Cryptography

The History and Mathematics of Codes and Code Breaking

Tag: Encryption Page 1 of 3

Strong Encryption For The People. Please and Thank You.

The two most compelling reasons I found why strong encryption should be available to the public is the large amount of interceptable information spread daily via email and that individuals have enjoyed complete privacy for most of history.

The hundreds of millions of emails sent back in forth within the masses of the online public holds records of financial transactions, the passwords to private online accounts, and the registration for a variety of social sources that could be used against the individual if decrypted. Strong encryption should be allowed for the everyday regular person to send emails because the number of incriminating or illegal activity is relatively small compared to the large number of legal and regular every day communications that take place. The reasoning that encryption should not be allowed to the masses due to the fact criminals will use it is weak because without encryption criminals will still find a way to hide their communications.

Never before has the government had the ability to access the personal information of their citizens. In a society with no encryption, the government would have full access to all digital conversations and habits of their users, thus ushering in a system of mass surveillance similar to that shown in George Orwell's 1984. I'm not saying that we are going to be like Winston and friends and be forced into submission by the Party, but by having a government that is capable of being all knowing of their citizens is scary. The freedom to speech is also awarded in our Bill of Rights as Americans and with the government being able to look into the way we talk and communicate online, that may lead people to not want to take full advantage of the internet.

Back to the Future

In chapter 7, The Code Book joins the likes of George Orwell’s 1984 and the Hollywood hit Back to the Future series in making predictions about the years to come. The concept of the narrative’s future being our “past” is a little mind-boggling, but it is incredibly interesting to read the forecasts of a book published almost 20 years ago now. Use of the internet was just starting to become publicly accessible when The Code Book was written, but as an scholar who is obviously well versed in the subject matter, Singh actually makes some very good predictions about the future of the internet heading into the 21st century. He recognized that the internet would certainly gain popularity and become utilized for a multitude of purposes: online shopping, banking, taxes and data records are all amenities that we have and regularly use today. He is correct, therefore, about the requirement for encryption that has progressed beyond military and government use. Hackers attempt to steal identities via credit card and social security numbers. Secure encryption is no longer a privilege, but a necessity when all of our most personal information is stored on computers. It is difficult to fathom things that have yet to come. I don’t know if even Singh could have predicted the integral role internet now plays in our lives, during an Information Age in which so many people rely almost entirely on electronic devices to manage and live their lives.

The Internet Broke Us

I believe that given the time he has written this in, Simon Singh has done an excellent job of predicting how the upturn of technology would shift our society and our world towards one of automatic work and technical organization.

It turns out that Singh largely underestimated the rate at which all of this would develop. Technology raced through a lot of the aspects Singh talked about and has moved on to greater things. While we haven't reached certain aspects that Singh explicitly talks about, such as online voting, the Internet has been used to expand our knowledge as well as our capabilities of running and existing in society. Today, we largely consider technology and the Internet to have taken over the world we know today. Although whether it was better or for worse is up in the air for discussion, we can all agree that it has made a sizable impact on who we are as human beings and what we prioritize. That being said, with so much accessible to us in recent days, strong encryption becomes even more critical in regards to our own security as well as the security for everyone else at large. Keeping what we want private as secure as we can make it keeps our mindset and morale high and positive, while being as secure as possible.

The Perils of Perfect Security

The idea of perfect security is a tantalizing one on the surface. It guarantees anonymity and protection from unwanted attention; it facilitates and protects a bedrock of democracy, that being freedom of speech. Altogether, it's no surprise that, in the interest of preserving the core values of democracy, people would want perfect security implemented for their digital communications. However, with perfect digital security comes a price, one that society may not be willing to pay.

As Simon Singh argues in his The Code Book, once PGP became a widespread method of encrypting civilian communications, it became clear to the American government that such a tool could be employed by malicious entities to mask their activities. In this vein, Singh provides two extremely compelling arguments for why perfect security may not be in the best interest of the people. First, he presents the idea for evidence collecting in a court of law. Here, Singh provides evidence that, during the 1920's, police forces actively made use of phone wiretaps to listen in on communications and gather incriminating evidence. These practices were upheld by the Supreme Court and were widely accepted, and thus helped the police do their job more effectively. With the advent of digital communications and perfect security, the police would lose this avenue of gathering evidence, stunting their ability to collect evidence in a discreet and non-invasive fashion. By doing so, police would be forced to gather evidence physically, which may even put lives on the line that don't need to be at risk in the first place.

