It feels obnoxious, expecting the reader to know the context behind the title.
> In 2020, an investigation carried out by the Washington Post, Zweites Deutsches Fernsehen (ZDF), and Schweizer Radio und Fernsehen (SRF) revealed that Crypto AG was, in fact, entirely controlled by the CIA and the BND. The project, initially known by codename "Thesaurus" and later as "Rubicon" operated from the end of the Second World War until 2018.
> For years, NSA secretly rigged Crypto AG machines so that U.S. eavesdroppers could easily break their codes, according to former company employees whose story is supported by company documents.
See also the 1992 news stories about the arrest of Hans Buehler , further elaborated in a 1998 article in Covert Action Quarterly :
> The cover shielding the NSA-Crypto AG relationship was torn in March 1992, when the Iranian military counterintelligence service arrested Hans Buehler, Crypto AG's marketing representative in Teheran.
Every article I'm seeing in the past week refers to documents released in 2015. Why the fuck now? It reeks of public manipulation, especially with the US increasing efforts to convince people not to use Huawei equipment.
That's correct. The documents were reported on by the BBC in 2015 , directly linking to the declassified NSA memos .
> Many details of the arrangements between Crypto and NSA are not known, including when the rigging began, whether it has ended and which machines were involved. The whole story will be told only when secret U.S. documents are declassified, probably well into the next century.
> Crypto rejects the rigging allegations as an invention by disgruntled former employees and denies that its machines were ever designed or altered according to the suggestions of American spies.
They didn't pass it off as news.
It's a long-form journalism story. This form covers more complex stories and aren't limited to new things that just happened. Stories where the facts come out over time or require multiple perspectives can't always be adequately told through a series of "what's new" updates.
But, still, why? The editors of The Washington Post would have to answer that.
The timing is arbitrary. They could have done it months ago or months from now. The author most likely found it, thought it would make a good story and pitched it to his editors (he is likely planning to turn it into a book if it gets some traction). This kind of thing would be a normal part of a journalists job. (Well, most don't get to do deeper stories like this very often, so he's probably pretty senior -- I just checked and he has a couple Pulitzers, so there you go.) I would guess the editors simply agreed with his pitch.
In short: the timing is arbitrary. The people who do this kind of thing just thought it would be an interesting story to tell, in-depth.
[tinfoil alert] Word going around in Germany is that Tagesschau waited for the CIA to sell their shares (which happened in 2018) 
However, as a citizen and resident of America I'd rather be spied on by China, because it's a lot easier for my own government to make trouble for me.
The values of the regimes in control are transient and ever changing. You might be okay with it right now - but maybe not in the near future.
There is no real way around the fact that national intelligence agencies need to conduct mass surveillance of various kinds. National intelligence is a competitive zero sum game, and if we don't do it, others will, and we'll be at a disadvantage.
The same is not true for policing, however. The real danger to citizen rights is when the crossover happens. I'm not worried when the CIA spies on me - i'm worried when the FBI does. I'm worried when the tools of international intelligence get turned to more mundane matters. And I think that is the transition that we have to fight tooth and nail. Fighting the "don't spy on me NSA" battle was lost decades ago, and you were never going to win anyway in any material way. Because even if you could stop the NSA from doing it, every other government in the world would be doing it.
What we need to do is fight to keep that surveillance contained within the international intelligence mission, and not let it creep into domestic policing.
They only care about what is valuable to protect and advance their geopolitical and commercial interests, which are remarkably similar.
Crypto AG was gold because their products were used by governments and perhaps high level business executives.
This company is a problem because it's controlled by an American intelligence agency. The owners knew that was a problem, of course, and went to great lengths to hide that fact. Note that Crypto AG appeared to be a Swiss company, not an American one.
Typical American companies aren't controlled by the CIA or other government agencies.
Typical Chinese companies are substantially controlled by the Chinese government.
It's a rather important difference when trying to figure out the risks of how much you can trust who you work with. There's subterfuge, of course, so there aren't hard and simple rules. This is an exercise in risk management.
It's a rather large mistake to conclude Chinese Owned == American Owned.
Have a gander at the companies they have had their paws on: Palantir, Inktomi, Docker, ArcSight, etc.
True but that doesn't mean there aren't national interests in play when it comes to information security companies deploying crypto products. Think RSA e.g. who took bribes and implemented Dual EC DRBG -- a backdoored random number generator for a number of their cryptographic systems.
There are most likely others, thus transparency via open source (and verifiability via reproducible builds to split hairs) is necessary to avoid this ever happening again.
Unless the CIA has any interest in them, in which they get pwned pretty quickly.
They would need to somehow subvert key executives and subvert key employees to convince them to add back doors and keep quiet about it.
Their levers on such people (carrots and sticks, threats and bribes) aren't that easy to deploy either, especially en mass and in the US. There are a lot of legal hurdles. (The CIA has a lot more legal latitude outside the US than in -- that's very likely an important reason AG Crypto is a Swiss company and not an American one.) Not that the CIA always scrupulously follows the law -- they don't -- but they have to be careful about it.
I suppose you can just believe the CIA hits the "pwn" button anytime they like. But that doesn't have anything to do with the way things work.
Not because the Chinese are tapping it, but because they aren't.
The panicky US response makes most sense if the reply they can't say out loud is "but you're putting it in places where it interferes with our wiretapping!"
This is probably not accidental.
Well that was an asshole move.
Judging by the company names: Investments into RF companies also are more likely on the "tools we use" instead of the "rigged" side of things. The amount of Biotech makes me assume the decision-makers think this is an emerging market which will make a good investment.
So answering to GP: No, not compromised. I wouldn't be surprised if there were one or maybe even two hiding in plain sight, but I think for each individual company on that list, it is very, very, very unlikely that this specific company is compromised. If you don't trust them, make your sensitive GitLab and MongoDB instances accessible via Intranet/VPN only - but I suppose that's good practice anyway?
We can't know for sure, but I'd wager that most quantum cryptography companies have been well greased by spy agencies who expect to be paid back in backdoors.
Ah. That puts the export on cryptography limitations in perspective. Don't allow new tech to compete with the source of a lot of valuable intel.