DOCSLIB.ORG

The Regulation of the Internet Encryption Technologies: Separating the Wheat from the Chaff, 17 J

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
The Regulation of the Internet Encryption Technologies: Separating the Wheat from the Chaff, 17 J The John Marshall Journal of Information Technology & Privacy Law Volume 17 Issue 3 Journal of Computer & Information Law Article 8 - Spring 1999 Spring 1999 The Regulation of the Internet Encryption Technologies: Separating the Wheat from the Chaff, 17 J. Marshall J. Computer & Info. L. 945 (1999) Kurt M. Saunders Follow this and additional works at: https://repository.law.uic.edu/jitpl Part of the Computer Law Commons, Internet Law Commons, Privacy Law Commons, and the Science and Technology Law Commons Recommended Citation Kurt M. Saunders, The Regulation of the Internet Encryption Technologies: Separating the Wheat from the Chaff, 17 J. Marshall J. Computer & Info. L. 945 (1999) https://repository.law.uic.edu/jitpl/vol17/iss3/8 This Article is brought to you for free and open access by UIC Law Open Access Repository. It has been accepted for inclusion in The John Marshall Journal of Information Technology & Privacy Law by an authorized administrator of UIC Law Open Access Repository. For more information, please contact [email protected]. THE REGULATION OF INTERNET ENCRYPTION TECHNOLOGIES: SEPARATING THE WHEAT FROM THE CHAFF by KURT M. SAUNDERSt "His winnowing fork is in his hand ... gathering his wheat.., and burning up the chaff .... ." I. INTRODUCTION Federal efforts to strictly regulate the export of strong digital en- cryption continue to be outpaced by the realities of technological innova- tion and diffusion. The widespread use of computers and networks to facilitate personal communications and commercial transactions 2 has moved the need for strong encryption technology to the forefront. Cryp- tography has a long history as a tool for protecting the secrecy of commu- nications, most typically in the context of military operations. 3 For individuals and businesses, however, its relevance and utility as a means for ensuring security has been underscored with the advent of the infor- mation age. In an effort to stem growing concerns about the integrity and confi- dentiality of electronic proprietary data and communications, and in or- der to prevent theft and industrial espionage, many businesses are turning to robust encryption technologies to secure such information while in storage or in transmission. Likewise, many individuals increas- t Assistant Professor of Business Law, California State University, Northridge. The author wishes to thank Professor Mike Closen and the editors of The John Marshall Jour- nal of Computer & Information Law for the opportunity to be part of this symposium. 1. Matthew 3:12 (King James). 2. Recent estimates as to the size and projected growth of the digital economy are summarized in U.S. Gov'T WORKING GROUP ON ELEC. COMMERCE ANN. REP. 1-2 (1998); see also United States Dept. of Commerce, The Emerging Digital Economy (visited Apr. 18, 1998) <http:ll www.ecommerce.gov/emerging.htm>. 3. For a concise history of cryptography, see Shireen J. Hebert, A Brief History of Cryptography (visited Nov. 11, 1998) <http://www.cybercrimes.net/Cryptography/Articles% 20on%2Cryptography/Briefl-istCrypt.html>. 946 JOURNAL OF COMPUTER & INFORMATION LAW [Vol. XVII ingly use encryption in their private communications to ensure their pri- 4 vacy and to prevent identity fraud. At the same time, however, the growing use of encryption has led to concerns on the part of federal law enforcement and national security authorities that these technologies will be employed for criminal and ter- rorist purposes. 5 Indeed, the government believes that the United States is highly vulnerable to attack electronically. To demonstrate this, the Defense Department recently hired a team of computer hackers to discover how far they could penetrate government and critical infra- structure systems, finding that they were able to get surprisingly far in just three months.6 Nevertheless, current federal restrictions on encryp- tion technologies may, in the long run, critically threaten individual pri- vacy7 and undermine the position of U.S. businesses in the international market for secure software and on-line commercial transactions.8 Indeed, the present encryption regulatory regime is a product of U.S. national security policy and law enforcement strategy. The government has sought to impede the development and diffusion of digital encryption technologies through the use of export controls. As a consequence, the export of cryptography was restricted under the Arms Export Control 4. Identity theft