HUMAN SECURITY LAB

security middleware

problem
statement

In between the micro- and macro-scales there are crucial intermediating “mesoscales”¹ that are not well understood or exploited. In the context of analyzing issues related to human security, “mesoscale” can be used to describe the dense tangle of structures and systems that make up the functioning of our everyday world. Supply chains, for example, connect macro inter-state issues such as the Russian invasion of Ukraine to the micro issues of on the ground food insecurity in import-dependent countries like Egypt as the flow of commodities such as wheat are disrupted by conflict thousands of miles away. Similarly, the home mortgage lending system in the United States tied macro level decisions such as interest-rating setting by the Federal Reserve to micro-level individual decisions to invest in home ownership thereby creating a tight coupling that in a time of crisis proved to be essentially buffer-less.²

Mesoscale as a descriptor has until now most commonly been used in fields such as meteorology, oceanography, and atmospheric sciences. In these contexts, key characteristics of mesoscale phenomena include a spatial scale ranging from two to 2,000 kilometers horizontally, and a temporal scale lasting from a few hours to several days. Examples of such mesoscale structures include thunderstorms, squall lines, and certain types of convective systems.

Professor Jeremy Adelman from personal correspondence with the author.

These mesoscale system elements today are often made up of complicated sets of inter-related technologies³ —be they layers of software protocols allowing information to flow across the Internet, supply chain handoffs flowing less processed inputs into finished products, or policy interpretations at the level of individual FDA drug reviewers impacting the clinical trial decisions of large multi-national pharmaceutical companies. The complicated and distributed nature of these networks has made understanding and influencing them complicated, and the increasing inclusion of AI elements into these systems is only adding another measure of “black-boxedness” into the mix.

www.amazon.com/Overcomplicated-Technology-at-Limits-Comprehension/dp/0143131303

Professor Jeremy Adelman from personal correspondence with the author.
‍

www.amazon.com/Overcomplicated-Technology-at-Limits-Comprehension/dp/0143131303

motivation

It is common to look at many deep, persistent problems in the world and frame them in macro terms—climate change is a global issue, war is an issue between nation states, unemployment is an issue of the financial system. In the 1990’s, an effort was made to re-cast these challenges at a more micro-scale by defining them as matters of “human security.” As the term implies, human security was cast at an individual level, “It means, first, safety from such chronic threats as hunger, disease and repression. And second, it means protection from sudden and hurtful disruptions in the patterns of daily life—whether in homes, in jobs or in communities.”⁴

UN Development Programme, Human Development Report, 1994 (OUP) p. 22 (quoted in Roland Paris, Human Security - Paradigm Shift or Hot Air?, p.89).

This macro- versus micro-view dichotomy has dominated how social scientists have traditionally analyzed the big problems of society. The micro- approach (social psychology, micro-economics, micro-history, micro-politics) became particularly fashionable in the 2000s with the turn to behavioral explanations. The macro- framework (world systems, global regimes, earth sciences, macro-economics) has come back into vogue as the post-Cold War stability has faded and the geopolitics of rivalry have re-emerged as a dominant theme.

Throughout the rise and fall of intellectual fashions, though, one thing has remained consistent: macro people gripe that micro is too detailed and contingent and doesn’t scale up; and micro people complain that macro analysis can’t understand decision-making at the level it actually takes place.⁵

The ideas and language in these two paragraphs are derived from University of Cambridge Professor Jeremy Adelman via personal correspondence with the author.

In between the micro and macro, though, there are in fact crucial intermediating “mesoscales”⁶ that are not well understood or exploited. In the context of analyzing issues related to human security, “mesoscale” can be used to describe the dense tangle of structures and systems that make up the functioning of our everyday world. Supply chains, for example, connect macro inter-state issues such as the Russian invasion of Ukraine to the micro issues of on the ground food insecurity in import-dependent countries like Egypt as the flow of commodities such as wheat are disrupted by conflict thousands of miles away. Similarly, the home mortgage lending system in the United States tied macro level decisions such as interest-rating setting by the Federal Reserve to micro-level individual decisions to invest in home ownership thereby creating a tight coupling that in a time of crisis proved to be essentially buffer-less.⁷

Professor Jeremy Adelman from personal correspondence with the author.

In software terms, the mesoscale is where middleware sits “act[ing] like the connective tissue between applications, data, and users.”⁸ Operating systems function as the foundational software layer that directly interfaces with hardware resources, providing essential services including memory management, process scheduling, device driver abstraction, and security enforcement through privileged execution modes. Middleware, conversely, operates at a higher abstraction level, positioned between the operating system and application software to facilitate standardized communication protocols, distributed processing capabilities, and service-oriented architectures across heterogeneous computing environments. While operating systems manage hardware-specific implementations and provide isolation between concurrent processes, middleware abstracts these platform-specific details, offering application developers consistent APIs and interoperability mechanisms that mask underlying system complexities, thereby enabling cross-platform development without requiring intimate knowledge of the hardware or operating system variations that middleware effectively encapsulates through its intermediary translation services.

www.redhat.com/en/topics/middleware/what-is-middleware

In less technical terms, operating systems are the macro level that determine much about how users ultimately interact with a computer (think of the difference between using a laptop running macOS versus one running an open source variant of Linux). Individual applications are the micro level where a user makes particular choices about how to carry out particular functions (should I watch one more video on TikTok or should I go to sleep?). Most of us at least know the name of the operating system we are functioning on and have an appreciation for its general characteristics; and most of us make clear choices about whether to use a particular application like TikTok, or not. What almost none of us perceive or understand is the web of enabling middleware that makes the online world function by abstracting away the technical details described above.

