Protecting your privacy: asymmetric cryptography (part 2)

This is the second of four posts in which I discuss cryptography. If you read all four posts, you will understand the differences between symmetric and asymmetric cryptography, why the US government were against the spread of modern cryptography, how it has resulted in the first crypto war between code rebels (techno-libertarians) and the US government, and how you can easily protect your privacy using Pretty Good Privacy (PGP).

The topics of the four posts are:

  1. What is symmetric cryptography;
  2. What is asymmetric (public key) cryptography;
  3. The first crypto war between code rebels and the government;
  4. How to easily use PGP to protect your e-mail communication.

What is asymmetric (public key) cryptography

In my previous post, I mentioned four disadvantages of symmetric cryptography. These disadvantages are:

  1. The secret key must be shared between sender and receiver, before messages can be exchanged safely, preferably over a secure channel.
  2. The secret key is in two separate places.
  3. The sender of the message must trust the receiver that he will not steal or copy the secret key.
  4. It is not scalable for, for example, e-commerce.

Soon after the publication of the Data Encryption Standard (DES), asymmetric (public key) cryptography was invented by the Stanford graduate student, Whitfield Diffie, and Stanford Professor, Martin Hellman. This was a huge revolution within cryptographic research, because up until then it was thought that there should always be a shared secret key for the communication between the sender and receiver. The main question that Diffie and Hellman were trying to solve was: how can you create secure communication over a unsecure channel, when two corresponding people have never had contact with one another and therefore have not yet been able to share secret keys with each other.

The solution, public key cryptography, was introduced by Diffie and Hellman in their paper, ‘New Directions in Cryptography’ (1976). It inspired more cryptographic research outside the circles of secret agencies. Soon after the first publication on public key cryptography, three young Professors at MIT, Ron Rivest, Adi Shamir and Leonard Adleman, developed the now famous RSA public key cryptosystem in 1977.

Merkle Diffie Hellman
Ralph Merkle, Martin Hellman, and Whitfield Diffie. Merkle is known for his invention of Merkle trees, which is a tree-like structure of cryptographic hashes that organizes for example Bitcoin transactions. The public key cryptosystem, as published in ‘New Directions in Cryptography’, is mostly known as the Diffie-Hellman key exchange. Hellman, however, recognizes the contributions of Merkle for the Diffie-Hellman key exchange.
RSA
Adi Shamir, Ron Rivest, and Len Adleman. Inventors of the RSA cryptosystem.

Public key cryptography works as follows. There are two separate keys that correspond mathematically with one another: the public key and the private key. The public key is used to encrypt a message, and can be shared to other people. The private key is used to decrypt a message, and should be kept secret. Public key cryptography is hence a two way function. Just by knowing someone’s public key, it’s not possible to find out the person’s private key.

In our below example,

  1. Alice would like to send a secret love message to Bob.
  2. Bob has a corresponding public an private key, and sends the public key over a unsecure channel to Alice.
  3. Alice uses Bob’s public key to encrypt her secret love message.
  4. Alice sends the secret love message to Bob.
  5. Bob uses the corresponding private key to decrypt the message and finds out that Alice loves him.
Public Key cryptography
Alice and Bob use public key cryptography to exchange secret messages.

Doing so, you can have private correspondence over an unsecure channel. Actually, we’re using public key cryptography all the time. Whenever you see a green padlock in front of the URL bar, it means that the data you enter on the website is first encrypted before it’s sent out.

Digital Signatures

Public key cryptography is not only used for the encryption and decryption of messages, but also for message authentication. If Alice would not have encrypted her message with Bob’s public key, but with her own private key, then the encrypted message can be decrypted with her public key. If you receive a message of John Locke and you’d like to know whether it’s really sent out by Locke, then you could look up his public key and use it to decrypt his message. If the result is plaintext, and assuming that Locke is the only person in the world who possesses the only private key that can produce the encrypted message, you can be sure that the message was sent by Locke. In other words: applying a private key to a message is the equivalent to putting a digital signature.

