The History and Mathematics of Codes and Code Breaking

Month: August 2017 Page 1 of 3

Mining Student Data Poses More Threats Than it Resolves

In the article “Mining Student Data Could Save Lives” Michael Morris makes an interesting point about data mining on college campuses. According to Morris, since college students are already using accounts and internet access provided by the school, there is no reason that colleges should not be able to monitor student data for early warning signs of mental instability. Morris says “…the truth is that society has been systematically forfeiting its rights to online privacy over the past several years through the continued and increased use of services on the Internet” (Morris). That’s true. Between social media, google searches, and smart phones, most of our lives are now completely digital. That does not mean, however, that I agree with Morris’ sentiments regarding colleges data mining their students.

It all comes down to a basic question of security vs. privacy. How much of our privacy are we willing to give up in the interest of staying safe? The better question might be, how much of our privacy can we give up while still staying safe? Who is to say that the school officials monitoring the data would be completely aboveboard? I realize that college staff is usually very trustworthy, but there are always exceptions to the rule. Imagine what one corrupted school official could do with access to all of that data. Additionally, once those back channels are established, what is to prevent an accomplished hacker abusing them? Data mining may be to keep us “safe,” but it actually opens the door to a whole new set of problems that colleges may not be equipped to deal with.

It is also important to consider the consequences of false threats. If a school decides that a student’s activity is suspicious they would intervene. But then what if the school was wrong? For example, I have had some strange google search histories in the past. I have always wanted to write a murder mystery and I have researched various poisons to see they would work in my plot. It is likely that, should my college be monitoring my activity, that could be flagged as a dangerous. Even if my search histories were an exception to the rule, how would schools avoid adopting a “guilty until proven innocent” mentality in the interest of keeping everyone “safe?” Morris’ idea has good intentions, but ultimately results in more problems and potential security threats than it solves.

Morris, Michael. “Mining Student Data Could Save Lives.” The Chronicle of Higher Education, The Chronicle of Higher Education, 2 Oct. 2011,

Blog Assignment #3

For your third blog assignment, write a post between 200 and 400 words in which you (briefly) summarize and react to a passage in Little Brother that caught your attention. You might address why it interests you, connections you see between the passage and other ideas we've discussed this semester, or your opinion on arguments made in the passage.

Please (1) give your post a descriptive title, (2) assign it to the "Student Posts" category, and (3) give it at least three useful tags. Your post is due by 9:00 a.m. on Monday, September 11th.

Problem Set #1

Here's your first problem set, in both Word and PDF formats. It's due on paper at the start of class on Wednesday, September 6th.

In case they're helpful, here are some Excel files I've used in class.

A false sense of security

In Chapter 1 of Singh’s The Code Book, he states that “The cipher of Mary Queen of Scots clearly demonstrates that a weak cipher can be worse than no cipher at all”. Singh means that sometimes having a layer of security can be more detrimental than having none at all because it gives the sender and receiver a false sense of security.

If the sender and receiver are under a false sense of security due to their encryption, they are under the assumption that if it is intercepted it will not be deciphered. Thus, they may be think it is fine to make their intentions clear in the passage, or even worse, give details of other unnecessary information. However, this provides incriminating evidence in ‘black and white’ — literally. This is demonstrated by Babington’s ease in providing details of the plot to Queen Elizabeth as well as providing the names of his co-conspirators. However, if there was no encryption, both sender and receiver would be more inclined to make sure the message didn’t contain any information that could incriminate them as well as taking further measures to ensure that the message doesn’t get into the hands of the enemy, unlike Babington’s trust of Gifford, who was acting as a double agent. Singh also implies that people who, like Babington, tried to keep their messages safe through ciphers often overestimated the strength of their ciphers. This often lead to an incorrect feeling security which in turn ended badly, and in some cases tragically.

To conclude, looking back at the tragic story of Queen Mary, Singh suggests that even though you may encipher your text, you should not feel overly comfortable or safe. Rather, you should err on the side of caution, both in the delivery and in the content of the message that has been encrypted.

