Comments: The Big Lie - does it apply to 2005's security problems?

Well there's a substantial difference between "the big lie" and just "cognitive dissonance". It's one thing to knowingly create a story that you know is false, but is so huge that no one will question it. This is what the jews were accused of. Now a story that a whole society believes and doesn't bother to question is troublesome and damaging and very hard to extricate, but not consciously evil.

Unless you subscribe to various conspiracy theories about the NSA, I don't think anyone would believe that crypto world is under the oppression of a "big lie", but arrogant group think is probably still a problem, yes.

Posted by Tony Vila at January 21, 2005 11:19 AM

It's tough, isn't it! You'll note how we are inspired to leap to the defence of one side or the other, without really considering the fundamentals: "Of course the Jews were falsely/truthfully accused/vindicated and they/their accusers were evil/not evil!" And in that act, we have neatly avoided discussing the real issues.

Also open to question is whether the big lie has to have been created by conspiracy ... I find this bemusing as its always possible to blame someone, but those someones generally have a case to make. In practice, I think when you dig down, you find a bunch of ordinary people that claim one small part of the puzzle, that when constructed becomes The Big Lie.

Posted by Iang at January 21, 2005 11:38 AM

"I'm sure you can think of a few in politics," ...

I can. It goes like this ... people were kidnapped, tortured and beheaded. The big-lie is that the people who did it were insurgents fighting against the American liberators of Iraq. In reality, the people who did it were CIA assets - controlled and directed by western intelligence agencies. It was done in order to manipulate and discredit the largest anti-war movement the world has ever seen. Effectively nullifying any opposition to the war.

Now, I don't know whether or not the above is true. I've got no more information than the next man.

But ... Why don't you test it against what the mustachioed menace describes eg "in the big lie there is always a certain force of credibility." etc etc

Why don't you also test it against your own reactions? Taking these two scenarios - why is one repugnant and the other acceptable? If the analysis of the facts had an equal probability of either explanation being true: why would there be an asymmetry in accepting one explanation over the other? Would it be possible for someone to exploit this asymmetry against you?

As to what this has to do with crypto; I don't know.

Posted by Darren at January 21, 2005 11:52 AM

Hi Ian,

be carefull here. Tying FC issues into this part of history is likely to evoke either revulsion or damnation of otherwise good arguments.

Yes, I know and are fully aware that I'm suggesting to apply some measure of self-censorship to yourself here.

May be the big lie has two faces, one of malice and one of ignorance. And you know I like the quote "Don't attribute to malice what you can explain by ignorance".

The "great orator" you're refering was certainly malicious. But I want to lay a big bet on the ignorance in this case.

First and foremost CEOs, organisations , management, in short the establishment have only one interest, that is selfconservation. And they will use every trick in the book to pull that of, regardless of the consequences in a wider context.

You know as well as I do that tackling large and complex issues in large organisations is not effectively possible. Large organisations are so large because they could save on transaction costs between different activities (Coase) effectively. Which means that you want to save on the number of different types of interface and share the cost savings amongst a lot of the same or similar instances. That makes economical sense. Maintaining such an organisation is complex, but that doesn't mean that their core business is complex!

The trouble with security is either you do it in a communal sense (like the self regulation as seen in the internet community), or polically/legislative, or economicaly.

My bet is economics will fail. In a wide scope security is an ethical issue. This leaves us political or legislative. But these two are too slow too rigid and clueless with regard to the concrete technical issues. And I can't find any blame on their part there. Communal? Security is too complex.

I think that what should happen is that security is seriously taken up by individuals and little groups so new and fresh ideas can come up. Evolution takes time, but always seems to give the best overal results. Even a Pareto optimal result ;-)


kr

Twan

Posted by Twan at January 21, 2005 08:10 PM

Twan,

You are absolutely correct. But the only safe answer is to say nothing. The fact seems to be that Adolf Hitler was the documenter of the big lie, as well as perhaps one of the most successful employers of same.

So what is to be done? Do we revile and thus ignore the big lie as it spins around us, purely because we are revolted at the man who discovered and documented it? That is hardly science, and is an abrogation of any sense of security responsibility.

I think what is clear is that the big lie is 99.9% based on ignorance. Obviously, all those 'followers' did not go back to first principles and work out the flaws. It is an open question as to whether the leading 0.1% are malicious or themselves are ignorant.