Digital Signatures
Alice puts a digital signature on her message, and Bob digitally verifies that the message is truly coming from Alice. This is an easy way of using digital signatures. In reality, a text is hashed first with a hash algorithm, before it is encrypted with the private key. Bob then uses Alice’s public key to decrypt the message to retrieve the hash, and compares the resulting hash with the original hash of Alice’s message.

Digital signatures are particularly important, because they provide the following security aspects:

  1. Authentication: it offers proof that the message comes from the right person.
  2. Non-repudiation: we cannot deny that the signee has sent it.
  3. Data integrity: the message cannot be altered after it has been signed.

Diffie and Hellman saw great potential for public key cryptography in the coming digital age. The US secret intelligence, however, were not happy with this development in cryptography and tried to prevent public use of this new cryptosystem. The standoff between privacy advocates of whom many were cryptographers and the US government is known as the first crypto war.

In part three of this series, we will discuss the crypto war. Eventually, at the end of the post series, you will be able to encrypt your e-mails using public key cryptography.

"A classical liberal view of the Iran crisis?"

Some initial thoughts:

Classical liberals will not be surprised by the repeated occurrence of violence and war in the Middle East and will understand the realities of the unstable region where Iran is an important player. Their analysis will view the regional balance of power in the context of the global balance of power. They will also take account of the history of US-Iranian relations […]

This is from fellow Notewriter Edwin, writing for the Institute for Economic Affairs in London. It was part of a nightcap a few days ago, but I thought I’d give it some more love with a post of its own.

Edwin likes to use the “balance of power” strategy to explain the classical liberal position (check out his now classic article in the Independent Review), but I don’t know how true this is. Traditionally, hasn’t the balance of power method been favored by conservatives like Metternich and Kissinger?

I know he’ll respond by telling me that I have a socially liberal view of IR because I favor more federation, but I don’t know how true this is either. Shouldn’t trade-offs and cooperation in the context of power take precedence in classical liberal theories of IR? What sounds more liberal to you, then: a strategy of balancing power between separate actors, or a strategy of finding trade-offs and binding actors together in a manner (federal) that maximizes those trade-offs?

Sunday Poetry: Gender Equality where it matters? The Scandinavian Unexceptionalism

Deja-Vu! Social Democrats once again bring up the topic of “Democratic Socialism” to cure all of the evils of the world. Once again, the Scandinavian countries (Sweden, Finnland, Denmark and Norway) are used as an example of how “a third way Socialism” can work. Although I still would consider myself young, I have already lost all of my stamina to engage in the same debates all over again until they pop up again a few months after.

So, instead of pointing out the fallacy in labelling the Scandinavian countries moderately socialist (Nima Sanandaji, for example, does an excellent job in doing so), I want to look at one aspect in particular: The myth of peak emancipation of woman in the labour market in these countries. So apologies for neglecting Poetry once again for the sake of interesting information. Have a look at the following graphic and the remarks by Sanandaji:

“Some boards in Nordic nations are actively engaged in how the companies they represent are run. Others have a more supervisory nature, meeting a few times a year to oversee the work of the management. The select few individuals who occupy board positions – many of whom reach this position after careers in politics, academia and other non-business sectors – have prestigious jobs. They are, however, not representative of those taking the main decisions in the business sector. The important decisions are instead taken by executives and directors. Typically individuals only reach a high managerial position in the private sector after having worked for a long time in that sector or successfully started or expanded a firm as an entrepreneur. The share of women to reach executive and director positions is the best proxy for women’s success in the business world. Eurostat has gathered data for the share of women among ‘directors and chief executives’ in various European countries between 2008 and 2010. The data show that Nordic nations all have low levels of women at the top of businesses. In Denmark and Sweden, only one out of ten directors and chief executives in the business world are women. Finland and the UK fare slightly better. Those Central and Eastern European countries for which data exist have much higher representation.

sanandaji.png

[…]

