwei with a critical eye, and another news 0:01:11.280 --> 0:01:16.280 item from the The Wall Street Journal showed that Huahwei 0:01:16.600 --> 0:01:22.000 has maintained a back door access to its networks for 0:01:22.200 --> 0:01:25.200 ten years So I want to talk about these stories, 0:01:25.280 --> 0:01:28.720 primarily focusing on the one from the Washington Post to 0:01:28.760 --> 0:01:34.000 talk about the business of communication and secrets and also 0:01:34.040 --> 0:01:37.240 the business of eavesdropping and why all of this gets 0:01:37.440 --> 0:01:43.320 real dodgy, real fast. So the initial story doesn't involve 0:01:43.600 --> 0:01:47.560 China or five G networks. It goes further back than that. 0:01:47.680 --> 0:01:51.320 It actually concerns a Swiss company called Crypto a G 0:01:51.960 --> 0:01:55.480 and its ties to the Central Intelligence Agent Agency a 0:01:55.600 --> 0:01:57.680 k a. The c i A in the United States. 0:01:58.000 --> 0:02:01.640 The story is all about the battle between secrecy and surveillance, 0:02:02.040 --> 0:02:04.720 and it's also about trust, as in, whom do you 0:02:04.760 --> 0:02:08.240 trust when you want to send a secure communication to 0:02:08.280 --> 0:02:12.800 someone else? If you're using some sort of technology to 0:02:13.040 --> 0:02:19.320 encrypt your stuff, who makes that that encryption you know, strategy, 0:02:19.360 --> 0:02:23.639 whether it's it's software or uh actual device or whatever 0:02:23.680 --> 0:02:26.680 it may be, who's making that and can they be trusted? 0:02:26.720 --> 0:02:29.800 And as it turns out, those are difficult questions to 0:02:29.840 --> 0:02:33.840 answer then would readily seem a parent Now, the story 0:02:33.919 --> 0:02:37.840 for this really begins with a Swedish inventor named Arvid 0:02:38.000 --> 0:02:43.520 gerard Dom who was born in eighteen sixty nine. He 0:02:43.560 --> 0:02:47.360 worked in textile mills before he would start creating his 0:02:47.400 --> 0:02:51.639 own version of a cipher machine sometime around nineteen fifteen 0:02:51.760 --> 0:02:56.120 or so. So, what the heck is a cipher machine? Heck? 0:02:56.160 --> 0:02:59.720 What's a cipher? Well, a cipher is a code. It's 0:02:59.720 --> 0:03:02.800 a way of hiding the meaning of a message. And 0:03:02.840 --> 0:03:07.520 there are a lot of different approaches to encoding information, uh, 0:03:07.560 --> 0:03:09.680 And there are a lot of strategies that actually employ 0:03:09.840 --> 0:03:14.440 multiple versions of this, multiple schemes. So, for example, one 0:03:14.480 --> 0:03:17.160 way to have a code is to use words that 0:03:17.280 --> 0:03:21.320 refer to something else. So instead of saying a military tank, 0:03:21.440 --> 0:03:24.760 you might say Thomas, you know, because you've got Thomas 0:03:24.800 --> 0:03:27.560 the tank engine. And you go from Thomas the tank 0:03:27.600 --> 0:03:31.440 engine to military tank and there you are. So if 0:03:31.480 --> 0:03:33.840 you referred to a Thomas, you might be talking about 0:03:33.840 --> 0:03:36.640 a tank. That would be a very bad code, or 0:03:36.640 --> 0:03:39.800 at least a very easy to decipher code. But that's 0:03:40.040 --> 0:03:43.000 a version of codes where you have a codebook that 0:03:43.120 --> 0:03:47.320 tells you what certain words or phrases actually are meant 0:03:47.400 --> 0:03:51.240 to convey. Then you have ciphers in which you replace 0:03:51.680 --> 0:03:55.080 the letters of a message with some other letter or symbol, 0:03:55.320 --> 0:03:58.880 And the simplest of these is a shift cipher, sometimes 0:03:58.920 --> 0:04:02.560 also called a c zer cipher. And with these ciphers, 0:04:02.760 --> 0:04:05.080 you write on a message, but you shift all the 0:04:05.160 --> 0:04:10.400 letters some predetermined number down or up the alphabet. So 0:04:10.520 --> 0:04:13.480 if you had a shift cipher with just one shift 0:04:13.680 --> 0:04:16.800 one step, that would mean that you would use the 0:04:16.880 --> 0:04:20.400 letter B to represent the letter