Gamification of the Crypto Course?
Mills Kelly’s blog post, “Teaching Students to Commit Fraud,” mentions a couple of courses (one of which was taught by Mills) that featured students actually committing some kind of fraud (online in Mills’ course, as an exercise in the other course) as a way to better understand fraud and deception. Mills writes, “What I like about [the other course] is that the students were forced to grapple with real life substantive issues, rather than reading or hearing about them in the abstract… Sometimes, maybe always, that scrutiny is best done by getting one’s hands dirty, by which I mean actually entering into the ethical conundrum rather than just reading about it.”
Mills’ comments lead me to think that having my students engage in some activities based on the keeping of secrets might help my students explore some of the ethical issues and risks involved in using cryptography we discussed in our course. Sure, I had my students encipher messages, decipher messages, and break ciphered messages in their problem sets, but those exercises focused on the mechanics of various cipher systems, not on the ethical issues or risks surrounding their use. What kinds of activities might help students explore these social aspects of cryptography? Here are some initial ideas:
- In the Mary Queen of Scots story Simon Singh tells in the first chapter of our textbook, The Code Book, Mary was imprisoned and communicating with her confederates outside of her prison. What she didn’t know was that one of her allies was actually a spy for Queen Elizabeth and her spymaster, Sir Francis Walsingham, and that Walsingham had cracked the nomenclator she was using to encipher her messages. Walsingham was able to intercept and modify the messages that Mary sent, and he used this ability to trick Mary’s partner, Anthony Babington, into revealing the identifies of those conspiring with Mary. Mary and her confederates were all executed. Singh writes, “The correct use of a strong cipher is a clear boon to sender and receiver, but the misuse of a weak cipher can generate a very false sense of security.” (p. 42) I would love to come up with a game that helps students internalize this idea, one that has students play various roles in a drama similar to that of the story of Mary Queen of Scots.
- Singh cites several examples of intelligence gathered during wartime by military cryptography units that couldn’t be acted upon without giving away to the enemy the fact that their messages were being intercepted and deciphered. These examples lead to a tough ethical question: What sacrifices are appropriate to ensure the secrecy of a successful cryptography effort? This ethical issue, inherent in many applications of military cryptography, could form the basis of another game, a war game of sorts in which groups of students act as cryptography units for various sides in a conflict.
- One very hot topic in the course was the relationship between security and privacy. For example, should the US government be able to decipher any electronic messages sent by US citizens? That ability might help catch terrorists and criminals, but it also might mean less privacy for citizens and a lot of hassle for electronic communication providers to provide the “back doors” necessary to enable this kind of snooping. We had a lot of discussions about the balance between security and privacy during the course, several students addressed this question in their final papers, and we even spent a class session mapping out the arguments related to this question in a collaboratively created Prezi. Could I come up with a game that puts students in various roles in this ethical landscape? One that helps them experience the trade-offs between security and privacy?
Clearly, these are just initial thoughts! I’ll need to think creatively about some game mechanics that would work for these ideas. Any suggestions you might have are welcome!
Image: “Settlers,” Steve Webel, Flickr (CC)