Security goes to ground: on the applicability of SecurityEntrepreneurship to Grassroot Activism

Shamal FailyComputing Laboratory,University of Oxford

Wolfson Building,Parks Road,Oxford UK OX1 3QDshamal.faily@comlab.ox.ac.uk

ABSTRACTDesigning security for grassroot movements raises severalchallenges not particular to the organisations that conven-tional approaches to security design cater for. Drawing onanalogies between Social Entrepreneurship and GrassrootActivism, adopting an entrepreneurial approach to securitydesign may lead to security design decisions which are bothin-tune with a grassroot movement’s aims and cost effec-tive. This position paper considers the applicability of Secu-rity Entrepreneurship for security design in grassroot move-ments. Using a SWOT analysis, we discuss the strengthsand weaknesses or this approach, before considering exter-nal threats and opportunities arising its prolonged adoption.

Author KeywordsSocial Entrepreneurship, Security Entrepreneurship, User-Centered Design

ACM Classification KeywordsK.6.0 General: Economics

SECURING THE GRASSROOTSGrassroot Activism raises two unique challenges for the de-sign of security to protect its interests.

First, security design approaches are geared towards large,well-funded organisations. In contrast to grassroot move-ments, such organisations have the time and resources to payfor dedicated security staff, and the supporting infrastructureneeded to ensure their interests remain protected as the or-ganisation grows, and the environment around it changes.

Second, from their initial inception, some movements willbe construed as a threat. While security proponents arguethat security should be designed into any system from its in-ception, it may be unrealistic to expect all nascent grassrootmovements to simultaneously think about their causes andpossible threats to their existence. Unfortunately, withoutdeveloping an appreciation of the threat landscape surround-

ing a movement, security decisions may be over or under-commensurate to the risks it faces.

Many of the security problems faced by conventional organ-isations arise because security is considered to be a productthat can be simply purchased and bolted-on to an organi-sational infrastructure. Moreover, when security chafes theability of staff to be innovative, attempts will be made to cir-cumvent security. The knee-jerk reaction of security admin-istrators in such instances is to treat users as miscreants. Thenegative impact this can have on morale and productivity incommercial organisations is damaging, but not fatal. At agrassroot level, however, such behaviour could de-motivatevolunteer activists from contributing to a movement alto-gether.

As Bruce Schneier states, security is a “process rather than aproduct” [10], and configuring this process for any organisa-tion involves more than simply installing software on a PCor a network server. However, there are no obvious solutionsfor what such a process might look like for small, grassrootmovements. Moreover, what might be a reasonable securitystrategy for one movement might be completely inappropri-ate for the problems faced by another.

FROM ACTIVISM TO SECURITY ENTREPRENEURSHIPPrevious work [11, 5] has linked Grassroot Activism withSocial Entrepreneurship, although, as Stryjan [11] notes, theseanalogies may not be immediately obvious. A succinct defi-nition for what Social Entrepreneurship is eludes us; Nichollssuggests that this might be the basis of its success, in thatSocial Entrepreneurs will exploit a variety of different toolsand techniques to maximise the creation of social value [8].In a talk given at Oxford last year, serial entrepreneur JerrySanders stated that entrepreneurs were successful becausethey “sell the dream”. However, fostering innovation is alsoa system integration problem, and many elements in a socialsystem need to be configured and re-configured if ideas areto have impact, and social capital is to be created.

Recent work has examined how the principles of Social En-trepreneurship can be used to design innovative security so-lutions. This has led to the new paradigm of Security En-trepreneurship: the application of innovation models andprinciples to organise, create, and manage security designelements to bring about improved system security [3]. Thiswork is motivated by the observation that situating securityattuned to the physical and social contexts it needs to operate

1

Figure 1. Site Authenticationware Chindogu

in is akin to solving a wicked problem [9]; this is because ofthe lack of clarity about what it means to secure a system, oreven test that a system is secure. We have specifically drawnthree analogies between Security and Social Entrepreneur-ship:

• Both approaches deal with problems with a social context.

• The value propositions nurtured by both approaches aredesigned to empower under-served or neglected commu-nities.

• The success of both innovations is marked when tradi-tional organisations attempt to enter the hitherto ignoredmarket.

