top of page
Search
Writer's pictureThe Paladins

Privacy through simplicity


A page from the 'Voynich manuscript', a 15th century manuscript of some 240 pages written in a language that to date has proved impenetrable to contemporary cryptographic methods.


The word cryptology is a neologism. Traditionally the word cryptography has been used to describe what was traditionally imagined to be a science of encoding messages so that a third party intercepting the message could not work out what was being said. Cryptography was deemed a science because an effective cipher - a method of encoding a message - involved using a more or less complex method of transforming words or letters using a mechanical process into a different set of words, letters or symbols such as a string of numbers. The key to decoding the cipher was to use analytical, and hence scientific, methods, to work out what the coding mechanism was and thereby to work out how to reverse it. To achieve this, depending upon the complexity of the coding mechanism, one needed many examples of the encoded cipher and a lot of perseverance.


Alan Turing was an early pioneer of cryptography, managing to crack the coding mechanism that the German armed forces used in World War II to instruct their vessels at sea. Instructions were sent encrypted in morse code radio communications, which could be intercepted. With sufficient examples of the intercepted cipher, Turing worked out what the German encryption mechanism was and in the process established the foundations of the modern computer, known as a Turing machine. This was the start of the science of cryptography.


The problem with cryptography was that the process of computational analysis required to decipher a code became facile in the early twenty-first century, as computational capacity became so powerful that it could replicate Turing’s scientific efforts to decrypt a cipher without substantial effort. Assisted learning methods for computers made this all the easier. As we have already discussed, this led to the development of a phenomenon called “Pretty Good Privacy” (PGP), a form of encrypting an email or other message by combining it with a series of complex “keys” (really strings of ASCII characters) in such a way that it would take the world’s most powerful computer longer to decrypt than the remaining estimated period of existence of the Earth. However even this proved not to be definitive, because while PGP encryption cannot be penetrated en route, it can and must be penetrated at each end of the communication process (otherwise the recipient would never be able to read the encrypted message). Therefore the key to hacking PGP-encrypted messages is to intercept them either at the point of sending or at the point of receipt, and this turns out to be a relatively straightforward computational process for those who know how the pieces of software that encrypt and decrypt these messages work.


Hence modern computational technology appears to have made encryption a trite exercise to overcome, and to eliminate the science of cryptography altogether. A fundamentally different approach is needed in order to convey messages in an encrypted way, and this may not rely upon computational, scientific or analytical methods (or not exclusively so) because to the extent that it does it is always subject to disentanglement by contemporary computers. Instead skilful encryption becomes an art, for which the term cryptology may be more appropriate than cryptography. That is the origin of our neologism.


Non-electronic communications


One solution to what we may call the paradox of cryptography - that is to say, the problem that any electronically or mechanically devised cipher may be decoded by electronic means - is to abandon electronic means of communication. If a message is not conveyed by means of a computer, mobile telephone or other electronic device, then there in principle there is no prospect for its electronic interception and no prospect of a computational algorithm being used to decipher it. However we must be careful. We might think that handwriting is an effective method of writing a message other than using electronic means, such as the use of an ASCII character set with which we are all so familiar (and in which this article is written).


But contemporary computational algorithms are starting to become ever better at reading handwriting. Machine assisted learning algorithms and increasing CPU and memory capacity mean that computers are getting ever better at learning how to read even cryptic or bad handwriting. That is why websites that try to filter out interactions by computers pretending to be humans (what are known as "bots"), such as hospitality venue review websites, have abandoned handwriting tests: computers are getting too good at reading handwriting. CCTV cameras can also capture handwriting that can then be read by computers. Or handwriting can be captured electronically, whether through electronic communications interception or CCTV, and then it can be read by a human.


Hence the key to using non-electronic means of communication as a method of preserving the privacy of one's communications is to write down messages using handwriting, out of view of cameras and mobile telephones, and then to pass those messages to people in person or even to put them in the mail. The mail can be opened, of course, particularly if the addressee is distinctive and particularly if the mail is international. Also the recipient of a handwritten message may misuse the message and inadvertently (or intentionally) transmit the message onwards using electronic means whereupon it may be intercepted. For example they might open a folded piece of paper in sight of a CCTV camera. Hence both sender and recipient need to stand in a relationship of trust and each needs confidence in the skills of the other in order to pass messages with confidence using this means, as the originator of handwriting can often easily be identified (as can DNA on the piece of paper).


