The Soviets had long since understood the vulnerabilities of cryptographic systems to an attack by a sophisticated opponent like NSA, but there were still reasons for hope that as long as the wall of secrecy remained intact, less sophisticated targets, including many smaller nations, might continue to be unaware of just how readable their codes could be. The East German police, remarkably, continued to use the Enigma for manual Morse code messages as late as 1956; NSA retained one of its more than one hundred World War II–era bombes in Building 4 of the Navy’s Nebraska Avenue installation just to break this traffic, using bombe menus couriered over from Arlington Hall each day. (The police signals were mostly mundane reports of insignificant arrests and fires, but NSA appears to have kept tabs on the traffic in support of the Berlin Tunnel operation, watching for indications that the East Berlin police had noticed the tunnel’s construction or were about to take action to expose it.)13
Although some of this reliance on old machines may indeed have been cryptographic innocence of the kind that NSA wished to keep blissfully undisturbed, the force of sheer bureaucratic inertia was not to be discounted as an explanation either. During World War II, for example, the Germans had been confronted with repeated evidence that the Enigma was insecure but steadfastly refused to believe it possible. It had similarly taken months of maddening bureaucratic wrestling within the U.S. Navy in the spring of 1943 for Op-20-G to convince top naval commanders that the Germans must have broken the U.S.-British convoy codes, which contained information about the timing and routes of merchant ships crossing the Atlantic. First they had to overcome security restrictions that prohibited the American cryptanalysts from looking at the Allies’ own signals. But when they finally were permitted to do so it was unmistakable that Enigma messages sent to Nazi U-boats, containing exact information on “expected convoys” with latitudes and longitudes specified to one degree and speeds to a tenth of a knot, coincided precisely with identical information transmitted just before in the Allied convoy code.14 Knowing that the cost and difficulty of ordering a wholesale replacement of a code system was a huge deterrent to any cryptological department venturing on such a decision, all the more so when dealing with the militaries and foreign offices of totalitarian states, run by powerful men who did not look kindly on technical experts who presumed to meddle in their business. It was always easier to take refuge in the belief that the existing codes were good enough.
Cryptographic innocence and bureaucratic inertia both played a part in a shadowier effort by NSA from the late 1950s on to ensure that the Hagelin machines used by dozens of smaller countries remained readable. After the war, Boris Hagelin had moved his development work to Switzerland to escape a Swedish law that allowed the government to appropriate inventions deemed necessary for national defense, establishing the Hagelin Laboratory in Zug, a beautiful lakeside town in central Switzerland. (The entire firm subsequently moved there in 1959, reincorporated as Crypto AG.)
Hagelin had also become a close personal friend of William Friedman’s, going back to before the war when Hagelin first tried to interest the U.S. Army in his B-211 and M-209 machines; the Army’s subsequent contract to build under license 140,000 M-209s (which were still being used for tactical low-level field communications into the early 1960s) earned Hagelin’s gratitude, and made him a millionaire.
The two friends shared a certain familiar Russian gloominess—Hagelin was born in Baku in 1892, one year after Friedman’s birth in Kishinev—which they instantly recognized in each other. “We were both born in Russia. But more important was that we were neurotics,” Hagelin once observed, not entirely joking. “We both suffered from depressions, but never at the same time—so we could help one another.”15 The men exchanged dozens of letters over the following years, sharing news of their children, their ailments real and imagined, their vacations and travels, often enclosing jokey or sentimental little gifts.
