Privacy, security and public opinion

Owen Lewis oml at eloka.demon.co.uk
Mon, 5 Jun 2000 19:36:29 +0100 

----- Original Message -----
From: "Brian Gladman" <brian.gladman@btinternet.com>
To: <ukcrypto@maillist.ox.ac.uk>
Sent: 06 June 2000 12:25
Subject: Re: Privacy, security and public opinion
> > >  You appear to believe that the terms 'offensive' and
> > 'defensive'
> > > can only be applied to an overall activity (or system) and not to its
> > > individual sub-components.
> >
> > That draws things a little larger than I might do and - as I think you
> will realise - is a line of thought that must fail if taken to extremes.
> Rather, I observe that artefacts as well as natural objects are not
usefully
> described in terms such as offensive and defensive or bad and good.
>>Objects simply are;  to attribute uniquely human values to them does seem
>>to me unhelpful for most purposes.
> >
> > > Moreover you appear to be unwilling to accept
> > > that design intent rather than end use can give a technology an
> offensive
> > or
> > > defensive character.
> >
> > That is true.

And most specifically so in the case of cryptography. Its function is to
conceal and not to defend or offend.
>
> Good - I can see where we differ.  I treat a shield as being designed for
> defensive purposes, whereas you see it as neither defensive or offensive.

You liken cryptography to a shield. The primary purpose of a shield is not
to conceal (though it may do so partially and at times) but to ward off
blows or missiles that would otherwise strike the user. Conversely, the
primary use of cryptography is to conceal. It has yet to be demonstrated
that that the defence of information has any meaning.

>
> If I have assets - territory, wealth, life, liberty, information,... -
that
> an adversary seeks to take from me against my will, the process by which I
> prevent his actions is known as 'defence' of the assets in question.  I
use
> cryptography to defend my information assets in exactly this sense.

It does seem as though you take an aspect of warfare (see above) and hold it
as analogous to the concealment of information. Our point of difference is
that I think that the analogy - a very common one - does not withstand
critical examination. Though this view is not often expressed in public it
is widely held by those whose profession is millitary communications. In
modern warfare, I have pointed out that there a general acceptance  use that
military communications (which subsumes cryptography) is a combat arm - one
of the means by which war is waged. Combat, per se, is neither inherently
offensive and defensive though combat operations may be so variously
described, dependent on the intention of a protagonist.

If one seeks a warlike analogy to the application of cryptography, the
closest would be the application of camouflage. Again the intention is to
conceal and that essential purpose is only unsatisfactorily described as
either offensive or defensive. It does not strike or add does it force to a
strike; neither does it ward off a strike.  It is an in general use in both
offensive and defensive operations.

> > >Offence is about being proactive and taking the initiative
> > > whereas defence is essentially passive and reactive.  Cryptography
does
> > not
> > > take the fight to the enemy, it sits passively waiting to repel any
> enemy
> > > onslaught that might be mounted and this, in my view, gives it the
> > > characteristscs of defence rather than offence.

I hope that I have now explained clearly why I believe this is, in the
framework of warfare in which you have chosen to consider it  not so, not in
fact a fair description of the nature of cryptography.

> I agree that defending our communication systems from enemy penetration is
> vital for both defensive and offensive action.

You make a point of your own choosing. Sadly, you do not in this agree with
me :-)

>This does not change the fact
> that what we are doing in our communications ***sub-system*** is mounting
a
> defence ***of it*** in the face of possible enemy attack ***on it***

Let me, briefly, explain what an attack on communications means and, thence,
what  a defence  of communications requires (neither having the least to do
with cryptography but are pertinent to your view above). For a comprehensive
and successful attack on a military communications infrastructure one might
aim to destroy physicaly one third of it, deny effective use of a second
third through techniques such as jamming, trojans, worms or deception and
then to allow one's adversary to disable the remaining third in attempting
to pass 100% of his traffic over 33% of the system's capacity. That's a
reasonable paraphase of the old Soviet doctrine and, AFAIK, no one has yet
bettered it as a short general statement. A defence of a communications
system seeks to deny each of those three objectives as far as possible.

There is no assigned role to cryptography either in the offence or the
defence other than, for both equally to effect its purpose of concealment of
information.

> You seem unwilling to accept that an offensive system can (and generally
> will) contain defensive sub-systems.

Not at all. I have said that they do (tanks and armour qv).

>My analysis of this system is that the
> overall system is offensive but that it depends on a defensive sub-system.
> Likewise a tank can be offensive but its armour is a defensive sub-system.
> The concept of design hierarchies of this form is well understood by
systems
> engineers.

Quite so. But as I have tried to explain, this methodology does not assign a
defensive role to cryptography; no more does it assign to cryptography any
role in either the attack or the defence of a communication system. In both
attack and defence equally, it will serve its purpose of a concealment of
information, which is surely not the same as defending the communications
system or of defending the information.
>
> So the esential difference between us is that I am willing to attribute
> properties to both a system and its sub-systems whereas you attribute
> properties only to the system as a whole.

Not quite. As I hope the foregoing finally clarifies, the matter is rather
more subtle than that would suggest.

> Having got to the reason why we have different views I am not sure that
> there is much to be gained by going further is there?

If we have got there, you are probably right that there is a natural end. I
have found the discussion both interesting and giving cause for reflection.
It is from reflection on another's view rather from the reiteration of one's
own that one obtains benefit. The views we have expressed run deep into of
the arguments for and against  all govts' attempts to regulate the general
use of cryptography. If those attempts are to be abandoned following a
meeting of minds at some point, the comprehension of the views both sides
would seem to be a prerequisite. If there is even no meeting of minds, then
I think we may be headed for a generally uncomfy ten years and with no
additional benefit derived from having selected to be uncomfortable.

Thank you  for the discussion.

Owen Lewis