“It’s security, stupid.” — Bruce Schneier, San Francisco, 30 March 2016
Cybersecurity policy making at all levels is an exercise in a process called securitisation. This is the process by which actors declare the issue, in this case cyberspace, to be fundamentally an issue of security and thus change the underlying frame an issue and control the narrative. The mainstream narrative of cybersecurity is in line with much dominant national security narratives, that human rights like the right to privacy must be sacrificed in order to ensure security. We reject this narrative and we reject the securitisation of cyberspace. Human rights and security are not antithetical, they are compatible. Furthermore, the ability to fully exercise one’s human rights is indeed the core aim of a secure society.
A handful of representatives from governments, the private sector and civil society comprise an international working group of the Freedom Online Coalition, “An Internet Free and Secure” that is tasked with harmonizing human rights and security. But, protecting rights like privacy and free speech *is* security. Rights and security are not antithetical, they are compatible. Government power and corporate profits fuel the rights v. security narrative that has dominated the US and Europe since the introduction of the US Patriot Act. To dislodge this dominant narrative, we have developed over the course of two years on a human rights respecting definition of cybersecurity and a normative statement of policy recommendations for how cybersecurity policy should be written and implemented if it is to truly be secure, eg to protect human rights.
Panelists from civil society, academia and the Canadian government, co-members of a multi-stakeholder working group on cybersecurity and human rights, will present their perspectives on this issue and a set of recommendations for policy makers and policy advocates at all levels and in all sectors.
Matthew Shears, Center for Democracy and Technology