|
April 08, 2002 | I interviewed Simon Singh, author of
The Code Book (1999), during a campus visit to Centenary
College. After he mesmerized one of my classes and delivered a series
of energizing lectures, we chatted about various aspects of cryptography
today.
History
Bryan Alexander: In your 1999 book, specifically in chapters
4, 5, and 6, you make an impressive case for the importance of Alan
Turing, both as cryptography and as major Allied war hero in WWII.
Just a generation ago, he was scarcely known beyond small circles
of computer historians and codebreakers. Now, in 2002, how is the
recuperation of Turing going?
Simon Singh: Everyone knows about Turing. He is an herroic
figure, now recognized as a person who laid the foundations for
computing; who made an unparalleled contribution to codebreaking
in WWII, who save countless lives – on both sides. And a figure
or martyr for the gay movement. Breaking the Code, a great
play, and Andrew Hodges’ book (Engima) were the first
works to bring his work to light, doing an extraordinary job in
researching Turing’s life, documenting his contributions. From
Hodges, Hugh Whitemore got the inspiration for his play. Derek Jacobi’s
great performance… took Turing’s story to a new audience,
millions of people who saw the play. Whenever I give a talk, I start
with the assumption that people know who Turing is. From the statue
in Manchester, to Web sites like Alanturing.net and Andrew Hodges’
homepage, Turing is established.
BNA: Why did he remain in obscurity, and why emerge only
now?
SS: Bletchley Park [the home of the British Enigma-cracking
effort] was a secret story for decades. Turing couldn’t tell
his own headmaster that he’d actually fought in WWII. Not until
the late 1970s, when computers become big, and artificial intelligence
becomes something people can talk about; and the Bletchley Park
story gets revealed in documentaries and movies and books. It was
natural, then, for Turing to come to the fore. Additionally, there’s
the tragic story of a man persecuted for his sexuality. I bring
this up whenever I talk to schools. For schoolkids, sexuality is
still hard to talk about.
BNA: What about this Hollywood film, U-571? Doesn’t
that give a misleading take on crypto and WWII?
SS: The whole story of the second world war is too huge.
U-571 is a tribute to some brave people who did things to
contribute to the codebreaking effort. It’s such a wild fantasy
– the Americans destroyer sinks, they’re attacked by their
own side – it’s all fantasy. But like Saving Private
Ryan, which tells the American part of D-Day, it focuses on
one aspect.
Generally, code-breakers don’t get appreciated for their work.
And today code-breaking is brute force, which isn’t really
interesting. Code-breakers are much more appealing.
BNA: Speaking of brute force, what's the historical role of
Microsoft and cryptography? The Redmond giant has famously missed
the boat on several important technological revolutions, like the
early internet.
SS: For a thousand years, this business has been dominated
by governments, the military, and occasionally the church (the Vatican,
for example). This continues into the start of the 20th
century. Only when the telecommunication revolution takes off, do
business start thinking about crypto. Things like the telegraph
inspire business to start thinking about it. Not until you get to
people like Diffie and Hellman, do academics and people outside
government start playing a role. Today, there are major, major players
in the public realm. Crypto has moved very much into the public
realm – you have research wings of businesses and schools.
BNA: What's your assessment of cypherpunk's political aspirations?
The 1990s saw an explosion of political dreams, based on cryptography.
(See Crypto Anarchy, Cyberstates, and Pirate Utopias, MIT)
SS: The number of people on line was much smaller, back then.
Only now are people needing to think about these issues. The time
wasn’t right, then. Maybe in the next 10 years there’ll
be a mass shift towards encryption for and by everybody. Now, it’s
shocking how unaware people are. Encryption has invaded so much
of our lives without people being aware of it. Things like cell
phones – whenever you make a call, it’s encrypted. It’s
so transparent – you don’t have to type a password, you
don’t hear a crackling noise, no red light lights up. In a
way, that’s a bad thing. I was talking to a company about a
new encryption scheme for e-commerce. You buy something online,
you type in a password, then they ring your mobile; you’d have
to type in a 4-digit number, then the transaction would be
completed. It’s overkill, but if someone steals your credit
card, they won’t be able to do anything unless they steal your
mobile. The consumer has to do something. If they type in
the code, they feel as if they’re doing something. Their ethos
is “don’t make encryption too transparent”.
