**FORMATTING POWER OF “MATHEMATICS IN A PACKAGE”:**

**A CHALLENGE FOR SOCIAL THEORISING?**

*Abstract*: In this paper we, firstly, want to give
an example of “mathematics in a package” to which we relate most of the
rest of our considerations. The package we will open and look into is a
encryption packages used for the secure transfer of files and emails over
the Internet. In particular, we will locate some of its mathematical content.
In this way we want to clarify the question *“What is in the package”*

Secondly, we want to emphasise that
this package operates in a way more “real” than clusters of mathematical
theorem and results normally do. Although the package represents knowledge,
and mathematical knowledge in particular, it does not operate simply as
a cluster of theoretical knowledge. It becomes relevant to ask: *“Whose
package is it?”* as it has become part of our social and economic reality.

Thirdly, we want to clarify the question *“What
could be done by means of the package”.* In the clarification we will
be more specific about the thesis of the formatting power of mathematics,
which condense the idea that mathematics operates almost everywhere,
and that this operation has a social significance. The aspects of the
formatting power which we will examine are: (1) By means of mathematics
it is possible to provide new space for socio-technological action. (2)
By means of mathematics it is possible to investigate details of a hypothetical
situation. (3) Mathematics becomes “locked in” in reality and becomes
inseparable from other aspects of society.

Fourthly, we want to discuss the question: *“What
does these observations mean to social theorising?”* In particular
we will consider what our observations related to the formatting power
of mathematics may have of implications for social theorising in general.
An understanding of how mathematics may be operating is not only of relevance
for the philosophy and the sociology of mathematics, but also for social
theorising in general. In particular, notions like “thrust”, “risk” and “reflexivity” must
include the study of mathematics based technological actions in order
to provide adequate interpretation of the propensities of the “informational
society”.

People wake up to a world where their level of health can be determined for them by quantified comparators such as weight, height, blood cholesterol level, and other measures of their physiological machinery. Furthermore, they are able to “fix” some of their deficiencies by taking appropriate dosages of vitamins and other drugs correlated mathematically to their particular physiological indicators. For many working people across the industrialised world, the working day is determined by some form of industrial award which specifies the number of hours, if not which hours, they are expected to work.[1] Increasingly, the work done is translated into performance or productivity measures, which in turn can be calculated into performance based pay. The business risks that organisations decide to take are based on a range of quantitative cost-benefit analyses. Out of ones daily or fortnightly pay, a certain amount is set aside for superannuation whose rate of contribution and returns are based on complex actuarial calculations. Coming home from work, people sort through their mail, and perhaps they will find that the rates are due on their property - perhaps there has been an increase due to a higher valuation of their property. In addition to this excessive quantification, which have a direct impact on ones life and identity, there is the mathematically determined wider environment in which people operate. Thus, models of the national economy determine “acceptable” levels of unemployment, immigration quota, inflation rates, interest rates; assessment of public risks, such as pollution levels, that are deemed acceptable or otherwise through some “scientific” models. And so on.

Investigators of the social studies of mathematics have examined society’s increased propensity for measuring and quantifying social phenomena, reliance on mathematically based “intellectual technologies” to replace human decision-making, and use of “inscription devices” to abstract and categorise physical and non-physical features.[2] Such studies focus on the processes or effects of quantifying aspects of social and physical phenomena, and how this may in turn mediate social interactions. This paper also examines manifestations of mathematics in society. In particular we shall try to condense these observations into a theses of the formatting power of mathematics. Furthermore, we shall argue that these observations are essential to any social theorising.

What is of interest to us is the sharp contrast between the impotence of mathematics claimed by the mathematician G.H. Hardy and the central role that his very area of mathematics, Number Theory, has played in the invention of a fundamental social condition in the new electronic environment. We let Hardy represent the extreme position that mathematics can be considered as “gentle and clean” as it has no social impact. We contest Hardy’s claim: “If the theory of numbers could be employed for any practical and obviously honorable purpose, if it could be turned directly to the furtherance of human happiness or the relief of human suffering, as physiology or even chemistry can, then surely Gauss nor any other mathematician would have been so foolish as to decry or regret such applications. But science works for evil as well as for good (and particularly, of course, in time of war); and both Gauss and lesser mathematicians may be justified in rejoicing that there is one science at any rate and that their own, whose very remoteness from ordinary human activities should keep it gentle and clean.”[3]

In contrast to Hardy’s indications, we find that mathematics operates almost everywhere, and that it operates as an integrate part of the socio-technological structures of today’s society. The notion of technology we are going to use is broad, including social, economic, cultural, military devises. When we want to emphasise that by technology we not only thing of its mechanical aspects but also of its manifestations in forms of operations and decision making, we shall talk about technological actions. Sometimes also about socio-technological actions in order to emphasise the broad implications of such actions. In particular, we shall examine the construction of “trust” from fundamental results in Number. We shall conduct our analysis by discussing the following four questions.

First, we want to give an example of “mathematics in a package” to which we relate most of the rest of our considerations. The package we will open and look into is a encryption packages used for the secure transfer of files and emails over the Internet. In particular we will locate some of its mathematical content. In this way we want to clarify the question “What is in the package”

Secondly, we want to emphasise that this package operates in a way more “real” than clusters of mathematical theorem and results normally do. Although the package represents knowledge, and mathematical knowledge in particular, it does not operate simply as a cluster of theoretical knowledge. It becomes relevant to ask: “Whose package it it?” as it has become part of our social and economic reality.

Thirdly, we want to clarify the question “What could be done by means of the package”. In the clarification we will be more specific about the thesis of the formatting power of mathematics, which condense the idea that mathematics operates almost everywhere, and that this operation has a social significance. The aspects of the formatting power which we will examine are: (1) By means of mathematics it is possible to provide new space for socio-technological action. (2) By means of mathematics it is possible to investigate details of a hypothetical situation. (3) Mathematics becomes “locked in” in reality and becomes inseparable from other aspects of society.

Fourthly, we want to discuss the question: “What
does these observations mean to social theorising?” In particular we will
consider what our observations related to the formatting power of mathematics
may have of implications for social theorising in general. An understanding
of how mathematics may be operating is not only of relevance for the philosophy
and the sociology of mathematics, but also for social theorising in general.
In particular, notions like “thrust”, “risk” and “reflexivity”, which play
a role in works of Giddens and Beck, represents aspects of the formatting
power of mathematics in. In developing a social theory of new social networks
on *terra-silica*, one must be aware that the nature of the social
interactions which can occur is founded as much on how mathematical capabilities
are appropriated as it is on the patterns of interactions which people
are used to on *terra-firma*. As a consequence, a part of the sociological
study of the dynamics of virtual networks and of the “informational society”,
as coined by Castells, must include the study of mathematical theories
and results as key “actors” in that socio-technical environment.

**What is in the package? **

Encryption, the process of encoding messages to achieve confidentiality, is a technique which could most readily be associated with warfare - coding of secret strategic information about enemy movements, dissemination of false information to fool enemy intelligence, leakage of intelligence information, and so on. Interest in cryptography, the study of encryption systems and methods, has now expanded far beyond the military sphere into the wider social spheres of commerce, and to personal communications. Thus, a particular encryption software system as PGP (Pretty Good Privacy), can offer new socio-technological possibilities. This in turn can disturb alter forms of social relations in potentially profound ways.

