Deliverable 3.2 - Analysis of Exemplary Public Discourse

Pablo López-Agu...

This deliverable contains three case studies of different public online discourses on the broader issue of cybersecurity and trustworthy information and communication technologies (ICT). It is part of the support studies of the TRUESSEC.eu project, which are aimed towards an interdisciplinary understanding of key aspects of trust and security of ICT products and services. The connected previous deliverable (D3.1: Public Perceptions of Cybercrime and Cyber Security in the EU) collected survey data on this issue to improve the understanding of quantitative differences and priorities in public opinion. This deliverable follows up and is working towards a more qualitative in-depth understanding of central public discourses. Understand cybersecurity is here therefore tackled as not only a matter of technical security features and process but of the public perception and discursive construction of cybersecurity issues.

The following meta-topics have been identified, all of which play a significant role in all discourse areas discussed.

  • The Internet is not only a space of opportunity but also one of insecurity and risk. “Cybersecurity” addresses the latter aspect. Cybercrime and cyberwar are key elements in the discourse on threats to cybersecurity. In the discussion of upcoming threats to cybersecurity, cybercrime especially but also the handling of personal data by providers of ICT products and services, end-users are frequently addressed as responsible for enhancing overall cybersecurity. This is related to the topic of raising “cyber awareness” and identifying “social engineering” as a tool to combat cybercriminal incidents in the context of an increasingly complex technological world.
  • Throughout diverse cybersecurity discourses in the media, esp. regarding privacy and data protection, the topic of the data subject has been identified. The data subject is imagined as the entity to exercise (or the entity entitled to exercise) control over personal data. This construction to some extent allows the detachment of the questions of personal data from the broader issue of a right to privacy. Discussing personal data as separated from persons enables the definition of data processing by different parties as legitimate (or not). In this sense the discourse also shifts from a question of rights (privacy) to a question of property and control over property and allows the implementation of business models.
  • A pertaining prominent discourse deals with the ambivalent implications of state security measures. This includes esp. surveillance activities of national security agencies and also the legal access to personal data in police investigations of criminal or terrorist incidents. The main issue here concerns the threat security measures might pose to the general level of cybersecurity because of the use of zero-day vulnerabilities to gain access to incriminating data/digital evidence. By not closing these security gaps in ICT products and services criminals also potentially retain the opportunity to illegally access personal data and to attack and harm digital infrastructures.
  • Discourses about “cyber threats” like cybercrime, cyberwar and also cyber surveillance may reduce or enforce trust in huge “regions” of cyberspace (e.g. to what extent are online news trusted). Therefore, strengthening security of different types of ICT products and services alone might be insufficient to create an overall perception of security when prominent discourses simultaneously deal with issues like “fake news”, “cyberwar” or “state surveillance”.
  • Overall there seems to be a high degree of disunity and uncertainty about cybersecurity measures, which shapes an ambivalent “discursive arena” between state, economic/business and civil actors across Europe to create a trustworthy internet.