Will encryption save us? Social psychologist Shoshana Zuboff explains in detail the methods employed by Google and other digital giants to track our clicks, sell our data, and auction targeted advertising slots to monetise our private on-screen experiences.
Our online behaviour is the resource. We are the product, not the consumer. Google’s clients are advertisers and third parties who buy this data, i.e. our data. We depend on the services Google offers, but “there is no exit, no voice, and no loyalty, only helplessness, resignation, and psychic numbing” (94). All we can do is hide:
“encryption is the only positive action left to discuss when we sit around the dinner table and casually ponder how to hide from the forces that hide from us” (95).
If, by this dramatic account, encryption is the only action left, then it’s worth giving it another look.
Simple secret delivery
Encryption has many applications, not least it enables the confidential transmission of information, and enables cryptocurrencies to function. Encryption is a way of codifying secret information and passing it through networks so it can only be read by the addressee but not by anyone else. Recipients with the coded message, and the decryption software and the decryption key can then read the message.
As I’ve been thinking about secrets I was drawn to secrets.dyne.org, in particular the black and white stock photo on the front page showing two women apparently sharing a secret, with one whispering into the ear of the other. The picture shows a one-to-one model of secret sharing. But dyne.org demonstrates a more sociable method. Here’s my interpretation of the challenge.
A spy (intelligence agent) tells a confidant: “If something bad happens to me then contact Colonel Nutmeg at the embassy. He’ll know what to do.” If the confidant is trustworthy then he or she is equipped to carry out the action as needed. But if some misfortune befalls the confidant then the message is lost.
The confidant may also be coerced or tortured to reveal the secret message. One solution is for the spy to tell several people the secret message. But that increases the risk of betrayal or careless disclosure of the secret message.
Another solution is to deliver part of the message to a number of people, none of whom have the complete message. On the spy’s demise they come together and resolve the puzzle of the message.
That’s as if the spy were to give each member of her trusted circle of friends a fragment of a torn up letter, or a map. (Did I see the map scenario in Jumanji: Welcome to the Jungle?)The full message is revealed when the pieces come together. I’m sure I’ve seen this in several adventure films: the fragments of a talisman are brought together as a key to open a secret door to a treasure. That’s a familiar mystery story trope.
The application demo at secrets.dyne.org/share provides an interesting model for sharing secrets. The site contains instructions and a single entry field. You type a few sentences into the field. e.g.
“If something bad happens to me then contact Colonel Nutmeg at the embassy. He’ll know what to do.”
The program then returns 5 character strings (secrets). These are in code and look like random sequences of characters. These string are even longer than the original message. (I include these in the notes below.)
The idea is that you email or message these five secrets to five of your trusted friends. As the secret is opaque to those friends or anyone else it’s not a high security item. The secret doesn’t need to be hidden or invisible.
On some signal or other these friends come together. The five secrets serve as a key to unlock your original message. In fact, the entire message is in the secrets. There’s nothing stored in a database.
The encoding is such that only three of the secrets are required to unlock the message. That’s smart. It supports the possibility that one or two of your friends may not be available to reconstruct the message, or may have lost their secret, or missed the call to action.
There’s a web page to “combine secrets.” Three of your friends paste their bit of code in the fields and the message appears intact and word for word. If even one character out of the three secrets is misplaced then the message will not be reconstructed.
Of course, you have to trust that the website isn’t storing your original secret message. To use this in earnest you and your friends would need to run the coding-decoding software on their own computers, and that’s available for download on the website.
The dyne.org website explains the application of the method.
“Secrets can be used to split a secret text into shares to be distributed to friends. When all friends agree, the shares can be combined to retrieve the original secret text, for instance to give consensual access to a lost pin, a password, a list of passwords, a private document or a key to an encrypted volume.”
As explained in a 1979 article on this encryption-sharing method, the method could be used for authorising a group decision where the majority decision is to prevail, e.g. over half the executives on a board have to agree before attaching a digital signature to a cheque. The 3 out of 5 rule means that the cheque could be signed off digitally by the majority (quorum) and not vetoed by the minority. The method could presumably be extended to larger numbers of participants, different sized quorums, and other voting contexts.
That’s arguably a human-centred, sociable approach to trust. You have to organise your friends to agree to this method, and how they will come together. The secrets are not human-centred though. No one could commit those secrets to memory, and they could be lost in the secret keepers’ file systems.
There are ways to make the secrets more memorable. It’s more complicated, but you could deliver secret words (e.g. “dragonfly,” “magenta,” “moonbeam” …) secretly to each of your friends.
These words in turn act as decryption keys to decode each of the secret-keeper’s coded secrets. A string of code that has been encrypted can also be encrypted, and decrypted with its key. There are online tools for encrypting and decrypting messages with a key: codebeautify.org/encrypt-decrypt
Once encoded, the secrets could then be stored in multiple locations. No one could convert them into the sequence that could work in the share secrets application until they are converted using the secret-holder’s key.
A string of code that has been encrypted can also be encrypted, but you wouldn’t know immediately if that stage in the process was successful. It’s as if you were converting one unmemorable random string of alphanumeric characters into another unmemorable random string.
Manipulating code sequences requires concentration, motivation, opportunity, organisation and alphanumeric cognitive agility — not always present in an environment of informal sharing, as we “casually ponder how to hide from the forces that hide from us.”
One of the nice thing about the secrets.dyne.org method is that if you received a random string of characters from your (spy) friend, then you would at least know it’s a code. That’s a bit like someone handing you a key, or a fragment of a map, or whispering in your ear. At least you know there’s a secret in play, even if you don’t remember it or yet know why you are being told.
- Sandbeck, Sune, A.T. Kingsmith, and Julian Von Bargen. 2020. The block is hot: a commons-based approach to the development and deployment of blockchains. In Massimo Ragnedda, and Giuseppe Destefanis (eds.), Blockchain and Web 3.0: Social, Economic, and Technological Challenges: 15-29. London: Routledge.
- Shamir, Adi. 1979. How to share a secret. Communications of the ACM, (22) 11.
- Zuboff, Shoshana. 2019. The Age of Surveillance Capitalism: The Fight for a Human Future at the New Frontier of Power. London: Profile Books
The five secrets encoding the message: “If something bad happens to me then contact Colonel Nutmeg at the embassy. He’ll know what to do.”
(I’ve insert line breaks so these strings don’t run off the page.)
Here’s a simpler set of 5 secrets to combine at https://secrets.dyne.org/combine.