A key explanation lies in the nature of the welfare state. In Scandinavia, female-dominated sectors such as health care and education are mainly run by the public sector.
A study from the Nordic Innovation Centre (2007: 12–13) concludes: Nearly 50 per cent of all women employees in Denmark are employed in the public sector. Compared to the male counterpart where just above 15 per cent are employed in the public sector. This difference alone can explain some of the gender gap with respect to entrepreneurship. The same story is prevalent in Sweden. The lack of competition reduces long-term productivity growth and overall levels of pay in the female-dominated public sector. It also combines with union wage-setting to create a situation where individual hard work is not rewarded significantly: wages are flat and wage rises follow seniority, according to labour union contracts, rather than individual achievement. Women in Scandinavia can, of course, become managers within the public sector, but the opportunities for individual career paths, and certainly for entrepreneurship, are typically more limited compared within the private sector.

If you are interested in the whole book, it is completely available online for free.

I wish you all a pleasant Sunday.

A happy ten-year anniversary to the case people love to hate

This month marks the ten-year anniversary of one of the most despised and misunderstood Supreme Court cases: Citizens United v. Federal Election Commission.

I love Citizens United. It stands as perhaps the most important First Amendment decision of the last decade. Yet it’s come to symbolize the illicit marriage between money and power, while what actually happened in the case is largely an afterthought. I remember encountering an enraged signature-gatherer outside a Trader Joe’s a few years ago who was engaged in one of the many campaigns to amend the Constitution to put an end to Citizens United. I thought he might have a coronary when I told him that it was one of my favorite Supreme Court decisions. I deeply regret not asking him if he could rehearse for me the facts of the case. Maybe he would’ve surprised me.

So what did Citizens United actually say? The law at issue banned corporations from using general treasury funds for electioneering, with civil and criminal penalties for corporations that spent money to speak on pressing political issues of the day. The Supreme Court said that a small-time political organization (that happened to be incorporated), Citizens United, could not be banned from publishing a film critical of a presidential candidate. It’s hard to find speech of a higher order of significance than that.

Citizens United held that government cannot ban political expenditures just because people choose to speak through the corporate form. This is a classic example of an old rule–government cannot censor speech based on the identity of the speaker.

Much of the fury over Citizens United is premised on a guttural abhorrence for the corporation. But corporations are just groups of people who have chosen to organize through a particular structure. And most don’t realize that the law at issue in Citizens United also banned unions from using general treasury funds for electioneering communications.

Much of the popular criticism of the case that I’ve seen seems to believe that Citizens United was the first case to establish that corporations had First Amendment rights. It wasn’t. In fact, not even the dissenters in the case would’ve held that corporations lack such rights. That was an uncontroversial and settled matter. And it should be obvious as to why. If corporations don’t have First Amendment rights, then the New York Times doesn’t have First Amendment rights, along with many other media organizations. (I’ve heard the excuse that freedom of the press would still protect media organizations independently, which is a misunderstanding of the freedom of the press, which doesn’t offer greater speech protections to media than non-media).

Citizens United gets a bad break, and I wish it a happy anniversary.

A blatant campaign-finance boondoggle

The City of Seattle is poised to pass a plainly unconstitutional campaign-finance law later this month. The bill would limit contributions to political action committees that are not controlled by or connected to a candidate to $5000 per election cycle. The Ninth Circuit Court of Appeals, which would govern the outcome of any litigation, has already said several times that limiting contributions to independent PACs (meaning independent of a candidate’s campaign) violates the First Amendment.

The rationale is pretty straightforward. Any limit on political spending is a limit on speech, so it must satisfy the First Amendment. In Buckley v. Valeo, the United States Supreme Court said that contribution limits directly to candidates are usually okay because they (arguably) reduce the likelihood of corrupt quid pro quo exchanges between candidates and donors. But Buckley struck down limits on independent expenditures (meaning expenditures that aren’t donated to a candidate but speak independently for or against a candidate). Independent expenditures, unlike direct contributions, are not coordinated or controlled by the candidate, so there is less of a risk that an independent expenditure is actually an illicit quid pro quo. Since limits on independent expenditures restrict speech without actually doing anything to prevent corruption, they violate the First Amendment.