Nevertheless old practices of steaming open sealed letters (once a staple activity of security services the world over), or police and security forces going through handwritten diaries or books of notes, are rare these days. Police or immigration officials are far more likely in the contemporary era to demand that a person provide the access code to a person's mobile telephone or laptop computer than they are to read through handwritten personal notes held by an individual. Moreover in many or even most jurisdictions it is now a crime not to provide a law enforcement officer with the access code to an electronic device in certain circumstances, in particular where a search warrant is being executed or where one is passing immigration or customs formalities at an international border. Hence handwritten notes turn out to be more discreet, in many cases, than electronic communications, including encoded ones that can be decrypted or about the true contents of which adverse inferences can be drawn. We have known cases where national security forces have decided to interpret a person's comments on Twitter as having a political content that they do not in fact have. Searches of people on social media are now relatively common on the part of security forces in screening people they consider of interest, and upon such a search the security forces will be looking for any pretext to find fault.


Also there is a risk of what we have previously called an "identity crisis" in the use of paper communications: that the message conveyed appears to be from a person but in fact is from someone else. Handwritten notes may not be reliable unless the person handing over the note in person is trusted by the recipient; or unless the handwriting is identifiable. It is hard to forge handwriting well if the recipient of a handwritten note is familiar with the handwriting of the sender, as handwriting in general is extremely distinctive. (A person's handwriting also changes over time, and equally it may change depending upon the mood of the person when they write the note in question.) Skills relating to analysis and forgery of handwriting are in relatively short supply these days, simply because so little of what we now write is handwritten. This fact is one of the biggest changes in interpersonal communication in the last thirty years. It renders some sins, such as plagiarism (copying the academic or professional work of another without giving credit for it), so much easier than it used to be. It also renders some skills, such as handwriting analysis, all the rarer. Likewise, people sign far fewer documents than they used to. Electronic signatures are often applied to documents, or a facsimile of a signature; and cheques are far less common than they used to be. Indeed a number of jurisdictions have abolished them altogether in favour of electronic money transfers. This renders the identity crisis inherent in paper communications less acute than it used to be, because forgery is a much rarer skill; but it cannot be discounted entirely.


Postcards


An old-fashioned intelligence trick was to send postcards containing ciphered messages (for example about the weather, as an allusion to political or other material events). Postcards can of course be read by anyone and interception of the communication is easy by any postman (or postwoman). Because they are so easy to intercept, the logic went, postcards are an excellent way of passing messages because nobody would imagine that someone would use such a brazenly open means of communication to convey messages secretly.


To an extent, postcards retain this advantage. The problem that has arisen now however is that with the advent of email and instant messaging technology, and cheap or free international electronic VOIP telephony, people have virtually stopped sending postcards altogether in the international or domestic mail. To the extent that they are still sent, they arouse some surprise and therefore they are far more likely to be read by an inquisitive postman (or photographed by such a postman and the photograph sent to a country's security services for review) than was ever the case before. Try sending a postcard from Moscow to London! The likelihood that your postcard will be read by Russian state security services is extremely high. Even the act of going to a Russian post office to try to buy a stamp for a postcard to be sent to England is likely to arise high suspicion.


Social media


Social media is awash with encrypted messages. Russian and related security services in particular are known to convey hidden messages in Instagram photographs and videos, on the theory that the security and intelligence services of opposing nations, as well as Russian security services, find it more difficult to scan images and videos for messages than they do ASCII text. Even details such as the illegal opening hours of bars and nightclubs may be hidden in text contained in a composite photograph or video, on the basis that the Police and security forces are less likely to be able to use electronic means to collect such information.


We have seen such details hidden by having a video of a man shouting out the opening hours in an almost-impenetrable accent in an environment with a lot of echoing (such as between a series of tall buildings), to prevent electronic means of interception and surveillance being used to collect the illicit information. The same sorts of technique may be used to advertise covertly the sale of illicit narcotics and other criminal transactions.


The problem with techniques of this kind is that machine learning technologies are becoming increasingly sophisticated and are developing techniques to parse text found in JPEG and other digital images as well as to interpret even accented speech contained in video and audio recordings. Contemporary technology has no problem in creating a transcript of a person's words that are recorded using electronic means; Amazon's Alexa product, a sort of electronic home helper that turns a home's electrical devices on and off or plays a person's preferred music upon oral demand, relies upon precisely such technology. The technology in private sector hands is already extremely sophisticated and the technology available to governments to undertake similar activities for law enforcement, intelligence or national security purposes is vastly more sophisticated. The methods of hiding messages in digital images or video or audio recordings are well known and understood and therefore this form of encryption using social media is far less effective than it used to be.


Mobile telephone content


Modern mobile telephones are massively complicated computers containing huge amounts of data. They typically contain large quantities of instant messages and email content, as people connect instant message and email accounts to their telephones. They also often contain multiple website references and in some cases many hundreds or even thousands of photographs.