PGP is a software package that was released in 1991 by a private individual Phil Zimmerman (rather than a commercial software firm) in the USA to provide electronic mail and file storage security. PGP is one of many security packages that incorporate encryption systems. PGP supports the basic cryptographic services expected of an electronic mail security system, namely, confidentiality and authentication. Confidentiality means protection from unintended parties reading the contents of the message or file being transmitted, and authentication means the assurance of the correct identity of the message source and the integrity of the message (that is, that the message has not been changed).[4]

Before we start examining PGP in detail,
we will make some comments about cryptography in general. Suppose we call
the original message or the “plaintext” *P*. Then the secret message
or the “ciphertext” *C* is produced by a transformation of *P* by
an encryption function, say *E*. The relationship between *P* and *C* can
be represented by:

*C* = *E*(*P*)

The encryption function should have the property that

*P*1 ¹ *P*2 Þ *E*(*P*1) ¹*E*(*P*2),

that is, different messages are encrypted
into different ciphertexts so that ambiguity does not occur. “Decryption” is
the process of recovering the plaintext from the ciphertext through some
function *D*:

*D*(*C*) = *P*

The functions *E* and *D* should
have the property that

*D *° *E*(*P*) = *P*[5]

Thus, if the plaintext *P* is encrypted
and the result decrypted, the result should be the plaintext P itself.
Stated in another way, the function *D* is the inverse function of *E*:
the decryption function reverses the action of the encryption function.

To
give an example, Ludwig Wittgenstein was known to use a simple cryptographic
tool when he wrote his private remarks: the first letter of the alphabet *a* was
substituted by the last letter *z*, the second *b*__,__ by
the second to the last, *y*, and so on. In this way the message: *P*: “this
is a secret” will be encrypted as *C* = *E*(*P*): “eqpf
pf z ftvgte”. In this particle example we have the *D* is identical
to *E*.

Modern cryptography refers to encryption and decryption functions that take the form of mathematically based computer algorithms. In talking about modern encryption, we are assuming a computerized process where the original message in natural language has already been converted into a suitable machine-readable representation. In fact, we can think of the machine-readable representation as a number, i.e. we can think of P as a number.

Encryption and decryption algorithms, except possibly those used in military and intelligence work, are public algorithms. One can purchase (or in the case of PGP freely download) these encryption packages. Although it may appear that making algorithms public would make encrypted communication less secure, the consensus has been on the contrary.[6] Because the algorithms themselves are public, confidentiality is established by the secrecy of a “key”. The key is necessary for the execution of an algorithm.

Modern cryptography can be classified into two distinct approaches: (1) conventional, single-key or symmetric cryptography, and (2) public-key or asymmetric cryptography. Symbolically, these processes of encryption and decryption can be represented by the equations:

*C* = *E**K1*(*P*)

*P* = *D**K2*(*C*)

where *E**K1* is the encryption algorithm using the
key *K1*, and *D**K2* is__ __the decryption
algorithm which uses key *K2*. For conventional encryption the two
keys *K1* and *K2* are the same, while for public-key encryption
they are different.

The
big step forward in cryptography was to avoid the need to use the same,
or closely related, keys for encryption and the decryption. Using the same
key for encryption and decryption requires a system of key distribution.
Somehow the key which has to be kept secret between the two communicating
bodies must be safely distributed from whoever generates the key to the
other. Any capture of this key by a third party compromises the confidentiality
of the communication. The public-key system, on the other hand, relies
on an “asymmetric”, or two key system. In this system, each party has a “public
key” which is known and shared by both the sender and the receiver (and
which could be known to the wider public without compromising the security
system), and a unique “private key”. Hence, a message is encrypted by a
sender *A* using the public key *K1* of the receiver *B*;
this message, however, can only be decrypted by the intended receiver *B* using
their private key *K2*, which even the sender does not know. The strength
of the public-key schemes is based on the difficulty of determining the
private key *K2* from the knowledge of the public key *K1* and
the ciphertext *C* alone.

PGP uses a combination of conventional encryption techniques and public key encryption techniques to achieve confidentiality of e-mail transactions. It is the public-key encryption schemes used in PGP that we will be examining in some detail.

At the surface where PGP is implemented
and used, PGP’s mathematical artefacts are invisible. People implementing
PGP would typically download from the Internet or purchase from a vendor,
a whole package within which the various public-key and symmetric algorithms
reside. Whilst in some cases, a version of PGP may offer options in features
such as key sizes, the user would not look beyond the technical specifications__ __of
the product to determine whether or not it is the appropriate, machine
compatible product to buy. Nor would the user need to be conversant with
the mathematical theories behind cryptographic algorithms. The package
would have a user-friendly interface which guides the users through the
process of getting encryption-enabled; encrypting a message; decrypting
a message; and digitally signing a message.[7] For the users, the power of the product
is entrusted not in what they understand of the mathematics upon which
the algorithms are constructed, but in the vendors of the package with
whom they deal, and or the reputation that the whole package has established
among relevant professional communities.[8]

The PGP package is made up of a collection of modular entities; for example, encryption algorithms such as IDEA (International Data Encryption Algorithm) and RSA (Rivest-Shamir-Adleman[9]) have been separately developed, tested and distributed, and have been appropriated to be building blocks of PGP. The design of PGP ensures that these algorithms are “seamlessly” linked to serve the overall functions of PGP. When we ask “what mathematics makes up the package?”, we are effectively asking what mathematics underpins each of the different algorithms within the package. We will focus on the mathematics which underpin the RSA public-key algorithm used in PGP, i.e. the algorithm by means of which public and private keys are generated Effective encryption systems requires two key features. It must be easy to implement, but difficult to compromise. For public-key systems, implementation involves the generation of the public and private keys. Compromising the system involves among other things determining the private key from knowledge of the public key and possibly some ciphertexts.[10]

The class of mathematical functions upon which the designers of public-key systems have employed to achieve the requirements of the systems is what is known as “trap-door one-way functions”. These are functions where the function values are easy to compute, but where, given the function and a function value, it is difficult to compute the value(s) which the function acted upon, without additional information. An example of this is a function that takes two prime numbers and computes their product; multiplying two prime numbers is simple, but determining the prime factors of an arbitrary number, especially a large number, is difficult. This prime-factorization problem is in fact the mathematical basis of the RSA public-key algorithm.

The
main role in this public-key algorithm is played by two prime number *p* and *q*.
As any numbers, *p* and *q* can be multiplied, and we get *n* = *pq*.
However, if *p* and *q* are large enough primes, it will be very
difficult to determine *p* and *q* from *n*, even knowing that *n* is
a product of two primes. The degree of this difficulty represents the degree
of security in the PGP system. So, for the constructor of a system, it
is essential to get hold of two large prime numbers. For the hacker it
becomes essential to factorize.

