March 3, 2021

The telephone contacts of president George W. Bush

Always wanted to know who are on the contact list of the President of the United States? In the George W. Bush Presidential Library one can see the telephone from the president's desk in the Oval Office with a clear view of all the speed dial buttons from the final years of the Bush presidency.

Here I will tell a bit more about this special telephone set, followed by a list and a short discussion of all the contacts behind the over 40 speed dial buttons. Finally, the phone used by president Bush is compared with the one from the first years of Barack Obama.

The IST-2 phone at the president's desk in the George W. Bush Presidential Library
(photo: Ron Plante - click to enlarge)

The George W. Bush Presidential Library

Like all US presidents since Herbert Hoover, president George W. Bush also established a presidential library which holds the papers, records, collections and other historical materials from his presidency. Several presidents have been buried on the grounds of their library, which will also happen after the death of George Bush and his wife Laura.

The George W. Bush Presidential Library and Museum was opened in April 2013 and is located on the campus of the Southern Methodist University (SMU) near Dallas, Texas. Like other presidential libraries, it includes an exact replica of the Oval Office in the White House. This allows visitors a close look at the paintings and the furniture and they may also sit behind a reproduction of the Resolute desk for a photograph.

Some visitors of the replicated Oval Office took a photo of the telephone on former president Bush' desk, probably not only because it's a quite impressive device, but also because it has all the names of the president's contacts on its many speed dial buttons.

A visitor tries the phone in the replica of the Oval Office
in the George W. Bush Presidential Library
(photo: instagram/t.ryanmartinez - click to enlarge)

The IST-2 telephone

What most visitors of the Bush Presidential Center won't know is that the phone is an Integrated Services Telephone version 2 (IST-2), which is a so-called "red phone". Unlike the popular image, such a red phone isn't used for the Hotline between Washington and Moscow, but for secure communications with military command centers through the Defense Red Switch Network (DRSN).

For this network there are large telephone consoles which can be used for both secure and non-secure calls. However, the encryption of classified calls isn't done by the phone, but by a separate network encryptor. The IST-2 was designed by defense contractor Raytheon and subsequently manufactured by Telecore Inc., a small company from Richardson, Texas, that took over the production of these telecommunication devices somewhere around 2003.

As part of a military telephone network, the IST-2 also has the distinctive 4 red buttons for the four levels of a system called Multilevel Precedence and Preemption (MLPP). This allows to make phone calls that get precedence over ones with a lower priority, with "Flash Override" to allow the President, the Secretary of Defense and the Joint Chiefs of Staff to preempt any other traffic in the network.

The speed dial buttons on Bush' Oval Office telephone

The IST-2 telephone on president Bush' desk in the Oval Office had 50 line buttons, with labels for the following contacts, grouped according to the colors of the labels:

• BOLTEN - Joshua B. Bolten, White House Chief of Staff from 2006 to 2009.
• FIELDING - Fred F. Fielding, White House Counsel from 2007 to 2009.
• GILLESPIE - Ed Gillespie, Counselor to the President from 2007 to 2009.
• HADLEY - Stephen J. Hadley, National Security Advisor from 2005 to 2009.
• GOTTESMAN - Blake L. Gottesman, Deputy Chief of Staff from 2008 to 2009.
• JACKSON - Barry S. Jackson, Senior Advisor to the President from 2007 to 2009.
• JEFFREY - James F. Jeffrey, Assistant to the President and Deputy National Security Advisor from 2007 to 2009.
• KAPLAN - Joel Kaplan, Deputy Chief of Staff from 2006 to 2009.
• LUTE - Douglas E. Lute, Assistant to the President and Deputy National Security Advisor for Iraq and Afghanistan from 2007 to 2013.
• MEYER - Daniel P. Meyer, Assistant to the President for Legislative Affairs from 2007 to 2009.
• PERINO - Dana M. Perino, White House Press Secretary, 2007 to 2009.
• THIESSEN - Marc A. Thiessen, Director of Speechwritng from 2008 to 2009.
• TUBB - Richard J. Tubb, Physician to the President from 2002 to 2009.
• WAINSTEIN - Kenneth L. Wainstein, Homeland Security Advisor from 2008 to 2009.
• YANES - Raul F. Yanes, Assistant to the President and Staff Secretary from 2006 to 2009.

• VICE PRESIDENT - Dick Cheney, Vice President of the United States from 2001 to 2009.
• Secretary Of STATE - Condoleezza Rice, Secretary of State from 2005 to 2009.
• Secretary Of DEFENSE - Robert M. Gates, Secretary of Defense from 2006 to 2011.
• DNI - Mike McConnell, Director of National Intelligence from 2007 to 2009.
• Director CIA - Michael V. Hayden, Director of the CIA from 2006 to 2009.

• VP HOME - The house of Vice President Cheney, the Naval Observatory in Washington.
• BOLTEN HOME - The house of Chief of Staff Joshua Bolten.
• HADLEY HOME - The house of National Security Advisor Stephen Hadley.
• RICE HOME - The house of Secretary of State Condoleezza Rice.
• GILLESPIE HOME - The house of Counselor Ed Gillespie.

• Situation Room - The Situation Room in the basement of the West Wing.
• HOS Conference - Head of State Conference call.
• SIGNAL OPERATOR - Operator at the Signal Switchboard for non-secure calls.
• Secure OPERATOR - Operator at the Signal Switchboard for secure calls.
• White House OPERATOR - Operator at the White House switchboard for unclassified calls.

• MRS BUSH - Laura Bush, wife of the president.
• 41 - George H. W. Bush, 41st president of the United States and father of the president.
• JWB - Jenna W. Bush, daughter of the president.
• BPB - Barbara P. Bush, daughter of the president.
• CRAWFORD - The Prairie Chapel Ranch of president Bush near Crawford, Texas.
• Secretary EVANS - Donald L. Evans, Secretary of Commerce from 2001-2005.

• ROBERT - ?
• JARED - Jared Weinstein, special assistant and personal aide from 2006 to 2009.
• SAM - ?
• KAREN - (Karen Hughes?)
• ASHLEY - (Ashley Kavanaugh?)
• USHERS - Stephen W. Rochon, Chief Usher of the White House from 2007 to 2011.

