This essay examines the evolving meaning of security as the word “securitas” in the Early Modern Era, from the Enlightenment through to where it intersects with the concepts of welfare and dignity. It is Track V of a longer concept album exploring what we mean when we use the word ‘security’ (and what it should mean).

You can find all the essays in the “When We Say Security, What Do We Mean?” concept album here:

A painting of a knight in shining armor holding freshly conquered servers. He is standing in pastel clouds.

The State and “Security” (Securitas)

Centuries passed and the relevance of the word securitas faded. Thomas Hobbes, one of the founders of modern political philosophy in the 17th century, was really the hype man for securitas to keep it from dissolving into disuse1.

Hobbes’ depicts the goal of securitas as the genesis and maintenance of peace, which, as we’ve already discussed, is quite unlike the cybersecurity status quo. Securitas is cultivated through alliances to make it dangerous for the remaining “all” to attack. Samuel, baron von Pufendorf2 emphasized the need for allies with a less cynical angle, arguing that an individual human needs companions to aid them in order to realize securitas (which perhaps foreshadows the concept of “social security”).

Are cybersecurity professionals today known for gathering allies? Quite the opposite. For instance, the relationship between developers and security pros seems to only be getting worse3. Traditional infosec strategy does not enforce security policy through cooperation, but through coercion.

To keep a long journey into Hobbes’ rather paranoid – and exceptionally cynical – perspective short, he ultimately proposes that a sovereign should be the one to guarantee securitas by doling out punishments for violating agreements, which requires subjugation of the ruled by the ruler.

Punishing humans who step out of line and requiring obedience to their rules – for the ruled to subjugate their other wants as secondary to the needs of the sovereign… is this not the playbook of traditional cybersecurity? It is the easiest option to pursue because eliminating or reducing hazards by design requires far more effort than demanding obedience. And if there’s one thing Homo sapiens love above all else, it is cognitive efficiency.

It is quite interesting that securitas was used as imperial propaganda during the Roman era to insist that the state was necessary and by Hobbes to insist that the state must subjugate its citizens. Does this tell us something about status quo cybersecurity? Or should we instead deem it “security imperialism”?

Security, Welfare, Dignity, and the Early Modern Era

A painting of a padlock clock that is exploding.

Around the same time Hobbes was slandering humanity’s nature and proposing the need for a strong-armed state (the 16th century), securitas also started to absorb a financial meaning: something pledged as a guarantee that an obligation would be fulfilled – that the debtor has no need to worry because something has been pledged against the debt.

In this colloquial meaning (which persisted for centuries), securitas is rooted in a feeling – that the lender doesn’t need to worry. And, similarly, we see a theme throughout the Enlightenment that the state should assure citizens that they do not have to fear violence, not just ensure that they are free from violence in their everyday lives. Basically, that the state has a duty to consider the feelings of citizens, not just protect them.

It is in this era and through the Industrial era that security starts to be seen as a human right, as an essential requirement for humans to enjoy all of the other rights. After all, if you’re the victim of violence (particularly a violent death) – or in a perpetual state of worry about it – it’s pretty hard to pursue liberty or prosperity.

Thus, over time, security evolved to mean a guarantee or assurance that certain things would be accessible to an entity – like “water security” reflecting the assurance that a human individual will have access to clean water on an ongoing basis4.

The temporal implication of this meaning is important: it is not just about having access to a thing (whether a physical good or an intangible value) now, but about the guarantee that you will have access to it in the future, too. Not just that you do not have to fear a violent death now, but that you do not have to fear a violent death in the multitude of possible futures on the horizon, either.

We can trace this notion through to the more recent “social security.” The term was coined on a whim because “pension” carried too much baggage to be palatable to a wide audience. So, they defined social security as a “type of security which would… promote the welfare of society as a whole.”5 (emphasis mine)

Thus, the purpose of security is to promote the welfare of a particular entity. Extending this, the purpose of information security is to promote the welfare of information, the purpose of computer security is to promote the welfare of computers, the purpose of cyber security is to promote the welfare of cyber things. While the last one may feel silly, there’s something important here: promoting welfare is not just about stopping threats.

