Send message to Author

Short abstract:

This paper examines security vulnerabilities in digital infrastructures as an object for STS analysis. I argue that the analysis of vulnerabilities can advance our understanding of dynamics of maintenance and repair in digital infrastructures, and prompts new thinking about the nature of function.

Long abstract:

Security vulnerabilities are items of off-specification functionality, invented uses of digital technology that transgress what a system should do. To maintain security promises, custodians of digital infrastructures must be responsive to a constant flow of information and uncertainty about new vulnerabilities, their impacts and possible fixes. For STS, security vulnerabilities provoke questions about the nature of functionality in digital systems. The case of Rowhammer, a bug with DRAM serves as an illustration (Spencer 2021).

Security vulnerabilities have a hybridity familiar to STS: they are simultaneously physical (making things happen that should not happen), conceptual (falsifying promises made in design specifications), and social (upsetting ‘contracts’ between groups of people). They emerge from a complex ecology: sought out by research groups, technology companies, freelance bug hunters, criminal organisations and state security services, they are communicated intentionally through responsible disclosure, reported in the media, or unintentionally through leaks or forensic analysis of cyber-attacks, and eventually resolved through modifications, replacements or additions of components.

Received understandings of the dynamics of stasis in technical systems have been challenged by a wave of new research in repair and maintenance (e.g. Jackson 2014, Houston 2014, Denis & Pontille 2014). Security vulnerabilities help push this discussion forward in (at least) three ways: they require an emphasis on the invention of malfunction, their analysis benefits from engagement with engineers’ own theories of sociality (e.g., ‘Conway’s Law’), and they encourage engagement with interdisciplinary debates about the nature of purpose and function (e.g. Babcock & McShea 2021, Deacon & García-Valdecasas 2023).

Send message to Author

Long abstract:

In the last six years, Indian-administered Kashmir has emerged as one of the most Internet-censored regions in the world. Here, the state controls and regulates technological and social components of the Internet, a key infrastructure of our contemporary times, thereby impacting almost all aspects of life. Internet blackouts, slowdowns and other curbs earn the region the title of ‘the internet shutdown capital of the world’ (Rafiq, 2019). While infrastructures are perceived to have the ability to blend in our lives and recede into the background, and breakdowns are seen as rare occasions when they draw attention, the Internet infrastructure in Kashmir turns perpetually visible due to clampdowns by the state. Unlike infrastructural failures or accidents, these breakdowns are a part of a well-thought-out process to deny people access to an infrastructure (here, the Internet) and practices that run on this infrastructure. Taking Kashmir as a case study, in this paper, I analyze the dynamics of these breakdowns and put them into dialogue with existing ideas of ‘breaking down’ in infrastructure studies. The paper explores the following: What do constant well-thought-out breakdowns of the internet infrastructure in Kashmir reveal about the working of infrastructures? How do these breakdowns align with or challenge the existing notions of the working of infrastructures? How does life unfold in the region amidst constant internet breakdowns and in the backdrop of an ongoing armed conflict spanning over three decades?

Send message to Author

Long abstract:

This proposal studies the maintenance of digital systems operated by autonomous indigenous communities in Oaxaca, Mexico, nominally framed as technological autonomy (Baca-Feldman et al. 2021). This proposal considers maintenance not simply as material restoration, but as a fundamental rethinking of architectures (Jackson 2014). It brings these perspectives into conversation with infrastructure centred security studies work (McClearn et al. 2023), exploring maintenance as a form of security, aligned to the preservation of certain value orders.

This proposal will centre its analysis on Santa María Yaviche, an autonomous rural Xhidza community situated in the mountains of the Sierra Juárez. Drawing on fieldwork-based observations and interviews with NGOs including FUSAMPIAAC, an NGO based, established and run by members of the community, this proposal considers processes of technological appropriation in Yaviche: from community radio, to telephony, intranet, television, and Starlink. It investigates everyday workarounds and the aesthetics of technological autonomy, considering how maintaining this resilient, yet fragile, multi-layered ecosystem, generates certain forms of security and insecurity.