A False Sense of Security

In saying "The cipher of Mary Queen of Scots clearly demonstrates that a weak encryption can be worse than no encryption at all.", I believe that Singh is implying that in using a cipher, Mary and her recipient felt much safer than if they had used no encryption at all. They believe their message is secure, so they do not feel the need to be discrete in their language. Had they not used any encryption, the content of their messages would not have been nearly as direct as it was with the encryption.
For those who attempt to keep their communication secret through encryption, this statement implies that their encryption method needs to be rather strong if they expect it to be effective at concealing their messages. One cannot hope to use a simple Caesar cipher effectively, as that encryption method is rather weak. It could be cracked by even the lowliest of amateur cryptographers in a small amount of time. The fact that Singh describes the cipher of Mary Queen of Scots, an encryption method that I couldn't hope to begin to comprehend, to be weak implies that for an encryption method to be effective, it must be very complex. This tells me that unless you and your recipient are seasoned cryptographers, you shouldn't bother trying to encrypt your messages, for one could decrypt them with ease. Instead, you should try to use more discrete language and keep in mind that your words could very well fall into the hands of your enemies.

Blog Assignment #2

For your second blog assignment, read the 2011 essay "Mining Student Data Could Save Lives" by Michael Morris of California State University at Channel Islands and write a post between 200 and 400 words that responds to the following prompt.

What is the central argument Morris makes in his essay? Do you agree with it? Why or why not?

This is a chance to practice your summarizing skills and to construct a (brief) response to an author's thesis. Feel free to draw on personal experiences in your response, if that's relevant.

Please give your post a descriptive title, and use the "Student Posts" category for your post. Also, give your post at least three tags, where each tag is a word or very short phrase (no more than three words) that describe the post's content. You're encouraged to use tags already in the system if they apply to your post.

Your post is due by 9:00 a.m. on Monday, September 4th. If you have any technical problems using WordPress, don't hesitate to ask.

Bookmark Assignment #1

For your first bookmarking assignment, you're invited to bookmark anything you like that's related to cryptography. Look for a news article or resource on cryptography that's interesting to you. Be sure that you're bookmarking a credible source. If you're not sure where to go with this, look for inspiration in Singh Chapter 1. Save your bookmark to our Diigo group, and give your bookmark at least two useful tags.

Your bookmark is due by 9:00 a.m. on Friday, September 1st. We'll take a little time in class to share your finds. If you have any questions about using Diigo, don't hesitate to ask.

Image: "Interesting Pin," by me, Flickr (CC)

Bloody Ciphers

There is good merit in regards to reminding one’s self to the fact that they are never safe in comfort. Mary Queen of Scots and Anthony Babington communicated with this “comfort,” while a double agent, Gilbert Gifford, was secretly taking their encrypted messages to one of England’s leading cryptanalyst and cipher secretary, Thomas Phelippes. To the eyes of maybe her jailor, or another untrained person, the cipher may have been unbreakable, probably impossible, but it was dismantled by Phelippes.

The nomenclature used by Queen Mary and Babington had abstract alphabetic, null, and word symbols used to masquerade the details of every message between the Queen and her henchmen. The false security given by this weak encryption let Queen Mary and Babington fall into a complacency that made them feel that they can write openly and freely about a murderous plot to kill Mary’s cousin, Queen Elizabeth I. The henchmen to Mary and Mary herself were all executed for the crimes of plotting Queen Elizabeth’s death.

Queen Mary’s complacency to write at her pleasure because of her weak encryption lead to her execution, but having little-to-no encryption keeps pressure on a message’s sender and receiver. This pressure does not allow either person to feel comfortable giving too much detail in a encrypted message, out of fear of the message being deciphered. If a message written by someone who is very cautious is also intercepted, one can assume that this message will not shed light onto any major situation that would sabotage a planned action. This implies that people that attempt to use cryptography for secret communication would use it in a way that should hide every possible detail of a message. They use hiding techniques such as steganography to keep messages hidden, and they use almost unbreakable encryptions on their ciphers.

