Upload
uq
View
0
Download
0
Embed Size (px)
Citation preview
NETWORKED, NASTY, BRUTISH AND SHORT
A Social Contract for the Infosphere
Hinne Hettema
IT Security Team Lead
Honorary Research Fellow, Department of Philosophy
The University of Auckland
Private Bag 92019
Auckland
1 Introduction
This paper is about the application of social contract theory to the networked world – or, as
some philosophers call it, the infosphere. The topic of cybersecurity is of course at least as
old as the topic of 'cyber' itself, but for the general public it has only really been center
stage in the last two or three years, and there is still an important discussion to be had
about the social and human impact of cyber and information security. That is a discussion
that the general public has only recently started to engage with and a discussion to which I
think philosophers have an important contribution to make.
The two poles of 'security' and 'community' encompass a range of questions that, as a
trained philosopher, I find interesting and profound. As an example of some of the
– 1 –
Hinne Hettema: Networked, Nasty, Brutish and Short: A Social Contract for the Infosphere
questions that I think are in that 'profound' category are the nature of security itself (i.e.
what is it), what it means to live in a 'secure' community, what it means to live in an
'Internet' community and an informationrich ecosystem, the problems around identity,
agency and authority in such a system, a lot of problems around what is right and wrong in
this new environment, and some general problems that the Internet is making a lot more
urgent, such as the (un)desirability of the surveillance state, cybersabotage,
cyberespionage, cybersubversion and finally cyberwar. At issue are the justifications we
may have for either doing or not doing these things, and the conditions under which we
should engage in such activities. And one observation that is worthwhile making at this
point is that many of these questions have been enduring in human history; in other words,
when it comes to many of these issues: without the 'cyber', we've been here before.
Combine the recent intense interest from the general public in these matters with the
profound and enduring nature of the problem, and it is not hard to draw the conclusion
that we are quite possibly on the cusp of a broad discussion that is going to take about
fifteen or twenty years to resolve. Of course, as a philosopher, I find that prospect rather
enticing, and think that the discipline of academic philosophy may have something to
contribute to that debate that is well worth having.
There are two particular aspects of that discussion that I think are profoundly new.
In the first place, we have to have the debate about community and security of the Internet,
or, to use a more neutral term, the infosphere, on a truly global scale. The Internet is not
particularly good at respecting the key historical inventions of the nineteenth century: the
nation state and the national boundary. The second aspect is that the debate on that scale
can, and also will, take place in 'real time', or with the speed of light. I think that being in
– 2 –
Hinne Hettema: Networked, Nasty, Brutish and Short: A Social Contract for the Infosphere
New Zealand while that discussion takes place is also interesting: in many ways, New
Zealand is a microcosm of the world, and on the internet, the effects of the 'tyranny of
distance' are lessened to a considerable degree.
What I want to do today is to contribute an opening shot to this discussion by
formulating what I believe is an interesting and constructive theory of how we might
conceive of the tension between community and security in an informational context –
which I'll broadly call an 'infosphere' – such as the Internet. For the nonphilosophers,
there are broadly speaking two types of academic philosophy: a constructive philosophy,
which aims to formulate approaches and frameworks which we can use to tackle difficult
problems, and a critical philosophy, which aims to improve on these models by placing
them under the considerable scrutiny of pertinent objections and counterarguments.
Generally, both types of philosophy have their role. Today I will stay on the 'constructive'
side, and therefore come up with a proposal on how we might think about these matters.
As all constructive proposals in philosophy, it will only survive if it is exposed to the fire of
criticism and debate.
The core of my proposal consists of two specific contentions. In the first place I argue
that we must come up with a philosophically robust notion of the word 'security' – that is,
we must understand what it means, and be able to draw and justify a boundary between
'secure' and 'insecure'. Incidentally, this is one area where I think information security
people may assist philosophers, at least initially.
