And indeed it would be. Conversely, if you only used a gun to defend your self it would be a defensive technology. Seems like classifying technology as either offensive or defensive is a fool's errand. Perhaps you should try a different argument.
One could maybe play silly rhetorical games like "It wasn't the gun that killed him, it was the bullet", but to say "It wasn't the gun that killed him, it was the house that the killer lived in while she thought about committing the crime" is beyond ridiculous.
I feel quite comfortable classifying encrypted messaging apps in the same category as houses and chain mail, even if the US government has historically disagreed.
There is an difference between doing something directly and indirectly. Anything can do anything given enough indirection. There is no plausible way in which your ordinary use of encryption or body armor could directly harm anybody else. There are some immediately obvious ways that your ordinary use of a howitzer could directly harm somebody else.
And the right to defend yourself using indirect offensive measures has no inherent symmetry with the right of government (or lack thereof) to prevent you from defending yourself using direct defensive measures.
Not really. Ransomware works by creating an encrypted copy of your data and then deleting the original data. The direct harm comes from deleting the original. Where would the harm be if all they did was create an encrypted copy without deleting the original?
And the same attack works if instead of encrypting your data they upload a copy of it to their servers before deleting it. Albeit less efficiently, so we're back to indirect harms.
