It may be the greatest intelligence scam of the century: For decades, the US has routinely intercepted and deciphered top secret encrypted messages of 120 countries. These nations had bought the world's most sophisticated and supposedly secure commercial encryption technology from Crypto AG, a Swiss company that staked its reputation and the security concerns of its clients on its neutrality. The purchasing nations, confident that their communications were protected, sent messages from their capitals to embassies, military missions, trade offices, and espionage dens around the world, via telex, radio, teletype, and facsimile. They not only conducted sensitive albeit legal business and diplomacy, but sometimes strayed into criminal matters, issuing orders to assassinate political leaders, bomb commercial buildings, and engage in drug and arms smuggling. All the while, because of a secret agreement between the National Security Agency

(NSA) and Crypto AG, they might as well have been hand delivering the message to Washington. Their Crypto AG machines had been rigged so that when customers used them, the random encryption key could be automatically and clandestinely transmitted with the enciphered message. NSA analysts could read the message traffic as easily as they could the morning newspaper. The cover shielding the NSA-Crypto AG relationship was torn in March 1992, when the Iranian military counterintelligence service arrested Hans Buehler, Crypto AG's marketing representative in Teheran. The Iranian government charged the tall, 50ish businessman with spying for the "intelligence services of the Federal Republic of Germany and the United States of America." "I was questioned for five hours a day for nine months," Buehler says. "I was never beaten, but I was strapped to wooden benches and told I would be beaten. I was told Crypto was a spy center" that worked with