4.6 Politeness and Security

In current computing design, social requirements like politeness are considered to be “frills” that must take a back seat to critical requirements like security. Presumably when security is “solved” then, and only then, will designers get around to “non-critical” social requirements. In practice, this means they never will because the security war is endless, as every time security is upgraded hackers exploit another loophole, i a never-ending cycle. If history shows us anything, it is that there is no ingenious defense devised by humans that an ingenious attack devised by other humans cannot eventually circumvent. So security is an ongoing thing.

The premise that one requirement cannot be addressed until another is satisfied does not hold. If social requirements affect performance a they do, they must be addressed as well.Indeed they address the same problem as security does because they reduce people’s motivation to attack the community (Rose, Khoo, & Straub, 1999). Polite computing addresses a common cause of attacks — anger against a system that allows those in power to prey upon the weak (Power, 2000). Hacking is often revenge against a person, a company or the capitalist society in general (Forester & Morrison, 1994).

Politeness openly denies the view that “everyone takes what they can so I can too, and so diminishes the hacker ethic. A polite system can make those who are neutral polite and those who are against society neutral. Politeness and security are thus not alternatives, but two sides of the same coin of social health discussed in the next chapter. By analogy, a gardener defends his or her crops from weeds but does not wait until every weed dies before fertilizing. Politeness grows social health, and so it complements rather than competes with security.