• LINE 1 - Outgoing or incoming phone line
• LINE 2 - Outgoing or incoming phone line
• LINE 3 - Outgoing or incoming phone line

President Bush' primary contacts

The names on these speed dial buttons give us some insights into the people president Bush was in contact with. In the first place, represented by the first two rows of buttons, this were West Wing staff members, like the Chief of Staff, his deputies, seniors advisors and assistants. In the third row we see the press secretary and the president's speechwriter as well as the Physician to the President.

The buttons of the fourth row show that president Bush had direct lines only to the Secretary of State and the Secretary of Defense. The same group includes buttons for the Director of National Intelligence (DNI) and the director of the Central Intelligence Agency (CIA), despite the fact that in 2005, the newly created DNI replaced the director of the CIA as a Cabinet member.

George W. Bush using the IST-2 telephone for calling the
British prime minister Gordon Brown, October 7, 2008
(White House photo by Eric Draper - click to enlarge)

The next five speed dial buttons show which people president Bush could call directly even when they were at home: Vice President Cheney, Chief of Staff Bolten, National Security Advisor Hadley, Secretary of State Condoleezza Rice and Counselor Ed Gillespie.

After these first five rows, there's one row in which the buttons are blank - apparently there were no more people who president Bush needed to call directly (unlike Obama, who used all 50 buttons - see below).

The lower half of the speed dial buttons were used for mixed sets of contacts:

Five buttons positioned in an L-shape connected the President to the various communication centers of the White House: first the famous Situation Room in the basement of the West Wing, which is not only a conference room, but also includes a watch center that is operational 24/7.

Another button was labeled "HOS Conference" which means it was used to conduct phone calls to foreign Heads Of State (HOS). These are conference calls because translators, advisers and staffers from the National Security Council (NSC) listen in to translate and take notes of the content of such conversations.

Aides listening in to a phone call by president Obama, March 29, 2009.
(White House photo by Pete Souza - click to enlarge)

The next three speed dial buttons are for switchboard operators, who can connect the President to anyone who cannot be reached through one of the direct line buttons on the Oval Office phone:
First there's the so-called Signal switchboard operated by military personnel of the White House Communications Agency (WHCA). The phone buttons show that this switchboard has an operator for non-secure calls and one for secure communications.

A third button is for the operator of the White House Switchboard, which manages the internal telephone system of the White House which is used for internal and external unclassified phone calls.

Another group of buttons is for family members of president Bush: his wife Laura, his father ("41"), and his daughters Jenna and Barbara, as well as Bush' ranch in Crawford, Texas. Interesting is the button for Donald L. Evans who seems to be included here not because of his job as Secretary of Commerce from 2001-2005, but because of his longtime friendship with Bush.

This brings us to the final group of buttons, with labels that only mention first names, probably of Bush' more personal advisors. One of them was Jared Weinstein, his special assistant and personal aide, but it's less clear who the other four (Robert, Sam, Karen, Ashley) were. When readers of this blog post think they can identify them, please leave a comment.

A final speed dial button is for the ushers of the White House, led by the Chief Usher, who is the general manager of the building and oversees the butlers, maids, housekeepers, chefs, cooks, doormen, and many others.

The IST-2 telephone under Obama

In January 2009, the office of President of the United States was taken over by Barack Obama. On his desk in the Oval Office he found an IST-2 telephone like the one used by his predecessor, but now of course with labels for all the new staff members, cabinet secretaries and other people who Obama liked to call.

The IST-2 telephone on Obama's desk, March 29, 2009
(White House photo by Pete Souza)

Another difference with the IST-2 used by president Bush was that the speed dial buttons on Obama's phone had a different color scheme: while under Bush there was a different color for each type of contacts, under Obama the buttons were only yellow or green. The arrangement, however, was roughly the same, as can be recognized by the three line buttons, which were pink under Bush and white under Obama.

Comparing the other buttons indicate that the colors on Obama's IST-2 represent the classification level: green for Unclassified and yellow for Top Secret/SCI. This is confirmed by the three buttons above the white line buttons: Signal Operator: green; Secure Operator: yellow; White House Operator: green. It shows that most of the president's contacts could be reached via a secure line, likely not much different than under Bush.

The IST-2 phone on Obama's desk, March 24, 2009 - photo turned for comparison
(photo: Brooks Kraft LLC/Corbis via Getty Images - click to enlarge)

Although it was certainly useful to have just one telephone for both secure and non-secure calls, the IST-2 was probably found a bit too military looking for Obama. Maybe the speed dial buttons also attracted a bit too much attention, so a custom cover plate was made in order to prevent visitors from seeing who the president's primary phone contacts were:

Obama's IST-2 telephone with cover plate, August 31, 2010.
(photo: J. Scott Applewhite/AP - click to enlarge)

In the Spring of 2011, the IST-2 on Obama's desk was eventually replaced by two more common, commercially available phone sets: a black Avaya/Lucent 8520T that had been part of the internal White House telephone network already since 1996, and a Cisco 7975G Unified IP Phone for the new Executive Voice over Secure IP-network which is used for Top Secret phone calls.

Links and sources
- Weblog: About The White House Communications Agency from 1965 to 1974... and Beyond
- Jerry Proc: Hotline Telephones - Making Sense of the Colours and their Use (2018)
- Cryptome: Obama Phones (2012)

January 26, 2021

The phones in president Biden's Oval Office

(Updated: February 21, 2021)

On January 20, Joseph R. Biden Jr. was inaugurated as the 46th president of the United States. As such he has access to the presidential communications system, including secure and non-secure telephone lines.

Here, I will discuss a small and unnoticed change in the telephones on the desk of the new president, as well as what happened to the call device that became known as Trump's "Diet Coke Button".

President Joe Biden in the Oval Office, January 20, 2021.
(click to enlarge)

The telephones on Biden's desk

Already on his first day as president, Biden went to the Oval Office of the White House to sign a range of executive orders.

By then, this famous room had already been redecorated with new paintings, busts and photographs, while Trump's beige rug had been replaced by the deep blue one from Bill Clinton's Oval Office. The flags of the five branches of the US Armed Forces have also been removed.

A close look at the photos shows that there was also a small change in the telephone equipment. On Biden's presidential desk there are now two identical phone sets, which can be identified as the high-end Cisco IP 8851 Phone:

Both phones are not the standard commercially available model, however, as they have been modified by a small communications security company called Advanced Programs, Inc. (API). This can be recognized by the dark gray metal box at the back side of the phone's color display and an additional red button on the front panel of the phone:

The purpose of these modifications is to provide on-hook security for the handset and the speakerphone and probably also for TEMPEST protection - to make sure that the phone cannot, either accidentally or deliberately, pick up and transmit audio when the handset is on-hook.

