So the central controversy in the story is whether the journalist fans should share the solution with the world or keep quiet for the auction.
Sanborn wants the money for medical reasons so he needs to maintain a high sale price.
The two fans want to share the solution with the world.
Presumably the winner of the auction will be buying a severely depreciating asset: the right to know but not disclose the solution. There are at least four people who have the solution and as soon as one of them shares it, its value goes to zero.
Maybe the “solution” to this meta problem is simple: auction it off to the public with a go fund me. As soon as it reaches $500k, publish the solution. That way everyone wins.
The whole thing got more complicated with the addition of lawyers, not less. I don’t see how the two fans violated any contracts with the artist or auction house since they never signed one. But of course lawyers will charge a ton for you to find out.
Make the auction include the physical piece of art itself. Then you're buying a tangible and transferable asset. I think the CIA has enough money it can endeavor to replace it. What value does a cracked puzzle even have to them?
Do I understand part of the complexity of the situation is that Kryptos is in some sense "crackable" (unlike real cryptography), and these two people sleuthed their way to the answer book without solving it? Which is not quite exactly the same thing as them independently working out a solution; it's more like a nicer and more legal version of breaking into the guy's house and stealing it out of his desk drawer?
Can we even determine if what they found is the key, or just the plaintext? The article mentions they recognized bits of plaintext (Berlin clock) in the archives.
I don't have an opinion! As a cryptography pentester, Kryptos has always kind of set my teeth on edge (Wikipedia had editors covering cryptography topics whose expertise was rooted in Kryptos puzzle-crypto). But one of the smartest people I know is also a Kryptos enthusiast so this is all very complicated for me.
Honestly, everything about this is really sad. I, like may of you guys, have followed this thing for years, for many others, decades.
Actual decryption effort group didn't get to decrypt (a small but faithful community), the creator needed the money for medical procedures that he really believed was coming in. The solution feels like we all go cheated out of something. Lawyers are now involved and the value of the solution is rapidly plummeting.
Here, I’ll give you this one for free: it’s called tortious interference. As the name suggests, it’s a tort, so you don’t need to sign a contact to be liable.
There would need to be (1) an existing valid contract, (2) knowledge by the defendants of it, (3) intentional and unjustified inducements by the defendants to break it, followed by (4) an actual breach that (5) caused damages.
Doesn't seem like that would fit here.
This seems like more of an ethical dilemma than a legal one.
> There would need to be (1) an existing valid contract,
Your (1) is false. You can damage a business relationship that doesn’t involve a signed contract.
“Tortious interference with business relationships occurs where the tortfeasor intentionally acts to prevent someone from successfully establishing or maintaining business relationships with others.” https://en.wikipedia.org/wiki/Tortious_interference
They aren't doing it with the intent to damage his business. They're just doing something they would have done anyway.
You can't claim tortious interference just because someone throws a wrench in your business plans. Sanborn has about as much of a case as Microsoft has against Linus Torvalds for creating Linux and hurting their sales of Windows. (I'll give you this one for free: none.)
> They aren't doing it with the intent to damage his business.
That’s arguable. They sent him an email concerned about the harm of disclosure with the upcoming auction. They then apparently got offended by the offer of money to sign an NDA which calls their future motives into question as they now had a beef with the guy.
Saying the actions themselves were not improper is also a defense, and could be perfectly viable even if they had beef with the guy.
"To be improper, interference must be wrongful by some measure beyond the fact of the interference itself, such as a statute, regulation, recognized rule of common law, or an established standard of trade or profession."
They don't need a defense: nobody has yet stated a claim!
>Jim Sanborn planned to auction off the solution to Kryptos, the puzzle he sculpted for the intelligence agency’s headquarters. Two fans of the work then discovered the solution.
“If they don’t have the method,” she said, “it’s not solved,” she said.
That does raise a philosophical point to the craft of intelligence gathering. Speaking as a professional librarian, I do applaud the use of ATI (access to information) to find the appropriate data -- it's akin to a WW2 unit capturing an Enigma codebook.
> Upon being notified, the Smithsonian immediately sealed Sanborn's archives for 50 years to protect Sanborn's intellectual property rights.
Sanborn actually showed off some of his worksheets during a PBS interview years ago, which I assume are the same documents later given to the Smithsonian. At one point I looked into buying the B-roll footage to take a closer look at them, but I discovered enterprising Kryptos sleuths had already done so years before.
As I see it it's a lesson about finding out things in the real world. It's even a little poetic that the people finding the solution are a pair of investigative journalists, digging up information that was technically already out there, rather than a puzzle solving cryptologist "breaking down the front door of the problem" so to say.