In the second place, we must come to grips with the notion of 'community' in the
infosphere. By that I mean that we must come to grips with what constitutes it, how we
keep it alive, what our shared interests are in this new ecosystem, and ultimately, the
– 3 –
Hinne Hettema: Networked, Nasty, Brutish and Short: A Social Contract for the Infosphere
question of shared norms, justice and how we all get along. As I will furthermore argue, a
consideration of these questions draws in, over time, potential answers to a lot more
questions about right and wrong, and provides a beginning of an answer to the questions
around security, crime, subversion, surveillance and war in the informational ecosystem.
To give a lot of the game away at the beginning: my specific proposal is based on
contractualist theories of social justice. Social contract theories work on the basis of an
(idealised) 'state of nature' in which the actors are assumed to be rationally and ethically
capable in a minimal sense. The social contract ensues when a form of social organisation is
contracted into by these actors by means of a fictitious, idealised, contract: and the fact that
people could have contracted into a particular structure, means that from a philosophical
point of view, this structure can be considered rational and to some degree justified.
2 What is 'Security'?
With that, I'd like to start considering the first of the two questions: what is security? Earlier
on, I mentioned that we do not really have a philosophically robust definition of 'security'.
In this context by 'philosophically robust' I mean a positive proposal that has at least
survived some initial rounds of objections and critique, a definition that we can at least
initially use as a starting point for discussion.
Earlier on I stated that information security professionals may well be of some
assistance to philosophers in this area. An illustration of this fact is that when you type
'security' in the search box of the 'Stanford Encyclopedia of Philosophy', which is an online,
refereed and established source of philosophical information, the first hit is to 'Political
Realism', and the following hits are to 'Internet Research Ethics', 'Computer and
– 4 –
Hinne Hettema: Networked, Nasty, Brutish and Short: A Social Contract for the Infosphere
Information Ethics', and 'Information Technology and Moral Values' – indicating that it
seems indeed reasonable to assume that we do have something to contribute here. If this
unscientific test is suggestive of anything, it is that it is noteworthy that 'security' does not
have its own entry, and is predominantly discussed in conjunction with computers and
information technology.
In information security, we do have a definition of 'security'. We tend to say that
'security' of information tends to come in the form of three specific properties of a channel
of communication: confidentiality, integrity and availability. So let's see what we can do
with it as a starting point for a broader definition of the concept of 'security'.
First the concept of 'confidentiality'. By this we usually mean that information has
not been disclosed to people that should not have access to it. Alice sends a message to
Bob, who maybe sends it on to Carol, Carlos or Charlie (who we all trust), who in turn may
send it on to Dan, Dave or Erin, all fine. But we try to keep it away from Chuck, Eve and
Mallory, all of whom, in the lingo of computer security people, have some sort of malicious
intent and a variety of tools to do harm. What I am driving at is that underlying the concept
of 'confidentiality' is a concept of 'community' and concomitant boundaries of trust.
We could further formalise this boundary of trust to something we could call 'civil
society', a group of people trusting each other because they are bound by a common set of
principles, one of which, for instance, could be that they will never disclose a part of the
conversation to Chuck, Eve or Mallory, or in fact, to anyone not bound by these principles.
In other words, without some definition of 'community' a notion of 'confidentiality'
does not make much sense. Alice and Bob, the two initial participants in the conversation,
– 5 –
Hinne Hettema: Networked, Nasty, Brutish and Short: A Social Contract for the Infosphere
are a community in a minimal sense. But Alice could also form a community on her own, by
keeping a set of secrets she does not want to share with Bob or anyone else.
'Integrity' is another interesting concept. By that we usually mean that a message has
not been tampered with while in transit. The key to why 'integrity' is important is the
meaning of the message and the use that either Alice or Bob, both members of our minimal
community, will make of the information. In other words, the property of 'integrity' is
needed to ensure a sort of fairness in the information transaction entailed in the
conversation.