Comparing the two phones on Biden's desk with the ones used by president Trump, we see that under Trump only one of the Cisco 8851 IP phones had the aforementioned modifications. The other phone was the standard model:

Former president Donald Trump in the Oval Office, December 3, 2020.
(photo: Doug Mills/The New York Times - click to enlarge)

Unclassified phone calls

The modified Cisco 8851 IP phone was placed on the president's desk by the end of 2016, replacing an old Avaya/Lucent 8520T of the internal White House telephone network which is used for all kinds of unclassified phone calls.

This telephone connects to the regular White House switchboard in the basement of the Eisenhower Executive Office Building, where operators can set up calls to whoever the president wants to speak with.

Classified phone calls

The standard, unmodified Cisco 8851 IP phone on Trump's desk was part of the highly secure Executive Voice over Secure IP-network connecting the president to all major decision makers, like the secretaries of State, Defense and Homeland Security, as well as the Director of National Intelligence and various intelligence agency headquarters and watch centers.

This telephone replaced an old Cisco 7975 IP phone in September 2017 and connects to the so-called Signal switchboard of the White House Communications Agency (WHCA). The WHCA is a joint military unit that provides the president with secure and non-secure communications in Washington as well as during presidential travels. The Signal board also connects to the White House Situation Room.

Despite being used for classified conversations, the Cisco 8851 IP phone for secure calls wasn't equipped with the additional security features like the non-secure telephone - probably because secure calls travel over a separate, encrypted network, which mitigates the risk that adversaries can abuse the phone's microphones for eavesdropping.

But now, under president Biden, the phone for secure calls also has the modifications for on-hook security. Maybe this was considered safer, or maybe it's just to make both phone sets look the same, so outsiders cannot see whether the president is making a classified or an unclassified phone call based upon which telephone he is using.

Usually, the phones for the secure top-level telephone network can be recognized by a bright yellow faceplate, as can be seen at the modified Cisco IP phone that is used when the president is outside the White House, for example.

Yellow is the color code for the highest classification category: Top Secret/SCI, but in the Oval Office this would probably stand out too much, so here this phone just has the presidential seal in the bottom left corner of the black display section:

Close-up of the presidential seal on a Cisco 8851 IP phone

Update #1:

Around the first of February 2021, there was another small change in the phone on Biden's desk in the Oval Office: as can be seen in the picture below, the Cisco IP phone on the left, probably the one for unclassified conversations, now has an Key Expansion Module attached to it, which provides 14 additional programmable direct line buttons.

President Biden's desk in the Oval Office. One of the Cisco 8851 IP phones
having an additional Key Expansion Module, February 2, 2021
(photo: AFP via Getty Images - click to enlarge)

Under Obama, the old Cisco 7975 IP Phone for secure calls had a similar expansion module, but under president Trump that module was removed. Apparently he saw no need for having the extra direct line buttons, probably because he could always make calls via the White House switchboard operator, but it also symbolized that there was only a very small group of people he was in contact with.

Update #2:

On February 18, 2021, the White House released a photo in which we see president Biden in the office of his secretary, just outside the Oval Office. On the desk in front of him are the same modified Cisco 8851 IP phone sets as on his own desk, although here, both have an additional Key Expansion Module.

In the Oval Office, the phones have brown network cables to blend in with the furniture, but in the secretary's office the cables are color-coded: green for the Unclassified network and yellow for the Top Secret/SCI telephone network:

President Biden watches the landing of NASA's Perseverance vehicle on Mars
(White House photo, February 18, 2021 - click to enlarge)

The president's call button

While the small change in phones wasn't noticed, there was quite some media attention for something that appeared missing on the desk of president Biden: the wooden box with the presidential seal and a red push-button, which became known as Trump's "Diet Coke Button".

The removal of this box was just temporarily though, because meanwhile it has been placed back on the president's desk, as can be seen in this photo from January 25:

President Joe Biden at his desk in the Oval Office, January 25, 2021
(click to enlarge)

Trump's "Diet Coke Button"

There are a lot of stories about how president Trump used the button. Former White House communications aide Cliff Sims, for example, wrote in his 2019 book Team of Vipers that Trump would prank visitors by hitting the button and suggesting it was related to the country’s nuclear weapons arsenal.

"Out of nowhere, he'd suddenly press the button," Sims wrote. "Not sure what to do, guests would look at one another with raised eyebrows" he added. "Moments later, a steward would enter the room carrying a glass filled with Diet Coke on a silver platter, and Trump would burst out laughing."

On Twitter, Times Radio political commentator Newton Dunn recalled a similar situation: "When Tim Shipman and I interviewed Donald Trump in 2019, we became fascinated by what the little red button did. Eventually Trump pressed it, and a butler swiftly brought in a Diet Coke on a silver platter."

Trump's glass of Diet Coke in front of the Cisco 8851 IP phone for secure calls
(photo: Jonathan Ernst/Reuters - click to enlarge)

Earlier usage of the call button

The box with the call button is in the Oval Office already since the presidency of Bill Clinton and it's not only on the president's desk, but also on a side table in the seating area and in the small presidential dining room nearby the Oval Office.

The button has nothing to do with nuclear command and control, but can be used by the president to summon assistance. According to earlier sources, it was meant to alert the Secret Service, while others say that pushing the button makes an aide come in for whatever the president may need.

In his autobiography Finding My Virginity from 2017, billionaire Richard Branson recalled what president Obama once said during a lunch in the Oval Office: "As we stood up to leave I noticed the red buttons on his desk. Obama saw me looking at them," Branson wrote. "He said, 'They used to be there for emergencies, but now I use them for ordering tea for my guests.' "

President George W. Bush in the small dining room near the Oval Office
On the table is the wooden box with the call button
(click to enlarge)

Links & sources

- Homepage of the White House Communications Agency
- Politico: Trump hid his calls with Putin. Now, Biden has access to them. (2021)
- Secrecy News: Biden Issues National Security Directive 1 (2021)
- Phone calls with Trump: more risky venture than diplomatic boon (2019)
- Richard Branson Reveals the Real Purpose for Barack Obama's Oval Office Red Button (2017)
- The Week: Who answers the White House phone, anyway? (2010)
- The New York Times: Whitehouse; A Switchboard That is Justly Fabled (1983)

December 30, 2020

The report of a Swiss investigation into the case of Crypto AG

Last month, the Swiss parliamentary intelligence oversight committee published a report about its investigation into the case of Crypto AG, the former Swiss manufacturer of encryption systems that was secretly owned by the CIA and the German BND.