Secondly, on a national security level, Singh also shows how international and domestic terrorist groups have used and will continue to use modern encryption technology to keep their plans and communications private and untraceable. Using examples of events like the Tokyo Subway Gas attacks and even the computer of a World Trade Center bomber, Singh creates a dark picture where terror attacks are able to be planned and executed with little in the way of countermeasures, which ultimately puts innocent lives at risk.

As such, it's clear that while perfect security is attractive on the surface, the inability for the proper authorities to covertly access information when the need arises puts innocent lives on the line. Altogether, its a steep price to pay for not wanting anyone to read your emails.

Electronic Everything, Except...

It's almost comical to read Singh's prediction, considering the digital world we live in today. He predicts that "electronic mail will soon become more popular than conventional mail," and that governments will use the internet to help run their countries. These statements have long been true. In fact, I can't remember the last time I sent someone a letter that wasn't my mom forcing me to send thank-you cards after my 13th birthday party.

Almost every action we perform using the internet nowadays uses a code. Every time we log-in to a site, our credentials are protected through encryption. In many cases, this is lower-stakes, like on social media platforms, gaming websites, etc. However, this encryption can also be extremely crucial: private email, online banking, and health records are all contained online. For actions such as these, it is imperative that our information is well protected. Someone who had access to all the information we store on the internet could easily ruin our lives.

One of Singh's predictions, however, has not yet come true. In the US, at least, online voting has not become a reality. Some states do allow some sorts of online voting, whether it's, or electronic fax or portal, but the majority of voting is done in person at a booth or through absentee ballots. The overarching reason for this is the government's distrust in their own ability to maintain an uninterrupted and honest election. While smaller countries may find it easier to implement electronic voting, the U.S. faces several problems. First, many citizens in the United States are extremely well educated and well versed in computer encryption systems and hacking. The odds of all the top hackers working for the US government is extremely low. Secondly, there is always international interest in our domestic elections. There have been countless stories in the news (Russia, Ukraine) about other countries trying to interfere with our elections. Online voting would make this much easier, as the internet is very much a worldwide network. Containing voting to an old-school system limits the amount of electronic interference that another citizen or country could have.

Reading the news, shopping, sending messages, and so many more simple tasks have been taken over by the internet - it'll be interesting to see if the internet continues to develop and eventually takes over voting as well.

You do You

Whitfield Diffie, having the mind and brain to look beyond the present time, predicted that everyone would have their own computers and would have the ability to send messages to anyone they wanted. With this in mind, he essentially states that all people should have the ability to hide their messages from the government  via encryption. And given the democratic beliefs that our country supposedly abides by, I agree with Diffie's views to a very large extent.

Singh makes it explicitly clear that Diffie believes that people should "have the right" to make that choice for themselves. And that is the main thing that makes his argument agreeable. There are many people currently in America that could not care less about who is able to see their messages. On the other hand, there are many Americans who are very passionate about making sure no one can get their hands on whatever they deem private and making sure to define what they wish to keep as private or not. It's similar to Marcus's argument in "Little Brother" with the bathroom analogy, how there are just things in a person's life that they wish or desire to keep private and that is completely okay. Similarly, people should have the ability to choose to encrypt the messages they send. Whether they decide to encrypt their messages or not may come down to personal preference. One individual may  prefer to take the extra step to hide something they believe is private and should only be known by them as well as the recipient. There may be another individual that will pick and choose what they want encrypted or not, due to security and/or personal reasons. There might be a third person that, for whatever reason, may not want or care to get anything encrypted on the way. And while it can definitely be agreed upon by many that taking the safe route is preferred, the choice should be up to the individual, case by case.

Cryptohipster Beliefs

Whitfield Diffie is, in essence, a cryptohipster. Or, one might call him a cryptotarian (crypto libertarian). He graduated from MIT, and studied cryptography just for the thrill of it. In the early 70's, Diffie had the foresight to realize that one day, people would have their own computers. He believed that "if people then used their computers to exchange emails, they deserved the right to encrypt their messages in order to guarantee their privacy."