A, you would use 0:04:20.440 --> 0:04:23.240 the letter C to represent the letter B, and so 0:04:23.320 --> 0:04:26.040 on down the alphabet. So if someone else were to 0:04:26.080 --> 0:04:29.440 get hold of the message at casual glance, the message 0:04:29.480 --> 0:04:32.160 would appear to be gibberish. But of course that particular 0:04:32.200 --> 0:04:35.920 cipher is super easy to decode, even if you are 0:04:35.920 --> 0:04:38.960 shifting further up or down the alphabet. Let's say you're 0:04:38.960 --> 0:04:42.839 shifting up ten spots instead of one. Well, just because 0:04:43.000 --> 0:04:46.880 of the nature of language, someone with even a little 0:04:46.880 --> 0:04:49.279 bit of patients would be able to probably break that 0:04:49.360 --> 0:04:53.360 code pretty quickly. Well. In the early twentieth century, inventors 0:04:53.360 --> 0:04:57.800 were working on mechanical systems that would create stronger ciphers, 0:04:57.880 --> 0:05:00.520 and initially these were mostly thought of as a way 0:05:00.560 --> 0:05:06.280 to protect business communications like financial communications between banks, for example, 0:05:06.720 --> 0:05:11.919 or sometimes political messages between different parts of the world, 0:05:11.960 --> 0:05:15.440 like a government and its embassy in another country. That 0:05:15.520 --> 0:05:18.800 over time they would be adopted by militaries around the 0:05:18.800 --> 0:05:22.320 world to send secret communications back and forth between headquarters 0:05:22.360 --> 0:05:25.440 and units in the field, and these communications needed to 0:05:25.440 --> 0:05:30.880 be much more secure than a Caesar cipher could potentially offer. 0:05:31.520 --> 0:05:35.640 So the basic idea behind these cipher machines was that 0:05:35.680 --> 0:05:38.440 you would have a device. Sometimes it would look like 0:05:38.480 --> 0:05:41.279 a typewriter, sometimes it would have a hand crank on it, 0:05:41.600 --> 0:05:45.280 but typically there'd be at least one dial, if not 0:05:45.480 --> 0:05:48.640 several dials, and perhaps some other components that would allow 0:05:48.640 --> 0:05:52.359 the operator to set the machine to establish the cipher. 0:05:53.000 --> 0:05:56.520 So you choose your settings, and then the operator would 0:05:56.520 --> 0:06:00.320 take a message that is meant to be encoded and 0:06:00.360 --> 0:06:03.120 then put it through this machine in some way. Maybe 0:06:03.160 --> 0:06:06.359 they're using a keyboard, maybe they're using a series of 0:06:06.440 --> 0:06:10.960 keys and levers. However it may be they're actually typing 0:06:11.000 --> 0:06:15.080 out the message in plain text. But the cipher machines 0:06:15.120 --> 0:06:17.800 would have some sort of gears or other chains or 0:06:17.880 --> 0:06:21.000 systems that would turn with each letter type, and it 0:06:21.000 --> 0:06:23.800 would change the cipher as it did, so change the 0:06:23.880 --> 0:06:26.599 nature of it. And this was a really clever way 0:06:26.720 --> 0:06:30.960 to confound code breakers, particularly if the machine was really 0:06:31.000 --> 0:06:35.359 well designed. So let's say you are an operator and 0:06:35.640 --> 0:06:39.200 you have the word book that you need to encode 0:06:39.400 --> 0:06:41.919 using one of these machines. So you have one of 0:06:41.920 --> 0:06:46.000 these particular machines, You type the letter B into the device, which, 0:06:46.000 --> 0:06:49.560 because of the settings for this particular session, will now 0:06:49.640 --> 0:06:52.960 print out the letter G. So the letter G means 0:06:53.240 --> 0:06:57.159 be with this particular cipher. The gears inside the machine 0:06:57.200 --> 0:07:00.560 turn after you've typed in the letter B, which prints 0:07:00.560 --> 0:07:03.200 out is G, So now the cipher is actually different. 0:07:03.560 --> 0:07:06.400 You type in the first OH in book and you 0:07:06.440 --> 0:07:09.880 get another G because of the way the cipher works. 