Cryptography

The History and Mathematics of Codes and Code Breaking

Reading Questions for November 30th

Please read Chapter 7 in the Simon Singh book and respond to the following questions before class on Tuesday, November 30th. Thanks!

  1. What do you see as the two most compelling reasons why strong encryption should be available to the general public, even if that means it’s available to criminals and terrorists?
  2. What do you see as the two most compelling reasons that strong encryption should be restricted by law enforcement and national security agencies?
  3. Singh, writing around 1999, makes several predictions about the role of the Internet in our lives in the opening paragraph of Chapter 7. To what extent have these predictions come true? Are there other ways that the Information Age in which we now find ourselves has elevated the importance of encryption among the general public?
  4. On page 315, Singh writes that Zimmerman, through a friend, “simply installed [PGP] on an American computer, which happened to be connected to the Internet. After that, a hostile regime may or may not have downloaded it.” In your opinion, do you think that someone who makes a piece of software available on the Internet should be held at least partially responsible for what criminals or foreign governments do with that software?

Previous

Problem Set 6

Next

Essay #3 – Big Questions Paper

7 Comments

  1. Erin Baldwin

    1. Encryption should be available to the general public even at the risk of giving the same technology to criminals and terrorists primarily because it is not just to halt progress due to the fear that it may fall into the wrong hands. For the public to be kept in the dark about new innovations would be sacrificing the security of all because of what it is presumed that some people will use the technology for. Also, it is impractical to withhold new and stronger forms of encryption so that it is not used for illegal purposes. If new versions of encryption are not introduced, then the criminals and terrorists that the governments fear will have plenty of time to work on strategies of breaking older encryptions and can devote all of their resources toward this. The longer that a code exists, the more vulnerable it becomes.
    2. Strong encryption should be restricted because the government has limited amounts of resources and man power. If the communications of every criminal suspect had to be decoded, investigations would never get anywhere and a great deal of time and money would have to be spent on them. Also, the security of the nation would be compromised because authorities could not respond to threats in time. The amount of encrypted material that would have to be sorted through to determine what was a threat and what was not would mean that by the time any useful information came to light it would most likely be too late to use the intelligence.
    3. Just as Singh predicted, e-mail has become more popular than conventional mail and internet shopping is a thriving portion of most businesses. However, he was wrong in thinking that most democracies would rely on the internet for voting procedures. In many ways, I think that Singh’s predictions underestimated just how much information would be sent through the internet. Beyond e-mail, which has more than replaced conventional mail most people use the internet to shop, some businesses even existing only online. All of this internet traffic requires encryption to protect information and personal information.
    4. I believe that the person that makes software available on the internet should not be held responsible for what people use it for. They cannot control who gets ahold of their software and what they do with it. To prosecute them for what others do with their software would discourage the sharing of new software and would hinder innovation.

  2. Sam Mallick

    1. (a) As a society born out of liberty and freedom, we have a right to privacy that the government cannot infringe. By restricting who can use certain forms of encryption, the government is taking away our first amendment rights. If the government restricts our use of encryption, it becomes more tyrannical and oppressive. (b) While one group of criminals is using encryption to send information, another group is breaking encryption to steal information. If we law-abiding citizens are forced to rely on weak, breakable encryption, we are exposed to those criminals who know how to break our encryption and are therefore able to harm us.
    2. (a) If the government cannot wiretap the communications of criminals, it becomes much harder to find and stop crime. Therefore, to aid our government, it is safer if we all settle for breakable encryption because the government will not bother us law-abiding citizens. (b) While we might run the risk of identities and information being stolen if everyone relies on breakable encryption, it will also be very easy for the government to catch the thieves in such a case. Therefore, criminals will actually be deterred from crime in the first place because taking advantage of weak encryption leaves them exposed to the pitfalls of weak encryption.
    3. Of course, e-mail has become far more common than “snail mail.” In fact, traditional postal services are almost becoming obsolete. Governments make use of the internet for many offices, though voting is still done in person and probably will be for a while (Vanderbilt student elections, however, have moved to an online format). And the internet marketplace is thriving more than ever. Almost anything can be purchased online quickly and conveniently. This trend has continued to grow with things like Netflix and iTunes quickly replacing Blockbuster and CD stores.
    4. This is a tricky question. At points in the chapter, PGP is referred to as a “weapon.” A gun salesman is not held responsible for a murder committed with a weapon he sold, but international arms dealers are almost always considered criminals, so it is hard to draw parallels to non-cyber crime. And software such as Limewire is not illegal in and of itself, but it can be used to steal music, which is illegal, but Limewire remains easily available without legal restrictions. Ultimately, I believe the software will become available to criminals and unfriendly regimes, if not from a friendly source than from an unfriendly one. In the latter case, we will not know for sure who has access to what. It is better that our government knows that such “weapons” are out there and widely available.