Kobek may actually have pulled that off once before, by the way. I'm pretty sure that his Zodiac killer candidate, Paul A. Doerr, will turn out to have been correct.
> “This is a problem everybody has been attacking as a STEM problem,” Mr. Kobek said in an interview, referring to the fields of science, technology, engineering and mathematics that underlie cryptography. Cryptographic science, he argued, could not solve Kryptos — “but library science could.”
> Last week, Mr. Kobek and Mr. Byrne received an email from lawyers for RR Auction that threatened legal action if they published the text, citing copyright infringement and interference with contracts.
It seems to me that if a puzzle has gone unsolved for 35 years despite many very skilled people trying hard to solve it... It is not actually a good puzzle?
Like, here - here's a code that no one will ever solve: ITIWKSMNDIWKD WJSIKWMWMSONQ
Turn that into a sculpture and put it outside the CIA.
"Mr. Sanborn acknowledged that keeping the secret could be a strain: His computer has been hacked repeatedly over the years, he said, and obsessive fans of the work have threatened him. “I sleep with a shotgun,” he said."
There was a Standford professor that was wondering why he had void of cancer patients around 63 and 64. Turns out people wait to get on Medicare for treatment because they cannot afford it with their standard health insurance.
USA would save money in the long run with Universal health care. Since people in the US wait until it gets bad before seeking treatment. This means fights cancer at stage 3 and 4 instead of 1 and 2. Latter the stage the more it costs and less likely for success.
This is one reason foreign doctors come to the US to study and train. Modern countries with Universal Health Care treat at stage 1 and 2 with 3 and 4 being rare ... except for the USA. Need to study advance cancer and aggressive, this USA is a great place.
This doesn't have anything to do with the thread, and hashing this out would tilt a story about Kryptos sharply towards a story on health policy. He's 79, he's very covered by Medicare.
Where is the rule that comments must stay on topic and avoid diversion? It was a more interesting and informative comment than yours that you've restated here (particularly given that being "very covered by Medicare" does not even counter what you originally replied to, as it will not cover all or perhaps even most costs)
I found their aside relevant to my interests as a fellow HN reader. The guidelines also advise against fulminating; you made your point, and I think it’s fair that theirs also stands.
I am happy that you are concerned with the guidelines, and I don’t want to protest too much. I appreciate your contributions to HN more than my own most days, and I do hope I don’t rustle your feathers.
> That's fine
seems to conflict with your concerns about the upthread conversation being derailed to a certain reading:
> This doesn't have anything to do with the thread, and hashing this out would tilt a story about Kryptos sharply towards a story on health policy.
As the auction proceeds would ostensibly fund healthcare costs, it seems on topic to muse about the costs being covered by Medicare, or not. If they would be covered by Medicare, the claims of healthcare costs not being met are all the more interesting and discussion-worthy.
“Avoid generic tangents” is up to interpretation. Incidentally, so is “don’t be curmudgeonly”
Also Medicare does not cover long-term care, so if someone gets sick and develops the need for it, they’re paying out of pocket. It is a possibility that a lot of people plan for financially, which is reasonably in the realm of relevance here.
What’s not really relevant here are your personal opinions on what medical costs are or are not generally worth planning for financially.
So the central controversy in the story is whether the journalist fans should share the solution with the world or keep quiet for the auction.
Sanborn wants the money for medical reasons so he needs to maintain a high sale price.
The two fans want to share the solution with the world.
Presumably the winner of the auction will be buying a severely depreciating asset: the right to know but not disclose the solution. There are at least four people who have the solution and as soon as one of them shares it, its value goes to zero.
Maybe the “solution” to this meta problem is simple: auction it off to the public with a go fund me. As soon as it reaches $500k, publish the solution. That way everyone wins.
The whole thing got more complicated with the addition of lawyers, not less. I don’t see how the two fans violated any contracts with the artist or auction house since they never signed one. But of course lawyers will charge a ton for you to find out.
Feels like the central controversy is that Sanborn has to auction anything off for medical reasons.
Make the auction include the physical piece of art itself. Then you're buying a tangible and transferable asset. I think the CIA has enough money it can endeavor to replace it. What value does a cracked puzzle even have to them?
Do I understand part of the complexity of the situation is that Kryptos is in some sense "crackable" (unlike real cryptography), and these two people sleuthed their way to the answer book without solving it? Which is not quite exactly the same thing as them independently working out a solution; it's more like a nicer and more legal version of breaking into the guy's house and stealing it out of his desk drawer?
