Tao and Cyber Security
May 19, 2025
- tags
- #internet
In guarding against thieves who ransack coffers, search through bags, and break open cupboards, people are sure to bind them with ropes and cords, secure them with clasps and hasps. This is what common opinion calls being wise.
But if a giant their comes, he will put the cupboard on his back, pick up the coffers, carry the bag on a pole over his shoulder, and run away with them, fearing only that the ropes and cords, the clasps and hasps may not be secure enough. This being so, is not he whom I just referred to as wise merely collecting things for the great thief?
- Chuang Tzu - Ransacking Coffers
The best door’s unlocked and unopened
- From Tao Te Ching (Chapter 27) - Ursula LeGuin translation
The above quotes, taken from the Taoist writings, reminded me a little of modern cybersecurity and software design. They are really about much larger principles to do with power and human knowledge, but in their most literal sense they also perhaps hold important lessons for people who think about the security of systems.
The basic lesson is that the practice of binding things together, of trying to centralise control in the name of security, ironically leads to the creation of vulnerabilities and choke points that can be exploited by bad actors for a much greater reward. The Nietzchean version of this is “The bigger they are, the harder they fall.”
At its core, the internet is built using ‘dumb’ protocols, like BGP and IP/TCP, and a lot of trust. These protocols are not particularly ‘secure’ on their own, but they work. By simply providing a method for different networks to interconnect with one another they resulted in the rapid development of the global internet. They were open and transparent, developed by engineers whose only goal was to connect, not to control.
“The best protocol is unlocked and unmonitored.”
Ursula LeGuin was always interested in the link between Taoism and anarchism. The early internet, too, was anarchistic - without a centre. Yes, certain things need to be centralised like the management of names (DNS) and numbers (IP addresses) to ensure uniqueness at a global scale, but beyond this a huge amount of freedom was given to local network administrators to take these core building blocks and configure their own networks based on the needs of those users. For example, a corporate network might block certain sites to stop workers procrastinating or entire countries, like China, might try to filter out content based on political concerns, but at the end of the day this is all achieved through the same, common building blocks, the same global address space.
There is a built-in freedom in the protocols to allow policy decisions to be made at the local level, ideally collectively and through consensus. And, of course, the protocols are porous enough and ‘dumb’ enough that even if a network does try to block its users unilaterally, there are always ways to route around this. Someone has even made a way to have http over DNS - https://github.com/veggiedefender/browsertunnel. During the Turkish attempt to shut down Twitter in 2014, the numbers ‘8.8.8.8’ were spray painted on some walls. This signalled an easy fix to the block - switch your DNS to google’s public DNS, which the Turkish government had no control over.
In more recent times, the monopolies and duopolies of tech giants seem to go against this openness and interconnectedness. They develop silos, huge data stores, and proprietary products. This allows for things to be tied down and bound together much easier. But doesn’t it also increase the chance of catastrophic failure? Companies like Amazon and Meta not only control a huge amount of the web space - both via their apps, but also through sophisticated ad-tracking - but they also control much of the infrastructure that internet traffic runs over, like subsea cables and data centers. Less and less internet requests are actually routed through the ‘public’ internet, instead, CDNs spread across data centers bring the content to you.
The Irish writer Maria Farrell signals a similar type of issue with her metaphor of the need to “rewild the internet”. She uses the analogy of forestry monocultures in Europe during the Age of Exploration. While these plantations of trees were able to effectively provide an abundance of raw materials for expansion and shipbuilding during early yields, later crops were less robust, because the supporting forest ecosystem had been stripped away. In order to thrive, ecosystems must be diverse, local, and, in a sense, anarchistic. A monoculture is a way of binding things together, a form of control, and it is this very binding together that is the source of ruin.
With the rise of AI, a key security/privacy issue gaining more traction is ‘data governance’; protocols and practices that ensure the data individuals and companies provide to major providers are under guard and not inadvertently transferred to jurisdictions with regulatory approaches to data that the user hasn’t signed up to. In recent years, TikTok developed “Project Texas” and “Project Clover” to help ease US and EU regulators’ concerns about the security data in a geopolitical context. Isn’t this just ‘data governance theater’, in the same way we used to speak of ‘security theatre’?
Tying and binding things comes in many forms. In centralising and locking down systems, we are also tying ourselves more closely to those systems. This results in a greater dependency on this kind of data and a belief that this kind of data (like what kind of videos we watch on TikTok) is ’essential’ to our identities in some way, or ‘worthy’ of ‘governance’. And alternative would be to abandon the chains and ropes we are creating to help improve security and data governance, and instead reject the notion that individuals can be defined through their digital profile, and stop shaping our societies and services around this belief. The current president of the Signal Foundation, Meredith Whittaker has some interesting talks in this line of thinking.
Love, Privacy, and the Politics of Intellectual Shame (Youtube)
The internet worked so well originally because it was open, transparent, interconnected, and highly scaleable. Yet, and for good reasons, we are increasingly worried about the harm that is created by many of the major applications running on the internet, like social media sites. Therefore, we rush to try to lock things up and create a more ‘secure’ environment. But, from the Taoist perspective, in doing this we are creating a more intensified vulnerability. We are creating systems that in the worst case, if breached, result in even higher and richer yields for attackers, or in the best case, we are tying ourselves to the practices and promises of ‘big data’, re-defining our humanity through what can be stored and captured through computing systems.
