By: Yuval Shany
Welcome to the 14th Newsletter of the HUJI CyberLaw Program.
The Federmann Cyber Security Research Center is in the business of researching threats to cyber security. But what constitutes security in cyberspace? This is a question we often discuss among ourselves when considering the relevance of different research trajectories. Clearly, cyber-attacks that harm or disrupt computer systems or networks, or the devices and services connected to them, constitute direct cyber security threats. Under this category, for example, this newsletter discusses research into the possibility of cyber-attacks against medical devices, and describes discussions at some of our recent conferences on protecting smart cars against cyber-attacks, insuring private and commercial actors against the financial harms incurred by cyber-attacks, and mechanisms for attributing certain cyber-attacks to aggressive states.
A second category of protected interests involves data. Here, again, there will be clear contexts in which data theft, data leaks, and the manipulation of data content entails security threats and harm to basic individual rights and interests. In the same vein, we may regard harmful online contents such as hate speech or revenge porn as a safety issue. Even control over data or online access by third parties may be classed as a latent threat to the personal wellbeing of online users. From this perspective, we may regard oppressive workplace practices that allow employers to access employees’ computers and online accounts as a threat to their personal dignity and privacy, and thus a potential risk to their sense of personal security. In fact, two of our recent conferences discussed in this newsletter addressed the need to limit the control of employers and internet and social media companies over personal data.
Developments in online technology can also transform the broader societal ecosystem in impactful ways. For example, the extensive use of online cameras with facial recognition technology in public places may facilitate the systemic surveillance of individuals and tight social control. Moreover, the introduction of AI-based online technology could have a significant disruptive effect on the labor market and the economy, leading to serious personal anxiety and loss of economic security for those affected.
At the Federmann Cyber Security Research Center, we operate under the following working definition of our “security” mandate: All questions directly related to the need to ensure the safety, wellbeing, and human rights of online users are, at some level, questions of cybersecurity. This is because they are questions about deliberate or anticipated harm to individuals perpetrated through the use of cyberspace as a key platform. A user-centric approach militates, in our view, in favor of casting a broad net of protection through regulation, liability, and norm enforcement, while acknowledging the particular challenges posed by each particular online threat to human security. Arguably, addressing risks to online users from a holistic perspective is likely to prove more effective than a piecemeal approach that may result in the long run in harm dislocation instead of harm prevention.
I will be happy to discuss with you further these and other issues referred to in this newsletter and in our other publications.
Sincerely
Yuval Shany
Program Director