Of particular relevance in the design of a public-key encryption system is a result dating back to the days of Euclid. There exist infinitely many prime numbers. A proof of this was constructed by Euclid, and the statement of this result is known as Euclid’s Theorem. The implication of this theorem on the analysis of encryption schemes is two fold: a hacker trying to determine the private key would have to go through the process of searching for a pair of prime numbers over an infinitely large set, while those generating the key pairs have the benefit of an infinite set from which to choose a suitable pair of prime numbers. From both perspectives, number theoretical issues becomes relevant. For instance, how difficult is it to get hold of large prime numbers? The number of primes between 1 and 20 is ###, while the number of primes between 101 an 120 is ### Does the density of primes decrease dramatically, when we search among large numbers? The answer given by the Prime Number Theorem is: “yes, but not too much”.[11] For the hacker, this is a discouraging result. Their search for possible prime pairs does not become easier as the search set increases in size; for those generating the keys, they can be assured that they have a fair chance of striking a suitable prime number no matter how large a prime number they wish to have.

While
the search for prime factors of a given number *x* may be laborious,
the Fundamental Theorem of Arithmetic states that any natural number can
be factored into prime numbers in one and only one way (if we do not consider
the order of the factors). This effectively means that once a hacker finds
a set of prime factors whose product is the original compound number *x*,
they need not search further because these are *the* prime factors.
The Fundamental Theorem of Arithmetic also ensures that, when properly
chosen, the properties *P*1 ¹ *P*2 Þ *E*(*P*1) ¹*E*(*P*2) and *D *° *E*__(__*P*__)__ = *P *can be acknowledged.

In order to construct a system of encryption,
two large primes *p* and *q* has to be identified. The product *n* = *pq* is
calculated. Using classical results from Number Theory and given the number
n it is possible to determined two other numbers, *e* and *d*.
The public key *K1* is then the pair (*e*, *n*) and the
private key *K2* is (*d*, *n*). The process of both encryption
end decryption becomes simple mathematical procedures, just involving simple
arithmetic calculations. Thus, encryption** **is achieved by
:

*C* = *P**e* mod *n*

and decryption** **by:

*P* = *C**d* mod *n*

Thus encryption means raising the plaintext
(the number) *P* to the power of *e*, and dividing the result
by *n*.[12] The
ciphertext C will then be the rest. Decryption will mean raising the the
ciphertext C to the power of d and dividing the result with *n*, the
rest will be the plaintext P.

The
product of the two primes is no secret, as *n* is part of the public
key (*e*, *n*). The calculation of the number *d*,* *however,* *will
break the code. The calculation of *d* is in fact also simple, in
case we know the two primes which multiplied gives the result *n*.
So, breaking the codes ends up in the task of making a prime number factorisation.
Constructing a code, on the other hand means identifying two fairly large
prime numbers.

Although factoring is a simple process to describe mathematically, it is a time consuming task when we are working with large numbers. “At present, a 200-digit number that is the product of two 100-digit numbers cannot be factorised in any reasonable time ... In fact, not so long ago, the most efficient factoring algorithms on a very fast computer were estimated to take 40 trillion years, or 2000 times the present age of the universe.”[13]

This result appears amazing. Thus, it takes less that three lines (using the print on the present text) to write down a 200-diget number. And this three-line number will provoke a task beyond the shared effort of all computers of the world. Drawing as well upon all present mathematical knowledge.

If we study classics in Number Theory,
like *Elementary Number Theory* by Hardy and Wright, then it is clear
that no kind of applications to anything external to pure mathematics are
considered.[14] The study stays well within the walls
guarding the purity of mathematics from the contamination of the real world.
However, the significance of a mathematical theorem is relative to its
contexts. When a theorem is presented in relation to the derivation of
another theory or in a textbook, it might appear “clean and gentle” and
insignificant as far as its social impact is concerned; but when it appears
in an application package, such as PGP, its significance may be completely
different. In fact, this change of significance is an essential new departure
point for the philosophy of mathematics. In this section we will consider
how a number of what may be regarded as classical or fundamental results
in Number Theory, namely, Euclid’s Theorem, the Prime Number Theorem, Euler’s
Theorem, and Fermat’s Little Theorem have come to acquire significance
well beyond the walls of pure mathematics.

The
effectiveness of the RSA algorithm described earlier, and in particular,
its key generation algorithm, rests heavily on the ability to find suitable
pairs of primes *p* and *q*. To this end, one of what Hardy calls
a “real” mathematical theorem is central, Euclid’s Theorem. Hardy [OS1]states: “... Euclid’s theorem is vital
for the whole structure of arithmetic.[15] The primes are the raw material out of
which we have to build arithmetic, and Euclid’s theorem assures us that
we have plenty of material for the task”.[16] However, Hardy assumes that as important
as this theorem is in building the theories of arithmetic, it has little
practical relevance: “There is no doubt at all, then of the "seriousness" of
either [Euclid’s or Pythagoras’s] theorem. It is therefore the better worth
remarking that neither theorem has the slightest ‘practical’ importance.
In practical applications we are concerned only with comparatively small
numbers ... I do not know what is the highest degree of accuracy which
is ever useful to an engineer - we shall be very generous if we say ten
significant figures .... The number of primes less than 1,000,000,000,000
is 50,847,478: that is enough for an engineer, and he can be perfectly
happy without the rest.”[17] Hardy not only predicts incorrectly the
uselessness of Euclid’s Theorem, but also the critical importance on the
size of numbers for some engineering applications. It is recommended that
the size of the prime numbers for RSA encryption is in the order of 75-150
digits.[18]

However, it is not enough that Euclid’s Theorem tells us that prime numbers are abundant. In RSA (and other similar algorithms), it is critical, not only that these numbers can actually be found in principle, but that they can be found efficiently. Because there is no known way of analytically generating prime numbers, a search algorithm, one being the Miller-Rabin algorithm which involves testing the primarity (whether a number is prime or not) of a randomly selected number, is used.[19] The search is a probabilistic one, which identifies whether or not a random number has a high probability of being prime. The search for prime numbers can be compared with the search for gold and diamonds.

In order to have any confidence that a computer search algorithm has any practical potential, however, we need also to have some assurance that prime numbers occur “often enough” in the random search of the infinite set of integers. As mentioned, the Prime Number Theorem provides us with the assurance about the frequency of occurrence of primes that is needed. This theorem is another of what Hardy calls a “deeper” theorem of mathematics: “When we ask these questions, we find ourselves in quite a different position [to the shallower inquiry which can be handled with Euclid’s Theorem alone]. We can answer them, with rather surprising accuracy, but only by boring much deeper, leaving the integers above us for a while, and using the most powerful weapons of the modern theory of functions. Thus the theorem which answers our questions (the so-called Prime Number Theorem) is a much deeper theorem than Euclid’s or even Pythagoras’s.”[20] But the theorem does not simply provide us with a pure knowledge of Natural Numbers. It gets significance not observed by Hardy.

Another theorem which takes on a new significance in the light of the implementation of the algorithm for searching for prime numbers is Fermat’s Little Theorem.[21] Propositions derived from Fermat’s Little Theorem give an upper bound on the probability of a number being composite; at this point in time, this is the best sort of test that is practicable.[22] Another Number Theoretic result known as Euler’s Theorem forms the basis for producing the desired encryption-decryption relationship to make the algorithm achieve its cryptographic purpose.[23]

As resources for implementing a software package, “old” pieces of mathematical results are brought into play, not only to provide the basis of a central algorithm as Euclid’s Theorem does for RSA. They also provide a resource for deriving efficient ways of implementing the algorithm and as an insurance that certain checks are adequate.[24] Thus, the mathematical theorems such as those mentioned above become the basis of trust that people implicitly invest in a package such as PGP to provide secure communication.

