Ti Point Tork

Nine to Noon: 4 Mar 2010

March 3, 2010 – 8:51 pm

I talked today about cryptography, China, and Facebook’s billions. My apologies for how rushed it was on air, but we had less time than usual. I’ve written up below what I was going to say. Listen in MP3 and Ogg Vorbis.

Links

The Code Book, Mozilla Debates Whether to Trust Chinese, and Facebook on Track for $1B Revenue This Year.

Cryptography

I’ve read this fabulous book on cryptography by Simon Singh, “The Code Book”. It’s easy to read and full of the little anecdotes and trivia nuggets that I love.

The book opens with the story of Mary, Queen of Scots. It’s a great story for illustrating the value and dangers of cryptography. Mary, as I’m sure you know, was sister to Queen Elizabeth and probably had the better claim to the throne. She misjudged the politics and showed up in England to get away from tetchy Scottish locals, only to be thrown in the Tower to keep her from making a play for the English throne.

While in the tower (or “whilst” as the Brits say) she entered into a conspiracy with plotters outside. This is in the days of Catholic vs Protestant and conspirators were plotting with Mary even as she was in captivity.

Not being stupid, they had invented a code to hide what they wrote and hid the messages in a barrel and smuggled them into and out of the country house where Mary was now being kept. So when Elizabeth’s aide, Walsingham, brought Mary to charge for treason, Mary felt safe.

He starts with this story because it shows all the important bits of cryptography. First, you’ve got “steganography”–the art of hiding messages. Smuggling them in via a barrel bung just one way–Ancient Greeks wrote their message on wood and then covered it in wax so that it looked like a smooth wax tablet. This is how Xenophon in Greece was able to get advance knowledge of an attack from Xerxes in Persia, according to Herodotus, and thus foil it.

Then you’ve got the code itself. He takes you through the different types of codes, beginning with jumbling up letters of the alphabet so every “a” becomes a “g”, and so on. This was the type of code that Mary had used, though she’d been a little more sophisticated and some words had become symbols, so “mine” was a kind of double S logo, and “in” became an italic “x”.

Codes revolve around a system and a shared secret. The system here is “replace letters and some words with other symbols”. The shared secret is exactly which letters and words get replaced by others–does an “a” become a “g” or a “q”?

And you’ve also got the codebreakers. Codebreakers are rarely portrayed as heroic, alas, because it takes far more time to break a code than it does to create it. So the poor codebreaker is often like Walsingham’s codebreaker, Thomas Phelippes, who is described as “a man of low stature, slender every way, dark yellow haired on the head, and clear yellow bearded, eaten in the face with smallpox, of short sight, thirty years of age by appearance”. He was a linguist who could speak French, Italian, Spanish, Latin, and German.

The techniques of the codebreaker remain the same. You can either exploit the fact that often a code leaves information that helps you break it, or simply to use some other means to learn more about the cipher and so make your decoding problem easier.

For example, in a later story Singh tell us about the Enigma machines of World War Two. The French Secret Service bribed the disgruntled brother of the head of the German Signal Corps to get the schematics for the machine. This told you how the machine worked, but the machine had settings — to decode messages the Allies still needed to know which settings were being used. The Poles figured it out first–the cipher wasn’t perfect and the Germans reused the settings all day, which gave you a lot of messages that were encrypted the same way. The Poles were breaking Enigma-encrypted messages until 1939 when the Germans changed the crypto system and made it stronger.

Then it was the Brits turn. At a place called Bletchley Park, which you can visit today as a museum, began applying themselves to the new Enigma. Thanks to the Poles they had the basic approach, but the German changes made it harder to crack. Fortunately the Brits had many more people working on it than the Poles did, so were able to read the encrypted German communications.

This is another technique we see today: “brute force”. When your mathematical analysis reduces the number of possibilities to a manageable number, you simply try each one. The more people you have working on this stage, each person trying one possibility, the more quickly you can break it. This is why the invention of computers has changed cryptography — computers can try the many different possibilities much faster than a person can, so we now don’t need as much mathematical insight to reduce a complex code to the point where you can just brute force the possibilities.

Anyway, back to Mary. Mary had received messages about a conspiracy, and they’d been intercepted and decoded. But Walsingham, Elizabeth’s Principal Secretary, really didn’t like Mary. He didn’t just want to deny her liberty, he wanted to get her red-handed plotting. So he waited, and eventually Mary acknowledged and endorsed the plot. He then had his cryptographer insert a PS onto the bottom of an outgoing Mary message, in code, asking to know the names of the conspirators and when the reply came, he had them arrested.

How’d it end? The conspirators were all “cut down, their privities were cut off, bowelled alive and seeing, and quartered”. Mary was beheaded. Score one for the Protestants over the Catholics. Never mind denying your atheist bus slogans, the 16th century knew how to deal with religious dissent.

So, good book, and it talks about a lot more: Navajo code talkers, and the “public key cryptography” that computers use today. But the basic systems of secrets, codes, interceptions, and breakers is largely unchanged today even though it’s all happening with computers and the code systems themselves are much more complex.

China

There’s really only one security system on the web. When you go to a website whose address starts with “https” and not “http”, you’re gong to a secure site. The communication between you and the server is encrypted and the identity of the other party is verified. This solves the Mary Queen of Scots problems where someone was listening in and even pretending to be one of the people communicating.

The site I linked to talks about the step where your browser verifies the identity of the other party. For example, I go visit ASB’s web site to do my Internet banking. My browser wants to be sure it’s talking to ASB and not to dirtyhacker.com who has rerouted traffic from ASB to their site.

To do this, ASB gives my browser a “digital certificate” signed by someone my browser trusts. There aren’t many places that browsers trust. The link today talks about how Mozilla is trying to decide whether to trust China’s official signing authority.

This is important because if China’s official signing authority becomes a puppet of the government, then dissidents might think they were communicating secretly and privately with a website when in fact all their communications could be overheard and decoded by the government.

It’s tricky politically, of course, because it’s not fashionable to stand up and say “the Chinese government can’t be trusted”. I’ll let you know how it comes out.

Facebook

And finally, Facebook. Facebook’s revenue has doubled every year since 2007: $150M then, $300M in 2008, $700M in 2009, and they’re on track to break $1B in 2010.

What’s interesting is where they make their money. It’s almost all coming from advertising. They know about what you like, so they can show you ads that you’re likely to like, so advertisers are happy and pay more for the advertising space. It’s Google’s idea but more personal–until recently, Google had no way for you to tell them how old you are, where you live, what interests you have, and so on. Despite that, of course, they’re still making a billion dollars every quarter, so it’s not too shabby.

People spend an hour a day on Facebook on average, which is much more than the 15m on average that people spend on TradeMe. Of course, if TradeMe could get you laid, maybe their average visit length would go up …

Today’s connecting them: life (Mary’s loss thereof), liberty (Chinese loss there off), and the pursuit of happiness (and Facebook’s monetisation thereof).