The committee found that the Swiss foreign intelligence service knew about this covert ownership since 1993 and used its knowledge to decrypt foreign communications, but failed to inform the responsible minister about the case.

Here I will provide a translation of the summary of this report as well as some interesting additional details from the rest of the committee's report about Crypto AG in relation to the Swiss government.

Summary of the Crypto AG report

The Swiss parliamentary audit committee for national security and the intelligence services (German: Geschäftsprüfungsdelegation or GPDel) started its investigation on February 13, 2020 and published its 64-page report about the Crypto AG case on November 10, in a French (pdf) and a German (pdf) version.

Below is a translation of the summary of this report, made from the German version by using Google Translate with the necessary manual corrections. I added some links and additional details in square brackets, as well as subheadings in bold italics for easier navigation of the text.

The case of Crypto AG
Report of the audit committee of the Federal Assembly

from November 2, 2020

The essentials in brief

Since the Fall of 1993, the Strategic Intelligence Service (German: Strategischer Nachrichtendienst or SND) managed to get reliable information about Crypto AG. It learned that the company was owned by foreign intelligence agencies and exported "weak" devices, the encryption of which could be broken with a realistic effort.

In order to be able to break the encryption of such devices itself, the SND began to gather technical information about their encryption methods and customer lists. Later, when the SND had become a civilian office, it managed to get enduring access to this knowledge with the consent of the American intelligence agencies.

Legal situation

From a legal point of view, the parliamentary audit committee (GPDel) therefore sees it as an intelligence cooperation, like in the past it was provided in the military law and today in the Intelligence Service Act (Nachrichtendienstgesetz or NDG). From the fact that the SND and the American agencies acted by mutual agreement, it follows that the Swiss authorities share responsibility for the activities of Crypto AG.

It was legally allowed that the SND and a foreign intelligence agency used a company in Switzerland to gather information about foreign countries. Given the big political implications of this cooperation, however, the GPDel considers it wrong that except for the current head of the Federal Department of Defence, Civil Protection and Sport (VBS) none of her predecessors were informed about this operation.

The east wing of the Federal Palace (Bundeshaus) in Bern, Switzerland,
home of the Federal Department of Defence, Civil Protection and Sport (VBS)
(photo: Mike Lehmann/Wikimedia Commons - click to enlarge)

Police investigation

In addition, the SND's findings on Crypto AG during the Bühler affair, which was investigated by the federal police (Bundespolizei or BuPo) in 1994 and 1995, should not have been withheld from the political leadership. The head of the federal military department (EMD) at the time did not learn the truth about Crypo AG via other ways either, as he explained to the GPDel.

The GPDel also did not found any evidence that the government unduly influenced the investigations by the BuPo. Rather, the head of the Federal Department of Justice and Police (EJPD) made an effort to clarify the ownership of the company. Ultimately, however, the BuPo had to stop its investigations without being able to answer this question.

In 1994, the GPDel was informed repeatedly about the ongoing investigations of the BuPo. Just like the military and political superiors of the SND, the GPDel did not learn anything from the foreign intelligence service related to Crypto AG. The company was never subject of the information provided by the Defense Department (VBS) when the overall supervisor specifically dealt with the topic of cryptology in 2007 and 2009.

Storage and destruction of documents related to Crypto AG

Especially valuable for the inspection of the GPDel were the operational files of the SND and the BuPo, which the federal intelligence service (Nachrichtendienst des Bundes or NDB) stored in a converted K-Anlage [Kriegsanlage, a well-hidden former command bunker of the Swiss army near Bern]. Their archiving in accordance with the applicable regulations is still pending. Due to the archiving practice of the intelligence services, however, there is no guarantee that all important documents are still available.

The destruction of such records was in part allowed by law and regulations, but in some cases it contradicted them. Between 2011 and 2014, the NDB destroyed documents from their correspondence with foreign partner services, instead of storing them internally as prescribed. Its inspection showed the GPDel that the destruction of files by the intelligence service is not an effective method for source protection. Rather, there is a risk that former sources can be compromised when authorities don't have the proper information.

Foreign espionage under the guise of a Swiss company

Companies and organizations that operate on Swiss soil benefit from Switzerland's image as a neutral state. Accordingly, foreign intelligence services may have an interest to operate under the guise of a Swiss company to the detriment of other countries.

Under certain circumstances, such a company can be guilty of the criminal offense of forbidden intelligence service against foreign states. However, such an operation is permissible under applicable law when a foreign agency uses such a company together with the NDB to collect information about foreign countries (cf. Art. 34 Para. 2 NDG).

In the view of the GPDel, planning such an operation should include a political assessment of the possible consequences for Switzerland, as well as for any affected employees of the company. The Federal Council (Bundesrat) should therefore clarify in principle how much room for maneuver it wants to grant the Defense Department (VBS) in this regard.

Not enough attention for the supply of secure encryption devices

The case of Crypto AG shows that companies under the influence of foreign intelligence services can produce devices with “weak” encryption methods. However, the GPDel assumes that Crypto AG has never supplied the “weak” encryption equipment to the Swiss authorities. Important in this case was that the Swiss authorities were able to inspect the security of the purchased devices or even influence their design. However, this is only possible with suppliers who develop and manufacture their devices in Switzerland.

For security reasons, it is not responsible for the federal government to purchase encryption solutions from foreign suppliers. Right from the start, the Federal Council did not pay the necessary attention to the role that domestic suppliers play in ensuring the availability of secure encryption technology for the Swiss authorities. As the responsible department, the Defense Department (VBS) didn't analyze the risks for a reliable supply in time and informed the Federal Council about this matter.

Access to Crypto AG at the management of the intelligence services

The information access to the Crypto AG was a well-kept secret at the management level of the SND. But when the Federal Intelligence and Security Service (NDB) was created [in 2010], this knowledge remained hidden for its first director. When confronted with this a few years later, he refused to take his responsibility.