0:07:10.360 --> 0:07:13.400 Then the gears turn again. You type in the second OH, 0:07:13.440 --> 0:07:16.200 and now the machine prints out the letter F. The 0:07:16.200 --> 0:07:18.880 gears turn again, you type out the letter K, and 0:07:18.960 --> 0:07:22.360 you get the print out of K, so the printed 0:07:22.400 --> 0:07:28.120 word says G G F K rather than book. Well, 0:07:28.160 --> 0:07:31.120 to decode the message, you would typically need the same 0:07:31.160 --> 0:07:33.840 sort of machine that was used to encode it, and 0:07:33.880 --> 0:07:36.280 you would need to know what settings the operator had 0:07:36.320 --> 0:07:38.840 been using when they started the message, and you would 0:07:38.840 --> 0:07:42.960 have to set up your machine to mirror that, and 0:07:43.000 --> 0:07:46.320 then you would end up taking the encoded message and 0:07:46.320 --> 0:07:49.320 you would start typing that out and the process would 0:07:49.400 --> 0:07:52.360 essentially reverse itself, and it would allow the operator to 0:07:52.440 --> 0:07:56.920 read out the original message. So in our example, the 0:07:57.000 --> 0:07:59.560 operator on the other side would take g g F 0:07:59.720 --> 0:08:02.440 K and enter that into their machine and they would 0:08:02.440 --> 0:08:06.320 get the print out book. Now a couple of caveats here. 0:08:07.000 --> 0:08:10.320 Not all cipher machines are created equal right or were 0:08:10.440 --> 0:08:15.400 used to their best advantage. Sometimes people made bad decisions 0:08:15.440 --> 0:08:19.560 when it came to either designing cipher machines or implementing them. 0:08:19.680 --> 0:08:22.720 For example, the big wigs might decide that in no 0:08:22.840 --> 0:08:27.640 circumstance would you ever have a letter represented by itself. 0:08:27.680 --> 0:08:30.440 You would never allow that to happen. So in the 0:08:30.480 --> 0:08:34.959 example I just gave where g g F K means book, 0:08:35.640 --> 0:08:38.880 that last k wouldn't work. You would have to have 0:08:39.000 --> 0:08:42.480 them the device go to a different letter because it 0:08:42.480 --> 0:08:46.120 would not allow itself to replicate a letter with the 0:08:46.160 --> 0:08:50.240 representation of itself. Other rules that could cause problems on 0:08:50.280 --> 0:08:52.800 the role road might be a rule against the doubling 0:08:53.000 --> 0:08:55.920 of letters like the g G in g g F K. 0:08:56.640 --> 0:09:00.480 And the reason that these are problems is that if 0:09:00.520 --> 0:09:03.840 you have a code breaker who's really looking at these 0:09:03.840 --> 0:09:07.120 codes closely, and that code breaker starts to figure out 0:09:07.120 --> 0:09:10.480 that there are restrictions to the code they can build 0:09:10.559 --> 0:09:13.400 that into their code breaking models in an effort to 0:09:13.480 --> 0:09:16.880 crack the code, because as you put in restrictions, that 0:09:16.920 --> 0:09:20.280 means you're reducing variables. And anyone who has worked in 0:09:20.320 --> 0:09:24.480 any sort of mathematics, particularly stuff like algebra, you know 0:09:25.080 --> 0:09:28.880 that to solve complicated problems you need to reduce variables. 0:09:28.920 --> 0:09:33.079 As you reduce variables, you make it easier to solve problems. 0:09:33.120 --> 0:09:35.080 So it was actually this sort of thing that would 0:09:35.160 --> 0:09:38.720 lead to the British cryptographers breaking German codes during World 0:09:38.720 --> 0:09:43.360 War Two. It wasn't that the technology itself was necessarily faulty. 0:09:43.440 --> 0:09:46.720 It was that the Germans were kind of using bad 0:09:46.800 --> 0:09:51.080 methodology with some of their their equipment, and that's what 0:09:51.400 --> 0:09:55.240 gave an in road for code breakers. Now, if you 0:09:55.280 --> 0:09:59.199 want to learn way more about how these machines actually work, 0:09:59.640 --> 0:10:03.319 you can listen to tech Stuff Ponders and Enigma. That's 0:10:03.320 --> 0:10:07.680 a classic episode that originally published way back on October nineteen, 0:10:07.880 --> 0:10:11.079 two thousand eleven, and I actually did a tech Stuff 0:10:11.160 --> 0:10:15.760 classic rerun of that episode on October twelfth, two thousand eighteen. 