I ask Alice to mow my lawns. Alice mows my lawns. She sends me a bill. I pay the
amount on the bill. Integrity ensures that I receive the benefits (as well as the costs) of my
membership in the community in accordance with our prior agreements. If Mallory, my
neighbor, alters the content of the original message and asks Alice to mow both my lawns
and my neighbor's lawns, and I object to Alice's bill afterwards, we can say that, in our civil
society, something has happened that is not fair. If Mallory succeeds, he has his lawns
mowed for free without prior agreement of either me or Alice. As it is, unless we can get
Mallory to pony up, either me or Alice are victims of an unfair transaction.
The last property is 'availability'. Underlying this notion is that the information is of
no good to me if I can't get to it, and the concept of availability, in the context of the
conversation between Alice and Bob, stipulates a crude form of justice: the requirement
that all aspects of the conversation are equally available to all trusted participants in the
conversation, i.e. all members of the community. No one can be left out due to a denial of
service. In other words, for the community underlying the communication, availability
plays the role of a primitive equality of access requirement.
– 6 –
Hinne Hettema: Networked, Nasty, Brutish and Short: A Social Contract for the Infosphere
What this suggests in my view is a number of things. In the first place it seems that
we cannot separate the concept of 'security' from a concept of 'community'. Moreover,
aspects of what we think of as 'security' in a transaction can be reconstructed as crude and
primitive forms of justice and fairness on transactions in that community.
I'd like to briefly say at this point that this also tallies with much of our intuitions
and daily usage of the word 'security': we tend to say that we feel 'secure' if we belong
somewhere, and when we can be confident, now and in the future, that the community that
we are part of will treat us fairly and equally.
What all of this suggests, I believe, is that the enduring problem of the information
security professional: how to establish confidentiality, integrity and availability of
communications and data in an untrusted and often hostile environment, is also of key
value as a starting point for a robust definition of 'security' that has wider impact. So
without further ado, here it is: a definition of 'security':
DEF: 'Security' is the confidentiality, integrity (qua fairness) and availability (qua justice) of
all transactions that make us part of civil society.
That is all fine and good, but of course there are lots of problems remaining with this
definition. First of all, we are members of many 'civil societies' – both physical and online –
and as a result, we experience many forms of 'security'. It is not at all clear that the
'security' that we experience in a Facebook community for instance is on a par with the
security we expect from the New Zealand Government or our local neighborhood, and
neither is it clear that this should be the case.
– 7 –
Hinne Hettema: Networked, Nasty, Brutish and Short: A Social Contract for the Infosphere
The second objection is that some civil societies can be societies in which people
experience little security: an allpervasive surveillance state has perhaps little regard for
confidentiality, and it is not that hard to conceive of a police state which may, perhaps in
addition to performing overall surveillance, also have little regard for integrity, but instead
engage in making up evidence if they want to throw us in jail. We meet many such societies
in the writings of Franz Kafka, especially in the novel 'The Trial', where the protagonist
Josef K. is indicted and goes through trial for something he doesn't know about.
A third problem is that we have no robust definition of 'civil society'. We have loosely
defined it initially as people being parts of an information transaction – our original Alice
and Bob – and later as a group of people that subscribe to some common principle. But as it
stands in our definition, the whole concept is rather unsatisfactory.
A fourth problem is that the definition can be seen as questionbegging: it can be
argued that the very existence of civil society already involves a modicum of security, and
that the definition in fact adds very little, if anything at all, to our understanding of
security. At least in part this is so because so far, the concept of civil society in our
construction has been one that can be made to fit almost anything.
To overcome some of these objections, or at least shed light on an initial answer, I
propose that we turn to social contract theory to elucidate how we can conceivably build a
civil society in an uncertain world.
3 A Social Contract for the Infosphere
Social contract theory originated in Thomas Hobbes 'Leviathan', a defence of the right of
the absolute monarch. Hobbes wrote this book in 1651, shortly after the end of the English
– 8 –
Hinne Hettema: Networked, Nasty, Brutish and Short: A Social Contract for the Infosphere
Civil War, and the end of Charles I on the scaffold. It is probably fair to say that the
political and social situation of that day and age plays a key role in Hobbes' work, especially
in a construct that has underpinned all social contract theory from that day on: the 'state of
nature'.
