Our Problems, Our Solutions

There is a famous New York Times article from 2001, talking about Michael Rabin and Yan Zong Bing's discovery of the fact that the Rabin system, a set of algorithms for public key cryptography devised in 1978, was "provably secure". This meant that the computational requirements of forging a signature were provably related to the requirements of factoring integer numbers. Like every scientist who has made an impressive theoretical discovery, Rabin plays it up for the press, calling his system "the first provably unbreakable code that is really efficient". When faced with the discovery, computer scientist Peter G. Neumann started his reply with:

"If you think cryptography is the answer to your problem, then you don't know what your problem is."

He meant to clarify to the layman that no method is secure against the practical realities of implementation. And he was right: like in other asymmetric encryption methods, the actual process of encryption in the Rabin system is based on the public key of the recipient. If one is naive enough to run an encipherment operation on a message without extending it with random bytes, they will be surprised when they realize that its security is directly proportional to its length, since one can follow from the principle that a given plaintext results in an identical ciphertext and thus know exactly how many "dumb guesses" will have to be made from the amount of enciphered information.

Neumann's observation centers on the fact that the way people secure information is almost as important as the method they use to encipher it, maybe even more so. Take, for example, the US government's very own Data Encryption Standard (DES). It's a cipher that, contrary to the claims of the NSA, could be broken by someone with enough computing power. When a new method for generating fixed-length codes from messages came around, called the Secure Hash Algorithm, it became clear in less than a decade that practical attacks on its second version (SHA-1) by well-funded actors were possible. Yet these cryptographic primitives were still used: DES still poses significant resistance against attacks if someone runs it thrice with three different keys in a Encrypt-Decrypt-Encrypt pattern (three-key 3DES, although the US government now forbids this), thus cutting off the easiest paths for an exhaustive key search. SHA-1 is still considered effective if you use it in the process of generating a message authentication code.

While you should never trust anything which uses 3DES-HMAC-SHA1 in 2025, it's an useful example in differentiating between confidentiality and security. Confidential information can be insecure or pose a risk to security depending on the threat actor and in which context it finds itself in. Consider the following scenario: If you want to send a short message with personal, sensitive content to someone else who lives a block over from you, what is the best approach? Should you just slip them a piece of paper on the way to the nearest gas station, or should you communicate with them via a secure messaging app, where their phone will store a copy of the message and display its partial contents via a push notification for the foreseeable future, unintentionally propagating it via mechanisms such as filesystem journaling? Obviously, outside of situations where there is active physical surveillance, the piece of paper is the correct pick: even if it's plaintext, it can be more easily destroyed, and if it flies through the window into the faraway shrubs, it will probably be divorced from its context.

There is a fundamental ineptitude to be found in separating "security" from its social context when we are talking about direct social interactions between human beings. It perpetuates the ineptitude associated with the concept of the "user", and makes people vulnerable by manufacturing a chronic inability for them recognize their needs.

We've already emphasized why chat apps may not fit certain use-cases, but let's look at a chat app that doesn't fit the "secure" use-case: Telegram, where end-to-end encryption is completely opt-in, has a lot of dodgy messaging about "security" around it, pushed by its developers and its main designer, who occasionally goes on interviews to try and pose as a genius. This emphasis on "security" conditions the users into assuming their conversations have a level of confidentiality which does not a priori exist, thus compromising them in the long run.

Even for applications which can assure confidentiality, we're seeing something worrying develop around them, a kind of "reverse security theater", where the methods being used to protect information are considered universally applicable, due to the appearances created by legitimate technical excellence. By delineating this, we achieve another example of the confidentiality-security divergence. As Neumann said:

It's like the voting machines, you'd like to have some integrity in the electoral process and now folks are coming out of the woodwork saying, 'We have this perfect algorithm for privacy and security' ... There is no guarantee that your vote actually goes into the computer the way it looks on the touch screen, what does it take to buy a computer programmer? A couple of years' salary and a house in the Cayman Islands?

Nuclear reality

What must we do when we face an uncomfortable reality of a repressive government? A fact which makes many in the area of information security who want to seem amicable to the State bite their tongue is that failures in the threat models of criminal activity are what have mostly pushed the practical notions of security forward. This often happens indirectly, because while the uses for cryptography are extremely varied, the government's suppression of criminal enterprises creates the most extreme real-world examples of attempted surveillance which are regularly disclosed. It's not very often that the Mossad discloses its operations, or that a group of exploiters-for-rent expose their methods.

For a concrete example, we can point to the government's power to legally compel third-parties to disclose information. It's a pretty big deal, and observing how mediators are often obligated to take part not only in constant disclosure, but also in active surveillance, has shown protocol and platform designers that the need for cryptographic operations in transit is unacceptable; Something which, after a long time, is finally leaking into the consciousness of non-technical security-aware individuals. This evolution is best portrayed in the more persistent suspicions being driven at VPN services, who have had to shift their selling point from "security" to "circumventing geoblocking", as it's become clear that services, no matter their proclaimed policies, will keep logs of important data and actively harm user security via the fundamental principles of the way they function, since they need to decrypt data before making a web request for you. Who's to say that FISA hasn't got to them already? Who's to say that your VPN service has more sensible TLS defaults than your browser?

Creating awareness of marketing departments' sleight-of-hand tactics is something that saves lives, overwhelmingly the lives of individuals who are not drug peddlers but are persecuted for even the most milquetoast political positions (or for being gay) in countries like Iran and Saudi Arabia. However, these forms of persecution, despite being generalized, target individuals. The operations against criminal enterprises and repression against "undesireables" are similar, as the main goal of the former is continued profit and the creation of a stable parallel market, which tips the scale towards the need to disrupt the security of key figures.

To achieve a qualitative improvement, which goes beyond the individual and moves into the proper realm of our political organizing, we cannot think of "solutions". At every step we must be against the view of a security model which categorizes and thinks of separate all-encompassing building blocks, and instead have a direct perspective on how different properties of the things we use interact with reality (the previous example of the piece of paper is instrumental). This is, of course, highly theoretical in the sense that any attempt to prescribe models to situations will fall for the same mistake we are calling out. Instead, we must arm our movement with an organic consciousness which can be derived into certain models.

Such a goal is to be accomplished by the process of demystification. By showing that the self-imposed borders of knowledge are not as impenetrable as they may seem, we can do away with blind trust and show that data cannot only be controlled, but that the ways it's manipulated can be understood. Our future rests on our ability to deal with sophisticated obstacles, obstacles which cannot be hand-waved away and will not simply disappear at an opportune historical moments.

We can't say what this encompasses, but we can say that the first step is about addressing the political fantasies of different sects, which believe that any day now they will reach a stage of exponential growth, where their popular following will boil up to such a level that the conventional apparatus of repression will not function against them. These are misconceptions that have existed ever since the decline of our movement, a positive obsession with being a mass organization, but doing so only in order to prepare for a cataclysmic event of class consciousness whereafter the "real" political strategy can begin.

In the development of popular movements, an intermediate stage is reached, wherein the State works to suppress what it views as a potential threat to the normal functioning of things. That the solution of our great communists is throwing a few thousand into the meat grinder rather than mounting any real barriers is worrying: it makes clear that our problem is that the next MOVE bombing will be livestreamed on Instagram.