0:10:16.360 --> 0:10:20.440 The Enigma machine is the most famous cipher device that 0:10:20.520 --> 0:10:23.280 was made in the early twentieth century. It was made 0:10:23.880 --> 0:10:26.840 and used by the Germans, and it was used extensively 0:10:27.040 --> 0:10:30.040 by the German military during World War Two. And in 0:10:30.080 --> 0:10:32.600 that podcast, my old co host Chris Pallette and I 0:10:32.640 --> 0:10:36.840 talked about how a really good cipher, one that's super 0:10:36.920 --> 0:10:40.040 hard to crack, is also a pain in the patukas 0:10:40.520 --> 0:10:44.120 to use because of that complexity, and that's mainly why 0:10:44.160 --> 0:10:47.679 officials would put rules in place that ultimately would serve 0:10:47.720 --> 0:10:51.560 as the downfall for their technology, because using the tech 0:10:51.640 --> 0:10:54.720 without those rules in place was possible, but not always 0:10:54.880 --> 0:10:58.280 fast enough to be practical. This would prove to be 0:10:58.320 --> 0:11:01.080 a problem with cryptography and gen role. You want a 0:11:01.120 --> 0:11:04.880 system that's secure enough that you're reasonably certain a person 0:11:04.920 --> 0:11:08.240 who intercepts the message would be unable to make head 0:11:08.320 --> 0:11:10.320 or tail of it, right, That's the whole purpose of 0:11:10.320 --> 0:11:14.920 cryptography is to make any unauthorized person incapable of reading 0:11:14.960 --> 0:11:18.920 the message. But you also want your solution to be 0:11:18.960 --> 0:11:22.960 practical enough that your intended recipient can decode the message 0:11:23.160 --> 0:11:26.440 with a minimum of fuss, particularly if it relates to 0:11:26.520 --> 0:11:30.200 a time sensitive issue. So in this case, you had 0:11:30.280 --> 0:11:33.920 Germans using the same settings on their Enigma machines for 0:11:34.080 --> 0:11:37.360 longer than they were supposed to, or they were co 0:11:37.600 --> 0:11:41.120 locating codebooks with the Enigma machines and those fell into 0:11:41.200 --> 0:11:45.520 Allied hands who were able to use those to decode messages. 0:11:45.760 --> 0:11:50.400 To this day, balancing out practical applications with security remains 0:11:50.400 --> 0:11:54.320 a challenge. It may make it take longer for a 0:11:54.320 --> 0:11:57.360 message to get through from one point to another, which 0:11:57.400 --> 0:12:00.520 a lot of people don't accept in the age of 0:12:00.920 --> 0:12:04.160 information traveling at the speed of light, or it just 0:12:04.280 --> 0:12:09.199 maybe a pain to encrypt and decrypt, which also ends 0:12:09.280 --> 0:12:13.640 up becoming a barrier to adoption and implementation. Okay, let's 0:12:13.640 --> 0:12:16.920 get back to our story. So it's the nineteen tens. 0:12:17.000 --> 0:12:20.760 Rights around nineteen fifteen, Ared Garad Doam has patented an 0:12:20.840 --> 0:12:24.800 encryption device. He got that patent by nineteen nineteen, and 0:12:24.880 --> 0:12:28.440 to manufacture and market the device, don would work with 0:12:28.480 --> 0:12:33.760 business partners to create a company originally called Cryptograph or 0:12:33.840 --> 0:12:37.480 a b Cryptograph, and one of Dom's investors was a 0:12:37.520 --> 0:12:41.800 guy named Carl Wilhelm Haglin who had made his money 0:12:41.840 --> 0:12:45.000 in Russia in the oil business. But then the Russian 0:12:45.040 --> 0:12:48.480 Revolution happened and Haglin fled with his family and they 0:12:48.520 --> 0:12:52.600 returned to Haglin's homeland of Sweden. They brought the family 0:12:52.640 --> 0:12:56.920 with them and uh and Boris Hagelin was was Carl 0:12:56.960 --> 0:13:00.080 Wilhelm Haglin's son, and Boris was given a position and 0:13:00.640 --> 0:13:04.960 in Dom's company in return for this financial investment from 0:13:05.000 --> 0:13:07.839 his father. Now Boris would actually prove to be quite 0:13:07.840 --> 0:13:11.760 the entrepreneur. In nineteen twenty five, he would take over 0:13:11.960 --> 0:13:15.640 the company entirely. He became the new head of the company. 