Why "carnivore" type systems can't be (entirely) open source

[Owen Lewis]

----- Original Message -----
From: "Brian Gladman" <brg@gladman.plus.com>
To: <ukcrypto@chiark.greenend.org.uk>
Sent: 08 February 2001 09:14
Subject: Re: Why "carnivore" type systems can't be (entirely) open source


> From: "Owen Lewis" <oml@eloka.demon.co.uk>
> To: <ukcrypto@chiark.greenend.org.uk>
> Sent: Wednesday, February 07, 2001 8:24 PM
> Subject: Re: Why "carnivore" type systems can't be (entirely) open source
>
> [snip]
> > > To be as precise as possible, I believe that the use of STO to hide a
> > > security design [*] from those who are to rely on it is overwhelmingly
> > > more likely to create a detriment to their security interests than any
> > > enhancement of them.
> > >
> > > [*] the design itself, not the techniques used to achieve it.
> > >
> > > This is not absolute - it is the probability that this will work to
> > > their advantage or disdvantage in practice when averaged
>>>   over many typical uses of STO.  And it is because I believe
>>>  this probability is so skewed towards
> > > insecurity that I consider it to be a completely discredited technique
> > > when used to hide designs from those who will be asked to rely
> > > on them.
> >
> > Then perhaps the many employees in those departments of many governments
> > that use use govt ciphers should all consider themselves - their lives
in
> > some instances put deliberately and cynically at risk by their
employers.
> > Somehow, I don't think so :-) In the above, You appear simply to ignore
> fact
> > that is inconvenient because it is contrary to your position.
> >
> > I don't think we can drive this any further. The wheels have fallen off.
>
> I have always made it clear in this discussion that the "relying party" is
> the information owner who is seeking protection by making use of the
design
> in question.
>
> In a government or company situation the information owner is not any
> individual employee but rather the organisation itself.

Uhuh. When it's *my* life that is at risk I claim a proprietary interest.
                                  ^^^
One can fairly extrapolate from the immediately personal, first to the risk
to life of hundreds of thousands bound together in common cause and thence
to a more general protection of well being, beyond the immediate protection
of life.

The plain fact is that those whose lives (etc) are at risk is a cryptosystem
fail are no better protected because someone has given them the detail of
how it works. Arguably their security - or more probably the security of
others - could be diminished.

You did say that your position was not absolute but it seems to to have such
wide and deep exceptions as to offer no general rule.

> The question of the attitude of the UK government to STO is hence embodied
> in the question "would the UK government rely on a cipher for protecting
its
> information if the design of the cipher was hidden from it".  I am
> absolutely certain that the answer to this question is 'no'.

And you may well be right. However, it's not a continuation of the line of
argument. A democratic govt does not exist as an absolute. It, with its
public services, is constantly changing. Individuals within it may last only
for months or have pensionable but still finite careers. Their sole raison
d'etre is to manage, communally, for us all (themselves as individuals
included), what we cannot manage for ourselves by acting individually. A
prime part of this duty is to provide for our communal security. The
argument, once again, returns to the rubbing point at which individual
desires and communal security push against each other. The art, it seems to
me is to maintain a tolerable balance. There is no point at which one can
say "This is a perfect balance". Rather one must aim for some approximation
with which almost all can live comfortably. The actual point of balance can
shift quite widely over time. What we all had better strive for is to
prevent any movement being too extreme.

> Clearly there are situations in which the UK government will put the lives
> of its employees at risk in order to preserve the UK's national security.
> Whether of not this has been a feature of the cryptographic battle between
> nations over the last 60 years is not something I feel it is sensible to
> discuss.

It had not occured to me to do so, simply because it would be irrelevant.

Owen