Hobbes describes the 'state of nature' as a 'state of war of all against all', a state in
which '[...] every man is enemy to every man; the same is consequent to the time, wherein
men live without other security, than what their own strength, and their own invention
shall furnish them withall' (Ch XIII), in other words, a time without security.
There is also a lack of all the outward signs of any civil society: 'In such condition,
there is no place for Industry; because the fruit thereof is uncertain; and consequently no
Culture of the Earth; no Navigation, nor use of the commodities that may be imported by
Sea; no commodious Building; no Instruments of moving, and removing such things as
require much force; no Knowledge of the face of the Earth; no account of Time; no Arts; no
Letters; no Society; and which is worst of all, continuall feare, and danger of violent death;
And the life of man, solitary, poore, nasty, brutish, and short' (Ch XIII).
Hobbes sees the task of the philosopher in providing us an intellectual way out of
that sort of conundrum, through the construction of an argument which allows civil society
to emerge from this uncertain and insecure 'state of nature'. In the twentieth century, we
have come up with a number of game theoretic solutions to the problem posed by the
Hobbesian state of nature. Specifically, we have tended to recast the Hobbesian
predicament in terms of a Prisoners' Dilemma, in which a cooperative civil society is the
desired outcome, but the noncooperative state of 'war of all against all' is the default
solution (technically: the 'Nash equilibrium' in the game).
– 9 –
Hinne Hettema: Networked, Nasty, Brutish and Short: A Social Contract for the Infosphere
Hobbes' solution relies on a tiebreaker. His civil society is explicitly some form of
absolute power residing in a single individual. To illustrate that such is not the necessary
outcome of social contract theory I wish to briefly focus on another proponent of the
theory; the philosopher John Locke.
The social contract is also a key element of Locke's 'Second Treatise on Government',
another one of the classics of Western political philosophy. Locke develops the social
contract theory from the perspective of a much more benign state of nature, which for
Locke is a 'state of equal right, all being kings'. In the Lockean contract the participants also
have the obligation to act reasonably, i.e. in accordance with the law of nature, and hence
have a minimal set of ethical obligations. As a consequence, a key to the Lockean solution is
something called an 'ideal history' – a situation in which the participants in the social
contract adhere to a minimal rationality and a minimal ethics, and institute fair dealings
and fair decision making. The Lockean state is just if it can – even if only retrospectively –
be seen to have come about as the end result of such 'ideal history'.
While for Hobbes the outcome of the social contract was the rise to power of an
absolute sovereign, a 'Leviathan', the Lockean solution is, in the words of John Rawls (in his
'Lectures on the History of Political Philosophy', Belknap, 2007), 'a negative one: it excludes
certain forms of regime as illegitimate: those that could not be contracted into by a series of
agreements in ideal history' (p 131; and of course, this shows Locke up for the post 1688
philosopher that he really is). Another feature that makes Locke's social contract radically
different from the Hobbesian contract is the nature of political obligation: in order to
become a member of civil society, the individual must give some sort of consent to become
a full citizen of the political society.
– 10 –
Hinne Hettema: Networked, Nasty, Brutish and Short: A Social Contract for the Infosphere
There still is a lively debate about all this, and, in the nature of most philosophical
debate, the best interpretations of Hobbes and Locke are not yet settled. But in the
remainder of this speech, I wish to consider what such a social contract for the infosphere
might look like, and I want to keep the detailed interpretation of what exactly Hobbes or
Locke may have meant to a minimum, only drawing in particular points of view where this
is beneficial to my overall argument.
An extension of social contract theory to the infosphere starts with an observation:
the Internet today, for a digital identity, and from the perspecive of a security professional,
looks remarkably like a Hobbesian 'state of nature'. As we know as cyber security people,
life on the Internet can be nasty, brutish and short, even though it is seldom solitary. But
what gets 'killed' or 'maimed' is our avatars, our gaming characters, our Facebook pages,
our blogs and websites – in other words, the digital extensions we create of ourselves. Cases
of actual killing on the Internet are somewhat rare, though one might argue that some
recent cases of suicide as a result of cyber bullying come remarkably close.