What else is embedded in this purpose of promoting welfare? As we explored, dignity was tightly coupled with security during the Roman period and this association resurged with the concept of “human security," which arose from the rejection of Hobbsian state-centric security.

While the term’s precise meaning is still subject to ample debate6, a foundational facet of “human security” is respect: that a critical part of ensuring a human is secure is ensuring their humanity is respected. Because dehumanizing certain populations and stripping them of dignity is one of the ways authoritarianism cultivates power; it is how a society slips into fascism.

What, then, should we make of the fact that the infosec industry sneakily strips users – whether the accountant clicking on a link to wire money, the marketing professional who downloads a PDF, the developer who makes a mistake when writing code – of their dignity?

The disrespectful sneer is palpable in the designation of “human error” as the cause of incidents. Security awareness training requires users to remember dozens of rules that ignore the realities of their work on thing-clicking machines and implies that it will be their fault if something bad happens. There is no respect for their time, attention, intelligence, or autonomy.

To quote the legendary James Mickens, “This is uncivilized and I demand more from life.”

But imagine a world in which infosec programs prioritized respect as a core value of security! Respect for users’ private data; respect for users’ time; respect for users’ cognitive and emotional energy; respect for users’ pursuit of their priorities; respect for the organization’s pursuit of its priorities as a collection of users serving other users.

In fact, the term “users” may even be part of the problem. Users are abstract, faceless, behind a screen. It makes it easier to disrespect them and resent them for not supporting our own goals. It makes it easier to not see them as people, but as exploitable resources that either we control or attackers do. It’s perhaps harder to blame a sleep-deprived caretaker of a lover or child or parent who, just trying to do their job well enough to keep their health insurance, clicks on something designed to look urgent and important.

Blaming a “user” for being so careless as to click on an obfuscated link and enter in their VPN credentials on the malicious site makes it a more antiseptic affair. It makes us feel like it’s a more just world rather than a chaotic one – like the problem is a user stepping out of line rather than complexities conspiring towards compromise. This dehumanization makes it easier to absolve the ruler and deride the ruled – these “users” – who are simply resources towards our ends, ever holy, ever noble.

Continue with Track VI: What Security Means in the Information Society

Conclusion

You can find all the essays in the “When We Say Security, What Do We Mean?” concept album here:

The cover art for the album with the title: What do we mean when we say security? It depicts an island floating in a sky filled with rainbow and pastel clouds in shades of periwinkle and violet. The island itself is a paradise, a blend of fantasy and cyberpunk aesthetics. Lush trees blanket its ledges while waterfalls cascade from each ledge, frozen in time and resembling a beautiful digital glitch. It is meant to reflect the utopia we might achieve with our systems – our own islands – if we embraced the original meanings of the word security.

  1. Hobbes, with the benefit of hindsight and historical documentation, viewed the Peloponnesian War as a civil war among the Greek people. It seems at the time it was not perceived that way by Athens, its allies, or its enemies. The Persians were the starkest “other” throughout much of ancient Greek history, but by the time of the Peoponnesian War, the Persian “threat” was more like a distant, hazy shadow. Thus, the “other” from Athens’ perspective was other city-states, including its own allies who they feared would betray them (which they did, although “betray” perhaps is not the best characterization of the affair). ↩︎

  2. I promise I did not make this name up. ↩︎

  3. Bridging the Developer and Security Divide, VMWare, Forrester Research (2021) ↩︎

  4. UN-Water, 2013. Water security and the global water agenda—A UN- Water analytical brief . Hamilton: United Nations University. See also: https://www.unwater.org/publications/water-security-infographic/ ↩︎

  5. Social Security: Origin of the Term at https://socialwelfare.library.vcu.edu/social-security/social-security-origin-of-the-term/ ↩︎

  6. Christie, R., & Amitav, A. (2008). Human security research: progress, limitations and new directions (pp. 11-08). Working Paper. Centre for Governance and International Affairs. http://www.bris.ac.uk/media-library/sites/spais/migrated/documents/christiearcharya1108.pdf ↩︎