Protective Computing — Systems Design Under Human Vulnerability
https://protective-computing.github.io/
Mission
The Protective Computing community preserves, curates, and disseminates research, standards, and implementation artifacts for software systems designed to protect human agency under conditions of vulnerability.
We steward the Protective Computing Canon, a layered body of work establishing system design obligations when the Stability Assumption does not hold.
When humans are vulnerable, system architecture must prioritize protection over convenience.
What Is Protective Computing?
Protective Computing is a systems-engineering discipline for designing software used in contexts of instability, trauma, coercion, cognitive impairment, physical limitation, institutional exposure, or degraded infrastructure.
Traditional security engineering protects systems from adversaries.
Privacy engineering protects data from exposure.
Protective Computing protects the human from structural harm caused by the system itself.
It treats instability not as an edge case, but as a first-class design constraint.
Canon Structure
The Protective Computing Canon is organized as a layered corpus:
Layer 1 — Foundational Theory
The Overton Framework: Formal definition of Stability Bias, Vulnerability State Machine, and protective design obligations.
Layer 2 — Operational Translation
Field Guide to Trauma-Informed Software Architecture: Engineering posture and practical system constraints under vulnerability.
Layer 3 — Measurement & Audit
Protective Legitimacy Score (PLS): Auditable scoring methodology for evaluating implementations against protective principles.
All community work relates to one or more canonical layers.
The Five Core Protective Principles
All accepted work must engage with at least one of the following principles:
PC-1: Reversibility
Users must be able to undo consequential actions without loss, penalty, or irreversible record creation.
PC-2: Exposure Minimization
Systems collect, persist, and reveal only information necessary for immediate utility. Latent data accumulation increases vulnerability surface.
PC-3: Local Authority
Critical functionality must not depend on continuous network access or centralized control. Users retain authority over their workflows and data under disconnection, surveillance, or coercion.
PC-4: Coercion Resistance
Systems must not create structural leverage for adversaries. Forced authentication, evidence trails, mandatory disclosure, or remote lockouts introduce coercive attack surfaces.
PC-5: Degraded Functionality
Essential capabilities persist when infrastructure fails, cognition is impaired, or device access is constrained.
Protective Computing assumes systems will be used at a person’s lowest functional capacity, not their best.
What You Will Find Here
This community curates:
Framework Specifications
Canonical releases of the Overton Framework and companion documents defining normative controls and design obligations.
Reference Implementations
Source code and architectural artifacts demonstrating protective principles in practice (e.g., offline-first, privacy-preserving systems).
Audit Instruments
Protective Legitimacy Score (PLS) releases and associated verification methodologies.
Case Studies
Applications of Protective Computing analysis to real-world systems serving vulnerable populations.
Research Outputs
Peer-reviewed papers, technical reports, and applied research extending or stress-testing the discipline.
Educational Resources
Workshops, documentation, and practitioner materials for implementing protective architectural posture.
Who Should Contribute
We welcome submissions from:
• Software architects designing systems for trauma survivors, chronic illness communities, domestic violence contexts, incarcerated populations, displaced persons, or other vulnerable groups
• Researchers studying trauma-informed UX, coercion resistance, or offline-first architecture
• Security engineers working on surveillance-aware threat modeling or structural coercion mitigation
• Health informaticists building tools for patients with fluctuating cognitive or physical capacity
• Policy researchers examining structural harms caused by mandatory data collection or always-online dependencies
• Open-source maintainers implementing local-first, reversible, or degraded-mode design patterns
Submission Standards
All submissions undergo curator review.
Requirements:
• Clear mapping to one or more Protective Computing principles
• Explicit articulation of vulnerability context
• Verifiable technical claims (when applicable)
• Reproducible documentation for independent audit
• Open licensing (CC BY 4.0 for documents; MIT or Apache 2.0 for code preferred)
• Citation of the canonical Overton Framework DOI and version used
This domain concerns human safety. Claims must be testable.
Origins
Protective Computing emerged from practical experience building offline-capable systems for individuals with fluctuating physical and cognitive capacity.
Patterns observed across trauma survivors, chronic illness communities, and individuals navigating hostile institutional environments revealed a consistent architectural failure mode: systems optimized for stability collapse under vulnerability.
The discipline formalizes these observations into structured engineering obligations.
Community Standards
Curation standards are intentionally rigorous.
Poor design in this domain does not merely inconvenience users.
It amplifies surveillance, coercion, exclusion, and structural harm.
All accepted work must:
• Demonstrate meaningful engagement with Protective Computing principles
• Avoid unverifiable security or privacy claims
• Meet ethical research standards when involving vulnerable populations
• Enable independent reproduction or evaluation
Protective Computing is not a branding exercise. It is a safety discipline.
Get Involved
Submit research, implementations, or case studies via Zenodo.
Participate in discussions and documentation at:
https://protective-computing.github.io/
Apply the framework in your own systems and contribute empirical findings back to the community.
Reference Protective Computing in research, teaching, and standards work.
Disciplines grow through scrutiny.
Keywords
protective computing
vulnerability-aware design
trauma-informed UX
coercion resistance
local authority
offline-first architecture
degraded functionality
reversibility
exposure minimization
Overton Framework