To make the contractualist argument work, we therefore have to consider 'states of
nature' which are capable of accounting for the digital extensions of personae and societies,
and aim to structure an argument for a digital civil society in the infosphere, which involves
not only ourselves, but also our digitally enriched personae.
As an interesting aside, Hobbes has a rich notion of a personae, which is evident in
his definition of representation, albeit that Hobbes' notion of 'representation' is primarily
political: 'A person is he whose words or actions are considered, either as his own, or as
representing the words of actions of another man, or of any other thing to whom they are
attributed, whether truly or by fiction. When they are considered as his own, then he is
– 11 –
Hinne Hettema: Networked, Nasty, Brutish and Short: A Social Contract for the Infosphere
called a natural person, and when they are considered as representing the words and
actions of another, then he is a feigned or artifical person'. (Leviathan, Ch XVI)
As Quentin Skinner argues ('Hobbes on Persons, Authors, and Representatives', in
'The Cambridge Companion to Hobbes's Leviathan', Ed P. Springborg, Cambridge University
Press 2007): 'Hobbes' basic suggestion here is that persons can be defined essentially in
terms of their capacity to represent and be represented. A person is someone who, in
speaking or acting, either represents himself – plays his own part – or else represents
another person or thing. If you represent someone else – if you play his part, speak or act in
his name – then you count as an artifical person; if you speak or act in your own name,
then you count as a natural person.' (p 158)
There was no Internet in Hobbes' time, and Skinner further develops this argument
to show that in Hobbes' political philosophy, there is no such thing as a parliament that is
'representative' of the people since we cannot, under the notion of representation developed
above, 'represent' a multitude.
But even though there was no Internet in Hobbes' time, his theory of representation
seems designed for it. For it allows for artificial personae, avatars, which represent us in a
digital environment. What I am suggesting is that the web of information that we weave
around us facilitates digital identities that 'play our part'. In other words, in the networked
world we have digitally enhanced identities.
The core question is then how to construct a social contract on the basis of such
complex personae. Broadly speaking, we have two feasible strategies. The first one is to
approach this problem instrumentally, and argue that the construction of a civil society
(though one that is extended to the infosphere) is the end result of game theoretic or
– 12 –
Hinne Hettema: Networked, Nasty, Brutish and Short: A Social Contract for the Infosphere
Pareto type reasoning which constructs a digital civil society because then we'll all be better
off. The second approach follows the Lockean path by arguing that the actors in the
contract all have a minimal set of ethical commitments, and it is these commitments, rather
than pure instrumentalism, which drives the creation of civil society.
4 Instrumental Reasoning
If we follow the instrumentalist route, we have to determine how we can accommodate the
complex personae, and the complex motivations underlying these personae, into a simple
'game' and Pareto type reasoning.
Let us first have a brief look at how the standard argument runs. In a lucid review of
what he calls the 'orthodox' interpetation of Hobbes (see "Hobbesian Contractarianism,
Orthodox and Revisionist." In The Continuum Companion to Hobbes edited by S.A. Lloyd,
forthcoming), Jerry Gaus has argued that the Hobbesian state of war is most commonly
modelled as a Prisoners' Dilemma, in which the Nash equilibrium – the point at which the
outcome is stable and neither party can do better by changing their strategy in the game –
is Pareto suboptimal: both players lose. In the words of Gaus, 'attack is the dominant
strategy' in the Prisoners' Dilemma, and hence 'it makes perfect sense that Hobbes’s social
contract (in commonwealth by institution) is not a contract between the subjects and the
sovereign, but among the subjects, for the crucial thing is that we covenant with each other
(as players in Prisoners' Dilemmas) to be bound by the dictates of the sovereign (which
determine justice) and so avoid Prisoners' Dilemmas.' (p16)
In this result, civil society is recast as the end result of a primarily instrumentalist
line of reasoning in which each of the participants aims to avoid the 'state of nature' as the
– 13 –
Hinne Hettema: Networked, Nasty, Brutish and Short: A Social Contract for the Infosphere
worst outcome for everyone and hence refrains from the direct pursuit of their own
interest, since doing so is mutually advantageous. In this sense, the Hobbesian outcome is
modelled as a Pareto constraint on a Prisoners' Dilemma.