It was only in the summer of 2019 that the current director commissioned a position paper for this case, although he was not informed by his predecessor and it was still before the NDB learned from the research of the media about Crypto AG. However, he did not use this informational advantage to uncover the relations between Crypto AG, the NDB's predecessors and the American intelligence agencies. Instead of clarifying the legal situation and recognizing the political implications, the NDB downplayed the relevance of the Crypto AG case for the current organisation.

The Defense Department (VBS), which already informed the Federal Council and the GPDel in November 2019, did not succeed in identifying the need for political action. The interdepartmental working group, which the VBS also set up, was not able to support the political leadership because of the reluctance of the NDB to provide information for the looming intelligence affair.

In its application for the Federal Council meeting on December 20, 2019, the Defense Department asserted that the level of information was insufficient for a substantive discussion about the case of Crypto AG. After finding the files in the K-Anlage, about which the Defense Department had informed the Federal Council, this finding was no longer valid.

Since the NDB had not evaluated the extensive files before the Federal Council meeting, the Council decided to establish an external committee of experts to clarify the apparently purely historical questions. With this, the Federal Council gave the strategic leadership for dealing with the Crypto AG case of the hand from the start.

Ending the parallel investigation by judge Oberholzer

When the GPDel opened its inspection on February 13, 2020, former federal judge [Niklaus] Oberholzer had been active as an external expert on behalf of the Federal Council for a month, but without having access to the files from the K-Anlage. After the GPDel had requested all relevant files from the NDB, it recognized that the Crypto AG case went beyond pure history and was of current importance. This proved the approach of the defense department, to examine the historical and current aspects of the case separately, as not very effective.

Given the various parallel investigations, the GPDel considered it necessary to discuss the unresolved coordination issues with the head of the Defense Department before the work was continued. However, when the Defense Department expanded the scope of the Oberholzer investigation before to the meeting agreed with the GPDel, the GPDel revoked its authorization to the Federal Council to commission Mr Oberholzer on February 21, 2020. As an investigative officer for the GPDel, he then reported on the intelligence-related aspects of the Crypto AG case in a secret report for the GPDel.

On February 25, 2020, the GPDel discussed its revocation of the authorization with the head of the Defense Department. The subsequent written exchange with the Federal Council led to a meeting with the federal president and the head of the Defense Department on May 25, 2020, where the GPDel provided information about the most important facts about the role of the intelligence services in the case of Crypto AG. In a classified letter this information was also brought to the attention of the Federal Council.

Former headquarters of Crypto AG in Steinhausen, Switzerland
(photo: Keystone - click to enlarge)

Suspension of the export licenses for Crypto AG's successors

After the meeting of the Federal Council on December 20, 2019, the Federal Department of Economic Affairs, Education and Research (WBF) decided to suspend the general export licenses for the successor companies of Crypto AG [Crypto International AG and TCG Legacy AG]. The goal was apparently to avoid unfavorable media coverage for the WBF.

From the point of view of the GPDel, however, the suspension of these licenses was neither materially nor legally justified, just like the way the State Secretariat for Economic Affairs (SECO) delayed matters related to those companies. Individual export applications could still be submitted though.

There were also no legal arguments against their issuance, as the export control group rightly recognized on March 4, 2020. However, due to the position of the Federal Department of Foreign Affairs (EDA), it was decided in May 2020 to submit all applications to the Federal Council for decision.

Filing a criminal complaint against Crypto AG

On February 25, 2020, the SECO, with the support of the WBF, filed a criminal complaint at the federal prosecutor's office. Because of the first media coverage, the SECO suspected that by exporting "weaker" encryption technology before 2018, Crypto AG had violated individual declaration obligations from the export control law (Güterkontrollrecht).

Without further scrutiny, the WBF took over the argument of the SECO according to which there was a legal obligation to file a complaint. However, in an opinion at the request of the SECO, the federal prosecutor had advised against filing a criminal complaint; the SECO did not discussed the matter with other federal agencies.

From the point of view of the GPDel, the criminal complaint was based on an insufficient assessment of the facts and an inadequate legal reasoning. Since the complaint was apparently made for political reasons, it should have been submitted by the Department of Economic Affairs (WBF) instead of by the SECO.

Authorization to prosecute Crypto AG

On March 13, 2020, the federal prosecutor asked the Justice and Police Department (EJPD) for the authorization to prosecute the violations of the export control law as reported by he SECO. Three months later, the EJPD submitted the prosecutor's application for decision to the Federal Council. Before that, the EJPD had a discussion about it with the GPDel on May 25, 2020.

The WBF for its part, requested the Federal Council on June 10, 2020 to approve all pending export applications, this although it had supported SECO's criminal complaint. After the Federal Council had postponed the issue by a week, the WBF requested to suspend the decision until the prosecutor's investigation had been finished. The Federal Council followed this proposal on June 19, 2020 and on the same day it granted the authorization to the federal prosecutor.

Violation of good faith and of the separation of powers

The GPDel recognizes the coherence between the decisions of the Federal Council regarding the authorization application by the federal prosecutor and the individual export applications from the successor companies of Crypto AG. With their indefinite postponement, however, the Federal Council may have violated the principle of good faith, because in principle every Swiss company can expect an authorization of its exports, unless there are legal arguments against it.

The export control law was also not a suitable means of approaching the Crypto AG case, while the criminal complaint was obviously an attempt to get rid of political responsibility by letting the justice system tackle the Crypto AG case. With this, the Federal Council ultimately linked the criminal case with the ongoing investigation of the GPDel, which was problematic given the separation of powers.

The Swiss foreign intelligence service

Initially, the Swiss foreign intelligence service (German: Strategischer Nachrichtendienst or SND) was part of the Untergruppe Nachrichtendienst (UG ND), which reported to the general staff of the Swiss army. In 2001, it was removed from the military hierarchy and turned into a civilian office, but still under the responsibility of the head of the Defense Department.

On January 1, 2010, the SND was merged with the domestic security service (Dienst für Analyse und Prävention or DAP) into the current federal intelligence and security service (Nachrichtendienst des Bundes or NDB), which is also responsible for signals intelligence.