Baca-Feldman, Carlos, Daniela Bello López, Alejandra Carrillo Olano, Daniela Parra Hinojosa, and Alma Patricia Soto Sánchez. 2021. Technological Autonomy as a Constellation of Experiences: A Guide to Collective Creation and Development of Training Programmes for Technical Community Promoters. Association for Progressive Communications.

Jackson, Steven J. 2014. ‘Rethinking Repair’. In Media Technologies: Essays on Communication, Materiality, and Society, edited by Tarleton Gillespie, Pablo Boczkowski, and Kirsten Foot, 221–39. The MIT Press.

McClearn, Jessica, Rikke Bjerg Jensen, and Reem Talhouk. 2023. ‘Security Patchworking in Lebanon: Infrastructuring Across Failing Infrastructures’. arXiv.

Send message to Author

Long abstract:

"The cyberattack forced the hospital to switch to fax," read a front-page article in Dagens Nyheter, in Sweden, on February 11, 2024. Three individuals sent it to me. For the past 6 months, I have been studying the fax, a neglected yet fundamental object of digital infrastructure of the welfare state.

As a socio-technical and socio-legal assemblage at the intersection of dismantling of the copper network and the emergence of the digital welfare state, the fax machine constitutes a crucial part of a critical data infrastructure of the Swedish welfare state. Although there are as many as 4000 faxes in daily use in healthcare only, Sweden is one of the last places one would go looking for a fax. A mega digital infrastructure, SDK, proclaimed to be the ‘fax-killer,’ raises renewed questions about whose accounts of security are mobilized for the digitalization of the welfare state infrastructure.

In this study, I draw on interviews with public administration employees about fax’s role in the digital infrastructure of the welfare state. In combination with textual analysis of digitalization and IT policies, I unpack the multiplicity of stories of security in the digital infrastructure of the welfare state.

How can the fax help us understand how datafied security is imagined in the welfare state? Whose digital security is included in these imaginaries, and who is doing the imagining? Expanding on Power et al’s (2022) conceptualization of shadow care infrastructures, the fax emerges as a shadow (digital) security infrastructure of the datafied welfare state.

Send message to Authors

Long abstract:

When a device is broken or outdated, we are at a crossroads: to repair, recycle or discard? Different affordances and valuations come into play: consumer autonomy, competitive advantage, sustainability, availability of time and financial resources, longevity of parts, available infrastructures for recycling, etc.

An additional valuation type follows from the increasing use of semantics of life and death in relation to smart devices. If a smartphone, laptop or robot vacuum stops working one could say it “died”. With adaptive learning capacities, these semantics become even more pervasive. A consumer and a device (such as a companion robot) can develop an individualized relation over time.

According to the waste hierarchy underlying EU policy repair trumps recycling. Especially in the case of smart electronics this simple hierarchy can get muddied. Is it worthwhile to make a phone with hardware that can be repaired for decades if the period of software updates creates a tighter best before date? To offer a long period of software updates for a robot vacuum, if consumers are not committed to regular updating and are part of a culture desiring novelty? If the device depends on external cloud and software support that is no longer economically profitable? If designing a more repairable device increases production costs, decreases functionality, if parts could be recycled and “reincarnation” is easy because all software and data exist in the “cloud”?

We discuss the conceptual models and legal rights (Right-to-Repair) supporting complex valuations in deciding the death, life and resuscitation of smart devices.