Digital personae are a problem for this simple line of reasoning, I think, primarily
because a digital personae – a twitter account, a Facebook page – comes at very low, or
even zero, cost. As a consequence, losing in the digital world, as long as it is in the digital
world only, carries theoretically a zero cost, and hence the Pareto step of the argument
largely fails. This situation is magnified by the fact that attack is also very cheap. People
that do aim to attack us in this way generally do create true zerocost personae, in the form
of anonymised blogs, fake twitter accounts, huge amounts of spam and bogus Facebook
pages. As security experts we have usually supposed that this is because then these
accounts cannot be tracked. Perhaps there is more behind it.
It is a different matter if the loss also involves the physical world, perhaps by
affecting our bank account, our real – as opposed to our Facebook – circle of friends, but I
would still be inclined to argue that in most cases we can rectify what went wrong in the
digital world in the real world with relative ease. The costs of losing are real, but
manageable. The biggest exception to this is perhaps if the attack involves loss of
confidentiality, by publishing materials that we fervently wish to keep out of the public eye.
This would be primarily because the impact of information disclosure is nonreversible.
The somewhat depressing conclusion is then that, due to the low costs associated
with noncooperation in the Prisoners' Dilemma, the Pareto type constraint largely fails in
the case of digital personae, and the modelling of the Hobbesian social contract as a
Prisoners' Dilemma is left at its 'state of nature', or the war of all against all. To fix that, we
– 14 –
Hinne Hettema: Networked, Nasty, Brutish and Short: A Social Contract for the Infosphere
either have to increase the cost of loss in the digital world, something that seems hard to
do, or have to look for another possible interpretation of social contract theory.
5 Ethical Commitments: Towards a Cyber ethics
That step brings us to the interesting question of 'cyber ethics'. Quite often, this is cast in
the form of the question whether there exist decisions that a computer should never make,
and that problem is certainly relevant in discussion of robotised warfare, robotised
medicine and perhaps even SCADA systems. But I want to draw the question a little closer
to home, and discuss briefly what the extended digital identities participating in a social
contract owe each other – directly person to person, but also avatar to person, and avatar to
avatar. Do our digital personae have digital obligations?
Philosophers have only recently started to think about this problem in earnest. There
is the beginning of information ethics, which is a global ethics derived from both the
inadequacy of current ethical models and an extension of the scope of the ethical problem
to include information (e.g. Luciano Floridi: 'The Ethics of Information', Oxford University
Press, 2013). I think that information ethics gives us an interesting direction, but is not the
right answer to the problems faced in the area of cybersecurity.
I will propose a notion of a minimally ethically capable cyberactor with a specific
cyberidentity. The question of what we owe to each other, even leaving aside the digital
extensions we now have, is a vexed one and not one that I can settle here in a minute. One
of the more up to date approaches to this problem is found in a large tome (Derek Parfit:
'On What Matters', Oxford University Press 2011) that appeared recently, which argues that
many of the different philosophical approaches to this question are different ways of
– 15 –
Hinne Hettema: Networked, Nasty, Brutish and Short: A Social Contract for the Infosphere
'climbing' the same mountain; in other words, the philosophical approaches to this problem
have a lot in common.
The four key ethical principles that Parfit derives from an extensive consideration of
what philosophers call 'trolley problems' are the following:
(R) Everyone ought to treat everyone only in ways to which they could rationally consent.
(S) Everyone ought to regard everyone with respect, and never merely as a means. Even
the morally worst people have as much dignity or worth as anyone else.