Known divisions of the NDB are:
- NDBA for Auswertung (Analysis)
- NDBB for Beschaffung (Acquisition)
   - NDBB-A for Beschaffung Ausland (Foreign Acquisition)
   - NDBB-I for Beschaffung Inland (Domestic Acquisition)
- NDBS for Steuerung und Lage (Coordination)
- NDBU for Unterstützung (Support)

Headquarters of the Nachrichtendienst des Bundes (NDB) in Bern, Switzerland
(photo: Samuel Schalch - click to enlarge)

More details from the Crypto AG report

Besides the general conclusions as translated above, the GPDel report about the Crypto AG case also contains some more detailed information that is worth to be translated:

The MIVERVA report

The NDB provided the parliamentary audit committee (GPDel) with a copy of the internal CIA report about Crypto AG. This report is titled "MINERVA - A History" and describes how since the 1950s, US intelligence agencies cooperated with the Swedish owner of Crypto AG and was taken over by CIA and BND in 1970. The report includes the withdrawel of the Germans from the operation in 1993 and ends in 1995. The MINERVA report was written after the year 2000 with input from representatives of the BND.

It seems that around 2005, the Germans were provided a copy of the report and prepared additional assessments. This version of the American report, together with German documents, came in the hands of the press, which in February 2020 published about certain sections of the report. The full MINERVA report of almost 100 pages has not yet been released.

The GPDel analyzed the MINERVA report and additional information from the NDB confirmed the authenticity of the document. Regarding the situation in Switzerland, the report is not always accurate and contains small mistakes. Apparently the American authors were not very familiar with Switzerland and its government. (p. 9-10)

Acquiring and using information about weakened algorithms

Since the autumn of 1993, the SND got informed about the fact that Crypto AG was owned by American and German intelligence services and that the company built encryption devices with weaker algorithms. The SND aimed at breaking the encryption of these weakened devices themselves and gathered technical information about the encryption methods of the exported Crypto AG devices. This knowledge could also be used to identify weak encryption methods used in devices bought by Swiss customers. (p. 20)

This search for information about the weak algorithms continued after the SND became a civilian office in 2001 and was only successful because American intelligence agreed that Switzerland got the necessary information but only as far as necessary. (p. 20)

It should be noted that the Swiss intelligence service was not a member of the secretive Maximator alliance, in which the signals intelligence agencies of Denmark, Sweden, Germany, the Netherlands and France cooperated since 1976. Part of this cooperation was breaking the codes of diplomatic communications, for which the alliance members exchanged the algorithms used in the deliberately weakened encryption devices made by Crypto AG.

In order to actually use its knowledge about the weakened encryption methods for national security interests, the SND also had to gain access to encrypted communications. Interception of radio communications was conducted by a unit of the Swiss army (Führungsunterstützungsbasis der Armee or FUB).

After modernizing systems to intercept short wave (high frequency) radio communications, Switzerland started to set up a system to intercept satellite links, which is codenamed Onyx and became fully operational in 2006. The decryption capabilities were integrated in the interception process managed by the SND. (p. 20)

The Onyx satellite intercept station in Leuk, Switzerland
(photo: Martin Steiger/Wikimedia Commons - click to enlarge)

Knowledge about Crypto AG at the SND and the NDB

At the SND the information about Crypto AG was a closely held secret. Only the head of the SND (Fred Schreier) and his successors (Hans Wegmüller and Paul Zinniker) and no more than two other employees of the SND knew about it. The director of the newly created NDB, Markus Seiler, was (orally) informed about the existence of weak Crypto AG devices when he assumed office in 2010. (p. 21)

Only during his last year in office, 2017, Seiler was also informed about what made his organization able to decrypt the weak algorithms, but he declined to accept a note about further options. Vice-director Paul Zinniker supported him in not taking further actions. The former heads of the Swiss Defense Department (VBS) were not informed about the fact that Crypto AG was under control of American intelligence and that Swiss intelligence was using its knowledge about the weak algorithms. (p. 21)

In the spring of 2019, the current director of the NDB, Jean-Philippe Gaudin, got basically the same information about Crypto AG as his predecessor two years earlier. But this time, Gaudin requested a detailed presentation and demanded a written position paper. On August 19, 2019, Gaudin also informed the head of the Defense Department (p. 21)

Mid-October 2019, the NDB was provided with a copy of the MINERVA report and its director was informed about its contents. As of the end of October there was an increase in the communications between the NDB, the American and other foreign intelligence services, also in order to anticipate the media coverage about the MINERVA report. (p. 22)

Awareness about weaknesses in encryption devices

In 2007, the GPDel was briefed about how the SND's decryption capabilities are integrated in the process of intercepting foreign communications. A fact sheet showed that many manufacturers of encryption devices built in weaknesses for some of their customers. Behind this practice were the intelligence agencies of the United States and some of its allies. However, other states with the proper capabilities, like Switzerland, could also benefit from this. (p. 23)

According to the GPDel, the knowledge about the weakened Crypto AG devices provided useful intelligence for Switzerland as it could be used to decrypt the communications from foreign targets and exchange information with foreign intelligence services, which also strengthed the position of Switzerland. However, it should also be noticed that encryption methods and access to relevant communications are changing continously and know-how can rapidly loose its value. (p. 27)

The GPDel found that it was possible to identify weaknesses in various types of encryption devices used by Swiss institutions and to repair the deficiencies. This shows how important it is to have good insights on domestic manufacturers and influence the quality of their products. (p. 27) The GPDel was assured that all inspections made clear that Crypto AG never provided weak encryption devices to Swiss government agencies - unlike another company. (p. 31)

A second Swiss company selling weakened encryption devices

From hand-written notes from the head of the Defense Department, the GPDel learned that the security of encryption devices used by federal agencies had regularly been a talking point between the director of the SND and the head of the Defense Department. Somewhere between 2002 and 2008 it became clear that a Swiss manufacturer (not being Crypto AG) had sold unsecure equipment to the federal government and two large corporations. After learning about this, the Defense Department took measures to close the hole. (p. 28)

In November 2020, the Swiss broadcaster SRF revealed that this other Swiss company was Omnisec AG, which was founded in 1987 and dissolved in 2018. According to SRF, Omnisec had sold less secure encryption devices from their 500-series to Swiss federal agencies and even to the secret services SND and DAP. These weakened devices were also sold to at least two private companies, including the UBS bank - around the time when the US pressed Swiss banks to lift their banking secrecy.

