Hostname: page-component-78c5997874-m6dg7 Total loading time: 0 Render date: 2024-11-11T08:46:11.934Z Has data issue: false hasContentIssue false

Toward a Human-Centric Approach to Cybersecurity

Published online by Cambridge University Press:  07 December 2018

Abstract

A “national security–centric” approach currently dominates cybersecurity policies and practices. Derived from a realist theory of world politics in which states compete with each other for survival and relative advantage, the principal cybersecurity threats are conceived as those affecting sovereign states, such as damage to critical infrastructure within their territorial jurisdictions. As part of a roundtable on “Competing Visions for Cyberspace,” this essay presents an alternative approach to cybersecurity that is derived from the tradition of “human security.” Rather than prioritizing territorial sovereignty, this approach prioritizes the individual, and views networks as part of the essential foundation for the modern exercise of human rights, such as access to information, freedom of thought, and freedom of association. The foundational elements of a human-centric approach to cybersecurity are outlined and contrasted with the prevailing trends around national security–centric practices. A human-centric approach strives for indivisible network security on a planetary scale for the widest possible scope of human experience, and seeks to ensure that such principles are vigorously monitored and defended by multiple and overlapping forms of independent oversight and review.

Type
Roundtable: Competing Visions for Cyberspace
Copyright
Copyright © Carnegie Council for Ethics in International Affairs 2018 

Access options

Get access to the full version of this content by using one of the access options below. (Log in options will check for institutional or personal access. Content may require purchase if you do not have access.)

Footnotes

*

I am grateful to Tim Maurer, Duncan Hollis, the editors of Ethics & International Affairs, Christopher Parsons, Cynthia Kloo, Lex Gill, Irene Poetranto, and Adam Molnar for helpful comments, and to Liz Gross for research assistance.

References

NOTES

1 “Global Cyber Definitions Database,” New America, Cyber Security Initiative (2014), cyberdefinitions.newamerica.org/.

2 Yet another approach to cybersecurity that contrasts with both national security and human-centric approaches is one that is focused around corporate security and the maximization of profits, with a company's intellectual property and the unfettered flow of financial information being the object of security. I outlined this paradigm of cybersecurity in a 2002 chapter entitled Circuits of Power: Security in the Internet Environment,” in Rosenau, James and Singh, J. P., eds., Information Technologies and Global Politics: The Changing Scope of Power and Governance (Albany, N.Y.: SUNY Press, 2002), pp. 115–42Google Scholar.” For brevity, I focus here mostly on the contrast between national security and human-centric approaches.

3 Glasius, Marlies, “What Authoritarianism Is…and Is Not: A Practice Perspective,” International Affairs 94, no. 3 (2018), pp. 515–33CrossRefGoogle Scholar.

4 Deibert, Ronald, Palfrey, John, Rohozinski, Rafal, and Zittrain, Jonathan, eds., Access Controlled: The Shaping of Power, Rights, and Rule in Cyberspace (Cambridge, Mass.: MIT Press, 2010)Google Scholar; and Deibert, Ronald J., “Authoritarianism Goes Global: Cyberspace Under Siege,” Journal of Democracy 26, no. 3 (2015), pp. 6478CrossRefGoogle Scholar.

5 Deudney, Daniel, Bounding Power: Republican Security Theory from the Polis to the Global Village (Princeton, N.J.: Princeton University Press, 2007)Google Scholar.

6 For an overview of the concept of human security, see Paris, Roland, “Human Security: Paradigm Shift or Hot Air?International Security 26, no. 2 (2001), pp. 87102CrossRefGoogle Scholar.

7 “About Us,” Freedom Online Coalition website, freedomonlinecoalition.com/about-us/.

8 Freedom Online Coalition Working Group 1, “An Internet Free and Secure,” Recommendations for Human Rights Based Approaches to Cybersecurity, Freedom Online Coalition, September 21, 2015, www.freedomonlinecoalition.com/wp-content/uploads/2014/04/FOC-WG1-Recommendations-Final-21Sept-2015.pdf.

9 For a complementary view, see Cavelty, Myriam Dunn, “Breaking the Cyber-Security Dilemma: Aligning Security Needs and Removing Vulnerabilities,” Science and Engineering Ethics 20, no. 3 (2014), pp. 701715CrossRefGoogle Scholar.

10 Reidenberg, Joel, “Governing Networks and Cyberspace Rule-Making,” Emory Law Journal 45, no. 3 (1996), p. 911Google Scholar.

11 International Committee of the Red Cross, “Cyber Warfare,” October 29, 2010, www.icrc.org/en/document/cyber-warfare.

12 Besson, Samantha, “Sovereignty, International Law and Democracy,” European Journal of International Law 22, no. 2 (2011), p. 373–87CrossRefGoogle Scholar.

13 Jeremy Waldron, “Are Sovereigns Entitled to the Benefit of the International Rule of Law?” NYU School of Law, Public Law Research Paper No. 09-01 (2009), papers.ssrn.com/sol3/papers.cfm?abstract_id=1323383##.

