efforts to bolster cybersecurity often ignore the human rights dimension, or worse, view human rights as an impediment to cybersecurity. This is a dangerous and misguided assumption. Cybersecurity is a human rights issue, and it is time to start treating it like one.
Why cybersecurity is a human rights issue
Using the FOC definition of cybersecurity as a basis, it is easy to see how threats to cybersecurity – or cyber insecurity – can be human rights violations. The denial of availability of information and its underlying infrastructure, in the form of network shutdowns, for example, violates a wide range of rights, including by unduly restricting access to information and the ability of people to express themselves, peacefully assemble and associate, as well as enjoy a range of economic, social and cultural rights. In 2018, 196 internet shutdowns were documented in 68 countries.
There are countless examples of the confidentiality of information being compromised, whether through data breaches for financial gain, mass government surveillance or targeted attacks on human rights defenders or journalists, in violation of the right to privacy, among other rights. Breaches of the confidentiality of communications through surveillance is linked to severe human rights violations, like detention, torture and extrajudicial killings. An example of a particularly egregious case is the surveillance of Saudi dissident Omar Abdulaziz, which contributed to the extrajudicial execution of Saudi journalist Jamal Khashoggi. According to a lawsuit, Abdulaziz’s cell phone was targeted by the Saudi Arabian government with spyware, compromising the confidentiality of his communications with Khashoggi about opposition projects in the months leading up to Khashoggi’s killing.
While most people are likely to experience some form of cyber insecurity in their lifetime, even people for whom meaningful access to the internet is a challenge, cyber insecurity is not experienced evenly by everyone. Human rights defenders, journalists, and people in positions of marginalisation or vulnerability, because of their religion, ethnicity, sexual orientation or gender identity, for example, can experience particular risk. For example, they are more likely to be targeted by government or lateral surveillance, and the consequences of more broad threats like data breaches or network shutdowns are often more severe for them because of their location within society.
As more people and devices are connected, the risks that come with cyber insecurity will only increase. Unfortunately, governments are either not centring cybersecurity discussions on human rights, or worse, they are using cybersecurity as an excuse to exercise more control over the internet.