One can think of the legal system of a country as another type of operating system —in this case the operating system for that society. It determines what actions are allowed and what the consequences are when actions take place outside the sanctioned boundaries. In the United States, documents such as the Constitution and the body of federal and state statutes provide the broad brush strokes for the operating system. Regulations and case law fill in the middleware layer dictating how these high-level ideas connect to everyday life. And administrative agencies and the court system apply the regulatory and case law middleware to a myriad of everyday decisions at the micro level.⁹

These mesoscale system elements today are often made up of complicated sets of inter-related technologies¹⁰ —be they layers of software protocols allowing information to flow across the Internet, supply chain handoffs flowing less processed inputs into finished products, or policy interpretations at the level of individual FDA drug reviewers impacting the clinical trial decisions of large multi-national pharmaceutical companies. The complicated and distributed nature of these networks has made understanding and influencing them complicated, and the increasing inclusion of AI elements into these systems is only adding another measure of “black-boxedness” into the mix.

See www.amazon.com/Overcomplicated-Technology-at-Limits-Comprehension/dp/0143131303

There are a number of important design considerations in building middleware solutions:

Purpose & Position

Middleware: Designed to facilitate communication and integration between different technology systems, acting as an intermediary layer that connects disparate components
Other Solutions: Typically designed as standalone products with specific functions, direct user interaction, or to address particular business needs
‍

Requirements Gathering

Middleware: Requires understanding multiple technologies' specifications, limitations, and interfaces
Other Solutions: More straightforward requirements focused on solving specific problems
‍

Architecture

Middleware: Typically employs adaptable, flexible designs; Must accommodate various formats, signals, and operational parameters; Often serves as a translation layer between incompatible systems.
Other Solutions: Can be more specialized and optimized for their specific function
‍

Integration Focus

Middleware: Primary focus is on compatibility, connectivity, and seamless operation between different technologies
Other Solutions: Often prioritize specific functionality, performance in their domain, or user experience

Performance Considerations

Middleware: Must optimize to avoid becoming a bottleneck, often requires balancing between compatibility and efficiency
Other Solutions: Performance requirements typically defined by their specific use case
‍

Stakeholder Complexity

Middleware: Must satisfy requirements from multiple systems, technologies, and their respective stakeholders
Other Solutions: Generally focused on a discrete set of end-users or specific business requirementsTechnical Requirements
Middleware needs: Strong emphasis on standards compliance and interoperability; Must support multiple protocols and interfaces; Requires higher reliability as it impacts multiple systems; More complex handling of cross-system failures and exceptions
‍

Value Proposition

Middleware: Value derived from enabling connections and workflows across technology ecosystems
Other Solutions: Value typically measured in direct functionality or problem-solving capability
‍

Security Implications

Middleware: Often bridges security domains, requiring specialized security approaches
Other Solutions: Security concerns are generally more contained within system boundaries

UN Development Programme, Human Development Report, 1994 (OUP) p. 22 (quoted in Roland Paris, Human Security - Paradigm Shift or Hot Air?, p.89).
‍

The ideas and language in these two paragraphs are derived from University of Cambridge Professor Jeremy Adelman via personal correspondence with the author.
‍

Professor Jeremy Adelman from personal correspondence with the author.
‍

www.redhat.com/en/topics/middleware/what-is-middleware
‍

NB, how this legal middleware is implemented is somewhat in flux as a result of the Supreme Court case Loper Bright Enterprises v. Raimondo in which a 6-3 decision by Chief Justice John Roberts overruled the 1984 case of Chevron U.S.A. v. Natural Resources Defense Council. The question before the court in Loper focused on the so-called Chevron deference, an administrative law concept that says courts should defer to a federal agency’s reasonable interpretation of an ambiguous statute. The Loper decision overturned the 40-year-old Chevron precedent writing “[the Administrative Procedure Act] requires courts to exercise their independent judgment in deciding whether an agency has acted within its statutory authority, and courts may not defer to an agency interpretation of the law simply because a statute is ambiguous; Chevron is overruled.”
‍

See www.amazon.com/Overcomplicated-Technology-at-Limits-Comprehension/dp/0143131303

curation

BOOKS

Overcomplicated: Technology at the Limits of Comprehension

Samuel Arbesman / Portfolio / 2017

A field guide to living with complex technologies that defy human comprehension.

PAPERS

What is middlware?

Red Hat / 2002

Middleware is a software layer that connects the operating system to applications, data, and users. It provides common services and capabilities, like single-sign on (SSO) or application programming interface (API) management.

next steps

Security middleware development ideas in process include:

Regional Health Security Hubs
AI-coordinated networks connecting academic and community medical centers, public health agencies, and community organizations within geographic regions, creating integrated research-practice ecosystems that respond to local health security needs.

Misinformation Response Systems
Health security is particularly vulnerable to misinformation. Research organizations would need AI systems capable of tracking and responding to health misinformation in real-time while maintaining public trust.

Privacy-Preserving AI Governance
Health security research requires particularly careful balancing of surveillance capabilities with privacy protections. New governance frameworks would be needed to enable AI analysis of sensitive health data without compromising individual rights.

Open Source Communications Protocol for Human Security
Protocols “push the power and decision making out to the ends of the network, rather than keeping it centralized among a small group of very powerful companies. At the same time, it would likely lead to new, more innovative features as well as better end-user control over their own data. Finally, it could help usher in a series of new business models that don’t focus exclusively on monetizing user data.”

See, e.g., Bluesky: “Bluesky is powered by an open-source protocol, a sort of instruction manual and set of data standards that allows anyone to build compatible software on top of it.” Bluesky is built upon the AT Protocol, which is an open-source protocol for building social applications. This means the AT Protocol provides the underlying framework and standards for building social media applications, allowing anyone to create compatible software on top of it. The AT Protocol is designed to be open, interoperable, and to allow users to have more control over their data and experience.