In particular the thrust is based on the difficulty of making prime factorisation of a big number. This is a mathematical observation, as mathematical research not yet has been able to provide an efficient algorithm. But it is not proved impossible to identify much more efficient hacker-friendly algorithms. In this sense the degree of security depends on the present state of mathematical research, and furthermore on how this research is conducted in terms of publicity of relevant results.

Although we have indicated the number of classical mathematical results that have acquired new significance in cryptography, we also need to note that mathematical results in new areas of mathematics have also been incorporated into cryptography. To give one example, bounds on how hard the problem of a brute force attack by prime factorisation is in terms of computational effort, are derived from results in a relatively new field of mathematics, complexity theory. This theory provides us with the rate of growth in computational effort when key sizes are increase, i.e. the number of decimals of the prime numbers in question. Thus not only are classical mathematical results being applied in new areas of practical significance, they are also being challenged for their “truth” value, in a practical sense..

We have now got an impression of what is in the package. Let us now look at the package as a whole entity. This makes sense, even though the package is made up by mathematics. By discussing the two questions “Whose package is it?” we will try to illustrate in what sense mathematics “materialise”. Questions addressing the package is quite different from questions we can address bit and pieces of mathematical knowledge. The classical perspective of the philosophy of science and of the philosophy of mathematics becomes inadequate. The package is a new entity.

If those pure mathematicians who generate the resources for cryptography stay at an arm’s length, or further, from the applications of their results, who are the social actors who package these results into packages such as PGP? How do these people interact with each other? Do their interactions represent a new pattern of knowledge production, or are they similar to those in the traditional paradigm of mathematical research?

As already mentioned, PGP was written by Phil Zimmerman, who was fascinated by cryptography, and found a career niche in the area in college when he started to seriously research the literature and publish in the area.[25] As will become clearer, the birth of PGP is attributable to a combination of his fascination with cryptography and his ideological conflict with the US government. Specifically, PGP is claimed to have been “proposed as counter-terrorism legislation which would have placed limits on the use of encryption technology by U.S. citizens”.[26] The intention was that PGP would become available before this law came into effect, even though the Bill eventually failed to be passed into law.

Being “needs driven”, especially where the need is related to some practical political and legal developments, the creation of PGP can hardly be compared to the derivation of the sorts of “useless” results and theorems in Number Theory. PGP is an applications package, developed with the full intention of use. Zimmerman released the package on the Internet, making it freely available to the public. This immediately constituted a breach of the US Arms Export Control Act, and constituted illegal export. In particular, PGP, being an encryption software, was one of the items listed in what is called the US State Department’s Munitions list, a list of items that cannot be exported with a special license, and which includes other items such as machine guns, missiles, and bombs.[27]

Zimmerman was then further challenged by RSA Data Security, the company holding the patent for the RSA algorithm, for theft and infringement of their patent, because according to them, PGP resembled a proprietary software written by Rivest of RSA Data Security, and marketed in the mid 1980s.[28]

By releasing the technology on the Internet, Zimmerman gave the “average” US citizen a powerful tool for protecting their privacy from government authorities. According to Zimmerman: “I wrote PGP from information in the open literature, putting it into a convenient package that everyone can use in a desktop or palmtop computer. Then I gave it away for free, for the good of democracy. … This technology belongs to everybody. …Today, human rights organizations are using PGP to protect their people overseas. Amnesty International uses it. The human rights group in the American Association for the Advancement of Science uses it. It is used to protect witnesses who report human rights abuses in the Balkans, in Burma, in Guatemala, in Tibet.”[29] Certainly, mathematics is in operation.

The free distribution of the package poses a direct threat to commercial and more highly guarded systems, while providing ready access to anyone wanting to acquire and implement a secure e-mail system. The free access has in fact posed direct threats to RSA Data Security, Inc who holds the patent for RSA algorithm in the USA (and which expires in the year 2000), and Zimmerman was accused by Data Security Inc of breaching the law by exporting PG. Free export of PGP also posed a direct challenge to the USA Government, and the NSA (National Security Agency), who have closely guarded the design of the DES algorithm used in PGP by legally limiting the key size to 56 bits, while the exported PGP enabled 128 bit keys to be used; this, in terms of security for the user is more advantageous, but for Governments who may want to intercept and access transmissions between ‘suspect’ entities is entirely inconvenient.

Mathematical knowledge, as expressed in theorems, conjectures and the like are made public through scholarly publications, and then diffused and distilled in textbooks, university lectures and academic meetings. So how can we understand the legal disputes about license and export regulations which surrounded the initial release of PGP? In PGP, as in other encryption and mathematically based software packages, we see a fusion of mathematical results, which together achieve certain functionalities as a package. The Fundamental Theorem of Arithmetic alone does not enable powerful encryption; however, its application to cryptography, together with a number of other mathematical results and reasoning, produces a powerful algorithm such as RSA. Being a complex algorithm, with specific functionalities, it acquires commercial, as well as political value.

It has been the assumption in every (classical) philosophy of science that knowledge is public. For instance, the whole notion of the “Third World”, as discussed by Karl Popper, expresses the idea that knowledge constitutes an entity which cannot be privatised. The entities of Popper’s Third World are not put into any package. They are claimed to be free flowing entities. But knowledge-in-a-package is different from knowledge-in-a-free-flow. It can be patented, it can be exported, it can also be made freely available. Knowledge-in-a-package operates completely differently from knowledge-in-a-free-flow.

The question “Whose mathematics is it?” does not really make sense. The answer appear rather simple. Mathematics is public. However, the question “Whose package is it?” is a tricky question. A “wrong” answer to this question could bring a person to court. Ownership can be maintained, and Robin Hood-like actions can be carried out. This shows that we have to with a particular entity which has left the realm of Popper’s Third World and entered the real world included all it business issues.

Mathematics can “materialise” out of its abstract entity of symbols and theorems and emerge as part of a functional entity that drives a computer package. This package provides a specific meaning to the more general claim, that knowledge and information become intellectual technology.[30] The package can be installed and implemented, and its implementation “makes a difference” on a number of fronts - social, political and technological. A package underpinned by mathematics, functions in sharp contrast to any “scientific theory”. It materialises into both the physical world and people’s economic and social reality.