Send message to Authors

Long abstract:

Food waste assemblages can be seen as ‘capitalist ruins’ (Tsing, 2015) that hold potential for a more sustainable and equitable food future. Food waste reduction apps aim to use this potential by preventing food from turning into waste. In this paper, we explore the case of an app that focuses on household food waste reduction and ask how and why its digital infrastructure failed. We first provide a short overview of current research on digital failure in ‘digital foodscapes’ and on ‘app glitches’ more broadly (Sörum, 2020; Goodman & Jaworska, 2020; Fuentes et al., 2021). We then introduce our case OLIO, a community-based sharing platform for food and other consumer goods that redistributes household surpluses for free. We have taken an (online) auto-ethnographical approach to study this app, including the app walkthrough method and semi-structured interviews (Hine, 2015; Light et al., 2018). By considering the digital infrastructures of OLIO as a platform for ‘ontological experiments’ (Bruun Jensen & Morita, 2015; Schneider et al., 2018), we attend to the tinkering and failing of infrastructuring. In our analysis, we show how the app, just like the food it hoped to save, came to perish in Switzerland resulting in a digital infrastructure ruin. We conclude by elaborating why the concept of ‘infrastructural encounters’ (Simonsen Abildgaard, 2023) is promising to look at these ontological experiments, as attending to infrastructural encounters sheds light on neglected local everyday practices and relations.

Send message to Author

Long abstract:

"Backdoors", covert vulnerabilities intentionally put into digital systems have been a contentious object in the realm of digital infrastructure. Remaining hidden, they enable or prepare for unauthorised access to the system. The concept of "backdoors" can be analysed as a discursive framing that morally condemns the deceitful practice of introducing vulnerabilities into digital systems. Illustrating with the infrastructure of secure communications, the "backdoors" framing has been utilised by cybersecurity researchers and cryptographers to resist exceptional access to encrypted services. Concerns arise that malicious third parties, including rival countries or international hackers, could exploit the vulnerability to invade user privacy. Underpinning this framing of "backdoors" is the logic that security is absolute and cannot be partially traded off. This clashes with the risk logic, which suggests that vulnerabilities in digital infrastructures can be managed and embraced through calculations (Aradau et al., 2008; Amoore, 2013). Following the security logic, I argue that securitization of digital infrastructure is triggered, as the threat of a "backdoor" has mobilised resistance in the name of digital security. This securitization aligns with the material-turn approach to securitization and conceptualises "backdoors" as a material-discursive construct (Aradau, 2010; Huysmans, 2011). In this paper, I examine the Jupiter Dual EC controversy as an empirical case and investigate the moments when a "backdoor" materialises, such as when a vulnerability is exposed and labelled as such, and when exploited, triggering insecurity to digital infrastructures. Ultimately, I seek to theorise the breakdown of digital infrastructures as a moment of insecurity.

Send message to Author

Long abstract:

The paper suggests contemporary maintenance and post-progress thinking (Denis & Pontille 2015, Tsing 2015, Danyi 2022) to advance the understanding of everyday computer security practices. Based on an ethnographic study of 30 companies, the paper presents dilemmas, compromise and disconcertments in handling computer security. Where resources are limited, trust is a key organizing principle and technologies are aging, computer security is good enough at best. Companies resort to “ordinary hope” (Jackson 2023) rather than solutionism: They hunt for floppy disks at garage sales, hang up posters, and make awkward exceptions.

Fragile Computing is suggested as an alternative to current concepts of computer security. What is fragile is not “bad”; an antique vase is not worth less because it is fragile, it is precious because of its fragility. Normativity multiplies in the realm of fragility (Denis et al. forthcoming). Attending to fragility is uneasy: It affects the one who cares and forbids executing simple judgment.

Danyi, E. (2022). Melancholy Democracy: Politics Beyond Hope and Despair. Habilitation submitted, Institute for Sociology, Goethe University, Frankfurt am Main.

Denis, J., & Pontille, D. (2015). Material ordering and the care of things. Science, Technology, & Human Values, 40(3), 338-367.

Denis, J., Domínguez Rubio, F & Pontille, D. (forthcoming) Fragilities. MIT Press, under review.

Jackson, S. J. (2023). Ordinary Hope. In Ecological Reparation (pp. 417-433). Bristol University Press.

Tsing, A. L. (2015). The mushroom at the end of the world: On the possibility of life in capitalist ruins. Princeton University Press.