I do agree that private citizens have a right to have access to secure encryption technologies. Encryption technologies would be used to protect communication - the same communication that might take place face-to-face. Since in-person private conversation has never been a right that's been questioned, why should we give up our communication rights if it's simply a different medium of communication? Living in America, we have a right to privacy. This right shouldn't be infringed upon due to the development of the internet. If someone is able to develop their own encryption system, they should be able to use it at their will. There's a lot of work that goes into developing/utilizing such a system, including the logistical problems that come with key distribution. If people want to go through the trouble of exchanging keys, they should be able to communicate in private.

With an advance in technology, the use of computers for encryption technology wasn't just limited to the military and government. Increasingly, civilian businesses began using encryption and cryptography to encode their messages. In an attempt to standardize encryption across the United States, the National Bureau of Standards looked to Lucifer. This encryption system developed at IBM was so strong that it offered the possibility of cryptography that couldn't be broken even by the NSA. The NSA didn't want civilians to use encryptions that it couldn't break, so the NSA successfully lobbied to weaken Lucifer by reducing the number of possible keys. The adoption of this weakened Lucifer meant that the civilian world had access to strong but not optimal security, meaning that the NSA could still break their encryptions if it needed to do.

The NSA was justified in pushing for the adoption of a mechanism that they could break even if it meant less security for the civilian world. Allowing civilians and businesses to gain strong encryption mechanisms that no one but them could decipher would have meant an increase in criminal activity that governments couldn't even begin to monitor. This would have reduced the safety of the populace as a whole. When living in a society we often give up some rights for the greater good, and it should be noted that no right is absolute - my right to free speech doesn't allow me to yell fire in a crowded theater for example. Thus by merely knowing that the NSA can still decrypt messages that businesses send can often be a deterrence to secretive or illegal activity.

Critics like to point out that giving the NSA the ability to decrypt any message they would like would be giving the government far too much power. But it should be noted that even while the NSA has the means to decipher an encryption, that doesn't necessarily mean it will. There are billions of texts, emails, and calls exchanged each day in our world - the NSA has neither the means nor the resources to monitor every single message. Thus the NSA must prioritize by possible criminal activity: criminal activity they cannot detect and stop without the use of decryption. Thus, it is not only important but essential that the NSA be able to decrypt the messages of the business world in order to deter criminal activity and better protect our society.

 

Necessity is the Mother of Invention

The invention of the telegraph revolutionized long-distance communication by allowing messages to travel many miles practically instantaneously. However, the drawback of telegraphs compared to letters was that the required intermediaries for transmission also had access to the contents of a message. While a postman is unlikely to open and read a sealed letter, a telegraph clerk has no choice but to read what they are sending.

This affected the development of cryptographic techniques in two major ways. One, it prompted the general public to become more interested in cryptography. Even if their messages were not necessarily "secret" per se, most people are uncomfortable with the idea of a half-dozen people reading their private correspondences. Two, individuals and organizations that already encrypted their messages needed to amp up their security, because their messages would be viewed by more people and their messages would be easier to intercept via wire tapping. This spurred the adoption of the Vigenère cipher for telegraph communications because of the increased security it provided.

Similarly, in recent times, the concept of encryption has become more popular and the technique has become more refined in response to the increase in digital communications. As new technologies emerge, so may new cryptographic techniques.

The Perils of Hubris in Cryptography

On page 41 of Simon Singh’s The Code Book, Singh makes the interesting assertion that “a weak encryption can be worse than no encryption at all.” This seemingly paradoxical statement reveals how hubris can be the downfall of any great cryptographic scheme. Best exemplified in the case of Mary Queen of Scots, when two parties deem a cipher or code secure and therefore write their messages freely with no fear of discovery, this overconfidence can ultimately result in their downfall. Had Mary’s messages not been so explicitly linked to the assassination plot of Queen Elizabeth, and instead been deliberately vague, the evidence against her would have been weak enough to possibly save her life.

The beheading of Mary Queen of Scots should serve as a cautionary tale to any modern cryptographer to remember the possibility that your enemy has already cracked your code, or that another part of the world is already much advanced in the art of code breaking. A good cryptographist should take extra precautions when crafting their message to ensure that, if the encryption fails, the implications of their message, should it land in the wrong hands, are as limited as possible. No code should be deemed unbreakable by its creators, and stenography and subtlety of language are just as crucial in encryption as a strong cipher or nomenclature.

Page 1 of 3

Powered by WordPress & Theme by Anders Norén