Unpacking “Cybersecurity”: Threats, Responses, and Human Rights Considerations
Public and private sector actors agree that cybersecurity is a growing concern around the world; at the same time, there is no agreed definition of the term “cybersecurity.” Discussions at the World Conference on International Telecommunications (WCIT) illustrate this challenge: participating governments had difficulty gaining consensus on a number of issues in part because of the differing views as to the meaning of cybersecurity. Also, cybersecurity and national security are often seen as one and the same, and the lack of specificity in scope and understanding can lead to human rights challenges. United Nations Special Rapporteur on the promotion and protection of the right to freedom of expression and opinion discusses this issue in his recent report on government surveillance and human rights:
The use of an amorphous concept of national security to justify invasive limitations on the enjoyment of human rights is of serious concern. The concept is broadly defined and is thus vulnerable to manipulation by the State as a means of justifying actions that target vulnerable groups such as human rights defenders, journalists or activists. It also acts to warrant often unnecessary secrecy around investigations or law enforcement activities, undermining the principles of transparency and accountability.
Today, CDT is releasing a paper intended to help civil society advocates and policymakers understand the complexity and diversity of cybersecurity threats and the appropriate range of responses, regulatory or otherwise, that may be put in place. This paper also addresses the impact of cybersecurity threats and remedies on fundamental human rights. The purpose is to help stakeholders develop a more nuanced understanding that enables them to ask the right questions when discussing cybersecurity policy and ultimately identify appropriate means to address specific threats. Deeper, more nuanced understanding of the topic facilitates better security policy, but it also supports the broader goal of an open Internet. The cross-regional statement by governments on Freedom of Expression on the Internet, presented in June to the United Nations Human Rights Council, captures the importance of such an approach:
For the internet to remain global and open, it is imperative that countries, including those currently lacking capacity to adequately deal with security concerns, to adopt a growth- and freedom-oriented, participative, bottom-up perspective on security that has human rights at its core.
There is no one size fits all solution for effective, rights-protecting cybersecurity policy. This paper unpacks the issue, assesses typical threats and examines the resources and entities that support sound and proportional responses:
As a complex policy issue, cybersecurity requires solutions at various levels, both national and international, and by means both non-governmental and governmental. It requires different kinds of approaches, including improving the practices of the private sector, educating users, strengthening law enforcement cooperation across borders, and promoting security through technical standards. Processes based on the principles of openness, transparency, and participation are not only likely to produce better security policies but those policies are more likely to respect innovation and human rights.
For further information, contact Matthew Shears, Director of CDT’s Project on Global Internet Policy and Human Rights, firstname.lastname@example.org, or Gregory T. Nojeim, Senior Counsel and Director of CDT's Project on Freedom, Security and Technology, email@example.com.