“[I]t’s time,” writes Eleanor Saitta in the May 27 issue of *The Nation*, “that we put our faith, and our funding, toward math instead of our battered privacy regulations to keep us safe from prying eyes.” The title of the article is *The Key to Ending Mass Surveillance? Math.* The article explains the difference between content and metadata and the economics of surveillance (by government agencies as well as commercial enterprises), issues with which most activists are already familiar. What mathematics has to do with the problem is not really made clear in the sole reference to the “key” promised by the title:

Encryption is a category of mathematical operations in which one string, a key, is used to transform another, the plain text, in an encoded version according to a specific algorithm. Once the text is transformed, reversing the transformation without a key takes tens or hundreds of orders of magnitude longer than the encryption did. A secure, unsurveilled Internet depends on widely shared protocols between different systems—two smartphones, for example, or a smart meter and the local electrical substation—and all secure protocols depend on encryption and related operations. Correctly encrypted content is generally not something that can be spied on. Intelligence agencies are not magic; we have no reason to believe that the NSA boasts mathematical advances relevant to decryption beyond what the unclassified world has.

I suspect we do have reason to believe that the NSA’s mathematical capabilities, while not magic, are rather more extensive than Saitta thinks, if only because the NSA is reputedly the world’s largest employer of mathematicians. But Saitta is right to hint that mathematicians could just as well devote our skills to developing methods to stymie rather than to facilitate surveillance. At the Shakespeare and Co. reading with Villani, one question from the audience (at around 58:10) addressed applications of mathematics. Historically, the questioner said, “a lot of theorems… found very significant applications in various industries.” And he went on to ask, “Do you think … that every theorem we have, either currently or in the future, will be found to have practical applications? If this is the case, is math conceptually simply a way to describe natural phenomena?” While Villani responded to the question as asked — “a tiny portion of theorems have applications, a small but bigger portion inspire applications rather than having them directly” (and then went on to a very nice 4-minute explanation of general relativity and GPS), I attempted to turn the question around (after a 1-minute digression on Plutarch and Archimedes) by asking, “in whose interests are these applications?” I used the example (already cited here) of how number theory has contributed to driving independent bookstores out of business, but I could also have mentioned surveillance, as I did earlier in the reading.

The larger point is that it is always assumed that applications of mathematics are in the general interest. But I don’t believe there is such a thing as “the general interest” where most applications are concerned. In the wake of the Snowden revelations, the *Notices of the AMS* has been hosting a discussion (now winding down) of the specific responsibilities of mathematicians in connection with the use of mathematics (and sponsorship of mathematicians) by intelligence services. The very interesting suggestion that mathematics can also be used to protect citizens from surveillance is equally deserving of discussion. Unless there is money to be made from applications of this sort, I fear the discussion won’t happen on its own.

Martin KriegerAs for the applicability of mathematics, Reuben Hersh’s new book on Peter Lax has some very interesting observations by Lax on pure and applied mathematics (he does not see a sharp difference), and also about scientific computation. The point is that the usual distinctions are not so clear. As for good and bad consequences of mathematics, or of any other mode of thinking or analysis, in general you get what you intend. So of course mathematics, or whatever, can have benign and not so benign applications. I don’t see why this is either of interest per se, or surprising. Economics, sociology, literary analysis, history all have the same possibilities of benign and not so benign consequences, and I suspect that all have had much more influence than mathematics.

LikeLike

Johan CommelinJust a few weeks ago I attended the conference “Security in times of surveillance”, in Eindhoven (NL). Adi Shamir was one of the speakers, and he told us about what he had learnt of carefully reading throught the Snowden leaks. His first conclusion was that we have no reason to believe that the NSA has broken current crypto standards. In other words: crypto is not the solution. If the NSA has compromised the firmware of my hard drive (and they have done this with thousands of hard drives) or other hardware (peripherals are a gold mine for them), then I can encrypt what I want, but they will just monitor the plaintext after I’ve decrypted it on my local machine. Adi Shamir ended his talk with the statement that we should start thinking about “post-crypto security”, and the first goal is to find out what that means.

LikeLike

Jon AwbreyI worry that we are approaching — already past? — the tipping point of a “post-democratic society”, and I think that all thinking people besides mathematicians ought to think what we can do about that.

LikeLike

Eleanor SaittaHi!

First of all, thanks to our host for his kind words.

Second, yes, I’m not doubting in any way that NSA must have gotten *something* out of hiring half the US’s math PhD’s for 40 years, but Shamir is definitely right that there is no documentary evidence that suggests NSA is notably more than a few years ahead of the private sector in terms of cryptanalysis — this is what I was referring to in the article. I do keep hoping we’ll see a leak of if not an actual set of textbooks some day then at least code implementing Suite A so we can see how much they’ve diverged from our general understanding of practice, but this has not been forthcoming.

This said, he’s also right that they’re comprehensively going around all modern cryptographic protocols at the very least for any bulk surveillance. Post-crypto security, thankfully, doesn’t mean a world where crypto doesn’t work, it just means one where adversaries go around it, which is the world we’ve been living in for my entire career in security. Yes, we need to do much better at hardening endpoints and decentralizing systems to ensure that devices with content on them are much harder to monitor and there are fewer large central providers to be legally compelled. That said, note that this article is specifically talking about the bulk surveillance case, not the targeted case. If we force NSA to directly compromise every machine whose content or metadata they wish to examine, bulk surveillance will die a rapid economic death both inside and outside of the US.

I think that we’re starting to see the market coming to terms with some of this logic, although it will be a slow process. Mathematicians make both good writers of exploits and good developers of defense mechanisms, in my experience, and I do hope that we’ll see more folks turning down offers to build systems that abuse the human rights of most of the planet.

LikeLike

Tom LeinsterMaybe it’s worth distinguishing more carefully between mathematics and technology. Secure encryption not only requires the mathematics to be right, but also the software and hardware. As I understand it, none of the NSA/GCHQ encryption compromises that we’ve discovered through the Snowden documents has been built on major mathematical advances. It’s all been technological. Perhaps the nearest thing to an exception is the backdoor in Dual EC, but even in that case, it was a matter of manipulation of industrial standards rather than mathematical superiority. Indeed, Tom Hales pointed out that the mathematics involved there is at a trivial undergraduate level.

I do share Michael’s apparent queasiness: what

havethe NSA and GCHQ gained from hiring so many mathematicians over the years? But I also take cheer — well, sort of — from something Snowden said:LikeLike

Pingback: No time | Mathematics without Apologies, by Michael Harris