As early as 1950, Friedman was undertaking informal discussions with his friend Boris about AFSA’s and CIA’s concerns that Hagelin’s new postwar models might “cause some previously readable sources to disappear.” A much-improved machine called the CX-52 that Hagelin was about to put on the market employed a bank of rotors that moved in a far more complex fashion than the predictable stepping of the M-209; on some versions of the machine the user could rearrange at will the letters of the alphabet on the input and type wheels, adding an extra substitution (much like the plugboard of the Enigma) that utterly defeated the standard cryptanalytic attack of subtracting two messages in depth. Hagelin had also devised a drop-in module for the CX-52 that replaced the rotor bank with a random-tape reader to allow the device to be used for one-time encipherment. His new line of “Telecrypto” machines similarly used either a standard Hagelin rotor assembly or a prepared key tape to encrypt a standard teleprinter’s five-bit output.16
In July 1954, Canine asked Friedman to see if he could find out what countries had placed orders for the CX-52. Then in December 1954, Canine sought USCIB’s approval of a Top Secret plan to send Friedman to Zug to present a “proposal to Mr. Hagelin.”17 The details remained classified six decades later, but reports from Friedman and other NSA representatives who followed up on the matter noted the “unexpectedly successful” outcome of their discussions. Friedman wrote Boris in November 1956, “I was particularly glad to learn that everything is going along as planned, and that you remain content with the arrangement which was initiated several years ago.”18
From partially declassified documents released in 2015, it was clear that the core of the deal was NSA’s promise that it would certify the CX-52 for purchase by NATO countries, throwing a substantial amount of new business Hagelin’s way. Friedman reported after his first visit that Hagelin, who had accepted the proposal on the spot “without any reservations,” was especially grateful for NSA’s understanding that he wanted to avoid “any relationship” in which direct payment “would play a prominent part.” (An earlier proposal, apparently pushed by CIA, to pay Hagelin $700,000 outright apparently fell through, and Friedman subsequently warned Canine on several occasions that “Hagelin could not be bought with money alone.”)19
In return, Hagelin apparently undertook not to sell his most secure devices to non-NATO countries. As Hagelin wrote Friedman in August 1956 when he learned that a rival firm, the German company Siemens, was planning to sell a one-time-tape device to Egypt, “We have warned Siemens now that this will surely be frowned on by the NATO; but I doubt very much that our word shall have much weight with them. But for my own business, even if I am quite satisfied to keep my end of the ‘gentlemens agreement,’ from purely sentimental reasons, it is no fun to lose business on this basis.”20
Friedman formally retired from NSA in August 1955, but in 1957 and 1958 again took extended trips to Europe on NSA official business that included visits to Boris in Zug, where they had further discussions about their “gentleman’s agreement.” At one of those meetings company officials revealed another favor they were doing NSA’s codebreakers: the company had decided it would produce the Telecrypto machines in three different versions. Outwardly they would appear more or less identical, but in fact they would incorporate varying levels of security. Category 1, the most secure, was reserved for NATO countries; Category 2 was for “friendly neutral countries”; and Category 3 for countries of “doubtful orientation” or “leaning toward the USSR,” such as India, Egypt, and Indonesia. The operating instructions for each version were to be distinguishable only by “secret marks” printed on them.21
The most extraordinary part of the “gentleman’s agreement” involved Hagelin’s allowing NSA to secretly write the operating manual for NATO customers of the CX-52; even Hagelin himself would not be permitted to see the resulting instructions for “proper usage” of his own machines. The intent seems to have been mainly to improve the security of NATO communications, but there is at least a hint in the documentary record that NSA may have been out to ensure that it retained its ow
n ability to read the traffic of its allies as well.22
On August 8, 1958, Friedman wrote to Howard Engstrom, who had just left the agency as deputy director, with a circumspect allusion to the current state of the “Boris deal”:
I have also to report to you, either with tears or laughter, I don’t know which, that Sammy [NSA director John A. Samford] made it crystal clear to me, in words of one syllable, that he did not want me to write any more to our friend Boris except on social matters. The thing is now in the hands of you-know-who and he thinks that we (including, especially, myself) should have absolutely nothing to do with it any longer. I am beginning to wonder, in connection with this project, whose ox is being gored? To whose interest is it that the project go through successfully?