Former headquarters of Omnisec AG in Dällikon, Switzerland
(photo: ZVG - click to enlarge)

Links & sources

- Second Swiss firm allegedly sold encrypted spying devices (Nov. 26, 2020)
- Professor Maurer und die NSA (Nov. 26, 2020)
- Geheimdienstaffäre, Corona im Milieu, Boni trotz Pandemie (Nov. 25, 2020)
- Res Strehle, Operation Crypto. Die Schweiz im Dienst von CIA und BND, Echtzeit Verlag, Juli 2020.
- Operation RUBICON - The secret purchase of Crypto AG by BND and CIA

November 30, 2020

The NSA tried to spy on Danish and other European targets via cable tapping in Denmark

(Updated: December 2, 2020)

According to new revelations by the Danish broadcaster DR, the NSA tried to use its collaboration with the Danish military intelligence service FE to spy on targets in some other European countries and even on targets in Denmark itself.

Here, the new information about Denmark is compared with Germany, where similar accusations were raised in 2015 when it came out the the NSA provided the BND with thousands of selectors related to German and European targets.

New revelations from Denmark

The latest details about the cooperation between the NSA and the FE were published by the Danish broadcaster DR on November 15. This information comes from several independent sources with insight into internal reports from the FE.

In these reports, the FE management was warned about possible illegalities in the cable tapping operation that the Danish military intelligence service FE conducted in cooperation with the NSA.

An IT specialist from the FE, who blew the whistle on these issues and informed the Danish intelligence oversight board in November 2019, prepared or was involved in preparing at least two of these internal reports, according to DR News.

These two reports, one from 2012 and another one from 2015, contain an analysis of the phone numbers and e-mail addresses (also known as selectors) that the NSA sent to the FE in order to collect information from the cable tap.

Spying on Danish targets (2012)

According to DR News, the analysis of the selectors from 2012 revealed that the NSA used or had used the cooperation with the FE to spy on Danish targets, including the Ministry of Foreign Affairs and the Ministry of Finance, as well as the defense company Terma. This was discovered by an FE employee, who informed his bosses.

Sources of DR News said that the NSA entered keywords into the XKEYSCORE system that show they searched for e-mail addresses and phone numbers belonging to specific employees at Terma.

It's suspected that the Americans wanted information about Denmark's purchase of new fighter jets to replace the F-16. The Danish government eventually choose the American F-35 Joint Strike Fighter, for which Terma supplies components.

The factory of Terma Aerostructures in Grenaa where parts
for the F-35 fighter jets are produced (photo: Terma)

The revelation that the NSA was trying to spy on Danish targets is quite explosive, not only because it violates the agreement between the US and Denmark, which says that "the USA does not use the system against Danish citizens and companies", but also because it would be illegal for the FE to allow foreign espionage against Danish targets.

Protective filter system

Precisely to prevent that, the FE had installed a filter system to ensure that data from Danish citizens and companies is sorted out and not made searchable by XKEYSCORE, as DR News had reported on September 24.

A source of the Danish newspaper Berlingske explained that during the joint cable tapping operation, the NSA provided the FE with a series of selectors related to targets of their interest. These selectors were reviewed by the FE to make sure that they were not related to Danes and then entered into the system that filters the traffic from the backbone cable.

According to Berlingske, the searches on behalf of the NSA resulted in quite large data streams which were then, this time without further control by the FE, passed on to the Americans.

These press reports seem not really in accordance with each other though:

- The latest DR News report suggests that the NSA entered its selectors directly into XKEYSCORE (which is also able to perform the actual "front-end filtering") without mentioning the filter to protect Danes.

- The earlier press reports, however, say that the protective filter system either sorts out Danish data before they can be searched, or that it blocks selectors related to Danish targets before they become active in the actual collection system.

This is of some importance, because if the protective filter worked as described and intented, the NSA's selectors for Danish targets would not have resulted in actual intercepts - or just a very few, given that these kind of filters have no 100% accuracy.

As the NSA knew about this protective filter system, they may have simply relied on the FE to block anything that would not be in accordance with the Memorandum of Agreement, even though that seems not the way it should have been.

The Sandagergård complex of the FE on the island of Amager,
where a data center was built specifically to store data
from the joint NSA-FE cable tapping operation.
(Click to enlarge)

Spying on European targets (2015)

In 2015, another internal FE analysis of selectors showed that the NSA at that time used the cable tapping system to spy on targets in some other European countries, including Denmark's closest neighbours: Sweden, Norway, the Netherlands, Germany and France, according to DR News.

Sources told the Danish broadcaster that the NSA apparently also searched for information about the pan-European Eurofighter and the Swedish fighter plane Saab Gripen. Both were in the race to become Denmark's new fighter aircraft, which was decided around the time that this spying happened.

Unlike the first report, the second one was prepared some two years after the start of the Snowden revelations and in the same year as the German "Selector Affair" (see below). Both events may have been an incentive for the FE to investigate whether the NSA was also using their collaboration to spy on other European countries.

We can assume that the FE has no filter system to prevent collection against other European countries, which means the NSA selectors related to European targets had likely been active in the collection system and may have resulted in an unknown number of intercepted communications.

Spying on foreign governments is usually considered fair game and this was probably also not prohibited by the agreement between the NSA and the FE. Nonetheless would it be an embarrassment for Denmark when it would turn out that the NSA used its partnership with the FE for spying on other European countries.

Comparison with Germany

The new information about the cooperation between the NSA and the Danish FE can be compared with the things we know about a similar cooperation between the NSA and the German foreign intelligence service BND, which included at least two joint operations:

- Eikonal: tapping cables of Deutsche Telekom in Frankfurt (2004-2008)
- Bad Aibling: satellite interception at the Bad Aibling Station (2004-2013)

For the cooperation at Bad Aibling, the NSA provided the BND with a total of roughly 690.000 phone numbers and 7,8 million internet identifiers, which is an average of about 165 phone numbers and 1900 internet identifiers each day (the actual number of targets is significantly lower because each e-mail address can have some 8 different permutations).

In 2015 this resulted in the "Selector Affair", when it came out that among the identifiers for numerous legitimate targets, the NSA had also sent thousands of selectors related to European and even German targets, which was in clear violation of the Memorandum of Agreement (MoA) with the BND.

