Networked, Nasty, Brutish and Short

NETWORKED, NASTY, BRUTISH AND SHORT

A Social Contract for the Infosphere

Hinne Hettema

IT Security Team Lead

Honorary Research Fellow, Department of Philosophy

The University of Auckland

Private Bag 92019

Auckland

[email protected]

[email protected]

1 Introduction

This paper is about the application of social contract theory to the networked world – or, as

some philosophers call it, the infosphere. The topic of cybersecurity is of course at least as

old as the topic of 'cyber' itself, but for the general public it has only really been center

stage in the last two or three years, and there is still an important discussion to be had

about the social and human impact of cyber and information security. That is a discussion

that the general public has only recently started to engage with and a discussion to which I

think philosophers have an important contribution to make.

The two poles of 'security' and 'community' encompass a range of questions that, as a

trained philosopher, I find interesting and profound. As an example of some of the

– 1 –

mailto:[email protected]

mailto:[email protected]

Hinne Hettema: Networked, Nasty, Brutish and Short: A Social Contract for the Infosphere

questions that I think are in that 'profound' category are the nature of security itself (i.e.

what is it), what it means to live in a 'secure' community, what it means to live in an

'Internet' community and an informationrich ecosystem, the problems around identity,

agency and authority in such a system, a lot of problems around what is right and wrong in

this new environment, and some general problems that the Internet is making a lot more

urgent, such as the (un)desirability of the surveillance state, cybersabotage,

cyberespionage, cybersubversion and finally cyberwar. At issue are the justifications we

may have for either doing or not doing these things, and the conditions under which we

should engage in such activities. And one observation that is worthwhile making at this

point is that many of these questions have been enduring in human history; in other words,

when it comes to many of these issues: without the 'cyber', we've been here before.

Combine the recent intense interest from the general public in these matters with the

profound and enduring nature of the problem, and it is not hard to draw the conclusion

that we are quite possibly on the cusp of a broad discussion that is going to take about

fifteen or twenty years to resolve. Of course, as a philosopher, I find that prospect rather

enticing, and think that the discipline of academic philosophy may have something to

contribute to that debate that is well worth having.

There are two particular aspects of that discussion that I think are profoundly new.

In the first place, we have to have the debate about community and security of the Internet,

or, to use a more neutral term, the infosphere, on a truly global scale. The Internet is not

particularly good at respecting the key historical inventions of the nineteenth century: the

nation state and the national boundary. The second aspect is that the debate on that scale

can, and also will, take place in 'real time', or with the speed of light. I think that being in

– 2 –


New Zealand while that discussion takes place is also interesting: in many ways, New

Zealand is a microcosm of the world, and on the internet, the effects of the 'tyranny of

distance' are lessened to a considerable degree.

What I want to do today is to contribute an opening shot to this discussion by

formulating what I believe is an interesting and constructive theory of how we might

conceive of the tension between community and security in an informational context –

which I'll broadly call an 'infosphere' – such as the Internet. For the nonphilosophers,

there are broadly speaking two types of academic philosophy: a constructive philosophy,

which aims to formulate approaches and frameworks which we can use to tackle difficult

problems, and a critical philosophy, which aims to improve on these models by placing

them under the considerable scrutiny of pertinent objections and counterarguments.

Generally, both types of philosophy have their role. Today I will stay on the 'constructive'

side, and therefore come up with a proposal on how we might think about these matters.

As all constructive proposals in philosophy, it will only survive if it is exposed to the fire of

criticism and debate.

The core of my proposal consists of two specific contentions. In the first place I argue

that we must come up with a philosophically robust notion of the word 'security' – that is,

we must understand what it means, and be able to draw and justify a boundary between

'secure' and 'insecure'. Incidentally, this is one area where I think information security

people may assist philosophers, at least initially.

In the second place, we must come to grips with the notion of 'community' in the

infosphere. By that I mean that we must come to grips with what constitutes it, how we

keep it alive, what our shared interests are in this new ecosystem, and ultimately, the

– 3 –


question of shared norms, justice and how we all get along. As I will furthermore argue, a

consideration of these questions draws in, over time, potential answers to a lot more

questions about right and wrong, and provides a beginning of an answer to the questions

around security, crime, subversion, surveillance and war in the informational ecosystem.