What the examples of mathematisation cited in the Introduction and other numerous examples do not fully reveal are the mechanisms by which mathematics penetrate, pervade, and constitute reasoning in our socio-technological sphere.[31] What interests us here is not only that mathematics is being used to model social systems, but that mathematics is being used to create new social realities. We could talk about a packet-built reality. Thus, mathematics is no longer only attempting to provide a more or less adequate picture of reality from which certain conclusions can be drawn (for example, a map of a city). The utility of mathematics in providing a picture model of physical phenomena was what gave mathematics the “marvel” which Eugene Wigner wrote about in his famous essay “The Unreasonable Effectiveness of Mathematics in the Natural Sciences”.[32] But mathematics can do more than describe what is already there. Mathematics can also create and become part of reality itself, such as the socio-economic reality created and built further upon by mathematical models of an economic system. In this sense, we contest the limited notion that “mathematics and science help us to analyze existing ideas and their embodiment in ‘things’, but [that] these analytical tools do not in themselves give us those ideas.”[33] We argue here that mathematics operates in social and technological contexts and in doing so mathematics not only represents but also constitutes reality. Mathematics is not only operating in Popper’s Third World, say, as a servant for other of the inhabitants of this world as Natural Science for instance.

In this section we will concentrate more generally on how mathematics generates and constrains socio-technological actions.[34] We will see how mathematics, in particular, influences the way we construct our social realities and operates within the space of possible actions. It would be absurd to say that the space for possible socio-technological actions is constituted by mathematics alone, but we argue that mathematics plays a role in the construction of such spaces and also in the way we investigate and choose between alternatives. We will call the alternatives within a space of technological actions, hypothetical situations.

We shall try to clarify the question “What is done by means of the package” by consideing the following three ideas representing the thesis of the formatting power of mathematics: (1) By means of mathematics new technological alternatives are presented - alternatives that are not possible to grasp and identify without mathematics as a tool for analysis and construction. However, mathematics also limits the set of hypothetical situations that are presented, as mathematical construction is only one way of expressing a sociological imagination. (2) By means of mathematics we can investigate particular details of situations not yet realised. A particular strength of mathematics is to enable hypothetical reasoning, which refers to reasoning about technological details of a not yet realized technological construction. However, mathematics may also produce blind spots concerning the effects of such a not yet realized construction. Those effects cannot be foreseen and they emerge only when the technology has been implemented. (3) When choices are made and the technological ideas are translated into new technological and, hence, social realities, mathematics simultaneously “enters” this reality in a concrete form. Mathematics assumes an essential functional role within technological packages, and once that happens, the mathematical influences on this reality become inseparable from the other social realities in which it is acting. Mathematics will have become “socialised”.

We suggest that the three aspects are generally applicable to the role of mathematics as resources for socio-technological actions. However, we will discuss the aspects, first of all, with reference to the example of cryptography and PGP.

**By means of mathematics it
is possible to provide**

** new (maybe limited) space
for technological actions**

In the past a combination of logical operations and substitutions seemed adequate tools for encryption. However, large scale industrialised cryptography is not easy to handle with any classical approach. It would not be possible to imagine the development of public-key cryptography without the development in its mathematical basis. Informed by Number Theory, a completely new approach to encryption became identified. Naturally, it is not that Euclid’s Theorem, the Prime Number Theorem, Euler’s Theorem and Fermat’s Little Theorem to get with observations about trap-door one-way functions provide a new possibility. But scial and economic interest and mathematical resources creates new spaces for technological actions. In this way we can consider mathematics as an essential resource for a technological imagination, by means of which we grasp not yet realised technological alternatives

The technology of public-key encryption is by no means a product of “natural evolution” or accident. It is a product of a deliberate effort to improve on traditional cryptography that became increasingly inadequate as the sole approach to providing confidentiality and authentication for new cryptographic needs in the so-called information society. These two trends: the mathematical developments relevant to cryptography and the emergence of social needs, were catalysts in the conceptualisation of the possibilities for new alternatives in encryption.

That mathematics can open new spaces for technological actions, we see as a general observation related to mathematics. This is not limited to cryptography. Mathematics opens possibilities for new approaches in large scale economic management, by providing possibilities for experimenting with different economic politics by means of simulations models. Simulations models can in fact be used in any form of technological constructions, like design of bridges, airplanes, cars, etc. All such simulation models help to locate a space for technological actions within which to operate.

However, as mathematics opens a new space of technological actions, mathematics can also create blind spots for other openings and for different approaches to resolving threats to privacy. Mathematically based encryption only allows certain questions to be asked about the problem perceived in the present situation. If the solution space is defined within the bounds of mathematics, then fundamental changes in social relationships, for example, which are equally valid ways of addressing the perceived threat to privacy, may not be considered. The choices that are considered become limited to choices in encryption schemes and particular realizations of the schemes.

In viewing a threat to privacy as a problem of current methods of data communication, rather than a fundamental social problem, a “fix” of the technological process of communication by technological means becomes a “natural” alternative. Once the root of the problem is identified as a technological one, then this precludes a wide range of questions and possibilities by means of which the perceived problem is investigated. Thus, the notion of thrust and privacy may include many other aspects that those that can be tackled by proper cryptographic procedures. But such aspects may be downplayed when the space of possible solutions are created by mathematical tools

As mathematics opens new spaces for technological action, mathematics may also create limitations, as the identified technological possibilities may come to represent the only space for technological action. What mathematics does provide is, thus, both a new area for technological development as well as a trap, which encapsulates technological imagination, and separate it from other non-mathematically based forms of sociological imagination. This is a general observations related to all situations where mathematics establish a resources for opening spaces for technological actions.

**By means of mathematics it
is possible to investigate**

**(maybe rather particular)
details of a hypothetical situation**

By a combination of mathematical tools various investigations of particular details of encryption can be carried out. Complexity theory allows some approximate bounds to be made about how easily a hacker can succeed in determining the private keys of a public-key encryption scheme. Number theoretic tools such as “number sieves” provide cryptanalytic tools to assess the security of schemes such as RSA, and facilitate investigations of new sources of methods.

The point is that all such investigations can be carried out on the basis of hypothetical situations. We need not construct any actual system in order to investigate details of hypothetical situations. In fact, it is a strength of mathematically based technological imagination that it can be carried out on the basis of hypothetical situations. Mathematics helps designers of encryption algorithms to envisage hypothetical scenarios of hacking, or computer memory requirements, and so on, which are essential to meeting the functional requirements of the package. Mathematics helps us to predict the effectiveness of the algorithm design: for example, how many bits in the ciphertext would be affected with a change in one bit of the bit sequence of the key; or how many iterations are needed to realise a certain level of “confusion” and “diffusion”.[35]

However, mathematics only allows us to investigate particular details. So, when an encryption system is implemented, there might occur malfunctions, which simply has not been considered. Mathematically based hypothetical reasoning has limitations. It contains blind spots, and from these blind spot risk structures may emerge, such as the spread of a bug in the system in a potentially far-reaching way, because of the Internet environment in which systems such as PGP reside. Another risk is the effect of the technologically established "web of trust" being compromised in some way.

Although there are mathematical techniques of risk assessment, analysis and management, these tools are very limited in their use in the sorts of risk scenarios described above. Mathematical concepts of risks are expressed in terms of probability of a risk event, and the “cost” determined in some way of such an event. In situations where the probability is very very low (a very rare event), there is not the basis upon which to calculate the corresponding risks in any meaningful way. Hence in terms of encryption systems such as PGP, much “trust” is invested in the mathematical rigour of the system, but mathematics in unable to resolve the risks associated with the technology going wrong.

