Why study the history of cryptography?
Welcome to the doldrums of the year between Thanksgiving and The Holidays, where if you are anything like me your brain feels like molasses that you'd rather be turning into cookies. I am simultaneously shocked that it's almost 2023 and also that there is still over a week until Hanukkah starts.
Thinking
I'm guessing, since you're subscribed to my newsletter, that you already think it is worthwhile to learn about the history of cryptography. It is, as people have incessantly told me during grad school, "inherently interesting." Secret codes! Spies! Super cool technology! What's not to love?
See, the thing is, when an academic tells you something is inherently interesting they often mean it as a sideways insult: this thing is interesting a priori, without the theory and scholarly attention necessary to make something truly important. Not trivia, but not necessarily "scholarly." Yes, that is a direct quote. Unsurprisingly, I've found this attitude more common among those who also look down on writing for a broader audience.
But to take the question seriously for a moment, which one must if one wishes to publish books: the history of cryptography is the history of communication under pressure. Cryptography is how people talk to each other when that is difficult to do. Following the threads of secret writing through history gives us a way to see how people want to communicate, and how their political, cultural, economic, and technological context forces them to communicate instead.
Computer security has a concept of a threat model, where a system administrator methodically lays out what the system's risks and vulnerabilities are, and what their own priorities are in protecting against them. Even though the phrase didn't come into widespread use til the 1990s, anyone using cryptography followed a similar thought process: I think this information is risky to communicate, and I think this cipher will protect it from those threats.
In more recent history, which is what my current book project focuses on, the importance is pretty obvious. The news is full of high-profile ransomware attacks, vulnerabilities in our national infrastructure, massive hacks of personal data, news about government surveillance, the latest cryptocurrency nonsense ... all of which have been shaped by the late 20th century's political rhetoric about cryptography.
Following cryptography into much older history is important, too (and yes it does sometimes generate some cool trivia). Figuring out how and when people in a society encrypted their writing tells you how they were writing, how they were transmitting their writing, if at all, what technology they had available for transforming their writing, and what they thought was important enough to be worth protecting--and from whom. It's a window that sees into many different layers of society: infrastructure, written culture, political power, surveillance, language, mathematics.
Of course, this cross-cutting nature of cryptography is one of the things that makes studying it so difficult. It's interdisciplinary. Understanding cryptography in, say, ancient Rome requires understanding how the Romans wrote and thought about writing and how they sent messages. Understanding modern cryptography also requires understanding computers, and networks, and media studies, and (shudder) the modern legal apparatus built up around all of it. So this type of history can be hard to fit in a disciplinary box, especially when the historians asking the question care very much about the boundaries of their particular disciplinary box.
But that doesn't mean historical cryptography isn't worth studying! In fact, I'd argue that adds to the ledger of its value. It just makes my dissertation a little bit harder.
Reading
I've been following last week's Apple announcement that they're: a) planning to enable full encryption of iCloud data, which was previously limited to certain sensitive data like passwords, and b) increasing protections on their iMessage protocol to ward off adversaries adding additional devices to a messaging account. Matt Green, as usual, has a clear summary threaded on twitter.
This move, representing a strong commitment to individual privacy over facilitating law enforcement requests, is not a complete surprise coming from Apple, who has enjoyed a reputation as perhaps the best major tech firm on privacy issues. But that reputation, and its power in the personal device market, has also attracted huge pressure from governments across the globe, particularly in the US.
I used to bring up the case of Apple refusing to try to unlock a terrorists' iPhone as a way to introduce my research topic to people during wedding reception smalltalk. Like most people in the last three years and most people with very small children at any time, my conversational skills have atrophied, along with the newsworthiness of my chosen anecdote. This week's news, especially in context of a recent controversy over a planned-but-ditched media-scanning plan by Apple, makes it clear that Apple is indeed receiving just as much heat from the feds as you might guess and that they've decided to forge ahead anyway.
Doing
I recently managed to somewhat revive my 2020-era sourdough starter, which has been sorely neglected of late. As a rule, I do not follow sourdough rules (it's a very small starter, it lives in the fridge, I don't discard, I don't time it), so this was a bit of an experiment. It isn't all the way back, but it was enough to make a decent loaf! One of these days I am going to write about all the silly rules in baking that get passed off as "science" vs. the more slapdash "art" of cooking. (Has someone already written about this?)