Engstrom replied, “I am very anxious to find out how the Boris deal is coming and hope it doesn’t die after all the effort you expended on it.” The writer James Bamford speculated that “you-know-who” was CIA, whose Staff D was definitely seeking ways to defeat target cryptosystems by means other than cryptanalytic.23
The trail disappeared there but popped up two decades later in 1976, when the British writer Ronald W. Clark was completing his biography of Friedman, The Man Who Broke Purple. As he recounted in his introduction to the book, NSA began to show “nervous interest” in his manuscript when it learned that he made reference to Friedman’s 1957 and 1958 European trips: the agency, he said, expressed “serious concern” that details about these visits not be made public.24
Another two decades later the trail again resurfaced, this time following the arrest of a Crypto AG salesman, Hans Buehler, in Iran in 1992. Buehler was on his twenty-fifth visit to the country when he was thrown in jail, accused of being a spy for the United States and Germany, and held in solitary confinement and threatened with torture unless he admitted that Crypto AG was “a spy center.” After nine months, Iran released him on $1 million “bail.” The ransom was paid by his employer—which then promptly turned around and fired him and demanded he repay the full amount.
Incensed, Buehler went public with the accusation that the company had in fact inserted known weaknesses in the equipment it sold. The company then sued him for defamation. But just days before a Swiss judge was to begin hearing testimony, including from several former Crypto AG engineers who were prepared to testify that the company had indeed rigged its machines, it agreed to settle the case.
Two Baltimore Sun reporters subsequently interviewed the engineers Buehler had enlisted to testify, one of whom recounted Boris Hagelin’s admitting to having deliberately weakened the machines sold to Third World countries: “He said different countries need different levels of security.” Records of one meeting at the company in the 1970s, at which the design of a new model was being discussed, included on the list of attendees a woman whom the reporters were able to identify as a cryptologist employed by NSA at the time. According to one account, the back door in some of the later Crypto AG devices operated by surreptitiously inserting into the cipher text stream a key that disclosed—to those in the know—the setting of the machine used to encrypt the message.25
Planting ingeniously designed bugs or executing artful breakins of embassies to overcome the increasingly evident limitations of classical cryptanalytic attacks was one thing, but seeking to undermine the cipher security of commercial systems across the board was a much more dangerous game. Anything that made it easier for NSA to read traffic also made it easier for others to do the same, endangering the security of at least some commercial and government communications that the United States and its allies had an interest in protecting. And as Buehler’s fate underscored, involving private companies in such deceptions raised serious ethical concerns when their employees were unwittingly placed in compromising and even perilous situations.
Friedman’s own growing doubts about the ethics of such activities—and indeed about the entire field of signals intelligence, which he, more than anyone, had created—cast an ever-darkening shadow on his last years. He was in declining health, having been through several heart attacks and hospitalizations for severe depression, and his anger over NSA’s attempts to muzzle him with pettifogging security regulations and their ham-fisted seizure of dubiously classified materials from his home had by 1961 sent his relations with the agency “over the ‘brink of the precipice,’ ” he confided to a friend. (The agency would spend four decades after his death in 1969 trying to make up for its shoddy treatment, naming a building and auditorium after him at NSA headquarters, installing a bust of him at the agency museum with a plaque hailing him as “The Dean of American Cryptology,” and publishing his six lectures in cryptology, which it had previously removed from his home and reclassified.)