0:13:15.679 --> 0:13:19.640 He would rename it Crypto Technic in nineteen thirty two, 0:13:20.080 --> 0:13:23.080 and then when the Nazis rose to power, he fled 0:13:23.240 --> 0:13:27.559 Sweden for Switzerland and re established his company there. And 0:13:27.720 --> 0:13:30.880 it was this company that he established that would later 0:13:31.040 --> 0:13:34.559 become known as Crypto a g the focus of our 0:13:34.720 --> 0:13:38.760 episode really. In the meantime, his company continued to produce 0:13:38.920 --> 0:13:42.439 new cipher machines, incorporating new features in an effort to 0:13:42.480 --> 0:13:45.880 build machines that were able to create stronger codes. And 0:13:45.920 --> 0:13:49.480 again this was mostly for business use or occasional government use, 0:13:49.760 --> 0:13:52.160 but the rise of World War Two would create a 0:13:52.160 --> 0:13:55.640 new market as military sought ways to send messages securely 0:13:56.040 --> 0:13:59.040 without fear that their plans would be shown to an enemy, 0:13:59.440 --> 0:14:02.679 and that when the United States would enter into the picture, 0:14:02.920 --> 0:14:06.200 setting the stage for the company's future in ways Haglin 0:14:06.440 --> 0:14:11.240 could not have anticipated. I'll explain more when we come back, 0:14:11.280 --> 0:14:21.920 but first let's take a quick break. So, when World 0:14:21.960 --> 0:14:25.960 War two broke out, the United States military would become 0:14:26.120 --> 0:14:29.280 one of Crypto a g s customers, and when the 0:14:29.360 --> 0:14:34.200 Nazis invaded Norway in Haglin would again move operations. This 0:14:34.240 --> 0:14:38.600 time he moved to the United States. His company's encryption device, 0:14:38.760 --> 0:14:41.640 known as the M two oh nine, would be produced 0:14:41.720 --> 0:14:45.160 in the US. According to The Washington Post, there was 0:14:45.160 --> 0:14:47.960 a typewriter factory in upstate New York that would end 0:14:48.080 --> 0:14:52.160 up making around a hundred forty thousand of these M 0:14:52.200 --> 0:14:56.720 two oh nine encryption devices, and Haglin negotiated with the U. S. 0:14:56.800 --> 0:15:01.560 Army and landed an eight point six million dollar contract. 0:15:02.000 --> 0:15:06.600 A princely some today, but certainly a princely some way 0:15:06.600 --> 0:15:12.440 back in nineteen Haiglin's devices lacked the sophistication of Germany's 0:15:12.560 --> 0:15:16.720 Enigma machine. They weren't nearly as complex, nor were they 0:15:16.960 --> 0:15:23.440 as capable of creating very tough encryption, so code breakers 0:15:23.560 --> 0:15:27.000 could suss out the original messages that were created on 0:15:27.040 --> 0:15:29.560 an M to two oh nine if they were given 0:15:29.640 --> 0:15:33.040 enough time and attention, and for that reason the army 0:15:33.160 --> 0:15:38.560 primarily relied on these devices to disguise extremely time sensitive orders. 0:15:38.800 --> 0:15:41.720 So the logic was, by the time someone had actually 0:15:41.760 --> 0:15:45.640 broken the code, the information would be worthless anyway, because 0:15:45.680 --> 0:15:49.040 whatever was being covered in the message would have already happened. 0:15:49.400 --> 0:15:52.280 It would have been something that was more imminent, so 0:15:52.320 --> 0:15:54.240 you wouldn't be able to act on the information, even 0:15:54.280 --> 0:15:56.480 though you'd be able to at least decode what had 0:15:56.560 --> 0:15:59.840 been said. So you wouldn't want to use these devices 0:15:59.880 --> 0:16:04.880 for any sort of long term plans because they were crackable. 