SWOT ANALYSISTo examine the applicability of Security Entrepreneurship tosecurity design for Grassroot Activism, we have carried outa SWOT (Strength, Weaknesses, Opportunities, and Threats)analysis of this position. We first consider the strengths andweaknesses associated with adopting this approach, beforediscussing possible external opportunities and threats asso-ciated with its prolonged adoption.

StrengthsSecurity Entrepreneurship is built on Technology and So-cial Entrepreneurship principles, many of which underpinthe growth philosophy of grassroot movements. Many suc-cessful innovation models can be repurposed, leading to in-novative security which can be both situated to the needsof the movement and are cost-effective. In [3], we demon-strated how existing work on Social Network Theory can beused to re-configure the social network in an organisation tooptimise the flow of information in a particular security ac-tivity. We also showed how Value-added Chains could beused to model how disruptive security controls might be todifferent stakeholders on a project.

We have also found that Security Entrepreneurship can in-form security design using techniques from the HCI vernac-ular. In a recent case study, we discovered design criteriafor security controls in water-treatment plants based on ob-servational data, and artifacts commonly found in the en-vironment where the controls would need to be situated in.These artifacts were used to fashion a Chindogu: an inge-nious gadget which may seem like an ideal solution to aproblem, but introduces so many new problems that it ef-fectively has no utility [6]. Figure 1 (left) illustrates the SiteAuthenticationware Chindogu we developed as a “solution”to the problem of unusable two-factor authentication. Us-ing the literary device of Defamiliarisation [2], we uncov-ered the affordances of the Chindogu using an ontology chart(Figure 1 (right)) and discovered vulnerabilities which mightarise when building controls for this environment. Theseinsights led to innovative usability design criteria for secu-rity controls that would make them usable by plant operatorsand technicians. Our rationale for developing a control as aChindogu rather than a more useful prototype is that buildingan artifact which looks useful but is deliberately designed tobe useless is unorthodox to most engineers, and demandscreative thinking. Breaking from conventional orthodoxy isuseful for viewing the artifact from an unfamiliar standpoint.

WeaknessesWhile Security Entrepreneurship can complement participa-tory design approaches, it is more contingent on the role ofthe entrepreneur than participatory approaches are on therole of the facilitator. Similarly, while traditional designleads might be focused on conceptual integrity, the entrepreneuris opportunity-centered. Specifically, the Security Entrepreneuris looking for opportunities for system insecurity, before ex-ploring solutions for dealing with them, and re-configuringthe system to remove the insecurity. Indeed, [3] suggeststhat what distinguishes the entrepreneur from other designroles is that, rather than working within the confines of aparticular scope, an entrepreneur is prepared to re-configurethe world around him to ensure the environment shapes a de-

2

sign, rather than vice-versa. Although this mind-set is eman-cipatory and makes the design of security a pro-active ratherthan re-active process, it is also unorthodox and, therefore, apossible cause of contention during the design process.

A further weakness relates to the Security Entrepreneur’srole as an agent of change. [3] suggests that the disruptiveinnovation these entrepreneurs generate may lead to an in-novation design dilemma, where the diversity caused by ap-plying innovation techniques leads to conflict that hampersthe implementation of the innovation [4]. For this reason,we need to consider how suitable different grassroot organi-sations might be as a context for this kind of intervention.

OpportunitiesFrom a research perspective, Security Entrepreneurship at agrassroot level may lead to important insights into how secu-rity can be better designed. Because grassroot organisationshave fewer resources than most organisations for designingsecurity, it is precisely the eco-system that can stimulate in-ventive ideas for solving common security problems. By ap-plying Security Entrepreneurship techniques, we can betterunderstand what sort of environmental changes are neededto make sure these ideas have impact.

For security research, disseminating innovation arising fromSecurity Entrepreneurship interventions would be analogousto social innovation in the developing work leading to newinsights into Social Entrepreneurship theory. For example,Leadbeater’s theory of Structured Self-Organisation [7] wasinspired by successful city-wide waste recycling and cityplanning social enterprises in Curitiba, Brazil. These en-terprises relied on values such as collaborative engagementand a pragmatic working philosophy. These values are notincompatible with grassroot movements, nor are they incom-patible with the design of security.