I want to postulate some things on those points. Firstly, if you dig into big lies, and heaven knows there are enough of them, you discover that those people who you assumed to be the malicious ringleaders are not at all malicious, they are just a) looking at things from a different perspective, b) not well versed in the fundamentals as with the rest of the population, c) they had a strong motive that was fairly clear, but d) they lacked the imagination to see what would happen when their goals were realised.

Which is to say, they weren't malicious. Not exactly ignorant, either. Not that much different to you or I.

My second postulation is that it doesn't matter whether they are malicious or not; and that's because the _conditions_ for the big lie are present in the basic knowledge pool and society we live in. I would therefore postulate that if a malicious group were to not capture the space, a non-malicious big lie would arise naturally in that space.

Which is to say that it is a lottery which one we get. The end effect is the same, in that we cannot predict what will fill the space, but I think the space will be filled. Our lives are lived in the shadow of the big lie, or many of them, and the only reason we would be surprised at this is found in the big lie itself: We are trained from birth to believe there is some other explanation...

Posted by Iang at January 22, 2005 02:32 PM

The problem is that you're taking a position which is controversial and claiming that your opponents are engaged in a Big Lie. Then you quote Hitler extensively (and largely approvingly!) and manage to somehow associate your opponents with Hitler's methods. The bottom line is that you are arguing for a controversial position by comparing your opponents to Hitler. The rhetorical problems with this line of argument are obvious.

What is the Big Lie here supposed to be? That SSL is secure. But it is secure, against the threat of eavesdroppers penetrating a secure session. SSL is used all the time for secure connections even outside of the context of ecommerce. The latest thing is SSL based VPN a la OpenVPN; see this PDF for a good overview, http://www.sans.org/rr/whitepapers/vpns/1459.php. This works so well that people are saying it is the death knell for IPsec due to its convenience and security. The truth is that SSL is extremely secure and by all accounts is growing in the range of applications which use it.

Even in the context of phishing SSL is very helpful. I got half a dozen Paypal phish emails this morning, and not one of them would have been able to set up a secure SSL session to www.paypal.com. True, the browsers could be tuned up to make this fact a little more obvious. But SSL is still an important part of the solution against phishing as well as against other kinds of attacks.

Given the demonstrated usefulness and security of SSL, your attempt to link proponents of that technology to Hitler is offensive and unacceptable. The mere fact that you are quoting him positively ought to give you cause to think harder about the ethical merits of your argument.

Posted by Cypherpunk at January 22, 2005 05:03 PM

Cypherpunk,

you've done more to show how difficult it is to avoid the connotations of the big lie than anyone else - by falling into the trap! The big lie dares you to believe or to be forever outcast; my comments were as history should be writ, neither favourable nor unfavourable, yet you found yourself pushed by your opposition of the "controversial position" into imagining that I in some way by association compared my "opponents" to Hitler, and worse, I approved?!

That entire thought process could be summed up as "I don't want to be on Hitler's side, and therefore I am opposed to anyone who does not say the obligatory castigating things about him." Check out a book called _1984_, by George Orwell, which is a forerunner for political correctness.

(And now that you've got yourself firmly boxed in as part of the "us" and "them" you proceed to use some brochureware arguments to make your point. What are you going to do if I prove them rubbish? Assume that my proofs have less value because we are in a battle to associate each other with Hitler?)

Your brochureware argument is ridiculous. The "works so well" there relates to convenience not security, or, are you asking us to conclude that IPSec is insecure? Secondly, you need to address the arguments, not the headlines. It is not SSL that is insecure, but the secure browsing system that uses SSL. As it states above. It is the larger security system, but you found it more convenient to oppose by creating the strawman of "SSL is insecure" and then knocking it down.

We agree that SSL will actually be an important part of the solution against phishing. But to do so it has to be employed properly. At the moment, it is not being employed properly. That's the issue, and if we need to address and understand the big lie to get there, then I'm up to testing it against what we know. That's just basic scientific method: construct a theory, and see if it flies. Are you up to that?

Posted by Iang at January 22, 2005 07:07 PM

What you attribute to a big lie could just be blindness to a new truth. I must have made a mistake counting 46 human chromosomes because gorillas have 48 and humans couldn't possibly have fewer, right?

Posted by R at January 23, 2005 11:11 AM
Post a comment









Remember personal info?






Hit Preview to see your comment.
MT::App::Comments=HASH(0x22fa850) Subroutine MT::Blog::SUPER::site_url redefined at /home/iang/www/fc/cgi-bin/mt/lib/MT/Object.pm line 125.