- The History of Information Security: A Comprehensive Handbook
One indication that a new scholarly field is emerging is the appearance of conferences, journals, and books on that theme. Judged by these criteria, the history of information security still has a way to go, but not for any lack of effort by editors Karl de Leeuw and Jan Bergstra, who have produced a magisterial work.
Encouragingly, they define information security broadly as “the entire range of constraints deliberately built into any information system in order to restrict its use” (p. 3). Reflecting that expansive perspective, six sections cover: intellectual ownership (five articles), identity-management (four), communication security (nine), computer security (six), privacy and export regulations (three), and information warfare (one). Unusually for an edited work, the provision of a good index allows readers to peruse across articles, thus adding to their value.
The essays cover scientific publishing, patents and copyrights, security of documents, personal identification and privacy, cryptography (ranging from the Renaissance to the cold war), computer crime, export policies, information and warfare, and the security of documents, computers, and the internet. Unifying this big kettle of fish is the intertwined political and ethical shaping of security instruments and concomitant effects of security technologies on legal and political thought and action. As the essays demonstrate, rarely were the consequences of constraints (or their lack) considered before their application.
And the consequences were often profound. Future historians of information and communication technology need to realize that efforts to constrain information and technology were as important and common as efforts to diffuse. Here, the authors show that literature on the rise of the Information Society has paid inadequate attention to security. This is the equivalent of writing a history of space exploration without describing the role of the intelligence community and the military. It can be—and often is—done, but the picture painted is less than full. The history of seemingly familiar subjects looks different when viewed from the perspective of information security.
Of the thirty-three contributors, sixteen can be classified as coming from computer science/applications andmathematics, seven fromthe legal world, seven from history or sociology, and three as sui generis. This is a quantitative way of stating that the writers are primarily practitioners of this field, not its Boswell. Some of the writing is not necessarily the most gripping and a few articles suffer from the limitations of practitioners writing history. [End Page 262]
The editors have aimed for an audience not of historians but policymakers in government and industry. This is a call for political action by democracies, for policymakers to discuss and develop legal frameworks that can handle the challenges of twenty-first-century information security, challenges that the contributors show are not new but certainly growing. For contemporary and future historians, this volume will serve as an excellent overview of a field that truly is important, yet is too often subsumed as the province of technicians. Information, like war, is too important to be left to its practitioners. And the history of information security has vast depths of topics waiting to be explored.
The editors have produced an important work, although calling this 887-page, multi-pound behemoth a handbook is somewhat of an understatement. Alas, the high price is not and is guaranteed to restrict its sales to libraries and practitioners of information security. Policymakers and graduate students will not be reached. This is a shame because de Leeuw and Bergstra have convincingly defined their subject to encompass wideranging concepts of information security, demonstrated its importance, and laid the foundation for others to build on. [End Page 263]
Dr. Coopersmith is an associate professor of history at Texas A&M University.