BNA: Like cars, omnipresent but not largely understood?
SS: No, passengers know they’re in a car! People know
they have a phone, they know it tells them talk… but they don’t
know it gives away their position.
Technology and the Present
BNA: Why is steganography so appealing, both popularly and
technically?
SS: It’s important from the point of view that it’s
subversive. Crypto is clandestine; but to send messages, and to
have you not even know I’m sending them, has a great appeal.
Practical application: what would happen if there is a huge clampdown
on crypto? In some countries, there [already] is. I imagine steganography
would be used every day by human rights groups… People ban
you from sending encrypted messages, because it looks like you’re
sending random noise. But sending steganography means you can’t
be arrested for something they can’t find.
BNA: Habeus corpus for the information age?
SS: Right, that’s the parallel. There will be greater
development, but not necessarily greater use. People will develop
it. For now, no one will send email by it. Like quantum cryptography
– systems now are perfectly strong.
BNA: Will we see more of steganography, especially after
several rumors about al-Qaeda using it?
SS: Yes, 9-11 might awaken interest.
BNA: I’d like to ask about a public key issue. Are public
key servers going to play a useful role?
SS: Yeah! But most people haven’t created their own
keys.
BNA: How is quantum cryptography developing, currently? Quantum
computing certainly looks
burgeoning.
SS: Quantum cryptography gives a new level of security. It really
works. It’s part of quantum computing, but people tend to think
of massively parallel computing – that’s a long way off.
But quantum cryptography really does work. It’s a real technology.
You can send quantum cryptography messages for tens of kilometers.
Problem is the ideal wavelength – photons – you can’t
have them scattered, so you have to tune them to the ideal wavelength.
At that wavelength, photon detectors aren’t very good. 50-60
km, that’s been done. You could set up a quantum cryptography
network between several banks, government buildings. A university
in Geneva did a successful experiment with this, and has set up
a little company to commercialize it. They figure that the Swiss
banks’ data is so valuable, it’ll be worth investing in
QC - long-term, for protecting yourself for centuries. In Los Alamos,
they’re looking at QC through air – tougher, due to particulates,
turbulence, etc. They’ve send QC message through the desert
for distances of up to a mile, or half-mile. That doesn’t sound
like a lot, but sending messages upwards, to a satellite,
means that you don’t have to go through much atmosphere, after
a point.
BNA: With the success of distributed computing projects,
such as Intel's anthrax research and SETI@HOME, this CPU-sharing
strategy seems to be a significant part of the cyberscape. What's
happening with distributed decryption projects, like Distributed.net?
SS: It really doesn’t matter that much. People bandy around
these numbers - key length, years of cracking, etc. Distributed
computing won’t make much of a difference. What happens is,
people like RSA are always keen to find out the state of codebreaking.
So they’ll offer codes to be cracked , for prizes – one
way to crack is by distributed computing. That gives RSA, the NSA,
etc. a good idea of where we are today. But these challenges are
trivial, in comparison with what’s available out there. Like
the code in my book (“The Cipher Challenge”, for prize
money), I could have made it much harder. People offer deliberately
weakened encryption.
BNA: But what about Moore’s law?
SS: But it might take a hundred years to catch up, and I
can just use bigger numbers. It’ll take a qualitatively different
computer.
BNA: Cell phones have taken off in the past few years, with
enormous numbers of people shifting from land lines to mobiles.
As cell usage takes off quantitatively, and expands in quality (texting,
Bluetooth, broadband), will users become concerned about security
and encryption for their communications, thereby boosting popular
awareness of crypto?
SS: Crypto will still be built in. People will buy cells, assuming
them to be as secure as a land line, oblivious to the workings of
crypto inside. I don’t think it’ll register in that way.
BNA: What about technologies like Bluetooth, and possibilities
of cell spam?
SS: There are advantages to being swamped with useful stuff.
You arrive in Munich, and find out a jazz musician you’ve been
looking for is playing there.
In this sense, crypto is a facilitator. You want what it facilitates,
but don’t have to worry about the process.
