Cryptography

The History and Mathematics of Codes and Code Breaking

Author: Colleen Gill

What Do I Have to Hide?

By focusing on what to keep private rather than what to publicize, teens often inadvertently play into another common rhetorical crutch - the notion that privacy is only necessary for those who have something to hide (boyd, 63).

When social media first began to crop up in my household, my parents weren't sure how to react. With crude interfaces such as Myspace, my parents banned their use completely (thought this was a much more relevant issue to my older sister than it was for me). However with the upswing of social media sights such as Facebook and LinkedIn, sights my parents could use and were therefore inherently more comfortable with, our family had to have our first conversations about internet safety.

As a kid my parents were very aware of not only everything I posted but also everything my friends were posting. I distinctly remember one post my friend made about being home alone that had my mother rushing to phone her parents. While I was little, this level of online privacy made sense to me. My parents were obviously worried about my safety, and I was not yet rebellious enough to want to defy them just for the sake of being defiant. As I aged, however, my opinions began to deviate from my parents.

There came a point in my online life when I began to believe that my security didn't matter too much: nothing I did was really all that interesting anyways, if someone wanted to read the FanFiction in my internet history they could be my guest. As Facebook privacy updated, I didn't keep up with my account privacy settings, and my wall became increasingly public. I definitely adhered to the ideology that boyd was describing. For the most part, my views have changed again, but to an extent, I still do agree with it.

As I have become more aware of the information that is being sent out online, or rather the information behind the information (such as location services we don't even realize we are posting), I have become increasingly more cautious about what I post and how I post it. Even if I have nothing illegal or secretive to hide, I would still like to keep the location of my house private to the internet. However, instead of changing my online visibility, I simply edited what I post in the first place. I still don't have very strong Facebook security settings, but I make sure that the posts themselves are not revealing any threatening information. The only things I have to hide are those things which affect my safety.

Inaccurate Accuracy

Though there were a lot of interesting insights made throughout the novel regarding cryptographic security, the point that most stood out to me had to do with the "paradox of the false positive."  In chapter eight of the novel, Marcus comes up with the idea to clone arphids in order to create a high number of unusual travel patterns and consequently bog down the DHS's tracking systems. He goes on to describe how anytime you are trying to collect data on a wide scale, lets say for example from one million people, the test's percentage of accuracy needs to be the same as the uncommonness of the thing being looked for. For example with one million people being tested, a 99% accurate test would still find 1,000 positives, which would be very unhelpful if you're looking for only one specific person. The more people, and the less common the variable you're searching for, the more unusable your test becomes.

What I thought was so interesting about this point is that when looking at the math for this sort of data mining, it seems so illogical. The probability of finding usable data in this manner becomes more and more difficult as the amount of data increases. However, just hearing the phrase "99% accuracy" creates an inherent false sense of security. This false sense of security becomes dangerous when we rely heavily on technologies such as these to find information for us. What happens when the accuracy is lower than 90%? Lower than 80%?

One thing we have discussed in class more than once is the idea of data mining, especially in schools, to attempt to find patterns that would predict crime before it occurred. The point that always gets brought up in favor of this sort of data mining is that it potentially could keep students safe, which of course would be beneficial. However, lets say that these measures were implemented at Vanderbilt, with 12,725 students, and the test had a reasonable 95% accuracy rate of finding potential threats. Theoretically 636 students could be found potential threats by the system. It's improbable and illogical to question over 600 kids in order to find a possible one or two actual suspects. Though neither Marcus nor I were making the claim that all data mining is useless, seeing the numbers on how useful it really is puts the idea into a better perspective.

Not Quite Like the Movies

For as long as I can remember, there's always been one thing about action movies that has bothered me above all else: while the bad guys can do whatever they want, without worrying about who they hurt, the good guys have to catch up to the bad guys while also attempting to contain collateral damage. It seemed so unfair to me, but the good guys wouldn't be good if they hurt everyone in their wake (which is one of the reasons why the new Superman movie was so disappointing, but I digress).

In the case of German and Allied forces in World War II, we can assume, for argument's sake, that the Germans would be the "bad guys", and the Allied forces would be the "good guys." If the pattern which caused so much of my childhood angst was being followed, it should happen that fighting the good fight would be a hinderance for the Allies. However it had the exact opposite effect. The cause that the Allies were fighting for, and the conviction that they held to complete their cause, was a major factor in their success with cracking the Enigma machine.

Singh mentions himself that motivation is a driving force in cryptography: in periods of peace, cryptographic breakthroughs are so few and far between simply because there is no need for them. In the case of Allied efforts, there was much need to break the Enigma machine. Lives were being lost at an astonishingly fast rate, and without knowledge of German plans, there was little chance for the Allied troops to make any gains. Both the higher ups and the cryptanalysts themselves understood that the stakes were incredibly high, which proved to be an incredibly motivating factor.

The need for information proved to be a very beneficial asset not only motivationally but also resourcefully. Because the Enigma machine was so complex, it required not only a lot of manpower to solve, but also a lot of machinery. Though previously in history there was some hesitation to fund cryptographic efforts, the creation of Bletchley Park is proof that Allied officials saw the need for cryptanalysis as part of their war effort. It's hard to tell how much priority cryptography would have gotten had the situation not been as dire.

Cryptographic Creativity

What I was struck most by throughout Ms. Dunin's talk was the fact that she had such a vast amount of knowledge in such a wide array of categories. She is not only an expert code breaker, but a professional code maker. She talked about her experience in the gaming industry, her understanding of steganography, and her world travels to find different pieces of cryptographic artwork. Her work experience includes not only authoring books in the above categories, but also time spent stationed in California (to which I take a particular interest) in the US Air Force. Her website brags about her personal accomplishments including her ability to speak numerous languages - which probably was supplemented by her travels to every continent. On top of all of that, she is an official administrator on Wikipedia, with over 69,000 edits.