0:16:05.040 --> 0:16:09.200 People could crack the codes we given enough a time now. 0:16:09.920 --> 0:16:13.720 Around that same time, Haglin became good friends with another 0:16:13.760 --> 0:16:19.080 cryptographer named William Friedman. Freeman was born in Russia. Actually, 0:16:19.120 --> 0:16:24.480 so was Haglin. Haglin's parents were Swedish, but when they 0:16:24.480 --> 0:16:28.280 had Boris he was the family was in Russia, so 0:16:28.400 --> 0:16:31.720 Freedman's family left Russia when Freedman was just a baby 0:16:32.000 --> 0:16:35.040 back in eighteen ninety two due to a rise in 0:16:35.160 --> 0:16:39.360 anti Semitism in Russia, and Freedman his family is Jewish. 0:16:39.600 --> 0:16:44.480 So Freeman grew up loving codes and cryptography and became 0:16:44.520 --> 0:16:49.000 fascinated with them. Uh, he joined a private research lab. 0:16:49.440 --> 0:16:52.440 He met and then courted and then married a woman 0:16:52.520 --> 0:16:57.000 named Elizabeth Smith, who on her own was an accomplished cryptographer, 0:16:57.040 --> 0:17:00.720 a brilliant cryptographer, and they both sort of worked for 0:17:00.880 --> 0:17:03.280 George Fabian, and that was the guy who owned the 0:17:03.320 --> 0:17:06.320 private research lab. Fabian sounds like the sort of person 0:17:06.400 --> 0:17:11.359 who really belonged in the Renaissance as far as I'm concerned. 0:17:11.680 --> 0:17:15.080 In the Renaissance, you had rich nobles who would become 0:17:15.119 --> 0:17:21.560 patrons of great thinkers and philosophers and artists. Fabian he 0:17:21.680 --> 0:17:24.560 established this private research lab in order to look into 0:17:24.600 --> 0:17:26.760 stuff that he just thought was interesting, which I think 0:17:26.840 --> 0:17:30.199 is kind of cool, maybe a little eccentric. Well, when 0:17:30.240 --> 0:17:34.399 the United States entered World War One, the Freedman's husband 0:17:34.440 --> 0:17:37.399 and wife would work in code breaking for the United States, 0:17:37.880 --> 0:17:42.239 and the cryptologic division of the research lab became the 0:17:42.280 --> 0:17:47.600 genesis for the American Cryptography Service, So William Freeman would 0:17:47.640 --> 0:17:50.840 later become the chief crypto analyst. In fact, he termed 0:17:51.000 --> 0:17:54.880 the are, coined the term crypto analysis for the United States, 0:17:54.960 --> 0:17:59.640 and would lead the future Signals Intelligence Service before going 0:17:59.640 --> 0:18:03.800 on to serve in other intelligence agencies as a cryptographer, 0:18:04.080 --> 0:18:07.719 so Freedman was very much working in the same world 0:18:07.840 --> 0:18:10.240 as Hagland, though you could say that these were from 0:18:10.240 --> 0:18:13.920 opposing perspectives, right, because Hagland's company was all about producing 0:18:13.920 --> 0:18:17.800 machines that could in cipher messages, while Freedman was largely 0:18:17.920 --> 0:18:22.000 interested in finding methods to de cipher codes. Though Freeman 0:18:22.040 --> 0:18:24.800 also worked in in theory as well to talk about 0:18:24.880 --> 0:18:28.400 different ways to create stronger ciphers. And we'll come back 0:18:28.440 --> 0:18:31.320 to Freedman in just a moment. So Haglin would stay 0:18:31.320 --> 0:18:34.600 in the US until World War Two ended in Europe, 0:18:34.880 --> 0:18:37.960 and he had become extremely wealthy due to the lucrative 0:18:38.040 --> 0:18:40.640 army contract he had made, and he had built many 0:18:40.680 --> 0:18:43.359 professional and personal relationships in the United States, so he 0:18:43.400 --> 0:18:47.440 would have strong ties to the US. He then returned 0:18:47.520 --> 0:18:52.160 to Europe to again re establish his company there. Meanwhile, 0:18:52.720 --> 0:18:56.120 American intelligence officials were starting to get a little worried 0:18:56.359 --> 0:19:00.680 because code breaking was growing increasingly difficult due to sophisticated 0:19:00.680 --> 0:19:05.720 machines running complicated systems to create these codes. And if 0:19:05.760 --> 0:19:09.600 you had little insight into how those machines worked or 0:19:09.880 --> 0:19:13.840 which systems they were following at any given time, you 0:19:13.880 --> 0:19:16.439 had really little hope of breaking a code in a 0:19:16.480 --> 0:19:19.199 reasonable amount of time. So it's