Tales From the Cryptkeeper

It’s September, a month that often feels like stepping back inside time. We’re thinking about the small systems that organize our world, the way we join or choose groups, the bubbles above and around and inside ourselves and each other. Delicate and distinct, the stories this week are all about ever-expanding definitions of where we fit in.

Public. Private. I loved the simplicity. I worked for one of three journalists who, in 2013, received an archive of highly-classified National Security Agency documents from a gaunt 30-year-old who never left the house until he really, really had to. At the time, my boss was writing a book about the Agency and the 30-year-old himself was something of a cypher, but one whose deciphering, I later discovered, revealed just another banal string of letters, numbers, and symbols. (In other words, he was a patriot.)

My role in this endeavor was less sexy than my employer. I wrote research memos, transcribed interviews, and filed Freedom of Information Act requests for records whose existence the government unfailingly refused to confirm or deny. In the FOIA world, they call this a “Glomar” response, after the USNS Hughes Glomar Explorer, a deep-sea drillship that either was or was not involved in a covert CIA effort to recover a sunken Soviet submarine from the bottom of the Pacific Ocean in 1974. Nonetheless, my proximity to one of the largest national security leaks in U.S. history—literally; the safe containing the archive was 50 feet from my desk—required a crash course in what my boss only somewhat sheepishly called “op-sec.”

I am an anxious person, with a tendency to fixate on the forking trail of consequences from my own mistakes. I have thought myself into responsibility for a few minor global catastrophes. This habit of mind (like most personality traits, a variety of narcissism) is a mixed blessing when it comes to “op-sec.” I grew accustomed to an itchy feeling—at the back of my neck, between my shoulder blades—that it would be some misstep of mine that would ultimately betray my boss. An insufficiently complex passphrase, an unthinkingly clicked-on link would compromise him, endanger not just his book but national security.

To calm myself down, I would read (at night! In my ex-girlfriend’s bed! Sometimes aloud!) about the intricate math I was relying on to keep us “safe”—from Russian hackers, I thought—like an agoraphobe examining the blueprints for the locks on his door. A high-up NSA official would later tell my boss his elaborate efforts to safeguard the secrets entrusted to him were almost certainly futile, no match for a sufficiently motivated foreign intelligence service. Wish I’d known. Might’ve saved me some anguish.

Email encryption (of the sort one might use to forward a bit of equine pornography, say) relies on what mathematicians call “one-way functions:” math problems that are easy to do in one direction but practically impossible to do in reverse. So, for example, if you multiply two large prime numbers together you get a huge semi-prime number, divisible only by those two primes, 1, and itself. Twenty-six, the age I was when I stopped being sure I wanted this job, is semi-prime: 2, 13, 1, 26. Twenty-nine, the age I was when I left, is prime.

When the numbers involved are big enough (think hundreds of digits), no one has figured out an efficient method for factoring that semi-prime back into its constituent primes. Even supercomputers just have to guess at combinations, one by one. Harnessing all the processing power on Earth, it would still take longer than the known age of the universe to reverse the function back to its originating prime factors. Are you asleep, baby? Did you hear that? The age of the universe!

At the time, I found this idea unnerving, vertiginous, beautiful. I still do. Tasks that are mindlessly simple to do, but nearly impossible to undo, have an almost primordial allure for me—jumping off a high bridge into a freezing cold lake, breaking up over text message, taking LSD. The math problems used in cryptography are sometimes called “trap-door” functions. (I like the word irrevocability.) In the simplest terms, my public key and my private key represent two sides of an irreversible equation, one the product of the other. Their relationship is intrinsic and unique, but opaque. The silent, indeterminable nature of their bond is what enables decryption. Without my private key, the heat death of the universe might arrive before anyone could decipher a message encrypted using my public key! Now, don’t you feel calm?

So, the woman and the horse. On this day, one of my first on the job, I opened my encrypted email client. I saw the new message. An unknown address, no subject line. The thrill of clandestine intimacy shot through me. (Spy stuff!) I opened the email and applied my private key. But something was wrong. The anonymous missive remained a meaningless string of letters, numbers, and symbols. The beautiful math had failed me. Or so I thought. Expanding the window, I began to see that the Bs, Cs, dollar signs, commas, and parentheses formed a cartoonish but unmistakably lascivious pairing. A horse, its spots; a woman, her tits. Who would send this? I doubted it was Russian hackers.

My feeling in that moment would become familiar: a mix of embarrassment, paranoia, and bathos. The world of cryptography, of hackers and spies, is full of this kind of thing: an ambient sense of world-historic stakes, and sophomoric, meaningless bullshit.

An example. Many of the Snowden documents describe hyper-advanced techniques for hacking the email accounts of foreign dignitaries (or unscrupulous research assistants…) on Powerpoint slides sprinkled with slang (pwn, noob, l33t) and image macros imported from the shittiest fringes of internet culture: IRC chatrooms, Reddit, 4chan. I remember a slide about “collection optimization”—an NSA technique for distinguishing signal-from-noise while hoovering up online data—featuring the “Emo Cat” meme. Emo Cat: No One Understands Him. (Reminder: these are techniques that get people killed, bring down governments, destroy lives.)

Another. The encryption program I was using, then the state-of-the-art, is called PGP, which stands for “Pretty Good Privacy,” named after “Ralph’s Pretty Good Grocery” from NPR’s “Prairie Home Companion.” (Blech!) But get this: when the protocol underlying PGP was invented in the late 1970s—by people who must have marveled, as I have, at the sublime irrevocability of trap-door functions—the National Security Agency sought to regulate and ban it, under laws prohibiting the traffic of nuclear arms.

