The (Social) Construction of Information Security

While the philosophical foundations of information security have been unexamined, there is an implicit philosophy of what protection of information is. This philosophy is based on the notion of containment, taken from analogies with things that offer physical security (e.g., buildings, safes, fences). I argue that this implicit philosophy is unsatisfactory in the current age of increased connectivity, and provide an alternative foundation. I do so from a constructionist point of view, where the coevolution of social and technical mechanisms is seen as the source of the security of an information system, rather than rational design choices only. I employ the concept of causal insulation from system theory in order to give an account of the fundamental characteristics of information security research. This generates definitions that can be used for philosophically informed discussions on the protection of information in new systems.

[1]  Wolter Pieters,et al.  Combatting Electoral Traces: The Dutch Tempest Discussion and Beyond , 2009, VoteID.

[2]  Wolter Pieters,et al.  Reve\{a,i\}ling the risks: a phenomenology of information security , 2010 .

[3]  R. Dawkins The Extended Phenotype , 1982 .

[4]  Pascal van Eck,et al.  Multi-step attack modelling and simulation (MsAMS) framework based on mobile ambients , 2008, SAC '09.

[5]  David Scott Abstracting application-level security policy for ubiquitous computing , 2005 .

[6]  L. Floridi The Ontological Interpretation of Informational Privacy , 2005, Ethics and Information Technology.

[7]  Gabrielle Durepos Reassembling the Social: An Introduction to Actor‐Network‐Theory , 2008 .

[8]  Charles Ess,et al.  Floridi's Philosophy of Information and Information Ethics: Current Perspectives, Future Directions , 2009, Inf. Soc..

[9]  N. Luhmann Risk: A Sociological Theory , 1993 .

[10]  Yan Ji Voting by Confidence , 2005 .

[11]  Wolter Pieters,et al.  Explanation and trust: what to tell the user in security and AI? , 2011, Ethics and Information Technology.

[12]  H. Nissenbaum Protecting Privacy in an Information Age: The Problem of Privacy in Public , 1998, The Ethics of Information Technologies.

[13]  Andrew C. Myers,et al.  Language-based information-flow security , 2003, IEEE J. Sel. Areas Commun..

[14]  L. Floridi © 1999 Kluwer Academic Publishers. Printed in the Netherlands. Information ethics: On the philosophical foundation of computer ethics ⋆ , 2022 .

[15]  Rebecca T. Mercuri A better ballot box , 2002 .

[16]  Flemming Nielson,et al.  Where Can an Insider Attack? , 2006, Formal Aspects in Security and Trust.

[17]  Bart Jacobs,et al.  Statically checking confidentiality via dynamic labels , 2005, WITS '05.

[18]  Sandro Etalle,et al.  Approaches in Anomaly-based Network Intrusion Detection Systems , 2008 .

[19]  Wolter Pieters,et al.  Acceptance of Voting Technology: Between Confidence and Trust , 2006, iTrust.

[20]  Serge Gutwirth,et al.  Regulating Profiling in a Democratic Constitutional State , 2008, Profiling the European Citizen.

[21]  Michael Waidner,et al.  Platform for Enterprise Privacy Practices: Privacy-Enabled Management of Customer Data , 2002, Privacy Enhancing Technologies.

[22]  H. Maibom Social Systems , 2007 .

[23]  Jon Crowcroft,et al.  Information exposure control through data manipulation for ubiquitous computing , 2004, NSPW '04.

[24]  Pj Philip Nickel Trust in Technological Systems , 2013 .

[25]  Wolter Pieters,et al.  Representing Humans in System Security Models: An Actor-Network Approach , 2011, J. Wirel. Mob. Networks Ubiquitous Comput. Dependable Appl..

[26]  Benedikte Brincker,et al.  Software as Risk: Introduction of Open Standards in the Danish Public Sector , 2010, Inf. Soc..