Can we even determine if what they found is the key, or just the plaintext? The article mentions they recognized bits of plaintext (Berlin clock) in the archives.
"What we think intelligence agencies do" vs "what intelligence agencies actually do"
At the state level, it's a method that is in bounds.
Yes, but all things considered, that's outside the bounds of this cypher - which is why "we all" feel cheated.
I don't have an opinion! As a cryptography pentester, Kryptos has always kind of set my teeth on edge (Wikipedia had editors covering cryptography topics whose expertise was rooted in Kryptos puzzle-crypto). But one of the smartest people I know is also a Kryptos enthusiast so this is all very complicated for me.
Honestly, everything about this is really sad. I, like may of you guys, have followed this thing for years, for many others, decades.
Actual decryption effort group didn't get to decrypt (a small but faithful community), the creator needed the money for medical procedures that he really believed was coming in. The solution feels like we all go cheated out of something. Lawyers are now involved and the value of the solution is rapidly plummeting.
No one's winning because of a small mistake.
Here, I’ll give you this one for free: it’s called tortious interference. As the name suggests, it’s a tort, so you don’t need to sign a contact to be liable.
There would need to be (1) an existing valid contract, (2) knowledge by the defendants of it, (3) intentional and unjustified inducements by the defendants to break it, followed by (4) an actual breach that (5) caused damages.
Doesn't seem like that would fit here.
This seems like more of an ethical dilemma than a legal one.
> There would need to be (1) an existing valid contract,
Your (1) is false. You can damage a business relationship that doesn’t involve a signed contract.
“Tortious interference with business relationships occurs where the tortfeasor intentionally acts to prevent someone from successfully establishing or maintaining business relationships with others.” https://en.wikipedia.org/wiki/Tortious_interference
OK, but the interference still needs to be improper!
Agreed, though I’m not sure if it would be considered proper or improper here.
That's not a tort in American law. In this country contractual arrangement is required for tortious interference.
They aren't doing it with the intent to damage his business. They're just doing something they would have done anyway.
You can't claim tortious interference just because someone throws a wrench in your business plans. Sanborn has about as much of a case as Microsoft has against Linus Torvalds for creating Linux and hurting their sales of Windows. (I'll give you this one for free: none.)
> They aren't doing it with the intent to damage his business.
That’s arguable. They sent him an email concerned about the harm of disclosure with the upcoming auction. They then apparently got offended by the offer of money to sign an NDA which calls their future motives into question as they now had a beef with the guy.
Saying the actions themselves were not improper is also a defense, and could be perfectly viable even if they had beef with the guy.
"To be improper, interference must be wrongful by some measure beyond the fact of the interference itself, such as a statute, regulation, recognized rule of common law, or an established standard of trade or profession."
They don't need a defense: nobody has yet stated a claim!
It was claimed they committed copyright infringement and they admit to photographing his works as part of this discovery.
It actually being copyright infringement is questionable, but if so it would be improper behavior.
Yep! That'd be a real claim. I hadn't seen that earlier.
>Jim Sanborn planned to auction off the solution to Kryptos, the puzzle he sculpted for the intelligence agency’s headquarters. Two fans of the work then discovered the solution.
Gift link https://www.nytimes.com/2025/10/16/science/kryptos-cia-solut...
I like this comment:
Victor Wong writes,
“If they don’t have the method,” she said, “it’s not solved,” she said.
That does raise a philosophical point to the craft of intelligence gathering. Speaking as a professional librarian, I do applaud the use of ATI (access to information) to find the appropriate data -- it's akin to a WW2 unit capturing an Enigma codebook.
I thought that, in light of this comment https://news.ycombinator.com/item?id=45621067, we're only a few days from seeing the solution. However, the auction now reads
> Upon being notified, the Smithsonian immediately sealed Sanborn's archives for 50 years to protect Sanborn's intellectual property rights.
Sanborn actually showed off some of his worksheets during a PBS interview years ago, which I assume are the same documents later given to the Smithsonian. At one point I looked into buying the B-roll footage to take a closer look at them, but I discovered enterprising Kryptos sleuths had already done so years before.
As I see it it's a lesson about finding out things in the real world. It's even a little poetic that the people finding the solution are a pair of investigative journalists, digging up information that was technically already out there, rather than a puzzle solving cryptologist "breaking down the front door of the problem" so to say.
Kobek may actually have pulled that off once before, by the way. I'm pretty sure that his Zodiac killer candidate, Paul A. Doerr, will turn out to have been correct.
> “This is a problem everybody has been attacking as a STEM problem,” Mr. Kobek said in an interview, referring to the fields of science, technology, engineering and mathematics that underlie cryptography. Cryptographic science, he argued, could not solve Kryptos — “but library science could.”