To give a lot of the game away at the beginning: my specific proposal is based on

contractualist theories of social justice. Social contract theories work on the basis of an

(idealised) 'state of nature' in which the actors are assumed to be rationally and ethically

capable in a minimal sense. The social contract ensues when a form of social organisation is

contracted into by these actors by means of a fictitious, idealised, contract: and the fact that

people could have contracted into a particular structure, means that from a philosophical

point of view, this structure can be considered rational and to some degree justified.

2 What is 'Security'?

With that, I'd like to start considering the first of the two questions: what is security? Earlier

on, I mentioned that we do not really have a philosophically robust definition of 'security'.

In this context by 'philosophically robust' I mean a positive proposal that has at least

survived some initial rounds of objections and critique, a definition that we can at least

initially use as a starting point for discussion.

Earlier on I stated that information security professionals may well be of some

assistance to philosophers in this area. An illustration of this fact is that when you type

'security' in the search box of the 'Stanford Encyclopedia of Philosophy', which is an online,

refereed and established source of philosophical information, the first hit is to 'Political

Realism', and the following hits are to 'Internet Research Ethics', 'Computer and

– 4 –


Information Ethics', and 'Information Technology and Moral Values' – indicating that it

seems indeed reasonable to assume that we do have something to contribute here. If this

unscientific test is suggestive of anything, it is that it is noteworthy that 'security' does not

have its own entry, and is predominantly discussed in conjunction with computers and

information technology.

In information security, we do have a definition of 'security'. We tend to say that

'security' of information tends to come in the form of three specific properties of a channel

of communication: confidentiality, integrity and availability. So let's see what we can do

with it as a starting point for a broader definition of the concept of 'security'.

First the concept of 'confidentiality'. By this we usually mean that information has

not been disclosed to people that should not have access to it. Alice sends a message to

Bob, who maybe sends it on to Carol, Carlos or Charlie (who we all trust), who in turn may

send it on to Dan, Dave or Erin, all fine. But we try to keep it away from Chuck, Eve and

Mallory, all of whom, in the lingo of computer security people, have some sort of malicious

intent and a variety of tools to do harm. What I am driving at is that underlying the concept

of 'confidentiality' is a concept of 'community' and concomitant boundaries of trust.

We could further formalise this boundary of trust to something we could call 'civil

society', a group of people trusting each other because they are bound by a common set of

principles, one of which, for instance, could be that they will never disclose a part of the

conversation to Chuck, Eve or Mallory, or in fact, to anyone not bound by these principles.

In other words, without some definition of 'community' a notion of 'confidentiality'

does not make much sense. Alice and Bob, the two initial participants in the conversation,

– 5 –


are a community in a minimal sense. But Alice could also form a community on her own, by

keeping a set of secrets she does not want to share with Bob or anyone else.

'Integrity' is another interesting concept. By that we usually mean that a message has

not been tampered with while in transit. The key to why 'integrity' is important is the

meaning of the message and the use that either Alice or Bob, both members of our minimal

community, will make of the information. In other words, the property of 'integrity' is

needed to ensure a sort of fairness in the information transaction entailed in the

conversation.

I ask Alice to mow my lawns. Alice mows my lawns. She sends me a bill. I pay the

amount on the bill. Integrity ensures that I receive the benefits (as well as the costs) of my

membership in the community in accordance with our prior agreements. If Mallory, my

neighbor, alters the content of the original message and asks Alice to mow both my lawns

and my neighbor's lawns, and I object to Alice's bill afterwards, we can say that, in our civil

society, something has happened that is not fair. If Mallory succeeds, he has his lawns

mowed for free without prior agreement of either me or Alice. As it is, unless we can get

Mallory to pony up, either me or Alice are victims of an unfair transaction.

The last property is 'availability'. Underlying this notion is that the information is of

no good to me if I can't get to it, and the concept of availability, in the context of the

conversation between Alice and Bob, stipulates a crude form of justice: the requirement

that all aspects of the conversation are equally available to all trusted participants in the

conversation, i.e. all members of the community. No one can be left out due to a denial of

service. In other words, for the community underlying the communication, availability

plays the role of a primitive equality of access requirement.

– 6 –


What this suggests in my view is a number of things. In the first place it seems that

we cannot separate the concept of 'security' from a concept of 'community'. Moreover,

aspects of what we think of as 'security' in a transaction can be reconstructed as crude and

primitive forms of justice and fairness on transactions in that community.

