The History and Mathematics of Codes and Code Breaking

Author: Safwaan

Human Nature versus Cryptography

Do you know how many people think they are smarter than everyone else?
94%. -- Or at least this was the case in 1977, where professors said they were above average in relation to their peers.

When we rate others, we recognize the circumstances and characteristics that govern other people’s actions but when we think of ourselves, we overestimate our ability to do things. This is called the optimism bias and could be the main reason why people still continue to try to break the Beale Ciphers even though thousands of expert cryptanalysts have tried and unsurprisingly, failed to do so. This is because we think we are ‘not like everyone else’ and are somehow unconstrained by the same factors which affect other people’s realities. This is obviously false because we are humans, just like everyone else. Another innately human attribute, as well as the optimism bias, is the quest for everlasting life.

While many people throughout history have not been able to find the special elixir, also known as the fountain of youth, we can live on past our death in other ways. We can do this in the same way that Jesus, MLK or more aptly, Beale did – by changing history. And in effect, we will become immortal. And what better way to become immortal than to break an incredibly difficult, some say impossible, cipher that may have a prize of a cool $42 million?

There are a variety of reasons why we would try to break a seemingly unbreakable cipher, and most of them are due to our very nature as human beings. Whether it be our optimism bias, our longing for immortality, or even our curiosity, these are innate qualities and so, I would not be surprised if 100 years from now people still continue to attempt to solve the Beale Ciphers.

Reference: 2013. Everyone thinks they are above average. [ONLINE] Available at: [Accessed 19 September 2017].

The Paradox

In Doctorow’s Little Brother, Marcus Yallow is a young boy who is falsely accused and interrogated on the grounds of being a terrorist. He decides to wage war against the DHS, the organization that kidnapped him, by creating more instances of suspicious behavior in order to make their security systems seem wildly inaccurate. He explains it by saying, “the more people [the security system] catches, the more it gets brittle. If it catches too many people, it dies”. He uses the paradox of the false positive to help him achieve this.

So, what is the paradox of the false positive? Well, let’s say 1 in every 100,000 college students commits suicide and universities have a system that can predict these tragic events 99% of the time based on the student’s web behavior. At first glance this seems pretty accurate, right? Wrong. This means that for every 100,000 students, 1% of students flags up on the system. 1% of 100,000 is 1,000 students. That is way larger than the actual number of students who commit suicide. Therefore, only if only 1 of these 1,000 students commit suicide, that’s an inaccuracy of 99.9%. This is known as the paradox of the false positive.

When reading Yallow’s explanation of this paradox it caught my eye. I found it very interesting because it highlights just how easy it can be for data to be manipulated in many different ways in order to portray a certain story. For example, a test for XYZ disease could be 99% accurate, however, it doesn’t paint the whole picture of how reliable the actual product is. This could lead to consumers who falsely tested positive for the disease to not only worry but also pay a money for medication that they don’t necessarily need. This can apply to many other products and services as well, and so it has made think twice before blindingly accepting data.

Mining data could cause more harm than good

Michael Morris has written an article arguing that ‘Mining student data could save lives’ for The Chronicle. Morris thinks that places of higher education should use the data they gather about their students from their servers to spot certain behavioral patterns or “warning signs” that could lead to certain situations such as terrorist attacks. He argues that the number of people killed will decrease and that this is a justification for making data public over keeping it private. I disagree with the author’s thesis because I believe that even though “data mining could save lives” it will actually cause more problems than it solves.

Once we start giving up our right to privacy of information we begin to lose track of where we draw the line between whether something should be kept private or made public. For example, in the San Bernardino shootings where Apple refused to allow the government access to the shooter’s phone. Had Apple conceded to the government’s wishes then not only does it undermine our basic human rights as citizens to privacy but also it gives the impression that any organization can gain access to any information whenever they want it in the name of security. Once we start exchanging our freedom (of privacy) for safety then these organizations, in this case universities, then this can lead to universities and other organizations requesting and compiling more data from us which just makes the term “privacy” obsolete. This huge compilation of data may not only be available to the organizations themselves but to other people with malicious intent too.

If every student agreed to let their data be used by the university or college that only creates another problem which is making sure that all that information is kept safe and secure. If a university collects data from students and this information isn’t protected well enough, thousands of people’s names, financial information, phone numbers, and other things will be available for anyone to get access to. This happened recently at Michigan State University which then lead to the administrative staff paying a ransom of $15,000 for the hackers to stop. This attack, although small, clearly shows how mining student data can make more people susceptible to crimes than the amount of lives that it could potentially save.

To conclude, while I agree that Morris’ argument that data mining could save lives, I do think the implications of mining such data not only puts more people at risk to a different variety of crimes but also, creates a gray area of what information we can actually keep private, if there is any.

A false sense of security

In Chapter 1 of Singh’s The Code Book, he states that “The cipher of Mary Queen of Scots clearly demonstrates that a weak cipher can be worse than no cipher at all”. Singh means that sometimes having a layer of security can be more detrimental than having none at all because it gives the sender and receiver a false sense of security.

If the sender and receiver are under a false sense of security due to their encryption, they are under the assumption that if it is intercepted it will not be deciphered. Thus, they may be think it is fine to make their intentions clear in the passage, or even worse, give details of other unnecessary information. However, this provides incriminating evidence in ‘black and white’ — literally. This is demonstrated by Babington’s ease in providing details of the plot to Queen Elizabeth as well as providing the names of his co-conspirators. However, if there was no encryption, both sender and receiver would be more inclined to make sure the message didn’t contain any information that could incriminate them as well as taking further measures to ensure that the message doesn’t get into the hands of the enemy, unlike Babington’s trust of Gifford, who was acting as a double agent. Singh also implies that people who, like Babington, tried to keep their messages safe through ciphers often overestimated the strength of their ciphers. This often lead to an incorrect feeling security which in turn ended badly, and in some cases tragically.

To conclude, looking back at the tragic story of Queen Mary, Singh suggests that even though you may encipher your text, you should not feel overly comfortable or safe. Rather, you should err on the side of caution, both in the delivery and in the content of the message that has been encrypted.

Powered by WordPress & Theme by Anders Norén