Thursday, December 10, 2015

Crypto Wars, Déja Vu All Over Again

Hal and I were talking recently about how sorry we were that we don't have time to bring out a new edition of Blown to Bits, which was published in 2007. Then last night a student asked me a question about cryptography and I reread Chapter 5, and this morning I read the New York Times report that F.B.I. Chief Says Texas Gunman Used Encryption to Text Overseas Terrorist. Maybe there isn't that much to revise.

September 13, 2001. Fires were still smoldering in the wreckage of the World Trade Center when Judd Gregg of New Hampshire rose to tell the Senate what had to happen. He recalled the warnings issued by the FBI years before the country had been attacked: the FBI’s most serious problem was “the encryption capability of the people who have an intention to hurt America.” “It used to be,” the senator went on, “that we had the capability to break most codes because of our sophistication.” No more. “The technology has outstripped the code breakers,” he warned. (p. 161)

The F.B.I. director, James B. Comey, said Wednesday that investigators could not read more than 100 text messages exchanged by one of the attackers in a shooting this year in Garland, Tex., because they were encrypted, adding fuel to law enforcement agencies’ contention that they need a way to circumvent commercially available encryption technology.Mr. Comey, who two months ago appeared to have lost a battle inside the Obama administration over forcing companies like Apple and Google to give investigators a way to decode messages, told the Senate Judiciary Committee that one of the attackers “exchanged 109 messages with an overseas terrorist” the morning of the shooting. “We have no idea what he said because those messages were encrypted,” Mr. Comey said. “And to this day, I can’t tell you what he said with that terrorist 109 times the morning of that attack. That is a big problem. We have to grapple with it.” 
What was needed, Senator Gregg asserted, was “the cooperation of the community that is building the software, producing the software, and build- ing the equipment that creates the encoding technology”—cooperation, that is, enforced by legislation. 
But Mr. Comey argued in his testimony on Wednesday that the technology companies’ defense of “end-to-end encryption,” in which only specific users of a phone or computer hold the keys, was rooted in business decisions.… But he asked if that model could be changed, and “if that can’t be done voluntarily, what are the other alternatives?” 
Will some major supplier of email services and software, responding to consumers wary of information theft and government surveillance, make encrypted email the default option? (p. 191)
 OK, that part needs to be updated. Now:
For Mr. Comey, whose 10-year term extends well beyond President Obama’s, the recent attacks have provided renewed arguments to pressure technology companies. Cyrus R. Vance, the Manhattan district attorney, and William J. Bratton, New York City’s police commissioner, have faulted the encryption used by Apple, Facebook and Google for thwarting terrorism investigations.
In a very real sense, the dystopian predictions of both sides of that debate are being realized: On the one hand, encryption technol- ogy is readily available around the world, and people can hide the contents of their messages, just as law enforcement feared—there is widespread specu- lation about Al Qaeda’s use of PGP, for example. At the same time, the spread of the Internet has been accompanied by an increase in surveillance, just as the opponents of encryption regulation feared. 
The bottom-line question is this: As encryption becomes as ordinary a tool for personal messages as it already is for commercial transactions, will the benefits to personal privacy, free expression, and human liberty outweigh the costs to law enforcement and national intelligence, whose capacity to eaves- drop and wiretap will be at an end?  
But even if Apple rolled back its technology — which Tim Cook, the company’s chief executive, has emphatically insisted will never happen — it is unclear whether it would make it easier for American law enforcement to track terrorists. 
Of the encrypted mobile apps recommended in the Islamic State tutorial, the top five “safest” encryption schemes recommended by the group were made by companies outside the United States — in places like Switzerland, where a United States court order would not be enforceable. “We have far more to lose by having our information attacked than gained from weakening everyone’s information security,” Mr. Kocher said. He added that rolling back encryption in those products would only drive terrorists to use other products, or create their own.
“You can’t delete encryption software off the Internet or delete all the textbooks telling people how to write it,” Mr. Kocher said. 
Amen to that.