involves the illicit use of another person's identifying facts (e.g., name, birthdate, Social Security number, address, or telephone number) to perpetrate an economic fraud. The personal hardships of the victims and general economic consequences of this misconduct are discussed in The PreparedStatement of the Federal Trade Commis- sion on "Identity Theft" Before the Subcomm. On Technology, terrorism and Government Information of the Senate Comm. on the Judiciary, 105th Cong. (1998) (statement of David Medine, Ass'n. Dir. for Credit Practices, Bureau of Consumer Protection, Federal Trade Commission). The recently enacted Identity Theft and Assumption Deterrence Act, 18 U.S.C. § 1028(a), makes the theft of personal information with the intent to commit an unlawful act a federal crime with penalties of up to fifteen years of imprisonment and a maximum fine of $250,000. The enforcement scheme and likely impact of this statute are more fully considered in Kurt M. Saunders & Bruce Zucker, CounteractingIdentity Fraud in the Information Age: The Identity Theft and Assumption DeterrenceAct, 8 CORNELL J. L. & PUB. POL'Y 20 (1999). 5. See Impact of Encryption on Law Enforcement and Public Safety: HearingsBefore the Senate Comm. on Commerce, Science, and Transportation, 104th Cong. (1996) (state- ment of Louis J. Freeh, Dir., Federal Bureau of Investigation). See also Report of a Special Panel of the ACM U.S. Public Policy Committee (USACM), Codes, Keys and Conflicts: Is- sues in U.S. Crypto Policy, (visited Dec. 8, 1998) <http:// info.acm.org/REPORTS/ ACMCRYPTOSTUDY/_WEB/c-report. html>. 6. See Michael Stutz, No 'Right' to Crypto Export, WINED NEWS (visited Dec. 4, 1998) <www.wired.com/news/news/technology/story/ 14098.html>. 7. See infra text accompanying notes 77-79. 8. The policies of most other countries are more liberal than that of the United States. For a survey of the cryptography policies of over 200 nations and territories around the world, see Wayne Madsen et al., Cryptography and Liberty: An International Survey of Encryption Policy, 16 J. MARsHALL J. COMPUTER & INFO. L. 475 (1998). 1999] INTERNET ENCRYPTION TECHNOLOGIES Act.9 For a while, most encryption software was also categorized as a munition and its export regulated by the State Department.10 In Decem- ber of 1996, control over the export of encryption products was shifted to the purview of the Commerce Department, where they are presently reg- ulated as "encryption items."" Recently, however, Professor Ronald Rivest of the Massachusetts In- stitute of Technology developed a new method of securing the electronic transmission of data, known as chaffing and winnowing,1 2 that evades current federal regulation as an encryption item. The method uses elec- tronic authentication, rather than encryption, to provide security and maintain confidentiality. 13 Because message authentication codes used with this technology are not considered to be encryption, 14 the chaffing 5 and winnowing method may effectively sidestep existing controls.' This article uses Rivest's method as a point of departure for consid- ering the impracticality of U.S. regulatory policy as applied to digital en- cryption. As a prelude, I will outline the technology and then discuss the utility of cryptography and the legal framework used to regulate its use and export abroad. Next, I will examine the chaffing and winnowing method of authentication as a means of ensuring secure date transmis- sion that lies outside the reach of current encryption export controls. The article will then conclude with a critique of the government's ongo- ing attempts to regulate encryption and identify the risks that such ef- forts pose to individual privacy and the competitive position of U.S. businesses in the global marketplace. II. THE TECHNOLOGY OF DIGITAL CRYPTOGRAPHY The basic concept of digital encryption is simple: using a computer program, an encryption algorithm (a mathematical equation) converts a plaintext message and encodes it, using a key, 16 into apparently unintel- 9. Arms Export Control Act of 1976, Pub. L. No. 94-329, title II, § 212(a)(1), 90 Stat. 744 (1976) (codified at 22 U.S.C. § 2778 (1994)) (repealing the Mutual Security Act, ch. 937, 68 Stat. 832 (1954)). 10. See infra text accompanying note 31. 11. See infra text accompanying note 32. 12. Ronald L. Rivest, Chaffing and Winnowing: Confidentiality without Encryption (visited Nov. 11, 1998) <http://theory.lcs.mit.edu/ -rivest/chaffimg.txt> [hereinafter Rivest]. 13. See infra text accompanying notes 61-63. 14. See infra text accompanying note 35. 