Enigma Traitors: The Struggle to Lose the Cipher War (Review)
Within the history of cryptography, the tale of how Bletchley Park broke Germany’s Enigma cipher has been told many times, in both print and on screen. With so much emphasis on the “plucky Brits overcoming the odds” angle, I often wondered how secure the Allied codes were and if there was a parallel story on the Axis side. Dermot Turing (nephew of Alan Turing and writer of several histories) has now written on this subject, describing the initial development of the Enigma and efforts to protect it, how the Axis communication security and cryptoanalytical services were setup and performed, how the Allies developed code books and their own codes and, as the war progressed, how both sides often failed to protect their secrets.
Enigma Traitors: The Struggle to Lose the Cipher War. By Dermot Turing. The History Press, 2023. ISBN 978-1-80399-169-6. Publisher Website
The book’s subtitle is The Struggle to Lose the Cipher War. There are many ways to lose a cipher war, from the loss of keys and equipment to the enemy, treachery, poor adherence to security procedures and general sloppiness, overuse of codes and settings, overconfidence towards your enemies, excessive distrust of your allies, revealing captured transmissions, and trusting unfounded advertising claims. Turing describes all these failures and mistakes, commited both by the Allies and Axis. British naval codes were broken by the Germans before the war began and tradition and inertia kept them in service. (It seems incredible today that machine ciphers were seen as labor-saving only, not as a means to also improve security.) Although the Germans recognized flaws in the Enigma and made improvements in its design, they failed to allocate resources to actually determine if the cipher was secure in practice and repeatedly found excuses to explain evidence that the British was coreading messages. The Americans almost caused the loss of the North African campaign by sending detailed notes of British plans and dispositions using a broken cipher code, and distrust between the allies slowed acceptance of British warnings to change their cipher.
The book’s focus is on the Battle of the Atlantic and the Western Front, with some details on the Eastern Front and very little on the Pacific War. Germany and Britain are center-stage.
The book is well-researched, using a wide variety of primary sources, including many non-English language sources. Turing’s writing is clear and engaging. The story is quite expansive and not just limited to the war years. The Enigma’s story began in 1918 and it had fifteen years of operational use before the war started. Similarly, England inadvertendly aided Germany through post-WWI disclosures about their own practices and their decisions where to invest in communications security. Fortuitously, the book is sufficiently recent to include the 2020 Crypto AG revelations and how the Enigma’s legacy continued into the Falkland’s War.
This should not be one’s first book on WWII-era cryptography. Turing expects the audience is already aware of the broader history and spends little time explaining technical terms.
Negatively, I wish the author had complemented the detail with more analysis. It is easy to get lost in the large cast of characters and organizations (the glossary and list of dramatis personae helps). A figure of quarterly shipping lost to U-boats, overlaid with a timeline of B Service and Bletchley Park co-reading and MND investigations of Enigma security acts as the only graphical summary of the historical thesis. The book details plenty of activity and personalities, but it is sometimes unclear when there was an opportunity for change. For instance, since Admiral Donitz was distrustful of the Enigma and kept on requesting investigations, why did he seem so powerless to effect change?
I recommend the book to those interested in the history of cryptography, military history, security engineering and policy, and organizational decision making. For instance, auditors will recognize the tendency to explain away issues in order to maintain the status quo. Security engineers will appreciate how the flexibility of the device often led to operational issues and poor decisions by users, yet did allow upgrades in the field.