I'd like to briefly say at this point that this also tallies with much of our intuitions

and daily usage of the word 'security': we tend to say that we feel 'secure' if we belong

somewhere, and when we can be confident, now and in the future, that the community that

we are part of will treat us fairly and equally.

What all of this suggests, I believe, is that the enduring problem of the information

security professional: how to establish confidentiality, integrity and availability of

communications and data in an untrusted and often hostile environment, is also of key

value as a starting point for a robust definition of 'security' that has wider impact. So

without further ado, here it is: a definition of 'security':

DEF: 'Security' is the confidentiality, integrity (qua fairness) and availability (qua justice) of

all transactions that make us part of civil society.

That is all fine and good, but of course there are lots of problems remaining with this

definition. First of all, we are members of many 'civil societies' – both physical and online –

and as a result, we experience many forms of 'security'. It is not at all clear that the

'security' that we experience in a Facebook community for instance is on a par with the

security we expect from the New Zealand Government or our local neighborhood, and

neither is it clear that this should be the case.

– 7 –


The second objection is that some civil societies can be societies in which people

experience little security: an allpervasive surveillance state has perhaps little regard for

confidentiality, and it is not that hard to conceive of a police state which may, perhaps in

addition to performing overall surveillance, also have little regard for integrity, but instead

engage in making up evidence if they want to throw us in jail. We meet many such societies

in the writings of Franz Kafka, especially in the novel 'The Trial', where the protagonist

Josef K. is indicted and goes through trial for something he doesn't know about.

A third problem is that we have no robust definition of 'civil society'. We have loosely

defined it initially as people being parts of an information transaction – our original Alice

and Bob – and later as a group of people that subscribe to some common principle. But as it

stands in our definition, the whole concept is rather unsatisfactory.

A fourth problem is that the definition can be seen as questionbegging: it can be

argued that the very existence of civil society already involves a modicum of security, and

that the definition in fact adds very little, if anything at all, to our understanding of

security. At least in part this is so because so far, the concept of civil society in our

construction has been one that can be made to fit almost anything.

To overcome some of these objections, or at least shed light on an initial answer, I

propose that we turn to social contract theory to elucidate how we can conceivably build a

civil society in an uncertain world.

3 A Social Contract for the Infosphere

Social contract theory originated in Thomas Hobbes 'Leviathan', a defence of the right of

the absolute monarch. Hobbes wrote this book in 1651, shortly after the end of the English

– 8 –


Civil War, and the end of Charles I on the scaffold. It is probably fair to say that the

political and social situation of that day and age plays a key role in Hobbes' work, especially

in a construct that has underpinned all social contract theory from that day on: the 'state of

nature'.

Hobbes describes the 'state of nature' as a 'state of war of all against all', a state in

which '[...] every man is enemy to every man; the same is consequent to the time, wherein

men live without other security, than what their own strength, and their own invention

shall furnish them withall' (Ch XIII), in other words, a time without security.

There is also a lack of all the outward signs of any civil society: 'In such condition,

there is no place for Industry; because the fruit thereof is uncertain; and consequently no

Culture of the Earth; no Navigation, nor use of the commodities that may be imported by

Sea; no commodious Building; no Instruments of moving, and removing such things as

require much force; no Knowledge of the face of the Earth; no account of Time; no Arts; no

Letters; no Society; and which is worst of all, continuall feare, and danger of violent death;

And the life of man, solitary, poore, nasty, brutish, and short' (Ch XIII).

Hobbes sees the task of the philosopher in providing us an intellectual way out of

that sort of conundrum, through the construction of an argument which allows civil society

to emerge from this uncertain and insecure 'state of nature'. In the twentieth century, we

have come up with a number of game theoretic solutions to the problem posed by the

Hobbesian state of nature. Specifically, we have tended to recast the Hobbesian

predicament in terms of a Prisoners' Dilemma, in which a cooperative civil society is the

desired outcome, but the noncooperative state of 'war of all against all' is the default

solution (technically: the 'Nash equilibrium' in the game).

– 9 –


Hobbes' solution relies on a tiebreaker. His civil society is explicitly some form of

absolute power residing in a single individual. To illustrate that such is not the necessary

outcome of social contract theory I wish to briefly focus on another proponent of the

theory; the philosopher John Locke.

