Speaking at Royal Holloway

I’ll be speaking at the Information Security Group seminar at Royal Holloway on October 24th. This is especially exciting for me, as I’m getting to present some new research on PGP key servers, while at the same time getting to know new colleagues working on information security in the UK. Here’s the abstract for my talk:

The problem of making computing systems trustworthy is often framed in terms of ensuring that users can trust systems. In contrast, my research illustrates that trustworthy computing intrinsically relies upon social trust in the operation of systems, as much as in the use of systems. Drawing from cases including the Border Gateway Protocol, DNS, and the PGP key server pool, I will show how the trustworthiness of the Internet’s infrastructural technologies relies upon interpersonal and institutional trust within the communities of the Internet’s technical operations personnel. Through these cases, I will demonstrate how a sociotechnical perspective can aid in the analysis and development of trustworthy computing systems by foregrounding operational trust alongside user trust and technological design.

Speaking at the Digital Civil Society conference, Stanford

I’m excited to be have been invited to speak at a panel on the infrastructural conditions for digital civil societies at the Digital Civil Society conference, organised by Stanford’s Center on Philanthropy and Civil Society. I’m particularly looking forward to meeting so many other wonderful scholars whose work I have long admired.

Joining King’s College, London!

I’m delighted to announce that I’ll be joining the Department of Digital Humanities at King’s College London this September, as a Lecturer in Global Digital Cultures. The department has gathered a wide array of faculty, building connections across the humanities, the social sciences, and information technologies – a familiar environment for someone coming from an I School.

I’m excited to be joining my new colleagues to make sense of how these things we variously term “digital”, “information”, or “data” interact with the thing we term “society” – and I’m looking forward to hearing from old friends and new interested in these issues.

In my new position, I’ll be continuing my work on technical cultures, studying how sociotechnical relations of practice circulate within and across territorial and organizational boundaries to build and maintain the global infrastructure we call the Internet.

Or in short, studying the people who make the Internet go!

Speaking at the IETF’s Human Rights Protocol Considerations Working Group

I’m excited and honoured to be speaking on “Trust in Protocol Design” to the IETF’s Human Rights Protocol Considerations Working Group next week at IETF103. I’ll be talking about my research into the role of trust in the design and operation of the Border Gateway Protocol, and how my work might inform a human rights perspective on protocol design.

Update: here’s the video from the talk. My presentation starts at about 38 minutes in, but the whole thing is worth a watch.

Trust, Cooperation, and Learning in Information Security

I’m very happy to announce the publication of a report on my research into trust, cooperation, and learning in information security: “A Fragmented Whole: Cooperation and Learning in the Practice of Information Security”. You can read the executive summary here, and the full report here. Here’s the abstract:

Of the many problems faced by the field of information security, two are particularly pressing: cooperation and learning. To effectively respond to threats and vulnerabilities, information security practitioners must cooperate to securely share sensitive information and coordinate responses across organizational and territorial boundaries. Yet there are insufficient numbers of personnel who have learned the competencies necessary to build information security teams.

Current policy responses to these issues treat cooperation and learning as independent problems to be dealt with through institutional arrangements. In this view, cooperation may be enabled by industry associations or government agencies that act as hubs for coordination and information sharing; and learning may be addressed by appropriate degree and certification programs. In contrast, we argue that cooperation and learning in information security are fundamentally connected problems which must be addressed together.

Through ethnographic and survey research, we found that information security relies to a significant degree upon interpersonal trust relationships – rather than only institutional arrangements – for both cooperation and learning. The more sensitive the information to be shared (as is typically the case with novel threats and vulnerabilities), the more likely it is that cooperation will take place within tightly bounded trust circles, in which participants know and trust each other. Learning the more sophisticated competencies of information security relies upon access to these bounded social contexts, in which skills and knowledge circulate securely. In order to cooperate effectively and engage in more sophisticated learning, information security practitioners must build their connections to the interpersonal trust relationships that structure the field of information security. Our research indicates that institutional arrangements can provide the foundations for interpersonal trust relationships, but cannot substitute for them; just as interpersonal trust relationships cannot substitute for the functions that institutional arrangements offer.

Information security is a fragmented whole, composed of strongly bounded, sparsely connected trust groups and organizations that seek to ensure the trustworthiness of participants. We suggest a substantially different set of policy interventions to support cooperation and learning in information security, focusing upon building interpersonal trust relationships, as much as on building institutional arrangements. Our recommendations include suggestions for stronger information sharing communities, for building relationships between educational institutions and information security practitioners, and for supporting diversity.

Presenting at AOIR 2017

I’ll be presenting a paper at AOIR 2017 in Tartu, Estonia, as part of what promises to be an interesting session interrogating the metaphors through which we make sense of “the Internet”.

“For the Good of the Internet”: The Imagined Communities of Internet Infrastructure

The Internet is unusual among global infrastructures in the degree to which its operation relies upon volunteer work and contributions. In this paper, I explore the nature of volunteer work in Internet infrastructure through a focus on the provision of Internet Exchange Points (IXPs), which are physical locations at which computer networks interconnect to form the Internet. I draw from two years of ethnographic fieldwork as a volunteer with a non-profit IXP in the San Francisco Bay Area, SFMIX, to ask why it is that Internet infrastructure workers are willing to volunteer their time and money to provide services which could be provided as a for-profit offerings. I argue that volunteer work in Internet infrastructure is made possible through the ideal of acting “for the good of the Internet”. I build on Markham’s analysis of metaphors of the Internet, and Anderson’s notion of “imagined communities”, to show how acting “for the good of the Internet” functions as a way of being for Internet infrastructure workers, and serves to construct a political consciousness that allows them to imagine themselves as being part of a global community which acts “for the good of the Internet”.