The crypto department at Philips has on several occasions compromised the encryption of devices used for secure communication. This statement is made by Cees Jansen, former top cryptographer at Philips, in the Saturday broadcast of Argos. Jansen tweaked devices that were to be delivered to NATO Ally Turkey. Philips was assigned to do this by the BVD, the Binnenlandse Veiligheidsdienst (the former Dutch intelligence agency) and American intelligence services.

Cryptographer Jansen made these claims about Philips in the context of Cryptoleaks, the international media collaboration exposing Operation Rubicon. This ‘global intelligence coup of the century’ enabled the American NSA and the German Bundesnachrichtendienst to secretly break encoded messages sent by more than a hundred countries for decades. Highly classified evaluation papers detailing Operation Rubicon are in the possession of Argos, VPRO/HUMAN's platform for investigative journalism .

The device that Philips compromised is the Aroflex, a telex machine that was used for encrypted communication between NATO-allies. The Turkish government was so pleased with the device that they wanted to order more of them, to use for communication with their embassies and for internal communication within the army. The Americans wanted to supply them with an intentionally 'weakened' version, in order to gain access to the Turkish communication. Germany refused to cooperate. ‘The NSA turned to Philips, who complied,’ according to the German evaluation paper on Operation Rubicon.

From Aroflex to Beroflex

Philips, in cooperation with Siemens, already manufactured a weakened version of the Aroflex for the civilian market. “Some internal documents mentioned this, but it wasn’t known to the public.” These devices were internally referred to as ‘Beroflex’, cryptographer Jansen explains.

As the Turkish government was already familiar with the Aroflex, Turkish intelligence would have noticed if a Beroflex was delivered instead. Jansen: “So I was confronted with the demand to manufacture an Aroflex, which looked like an Aroflex but was in fact a Beroflex.” The CIA facilitated and booked meeting rooms. At the Holiday Inn Hotel in Eindhoven, for example. These meetings were also attended by NSA employees. ‘They were the executive cryptographers.’

On his personal website Jansen provides a detailed report on how Philips also attempted to deliver weakened Aroflexes to China.

Not the first time

“At the time, I looked at it in a different way than I do now”, cryptographer Jansen says. “I did whatever my boss asked me, and made what had to be made.” He didn’t question the deceptive operation aimed at Turkey. “One mustn’t forget that we had already gone through the PX-1000 exercise.”

In April of 2019 Argos revealed how Philips was chartered by the NSA to take the PX-1000 out of sales. This pocket telex was designed in the early 1980s by Amsterdam-based company Text Lite. Inventor Hugo Krop equipped the PX-1000 with a ‘naugthy feature’: DES-encryption.

Arie Hommel, director of Text Lite at the time, remembers how Philips managers wanted to meet up with him at a Van der Valk-hotel. “They told me bluntly: you have a product that contains encryption and we want to get if off the market.” The assignment came from the American NSA. Dutch intelligence agency BVD assisted.

Philips came out with a new version, the PX1000Cr. Research by Argos and Crypto Museum Eindhoven reveals that the encryption algorithm had been weakened from 64 bits to 32 bits. Where it would initially take a year to crack the encryption (hypothetically speaking), it would take less than a second with the new algorithm.

DES encryption was the biggest threat to operation Rubicon, the classified CIA evaluation report states. Cryptographer Jansen: “At the time this exercise to take the PX-1000 off the market transpired, I could have never imagined this to be a part of such an enormous operation like Rubicon.”

Philips knows nothing

Philips can’t comment, a spokesperson states. “As these events took place such a long time ago, we have checked the company archives. Our archivers have not been able to find any information on this case, however.”

Through his judicial advisor Robin van Iperen, Arie Hommel has proclaimed to be working on a claim against the Dutch state. “We’re thinking of an amount of 150 million euros”, Van Iperen says. The Text Lite case is supported by the National Register of Financial Lawyers (LFRJ), which is chaired by Van Iperen. “We frequently assist people who have problems with the state. We expect to enforce the claim before the end of March.”

CRYPTOLEAKS is based on nearly three hundred pages of classified CIA and German Bundesnachrichtendienst documents. Journalist Peter F. Müller obtained the documents.  Together with journalists working for The Washington Post, German public-service broadcaster ZDF, Swiss public-service broadcaster SRF, the Crypto Museum Eindhoven and platform for investigative journalism Argos more than a year of research went into the investigation.