Computer Security and the Sociology of Risk
March 21, 2014
#research
At the heart of the discipline of computer security is the problem of risk: how to analyze and quantify risks that are for the most part invisible, intangible, and not immediately life-threatening; how to communicate risk to computer users, software developers, and policy-makers; and how to balance the costs associated with alleviating risk against other considerations such as ease-of-use, access, accessibility, and profitability. Although there is a large technical literature on risk in computer security, the principle focus of this literature is on the psychology of individual risk evaluation or on techniques for communicating risk to the public. But there is a large literature coming out of the history of science and technology that deals with the broader construction of risk as a social and historical phenomenon. As part of the forthcoming workshop on Computer Security History hosted by the Charles Babbage Center, I am developing a paper that situates the computer security in the larger context of what Anthony Giddens famously called “manufactured risk.” The goal of this project is to mobilize the social and cultural history of “computer hacking” and “cybercrime” (focused primarily on the period in the early- to mid-1980s when these phenomena for the first time received widespread media exposure) to inform contemporary strategies for engaging with risk in the context of cybersecurity. The paper is called From Whiz Kids to Cybercriminals: Emerging Narratives of Risk in Computer Security