Some of Friedman’s bitterness was no doubt that of a man seeing his position as a pioneer displaced by a younger generation and new methods he no longer related to; he was scornful of computers and made sardonic comments about being an “old fogey” whom no one listened to anymore. But his worries about the deeper value to mankind of the arcane field he had devoted his life to were clearly thoughts that had been gestating for decades, not merely the irritated effusions of old age and illness. In 1962 he annoyed NSA again by giving a public presentation in which he had the “temerity” to mention cryptology, presenting a scholarly paper at a meeting of the American Philosophical Society about Shakespeare in which, as he put it, he committed the sin of mentioning “certain shady practices engaged in by the British Post Office from the early years of the Tudor Period.” Entitled “Shakespeare, Secret Intelligence, and Statecraft,” Friedman’s paper took as its point of departure a line from Henry V: “The King hath note of all that they intend / By interception that they dream not of.” Friedman since his retirement had made the study of Shakespeare a serious scholarly hobby, moving to Capitol Hill largely to be near the Folger Shakespeare Library and Library of Congress collections, and he had once in the early 1950s twitted the security rules at NSA by substituting a picture of Shakespeare for himself on his Top Secret access badge for several days. (None of the security guards noticed.)26
It did not require much of a leap of imagination to see that he was invoking the Bard of Avon as his alter ego in the meditative questions he posed at the end of the paper he presented to the learned society founded in Philadelphia by Benjamin Franklin twenty-two years before the birth of the country that, more than any other, had stood for the democratic ideal:
Did Shakespeare have any private views concerning the ethics of interception, the collection of secret intelligence, and its use in the conduct of public business? I wonder. Did he recognize that it is difficult to reconcile such activities with the democratic ideals of a free and open society that would prefer its government to conduct all its internal or domestic affairs openly, so far as possible, and also to conduct all its external or foreign affairs in the same manner? How far is open conduct of public affairs compatible with the national security of a democracy? I wonder what Shakespeare’s answers to questions such as these might be?27
It was evident what William Friedman thought, even if William Shakespeare’s views on the matter were ever unknowable.
—
Seven weeks after the U-2 shootdown a Thor-Able-Star rocket blasted into space from Florida’s Cape Canaveral in the early morning hours of June 22, 1960. A Washington Post story the next day quoted officials as saying that the “spectacular ‘double-header’ launching” of two satellites on a single vehicle was proof that America was “moving into space for real.”28 Three years after the launch of Sputnik the United States was still smarting from the humiliation of being beaten to space by the Soviets. Sputnik did little more than send out a stream of beeps for the few weeks its transmitter lasted before its batteries died, but the Soviets’ achievement had let loose an orgy of national agonizing over what had gone wrong with America: scientific leaders blamed the nation’s failure to invest in basic research and the national habit of deriding scientists as impractical egghea
ds while the Soviets treated their scientists as national heroes; critics of the educational system derided the lax standards of American high schools, the practice of allowing students to choose most of their own classes, and the glorification of sports over intellectual achievement; newspaper editorialists and politicians bemoaned the postwar loss of national purpose and a rising malaise of small-mindedness in a nation that had always thought big and prided itself on an ability to get things done.29
A string of embarrassing launch-pad explosions and failures only added to the anxiety that, even if the Soviets had not scored a genuine technological victory over the United States in the space race, they had scored a psychological victory on the stage of world opinion. Every launch from Cape Canaveral became an event of public importance that vastly outweighed the relatively minor purposes of the early small satellites, limited to low earth orbits, a short lifetime, and payloads of a couple of hundred pounds. So did their price tags: each Thor-Able-Star launch cost at least $3.5 million just to get off the ground.
The larger of the two satellites carried on the “double-header” launch in June 1960 was a naval navigation system, Transit II-A. The smaller, which was separated from its mate into orbit by a spring-activated pogo-stick-like device, was named GRAB, which stood for Galactic Radiation and Background. Its ostensible purpose was to study cosmic radiation from space for basic astronomical research. Its real purpose was something far more revolutionary, which would transform SIGINT operations as nothing else in the postwar era. The satellite, built by the Naval Research Laboratory, was the first attempt to take signals interception into space. Its highly secret mission was to collect radar signals from two Soviet air defense systems, code-named Gage and Token. An NRL engineer, Reid D. Mayo, had come up with the idea in March 1958 when, stranded in a snowstorm in a restaurant in Pennsylvania, he whiled away the time working out some calculations on the paper placemat to see if a radar detector he had developed for submarine periscopes could be packed into a twenty-inch Vanguard satellite and pick up Soviet air defense radars from the much more distant vantage of low earth orbit.30
Code Warriors Page 29
