Losing the Code War

Source: The Atlantic

Within days of the September 11 attacks U.S. intelligence agencies were being blamed in many quarters for their failure to detect the terrorists' plans in advance. Mistakes in the formulation and execution of intelligence policy were no doubt made. Yet there is no one to blame for what is probably by far the greatest setback in recent years to American capabilities for keeping tabs on terrorists: the fact that it is now virtually impossible to break the encrypted communication systems that PCs and the Internet have made available to everyone—including, apparently, al Qaeda. The real culprits behind this intelligence failing are the advance of technology and the laws of mathematics.

For more than a decade the National Security Agency has been keenly aware that the battle of wits between code users and code breakers was tipping ineluctably in favor of the code users. Their victory has been clinched by the powerful encryption software now incorporated in most commercial e-mail and Web-browser programs.

It has always been theoretically possible to produce a completely unbreakable code, but only at considerable inconvenience. In the 1920s two groups of code users, Soviet spies and German diplomats, became aware of the vulnerability of their existing systems and began to rely on what are known as one-time pads. In this system sender and receiver are supplied with matching pages containing strings of numbers; each page is used as a key for encoding and decoding a single message and then discarded. If properly used, this scheme is unbreakable. Yet in practice corners were invariably cut, because the system was logistically complicated, involving—among other things— teams of couriers to deliver new one-time pads as the old ones were used up.