Friday, November 20, 2015

Sunday, November 1, 2015


There has been a series of stories in the past few days about an imperative for college students not to offend while having fun. First there was a news story about colleges warning students against culturally or ethnically demeaning Hallowe'en party costumes: Halloween Costume Correctness on Campus: Feel Free to Be You, but Not Me. Then there was a report on moves to apply high standards to college mascots--specifically, a movement to get rid of "Lord Jeff," the namesake of Amherst College and its home town. At Amherst College, Some Say It's the Mascot's Turn to Embrace Diversity. The original Lord Jeff evidently treated Indians badly. And then Erika Christakis, Associate Master of one of the Yale Colleges, pushed back against an encyclical from a Yale committee to avoid those culturally insensitive costumes.
“Is there no room anymore for a child or young person to be a little bit obnoxious… a little bit inappropriate or provocative or, yes, offensive?” Christakis wrote. “American universities were once a safe space not only for maturation but also for a certain regressive, or even transgressive, experience; increasingly, it seems, they have become places of censure and prohibition.”
That, of course, caused a furious reaction and a petition demanding an apology.  Christakis, allegedly, is party to the marginalization of already marginalized students. The way we respond to defenders of unwelcome speech is … to bully them into shutting up.

Christakis is a brave woman. She was co-Master of one of the Harvard Houses until her husband Nicholas decamped from Harvard to Yale last year. She has written also about the risk of over-reaction to college sexual assault -- another unpopular and unfashionable position.

The thrust of her worry about the costume warning is that colleges are growing-up places, places from which graduates should emerged prepared to deal with the world as it is. In the real world there will be no one to mediate grievances about inconsequential matters. We do students no favor by teaching them to expect that society will protect them from seeing silly costumes, or by training them to be sensitized to slights they might not even have realized were demeaning until someone explained it to them.  We don't have to like the supposedly offensive costumes to realize that we do more harm than good by landing hard on those who wear them to parties.

Discouraged by my reading of the day's newspapers, I turned on the Notre Dame-Temple football game, where I witnessed people in the crowd dressed up as grotesque caricatures of Irishmen. Right there on national TV, in spite of this country's despicable history of "No Irish need apply" and other forms of institutionalized discrimination. And then I turned to a broadcast of our local pro basketball team, and more of those Irish caricatures. Where is the outrage?


The blog has been dark for a long time, and probably won't be very active anytime soon. I am trying to write in a longer form, and in spite of being dean no longer, I seem to be busier than ever. But after the series of stories and the attack on Christakis, I decided I had better say something.

Monday, December 22, 2014

Was It Really the North Koreans?

Writing in The AtlanticBruce Schneier is skeptical, not that he has a better idea, though he does lay out some other possibilities. But he reminds us that the government has not always gotten stuff like this right in the past.
I worry that this case echoes the “we have evidence—trust us” story that the Bush administration told in the run-up to the Iraq invasion. Identifying the origin of a cyberattack is very difficult, and when it is possible the process of attributing responsibility can take months. While I am confident that there will be no U.S. military retribution because of this, I think the best response is tocalm down and be skeptical of tidy explanations until more is known.
 Also, on the general question of whether this means that anybody can break into anything, Bruce writes in the WSJ, the answer is no, but anybody can break into something, and it's possible for an entity with enough resources to break into almost anything.

And in a third piece Bruce offers another piece of advice that is as good here as it is generally: the first thing to do is not panic.

Wednesday, December 3, 2014

A Phase Transition

I have been named Interim Dean of Harvard's School of Engineering and Applied Sciences. What I say in the official announcement is all true -- it's an honor and a privilege. How many people get to take the leadership role of a place to which their first connection happened almost exactly fifty years earlier? In the fall of 1964 my freshman advisor was a professor in the old Division of Engineering and Applied Physics. I remember feeling mildly insulted. An ENGINEER? I was going to be a pure mathematician! I was disabused of that fantasy by Math 55, and a couple of years later wound up in Applied Math where I belonged, and I have had some sort of SEAS affiliation ever since. Boy, the Freshman Dean's Office was good at assigning advisors (it's still done well, but no longer by the FDO).

I hope the blog won't go completely dark, but this job is going to consume all my time, and more, for the (I hope) brief period while I hold it. And yes, the subjects may change -- for certain things I might once have blogged I will now just pick up the phone to start an inside-Harvard conversation!

And NO I AM NOT A CANDIDATE FOR A PERMANENT POSITION AS DEAN. Harvard and I may both be crazy, but we are not stupid.

That said, two good op-eds in the NYT today:
Blowing Off Class? We Know (on big data and academic affairs, which it's interesting to see how other places are thinking about)
A Pox on Campus Life, in which Frank Bruni talks as though he read the 1994 Report on the Structure of Harvard College in which the committee I chaired recommended randomization of the Houses.