The social contract is also a key element of Locke's 'Second Treatise on Government',

another one of the classics of Western political philosophy. Locke develops the social

contract theory from the perspective of a much more benign state of nature, which for

Locke is a 'state of equal right, all being kings'. In the Lockean contract the participants also

have the obligation to act reasonably, i.e. in accordance with the law of nature, and hence

have a minimal set of ethical obligations. As a consequence, a key to the Lockean solution is

something called an 'ideal history' – a situation in which the participants in the social

contract adhere to a minimal rationality and a minimal ethics, and institute fair dealings

and fair decision making. The Lockean state is just if it can – even if only retrospectively –

be seen to have come about as the end result of such 'ideal history'.

While for Hobbes the outcome of the social contract was the rise to power of an

absolute sovereign, a 'Leviathan', the Lockean solution is, in the words of John Rawls (in his

'Lectures on the History of Political Philosophy', Belknap, 2007), 'a negative one: it excludes

certain forms of regime as illegitimate: those that could not be contracted into by a series of

agreements in ideal history' (p 131; and of course, this shows Locke up for the post 1688

philosopher that he really is). Another feature that makes Locke's social contract radically

different from the Hobbesian contract is the nature of political obligation: in order to

become a member of civil society, the individual must give some sort of consent to become

a full citizen of the political society.

– 10 –


There still is a lively debate about all this, and, in the nature of most philosophical

debate, the best interpretations of Hobbes and Locke are not yet settled. But in the

remainder of this speech, I wish to consider what such a social contract for the infosphere

might look like, and I want to keep the detailed interpretation of what exactly Hobbes or

Locke may have meant to a minimum, only drawing in particular points of view where this

is beneficial to my overall argument.

An extension of social contract theory to the infosphere starts with an observation:

the Internet today, for a digital identity, and from the perspecive of a security professional,

looks remarkably like a Hobbesian 'state of nature'. As we know as cyber security people,

life on the Internet can be nasty, brutish and short, even though it is seldom solitary. But

what gets 'killed' or 'maimed' is our avatars, our gaming characters, our Facebook pages,

our blogs and websites – in other words, the digital extensions we create of ourselves. Cases

of actual killing on the Internet are somewhat rare, though one might argue that some

recent cases of suicide as a result of cyber bullying come remarkably close.

To make the contractualist argument work, we therefore have to consider 'states of

nature' which are capable of accounting for the digital extensions of personae and societies,

and aim to structure an argument for a digital civil society in the infosphere, which involves

not only ourselves, but also our digitally enriched personae.

As an interesting aside, Hobbes has a rich notion of a personae, which is evident in

his definition of representation, albeit that Hobbes' notion of 'representation' is primarily

political: 'A person is he whose words or actions are considered, either as his own, or as

representing the words of actions of another man, or of any other thing to whom they are

attributed, whether truly or by fiction. When they are considered as his own, then he is

– 11 –


called a natural person, and when they are considered as representing the words and

actions of another, then he is a feigned or artifical person'. (Leviathan, Ch XVI)

As Quentin Skinner argues ('Hobbes on Persons, Authors, and Representatives', in

'The Cambridge Companion to Hobbes's Leviathan', Ed P. Springborg, Cambridge University

Press 2007): 'Hobbes' basic suggestion here is that persons can be defined essentially in

terms of their capacity to represent and be represented. A person is someone who, in

speaking or acting, either represents himself – plays his own part – or else represents

another person or thing. If you represent someone else – if you play his part, speak or act in

his name – then you count as an artifical person; if you speak or act in your own name,

then you count as a natural person.' (p 158)

There was no Internet in Hobbes' time, and Skinner further develops this argument

to show that in Hobbes' political philosophy, there is no such thing as a parliament that is

'representative' of the people since we cannot, under the notion of representation developed

above, 'represent' a multitude.

But even though there was no Internet in Hobbes' time, his theory of representation

seems designed for it. For it allows for artificial personae, avatars, which represent us in a

digital environment. What I am suggesting is that the web of information that we weave

around us facilitates digital identities that 'play our part'. In other words, in the networked

world we have digitally enhanced identities.