14 Deudney, Bounding Power.

15 Deibert, Ronald J., “Trajectories for Future Cybersecurity Research,” in Gheciu, Alexandra and Wohlforth, William C., eds., The Oxford Handbook of International Security (New York: Oxford University Press, 2018)Google Scholar.

16 United States White House, “Vulnerabilities Equities Policy and Process for the United States Government,” November 15, 2017 (accessed August 10, 2018), www.whitehouse.gov/sites/whitehouse.gov/files/images/External%20-%20Unclassified%20VEP%20Charter%20FINAL.PDF.

17 Dustin Volz, “FBI Chief Calls Unbreakable Encryption ‘Urgent Public Safety Issue,’” Reuters, January 9, 2018, www.reuters.com/article/us-usa-cyber-fbi/fbi-chief-calls-unbreakable-encryption-urgent-public-safety-issue-idUSKBN1EY1S7.

18 Chris Duckett, “Encryption Leaves Authorities ‘Not in a Good Place’: Former US Intelligence Chief,” ZDNet, June 7, 2017, www.zdnet.com/article/encryption-leaves-authorities-not-in-a-good-place-former-us-intelligence-chief/; and Don Reisinger, “James Comey on Apple and Google's Data Encryption: They ‘Drove Me Crazy,’” Fortune, April 16, 2018, fortune.com/2018/04/16/james-comey-apple-google-data-encryption/.

19 Fred Cate and Jon Eisenberg, “NAS Report: A New Light in the Debate over Government Access to Encrypted Content,” Lawfare (blog), February 15, 2018, www.lawfareblog.com/nas-report-new-light-debate-over-government-access-encrypted-content; and David Ruiz, “There Is No Middle Ground on Encryption,” Electronic Frontier Foundation, May 2, 2018, www.eff.org/deeplinks/2018/05/there-no-middle-ground-encryption.

20 Internet Society, “Internet Society Perspectives on Internet Content Blocking: An Overview,” March 24, 2017, www.internetsociety.org/resources/doc/2017/internet-content-blocking/.

21 Deibert, Ronald, Palfrey, John, Rohozinski, Rafal, and Zittrain, Jonathan, eds., Access Denied: The Practice and Policy of Global Internet Filtering (Cambridge, Mass.: MIT Press, 2008)Google Scholar.

22 “#KeepItOn,” Access Now website (accessed July 12, 2018), www.accessnow.org/keepiton/#problem.

23 Eileen Donahoe, “So Software Has Eaten the World: What Does It Mean for Human Rights, Security & Governance?” Just Security, March 18, 2016, www.justsecurity.org/30046/software-eaten-world-human-rights-security-governance/.

24 Lotus Ruan, “When the Winner Takes it All: Big Data in China and the Battle for Privacy,” Australian Strategic Policy Institute, Issues Paper, Report No. 5/2018, www.aspi.org.au/report/big-data-china-and-battle-privacy.

25 Maria Gurova, “The Proposed ‘Digital Geneva’ Convention: Towards an Inclusive Public-Private Agreement on Cyberspace?” Geneva Centre for Security Policy, July 2017, www.gcsp.ch/News-Knowledge/Publications/The-Proposed-Digital-Geneva-Convention-Towards-an-Inclusive-Public-Private-Agreement-on-Cyberspace.

26 For an elaboration of these themes with respect to private contracting of cybersecurity, see Eichensehr, Kristen, “Public-Private Cybersecurity,” Texas Law Review 95, no. 3 (2017), pp. 467538Google Scholar; UCLA School of Law, Public Law Research Paper No. 16-47, ssrn.com/abstract=2847173.

27 Robert Morgus, Isabel Skierka, Mirko Hohmann, and Tim Maurer, “National CSIRTs and Their Role in Computer Security Incident Response,” Working Paper 2, New America, November 2015, www.digitaldebates.org/fileadmin/media/cyber/National_CSIRTs_and_Their_Role_in_Computer_Security_Incident_Response__November_2015_--_Morgus__Skierka__Hohmann__Maurer.pdf.

28 For more, see Samantha Bradshaw, “Combatting Cyber Threats: CSIRTs and Fostering International Cooperation on Cybersecurity,” Global Commission on Internet Governance, Paper Series: No. 23, December 2015, www.cigionline.org/sites/default/files/gcig_no23web_0.pdf.

29 Ronald J. Deibert, “The Cyber Security Syndrome,” OpenCanada.org, November 25, 2014, opencanada.org/features/the-cyber-security-syndrome/.

30 Ronald J. Deibert, “Towards Stewardship in Cyberspace,” Citizen Lab and Canada Centre for Global Security Studies, Munk School of Global Affairs, University of Toronto, March 2012, www.cyberdialogue.citizenlab.org/wp-content/uploads/2012/2012papers/CyberDialogue2012_Deibert.pdf.

31 That the university will remain a free space for such inquiries is hardly guaranteed, as both commercial and national security interests continuously present threats to academic freedom, and these are, arguably, growing.