Wednesday, November 19, 2014

Our Anti-Business Pro-Business Conservatives

Josh Barro had a great column in the New York Times a couple of weeks ago about how schizophrenic the Republican party can seem about whether it is really the pro-business party or not. He cites the examples of Uber, and the attempt to prevent it from operating in Philadelphia, and of Tesla, which is opposed by the cartel of car dealers, since Tesla wants to sell directly to consumers. Here is the bottom line.
Anticompetitive business regulations are mostly imposed at the state and local level, and they usually have a strong built-in lobby: the owners of the businesses that are being shielded from competition.
The R.N.C. chairman, Reince Priebus, probably doesn’t get a lot of phone calls from taxi medallion owners, or car dealers, or other businesspeople who want to be insulated from competition.
But local politicians do; Republicans may be especially likely to hear from them because small business owners are a constituency that skews Republican.
As a result, in practice, it’s not clear Republicans are any more pro-market than Democrats when it comes to business regulation.
Now this is maybe not the best moment to to be touting Uber as a model unregulated small business, what with an executive seemingly power-mad over his ability to track his customers. But the bottom line stands. You either believe that competition lowers costs and improves services or you don't. If you do, you don't bring the government in every time an existing monopoly cries foul over a new entrant.

In the same vein, the Republican pro-business mantra doesn't seem to extend to the businesses that won't be able to sell their information services abroad if the rest of the world thinks they will just turn everything over to the US Government. In spite of the business arguments for the anti-surveillance USA Freedom Act, Republicans voted overwhelmingly against it. (Including Rand Paul, who, to give him credit, says he opposed the bill because it did not go far enough toward reining in the NSA.)

And the final example of the day is provided by George Leef in Forbes: Copyright Law Is Creating An Information Oligarchy, Not An Information Democracy. As Leef says,
Today, copyright does far more to create an information oligarchy than the robust information democracy the drafters of the Constitution and the first act had in mind.
I probably wouldn't go as far as Leef proposes in dismantling copyright completely, but it is so abused today that it's hard to argue we wouldn't be better off without it than with it under present law. Leef is at the John Pope Center for Higher Education Policy, where I have spoken in the past, a right-leaning education think-tank. I probably agree with what he writes no more than half the time, but he is onto something important here: it's insane how heavily copyright is wielded by the information monopolies to swat down the little guys, whose energies are supposed to be protected and encouraged by the party that allegedly so hates big government. Please explain to me how the progress of science and the useful arts is encouraged by a copyright term so long that Disney's original Steamboat Willie (aka Mickey Mouse) is still protected. (And it wasn't really original in the first place. It was based on an earlier cartoon, but that is a story for another day.)

"Codebreaker" and "Ivory Tower"

I've seen two good documentaries lately, Codebreaker and Ivory Tower. Neither gets a straight A from me, but they're both worth watching.

Codebreaker is the story of Alan Turing, the founding father and patron saint of computer science. Turing died of suicide at age 41 in 1954.

The documentary does a good job contextualizing Turing's achievements and impressing on the viewer his intellectual daring and the massive significance of his work, without getting bogged down in the whole history of mathematical logic (for a light version of which, see Logicomix). It also sets in Cold War context the brutal treatment the unworldly Turing received at the hands of the authorities once his homosexuality was discovered (he was chemically castrated). The filmmaker was able to interview some people who knew Turing -- that number is of course rapidly declining. It's very well done.

The problems with the film are almost inevitable, given that it's a documentary and therefore tries to stick to the truth! (Unlike The Imitation Game, the Hollywood version of Turing's life that is in theaters next week.) There is just not a lot of material to work with -- no films or audio recordings of Turing, few still images, and virtually all of Turing's friends dead now. So a lot of the story is told through Turing's conversations with his psychiatrist. Of course the dialog is reconstructed, but the reconstruction is grounded in solid source material, letters and so on. (The film's creator, Patrick Sammon, answered questions after the showing at Harvard last night. Sammon, I was interested to learn, is past President of the Log Cabin Republicans.) And of course the budget was limited, so there are no fancy animations, though there are quite a few clips of contemporary video to set the general themes in their historical setting.

Codebreaker is showing at Tufts tonight and is available through Netflix and iTunes. If the movie gets you interested, read Andrew Hodges's biography of Turing, Alan Turing: The Enigma. (Turing's life certainly provided material for plenty of good titles!)

Also I want to again plug Ivory Tower (see my earlier blog post), the documentary about student debt that portrays Harvard so positively. CNN will air Ivory Tower Thursday night at 9pm, so you can watch it from the comfort of home!