Rikke's Announcement Blog Post (Ethnography Focused)
14 Dec 2023Our grant application for the research project titled “Social Foundations of Cryptography” has received funding from the EPSRC. So, this is me saying a little bit about the project, who we are and what we hope to do.
To start us off: what really excites me about this project (besides the ethnographic work itself) is that we are bringing together ethnography and cryptography and asking each field to inform and transform the other. The typical interaction between the social and computer sciences (at least in the area of information security that I work in) focuses on their ‘applied’ sub-fields, where the norms and presumptions underpinning neither science are put at stake. Here, technological solutions are ‘only’ examined at the application stage, while fundamental design decisions are left largely unchallenged. The premise of our project, however, is that by allowing social science to interrogate established assumptions and norms in computer science, we can unlock innovation in the latter. We therefore ask ethnography to pose, and expose, foundational questions about cryptography itself, not simply about its applications.
The project is a collaboration between some pretty ace people: cryptographers Martin Albrecht (King’s College London) and Ben Dowling (Sheffield University), and ethnographers Andrea Medrado (University of Westminster) and, well, me! We will also be looking to expand our team with two postdocs and two PhD researchers in the near future. In fact, we will very soon be recruiting for a postdoc in ethnography, with a start date of 1 April 2024. The ad is not officially up yet but can be found on our website here. Please get in touch if you’re interested!
The core research aim of our project is to ground cryptographic security notions in findings produced through extended ethnographic fieldwork within a diversity of protest and activist settings. Concretely, we will be conducting extensive ethnographic fieldwork with participants of protests across multiple, international sites to establish how security is perceived, experienced, augmented and resisted among the groups under study. We will use what we learn from the ethnographic work to ask whether the security technologies that protesters and activists rely upon for their protection do indeed protect them, cryptographically speaking, as well as meet their needs and desires. We will also use what we learn from this work to critically evaluate the core assumptions relied upon in the mainstream cryptographic literature.
Now, why bother with actual ethnography when there is a long history of information security research that has relied on social science methods such as interviews and questionnaires to work out what people think about security and how they practice it; or when ‘rapid ethnography’, where the ethnography is limited to short-term participant observation most often in organisational settings, has successfully established itself in some branches of technology research. Indeed, such approaches would be much less time-consuming and, in many ways, more straightforward to put into action. However, for our project, they also fall short.
First, asking people about (their) security is distinctly different to experiencing and observing, through immersion in their lived environment and context, how they practice security and situate it within their daily social relations and interactions over extended periods of time. In other words, an ethnographic approach does not, as is the case in much usable security research, explore information security in isolation, but grounds it in its social reality. As Herbert told us decades ago, ethnography allows us to examine that which the groups under study take for granted and thereby revealing “the knowledge and meaning structures that provide the blueprint for action”. Put differently, ethnography allows us to learn that which people do not consciously reflect upon themselves. For this, ‘rapid’ approaches do not suffice.
To also borrow the words of Atkinson: “There is a world of difference between a commitment to long-term field research - spending time in one or more social settings, with a number of people as they go about their everyday lives - and the conduct of a few interviews or focus groups.”
The exploratory nature of long-term ethnography, grounded in fieldwork with and within the groups it aims to understand, is a key enabler in unlocking information security needs and practices as they transpire in people’s everyday lives. So we argue at least. For our project, ethnography enables extended explorations of, for example, what security looks and feels like for the groups under study; how security is experienced and voiced and how it is negotiated and shared between protesters; how security technology is used within activist groups and for what purposes as well as what security expectations are held within such groups and how they manifest in daily activities. Ethnography further allows us to explore and understand the contextual structures that govern and influence information security practices, facilitating a more comprehensive analysis of such practices as well as the security-related concerns and needs of the groups under study. This helps ground security notions in the actual (observed) experiences of people, over extended periods of time, rather than in how people articulate security practices, concerns and desires through, say, interviews, focus groups and/or surveys, when prompted.
For security, this distinction is particularly important as interview and focus group based studies (usually) rely on participants self-selecting to take part. This often leads to studies where participants have pre-established ideas of security or consider themselves ‘security conscious’. Qualitative studies with activist groups therefore also often only engage with IT security trainers linked to such groups, rather than primariliy with those who rely on the security of a piece of technology for their protection.
We say a bit more about the project on our project website, where we also introduce our civil society project partner and academic advisory board.