15. Charles Platt, Encryption, WIRED, July, 1998, at 76 ("Rivest's idea offers the best of both worlds: confidentiality and adherence to the law-while making a mockery of the lat- ter in the process."); Anne Eisenberg, Confidentially Yours, SCIENTIFIC AMERICAN, June, 1998, at 21 ("[Rivest's] new technique to send confidential messages may finally scotch gov- ernment policies restricting the export of encryption technology."). 16. The length of a key is measured in bits, the digits "0" and "1" used to encode com- puter data. The greater the number of bits, the more secure is the key. 948 JOURNAL OF COMPUTER & INFORMATION LAW [Vol. XVII ligible ciphertext. 17 Consider a simple example where the message "Ex- celsior!" is encrypted using a key that shifts the letters of each word by one: EXCELSIOR! FYDFMTJPS! The level of difficulty a third party would have in "breaking the code" determines the strength of a key and the robustness of the encryption system. Typically, the longer the mathematical algorithm employed, the more secure the encryption system.
Load more

Recommended publications
  • The Order of Encryption and Authentication for Protecting Communications (Or: How Secure Is SSL?)?
    The Order of Encryption and Authentication for Protecting Communications (Or: How Secure is SSL?)? Hugo Krawczyk?? Abstract. We study the question of how to generically compose sym- metric encryption and authentication when building \secure channels" for the protection of communications over insecure networks. We show that any secure channels protocol designed to work with any combina- tion of secure encryption (against chosen plaintext attacks) and secure MAC must use the encrypt-then-authenticate method. We demonstrate this by showing that the other common methods of composing encryp- tion and authentication, including the authenticate-then-encrypt method used in SSL, are not generically secure. We show an example of an en- cryption function that provides (Shannon's) perfect secrecy but when combined with any MAC function under the authenticate-then-encrypt method yields a totally insecure protocol (for example, ¯nding passwords or credit card numbers transmitted under the protection of such protocol becomes an easy task for an active attacker). The same applies to the encrypt-and-authenticate method used in SSH. On the positive side we show that the authenticate-then-encrypt method is secure if the encryption method in use is either CBC mode (with an underlying secure block cipher) or a stream cipher (that xor the data with a random or pseudorandom pad). Thus, while we show the generic security of SSL to be broken, the current practical implementations of the protocol that use the above modes of encryption are safe. 1 Introduction The most widespread application of cryptography in the Internet these days is for implementing a secure channel between two end points and then exchanging information over that channel.
    [Show full text]
  • Crypto Wars of the 1990S
    Danielle Kehl, Andi Wilson, and Kevin Bankston DOOMED TO REPEAT HISTORY? LESSONS FROM THE CRYPTO WARS OF THE 1990S CYBERSECURITY June 2015 | INITIATIVE © 2015 NEW AMERICA This report carries a Creative Commons license, which permits non-commercial re-use of New America content when proper attribution is provided. This means you are free to copy, display and distribute New America’s work, or in- clude our content in derivative works, under the following conditions: ATTRIBUTION. NONCOMMERCIAL. SHARE ALIKE. You must clearly attribute the work You may not use this work for If you alter, transform, or build to New America, and provide a link commercial purposes without upon this work, you may distribute back to www.newamerica.org. explicit prior permission from the resulting work only under a New America. license identical to this one. For the full legal code of this Creative Commons license, please visit creativecommons.org. If you have any questions about citing or reusing New America content, please contact us. AUTHORS Danielle Kehl, Senior Policy Analyst, Open Technology Institute Andi Wilson, Program Associate, Open Technology Institute Kevin Bankston, Director, Open Technology Institute ABOUT THE OPEN TECHNOLOGY INSTITUTE ACKNOWLEDGEMENTS The Open Technology Institute at New America is committed to freedom The authors would like to thank and social justice in the digital age. To achieve these goals, it intervenes Hal Abelson, Steven Bellovin, Jerry in traditional policy debates, builds technology, and deploys tools with Berman, Matt Blaze, Alan David- communities. OTI brings together a unique mix of technologists, policy son, Joseph Hall, Lance Hoffman, experts, lawyers, community organizers, and urban planners to examine the Seth Schoen, and Danny Weitzner impacts of technology and policy on people, commerce, and communities.
