Cyber security does not concern states but rather human beings (and the 7 actions we should be taking in this regard)

Cybercrimes, cyber threats, cyber war: citizens should be involved, for the sake of counteracting cyber risks while respecting human rights

By Arturo Di Corinto

Following a prevailing tendency, a wide range of phenomenon fall under the umbrella of cyber security, e.g. cyber threats, cyber warfare, cybercrimes. However, cyber security keeps getting identified with national security. We should bear in mind that the afore-referred phenomenon primarily concern human beings and their behaviors, reflect people’s degree of wellbeing and of security along with the rights and opportunities of all citizens.

That is why cyber security is relevant for both individuals and states: single and associated persons are the ones suffering from the consequences of cyber attacks in a dimension where state security agencies and global giants collect and accumulate behavioral data of all of us. Moreover, the way how those data are handled increasingly undermines the right to privacy and the freedom of expression. Mixing up cyber security with national security is therefore not advisable: such an approach does not enable a global reflection on what cyber security implies in a context where state surveillance powers are extended, anonymity and privacy-protection technologies are restricted or outlawed and the same users are even monitored.

At the same time, guarantees are weakened and backdoors installed inside the most popular software, with the consent of unscrupulous firms, sometimes under blackmail as for their main business, i.e. the management of users’ data and identities.

Cyber security is about human rights: association, cooperation, freedom of movement, communication, all rights grounded on privacy and the free expression of thought (Read also “Privacy, 10 reasons to take position against massive surveillance — that even Facebook understood) .

Cyber security national strategies

According to the International Telecommunication Union (ITU), at the beginning of 2015, out of 193 Member States, 67 had adopted a cyber security national strategy, 102 a response team in case of cyber incidents, the well-known CIRTs (National Computer Incident Response Teams).

Last year, the European Commission decided to set some guiding rules for the analysis and counteraction of cyber threats, while the European Parliament is focused on devising agreements and cooperation strategies among Member States that would have to identify sectors and public utilities (transportation, health, enterprises) in need of protection through ad-hoc means.

Jean-Claude Juncker declared that: <<Europe does not stand ready against cyber attacks>>.

In the context of his speech on the State of the Union on 12 September 2017, the President of the European Commission included cyber security among the agenda’s priorities and put forward a proposal for setting up a European Security Agency. <<Over the course of last year only>> stated Juncker, <<over 4 thousands ransomware attacks occurred on a daily basis and 80% of the European firms has experienced at least one cyber security incident>>.

In the meantime, international organizations such as the African Union and the Organization of American States have been, since a while, formulating a set of laws and cooperation agreements at international level to address the challenges of cyber security, though often exploiting them as mechanisms of economic blackmail or as a way of establishing diplomatic relations.

The Prime Minister of China, Xi Jinping, during his last visit to London, devoted his crucial meetings precisely to the definition of a common strategy on cyber security (Joint statement on cyber security) and soon afterwards they approached the United Stated on the very same matter.

Nevertheless, the latest US’ laws on cyber security concern the surveillance management of their own citizens, both in the country and abroad and, as the Electronic Frontier Foundation and the Access Now report, even of foreign citizens from other countries. Most laws are dealt with by governments and by a few selected firms, as organized in influence lobbies, in line with closed-door policies.

A new definition of cyber security

From a human rights point of view, it is inconceivable that the theft of 22 million American employees’ personal data, including sensitive information on health conditions, income and housing, could be framed in the context of an alleged war between states. China was blamed on that specific occasion, though in the lack of any evidence (US Personnel Department hack), so that it appeared more convenient to refer to an opposing power and to speculate about future retaliations instead of assessing how those data had been organized and preserved and on what legal grounds.

Notwithstanding the enduring state of war with the radical Islam-oriented terrorism, attacks targeting European metropolises and security alerts over strategic infrastructures, we currently go through a stage when we are in need of higher security standards precisely in the context of our daily life: cyber criminals are able to access our vehicles’ GPS, send a drone to monitor our dwellings, listen to our conversations from a smart TV and trespass on our domotic houses with a simple click.

We aim at a cyber security oriented towards the protection of personal data that anticipate and disclose our behaviors

We need it as our own lives are molded on our cyber identities that constantly interact with dimensions whose core business is exactly the extrapolation and collection of our data, that are afterwards resold to the highest bidder. The same welfare agencies electronically manage the sphere of citizens’ right to social protection and welfare, while the Internet of Things is ungoverned, due to an inadequate and backward legislation.

The current situation should trigger the search for a new definition of cyber security, as focused on the rights of human beings and on the final users of technology, not only on national and infrastructural systems.

Public policies and citizens’ involvement

How could we personally contribute?

According to Andrew Puddephatt and Lea Kaspar, researchers for Open Democracy, we should:

1. Set a legal and regulatory framework, well-structured and detailed, on data properties so that people are in a position to regain control over their personal information, nowadays in the hands of internet service providers;
2. Ensure the possibility of adopting the ‘end to end’ cryptography in the context of our communications;
3. Launch awareness-raising projects on the relevance of an education to privacy and to personal data protection;
4. Establish monitoring agencies that guarantee the safeguard of fundamental rights in the frame of data collection by anyone and for whatever purpose, so to contain and control their conduct;
5. Appeal to governments to involve human and instrumental resources, made up of a competent staff that could legally act upon data breaches of companies’ and people’s privacy;
6. Enable citizens’ participation in the definition of public policies affecting them, at different levels and with a multi-stakeholder approach;
7. Stimulate a wide public debate about the significance of security in a cyber and interlinked world, where the openness and resilience of Internet could function as a resource rather than as an obstacle in the management of people’s daily lives.

How could we argue with that?!