Overview
Security Through Design is Agre's central policy proposal in his post-9/11 writings, articulated in 'Imagining the Next War' (September 14, 2001) and elaborated in 'Some Notes on War in a World Without Boundaries' (September 21, 2001). It represents the practical application of his democratic design framework to the problem of infrastructure security.
Agre distinguished two fundamentally different approaches to infrastructure vulnerability:
The protection approach: Takes existing infrastructure as given and surrounds it with armor, surveillance, police protection, and legal penalties — essentially reactive measures applied from the outside. This approach is both unworkable (existing infrastructures are too profoundly insecure) and harmful to civil liberties (if an infrastructure is inherently insecure, the only way to protect it is to track and surveill everyone who uses it).
The redesign approach: Throws out broken infrastructure and reworks it from scratch, designing together in one concurrent process both technical architectures and institutional arrangements. Technical design principles include redundancy, modularity, cryptographic protections, and coherent design philosophies for interfaces between 'self' and 'other.' Institutional design principles include economic incentives that recognize the benefits of security, assignment of conflicting missions to separate entities, and regular audit and review procedures.
The key insight is that the redesign approach relaxes the supposed tension between security and civil liberties. Security designed in, rather than clamped on from outside, can protect both. Cryptography is an example: it enhances security (by preventing third-party eavesdropping) while also protecting privacy.
In his 'civil liberties emergency' post (September 24, 2001), Agre applied this framework specifically to the 'argument from paperwork' — the government's claim that due process requirements should be suspended because they are cumbersome. Agre's response: reengineer the due process procedures with better technology (wireless PDAs for investigators, 24/7 judicial review on computer terminals), rather than eliminating due process itself.
Significance
This concept represents the synthesis of Agre's technical expertise (AI, system design) with his political theory. It is the practical policy expression of his broader argument that technology is never neutral — that design decisions encode political values — and that democratic values should be consciously encoded into infrastructure from the start.
Connection to Other Concepts
Security through design is a specific application of democratic design to the problem of infrastructure security. It draws on the selective amplification framework (technology amplifies existing forces; design means choosing what to amplify) and connects to the capture model (surveillance infrastructure captures social activity). It is the constructive counterpart to the critique in infrastructural warfare.