In Cory Doctorow's Little Brother, the author examines the boundaries of invasion of privacy in today's society. As the main character, Marcus, and his friends fight against the U.S. Department of Homeland Security's intense surveillance of all citizens following an astronomical terrorist attack, they must establish methods for communicating without their messages being interrupted by the DHS, whose head members are scrambling to accumulate evidence that Winston took part in planning the attack.
In chapter six of Doctorow's social criticism, Marcus explains that he will need to encrypt his messages to avoid the prying eyes of the government. In his brief discussion of cryptography and its effectiveness, Marcus makes a startling affirmation. "You have to publish a cipher to know that it works," he claims. While this idea initially seems to violate the idea of cryptography, encoding messages to keep the content safe from being revealed to anyone but the intended receiver, after some thought Marcus's bold statement reveals his true wisdom. He explains that while he could create his own cipher, he would never know if it was secure from others because he had created it himself without first testing its security. Contrary to "anyone" who can create their own cipher system that to them is unbreakable, Marcus suggests first publicizing said cipher system before use. This method would release one's code into cyber space or print, encouraging others to attempt to crack it. Marcus concludes his argument by simply stating that in today's society, you do not simply create your own cipher and assume it is secure; rather, he emphasizes using "stuff" that has been around forever, but has never been successfully cracked.
I initially found Marcus's assertion that publicizing one's cipher was the ultimate way to ensure security to be naive, but with further examination found it to be most insightful. Initially publishing the cipher you created to see if others could indeed break it seems silly. You would not be able to utilize the cipher if it is released and then cracked, and simply utilizing the cipher without checking its security could be more efficient; however, if you publish your cipher for everyone to see, and encourage others to break it, you are utilizing the most valuable source for ensuring its security. Ultimately, having an insecure cipher is more detrimental than losing speediness while searching for an effective cipher.
Image: In The News by paurian, Flickr (CC)