Send message to Author

Short abstract:

This paper examines security vulnerabilities in digital infrastructures as an object for STS analysis. I argue that the analysis of vulnerabilities can advance our understanding of dynamics of maintenance and repair in digital infrastructures, and prompts new thinking about the nature of function.

Long abstract:

Security vulnerabilities are items of off-specification functionality, invented uses of digital technology that transgress what a system should do. To maintain security promises, custodians of digital infrastructures must be responsive to a constant flow of information and uncertainty about new vulnerabilities, their impacts and possible fixes. For STS, security vulnerabilities provoke questions about the nature of functionality in digital systems. The case of Rowhammer, a bug with DRAM serves as an illustration (Spencer 2021).

Security vulnerabilities have a hybridity familiar to STS: they are simultaneously physical (making things happen that should not happen), conceptual (falsifying promises made in design specifications), and social (upsetting ‘contracts’ between groups of people). They emerge from a complex ecology: sought out by research groups, technology companies, freelance bug hunters, criminal organisations and state security services, they are communicated intentionally through responsible disclosure, reported in the media, or unintentionally through leaks or forensic analysis of cyber-attacks, and eventually resolved through modifications, replacements or additions of components.

Received understandings of the dynamics of stasis in technical systems have been challenged by a wave of new research in repair and maintenance (e.g. Jackson 2014, Houston 2014, Denis & Pontille 2014). Security vulnerabilities help push this discussion forward in (at least) three ways: they require an emphasis on the invention of malfunction, their analysis benefits from engagement with engineers’ own theories of sociality (e.g., ‘Conway’s Law’), and they encourage engagement with interdisciplinary debates about the nature of purpose and function (e.g. Babcock & McShea 2021, Deacon & García-Valdecasas 2023).