This exploratory project aims to pave the way toward an anthropology of computer (in)security. Computer security is compromised when a vulnerability is exploitable and allows unauthorized access to digital devices or networks. Currently, such computer vulnerabilities represent a considerable threat to the security of contemporary societies and bear tremendous consequences to political processes, the economy and impact social norms and practices. This “digital lives” project aims to account for the socio-cultural dynamics, ethical dimensions and (in)securitziation processes embedded into three interconnected issues: the practices of vulnerability disclosure, operational security and advocacy related to digital rights and governance.
Computer vulnerability disclosures can take various forms. They are complex social processes composed of several steps and are highly sensitive in nature. They can lead to legal actions against the security researchers who discovery the vulnerability, compromise the reputation of the vendors who are asked to “patch” their products and of course, they can temporarily increase the vulnerability of computer systems and even compromise the data of millions of users. We are interested in researching the socio-cultural organization and negotiation of these disclosures over the last several years to highlight the socio-technical and ethical dynamics in the computer security arena that includes security researchers, vendors and various intermediaries.
These vulnerabilities create crises and controversies beyond the computer security arena and we aim to trace these developments by analyzing how vulnerabilities are “translated” into two different forums: when they are handled by computer experts involved in operational security and when they are embedded in advocacy initiatives by concerned groups or organizations. Researching operational forums will lead us to understand how a vulnerability is described, assigned as a risk factor and publicized by entities such as Computer Emergency Response Teams (CERTs) to professionals in IT departments where “patches” and upgrades are implemented according to a strategy, organizational constraints and specific technical complexities. Enquiries related to advocacy initiatives will reveal another “afterlife” of vulnerabilities analyzing how computer (in)security is mobilized, translated and embedded into ethical and political claims and controversies related to digital rights and governance.
Altogether, these research sections will analyze the complex trajectories of computer security issues sprawling through experts, professionals and civic circles. Such a multi-focused research perspective will provide an exploration of socio-cultural and technical constructions of various forms of computer (in)securities in our societies to outline a future long-term research campaign. Considering the global configuration of the computer security arena and the ramifications under scrutiny in this project, empirical data collection will take place in various sites and the project will adopt a particular epistemological framework conceptualizing “situations” instead of groups, places or events. An ethnographic approach will characterize the empirical data collection including observations, semi-structured interviews, informal discussions and digital ethnography for all sections.