    [Show full text]
  • NSA's Efforts to Secure Private-Sector Telecommunications Infrastructure
    Under the Radar: NSA’s Efforts to Secure Private-Sector Telecommunications Infrastructure Susan Landau* INTRODUCTION When Google discovered that intruders were accessing certain Gmail ac- counts and stealing intellectual property,1 the company turned to the National Security Agency (NSA) for help in securing its systems. For a company that had faced accusations of violating user privacy, to ask for help from the agency that had been wiretapping Americans without warrants appeared decidedly odd, and Google came under a great deal of criticism. Google had approached a number of federal agencies for help on its problem; press reports focused on the company’s approach to the NSA. Google’s was the sensible approach. Not only was NSA the sole government agency with the necessary expertise to aid the company after its systems had been exploited, it was also the right agency to be doing so. That seems especially ironic in light of the recent revelations by Edward Snowden over the extent of NSA surveillance, including, apparently, Google inter-data-center communications.2 The NSA has always had two functions: the well-known one of signals intelligence, known in the trade as SIGINT, and the lesser known one of communications security or COMSEC. The former became the subject of novels, histories of the agency, and legend. The latter has garnered much less attention. One example of the myriad one could pick is David Kahn’s seminal book on cryptography, The Codebreakers: The Comprehensive History of Secret Communication from Ancient Times to the Internet.3 It devotes fifty pages to NSA and SIGINT and only ten pages to NSA and COMSEC.
    [Show full text]
  • Online Payment Fraud Prevention Using Cryptographic Algorithm TDES
    S. Aishwarya et al, International Journal of Computer Science and Mobile Computing, Vol.4 Issue.4, April- 2015, pg. 317-323 Available Online at www.ijcsmc.com International Journal of Computer Science and Mobile Computing A Monthly Journal of Computer Science and Information Technology ISSN 2320–088X IJCSMC, Vol. 4, Issue. 4, April 2015, pg.317 – 323 RESEARCH ARTICLE Online Payment Fraud Prevention Using Cryptographic Algorithm TDES S. AISHWARYA1 K.DEVIKA RANI DHIVYA*2 III MSc (SS), Assistant Professor, Department of CA & SS, Department of CA & SS, Sri Krishna Arts and Science College, Sri Krishna Arts and Science College, Coimbatore, Tamil Nadu, Coimbatore, Tamil Nadu, India India ABSTRACT: Credit card is a small plastic card issued by a bank, building society, etc., allowing the holder to purchase goods or services on credit. Debit card is a card allowing the holder to transfer money electronically from their bank account when making a purchase. The use of credit cards and debit cards are increasing day by day. People are relying more on both cards nowadays than in the previous days. As credit cards and debit cards becomes the most popular mode of payment for both online as well as regular purchase, cases of fraud associated with it are also rising. In real life, fraudulent transactions are scattered with genuine transactions and simple pattern matching techniques are not often sufficient to detect those frauds accurately. In this project the process of Cryptography has been followed, it is one of the most important security technologies which used to secure the data transmission and the data itself.
    [Show full text]
  • Ransomware Is Here: What You Can Do About It?