This also bring us to a general observation. A technological imagination, supported by mathematics, can address hypothetical situation, and can in fact investigate particular details of such an hypothetical situation. This is the general idea of providing any simulation model. Then it is not necessary to realise, say, the bridge construction for carrying out a detailed investigation of how it might operates in stormy weather with a maximum of car passing. And certainly such hypothetical reasoning may included blind sport. This is exactly behind the blind spots of mathematical based hypothetical reasoning addressing events related to not yet realised technological constructions, that the risk of the risk society emerge. The carefully estimated almost not existent risk related to the operations of atomic power plans illustrates both that decisions making is related to mathematical calculations, and also that mathematical based hypothetical reasoning contains blind sport.

**Mathematics becomes “locked-in” in “reality”**

**and becomes inseparable from
other aspects of society**

When installed, the PGP package becomes part of a larger technological construction, and it operates within this construction. This mechanical expression of the package is of interest to us. What remains to be seen of the mathematics when the cryptographic elements are built into a package? The interfaces with the user certainly reveal no traces of, for instance, Euler’s Theorem, Euclid’s algorithm, or any of the fundamental results of mathematics which underpin the logic of the encryption algorithm that is used. Many users would see PGP as a package within a bigger bundle, say an e-mail service, such as the commonly used Eudora software. In keeping with the nature of these higher level applications, the mode of interactions would be “user friendly”, with a pulldown menu which guides the user through the services which we might require, rather than through the underground corridors of the algorithms from where the essential services are being delivered.

Without the mathematics, there is no package.[36] Without the package there is no technological construction. As new rooms can be added to a house by using bricks and mortar, extensions can be added to the network society by using packages as bricks. The technological construction, however, is much more that the “machinery”. As mentioned in the Introduction, we see technology as inccluding also organisationan matters and proceedures for decision making. It also includes the construction of security and of thrust. .

Trust is established and secured by a mathematically based technology. For those arenas where encryption has become the norm, trust that has been a fundamentally social attribute has been transformed into a technologically defined attribute. Within these arenas, the social realities, therefore, are intrinsically determined by the technological package that characterises the nature of the relationships within them. Trust, security, privacy and several other social phenomena become reshaped in terms of spaces for technological actions made available by means of mathematics.

The inventor of the Diffie-Hellman key exchange (an optional key exchange algorithm within PGP) claims: “As human society changes from one dominated by physical contact to one dominated by digital communication, we will have many opportunities to choose between preserving the older forms of social interaction and asking ourselves what those forms were intended to achieve. ... The area in which technology can most clearly make a positive contribution to privacy is encryption. If we assert the individual’s right to private conversation and take measures in the construction of our communications systems to protect that right, we may remove the danger that surveillance will grow to unprecedented proportions and become an oppressive mechanism of social control. Fortunately, the fight for cryptographic freedom, unlike the fight against credit databases, is a fight in which privacy and commerce are on the same side.”[37]

That mathematics materialise and “socialise” is not just a phenomenon related to packages of cryptography. Mathematics has materialised in many systems for decision making. As indicated in the Introduction such decision can concern medical actions. It can become part of the design for working conditions. It is an integrated bard of the identification and measurement of risks. The estimations of “acceptable” levels of unemployment have reaches a new sophistication be means of simulation models. Thus, “acceptable” no longer simply refers to moral standards addressing how big a part of the adult population which should be left at the margin. Now acceptable also includes estimations related to the national product, to the level of salary, which is determined also by the degree of employment. Thus the notion of “acceptability” become re-interpreted in terms of detailed cost-benefit considerations by the help of mathematics.

Mathematics represents a powerful resource for socio-technological action: The space of technological actions is involved in rapid and unpredictable developments. New technological options are generated, but the implications of realising these options are only accessible by hypothetical reasoning. Technological developments are supported by mathematics, because mathematics often helps to establish hypothetical situations and analyse particular aspects of (some of) these situations. Eventually, mathematics becomes part of the social reality in which the technological actions are finally carried out.

We have illustrated this idea with reference to the PGP package. But we find that these three aspects of the formatting power of mathematics characterises general aspects of mathematics in action. We will now try to point out a few implications of this attempt to clarify the notion of the formatting power of mathematics. In particular, we will emphasise implications for social theorising. We find that it is essential to social theorising to pay attention of to how mathematics is operating in social affairs. Any social theorising which includes notions like “thrust” and “risk” are in need of a clarification of how such phenomenon is constituted also by means of mathematics. More generally, we find that overall sociological notions like “reflexivity”, which refers to the feed-back process which, according to Beck, provokes the risk of the risk society, needs an understanding of the formatting power of mathematics in order to obtain an adequate interpretations. An sociological interpretation of the “informational society”, to use a term suggested by Castells are in need of an understanding of how mathematics operates in packages, as mathematics stuffed packages are important bricks in the network of the network society. Naturally, mathematics does not in itself provide resources to establish new social forms and relations, but it represents society’s overall dispositions for socio-technological action. It can produce new spaces for socio-technological actions and help to specify aspects of this space. As a consequence we find that any theorising which address general features of social development, and which includes consideration expressed in terms of “thrust”, “risk”, “reflexivity” and “informational society”, must pay attention to the propensities for social development established by mathematics.

The unpredictability of the development of the space for technological actions is one of the forces in the development of “thrust” and “risk”.. In the encryption example the unpredictability of the degree of “thrust” and “risk” is closely related to the unpredictability of the results of mathematical research, for instance related to algorithm theory. The unpredictability is linked as well to the medium in which the package operates and is exchanged. The medium, that is the Internet, has a global reach, and so the Internet effectively plays a role in “selling” a new ideology. The risks that are perpetrated by the same medium are also cause for concern, and constitute another example of the sorts of incalculable risks that pervade our risk society. A fundamental problem faced by any encryption package is that when a hacker breaks the code, they will typically not let anyone else know. People using a broken encryption scheme may continue to communicate with each other, believing that the scheme is secure. Another risk, is the continued use of compromised encryption keys in public-key systems. The risk perceived by governments is that “unlawful” or politically subversive actions may be taking place without their knowledge. Any sociological understanding of the nature of the distribution of thrust and risk can draw upon an awareness of their mathematical constituents.

The formatting power of mathematics is elusive, unlike economic interests and political agendas. The formatting power is invisible. But being invisible does not mean being “not-real”. The powers of mathematics are able to interact with other “powers”. We find that the formatting power of mathematics is real, both in a physical sense (as for example, models of magnetic and gravitational forces), and in a sociological sense (as in models of economic and political forces), precisely because mathematics can interact with both kinds of power. And one of the implications of this interaction is the emergence of new risk structures. This provides an opening not only for an understanding of the nature of the risk society, but also for a further interpretation of the remark of Beck’s that “reflexivity” takes place outside the control of the democratic institutions of society (as well as outside the attention of sociology).[38] Refexivity refers to fundamental but unnoticed feed-back processes where the results and consequences of certain technological actions, returns to out reliaty, however in an unexpected form. Certainly not in a form which was conceptualised as part of the planning process. We can think of forms of pollution as an example of processes of reflexivity. The creation of new risk- structures is a more general expression of this observation.