Send message to Authors

Long abstract:

Our contribution focuses on the discrepancy between the narratives of major crises and collapses of digital infrastructures dominated by a discourse of constant securitization and the everyday maintenance work that is and must be done on the ground. Using an Austrian example in the domain of cybersecurity in logistics, we show that on the practical level, everyday disruptions and fragilities are prevalent and appear to stand in contrast to the securitization of digital infrastructures – a dominant discourse on the meso and macro level. This points to the need to include the ‘banality’, the notorious and continuous maintenance work into theories about socio-technical infrastructures and securitization. It is not only the major breakdown that makes individual components of infrastructures visible (which – so the common claim – usually should work smoothly). To the practitioners it is notoriously visible in their daily work through regularly occurring small breakdowns and glitches. This points to the need to consider infrastructures essentially as ‘fragile’ assemblages that require permanent attention, care, maintenance and cooperation from different actors. Due to its interconnectivity, socio-technical digital infrastructures have always been vulnerable, because it requires cooperation among many different elements. However, such a shift in conceptualization also means that we need to rethink our notions of how we understand “vulnerability”, “failure”, “disruption” and “normality” of functioning infrastructures. What can a logic of fragility look like that dispenses with an ideal notion of “functioning” and yet pays sufficient attention to what is considered notorious maintenance work in a fragile logic?

Send message to Author

Long abstract:

I examine the ethics and aesthetics of caring for and repairing digital infrastructure in so-called extreme environments, with an emphasis on the Arctic region. Drawing from fieldwork conducted in Greenland, I connect contemporary and historical aesthetic traditions of representing the Arctic to challenge a prevailing notion; that breakdowns of digital infrastructure are inherently more complex or challenging in ‘harsh’ Arctic environments.

While existing scholarship in STS has explored the mundanity of maintaining and repairing digital systems in urban Western settings, breakdowns in the Arctic are invariably portrayed as uniquely daunting or exceptional. Beginning with practices in the Arctic telecommunication industry of telling stories about heroic acts of repair work and circulating images of frozen digital infrastructures. I reframe these contemporary practices within the 19th century aesthetic tradition of the ‘Arctic Sublime’, which depicted the Arctic as a place that was more vast, mysterious, and terrible than elsewhere on the globe – a region in which natural phenomena could take strange, almost supernatural forms, sometimes stunningly beautiful, sometimes terrifying, often both (Loomis, 1977).

Finally, I offer alternative examples of lesser-told stories about the everyday maintenance of digital infrastructures in Greenland and discuss the importance of conceptualizing and representing Arctic digital infrastructures as systems which not only call for and involve expensive, high-risk construction projects and heroic acts of repair (Denis & Pontille 2022), but mundane, ongoing care and maintenance.

Send message to Authors

Long abstract:

In the context of persistent breakdowns in digital infrastructure, this study examines the evolving paradigms of digital security models, specifically Distributed Trust and Zero Trust. Going beyond traditional perspectives about trust in computer science, the research elucidates their historical trajectories, unveiling a transformative shift towards recognizing human elements as crucial components in ensuring system security. The analysis highlights the broader implications of this paradigmatic transformation on the cybersecurity profession, necessitating a shift from a solely technology-centric focus to a comprehensive engagement with socio-technical mechanisms.

By comparing the trajectories of Distributed Trust and Zero Trust, this paper contributes to the discourse on resilient yet fragile digital infrastructures. It emphasizes the role played by security models as communicative and organizational artifacts in addressing unruly human behaviors and ensuring compliance with the system's security requirements. As a response to the panel's call for new forms of resilient digital infrastructures, this study presents empirical cases and conceptualizations that embrace the notion of digital infrastructures existing in a perpetual state of 'ruins'.

Indeed, both Zero Trust and Distributed Trust originate from historical experiences and widespread conversations in broader cybersecurity practitioner communities about the unreliability and failure of digital infrastructures. As such, they represent particularly valuable case studies for exploring the ethical dimensions of repair and maintenance. Additionally, this paper contributes to the panel’s call by probing discourses surrounding digitality and the deployment of theories of systems and control in discussions of reliability, security, and resilience.