Recent years have been a turning point in the cyberworld. The world threats – WannaCry, notPetya, Adylkuzz – showed the lack of resilience of most companies, both public and private. Happily the great diversity of targets allowed the authorities to grasp and understand the importance of the issue. Since then, changes occurred or more of a sort of an awakening within decisions making processes. Times is no more about whether or not the threat is real but really what are they and how to act against them.
By Nicolas Sabben, Président du CESED
Every product or service is a potential target within the cyberworld. That being said, every vulnerability towards the systems, the networks and the numeric platforms will necessarily and systematically be challenged. Cybersecurity faces 5 main issues nowadays: digital transformation (agile and data-driven approach), regulations (inclusion of new European directives), data protection (sensitive and personal data), authentication (numeric identity) and risk management (protection and performance).
The need for cyberlaw
“Nobody likes lawyers until things go wrong”. Experience proved this sentence to be right and even more so in the cyberworld. The cyberspace is basically a world without borders in which we have been imagining (and will continue to do so) new ways of working, interacting and cooperating hence ignoring the laws and regulations that apply in the physical world. Then the current issue at stake is how is it possible to apply laws and rules in this new environment and how to actually act against the bad things which are happening in this new world?
The need for humans making cyberlaw
“Suddenly lawyers are needed.” Although machines through Artificial Intelligence technologies can bring automated legal frameworks securing some level of identities and accesses, the parameters allowing them to perform such actions and the objective criteria are established by humans whom skillset permits to be relevant, in other words experienced and competent lawyers whose expertise is related to cyberlaw.
The objective to call up for lawyers is to confirm the legal validity of digital transactions. Why is it such an important matter in the cyberworld? The potentiality to commit fraud is so much bigger simply because there is nor will never the need to meet the targeted people. According to this observation, hence the will among lawyers and politicians to try to pass new laws. Having said that, instead of what could be the future laws, maybe the approach is to decide whether it is necessary or not to review the methodology of how to implement the laws that already exist within the cyberspace.
Regulation and de-regulation
Often attached to innovation and better performance, the cyberspace obviously needs to be secured while also remaining free, the former not excluded the latter. On the same page, regulation and de-regulation might just be compatible or simply put: a clever mix might just be more efficient than choosing one over the other. Considering the volume and variety of cyber threats, the need for regulation appears to be obvious, even if it is just to adopt standards and limit costs for implementing security softwares.
Still many experts, including the Director of the National Cyber Security Division within the department of Homeland Security of the United States, do believe the cyberworld can be made more secure without new security regulation. The issue would be more about effectively improve and enhance the education of the public about when and how to use – for instance – encryption protocols.
Moreover, such approach would be beneficial on to the international scale via the coordination of such training programs between US and EU authorities – recently the European Commission has proposed the formation of a European Network and Information Security Agency.
Privatisation of rights
Before any decision to be taken on the subject, let’s just identify what it is that needs to be regulated. This affirmation reveals the whole issue: who decides what is to be regulated in the cyberworld? Well the answer is the companies which own the data cyberpeople use. That being said, Facebook is currently determining which sites are politically desirable or prohibited for its users. Therefore, users will soon be shut off of some information which Facebook judges not desirable or maybe dangerous for its members, followers or potentially for the company. The problem lies within the characteristics of such actors (GAFA, NATU) which are greater than any private company in the history of the world. Consequently, their actions often define lot of the debate, both the topics and the nature. This is new. This is something lawyers and society as a whole have to identify and then to deal with to keep some kind of sovereignty within their choices and avoid the privatisation of cyberpeople rights.
Cox Braden, “Cyberworld Can Be Made Secure Without New Security Regulation”, Technology Counsel, Project on Technology and Innovation, The Competitive Enterprise Institute.
Kovalan Steven, “Cybersecurity and Law Firms : Ignorance Is Risk”.
Mariana Mota Prado, “The Past and Future Law of Development” (2016) 66 UTLJ 297-300.
Nyman M. Katrin, “Lawyers in the Cyberworld : Good, Bad or Useless”, The Economics of Cybercrime, Research and International Cooperation, DSS ITSEC 2018.
Von Mehren Paige ; Ruttenberg Joan ; Yen Julie. “Intellectual property and cyberlaw”, Bernard Koteen Office of Public Interest Advising Harvard Law School, 2012-2013.
Wigley Michael, “Legal aspects of cybersecurity”, Wigley and Company, 2018.