(T) If all of our decisions are merely events in times we cannot be responsible for our acts
in any way that could make us deserve to suffer, or to be less happy.
(U) Everyone ought to follow the principles whose being universal laws would make things
go best, because these are the principles whose being universal laws everyone could
rationally will.
Parfit argues that as universal principles, we ought to accept S and T, and have strong
reasons to believe R and U.
An extension of these sort of principles to the infosphere seems doable and, to me,
interesting. Take the first requirement, for instance, of 'rational consent'. A computer
program is not selfaware, so would not be able to consent to anything, but taking our cue
from Hobbes, we can argue that a computer program is one of our representatives, which
means that we can consent for it. In practical terms, that probably means programming.
This is the sort of thing we do in a crude form with rss feeds for instance, which make a
selection of news items and accept summaries of them on our behalf. When we sign up for
– 16 –
Hinne Hettema: Networked, Nasty, Brutish and Short: A Social Contract for the Infosphere
a website, often we have to explicitly determine and communicate to the owner whether
that account will generate marketing email and the like (there are usually easy tickboxes
for that sort of thing). Principle R then states that 'hacking' such a tick box is wrong.
In the same way, principle T throws up interesting considerations when we apply it
to the infosphere: in the first instance it implies that it would be wrong for me to treat
someone else's digital personae without respect, or 'merely as a means'. This entails several
interesting subcases. In the first place, it would seem to be wrong to hack someone else's
digital personae and use it as a means to achieve one of my personal ends, whether digital
or physical. It would take detailed consideration of a number of cases of hacking, I believe,
to test this principle and see whether it throws up something interesting. Moreover, the
principle also seems capable of suggesting that it is wrong to create a 'throwaway' digital
personae 'merely' to achieve one of my personal ends. But this is a large side track that we
had better leave at this point to return to our main question of a social contract.
Let us try to accept Parfit's principles at face value, at least initially. We are currently
engaged in a large social debate about the surveillance state. From the perspectives I have
developed here, it is worthwhile noting that this modern 'solution' to the problem is akin, in
the respects that really matter, to the Hobbesian absolute monarch. The surveillance state is
a solution to the problem of the digital 'state of war of all against all'. But it pays to keep in
mind that the rationale for this solution – the game theoretic cum Pareto type reasoning
that brings it into existence – is very questionable in our digital world.
The alternative approach to the social contract, based on a minimal ethics, draws a
different conclusion about the sort of governance we should want. For the Parfitian
principles also stipulate what a social contract would look like, though they do so in the
– 17 –
Hinne Hettema: Networked, Nasty, Brutish and Short: A Social Contract for the Infosphere
Lockean tradition. They preclude certain forms of regime as illegitimate, because these
violate principle U in the sense that they could not be contracted into in a Lockean 'ideal
history'.
The basic ethical precepts of respect, consent and limitation of suffering are, I
believe, not part and parcel of the surveillance state. Choosing the alternative interpretation
of the social contract, the minimal ethical commitments that we must subscribe to in order
to arrive at a cyber social contract illustrate that the sort of governance that must regulate
our actions as cyber security professionals is precarious, never fully settled, and subject to
debate most of the time. The reason for this is obvious: the end result of the Lockean
bargain in the social contract is a set of negative conditions on the state: the Lockean
outcome specifies what the state cannot be. This negative condition on the state is also at
play, I believe in the famous saying in the computer industry: 'when you have to choose
between freedom and security, always choose freedom'. Here 'security' is equated with the
Hobbesian, total surveillance state, and I believe the word 'freedom' exemplifies this
negative condition on the nature of the state.
We are sort of used to this kind of reflection since the IT industry is so fast moving,
and new technology is constantly challenging our assumptions and rules of yesterday.
There is also a large degree to which engineering decisions on the internet are indeed made
in an explicit – as opposed to a merely hypothetical – social contract. We would do well, I
believe, to continue that tradition of challenging and questioning.