  3. Tanner Strickland

    1. Strong encryption should be available to the public because of every citizen’s right to privacy. Also, when discoveries such as strong encryption are made, they have the maximum amount of impact and help the most people if they are made available to the general public.

    2. Strong encryption should be restricted to protect the public from a terrorist collusion that the government could not discover due to the fact that the terrorists had a securely encrypted way to communicate. Also, if strong encryption is made available to criminals, the government will have to spend large amounts of resources cracking or discovering ways to crack these ciphers. This would take away money and resources that the government could normally apply to other public projects.

    3. For the most part, Singh’s predictions have come true. Email is now much more popular than snail mail, and e-commerce is booming. Also, the Internet is a valuable tool for governments to run their countries. He was somewhat off the mark regarding online voting in democracies, however. Other ways encryption has become more important in today’s society is in the protection of customer’s financial information through online banking and when they make online purchases with credit cards.

    4. I do believe that someone who makes their software available online should have a small amount of responsibility for what foreign governments do with that software. I think this because a person needs to think of the consequences of what he or she releases to the world because it could damage the United States. He or she should consult a governmental agency before releasing the software to make sure it does not endanger the American public. However, he or she should not be fully responsible because this person did not intentionally send the information to a hostile government.

  4. Courtney

    1. Well, for one, hackers and criminals exist, regardless of whether they can encrypt their own outgoing internet traffic, so personal encryption is a means for privacy as well as safety. (Recall the credit card scenario, where hackers can access credit card numbers and exploit individuals who have made online transactions.) Second, the general public has historically had the privilege of relatively secure privacy. Now that there is ample technology to thwart such privacy, does not mean that it should necessarily be put to that use. In the time of the horseback couriers people corresponded without government intervention and in some cases (the American Revolution comes to mind) the rebels succeeded, but this wasn’t always a bad thing; in fact it led to the development of our country. Yes such communication was bad news for the British who had control of the colonies, and this is not a perfect analogy for drug cartels or terrorist groups that may use advanced encryption, but life moved on and hindsight shows that it wasn’t necessarily a bad thing; this was simply the way in which our world developed.

    2. The government loses a significant amount of control over surveillance should strong encryption be released to the general public, which makes their job of protecting a nation much more difficult, not only on the smaller scale of individuals breaking certian laws, but also on the larger scale of large groups that may pose a threat to the nation, even perhaps spark a war. So we see that public encryption poses problems to domestic security as well as national security, and it’s clear that the government has plenty on its plate in addition to these supposedly unnecessary opportunist threats. (i.e. prevent the usage of strong encryption to eliminate such complicated security issues. The problem here is that if strong encryption didn’t exist, more security issues would arise, but from the other end of the dilemma. Instead of the government being unable to see hackers transactions, hackers would be able to see the general public’s transactions, and that would not be a safe alternative.)

    3. The Information Age is expanding in all directions at an incredible rate. The space between new technologies is becoming ever shorter, and our dependence on these technologies is growing as well. Smart phones have become the norm, yet a few years ago they were still uncharted territory. Many of us use open networks (at coffee shops, in public areas) with a false sense of security as our online actions are not nearly as secure as we have become comfortable thinking it is. (Exhibit A: FireSheep) Singh postulates that “the success of the Information Age depends on the ability to protect information as it flows around the world,” (293) but so far what I have seen disproves this point. The vast majority of internet users are blindly using the newest technologies without paying any mind to the ease which their information can be intercepted. For now, this is a fair enough strategy, for the number of people who know the reach and depth of decryption are few enough that it would be unreasonable to survey everyone, and the average person can seek security in numbers, but it is only a matter of time before the numbers shift and the scale tips in the other direction.

    4. No. Simply put, Zimmerman was merely providing the tools. Sure, he invested a great deal of time in developing these tools, and he understood their depth, but in a trial his innocence would come down to intent and intent is near impossible to prove. Anyone could have left a hammer in their yard, but that doesn’t make them responsible in the instance that a vandal takes the hammer and uses it to smash their windows. Zimmerman was being innovative, and his efforts have been put to productive use. He was perhaps the catalyst that opened the new can of worms that was this PGP encryption, but if not him it would have been someone else. He really can’t be held accountable for pursuing knowledge in a developing field, and to add to his defense, if he were really being held accountable for providing the “tools” for criminals to use, then Diffie and everyone who provided information leading up to Zimmerman’s advancement, who provided “tools” for Zimmerman, should be held equally accountable.

