Where did I put it? Loss of vital crypto key voids election

Feedback is our weekly column of bizarre stories, implausible advertising claims, confusing instructions and more

Locked out

The phrase “you couldn’t make it up”, Feedback feels, is often misunderstood. It doesn’t mean there are limits to the imagination, but rather that there are some developments you can’t include in a fictional story because people would say “oh come on, that would never happen”. The trouble is, those people are wrong, because real life is frequently ridiculous.

In the world of codes and ciphers, one of the more important organisations is the International Association for Cryptologic Research, described as “a non-profit organization devoted to supporting the promotion of the science of cryptology“. The IACR recently held elections to choose new officers and directors and to tweak its bylaws. Being cryptographers, they did so in a clever way: they used Helios, an online platform that promises “verifiable online elections”.

Helios is really quite clever. Every vote is tracked, so you can check that yours has been received and that it hasn’t been altered – apparently making tampering impossible. At the same time, each vote is completely secret. The system “uses advanced cryptographic techniques to combine all of the encrypted votes into an encrypted tally, and only the tally is decrypted“.

But how does the tally get decrypted, you may ask? Well, an organisation must designate a number of trustees. The IACR picked three, each of whom was given one-third of the cryptographic key. To decrypt the tally and see the results, all three trustees had to input their bit of the key. This was an all-or-nothing process: one or two bits of the key wouldn’t get you even a partial decrypt.

And so, the inevitable happened. “Unfortunately, one of the three trustees has irretrievably lost their private key, an honest but unfortunate human mistake, and therefore cannot compute their decryption share,” wrote the IACR on 21 November. “As a result, Helios is unable to complete the decryption process, and it is technically impossible for us to obtain or verify the final outcome of this election.”

The IACR has had to void the election and start the whole process again. This time, it says, “we will adopt a 2-out-of-3 threshold mechanism for the management of private keys, and we will circulate a clear written procedure for all trustees to follow before and during the election”. Feedback is keen to examine that “clear written procedure”, if only to find out whether the first page reads “DON’T LOSE IT” in massive bold type.

We are also fascinated by the capacity of what the IACR calls a “human mistake” to cut through even the most ingeniously designed system. Every time some Silicon Valley hype-man tells us that human-level artificial intelligence is imminent, we groan inwardly, because the first human-level artificial intelligence will presumably be on a par with the average person – and, well, have you met people?

Float like a raisin

The capacity of science journalists to come up with new and interesting units of measurement never ceases to amaze. On 17 November, The New York Times ran a story about “a tiny solar-powered radio tag that weighs just 60 milligrams and sells for $200”, which entomologists are using to track monarch butterflies on their migrations across North America.

Anthony Weaver flagged a sentence that tried to convey how much a tag weighs compared with its porter: “Most monarchs weigh 500 to 600 milligrams, so each tag-bearing migrator making the transcontinental journey is, by weight, equivalent to a half-raisin carrying three uncooked grains of rice.”

Feedback thinks we can all agree this makes it much clearer, in a way that saying “about a tenth of your body weight” just wouldn’t achieve. Or, as Anthony says: “As I picture myself as a half raisin on a transcontinental journey, carrying rice to Mexico, I finally understand firsthand how butterflies feel about science.”

No, this isn’t an invitation to send in similar examples from the pages of New Scientist. Don’t even think about it.

The boys’ club

Feedback isn’t on social media because, quite frankly, we don’t have the mental energy to work out how to get eyeballs on half a dozen distinct sites that all use radically different algorithms. Nevertheless, we do keep half an eye on things, so we were intrigued to learn of an impromptu experiment on LinkedIn. Women on the site changed their names and pronouns to appear male, then saw their engagement rocket.

For instance, social media consultant Simone Bonnett changed her pronouns to “he/him” and her name to “Simon E”, then saw her profile views increase by 1600 per cent, according to The Guardian. Others saw similar spikes. As a control, Daniel Hires, who incidentally has the perfect LinkedIn name, tried the opposite. “I changed my name to Daniela for 4 days,” he wrote. “The result? Day 1: reach down -26%”.

Now, Feedback must tell you that, according to LinkedIn’s Sakshi Jain, the site’s “algorithm and AI systems do not use demographic information (such as age, race, or gender) as a signal to determine the visibility of content, profile, or posts in the Feed”. We don’t doubt it, but we also thought that unintentional emergent effects were a major driver of algorithmic bias.

Meanwhile, Feedback is in the process of setting up our brand-new LinkedIn page. We’re going to call ourselves Mansplain.

Got a story for Feedback?

You can send stories to Feedback by email at feedback@newscientist.com. Please include your home address. This week’s and past Feedbacks can be seen on our website.