ThreatsWithout applying Security Entrepreneurship in practice, wecan only speculate what threats might arise to grassroot move-ments by adopting this approach. One particular threat, how-ever, arises from the notion of the Security Entrepreneur asa potential inside-attacker. In particular, what happens if aSecurity Entrepreneur decides to leave a movement and joinanother organisation with non-complementary aims?

From a security perspective, this could lead to disaster asthe entrepreneur’s privileged knowledge, coupled with hisinnate ability to shape the environment, could lead to newinnovations which might harm the movement. Moreover, aSecurity Entrepreneur may deliberately use innovation mod-els and techniques to scare other members of a movementinto making sub-optimal security decisions that benefit himin the future. Conversely, however, treating the entrepreneuras an outsider and gatekeeping his activities breeds an atmo-sphere of distrust, and stifles the spirit of innovation.

Because there is no easy solution for mitigating this threat,how Security Entrepreneurship might be used should be care-fully considered before it is applied. For this reason, [3]

proposes that Security Entrepreneurship should be evaluatedwithin the context of Action Research interventions [1]. Thisensures that a mutually accessible framework can be agreedbetween the movement benefiting from the intervention, andthe researcher fulfilling the role of a Security Entrepreneur.Moreover, the intervention also provides useful results aboutother threats the movement might be exposed to by this ap-proach.

CONCLUSIONGrassroot movements face a number of unique security prob-lems that conventional approaches to organisational securityare unable to deal with. Drawing on the analogies betweenGrassroot Activism and Social Entrepreneurship, this paperhas proposed Security Entrepreneurship as a security designparadigm for such groups. To explore its applicability at agrassroot level, we have examined Security Entrepreneur-ship’s strengths and weaknesses, and discussed consequen-tial opportunities and threats arising from prolonged use ofthis approach.

ACKNOWLEGEMENTSThe research described in this paper was funded by EPSRCCASE Studentship R07437/CN001. We are very grateful toQinetiq Ltd for their sponsorship of this work.

REFERENCES1. R. L. Baskerville. Investigating information systems

with action research. Commun. AIS, page 4, 1999.

2. G. Bell, M. Blythe, and P. Sengers. Making by makingstrange: Defamiliarization and the design of domestictechnologies. ACM Trans. Comput.-Hum. Interact.,12(2):149–173, 2005.

3. S. Faily and I. Fléchais. To boldly go where inventionisn’t secure: applying Security Entrepreneurship tosecure systems design. In Proceedings of the 2010workshop on New security paradigms, NSPW ’10,pages 73–84, New York, NY, USA, 2010. ACM.

4. J. Hobek. The innovation design dilemma: some noteson its relevance and solution. In K. Grønhaug andG. Kaufmann, editors, Innovation: a cross-disciplinaryperspective. Norwegian University Press, 1988.

5. M. Horwitch and B. Mulloth. The interlinking ofentrepreneurs, grassroots movements, public policy andhubs of innovation: The rise of cleantech in new yorkcity. Journal of High Technology ManagementResearch, 21(1):23–30, 2010.

6. K. Kawakami. The Big Bento Box of UnuselessJapanese Inventions (101 Unuseless JapaneseInventions and 99 More Unuseless JapaneseInventions). W. W. Norton & Company, 2005.

7. C. Leadbeater. The Socially Entrepreneurial City. InSocial Entrepreneurship: New Models of SustainableSocial Change, pages 233–246. Oxford UniversityPress, 2006.

3

8. A. Nicholls. Social Entrepreneurship: New Models ofSustainable Social Change. Oxford University Press,2006.

9. H. W. J. Rittel and M. M. Webber. Dilemmas in ageneral theory of planning. Policy Sciences,4(2):155–169, 1973.

10. B. Schneier. Beyond Fear: Thinking Sensibly aboutSecurity in an Uncertain World. Springer-Verlag NewYork, Inc., Secaucus, NJ, USA, 2003.

11. Y. Stryjan. The practice of social entrepreneurship:Theory and the swedish experience. Journal of RuralCooperation, 34(2):197–229, 2006.

4