BNA: So the mere prevalence of cell crypto won’t spur
a popular awakening of interest in crypto?
SS: No. Digital signatures might do it, if we need them.
Once you have a digitial signature, people can send things to you.
That takes effort, requiring awareness on the part of the user.
Policy
and Culture
BNA: Since the September 11th attacks, many people
have been rethinking their attitudes towards policies and technologies
with security implications. On the one hand, there’s a drive
towards allowing more governmental scope to surveil and control
crypto (see, for example, the Patriot Act, or the NSA’s Assured
Information Directorate. On the other, there’s a strong
civil libertarian defense, based partly on a sense that al-Qaeda’s
crypto savvy might
be overestimated. How have American and public attitudes towards
crypto changed, since 9-11?
SS: There must be a greater push for a clampdown.
People say the genie is out of the bottle, but things can change.
There’s no reason the government couldn’t clamp down,
with such a threat. Similarly, if a government abused its control,
there’s no reason there wouldn’t be a pro-privacy backlash.
But the population really needs to understand the issues at stake:
global surveillance systems like ECHELON, how strong these systems
are. We say a code is unbreakable, but they might not realize that
that really means unbreakable.
BNA: Since cryptography has increased in popularity over
recent years, what is its role in education? For example, what do
you think of the teaching of crypto - aside from using what's clearly
the best book on the subject?
SS: In Britain, it’s not something you would teach.
Only computer science people would be interested. There’s no
real place for it. Why bother teaching kids about crypto when they’re
still struggling with basic maths? The curriculum’s too rigid.
In the US, on the other hand, you have a greater degree of curricular
freedom, and might be able to do more.
I’m interested in using crypto to teach others things. With
young kids, for example, I can talk about the Mary Queen of Scots
cipher. It’s an easy, trivial cipher to make and break. In
doing so, the students learn about structure of language, frequency
analysis, gathering data, and doing statistics. Analysis, plotting
bar charts, going through the process of logical thinking, trial
and error… and at the end of it, they get to crack a real Elizabethan
message. They get to learn some history: the Protestant-Catholic
rivalry, the tale of Mary (which ends in a bloody execution, which
kids generally like!). I’m all for giving more history in math.
BNA: This approach seems inherently interdisciplinary, unlike
a strictly computer science approach.
SS: Yes. And you can think of codes mathematically, as well.
Caesar cipher – you can think of it as “adding 5”.
That’s something a ten or 11-year old can think about. You
can get kids to encrypt their own names, you can have competitions,
and so forth. For older kids, what if you multiply, rather than
add, the number? The difficult thinking comes with mod 20. You can’t
use 2 as a multiplier, because it’s a factor of 26. 3 is ok,
because it isn’t. And so forth
BNA: What fiction about crypto, what literature do you admire
and enjoy? Neal Stephenson’s Cryptonomicon is often
delightful.
SS: Doyle’s “The Adventure of the Dancing Men”,
Poe’s “The Gold-bug”. Robert Harris’ historical
novel Enigma (also a film).
BNA: What are you working on now?
SS: Different ways of getting people interested in science.
For instance, in Australia, you’ve got Science
in the Pub – two scientists argue about science in the
bar, then others join in. In Britain, we have something more genteel,
the Café Scientifique.
I did a session of the latter, recently, in a café in Oxford,
on cryptography. This is often less about mathematical arcane, and
more about people saying, “Is my credit card safe online?”
It’s much more of a discursive environment.
bio:
Bryan
Alexander is an Assistant Professor of English at Centenary
College of Louisiana, where he teaches computer-mediated classes
on the Gothic literature, cyberculture, eighteenth century literature,
critical theory, and the experience of war. Through classes on
topics ranging from the Vietnam War to Gothic novels, Bryan has
experimented with innovative approaches to distance learning.
Along these lines, Bryan consults on computer-mediated writing,
interdisciplinary studies, and writing across the curriculum.
Committed to exploring computer-mediated pedagogy, he continues
to research and write on the critical uses of computers and teaching
in terms of interdisciplinary liberal arts and the contemporary
development of cyberculture.
|
advertise
here
email for info
|
