Cyber Security as Social Experiment

Lessons from previous experiences are often overlooked when deploying security-sensitive technology in the real world. At the same time, security assessments often suffer from a lack of real-world data. This appears similar to general problems in technology assessment, where knowledge about (side-)effects of a new technology often only appears when it is too late. In this context, the paradigm of new technologies as social experiments was proposed, to achieve more conscious and gradual deployment of new technologies, without losing the ability to steer the developments or make changes in designs. In this paper, we propose to apply the paradigm of new technologies as social experiments to security-sensitive technologies. This new paradigm achieves (i) inherent attention for the ethics of deploying security-sensitive systems in the real world, and (ii) more systematic extraction of real-world security data and feedback into decision making processes.