    WHITEPAPER Ransomware is Here: What you can do about it? Overview Over the last few years, ransomware has emerged as one of the most devastating and costly attacks in the hacker arsenal. Cyber thieves are increasingly using this form of attack to target individuals, corporate entities and public sector organizations alike by holding your system or files for ransom. Unlike other forms of cyber theft that often involve stolen financial or healthcare information, ransomware cuts out the middleman. In cases where an attacker steals health or financial documents, they must sell them on to third parties to make money. As far as ransomware is concerned, the money comes directly from the victim. Ransomware is a quickly growing threat vector. According to the FBI’s Internet Crime Complaint center (IC3), infected users made complaints about ransomware 2,453 times in 2015—nearly double the figure for 2014. What’s more, these figures most likely represent only the tip of the iceberg, as many users pay their ransom without making a report to the authorities. A recent survey conducted by a Cyber Security Research Center at the University of Kent found that over 40% of those infected with CryptoLocker actually agreed to pay the ransom demanded, which is a big incentive for hackers to target more systems. Lastly, hackers are rapidly iterating both malware and distribution techniques. In early Q2 of 2016, a new variant of ransomware, known as CryptXXX, emerged on the scene. This program is packed in such a way that users and antivirus software may initially confuse it for a Windows DLL file.
    [Show full text]
  • Self-Encrypting Deception: Weaknesses in the Encryption of Solid State Drives
    Self-encrypting deception: weaknesses in the encryption of solid state drives Carlo Meijer Bernard van Gastel Institute for Computing and Information Sciences School of Computer Science Radboud University Nijmegen Open University of the Netherlands [email protected] and Institute for Computing and Information Sciences Radboud University Nijmegen Bernard.vanGastel@{ou.nl,ru.nl} Abstract—We have analyzed the hardware full-disk encryption full-disk encryption. Full-disk encryption software, especially of several solid state drives (SSDs) by reverse engineering their those integrated in modern operating systems, may decide to firmware. These drives were produced by three manufacturers rely solely on hardware encryption in case it detects support between 2014 and 2018, and are both internal models using the SATA and NVMe interfaces (in a M.2 or 2.5" traditional form by the storage device. In case the decision is made to rely on factor) and external models using the USB interface. hardware encryption, typically software encryption is disabled. In theory, the security guarantees offered by hardware encryp- As a primary example, BitLocker, the full-disk encryption tion are similar to or better than software implementations. In software built into Microsoft Windows, switches off software reality, we found that many models using hardware encryption encryption and completely relies on hardware encryption by have critical security weaknesses due to specification, design, and implementation issues. For many models, these security default if the drive advertises support. weaknesses allow for complete recovery of the data without Contribution. This paper evaluates both internal and external knowledge of any secret (such as the password).
    [Show full text]
  • Security, Encryption, and Certificates FAQ
    Security, Encryption, and Certificates FAQ Overview In Security Center 5.4, several new capabilities will be added that further strengthen the security of the platform itself, as well as the privacy of data. The aim is to prevent unauthorized access to stored and transmitted messages and data, as well as prevent attacks through the use of stronger encryption and authentication mechanisms. With growing demand for privacy, new capabilities in Security Center 5.4 will strengthen Genetec’s position and overall value proposition. This FAQ addresses some of the most common questions in relation to the new capabilities of Security Center: Encryption, Authentication, and Digital Certificates. These concepts are first described in generic terms; the FAQ then outlines how these new measures are used within Security Center 5.4. Encryption vs. Authentication vs. Authorization What is the difference between encryption, authentication, and authorization? Encryption is used to encrypt data so that only authorized users can see it. Authentication determines whether an entity is who they claim to be, eg. in the case of an individual, it is usually based on a username/password combination. Authentication does not actually say anything about what someone is authorized to do or has the right to do. o Client-side authentication uses username/password combinations, tokens (dual authentication), and other techniques. o Server-side authentication uses certificates to identify trusted third parties. Authorization is the function of specifying the rights, eg. defining the access rights someone has over a set of recourses such as a private data, computing resources, or an application. When users log into a Security Center system, what they are allowed or authorized to do depends on the set of privileges assigned to them by administrators.