> Last week, Mr. Kobek and Mr. Byrne received an email from lawyers for RR Auction that threatened legal action if they published the text, citing copyright infringement and interference with contracts.
Shameful behavior.
It seems to me that if a puzzle has gone unsolved for 35 years despite many very skilled people trying hard to solve it... It is not actually a good puzzle?
Like, here - here's a code that no one will ever solve: ITIWKSMNDIWKD WJSIKWMWMSONQ
Turn that into a sculpture and put it outside the CIA.
"side-channel attack" and it was super effective!
Recent and related:
The secret code behind the CIA's Kryptos puzzle is up for sale - https://news.ycombinator.com/item?id=44907366 - Aug 2025 (53 comments)
relevant to this discussion is an essay from James Mickens : https://www.usenix.org/system/files/1401_08-12_mickens.pdf
This essay is relevant to this situation because the threat model in James’ essay is almost the same way this cipher was decrypted.
auction the solution to pay off medical bills. truly an American artist of the time.
> truly an American artist of the time.
Indeed. Quote from the article (emphasis mine):
"Mr. Sanborn acknowledged that keeping the secret could be a strain: His computer has been hacked repeatedly over the years, he said, and obsessive fans of the work have threatened him. “I sleep with a shotgun,” he said."
He's 79 and covered by Medicare.
There was a Standford professor that was wondering why he had void of cancer patients around 63 and 64. Turns out people wait to get on Medicare for treatment because they cannot afford it with their standard health insurance.
USA would save money in the long run with Universal health care. Since people in the US wait until it gets bad before seeking treatment. This means fights cancer at stage 3 and 4 instead of 1 and 2. Latter the stage the more it costs and less likely for success.
This is one reason foreign doctors come to the US to study and train. Modern countries with Universal Health Care treat at stage 1 and 2 with 3 and 4 being rare ... except for the USA. Need to study advance cancer and aggressive, this USA is a great place.
[0] https://med.stanford.edu/news/all-news/2021/03/Cancer-diagno...
This doesn't have anything to do with the thread, and hashing this out would tilt a story about Kryptos sharply towards a story on health policy. He's 79, he's very covered by Medicare.
Where is the rule that comments must stay on topic and avoid diversion? It was a more interesting and informative comment than yours that you've restated here (particularly given that being "very covered by Medicare" does not even counter what you originally replied to, as it will not cover all or perhaps even most costs)
This is literally in the guidelines.
I found their aside relevant to my interests as a fellow HN reader. The guidelines also advise against fulminating; you made your point, and I think it’s fair that theirs also stands.
That's fine, I'm just always going to respond to something on HN worded as "where is the [HN] rule that". :)
I am happy that you are concerned with the guidelines, and I don’t want to protest too much. I appreciate your contributions to HN more than my own most days, and I do hope I don’t rustle your feathers.
> That's fine
seems to conflict with your concerns about the upthread conversation being derailed to a certain reading:
> This doesn't have anything to do with the thread, and hashing this out would tilt a story about Kryptos sharply towards a story on health policy.
As the auction proceeds would ostensibly fund healthcare costs, it seems on topic to muse about the costs being covered by Medicare, or not. If they would be covered by Medicare, the claims of healthcare costs not being met are all the more interesting and discussion-worthy.
“Avoid generic tangents” is up to interpretation. Incidentally, so is “don’t be curmudgeonly”
Also Medicare does not cover long-term care, so if someone gets sick and develops the need for it, they’re paying out of pocket. It is a possibility that a lot of people plan for financially, which is reasonably in the realm of relevance here.
What’s not really relevant here are your personal opinions on what medical costs are or are not generally worth planning for financially.
Which will, at best, cover a portion of his medical bills.
This is about the Kryptos cypher, it should be in the submission's title, cause people here know what it is mostly.
Thanks, we've put the HMTL doc title up there now.
Alt title from NYT header: Solution to CIA’s Kryptos Sculpture Is Found in Smithsonian Vault
not clickbaity enough. journos got mortgages to pay & the Sulzbergers need their dividends.
Wrong kind of clickbait headline for HN though, probably more interesting that it's about the kryptos sculpture.
They are guidelines, not rules, but the site guidelines here advise submitters to use the original title for linked articles: https://news.ycombinator.com/newsguidelines.html
And frankly a Kryptos solution is much more interesting than some arbitrary CIA secret!
[flagged]
"Eschew flamebait. Avoid generic tangents."
https://news.ycombinator.com/newsguidelines.html