The BND satellite intercept station at Bad Aibling, Germany
(Photo: AFP/Getty Images - Click to enlarge)

Spying on European targets

Just like in Denmark, the Germans had found out that the NSA tried to spy on targets in other European countries. After severe political pressure, the German government agreed to let an independent investigator, Dr. Kurt Graulich, look at the suspicious selectors. In October 2015 he published his extensive, 250-page report about the issue.

Regarding the main list of almost 40.000 NSA selectors that the BND had rejected between 2005 and 2015, the investigator found that 62% belonged to government agencies of EU member states, 19% to Germans outside Europe, 7% to EU institutions, 6% to Germans, 4% to foreigners abroad, 1% to Germans in Europe and 1% to German embassies.

Spying on foreign governments and foreign defense companies does not violate German law, but investigator Graulich still considered it a clear violation of the Memorandom of Agreement, which allowed collection against European targets only for a very few specific topics.

Later in 2015 it was reported that the BND itself was also spying on for example the French foreign minister and the interior departments of EU member states like Poland, Austria, Denmark and Croatia, as well as on the FBI, the Voice of America and international organizations like the ICC, the WHO and UNICEF.

So just like it was the case at the BND, the FE might not have cared very much about the NSA selectors related to European targets, and just like the Germans, the Danes probably also spied on governments and certain companies from other EU countries themselves.

Spying on German targets

In 2015, the Germans had discovered that the NSA had apparently also tried to spy on German targets during their cooperation with the BND.

The examination of the NSA selectors by Dr. Graulich revealed that several hundred were related to German targets, mostly German companies, both inside and outside Germany. Selectors related to the German government were not found, which is an interesting difference to Denmark.

The reasons why the NSA was interested in these German companies could not been clarified by Dr. Graulich, mainly because the BND had no access to the NSA's motivations for each selector.

Just like in Denmark, it seems that the NSA sent their collaboration partner simply all the selectors they were interested in, with apparently little or no effort to pick out those that could be controversial.

Here too, the NSA seems to have relied on the foreign partner to block the selectors that would violate national law and the collaboration agreement. But even then this seems not very smart, because it would potentially allow the partner to see what targets the NSA was interested in.

The DAFIS filter system

Just like the FE, the BND also has a filter system to prevent that German data are passed on to the Americans. From the German parliamentary investigation we know a lot more about this BND system, which is called DAFIS (for DAtenFIlterSystem) and checks not only the selectors that come in, but also the collection results that go out:

Overview of the dataflow for the NSA-BND cooperation at Bad Aibling
(Click to enlarge)

As can be seen in the diagram, all the selectors which the NSA wanted to be used for collecting (in this case) foreign satellite traffic first had to pass the DAFIS system, which checked them in an automated process of 3 stages:
Stage 1: A negative filter which blocks e-mail addresses ending with .de and phone numbers starting with 0049, but most likely also ranges of IP addresses assigned to Germany.

Stage 2: A positive filter consisting of a list of foreign phone numbers and e-mail addresses used by German citizens, for example businessmen, journalists, but also jihadis when they are inside Germany.

Stage 3: A filter to sort out selectors that collide with "German interests", which mainly applies to European military contractors in which Germany participates (like EADS and Eurocopter, both part of Airbus now)

Selectors that were "approved" by the DAFIS system were entered into the tasking databases (Steuerungsdatenbanken) that fed the actual collection system. Communications that matched these selectors were picked out and were also sent through the DAFIS system for another check whether they might contain German data.

Only data that passed this double check were eventually transferred to the NSA. The selectors that were rejected by DAFIS were marked as "disapproved" in order to prevent that they were submitted again later on. The NSA knew and accepted that some of its selectors were blocked by the BND, according to the Graulich report.*

Most of the NSA selectors related to German targets had been blocked by the DAFIS filter. A smaller number of them had been active in the collection system for some period of time, but it is not known whether this resulted in the actual collection of communications (Erfassungen).

A European bazaar?

The way how the NSA tried to spy on European targets through their collaboration with the BND and the FE reminds of what Edward Snowden said in his written testimony for the European Parliament from March 2014:

"The result is a European bazaar, where an EU member state like Denmark may give the NSA access to a tapping center on the (unenforceable) condition that NSA doesn't search it for Danes, and Germany may give the NSA access to another on the condition that it doesn't search for Germans.
Yet the two tapping sites may be two points on the same cable, so the NSA simply captures the communications of the German citizens as they transit Denmark, and the Danish citizens as they transit Germany, all the while considering it entirely in accordance with their agreements.
Ultimately, each EU national government's spy services are independently hawking domestic accesses to the NSA, GCHQ, FRA, and the like without having any awareness of how their individual contribution is enabling the greater patchwork of mass surveillance against ordinary citizens as a whole."

This sounds like an accurate description, except that these joint operations with the NSA are not about "mass surveillance against ordinary citizens", as in both Germany and Denmark the NSA only provided selectors for specific targets like government agencies and companies in the defence industry, for example.

Nonetheless, spying on such targets in the partner country violates national law and the agreements between the NSA and their European counterparts, but for both the FE and the BND that didn't seem a very big concern, at least until the Snowden revelations.

One reason may lie in the fact that in general, these so-called Third Party relations with the NSA do not include a "no-spy" condition, so both parties are free spy on each other, despite their otherwise close cooperation.

That may have kept the Danish and German intelligence agencies vigilant and let them install filter systems to make sure that no data from their country would be passed on to the Americans.

And the NSA, for their part, apparently assumed that their counterparts would do enough to protect their own data so they didn't put much effort in sorting out the selectors to be used in these kind of joint operations.

Links & sources

- Willy Van Damme: De F35 – Pleegde de Deense militaire veiligheidsdienst landverraad? (Nov. 23, 2020)
- DR News: Hemmelige rapporter: USA spionerede mod danske ministerier og forsvarsindustri (Nov. 15, 2020)
- DR News: Ny afsløring: FE masseindsamler oplysninger om danskere gennem avanceret spionsystem (Sept. 24, 2020)
- Berlingske: Et pengeskab på Kastellet har i årtier gemt på et dybt fortroligt dokument. Nu er hemmeligheden brudt (Sept. 13, 2020)
- The Register: The Viking Snowden: Denmark spy chief 'relieved of duty' after whistleblower reveals illegal snooping on citizens (August 25, 2020)
- The Graulich report: Nachrichtendienstliche Fernmeldeaufklärung mit Selektoren in einer transnationalen Kooperation (Oct. 23, 2015)