To these people, public-key cryptography—that beautiful bit of one-way math—was as dangerous as the A-bomb. The prospect of user-friendly (-ish) cryptography for the masses imperiled the most basic prerogative of signals intelligence (perusing our intimacies with ease and impunity). The tech-savvy Twitter wag who’d sent me a web-ding portrait of a big-breasted blonde bestriding an appaloosa had done so using a technology the U.S. government once considered a dangerous weapons system, the unauthorized dissemination of which should be punished by significant prison time. You see? A fierce marriage of the stupid and the deadly.

Still, the experience with the lady-and-the-horse left me feeling unclean. The world of digital privacy is full of antiseptic metaphors. Cybersecurity experts advise practicing good “digital hygiene” to reduce exposure to invasive cookies, viruses, and hacks. This idiom always reminds me of Todd Hayne’s 1995 film Safe, starring Julianne Moore as Carol White, a repressed San Fernando Valley housewife who contracts a vague and likely psychosomatic disease brought on by sensitivity to airborne pollutants and industrial chemicals. Carol ends up isolating herself further and further—from her sunny, fad-dieting friends; bland and imperious husband; and petulant stepson—until she has confined herself to a makeshift bubble on a New Age reservation for those suffering “environmental illnesses,” presided over by Peter Dunning (Peter Friedman), an HIV-positive guru who incants, during his weekly sermons, “We are one with the power that created us. We’re safe and all is well in our world.”

For Carol—agitated and ignored, quarantined in the suburbs for fear of contamination by racialized crime, promiscuity, and AIDS—isolation is both sickness and cure. “It’s made me… more aware than I used to be,” Carol says. End-of-history capitalism generates Carol’s unease; deep ecology and wellness culture, a way to name it but not face it. At the end of the film, Carol remains sick, sicker than ever, endowed with a heightened sense of control, but utterly alone. She is free from the implications of her middle-class life but ensconced in a new form of false community and self-abnegation.

Like Carol’s illness, my paranoia about digital hygiene was both real and neurotic—a displaced anxiety exacerbating the conditions that gave it rise. We’re unsafe online because we’re exposed, but the more rigorous our efforts to reduce exposure, the more difficult it is to communicate, to reach beyond our padlocked doors. We become safe and inaccessible, secure and isolated, unable to assuage the loneliness that attracted us to digital spaces in the first place. Those who become obsessed with security culture tend to find themselves communing only with others similarly obsessed—and aware.

“Privacy is the right to a self,” Edward Snowden said in 2016. “…what gives you the ability to share with the world who you are on your own terms.” Which is a very stupid thing to say. Privacy of this sort, an ungovernable internal space where the individual crafts himself from his own mind, has only ever been available to a tiny fraction of people—and even then, only as a satisfying fantasy. Most of us live lives of interdependence, of social and psychological entanglement, out of necessity. We don’t have a choice. We should champion privacy (and tools to secure it) out of allegiance to each other, not to ourselves. Surveillance is most pernicious in its capacity to destroy the bonds of community, to isolate us from one another. What good is being “safe” if we forget how to love?

We have every reason to mistrust a system that coerces self-exposure while systematically degrading self-ownership. Surveillance capitalism is premised on our inability to control the many little pieces of ourselves we’re induced to fling across the web as a condition for membership in digital life. (In terms Carol White would appreciate, the security experts call these traces “digital exhaust.”) The desire to minutely calibrate the contours and shadows of our online reflections is both reasonable and neurotic. I do wish there was a more widely guaranteed “right to a self.” But I wouldn’t call that right “privacy.” And I don’t think we’ll achieve it through cryptography or solitude—as Warren and Brandeis famously put it, being “let alone.” We’ll have to become more contaminated by each other, not less, before we can all enjoy a life not so encumbered by unchosen obligation, one organized around our own desires and needs rather than the pecuniary motives of rich young introverts in California.

The pandemic has produced similar predicaments: how to distinguish our neuroses from epidemiological prudence, to derive solidarity from an ethical demand for self-isolation. I use simple encryption tools like Signal for the same reason I wear a mask, as an act of care. It’s a necessary, not sufficient, condition for building the world we want. The only solace I’ve found is to focus outward, not on my own safety, but on the safety of others—especially those more vulnerable than me. You’re not special. You don’t have anything to hide. But someone you love might.

Secrets have their place. A year ago, I learned that my girlfriend had kept an important secret for her ex-boyfriend. The information it contained was not personal but professional, and in an oblique way, relevant to me. In other words—equally vague—the secret was something I’d have liked to know but had no right to. Indeed, all of her obligations regarding this information remained to him. It’s the least we can ask of those we have loved or who have loved us. (As Lucinda sings, “All I ask / Don't tell anybody the secrets / I told you.”) Nonetheless, her failure to betray his secret to me felt like a betrayal. Its revelation ignited an invisible line, connecting her back to him—and him to me.

A friend recently told me that secrets don’t really exist until they’re shared, or, at least, the difference between a thought and a secret is the fear that it will be revealed. My girlfriend had succeeded in keeping her ex-boyfriend’s secret because she forgot she knew it; it wasn’t very interesting to her. It only became a secret again in retrospect, when I learned it and (stupidly) confronted her about it.

There was no resolving that conflict, its tangle of obligations, that would satisfy me; I was a bystander, pained primarily by my own narcissism. But the experience reminded me that secrets have an extraordinary power to bind us together, to generate the intimacies that kindle solidarity. When enough people know a secret, it becomes a plot. Among co-conspirators, safety is not a selfish burden but a communal necessity. In such circumstances, I recommend using Signal.

Sam Adler-Bell is a freelance writer in Brooklyn. He co-hosts the Dissent magazine podcast, “Know Your Enemy.”