Computer Security: Competing Concepts

Helen Nissenbaum,Batya Friedman,Edward Felten
DOI: https://doi.org/10.48550/arXiv.cs/0110001
2001-09-28
Computers and Society
Abstract:This paper focuses on a tension we discovered in the philosophical part of our multidisciplinary project on values in web-browser security. Our project draws on the methods and perspectives of empirical social science, computer science, and philosophy to identify values embodied in existing web-browser security and also to prescribe changes to existing systems (in particular, Mozilla) so that values relevant to web-browser systems are better served than presently they are. The tension, which we had not seen explicitly addressed in any other work on computer security, emerged when we set out to extract from the concept of security the set values that ought to guide the shape of web-browser security. We found it impossible to construct an internally consistent set of values until we realized that two robust -- and in places competing -- conceptions of computer security were influencing our thinking. We needed to pry these apart and make a primary commitment to one. One conception of computer security invokes the ordinary meaning of security. According to it, computer security should protect people -- computer users -- against dangers, harms, and threats. Clearly this ordinary conception of security is already informing much of the work and rhetoric surrounding computer security. But another, substantively richer conception, also defines the aims and trajectory of computer security -- computer security as an element of national security. Although, like the ordinary conception, this one is also concerned with protection against threats, its primary subject is the state, not the individual. The two conceptions suggest divergent system-specifications, not for all mechanisms but a significant few.
What problem does this paper attempt to address?