If we want to obtain an understanding of social actions including the possible implications, it becomes important to consider how the space of technological actions functions in the process of social development. Social and political decision making is related to the creation and explorations of such spaces. In particular, it becomes important to consider the role mathematics is playing as a resource for both the construction and the exploration of particular details of hypothetical situations. Sociology cannot pursue its goal of providing a basic understanding of social agency without paying a special attention to the formatting power of mathematics. How can sociology interpret a society which resides and unfolds in terms of the “informational society”, without a sound appreciation of how the space of technological possibilities has come to unfold?

These observation can also be expressed in terms of suggestions for the philosophy of mathematics. This philosophy has concentrated on understanding the nature of mathematical knowledge, which has led to analyses of abstraction and formalisation.[39] Thus, analyses, as for instance carried out by Imre Lakatos, has concentrated on investigating particular mathematical ideas as part of a process of theoretical development. Lakatos fully accepted the idea that mathematical knowledge is part of Popper’s Third World, and he tried to describe the rational development of this free-flowing knowledge in terms of proofs and refutations. However, observations related to the formatting power of mathematics provokes a different emphasis in the philosophy of mathematics: How can it be that we are staying in a world in which so much mathematics in fact is operating? How do we cope with the living conditions of staying in this technological constructed environment? The new significance of mathematical formulae, which we have mentioned, becomes an essential departure point for any philosophy of mathematics which does not want to consider the constructions of mathematics form within only.

The significance of mathematics changes dramatically when the mathematical ideas are investigated as part of a package. This represents a unit of particular importance for understanding the social role of mathematics. The questions: “What is in the package?”, “Whose package is it?” “What technical effects does the package have?” represents new questions to be discussed in a philosophy of mathematics. It is a new task for the philosophy of mathematics to engage with mathematics-in-a-package in order to identify how spaces for technological action are constructed, and how a formatting power of mathematics might be exercised.

We have emphasised that by means of mathematics it is possible to provide new spaces for technological actions. Let us finally pay attention to the notion of “action”. Mathematics is a resources for actions of a grand variety. It is not the case that mathematics provides these actions with any particular quality. These actions must therefore be addressed by a critique and by ethical considerations as any other kind of action. In this way the thesis of the formatting power of mathematics shows the necessity of opening the considerations about mathematics in two ways. Thus, the philosophy of mathematics must open its perspective and consider what actions mathematics makes part of. And in particular, social theorising must open its perspective in order to include observations of mathematics based technological action in order to provide adequate interpretation of the propensities of the informational society.

We wish to thank Marten Blomhøj, Gunnar Bomann, H. C. Hansen, Mike Newman, Miriam Godoy Penteado, John Reizes, Carl Winsløw, and Warren Yates for their critical comments and suggestions for the improvement of the earlier versions of this paper.

Ole Skovsmose

Centre for Educational Development in University Science

Aalborg University

Fredrik Bajers Vej 7B

DK-9220 Aalborg Oest

Denmark

Tel: (+45) 96 35 97 80

E-mail: osk@dcn.auc.dk

Keiko Yasukawa

Faculty of Engineering/Faculty of Education

University of Technology, Sydney

PO Box 123 Broadway 2007

Australia

Tel +61 02 9514 2437

FAX +61 02 9514 2435

E-mail: keiko@eng.uts.edu.au

[1] The industrial award for clerical workers in the Australian Federal Government: A0299-Australian Government Employment Clerical 17 - HOURS OF DUTY AND OVERTIME makes such detailed specificationsSee for example the web site http://indrel.agps.gov.au/ (last accessed 14/9/2000) for a list of all Australian Federal Awards.

[2] The term ‘intellectual technology’ was
used by Daniel Bell to describe the “substitution of algorithms (problem-solving
rules) for intuitive judgements”. See __The Coming of Post-Industrial Society __(New
York,1973), 29. The concept of ‘inscription devices’ is attributed to Bruno
Latour. See for example __Science in Action__ (Cambridge, MA, 1987), 68.

[3] GH Hardy, __A Mathematician’s
Apology __(Cambridge, 1967), 120-121__.__

[4] Other security services offered by the software packages such as PGP are: message compression - for economically efficient storage and transmission of message; e-mail compatibility - for wide application with different e-mail systems; and message segmentation - for accommodating message size limits imposed by e-mail systems.

[5] Here, *D *° *E* means the composition of the two functions *E* and *D*,
where the function *D* is applied after the function *E* is applied
to a value.

[6] By publishing the algorithm, it becomes available to a large number of users. This provides a means of testing the strength of the algorithm; the fewer successful attacks made on an algorithm used by a large number of people - the greater assurance people can have on the strength of the algorithm against attacks. The public availability of a few statistically proven encryption algorithms is also advantageous from the point of view of compatibility. One would not have to exchange a new algorithm each time one establishes confidential communication with a new partner. The weakness of this argument, however, is that if anyone were to succeed in making a successful cryptographic attack, they would keep that secret in order to be able to continue their attack on subsequent messages.

[7]P. Loshin, __Personal Encryption:
Clearly Explained__, (Boston: Academic Press, 1998), 296-302.

[8]Indeed in recent training courses attended by one of the authors (Information and Network Security, and Practical Cryptography, offered by ACL Sydney, October 26 to 29, 1998) there were but a few network security professionals who were mathematically literate in the mathematical foundations of encryption; for most, the starting point was the ‘package’, and their main aims appeared to be gaining expert advice on the suitability of available products.

[9] The RSA algorithm was developed by Ron Rivest, Adi Shamir and Len Adleman at MIT in 1977, and released in 1978.

[10] Here we are considering cryptanalytic attacks, where the private key is sought by means of some systematic or analytic approach. This is in contrast to brute force attacks where a random trial and error approach is taken to determine the key, or the plaintext of a particular ciphertext.

[11] In fact, if p(x) is the number of primes p less than or equal to a number x then there is an estimate of this number for very large x:

__ __

The ratio x/*ln*(*x*)
approximates the number of primes less than *x*, as *x* becomes
very large. The relative “prime density” will therefore be *p*(*x*) = *x*/*ln*(*x*). The Prime Number Theorem
was proved in 1896 by Hadamard and de la Valleé Poissin The distribution
of primes raises many interesting and unsolved mathematical questions: Does
there exist infinitely many prime twins (those pairs of primes whose difference
is 2)? Can every integer: 4, 6, 8, 10, ... be written as the sum of two prime
numbers?

[12] The algorithm uses what is called “modular
arithmetic” which is based on mapping all integers into a smaller and finite
set of numbers ranging from 0 to __n__-1, by mapping each number with
the remainder of dividing that number by __n__.

[13] M.R.
Schroeder, __Number Theory in Science and Communication: With Applications
in Cryptography, Physics, Digital Information. And Computing and Self-Similarity,__ __Third
edition, __(Berlin: Springer-Verlag, 1997), 131. In a previous version
of the book Schroeder wrote: ‘At present (1983), a 100-digit number that
is the product of two 50-digit numbers cannot be factorized in any reasonable
time ...’.

[14] G.H. Hardy and E.M. Wright, __Introduction
to the Theory of Numbers, Fifth edition,__ (Oxford, 1979). See also
E. Landau, __Elementary Number Theory,__ (New York, 1958), and A. Baker __A
Concise Introduction to the Theory of Numbers__, (Cambridge, 1984).

