Jefferson's Wheel

I’m quoted in this article on the controversy over the FBI’s requests to Apple for assistance in unlocking an iPhone used by one of the San Bernardino terrorists: Unlocking Terrorist’s iPhone Won’t Risk Your Security, Discovery News, 24 February 2016.

“Backdoors are complicated and impossible technical challenges and would risk everyone’s privacy,” Evans said. “But what the FBI is asking for is different from what Apple says the FBI is asking for.”

For the most part, I think the article gets things right. It is very misleading to conflate what the FBI has asked for here with a cryptographic backdoor that would indeed dangerously risk everyone’s privacy and security. I covered some of the technical aspects of this in my introductory computing course last week.

I gave a four-session “mini-course” for Microstrategy on Engineering Cryptosystems. It ended up attracting enough interest to be moved from their offices to a nearby movie theater!

The course was targeted to engineers at Microstrategy with no prior experience with cryptography, and designed to give them some ideas of the power of modern cryptography, and to provide enough stories about cryptosystems going bad to convince them not do try to develop their own cryptosystems, and to know enough to ask the right questions of people who do.

The four main topics were:

• Symmetric Cryptosystems
• Using (and Misusing) Symmetric Cryptosystems
• Public-Key Protocols
• The Future of Cryptography

Since it was in a movie theater, it also provided an opportunity to officially screen this trailer in a real movie theater:

Stephen Colbert spoke about Jefferson’s wheel cipher at his valediction speech:

Computers will make the world of tomorrow a much safer place. They will do away with cash, so that you need no longer fear being attacked for your money. In addition, you need not worry that your home will be burgled or your car stolen. The computers in your home and car will guard them, allowing only yourself to enter or someone with your permission.

From World of Tomorrow — School, Work and Play, by Neil Ardley, 1981. (Scanned by David Gagnon. Hat tip: Ian Finder, University of Washington)

Steve Bellovin has uncovered a Telegraph Codebook by Frank Miller from 1882 that describes a one-time pad cipher. This predates the invention by Vernam and Mauborgne during World War I, that was previously thought to be the first use of a one-time pad. The New York Times has an article, and Steve’s full report is available.

Yuchen Zhou will present a paper [PDF] on HTTP-only cookies and why it is so hard to deploy security technologies at Web 2.0 Security and Privacy (attached to the Oakland conference) on May 20.

HTTP-only cookies were introduced eight years ago as a simple way to prevent cookie-stealing through cross-site scripting attacks. Adopting HTTP-only cookies seems to be an easy task with no significant costs or drawbacks, but many major websites still do not use HTTP-only cookies. This paper reports on a survey of HTTP-only cookie use in popular websites, and considers reasons why HTTP-only cookies are not yet more widely deployed.

British Prime Minister Gordon Brown has issued a long overdue apology to Alan Turing on behalf of the British government. The full text is here.

Turing was a quite brilliant mathematician, most famous for his work on breaking the German Enigma codes. It is no exaggeration to say that, without his outstanding contribution, the history of World War Two could well have been very different. He truly was one of those individuals we can point to whose unique contribution helped to turn the tide of war. The debt of gratitude he is owed makes it all the more horrifying, therefore, that he was treated so inhumanely. In 1952, he was convicted of ‘gross indecency’ – in effect, tried for being gay. His sentence – and he was faced with the miserable choice of this or prison – was chemical castration by a series of injections of female hormones. He took his own life just two years later.

… But even more than that, Alan deserves recognition for his contribution to humankind. For those of us born after 1945, into a Europe which is united, democratic and at peace, it is hard to imagine that our continent was once the theatre of mankind’s darkest hour. It is difficult to believe that in living memory, people could become so consumed by hate – by anti-Semitism, by homophobia, by xenophobia and other murderous prejudices – that the gas chambers and crematoria became a piece of the European landscape as surely as the galleries and universities and concert halls which had marked out the European civilisation for hundreds of years. It is thanks to men and women who were totally committed to fighting fascism, people like Alan Turing, that the horrors of the Holocaust and of total war are part of Europe’s history and not Europe’s present.

So on behalf of the British government, and all those who live freely thanks to Alan’s work I am very proud to say: we’re sorry, you deserved so much better.

The apology grew out of an online petition initiated by John Graham-Cumming (also known for writing the Geek Atlas travel guide). Britain has a long tradition of citizens being able to petition the government, which is now supported by an e-petitions website. The petition asking for an apology to Alan Turing is currently the fourth-most signed petition with 31,349 signatures (all of whom must be British citizens).

Some news coverage:

• BBC: PM apology after Turing petition
• The Guardian: No 10 apologises for “appalling” treatment of Alan Turing
• John Graham-Cumming’s blog: “Hello John, It’s Gordon Brown”