While perusing her credentials, I was astonished by the incredible breadth of her experience. How could one woman have time for all of these things? On top of all that, where did she find time to learn about cryptography. The more I thought about it, however, I realized that her cryptographic knowledge didn't happen in spite of her educational life experience; rather the vast array of skills that she has acquired throughout her life is, more likely than not, directly correlated to her ability to decipher so adeptly.

We have talked in class numerous times about the skills that are most important in code breaking. Is it luck? Creativity? Logic? We also know from our reading that the most successful codebreaking happened when people from many different disciplines have come together to perform great feats of cryptanalysis with their combined skills. Elonka has a background in code making, a largely math based profession. She also is adept at linguistics, obvious from her ability to speak so many languages. She has had the opportunity to glean knowledge from every corner of the internet during her time at PhrekNIC and as a Wikipedia administrator. She is, undoubtedly, in the position to be the most qualified of cryptanalysts.

Elonka has accomplished incredible things during her career as a cryptanalyst. She described in class how she casually jumped into codebreaking at a conference, and then let it become a large part of her life. Is this surprising? No, rather it is inspiring. The study of cryptography is not limited. In its purest form, it is all inclusive.

Morality v. Pragmatism

The question of ethics comes up a lot in regards to cryptography. At its core, things tend to only require encryption if, for some reason, someone doesn't want them seen. More often than not people do not mind others seeing their good, moral deeds. What's interesting about the Zimmerman deciphering is that the morals in question have nothing to do with the encrypted information, but rather what was done with it.

On the one hand, what Admiral Hall did was incredibly immoral. He actively chose to withhold information that could potentially prevent countless American deaths. The United States had already lost over a hundred lives to German submarine warfare, which is why the President was so adamant to prevent future attacks of that nature. By actively withholding the information within the Zimmerman telegram from America, the Admiral made the choice to endanger the lives of Americans should his cryptographers fail to break the rest of the cipher before Germany mobilized its fleet.

On the other hand, what Admiral Hall did was not necessarily immoral but rather pragmatic. If the Germans had discovered that British forces could decipher their messages, the encryption techniques would have only become more sophisticated. This increased sophistication would have seriously hurt long term war efforts, which (since the war continued on for many more years) would most likely have resulted in more lost lives than would be found from the submarine warfare.

Also, there is no telling what the Admiral would have done with the information had his analysts not cracked the rest of the cipher in time. Singh describes a situation where the Admiral was waiting for the rest of that decryption in case a caveat, or some other relevant piece of information, was revealed in the rest of the text. It is entirely possible that, in the event his cryptanalysts had failed to decode the rest of the telegram, he still would have passed the decrypted message onto the Americans.

In cases such as these, and in any case of war, it is difficult to talk in terms of morality. Rather, it is clear that the actions the Admiral took worked out favorably in the end. Had the message not been deciphered at all, or had the Admiral never revealed the message to the Americans, we would be telling a very different story today.

You Say "Paranoia," Mom Says "Preparation"

My first email address was a very big milestone in my young life. Finally I was able to send my friends massive chain emails with instructions to pass the message on to 10 of their closest friends (of course including me). However, this email account did not come without its fair share of lectures. My mom sat me down and talked to me about how I shouldn't put my name in my email account-someone might search me. I was told I needed to never post where I went to school on the internet-someone might find me. And more than anything, never, under any circumstances, was I allowed to talk to strangers online-guessing what someone might do is too horrible to imagine.

Albeit overzealous, my mom wasn't entirely incorrect, it's not hard to search and/or find someone on the internet. In fact, that's the entire premise of most internet based social media. However, my mom didn't realize then that the ability to be found on the internet was going to catch up with her much faster than she could attempt to evade it.  Quinn Norton, hacked many times himself, would most likely say that my mother's attempt to outrun the internet information frenzy would be futile. He would most likely be right.

This article struck a particular chord in me. I certainly have a lot of personal information to draw from in regards to internet security, and know that writing about my experience in that subject would not prove to be too challenging. I also am very intrigued by the author's flippancy towards the subject of safety, and would enjoy delving deeper into his reasoning behind it. Overall, I am very excited to write my first essay on "Hello future Pastebin readers" by Quinn Norton.

The Correlation Between Technology and Self-Taught Cryptography

When the frequency analysis first emerged as a tool to decrypt substitution cyphers, it was the epitome of modern technology at the time.  Under the growing Islamic rule of the Arab nations there was, for the first time in history, the opportunity for the collection of mass amounts of diverse knowledge in one place and one time. Revolutionary at the time, in modern society this same concept of data collection is relatively commonplace. Worldwide schooling systems teach the basics of linguistics, mathematics, and statistics to children from young ages, giving them the platform upon which it is easier to compute the complicated nature of cryptography. Even more recently, information of all types has become increasingly available to any who have access to the internet. A place for data collection and collaboration of thought like no where else, the internet has revolutionized cryptography once again. No longer is a formal education entirely necessary to access the tools needed to decipher codes. One can simply study complex theories of statistical analysis taught to them through Yahoo Answers, or watch explanations of multivariable calculus on YouTube. While information is still being gathered, just as it was in ancient Arab nations, it is no longer limited to a single society, or even to formal education. There is no reason to say that the modern codebreaker is somehow inherently more adept at decryption; rather the skills which are needed to decrypt are accessible without advanced study.  Thanks to the internet, the only requirement in cryptography is the desire to seek out the tools necessary to decrypt.

Powered by WordPress & Theme by Anders Norén