[15] G.H.
Hardy, __A Mathematician’s Apology,__(Cambridge, 1967), 91.

[16] Hardy, 99.

[17] Hardy, 101-102.

[18] J.C.A.
van der Lubbe, __Basic Methods of Cryptography,__(Cambridge, 1998), 143;
W. Stallings, __Cryptography and Network Security,__ (New Jersey, 1999),
181; B. Schneier, __Applied Cryptography, __(New York, 1996), 467.

[19] The
Miller-Rabin algorithm for testing primarity is integrated into an iterative
search algorithm summarized as follows: (1) Pick an odd integer __m__ at
random (e.g., using a pseudo-random number generator). (2) Pick an integer __a__<__m__ at
random. (3) Perform the probabilistic primarity test, such as Miller-Rabin.
If m fails the test, reject the value __m__ and go to step 1. (4) If __m__ has
passed a sufficient number of tests, accept m; otherwise go to step 2. W.
Stallings, __Cryptography and Network Security,__ (New Jersey, 1999),
178.

[20] G.H.
Hardy, __A Mathematician’s Apology,__(Cambridge, 1967), 111-112.

[21] Fermat’s
Little Theorem says: if __n__ is a prime and __gcd__(__a__, __n__)
= 1, then a__n__-1 º 1 mod __n__. Many primality tests are founded on this theorem.
A number __n__ for which the condition

__an__-1 º 1 mod __n __

holds for a number __a__,
is called ‘pseudo-prime to the base__ a’__. Primality testing algorithm
consists of testing the probability of the primality of a number by checking
whether a candidate number is a pseudo-prime with respect to a range of bases.

[22] This test, however, would be a deterministic
test of primality if one were to accept what is presently a conjecture known
as the ‘Generalized Riemann Hypothesis’, which, if proven true, makes the
Miller-Rabin test a conclusive (deterministic) test of primality, hence giving
even greater confidence to the effectiveness of the RSA algorithm. This is
a conjecture which Hardy himself tackled and for which he in his theorem
of 1915, gained a partial result. See A. Baker, __A Concise Introduction
to the Theory of Numbers__, (Cambridge, 1984), 14-15.

[23] Euler’s Theorem states that for all numbers *a* and *n, * which are
relatively prime to each other and for which *n>0 * and 0<*a<n,* it
is true that

*a**f**(n) *∫ 1
mod *n.*

The function ##(n) is know as Eulers’s totient funtion.* *Euler’s Theorem forms the basis for proving that the
relationship between the decryption exponent *d* and the encryption
exponent *e* and the modulus *n* in fact produces the desired
encrytpion-decryption relationship.

[24] The collection of articles in J.H. Loxton, __Number
Theory and Cryptography, __(Cambridge, 1990) provides us with ways in
which other classical results from mathematics, diophantine approximation
and number sieves, for example, have also gained renewed interest as resources
for cryptanalysis of the RSA encryption scheme. The most recent ‘breakthrough’ in
public key encryption has been the recognition that applications of the
idea of elliptic curves over finite fields provide can provide an even
more powerful ‘one-way function’ for public-key encryption than that which
algorithms such as RSA are based

[25] R. D. Hoffman, ‘Interview with author of PGP (Pretty Good Privacy)’, 1996,

http:// www.animatedsoftware.com/hightexh/philspgp.htm (last accessed 1/10/98).

[26] For more details see posting by Dave Boychuk, 1999 on the site "Privacy for Online Communication: Public Key/Private Key Strong Encryption and Public Policy" at http://www. cous.uvic.ca/poli/bennett/courses/456/fm/messages/3.htm/ (last accessed 13/9/00).

[27]R. D. Hoffman, ‘Interview with author of PGP (Pretty Good Privacy)’, 1996,

http:// www.animatedsoftware.com/hightexh/philspgp.htm.

[28]W.
Diffie and S. Landau, __Privacy on the Line: The Politics of Wiretapping
and Encryption,__ (Cambridge, MA, 1998), 205.

[29] Testimony of Philip R. Zimmermann to the Subcommittee
on Science, Technology, and Space of the US Senate Committee on Commerce,
Science, and Transportation 26 June 1996, at the PGP Security web site http://www.pgp.com/phil/phil-testimony.asp (last
accessed 13/9/00). The free distribution
of PGP is only one example of a new phenomenon in software development known
as open source software development. The most well-known open source software
is the Linux operating system. See, for example, C.C. Mann, ‘Programs for
the People’, __Technology Review: MIT’s Magazine of Innovation, __Vol.
102(1), (1999), 36-43.

[30] D.
Bell, ‘The Social Framework of the Information Society’, in T. Forrester
(ed.), __The Microelectronic Revolution, __(Oxford, 1980), 500-549.

[31] Consider for example, a recent publication in
the popular press by the physicist Paul Davies, where he suggests the application
of mathematical chaos theory to model economic systems, thereby attempting
to resolve the inadequacies of their existing mathematical models. P. Davies, ‘Ants
in the Machines’, __The Sydney Morning Herald__, October 17, 1998, 6.

[32] E.
Wigner, ‘The Unreasonable Effectiveness of Mathematics in the Natural Sciences’, __Communications
in Pure and Applied Mathematics.__ Vol. 13 (1960), 1-14.

43 H.
Petroski, Henry, __Invention by Design: How Engineers Get from Thought to
Thing.__ (Cambridge, MA, 1996), 2.

[34] See also O. Skovsmose, ‘Mathematical Agency and Social Theorising’, (Copenhagen: Royal Danish School of Education Studies, Roskilde University Centre and Aalborg University, Centre for Research in Learning Mathematics, 1999).

[35] Confusion is a feature sought in conventional encryption. A high level of confusion means that there is a very complex relationship between the encryption key and the ciphertext, so that a hacker is less able to capture the key from an analysis of the ciphertext. Diffusion on the other hand is a feature where each bit of the ciphertext is a function of every bit of the plaintext, so that the plaintext cannot be easily recovered from the statistical analysis of the ciphertext.

[36] A cursory tour of some of the FAQ (frequently asked questions) web sites for PGP confirms the invisibility of the mathematics to the users. The users and potential users are concerned with questions about implementation and availability of the package (will it work with Windows NT, how does version 5.1 differ from version 5, and where can one get the commercial version, and so on). See the PGP Security site at http://www.pgp.com/phil/default.asp (last accessed 13/9/00) as a starting point.

[37] W. Diffie and S. Landau, __Privacy on the Line__,
(Cambridge, MA, 1998), 238-239.

[38] The term “risk society” is attributed to the
German sociologist Ulrich Beck who published a book by that name __Risk
Society__ in 1992. Reflexivity refers to a process where
society confronts the consequences of its own creation. A further
discussion of reflexivity and risk society can be found in U. Beck “Risk
Society and the Provident State”, in S. Lash, B. Szerszynski, and B. Wynne, __Risk,
Environment and Modernity,__ (London, 1996), 27-43.

[39] See,
for example, B. Gold, "What is the Philosophy of Mathematics, and What
should it be?", __The Mathematical Intelligencer.__ 16(3) (1994),
20-24.

[OS1]There seems to be something wrong about this sentence.