very clear that a 0:19:19.200 --> 0:19:23.240 lot of people were having really secret conversations that American 0:19:23.320 --> 0:19:26.920 spies were unable to decipher, and that just rubbed the 0:19:26.960 --> 0:19:31.400 Americans the wrong way. I'm gonna get a little critical 0:19:31.640 --> 0:19:35.920 of my country in this episode. Uh. Anyway, in nineteen 0:19:36.000 --> 0:19:40.600 fifty one, Haigland's company introduced the c X fifty two 0:19:40.760 --> 0:19:44.359 cipher machine, and this one was sophisticated enough to present 0:19:44.359 --> 0:19:48.960 a code that American intelligence agents viewed as practically unbreakable 0:19:49.000 --> 0:19:53.440 at the time, and that in turn prompted some heated 0:19:53.560 --> 0:19:58.399 internal discussions within the U. S Intelligence community and what 0:19:58.480 --> 0:20:00.960 should officials do about this? Because there was a real 0:20:01.080 --> 0:20:05.840 worry that countries might go out and buy Haglin's products. 0:20:06.040 --> 0:20:08.800 I mean, that's what Haglin was making them for, and 0:20:08.880 --> 0:20:10.920 if they did that, they would all be able to 0:20:10.960 --> 0:20:14.840 communicate secretly and Americans would be unable to snoop out 0:20:14.840 --> 0:20:18.920 what was going on. And boy, howdy does America hate that. 0:20:19.400 --> 0:20:22.639 So American officials gave a sort of carrot and a 0:20:22.760 --> 0:20:26.840 stick offer to Haglin. So on the one hand, they 0:20:27.119 --> 0:20:29.840 were a big customer for his company. Right the United 0:20:29.880 --> 0:20:36.000 States represented a significant potential customer for Hagland's products. He 0:20:36.040 --> 0:20:38.520 didn't want that source of revenue to go away. So 0:20:39.000 --> 0:20:42.959 there was that they also had a whole bunch of 0:20:43.000 --> 0:20:47.679 old M two o nine cipher devices that were manufactured 0:20:47.720 --> 0:20:51.760 in America during World War Two, and there was at 0:20:51.800 --> 0:20:56.239 least the implied threat that if Haglin wouldn't be you know, 0:20:56.600 --> 0:21:01.120 cooperative with the US, maybe the America can might let 0:21:01.160 --> 0:21:04.320 a few thousand M two oh nine's get sold off 0:21:04.320 --> 0:21:07.879 to countries around the world, and that would undercut Crypto's 0:21:07.960 --> 0:21:11.160 own sales in the process. I mean, if you are 0:21:12.200 --> 0:21:14.919 a kind of you know, the head of an agency 0:21:15.200 --> 0:21:19.879 in a smaller country with limited resources, and the United 0:21:19.920 --> 0:21:23.119 States says, hey, we'll sell you these old but totally 0:21:23.240 --> 0:21:27.840 working cipher machines for much less than that brand new, 0:21:27.880 --> 0:21:31.040 shiny cipher machine. You're gonna go with the cheaper model 0:21:31.080 --> 0:21:34.240 as long as it works, and that means that Crypto 0:21:34.400 --> 0:21:38.800 would not be making any sales. Uh. Then there was 0:21:38.880 --> 0:21:43.760 William Freedman, Haglin's old buddy. In nineteen fifty one. Freeman 0:21:43.840 --> 0:21:46.840 was then serving as the head of the cryptographic Division 0:21:46.960 --> 0:21:50.840 of the Armed Forces Security Agency or AFSA. A f 0:21:51.280 --> 0:21:54.160 s A. The following year he would become the head 0:21:54.240 --> 0:21:58.199 of the cryptology Department for the National Security Agency or 0:21:58.280 --> 0:22:02.560 the n s A. It was in when Freedman would 0:22:02.560 --> 0:22:05.200 act on behalf of the U. S Government and met 0:22:05.560 --> 0:22:10.199 secretly with Haglin in Washington, d C. So Freedman goes 0:22:10.280 --> 0:22:17.080 up to Haglin with a fairly thorny proposition. The deal 0:22:17.160 --> 0:22:21.239 was this, Haglin was to continue creating cipher machines just 0:22:21.280 --> 0:22:24.920 as the company had been, but Crypto would only sell 0:22:25.200 --> 0:22:29.240 the most sophisticated of those machines to a list of 0:22:29.280 --> 0:22:33.080 countries that the United States would provide to Haglin, and 0:22:33.160 --> 