Contributions to PACs that engage in independent expenditures are basically the same as independent expenditures–there isn’t a direct connection to a candidate, so there simply is no genuine risk of corruption. The City of Seattle probably knows this, and they either don’t care or they hope to change the state of the law. I look forward to the forthcoming judicial rebuke.

Really, I find the entire premise behind limits on either contributions or expenditures to be highly dubious. While there are no doubt a few instances where a contribution to a candidate is given in direct exchange for some future favor once the candidate wins office, the vast majority of contributions are not that. They’re donations to support a candidate because his platform reflects the donor’s policy preferences. Most corrupt exchanges of money, when they do occur, almost certainly occur under the table and outside the context of highly regulated campaign contributions. Thus, contribution limits penalize a wide range of legitimate political speech to get at a vanishingly small (and unknowable) number of malefactors.

Defenders of campaign-finance laws tend to emphasize the huge amount of political spending as per se evidence of the need for reform. (When you compare the amount of political spending to other spending in the economy, it becomes quite clear that the amount of money in electoral politics simply isn’t that much). This claim that money in elections is fundamentally bad has always struck me as bizarre. That money is spent by both sides on political speech that informs the public. Why should we assume that this is a bad thing? Of course all political speech has a partisan aim–to convince voters to vote for so-and-so. But the information hardly compels voters to do so. At the end of the day, it seems much better to have a public informed by politically motivated communications than to have less information.

Campaign-finance advocates also like to point out that candidates who receive the most money tend to win. Again, it isn’t obvious why this is a bad thing. It seems rather obvious that popular candidates will attract both dollars and votes, not because they get lots of money, but because they’re popular. This is a classic failure to acknowledge the difference between correlation and causation. To date, no significant evidence has surfaced demonstrating that dollars cause votes.

And what about the concern over undue influence? Of course, politicians may be responsive to high-dollar donors. But again, this is a correlation issue. The NRA gives money to candidates who support the NRA’s  policy preferences. When the candidate reaches office and fights gun control, is it because of the NRA’s support, or was the NRA’s support prompted by the candidate’s pre-existing policy platform? Over and over, the deeply felt convictions of campaign-finance advocates seem to rest on a house of cards.

In any case, even if risk of quid pro quo corruption is a valid reason to restrict speech, Seattle’s bill goes well beyond that rationale. PACs engage in core political speech, as do the individuals who donate to them. That speech merits protection.

Politics according to the Bible

Yeah, let’s go for a topic that is generally polemic. What I’m going to present here will not be exhaustive, but at least I believe it’s a fair and honest (although very breathy) treatment on the topic.

First things first, I believe that the Bible is the Word of God. I believe it was written by people (very likely all men) who were inspired by God. This means that the Bible is not their book. It’s God’s book. Also, although it was written in contexts and cultures very different from ours today, it is still true because it speaks of things that are eternal. So, with that in mind, here are some things I believe the Bible teaches on politics.

The whole Bible is a story of creation, fall, redemption and restoration. God created the World “very good”. However, man fell from this status when he sinned. Sin is to disobey God’s law or to fail to conform to it.  When the first man, Adam, sinned, we all sinned, because Adam was our federal representative. It may sound unfair that we are all punished for something that someone else did, but students of politics shouldn’t be surprised. We suffer (or benefit) from things we didn’t do all the time. In this particular case, God chose Adam as humanity’s representative. God is just. It was a just choice. After Adam fell, Jesus became the federal representative of a part of humanity that God decided to save. This is the “redemption”. The restoration is God reversing the effects of the fall through the church.

The whole Bible story can be summarized as “kingdom through covenant”. A covenant is a solemn agreement between at least two (not necessarily equal) parties, involving promises and sanctions. God made a covenant with Adam. Adam broke that covenant. God made a covenant with Jesus. Jesus fulfilled the covenant. By fulfilling it, Jesus became the king of a people, the church.