The core question is then how to construct a social contract on the basis of such

complex personae. Broadly speaking, we have two feasible strategies. The first one is to

approach this problem instrumentally, and argue that the construction of a civil society

(though one that is extended to the infosphere) is the end result of game theoretic or

– 12 –


Pareto type reasoning which constructs a digital civil society because then we'll all be better

off. The second approach follows the Lockean path by arguing that the actors in the

contract all have a minimal set of ethical commitments, and it is these commitments, rather

than pure instrumentalism, which drives the creation of civil society.

4 Instrumental Reasoning

If we follow the instrumentalist route, we have to determine how we can accommodate the

complex personae, and the complex motivations underlying these personae, into a simple

'game' and Pareto type reasoning.

Let us first have a brief look at how the standard argument runs. In a lucid review of

what he calls the 'orthodox' interpetation of Hobbes (see "Hobbesian Contractarianism,

Orthodox and Revisionist." In The Continuum Companion to Hobbes edited by S.A. Lloyd,

forthcoming), Jerry Gaus has argued that the Hobbesian state of war is most commonly

modelled as a Prisoners' Dilemma, in which the Nash equilibrium – the point at which the

outcome is stable and neither party can do better by changing their strategy in the game –

is Pareto suboptimal: both players lose. In the words of Gaus, 'attack is the dominant

strategy' in the Prisoners' Dilemma, and hence 'it makes perfect sense that Hobbes’s social

contract (in commonwealth by institution) is not a contract between the subjects and the

sovereign, but among the subjects, for the crucial thing is that we covenant with each other

(as players in Prisoners' Dilemmas) to be bound by the dictates of the sovereign (which

determine justice) and so avoid Prisoners' Dilemmas.' (p16)

In this result, civil society is recast as the end result of a primarily instrumentalist

line of reasoning in which each of the participants aims to avoid the 'state of nature' as the

– 13 –


worst outcome for everyone and hence refrains from the direct pursuit of their own

interest, since doing so is mutually advantageous. In this sense, the Hobbesian outcome is

modelled as a Pareto constraint on a Prisoners' Dilemma.

Digital personae are a problem for this simple line of reasoning, I think, primarily

because a digital personae – a twitter account, a Facebook page – comes at very low, or

even zero, cost. As a consequence, losing in the digital world, as long as it is in the digital

world only, carries theoretically a zero cost, and hence the Pareto step of the argument

largely fails. This situation is magnified by the fact that attack is also very cheap. People

that do aim to attack us in this way generally do create true zerocost personae, in the form

of anonymised blogs, fake twitter accounts, huge amounts of spam and bogus Facebook

pages. As security experts we have usually supposed that this is because then these

accounts cannot be tracked. Perhaps there is more behind it.

It is a different matter if the loss also involves the physical world, perhaps by

affecting our bank account, our real – as opposed to our Facebook – circle of friends, but I

would still be inclined to argue that in most cases we can rectify what went wrong in the

digital world in the real world with relative ease. The costs of losing are real, but

manageable. The biggest exception to this is perhaps if the attack involves loss of

confidentiality, by publishing materials that we fervently wish to keep out of the public eye.

This would be primarily because the impact of information disclosure is nonreversible.

The somewhat depressing conclusion is then that, due to the low costs associated

with noncooperation in the Prisoners' Dilemma, the Pareto type constraint largely fails in

the case of digital personae, and the modelling of the Hobbesian social contract as a

Prisoners' Dilemma is left at its 'state of nature', or the war of all against all. To fix that, we

– 14 –


either have to increase the cost of loss in the digital world, something that seems hard to

do, or have to look for another possible interpretation of social contract theory.

5 Ethical Commitments: Towards a Cyber ethics

That step brings us to the interesting question of 'cyber ethics'. Quite often, this is cast in

the form of the question whether there exist decisions that a computer should never make,

and that problem is certainly relevant in discussion of robotised warfare, robotised

medicine and perhaps even SCADA systems. But I want to draw the question a little closer

to home, and discuss briefly what the extended digital identities participating in a social

contract owe each other – directly person to person, but also avatar to person, and avatar to

avatar. Do our digital personae have digital obligations?

Philosophers have only recently started to think about this problem in earnest. There

is the beginning of information ethics, which is a global ethics derived from both the

inadequacy of current ethical models and an extension of the scope of the ethical problem

to include information (e.g. Luciano Floridi: 'The Ethics of Information', Oxford University

Press, 2013). I think that information ethics gives us an interesting direction, but is not the

right answer to the problems faced in the area of cybersecurity.

