Towards the social design approach to information security


Akira UENO
The Institute for Future Society / Doctoral Course,
Tokyo University

Faculty of Letters
Chiba University


1. Introduction
The 21st century is destined to see one global information society, where the social infrastructure heavily depends worldwide on intelligent communication network systems hooked to and being hooked by millions of host and client computers, visible or virtually invisible. But it is obvious that we are threatened as well as served by information technology in terms of the security of future society.

Social impacts, good or bad, of technologies in the past were dealt with by way of social institutions, legal measures etc only after those impacts turned clearly visible. The new way of thinking in relation to the social impacts of information technology is, therefore, start from the designing of the social environment in which to apply the achievements of information technology. We call this new way of thinking “social design approach.” It will be stressed that the research strategy that systematically combines the humanities and social science with the development of technology will be in order.

2. Information security from a “pragmatic” point of view
The social environments in which the system is used can be analyzed in 4 different levels: individuals, corporations, society and international society.

At the level of individuals, security means safe living with all reasonable rights respected. It has been already realized that the humanly reasonable rights have to be protected, and there have been so many proposed “technological” solutions. But it is to be noted that even encryption technology is to be used by humans in society. Here comes in the “pragmatic” point of view, which would show that paying attention to humans, namely human ethics, psychology and sociology, makes sense.

At the level of corporations, security means the stability of companies, schools and such organizations. They have different principles according to which to incorporate and administer them. Paying to human side of the use of information technology is important, because it provides the principles which would help install appropriate guidelines and policies the members of corporation will voluntarily follow. At the level of society, it is important to realize that the infrastructure of nations and countries is already being made heavily dependent on information technology. It is the social system at large, not the technology with which to run the society that has to be designed when it comes to the security of society. Needless to say, that requires huge efforts from social sciences including politics, sociology and economics.

At the level of international society, the importance of the Internet is the focus. The technical nature of the Internet in which bilaterally connects the networks across the borders of conventional nations makes it difficult to think consistently of the changes taking place in electronic commerce, on the one hand, and cyberterrorism, on the other.

3. Research targets
With the above four levels of information security in mind, we propose 5 broad areas of research and development. All the areas have different balances of stress between research and development.

The first area focuses on ethics and norms, and people’s consciousness thereof. For one thing, the nature of human rights and their meanings must be reconsidered. For another, there are questions about the theoretical and practical validity of conventional concepts. Education obviously plays an important role, so the contents and methods of educating young people about information security are surely important.

The second area focuses on the principles that support the corporations and societies to install policies on the use of information technology with special attention to the security aspects of the system. Laws and formal, legal measures are, in a sense, too slow keeping up with the advance of technology, so corporations have to set up their own codes and policies in order to be socially accountable and guarantee information security. As a research target, this area is a junction between information technology and social sciences, so the collaboration of the two fields is expected to result in practical advices, guidelines and instructional methods in a variety of corporations.

The third focuses the analysis and control of the psychological and sociological aspects of humans in information society. The dramatic change in the scenes of communication characterized by the Internet and WAP terminals allegedly affect the way humans interact and communicate with each other and the way humans think of other people and machines.

The fourth tries to explore the economic and political aspects of information society by simulation and conceptual analysis. The society must be defended from various kinds of catastrophes expected to take place from malfunctioning the information infrastructure. We need to find out the possible patterns of catastrophe in information society and design a society in which relevant parameters are agreed to controlled by the members of societies.

The fifth, and the most difficult area, of the study concerns the international and global aspect of information society. The borderless nature of the Internet has already revealed the difficulty of handling the conventional conceptual division between nation and international society. E-commerce surely needs international collaboration. Policy makers and diplomats may negotiate and agree on certain things, but scientific and academic underpinnings have been supplied.

4. Methodologies
The division of research areas proposed above come from the keen realization that, in designing an information society with reliable and realistic information security, the scientifically justifiable research program has to take an “bird’s eye view” for the future of the society. It has to take society and technology in view and design both of them simultaneously and conjointly.

All this lead to a methodological principle to the effect that the social design approach to information security requires the integration of engineering and arts, that is the humanities and social sciences. The merge of the totally different methodologies from different backgrounds is no doubt hard, but the efforts will surely result in concrete proposals to the future society that enhance the security of society.

It has been generally agreed that the social design approach can be a unique contribution from Japan to the whole area of information security research.