Projekt

Zurück zur Übersicht

Windows of exposure: Toward an anthropology of computer (in)security and its controversies

Titel Englisch Windows of exposure: Toward an anthropology of computer (in)security and its controversies
Gesuchsteller/in Bozzini David
Nummer 183223
Förderungsinstrument Digital Lives
Forschungseinrichtung Unité Anthropologie sociale Département des Sciences sociales Université de Fribourg
Hochschule Universität Freiburg - FR
Hauptdisziplin Ethnologie
Beginn/Ende 01.09.2018 - 29.02.2020
Bewilligter Betrag 102'228.00
Alle Daten anzeigen

Alle Disziplinen (2)

Disziplin
Ethnologie
Soziologie

Keywords (19)

Security; Disclosure; Computer security; Computer vulnerability; Digital ethnography; Hacking; Anthropology; Digital rights; Controversy; Securitization; Science and Technology; Open Research Data; Digital privacy; Data protection; CERT; IT; Crisis; Risk; Advocacy

Lay Summary (Französisch)

Lead
La sécurité informatique est compromise lorsqu’une vulnérabilité offre un accès non-autorisé à un réseau informatique ou un appareil électronique. De telles vulnérabilités représentent une menace considérable pour la sécurité des données et la vie privée, mais également pour l’économie et les processus politiques de nos sociétés contemporaines. La recherche de ces vulnérabilités représente un élément essentiel à la sécurité des systèmes informatiques.
Lay summary

Le projet vise à rendre compte des dynamiques socio-culturelles, des dimensions éthiques et des processus d’(in)sécuritisation qui relèvent, dans le champ international de la sécurité informatique, (1) de la révélation publique de vulnérabilités découvertes par des chercheurs, (2) de la sécurité opérationnelle d’un réseau particulier et (3) des initiatives de plusieurs associations liées aux droits et à la gouvernance numérique. La divulgation des vulnérabilités est un processus complexe et délicat composé de plusieurs étapes que nous analysons afin d’identifier les principales dimensions de la construction des (in)sécurités informatiques. Par ailleurs, la découverte de nouvelles vulnérabilités provoque des situations de crises : d’une part, les systèmes doivent être protégés en tout temps et d’autre part, ces failles font réagir des associations qui souhaitent améliorer les droits des utilisateurs des TIC et la protection de leurs données. En menant nos recherches dans ces deux directions, nous cherchons à saisir les trajectoires complexes que prennent les questions de sécurité informatique au-delà du cercle des experts et chercheurs. 

Direktlink auf Lay Summary Letzte Aktualisierung: 03.10.2018

Lay Summary (Englisch)

Lead
Computer security is compromised when a vulnerability allows unauthorized access to digital devices or networks. Currently, such computer vulnerabilities represent a considerable threat to the security of contemporary societies and bear tremendous consequences to political processes, the economy and impact social norms and practices. Research on such vulnerabilities is crucial for computer security.
Lay summary

This project aims to account for the socio-cultural dynamics, ethical dimensions and (in)securitziation processes embedded in three interconnected issues in the international field of computer security: (1) the practices of vulnerability disclosure, (2) operational security and (3) advocacy related to digital rights and governance.

Computer vulnerabilities are complex social processes composed of several steps and are highly sensitive in nature. The analysis of such processes aims to identify the main socio-cultural and technical constructions of computer (in)securities. These vulnerabilities create crises and controversies beyond the computer security arena and we aim to trace these developments by analyzing how vulnerabilities are “translated” into two different forums: when they are handled by computer experts involved in operational security and when they are embedded in advocacy initiatives by concerned groups or organizations. These research sections analyze the complex trajectories of computer security issues sprawling amongst experts, professionals and civic circles. 

 

Direktlink auf Lay Summary Letzte Aktualisierung: 03.10.2018

Verantw. Gesuchsteller/in und weitere Gesuchstellende

Mitarbeitende

Abstract

This exploratory project aims to pave the way toward an anthropology of computer (in)security. Computer security is compromised when a vulnerability is exploitable and allows unauthorized access to digital devices or networks. Currently, such computer vulnerabilities represent a considerable threat to the security of contemporary societies and bear tremendous consequences to political processes, the economy and impact social norms and practices. This “digital life” project aims to account for the socio-cultural dynamics, ethical dimensions and (in)securitziation processes embedded into three interconnected issues: the practices of vulnerability disclosure, operational security and advocacy related to digital rights and governance.Computer vulnerability disclosures can take various forms. They are complex social processes composed of several steps and are highly sensitive in nature. They can lead to legal actions against the security researchers who discovery the vulnerability, compromise the reputation of the vendors who are asked to “patch” their products and of course, they can temporarily increase the vulnerability of computer systems and even compromise the data of millions of users. We are interested in researching the socio-cultural organization and negotiation of these disclosures over the last several years to highlight the socio-technical and ethical dynamics in the computer security arena that includes security researchers, vendors and various intermediaries. These vulnerabilities create crises and controversies beyond the computer security arena and we aim to trace these developments by analyzing how vulnerabilities are “translated” into two different forums: when they are handled by computer experts involved in operational security and when they are embedded in advocacy initiatives by concerned groups or organizations. Researching operational forums will lead us to understand how a vulnerability is described, assigned as a risk factor and publicized by entities such as Computer Emergency Response Teams (CERTs) to professionals in IT departments where “patches” and upgrades are implemented according to a strategy, organizational constraints and specific technical complexities. Enquiries related to advocacy initiatives will reveal another “afterlife” of vulnerabilities analyzing how computer (in)security is mobilized, translated and embedded into ethical and political claims and controversies related to digital rights and governance. Altogether, these research sections will analyze the complex trajectories of computer security issues sprawling through experts, professionals and civic circles. Such a multi-focused research perspective will provide an exploration of socio-cultural and technical constructions of various forms of computer (in)securities in our societies to outline a future long-term research campaign. Considering the global configuration of the computer security arena and the ramifications under scrutiny in this project, empirical data collection will take place in various sites and the project will adopt a particular epistemological framework conceptualizing “situations” instead of groups, places or events. An ethnographic approach will characterize the empirical data collection including observations, semi-structured interviews, informal discussions and digital ethnography for all sections.
-