  5. John Zeleznak

    1.I believe that the two most compelling reasons to provide strong encryption publicly available is the fact that people have a right to privacy and that it is the responsibility of those who create the mediums through which we communicate to account for their security. Addressing the first reason, the right to privacy goes right along with many of the freedoms Americans are given in the Bill of Rights. We have a right to live without the government controlling our lives and saying what we can and cannot do. Our choice of protecting personal information is the same principle as protecting our freedom of speech or religion. Concerning my second point, once a new technology is developed, the inventor cannot merely throw its users out in the cold without some means of protecting themselves. Especially in cases where the technology dominates one form of communication as completely as the internet has, the founders of said communication have an obligation to provide its users with means to effectively use their product without bringing harm to themselves or others. Strong encryption techniques are examples of how the public can be equipped to safely use advanced technology.
    2.The most compelling reasons are that it would be in the best interest of the general public and to increase the amount of information that enforcement agencies possess. If the government could regulate the strength of encryption, it would obviously mean that they could break any encrypted material. This ensures that they would be capable of knowing whether harmful plots were being made and thereby effectively take steps to prevent such actions from taking place. Additionally, by having access to information on the internet, law-enforcement agencies would be able to conduct investigations with wider arrays of background information and could hopefully more successfully prosecute guilty individuals with decrypted information found online or elsewhere. They could also monitor possible criminal activity and prevent any crimes from happening.
    3.Singh’s predictions have either come true or are beginning to manifest themselves as feasible options for the internet. It is certainly the center of communication and commerce and dominates many other aspects of society. Given a few more years, it will undoubtedly be further reaching and have many more uses than we can even fathom right now. One thing that Singh does not mention is the amount of personal information we have out on the internet via social networking, online banking, and other accounts that display names, addresses, and other pertinent information. Obviously, the secure encryption of this and even more sensitive information is necessary to guarantee the preservation of internet-users’ safety.
    4.I do not agree that they should be held responsible for what their software is used for. There is a large amount of information available on the internet, much of which could be used by someone with malicious intents. Even though the actual information is harmless, it can be manipulated by someone to achieve their own ends. People who make the information available shouldn’t be held accountable for other people’s poor judgment. Ultimately, it was the criminal’s decision to take the information in order to accomplish their illegal goals.

  6. Max Gillett

    1. I feel that the argument that the government is not infallible, and therefore should not have open access to your private information, is one of the most compelling arguments. While in the United States we enjoy relative freedom of expression, individuals in other countries could face persecution or death if documents criticizing the government were found. I also think that the argument that criminals and terrorists will find other means to communicate (and thus harm legitimate individuals and businesses in the process by forcing them to use hampered security) is another legitimate and compelling argument.

    2. I think that the argument that terrorists will use strong encryption to evade law enforcement officials in a valid and compelling reason to restrict the use of such encryption. I also feel that the argument that illegal activity can easily be caught with weak encryption has some credence.

    3. For the most part, Singh’s predictions have largely come true. E-mail is the preferred method of communication, and e-commerce is thriving more than ever. Elections of importance are done electronically, but not through the use of personal computers. The massive amount of sensitive information that is relayed across the internet has definitely elevated the importance of encryption, as most of us have credit cards and other important information stored of several servers of companies across the world. The use of weak of encryption would jeopardize the livelihood of hundreds of millions, if not billions, of consumers worldwide.

    4. I don’t think that an individual who creates of piece of software that either has some educational purposes or legitimate security purposes should be punished just because their creation could be used by criminals or terrorists. Encryption is no different than a weapon. Guns and knives aren’t illegal as they have several important legitimate uses, but their improper use could harm others.

  7. Danielle Curran

    1. The most compelling reasons in favor of making strong encryption available to the public are the guarantee of privacy and the protection of personal information such as credit card information. Also Singh says that libertarians claim that encryption is not a huge barrier to law enforcement because wiretaps in most cases are never play a crucial role.
    2. The most compelling reasons in favor of restriction are the ability to intercept criminal and terrorist communications as well as the ability to intercept their plans and records in both domestic and national threats. According to the FBI wiretapping is extremely effective and essential to many criminal cases.
    3. Electronic mail has become more popular than conventional mail, as predicted, although voting over the internet has not yet become a trend in today’s society. Today information such as medical records is stored on the internet, creating another need for strong encryption. Also the extent to which the internet is relied on is so much greater than it was in 1999. Also many entertainment options such as television, music, games, and movies are now available online.
    4. Although I agree that this is a tricky question, I think that as long as the person does not benefit in any way from the criminals or foreign government having the software then they should not be responsible because there is no way to make something free to the public but exclude those who would abuse the software. However if I was the one who made software available on the internet that was later used to benefit a terrorist organization I personally might regret my actions, depending on how much my software benefitted ordinary people.

Leave a Reply

Your email address will not be published. Required fields are marked *

Powered by WordPress & Theme by Anders Norén