In Information Security as in all other areas of IT, the order of the day is how to overcome the metaphysics of the object, in other words, the view that “everything is an object” (or that everything is representable as an object).
In reading Heidegger we can find not only excellent avenues of thought, but also very precise anticipations of what the world of technology has come to be. One particular aspect caught my attention recently when reading the text “Overcoming Metaphysics,” the fact that the object-centric view (which I prefer to call techno-centric) ends up eroding the power, the freedom and the understanding of the technology practitioner. To assess this, consider how programmers and architects are constrained by programming languages and their corresponding environments. What cannot be done in a “language” becomes invisible, or “opaque” as Heidegger writes in the following passage:
“Technology as the highest form of rational consciousness, technologically interpreted, and the lack of reflection as the arranged powerlessness, opaque to itself, to attain a relation to what is worthy of question, belong together: they are the same thing.”
( This and subsequent fragments are taken from “Uberwindung der Metaphysik,” by Martin Heidegger, text from 1936-1946. Translated by Joan Stambaugh.)
In the same study, we find even stronger criticism of the fundamental driver of Western Metaphysics, of the sort we find in “programming language” design and the whole mythology articulated in this area. In this direction, Heideggeer also anticipates the negative effects of self-guaranteeing schemes, for example engineered “languages” which have no other coherence than their own empirically chosen, arbitrary designs:
“In this self-guaranteeing of the will to will, the primal being of truth is lost. The correctness of the untrue has its own irresistibility in the scope of the will to will. But correctness of the untrue which remains concealed as such is at the same time the most uncanny thing that can occur in the distortion of the being of truth. What is correct masters what is true and sets truth aside. The will to unconditional guaranteeing first causes ubiquitous uncertainty to appear.”
This insight also has relevance in the much-discussed problem of the seemingly unlimited number and variety of programming languages (each more or less arbitrary and incomplete), because in the techno-centric metaphysical world there is no possible external truth (not even a mathematical truth) that may overcome and subdue the engineering and mercantilist choices that are made day by day by the industry. Or, put more comprehensively:
“Here there belongs to it [to the will-to-will] the ubiquitous, continual, unconditional investigation of means, grounds, hindrances, the miscalculating exchange and plotting of goals, deceptiveness and manoeuvres, the inquisitorial, as a consequence of which the will to will is distrustful and devious toward itself, and thinks of nothing else than the guaranteeing of itself as power itself.
“The aimlessness, indeed the essential aimlessness of the unconditional will to will, is the completion of the being of will which was incipient in Kant’s concept of practical reason as pure will. Pure will wills itself, and as the will is Being. Viewed from the perspective of content, pure will and its law are thus formal. Pure will is the sole content for itself as form.”
My aim is to show how this “miscalculating exchange and plotting of goals” is present in such a way that precludes programming languages (so far) to deliver authentic Information Security from the bottom up; a situation which opens up a continuous, ubiquitous, unconditional space for organisational security, i.e. human-centric (non-mechanical) security practices, precisely the sort of thing that the super-technological world promised to eliminate.