These people know that they can be caught, and their secrets can be released. These are the prices they pay. With all the possible negative outcomes with this form of communication, especially when used in the fashion of Queen Mary and Babington, there should be no room for comfort.

A False Sense of Security Plus Treason Equals Death

Portrait of Mary, Queen of Scots. BBC

Portrait of Mary, Queen of Scots. BBC

In Singh's The Code Book, the story of Mary Queen of Scots illustrates the dangers of having a false sense of security.  There are countless examples throughout history, but perhaps the most well-known example of a false sense of security is George Washington's crossing of the Delaware to attack the British on that fabled December night in 1776. The British had wrongfully believed that Washington's men were incapacitated and unable to attack, and as such they let down their guard. As we all know, Washington and his men pounced at this opportunity and were able to turn the tide in the American Revolution. If the British had not become so complacent and careless in their actions then the very country we live in probably does not exist today.

In this same sense, Mary and her fellow conspirators "let down their guard" by explicitly detailing plans of attack, names of conspirators, and other incriminating information in their letters. In saying that "The cipher of Mary Queen of Scots clearly demonstrates that a weak encryption can be worse than no encryption at all" (Singh 41), Singh is telling us that if someone believes they are using a strong encryption system, even if it is easy to crack, then they will be apt to send important information via the encryption system. However, if one knows that an encryption system is insecure, then they will be much more likely to restrict the information in the letters. In Mary's case, she fell victim to believing that her encryption system was much stronger than it was, and as a result once Thomas Phellipes easily deciphered the letters, she was sentenced to death. If Mary's group of conspirators had known their code could be easily broken, perhaps they would have been able to successfully take back the throne.

While this would seem to suggest to others using cryptography that they should not send any incriminating information via enciphered text, at the same time there might not be a better option. One has to wonder what better alternatives Mary and her co-conspirators had, even if they had known that their code could be broken. The letters were all being intercepted anyways, so in reality the plan could never have succeeded. However, Mary did teach anyone contemplating the use of encryption at least one thing:

A False Sense of Security + Treason = Death

Finding the Balance of Confidence and Cryptography

The bigger they are, the harder they fall. In chapter one of The Code Bookby Simon Singh, Singh states that “…a weak encryption can be worse than no encryption at all” (Singh, 41). When it comes to cryptography, this could not be more true.

A successfully encrypted message should only be decipherable to the intended recipient, otherwise it fails to accomplish its purpose. As a result, those responsible for encrypting the message must be certain that, without the proper key, their message is indecipherable. This, however, is a dangerous assumption. False confidence can lull cryptographers and their intended recipients into a false sense of security, thereby causing them to let their guard down. For example, in the instance of the Babington plot, both Mary Queen of Scots and Anthony Babington assumed that their cipher was unbreakable and spoke quite openly about their plans in their correspondences. As a result, when Thomas Phelippes managed to crack their cipher, he effectively signed their death warrants. Had Mary Queen of Scots and Babington been less assured of the strength of their code, they would never have written their plans out as obviously as they did.

Additionally, there is much that depends on the abilities of the cryptanalysts of the times. For example, the Spanish cryptographers that Singh refers to on pages 28 and 29 of his book believed their code to be indecipherable. When they discovered that their codes were, in fact, quite obvious to a French cryptographer, Philibert Babou, they could not accept it. They had been so confident in their ciphers that they went so far as to suggest that Babou was in league with the devil. Such overconfidence is a constant danger to cryptographers.

Confidence is one of the most basic conundrums of cryptography. On the one hand, if cryptographers are overly confident in their ciphers they risk exposure should their ciphers be broken. On the other, if a cryptographer is not confident enough in their cipher, then there would be no sensible reason risk using it for secret correspondence. The answer must be somewhere in the middle. Cryptographers must have enough faith in their own work to use their ciphers, and yet they must be wary enough to watch what they say.

Singh, Simon. The Code Book: The Science of Secrecy From Ancient 

       Egypt to Quantum Cryptography. Anchor Books, 2000.

Page 1 of 3

Powered by WordPress & Theme by Anders Norén