I will propose a notion of a minimally ethically capable cyberactor with a specific

cyberidentity. The question of what we owe to each other, even leaving aside the digital

extensions we now have, is a vexed one and not one that I can settle here in a minute. One

of the more up to date approaches to this problem is found in a large tome (Derek Parfit:

'On What Matters', Oxford University Press 2011) that appeared recently, which argues that

many of the different philosophical approaches to this question are different ways of

– 15 –


'climbing' the same mountain; in other words, the philosophical approaches to this problem

have a lot in common.

The four key ethical principles that Parfit derives from an extensive consideration of

what philosophers call 'trolley problems' are the following:

(R) Everyone ought to treat everyone only in ways to which they could rationally consent.

(S) Everyone ought to regard everyone with respect, and never merely as a means. Even

the morally worst people have as much dignity or worth as anyone else.

(T) If all of our decisions are merely events in times we cannot be responsible for our acts

in any way that could make us deserve to suffer, or to be less happy.

(U) Everyone ought to follow the principles whose being universal laws would make things

go best, because these are the principles whose being universal laws everyone could

rationally will.

Parfit argues that as universal principles, we ought to accept S and T, and have strong

reasons to believe R and U.

An extension of these sort of principles to the infosphere seems doable and, to me,

interesting. Take the first requirement, for instance, of 'rational consent'. A computer

program is not selfaware, so would not be able to consent to anything, but taking our cue

from Hobbes, we can argue that a computer program is one of our representatives, which

means that we can consent for it. In practical terms, that probably means programming.

This is the sort of thing we do in a crude form with rss feeds for instance, which make a

selection of news items and accept summaries of them on our behalf. When we sign up for

– 16 –


a website, often we have to explicitly determine and communicate to the owner whether

that account will generate marketing email and the like (there are usually easy tickboxes

for that sort of thing). Principle R then states that 'hacking' such a tick box is wrong.

In the same way, principle T throws up interesting considerations when we apply it

to the infosphere: in the first instance it implies that it would be wrong for me to treat

someone else's digital personae without respect, or 'merely as a means'. This entails several

interesting subcases. In the first place, it would seem to be wrong to hack someone else's

digital personae and use it as a means to achieve one of my personal ends, whether digital

or physical. It would take detailed consideration of a number of cases of hacking, I believe,

to test this principle and see whether it throws up something interesting. Moreover, the

principle also seems capable of suggesting that it is wrong to create a 'throwaway' digital

personae 'merely' to achieve one of my personal ends. But this is a large side track that we

had better leave at this point to return to our main question of a social contract.

Let us try to accept Parfit's principles at face value, at least initially. We are currently

engaged in a large social debate about the surveillance state. From the perspectives I have

developed here, it is worthwhile noting that this modern 'solution' to the problem is akin, in

the respects that really matter, to the Hobbesian absolute monarch. The surveillance state is

a solution to the problem of the digital 'state of war of all against all'. But it pays to keep in

mind that the rationale for this solution – the game theoretic cum Pareto type reasoning

that brings it into existence – is very questionable in our digital world.

The alternative approach to the social contract, based on a minimal ethics, draws a

different conclusion about the sort of governance we should want. For the Parfitian

principles also stipulate what a social contract would look like, though they do so in the

– 17 –


Lockean tradition. They preclude certain forms of regime as illegitimate, because these

violate principle U in the sense that they could not be contracted into in a Lockean 'ideal

history'.

The basic ethical precepts of respect, consent and limitation of suffering are, I

believe, not part and parcel of the surveillance state. Choosing the alternative interpretation

of the social contract, the minimal ethical commitments that we must subscribe to in order

to arrive at a cyber social contract illustrate that the sort of governance that must regulate

our actions as cyber security professionals is precarious, never fully settled, and subject to

debate most of the time. The reason for this is obvious: the end result of the Lockean

bargain in the social contract is a set of negative conditions on the state: the Lockean

outcome specifies what the state cannot be. This negative condition on the state is also at

play, I believe in the famous saying in the computer industry: 'when you have to choose

between freedom and security, always choose freedom'. Here 'security' is equated with the

Hobbesian, total surveillance state, and I believe the word 'freedom' exemplifies this

negative condition on the nature of the state.

