Privacy, security and public opinion

[Brian Gladman]

----- Original Message -----
From: "Owen Lewis" <oml@eloka.demon.co.uk>
To: "ukcrypto" <ukcrypto@maillist.ox.ac.uk>
Sent: Sunday, June 04, 2000 8:10 PM
Subject: Re: Privacy, security and public opinion

> ----- Original Message -----
> From: "Brian Gladman" <brian.gladman@btinternet.com>
> To: <ukcrypto@maillist.ox.ac.uk>
> Sent: 01 June 2000 14:19
> Subject: Re: Privacy, security and public opinion
>
>
> > I can now see why you believe that cryptography is neither offensive or
> > defensive. You appear to believe that the terms 'offensive' and
> 'defensive'
> > can only be applied to an overall activity (or system) and not to its
> > individual sub-components.
>
> That draws things a little larger than I might do and - as I think you
will
> realise - is a line of thought that must fail if taken to extremes.
Rather,
> I
> observe that artefacts as well as natural objects are not usefully
described
> in terms such as offensive and defensive or bad and good. Objects simply
> are;  to attribute uniquely human values to them does seem to me unhelpful
> for most purposes.
>
> > Moreover you appear to be unwilling to accept
> > that design intent rather than end use can give a technology an
offensive
> or
> > defensive character.
>
> That is true.

Good - I can see where we differ.  I treat a shield as being designed for
defensive purposes, whereas you see it as neither defensive or offensive.

[snip]

> That said, yes, certain weapons may be predisposed to offensive or to
> defensive operations; tanks and long range hunter killer submarines being
> examples of weapon systems lending themselves well to offensive operations
> (unlike the
> Human Wave). However, in the case of cryptography, the item is as purely
> 'neutral' as any I can imagine. It's purpose is to conceal meaning and/or
to
> authenticate origination, no more and no less. I cannot relate the word
> offensive or defensive meaningfully to either of those purposes. If you
> believe that there is some other purpose served by cryptography and that
it
> is inherently defensive, I would read any such explanation with care and
> interest.

If I have assets - territory, wealth, life, liberty, information,... - that
an adversary seeks to take from me against my will, the process by which I
prevent his actions is known as 'defence' of the assets in question.  I use
cryptography to defend my information assets in exactly this sense.

> > Turning to cryptography, this is not a pure science but rather an
applied
> > one in which mathematics (for example) is used for the specific purpose
of
> > defending information.
>
> Forgive me but that seems to stretch the use of language. It may conceal
> information but it does not defend it in any actual way. How could one
> defend
> information with cryptography?

See above.

[snip]

> >Offence is about being proactive and taking the initiative
> > whereas defence is essentially passive and reactive.  Cryptography does
> not
> > take the fight to the enemy, it sits passively waiting to repel any
enemy
> > onslaught that might be mounted and this, in my view, gives it the
> > characteristscs of defence rather than offence.
>
> As outlined above, I am unhappy with this kind of analogy. However, for
the
> sake of the argument, let's persist with it for one moment. Cryptography
> does 'take the fight to the enemy'. Consider the following.
>
> We might agree that the surprise release of nuclear weapons to gain
> political or economic advantage would be an unforgivably offensive act.
We
> might further agree that we would expect the release codes for those
nuclear
> weapons to be thoroughly encrypted in transmission. The sole purpose of
that
> encryption would be to conceal that a nuclear realease order had been
given.
> There is no intent to 'defend' that information (from what?). The intent
is
> to
> maintain the element of surprise for as long as possible thus assuring the
> success of an offensive action that would otherwise probably fail. A
> secondary intent in some scenarios could be also to assure deniability for
> the act. The cryptography involved remains, as always neutral.
Nevertheless
> it plays a vital role on 'carrying the fight to the enemy'. No military
> communications officer would advise you otherwise, I think.

I agree that defending our communication systems from enemy penetration is
vital for both defensive and offensive action. This does not change the fact
that what we are doing in our communications ***sub-system*** is mounting a
defence ***of it*** in the face of possible enemy attack ***on it***

You seem unwilling to accept that an offensive system can (and generally
will) contain defensive sub-systems.  My analysis of this system is that the
overall system is offensive but that it depends on a defensive sub-system.
Likewise a tank can be offensive but its armour is a defensive sub-system.
The concept of design hierarchies of this form is well understood by systems
engineers.

So the esential difference between us is that I am willing to attribute
properties to both a system and its sub-systems whereas you attribute
properties only to the system as a whole.  In your world a shield is
offensive when its user is taking offensive action and defensive when he is
defending something. In my world it is defensive whenever the user is using
it to defend himself even if he happens to be engaged in offensive action at
the time.

Having got to the reason why we have different views I am not sure that
there is much to be gained by going further is there?

[snip]

      Brian