But also, code has almost all of the undesirable properties a weapon
A good weapon is single use. That way it does not become ammunition in
the hands of an enemy. For the same reason a good weapon is ephemeral,
and does not persist in the environment to injure innocents long after
the conflict is over (think land-mines). A good weapon is precise, not
indiscriminate (a sniper, not gas). And a good weapon is inflexible,
working only in the hands that wield it and not easily turned against
you. IEDs used against us in many conflicts are often fashioned from
unexploded munitions we've fired.
Cyberweapons (which include many things that look "defensive") have
all the undesirable sides. They are reusable, highly flexible,
indiscriminate and persistent. People who work on them will inevitably
see them used against themselves and their own loved ones.
Medieval weaponry can't be put in nice "defensive" and "offensive" boxes either.
But the main purpose of a sword is to strike and that of a shield to block. This is what those categories are about, but not that they mean much.
There is no such thing as purely defensive weapon. You can think that anti-aircraft missile turrets are purely defensive, as they can only shoot down enemy planes flying over your cities. But then, you can pack those turrets on trucks and drive over to the enemy and deploy them to shoot down their planes flying over their cities.
And so is with everything. A perfect armor the enemy attacks can't penetrate is an offensive weapon, because the enemy won't be able to stop your soldiers when they invade their land.
But also, conversely, a better sword, or gun, or bomb, can work well as purely defensive weapon, because the threat it projects deters the enemy from attacking you in the first place. This is the basic reason why you can't not have a military, even if you're a peaceful state that doesn't intend to engage in conquest. In most extreme form, this is what's been keeping the world largely at peace - threat of nuclear retaliation and subsequent mutual destruction.
War is not about offensive and defensive technologies. Any technology can be used as either (with varying degree of effectiveness). War has always been about the willingness and ability to get your people to go and beat other people, and keep beating them until either side gives up.
One is also a hopelessly lost without a map if one tries to understand international relationships without this understanding. Which frankly most people babbling away about them don't, even yea verily on HN and the mainstream media outlets. Rest assured the players themselves do. Since international relationship also have a large poker element to them, and you as a normal citizen are shockingly short on information, this isn't a secret decoder ring by any means. But you're just completely lost if you don't at least understand this duality of offense and defense aspect.
Like being reliable and effective is probably more important than being foolproof. This is probably true for any tool that is going to see frequent use.
It's starting to feel like the era of "don't be evil" is over and everyone is financially stressed enough to do whatever it takes to make a buck. This will obviously become an exponentially increasing issue as AI tech continues to proliferate.
This blame trail (or trail of any kind like immutable logs for cert transparency, say) will most certainly be gamed (given a long enough time horizon) to ensure foot-soldiers are the ones in the line of fire. I don't think audits magically detract powerful entities from wielding their new-found power.
I trust my friends:
- know that I wouldn’t send them anything fishy
- know not to click anything fishy
- know what fishy is/looks like in modern campaigns
But it's not just limited to technology. The same is true of any changes to the legal system, or new laws added there. Or of any 'real world' invention you can think of. Or everything from architecture to the structure of a business or organisation.
So many people design stuff under the assumption it'll be always be used by 'the good guys' or 'their side', and end up badly bitten when that turns out not to be the case.
"Expect your software to be misused - and make it very obvious when that happens."
(Just for context I think it's a useful starting assumption, but an airtight axiom it is not. And the excluded middle nature of tech means those details being assumed away will grow and spread to most every interaction - similar to how many simple read only websites hassle users with CAPTCHAs these days)
In other words, "don't make them too secure"? I've always wondered whether some of those working on locked-down devices had this in mind, or if it's just by chance, that we can still manage to root (most of) them.
I have over 4,000 emails, pictures, addresses, SNS
People just submitted it.
I don't know why.
They "trust me"