We are sort of used to this kind of reflection since the IT industry is so fast moving,

and new technology is constantly challenging our assumptions and rules of yesterday.

There is also a large degree to which engineering decisions on the internet are indeed made

in an explicit – as opposed to a merely hypothetical – social contract. We would do well, I

believe, to continue that tradition of challenging and questioning.

So there are no easy answers. Our governance of the security state of the internet

has to focus on avoiding the lure of total surveillance, and focus on the positive values of

justice and fairness to people and their digital identities and creations. My personal

– 18 –


conviction is that the values embodied in the open source movement and the Gnu Public

License are somewhere close to that ideal. But it is also clear that the discussion will be

ongoing.

6 CyberWar

To conclude, I wish to make a few passing remarks about the topic of cyberwar. A recent

book by Thomas Rid entitled 'Cyber war will not take place' (Oxford University Press, 2013)

argues that the concept of a cyberwar – an all encompassing attack by Internet borne

malware that shuts down telephone networks, financial institutions, hospitals, power

generation, police and disaster response communications and networks, in other words,

something straight out of the script for a Hollywood disaster movie – is an enticing notion

that speaks to the imagination. Yet it also distracts from the reality of cyberwar.

Rid uses the framework of Clausewitz to argue that the events that to date have

taken in place cyber space, and the events that could conceivably take place, do not meet

the criteria for warfare. Clausewitz' three criteria for war are that it is violent, instrumental

and political in character. The reason, according to Rid, that the cyber 'war' argument does

not work is because it does not meet any of these three criteria particularly well. Firstly,

cyber war tends to reduce instead of increase violence. In the words of Rid, we are

currently witnessing a 'computerenabled assault on violence itself' (p. xiv). [...] 'Violence

administered through cyberspace is less direct in at least four ways: it is less physical, less

emotional, less symbolic, and, as a result, less instrumental than more conventional uses of

political violence' (p 12).

– 19 –


Instead, Rid argues, cyberspace is particularly suited to three types of operations that

fall short of war in the sense of Clausewitz: specifically sabotage, espionage, and

subversion.

From the perspective that I have developed here, Rid's argument is somewhat

problematic. A first problem is that Rid's theory, through its connection to Clausewitz'

criteria, seems limited to belligerent acts from nation states. Rid's argument does work to

some degree in cases where the actors are nation states. However, in the information rich

ecosystem that makes up the Internet we have many different social communities that

could conceivably 'go to war' with each other for the sort of reasons and with the sort of

means that Clausewitz mentions: violent, instrumental and political. They are just not

nation states.

This limitation on Rid's argument is pertinent for most of us, who are working as

cyber security people for organisations that are not nationstates, but sometimes feel that

we are in a state of war.

We could conceivably replace Clausewitz' criteria for belligerent action with another

set of criteria, the socalled 'just war theory', which was primarily developed much earlier

by Augustine and Thomas Aquinas: instead of conceptualising war as a violent extension of

a normal political process of deliberation between nation states, 'just war' criteria are

primarily focused on reasons for war between societies based on religious conviction and

divine command. In brief, Aquinas' conditions for just war focus on proper authority,

proper purpose, and an aim to establish peace.

Without going into much more detail, it seems to me more likely that just war

considerations can be applied to cyber war as opposed to Clausewitz' notion of war as one

– 20 –


extreme of a political process: they are more sectarian, less political, more fractured, and

allow for a greater range of operations. They are also closer to what I believe we are seeing

on the internet, especially in the form of hacktivism.

Provided we solve the main problem I have considered here, the construction of a

social contract for the infosphere, it seems to me that warlike operations against extended

digital personae are indeed possible and under certain circumstances justified. If we

approach these from the just war perspective, the focus must be on authority and purpose,

and these two are clarified by a social contract process.

7 Conclusion

I hope to have made it at least somewhat plausible that philosophers and cybersecurity

people have a lot of interesting topics to discuss. For us as cyber security people, it means

that we are entering an interesting, reflective, phase of our profession. We should not make

the mistake to think that this phase will be a private phase, however. It will be very messy,

very public, and very heated.

– 21 –

Documents

Networked, Nasty, Brutish and Short