    [Show full text]
  • Pgpfone Pretty Good Privacy Phone Owner’S Manual Version 1.0 Beta 7 -- 8 July 1996
    Phil’s Pretty Good Software Presents... PGPfone Pretty Good Privacy Phone Owner’s Manual Version 1.0 beta 7 -- 8 July 1996 Philip R. Zimmermann PGPfone Owner’s Manual PGPfone Owner’s Manual is written by Philip R. Zimmermann, and is (c) Copyright 1995-1996 Pretty Good Privacy Inc. All rights reserved. Pretty Good Privacy™, PGP®, Pretty Good Privacy Phone™, and PGPfone™ are all trademarks of Pretty Good Privacy Inc. Export of this software may be restricted by the U.S. government. PGPfone software is (c) Copyright 1995-1996 Pretty Good Privacy Inc. All rights reserved. Phil’s Pretty Good engineering team: PGPfone for the Apple Macintosh and Windows written mainly by Will Price. Phil Zimmermann: Overall application design, cryptographic and key management protocols, call setup negotiation, and, of course, the manual. Will Price: Overall application design. He persuaded the rest of the team to abandon the original DOS command-line approach and designed a multithreaded event-driven GUI architecture. Also greatly improved call setup protocols. Chris Hall: Did early work on call setup protocols and cryptographic and key management protocols, and did the first port to Windows. Colin Plumb: Cryptographic and key management protocols, call setup negotiation, and the fast multiprecision integer math package. Jeff Sorensen: Speech compression. Will Kinney: Optimization of GSM speech compression code. Kelly MacInnis: Early debugging of the Win95 version. Patrick Juola: Computational linguistic research for biometric word list. -2- PGPfone Owner’s
    [Show full text]
  • Dell EMC Unity: Data at Rest Encryption a Detailed Review
    Technical White Paper Dell EMC Unity: Data at Rest Encryption A Detailed Review Abstract This white paper explains the Data at Rest Encryption feature, which provides controller-based encryption of data stored on Dell EMC™ Unity storage systems to protect against unauthorized access to lost or stolen drives or system. The encryption technology as well as its implementation on Dell EMC Unity storage systems are discussed. June 2021 H15090.6 Revisions Revisions Date Description May 2016 Initial release – Unity OE 4.0 July 2017 Updated for Unity OE 4.2 June 2021 Template and format updates. Updated for Unity OE 5.1 Acknowledgments Author: Ryan Poulin The information in this publication is provided “as is.” Dell Inc. makes no representations or warranties of any kind with respect to the information in this publication, and specifically disclaims implied warranties of merchantability or fitness for a particular purpose. Use, copying, and distribution of any software described in this publication requires an applicable software license. This document may contain certain words that are not consistent with Dell's current language guidelines. Dell plans to update the document over subsequent future releases to revise these words accordingly. This document may contain language from third party content that is not under Dell's control and is not consistent with Dell's current guidelines for Dell's own content. When such third party content is updated by the relevant third parties, this document will be revised accordingly. Copyright © 2016-2021 Dell Inc. or its subsidiaries. All Rights Reserved. Dell Technologies, Dell, EMC, Dell EMC and other trademarks are trademarks of Dell Inc.
    [Show full text]
  • Cryptography
    Cryptography From Wikipedia, the free encyclopedia Jump to: navigation, search "Secret code" redirects here. For the Aya Kamiki album, see Secret Code. German Lorenz cipher machine, used in World War II to encrypt very-high-level general staff messages Cryptography (or cryptology; from Greek κρυπτός, kryptos, "hidden, secret"; and γράφ, gráph, "writing", or -λογία, -logia, respectively)[1] is the practice and study of hiding information. Modern cryptography intersects the disciplines of mathematics, computer science, and engineering. Applications of cryptography include ATM cards, computer passwords, and electronic commerce. Cryptology prior to the modern age was almost synonymous with encryption, the conversion of information from a readable state to nonsense. The sender retained the ability to decrypt the information and therefore avoid unwanted persons being able to read it. Since WWI and the advent of the computer, the methods used to carry out cryptology have become increasingly complex and its application more widespread. Alongside the advancement in cryptology-related technology, the practice has raised a number of legal issues, some of which remain unresolved. Contents [hide] • 1 Terminology • 2 History of cryptography and cryptanalysis o 2.1 Classic cryptography o 2.2 The computer era • 3 Modern cryptography o 3.1 Symmetric-key cryptography o 3.2 Public-key cryptography o 3.3 Cryptanalysis o 3.4 Cryptographic primitives o 3.5 Cryptosystems • 4 Legal issues o 4.1 Prohibitions o 4.2 Export controls o 4.3 NSA involvement o 4.4 Digital rights management • 5 See also • 6 References • 7 Further reading • 8 External links [edit] Terminology Until modern times cryptography referred almost exclusively to encryption, which is the process of converting ordinary information (plaintext) into unintelligible gibberish (i.e., ciphertext).[2] Decryption is the reverse, in other words, moving from the unintelligible ciphertext back to plaintext.
