Sometimes it is useful to go through one’s notes made at opportune moments, that were never transformed into papers - here are a few of my thoughts on the concept of cyberrisks:
When during the summer of 2003, entire network servers were being corrupted by the so called ‘blast worm virus’, it became clear that especially network systems running on windows 2000 and NT were vulnerable to such attacks. What was more telling was that even though the worm could be identified, its elimination proved a lot more difficult because it relied on local interventions by individual users. It took almost a week before many systems were able to overcome their dependence on single individual points. This highlights that the strength of any system of security is defined by the weakest link; and this makes any form of risk management vulnerable.
Ever since the earliest beginnings of computer networking there have been concerns about system integrity and security (e.g. the hacking of passwords). Although these issues have not all disappeared, the whole notion of system integrity took a radically new turn in the mid 1980s with the arrival of so-called ‘computer viruses’ (e.g. Lundell, 1989). Computer viruses are inherently different types of risk to that of hackers. The latter are always inherently intertwined with boundaries and issues of access and are whole dependent upon their enactment by human beings; the former are a distinct life form, that have the potential to create their own mutations and interventions. In short, they are non-linear risks.
As Nigel Clarke (1997) wrote, non linear risks are capable of causing ‘run away events’, with potentially catastrophic consequences. It is this apocalyptic scenario that is being used by computer risk experts to develop complex schemes and technological systems designed to protect system integrity, whilst continuing to orient the logic of network computing towards maximising speed, convenience and smoothness. Firewalls, system scans, and increasingly elaborate techniques of isolating and quarantining ‘suspect files’ have all become part of the technological assemblage of network computing. Risk-awareness is now an essential part of computer literacy.
In drawing on the trope of AIDS, the technological assemblage of safe computing is completely immersed in a sexualised virology of immune systems. This has inadvertently led to an expansion of symbolic associations between networking and the free flow of sexual interactions. Openness, speed, casual encounters and the hidden risks they potentially carry, have turned network computing into default sex machines. Just as sexual desire is seen as ‘natural’, the desires for speed, convenience, compatibility, openness and access are equally naturalised within the expanding domain of the trope. IBM/Microsoft’s incessant urge for standardisation then becomes the corporate conductor of a new normativity of computing technology.
Understanding risk as a pivotal part of computer literacy is thus not just a matter of acquiring technical know how, but also normative know how. Just as abstinence is being ridiculed as an effective strategy against AIDS, so is ‘opting out’ of computer networking seen as a non-starter. Yet, in the junctural zones (Ryan, 1997) of computer networking; e.g. web boards, file sharing systems, email etc., we would be foolish to simply rely on technological fixes to get by. In fact, we are constantly told to be vigilant, to avoid downloading suspect files that may have crept through our collective defence systems etc. That is to say, network computing safety does imply the possibility to risk management failure; the immunity it seeks to provide is not perfect.
The specific expertise of network computing security appropriates the trope of immunity in the same way that sexual health expertise has appropriated AIDS. It is a means by which a new system of technological normativity can be developed, expanded and imposed upon those who wish to obtain access to the network. In Foucault’s terms, it is a disciplinary apparatus. As opting out is not an option, we have no choice but to embrace the ambivalence between smoothness and vulnerability and submit ourselves to the subpolitical dispositif of computer risk management.
However, a few crucial questions remain unanswered: First, what aspects of cyberrisks are not missed out within the trope of immunity? For example, just as the subpolitics of AIDS sees disease as infectious and acute and thus becomes blind to the more insidious aspects of aggressive symbiosis (e.g. chronic diseases), so does the knowledge of computer viruses limit our concerns to immediacy, short term shocks and dramatic and spectacular breakdowns. But what about the slow and nagging forces at work in our computing systems? Why is the virological phenomenology so ill adept at conceptualising these? Second, what about intentionality and motivation? Computing security relies almost exclusively on a notion of a lone hacker, who – merely for the fun of it – seeks to undermine system integrity and cause havoc. This, however, is merely one notion of malefice and one that seeks to deny the existence of a more radical and apocalyptic intentionality. As a result, we tend to see cyberrisks as a deficiency – a lack of system integrity, a lack of appropriate safety valves; yet what if cyberrisks are also an efficiency, a positivity or ‘radical evil’ that reveals something far more fundamental about human nature, that the only thing that the human being can claim to have created on its own turns out to be a purely destructive entity.
This entry was posted Monday, January 16th, 2006 at 4:07 pm and is filed under Uncategorized.
You can leave a response, or trackback from your own site.