So there are no easy answers. Our governance of the security state of the internet
has to focus on avoiding the lure of total surveillance, and focus on the positive values of
justice and fairness to people and their digital identities and creations. My personal
– 18 –
Hinne Hettema: Networked, Nasty, Brutish and Short: A Social Contract for the Infosphere
conviction is that the values embodied in the open source movement and the Gnu Public
License are somewhere close to that ideal. But it is also clear that the discussion will be
ongoing.
6 CyberWar
To conclude, I wish to make a few passing remarks about the topic of cyberwar. A recent
book by Thomas Rid entitled 'Cyber war will not take place' (Oxford University Press, 2013)
argues that the concept of a cyberwar – an all encompassing attack by Internet borne
malware that shuts down telephone networks, financial institutions, hospitals, power
generation, police and disaster response communications and networks, in other words,
something straight out of the script for a Hollywood disaster movie – is an enticing notion
that speaks to the imagination. Yet it also distracts from the reality of cyberwar.
Rid uses the framework of Clausewitz to argue that the events that to date have
taken in place cyber space, and the events that could conceivably take place, do not meet
the criteria for warfare. Clausewitz' three criteria for war are that it is violent, instrumental
and political in character. The reason, according to Rid, that the cyber 'war' argument does
not work is because it does not meet any of these three criteria particularly well. Firstly,
cyber war tends to reduce instead of increase violence. In the words of Rid, we are
currently witnessing a 'computerenabled assault on violence itself' (p. xiv). [...] 'Violence
administered through cyberspace is less direct in at least four ways: it is less physical, less
emotional, less symbolic, and, as a result, less instrumental than more conventional uses of
political violence' (p 12).
– 19 –
Hinne Hettema: Networked, Nasty, Brutish and Short: A Social Contract for the Infosphere
Instead, Rid argues, cyberspace is particularly suited to three types of operations that
fall short of war in the sense of Clausewitz: specifically sabotage, espionage, and
subversion.
From the perspective that I have developed here, Rid's argument is somewhat
problematic. A first problem is that Rid's theory, through its connection to Clausewitz'
criteria, seems limited to belligerent acts from nation states. Rid's argument does work to
some degree in cases where the actors are nation states. However, in the information rich
ecosystem that makes up the Internet we have many different social communities that
could conceivably 'go to war' with each other for the sort of reasons and with the sort of
means that Clausewitz mentions: violent, instrumental and political. They are just not
nation states.
This limitation on Rid's argument is pertinent for most of us, who are working as
cyber security people for organisations that are not nationstates, but sometimes feel that
we are in a state of war.
We could conceivably replace Clausewitz' criteria for belligerent action with another
set of criteria, the socalled 'just war theory', which was primarily developed much earlier
by Augustine and Thomas Aquinas: instead of conceptualising war as a violent extension of
a normal political process of deliberation between nation states, 'just war' criteria are
primarily focused on reasons for war between societies based on religious conviction and
divine command. In brief, Aquinas' conditions for just war focus on proper authority,
proper purpose, and an aim to establish peace.
Without going into much more detail, it seems to me more likely that just war
considerations can be applied to cyber war as opposed to Clausewitz' notion of war as one
– 20 –
Hinne Hettema: Networked, Nasty, Brutish and Short: A Social Contract for the Infosphere
extreme of a political process: they are more sectarian, less political, more fractured, and
allow for a greater range of operations. They are also closer to what I believe we are seeing
on the internet, especially in the form of hacktivism.
Provided we solve the main problem I have considered here, the construction of a
social contract for the infosphere, it seems to me that warlike operations against extended
digital personae are indeed possible and under certain circumstances justified. If we
approach these from the just war perspective, the focus must be on authority and purpose,
and these two are clarified by a social contract process.
7 Conclusion
I hope to have made it at least somewhat plausible that philosophers and cybersecurity
people have a lot of interesting topics to discuss. For us as cyber security people, it means
that we are entering an interesting, reflective, phase of our profession. We should not make
the mistake to think that this phase will be a private phase, however. It will be very messy,
very public, and very heated.
– 21 –