One way of sending hidden messages is to manipulate a person's mobile telephone so that when they open their telephone a specific message, website, image or other piece of content is displayed when it would not normally be displayed in the ordinary course of things. This can either be undertaken manually, through external review of a person's mobile telephone content by an individual; or by an artificial intelligence method that will scan through the content on the mobile telephone to find the message or other content that aligns most accurately with the message that one wants to convey; or a combination of the two.


The operating system of the mobile telephone is then manipulated so that when the user of the mobile telephone opens or activates their device, they are directed unnaturally to content that reflects the content of the intended communication. This method of transmission of messages remains somewhat experimental, in that different applications on a mobile telephone need to be reprogrammed in different ways and it is not always clear to the user of the mobile telephone that the message or application appearing unexpectedly on their telephone is genuinely a message from a third party or whether it may be just a quirk of the software on the telephone that is mis-displaying a message or a webpage. Alternatively the communication can be missed if the user is in a hurry.


Foreign and obscure languages


Foreign, and in particular obscure, languages, of which there are many in the world (it is estimated that there are some 7,100 languages spoken worldwide), once used to be common means of ciphers where both communicating parties shared the same language and did not want to be overheard by third parties in the discussions they are having. This method remains extremely popular in oral contexts, for all sorts of professional and personal reasons. However it is less effective in the context of electronic communications, in which any alphabet or linguistic expression may need to be reduced to an electronic character set that in turn can be decrypted using computation and machine learning methods. Google Translate is a prime example of this.


Not every alphabet, if handwritten, can yet be deciphered by a computer but if you can identify the alphabet and the language then of course you can find (and pay) a native speaker of the language to undertake the translation for you.


Not every language can be transcribed upon electronic recording of oral communications into a transcript capable of machine interpretation, but you need two fluent speakers of the obscure language in respect of which machine learning has not yet developed sufficiently to permit transcription in order to use this technique. Also of course you can find a human being who speaks the obscure language and ask them to undertake a manual transcription.


Some languages are so obscure that they cannot be deciphered. Linear A is perhaps the most famous example, an alphabet system used by the Minoans of Crete in the second millennium before Christ to write one or more languages. No texts written in Linear A have ever been deciphered. The same is true of the Voynich manuscript (see the image and caption accompanying the beginning of this article). If one could work out the key to deciphering these alphabets and languages (and attempts are underway with the Voynich manuscript; scholars have begun to assimilate the character set used to a version of Hebrew) then a method might emerge of encrypting messages using a technique that so far machine learning systems have been unable to decipher.


An example of a script in Linear A, an alphabet used by the Minoans of Crete that has never been decrypted or translated into any known language.


Morse code


Morse code is a method of communicating traditionally designed for sending messages via electrical pulses down an electrical wire. Each letter in the Latin alphabet is represented by a series of dots and dashes, the dots representing short electrical pulses and the dashes representing longer ones. Short gaps between pulses indicate that the next pulse is part of the characterisation of the same letter; a longer gap between pulses indicates the beginning of a new letter. Another way of achieving Morse code communications is by using binary numbers, 0 being a shorter pulse and 1 representing a longer one, with gaps between the characters.


Morse code is now almost entirely forgotten, whereas once there were many people in the fields of military, communications, security and intelligence, amongst other fields, who knew by heart the entire Latin character set in Morse code. Nevertheless it is trivial for computers to learn Morse code, and to encode and decode messages in Morse code - if they recognise what they are reading as Morse code. And herein lies a possible insight.


Morse code might be hidden within some other image, video or text so as not to look like Morse code at all. Provided that both the sender and the recipient of a message know this, they may be able to extract Morse code from something that does not look like a series of dots and dashes (or 0's and 1's) at all. This is a very simple and easy way of encoding messages - if the sender and recipient give thought to the concept of double-encryption: that is to say, hiding one encrypted message (Morse code) inside something else that does not look like an encrypted message at all. Consider for example a work of computational artwork designed using an artificial intelligence algorithm - a number of pieces of commercially available software now exist to produce artwork on demand, and Morse code messages could be hidden within those images.


Computers might have terrible trouble identifying that there is any Morse code within such an image, and that is because the method by which the communicating parties embed the Morse code within the image or other text involves a sort of artistic creativity that computers have trouble emulating. Software that produces artwork using artificial intelligence algorithms based upon a user's specifications typically adapts known works of art that it finds in public sources (primarily the internet); what it cannot do is engage in genuine human creativity, producing ideas from scratch for the canvas. If that quality of human creativity can be harnessed as a method of hiding encrypted messages, we might be able to beat the machines in a fashion that no artificial intelligence algorithm can overcome.

コメント


bottom of page