    [Show full text]
  • Encryption in SAS 9.4, Sixth Edition
    Encryption in SAS® 9.4, Sixth Edition SAS® Documentation July 31, 2020 The correct bibliographic citation for this manual is as follows: SAS Institute Inc. 2016. Encryption in SAS® 9.4, Sixth Edition. Cary, NC: SAS Institute Inc. Encryption in SAS® 9.4, Sixth Edition Copyright © 2016, SAS Institute Inc., Cary, NC, USA All Rights Reserved. Produced in the United States of America. For a hard copy book: No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical, photocopying, or otherwise, without the prior written permission of the publisher, SAS Institute Inc. For a web download or e-book: Your use of this publication shall be governed by the terms established by the vendor at the time you acquire this publication. The scanning, uploading, and distribution of this book via the Internet or any other means without the permission of the publisher is illegal and punishable by law. Please purchase only authorized electronic editions and do not participate in or encourage electronic piracy of copyrighted materials. Your support of others' rights is appreciated. U.S. Government License Rights; Restricted Rights: The Software and its documentation is commercial computer software developed at private expense and is provided with RESTRICTED RIGHTS to the United States Government. Use, duplication, or disclosure of the Software by the United States Government is subject to the license terms of this Agreement pursuant to, as applicable, FAR 12.212, DFAR 227.7202-1(a), DFAR 227.7202-3(a), and DFAR 227.7202-4, and, to the extent required under U.S.
    [Show full text]
  • An Archeology of Cryptography: Rewriting Plaintext, Encryption, and Ciphertext
    An Archeology of Cryptography: Rewriting Plaintext, Encryption, and Ciphertext By Isaac Quinn DuPont A thesis submitted in conformity with the requirements for the degree of Doctor of Philosophy Faculty of Information University of Toronto © Copyright by Isaac Quinn DuPont 2017 ii An Archeology of Cryptography: Rewriting Plaintext, Encryption, and Ciphertext Isaac Quinn DuPont Doctor of Philosophy Faculty of Information University of Toronto 2017 Abstract Tis dissertation is an archeological study of cryptography. It questions the validity of thinking about cryptography in familiar, instrumentalist terms, and instead reveals the ways that cryptography can been understood as writing, media, and computation. In this dissertation, I ofer a critique of the prevailing views of cryptography by tracing a number of long overlooked themes in its history, including the development of artifcial languages, machine translation, media, code, notation, silence, and order. Using an archeological method, I detail historical conditions of possibility and the technical a priori of cryptography. Te conditions of possibility are explored in three parts, where I rhetorically rewrite the conventional terms of art, namely, plaintext, encryption, and ciphertext. I argue that plaintext has historically been understood as kind of inscription or form of writing, and has been associated with the development of artifcial languages, and used to analyze and investigate the natural world. I argue that the technical a priori of plaintext, encryption, and ciphertext is constitutive of the syntactic iii and semantic properties detailed in Nelson Goodman’s theory of notation, as described in his Languages of Art. I argue that encryption (and its reverse, decryption) are deterministic modes of transcription, which have historically been thought of as the medium between plaintext and ciphertext.
    [Show full text]