0:22:37.160 that would represent countries with whom the US had very 0:22:37.200 --> 0:22:40.720 good relations, so allies and that sort of thing. They 0:22:40.720 --> 0:22:43.040 were the only countries who would be allowed to buy 0:22:43.600 --> 0:22:47.719 the top of the line products. Crypto would be allowed 0:22:47.760 --> 0:22:52.880 to sell older, more vulnerable or weak machines to any 0:22:52.920 --> 0:22:56.080 country that was not on that list. So, in other words, 0:22:56.280 --> 0:23:00.399 Freeman was asking Haglin to kind of put on a 0:23:00.440 --> 0:23:05.840 preference list certain countries and then everyone else would get older, 0:23:06.600 --> 0:23:11.879 more vulnerable technologies. Uh. However, that's the extent of that deal. 0:23:12.080 --> 0:23:14.040 It didn't go further than that, but it's still a 0:23:14.040 --> 0:23:17.600 pretty big request. And you can kind of understand where 0:23:17.640 --> 0:23:20.639 the US was coming from. At least, you know, they 0:23:21.440 --> 0:23:23.760 clearly did not want the job to be even harder 0:23:23.880 --> 0:23:28.600 when it came to breaking codes. And Haglin would ultimately 0:23:28.640 --> 0:23:31.280 agree to this deal. And whether it was he saw 0:23:31.359 --> 0:23:33.600 a guaranteed payout from the US and so it was 0:23:33.600 --> 0:23:36.720 strictly a business decision. He just felt it was impossible 0:23:36.760 --> 0:23:39.560 to turn down this offer, or he felt a strong 0:23:39.640 --> 0:23:42.320 sense of loyalty toward a country that had made him 0:23:42.320 --> 0:23:45.320 a millionaire, or maybe it was some combination of these 0:23:45.359 --> 0:23:47.959 and other factors. I don't know, but whatever it was, 0:23:48.280 --> 0:23:51.919 he said yes. And this would mark the beginning of 0:23:51.960 --> 0:23:55.840 the U S intelligence community having a direct interest in 0:23:55.920 --> 0:24:00.920 a company that was selling cryptographic equipment, that is Crypto. 0:24:01.240 --> 0:24:04.440 But at this point it was still a fairly limited agreement. 0:24:04.560 --> 0:24:07.639 Crypto could still sell equipment to countries all around the world, 0:24:08.040 --> 0:24:11.280 though any country that was not on the US Best 0:24:11.359 --> 0:24:14.280 Buddy list would only have access to the older devices. 0:24:14.800 --> 0:24:19.480 Now this wasn't because US officials were feeling benevolent or 0:24:19.520 --> 0:24:21.639 anything like that. I don't want to paint paint in 0:24:21.680 --> 0:24:25.320 his that there was a very real desire in America 0:24:25.600 --> 0:24:30.240 to push Crypto for a much more shady deal. Intelligence 0:24:30.280 --> 0:24:33.920 officials were hoping that they could work directly with Crypto 0:24:34.000 --> 0:24:38.040 to design machines that would produced codes that Americans could 0:24:38.200 --> 0:24:42.400 quickly break. People would think they were sending secure messages, 0:24:42.600 --> 0:24:45.160 but in reality the Americans would be able to decode 0:24:45.160 --> 0:24:49.440 those messages fairly quickly. But William Friedman discouraged anyone from 0:24:49.440 --> 0:24:53.360 America from going to Hagland with such an offer for 0:24:53.400 --> 0:24:56.679 several years. He said Haglin would never go for it. 0:24:56.680 --> 0:24:59.199 It would be deeply offensive to him. You're going to 0:24:59.240 --> 0:25:03.000 destroy this or relationship we have. Let's not you know, 0:25:03.080 --> 0:25:06.280 let's let's let's hold back rather than have a loss. 0:25:06.960 --> 0:25:09.320 And hey, there were other companies out there, right, I mean, 0:25:09.480 --> 0:25:12.280 it's it's not like you had to buy from Crypto 0:25:12.440 --> 0:25:14.520 or else you'd have no way to communicate secretly. You 0:25:14.560 --> 0:25:18.600 could always get cipher machines and cryptography machines from some 0:25:18.680 --> 0:25:22.159 other source, right well. Part of the deal that the 0:25:22.280 --> 0:25:26.000 US made included substantial amounts of money meant to go 0:25:26.119 --> 0:25:30.160