Jesus’ covenant was anticipated by some covenants in what we call the Old Testament. Although the theories vary, the point is that God’s covenants with Noah, Abraham, Moses and David somehow anticipate Jesus. This means that in the Old Testament God’s people was mostly one nation, Israel, organized as a nation-state. This nation-state had civil laws. One great mistake is to try to apply these civil laws to any state today. Israel was an anticipation of the real people of God, the church. The church is not a nation-state. It doesn’t have civil laws. Actually, Jesus repeatedly said that his kingdom was not of this world, meaning that it would not be brought by political force.

The fact that Israel was an anticipation of the true church doesn’t mean that all the laws given to Israel are irrelevant today. The moral law given in the 10 commandments is still biding. even the civil laws, although no longer biding, can be informative. The point is that these laws cannot be enforced by any state. They have to be preached. People must be left free to join. Or not.

What the church can expect from the state? It would certainly be great to live in a country that fully conforms to God’s moral law, but this is not a realistic expectation. The best we can expect is a state that keeps people free to decide whether they want to join the church of not. Other than that, there is a moral law that we all can benefit from: don’t hurt others and don’t pick their stuff without permission.

Trying to enforce God’s kingdom was one of the greatest mistakes Christians committed through the centuries, and I believe many Christians are still doing it today. We want people to be Christians not out of their free choice, but by coercion. Or we want people to externally behave as Christians when they are not. Again: the best we can do is to let people free to decide. And meanwhile, demand that we are also free to practice our religion, no matter what other people think about it.

Why some countries are stuck in poverty

It is fairly common for young children in Brazil (or at least in Rio de Janeiro, the part of the country I know better) to call adults “uncle” or “aunt”. My closest friends’ children call me uncle and I’m totally ok with that. I do see them as my nephews and nieces. That also happens in schools: children up to 11 or 12 call the teachers “aunt”. Some people think that this is normal or even cute. However, I studied in a school that strictly forbid children to call the teachers aunt. The teachers were supposed to be called simply “teacher”. One interchange became folkloric in my house: “Am I your father’s sister? Am I your mother’s sister? Am I married to your uncle? Then I’m not your aunt.” Ouch! As gruff as it might sound, that’s the mentality I grew up with. My mother was also never totally comfortable with some of my friends calling her “aunt”.

One of my favorite interpretations of Brazil came from Sérgio Buarque de Holanda (1902-1982). In his book Raízes do Brasil (Brazil roots, 1936) he made an analysis of the country, saying that the problem with Brazilians is that they are cordial. Using Max Weber’s categories, Holanda said that Brazilians don’t know how to conduct formal, impersonal relationships. It is really hard for them (or I should say, for us) to understand that the guy in office is the guy in office and not our friend.

I would say that many times I saw Holanda’s interpretation in action. Students who thought they were my friends and that because of that I would go easy on their exams. Colleagues who thought I wouldn’t fine them when I was working in the library. People I barely knew, who were friends of my friends, who thought I would give them answers for the exams. I managed to be friends of some students, but that was the exception. Most students had a hard time distinguishing between “Bruno, my friend” and “Bruno, my professor”. Worse, some, I don’t know how, came to the conclusion that I was their friend.

Lula da Silva, Brazil’s former president, presented himself as a father. He introduced Dilma Rousseff, his successor, as a mother. Getúlio Vargas, the horrendous dictator from the 1930s was widely known as “the father of the poor”. I’m sad to say that Jair Bolsonaro, Brazil’s current and supposedly right-wing president, doesn’t really scape this logic. It may be nice and cute when little children call adults aunt or uncle, but it sickens me when grownups use this language. Even more so, when they use it to people they don’t even know!

Sergio Buarque de Holanda is one of the few things from college I profited from reading. It helped me to escape the Marxist bog that is much of Brazilian humanities academia. Years later I read Good Capitalism, Bad Capitalism and I discovered that Brazil was not alone. That is the problem with many so-called capitalist countries that still lag behind. They are not really capitalist in the sense that the US, much of Western Europe or Japan and other Asian countries are, and one of the main reasons for that is that people don’t know how to conduct impersonal, formal relationships. The teacher is not your aunt, and the country is not a big family.