Cybersecurity Justice: the Ethics of Exclusion

- Rescheduled -

7 - 11 December 2020

Venue: Lorentz Center@Snellius

If you are invited or already registered for this workshop, you have received login details by email.

With the growth of the Internet-of-Things and large parts of the world becoming increasingly dependent on mobile internet applications for access to basic financial and governmental services, the security of a wider and wider array of devices and systems is becoming necessary to ensure stakeholders’ basic interests. Until recently, the ethics of cybersecurity has been focused on issues of privacy, fiduciary responsibility, and individual liability (Christen et al., 2019; Guiora, 2017; Manjikian, 2017). At the same time, the broader political role that cybersecurity needs to play in a world where internet access is essential for accessing basic services and where there are large-scale inequalities in the nature, reliability, and fluency in internet access and use has been comparatively ignored. There is an urgent need—as cybersecurity claims amongst agents with vastly different social status and political power proliferate—to consider security claims within the context of distributive and procedural justice (Hess and Ostrom, 2007).

Issues of cybersecurity justice arise both domestically and globally, especially given the key role that technology leaders in Europe and the United States play in establishing best cybersecurity practices around the globe and in profiting from both sales of hardware and software to lower-income nations. Domestically, access to the internet is increasingly essential in order to avail oneself of core governmental services (UN Human Rights Council, 2016). In the limit case, even the ability to vote requires secure internet access, but even in more moderate cases, applying for social welfare services as well as access to medical insurance is simplified by, made cheaper through, or even requires the use of the internet. Those without internet access may need to spend hours in line, pay additional fees, wait longer for appointments, fail to receive essential translation services, or simply be blocked from using the services altogether. Secure and reliable access thus becomes essential to one’s status as a citizen able to access one’s own entitlements. Thus, smoother and cheaper operations of government services for the many are often purchased at the cost of additional obstacles being imposed upon the weakest claimants (Dimaggio et al., 2004; Hoffman and Novak, 1998; Jaeger, 2011; Lian and Yen, 2014; Loges and Jung, 2001; Willis and Tranter, 2006). It is important to explore the extent to which different cybersecurity norms or practices could mitigate these inequitable consequences.

Globally, many of those subject to digital inequality—including and especially those who have been historically unbanked—have increasingly come to rely on mobile phones and social media applications for basic internet functionality (Gong et al., 2007). Cybersecurity justice would acknowledge that mobile, local, and social internet functionality based on smartphones can play a large role in helping those in developing nations to achieve higher levels of welfare and development. Various smartphone apps have become increasingly important for financial security (Davis, 2020; Garun, 2017; Rapacz, 2018), but also for access to secure drinking water (Cheng, 2018), and employment (Hannon, 2017). Mobile banking has played an especially large role in providing financial services to those in lower income nations (Bankole et al., 2011; Donner and Tellez, 2008; Medhi et al., 2009; Must and Ludewig, 2010; Shaikh and Karjaluoto, 2015; Van der Boor et al., 2014; Wambari, 2009). In these environments, smartphone apps are being used to replace or supplement basic institutional functionality but the security of these apps as well as the privacy of the users is not a key priority for the European and North American cybersecurity actors (Burnett and Feamster, 2015; Byers, 2015; Narayanan and Zevenbergen, 2015; Pearce and Rice, 2013; Rice and Katz, 2003; Srinuan et al., 2012). This gives rise to concerns about power and exploitation. This is similar to cases of exploitation in global pharmaceutical research. In those cases, companies from the Global North offered a level of treatment higher than expected in the developing country and yet lower than expected in a developed nation in order to save money on drug trials (Benatar, 2002; Emanuel et al., 2004; Petryna, 2005). Here, technology companies are offering a genuine benefit but at the cost of lower levels of security or privacy than expected in their home nations. Developing a set of norms for cybersecurity agents that will give greater priority to the least powerful, impoverished classes of the planet that can benefit from new mobile phone and internet-of-things functionality could be a key plank of cybersecurity justice.

The workshop will result in a report compiled by the organisers summarising contributions from participants across the week. The report will set forward a clear agenda to cover key areas for research and development to 2030. The report will also propose working groups, to be led by workshop participants, covering each of the key areas proposed in the research agenda. This proposal will encompass ideal members of each working group, a timeline for each group, and key areas of funding for each group to pursue. Together, the research agenda and working groups will develop work that will sensitize academics, technical developers, policy makers and users of cybersecurity technology of tensions between their models and societal reality, with directions towards mitigation and solutions of these tensions.


    Monday 7 December

    Day 1: Introduction

    09:3010:00 Arrival and registration
    10:0010:15 Welcome by the Lorentz Center
    10:1510:30 Short introduction workshop theme, program and aims by the organizers
    10:3011:15 Introduction round by participants
    11:1513:00 Objective: Not "just" advancing computer science but creating a conversation across disciplines, embarking on a new field of research
    11:1513:00 Journey of the workshop: Why are we having this meeting? What has motivated this work?
    11:1513:00 Plenary session 1. Expressing the goals of the workshop
    13:0014:00 Lunch break
    14:0015:30 Plenary session 2. Brainstorming: Dominat ethics issues arising in cybersecurity:
    15:3016:00 Coffee and tea break
    16:0017:00 Cybersecurity and Social Justice
    17:0017:30 Discussion: What are, at first glance, the main challenges in intersecting disciplinary perspectives, i.e. how to bring the different types of knowledge together? Establishing main questions for the week

    Tuesday 8 December

    Day 2: Technictal Perspectives: Setting Parameters, Sharing Conceptions [Case: AI and Cybersecurity] 


    09:3009:45 Interactive recap of previous day
    09:4510:45 Keynote/tutorial relevant to the day's theme and case
    10:4511:15 Coffee and tea break
    11:1512:30 Short presentations (e.g. junior researchers) or other interactions led by participants
    12:3014:00 Lunch break
    14:0015:30 Discussion groups/ working sessions on case
    15:3016:00 Coffee and tea break
    16:3017:30 Interdisciplinary dialogue/ panel discussion reflecting on the day

    Wednesday 9 December

    Day 3: philosophical and Political perspectives [ case: St Jude Medical] 


    09:3009:45 Interactive recap of previous day
    09:4510:45 Keynote/tutorial relevant to the day's theme and case
    10:4511:15 Coffee and tea break
    11:1512:30 Short presentations (e.g. junior researchers) or other interactions led by participants
    12:3014:00 Lunch break
    14:0015:30 Discussion groups/working sessions on case
    15:3016:00 Coffee break

    Interdisiplinary dialogue/panel discussion reflecting on the day

    16:3016:30 Wrap up/ recap working sessions

    Thursday 10 December

    Day 4: Law, Criminology and Governance [case: Wannacry]


    09:3009:45 Interactive recap of previous day
    09:4510:45 keynote/tutorial relevant to the day's theme and case
    10:4511:15 Coffee and tea break
    11:1512:30 Short presentations (e.g. junior researcher) or other interactions led by participants
    12:3014:00 Lunch break
    14:0015:30 Discussion groups/working sessions on case
    15:3016:00 Coffee and tea break
    16:0016:30 Wrap up / recap working sessions
    16:3017:30 Interdisciplinary dialogue/panel discussion reflecting on the day

    Friday 11 December

    Day 5: Conclusions and Convergence: toward scientific progress and policy advice 


    * The working session will include setting out key areas for development, a timeline for development, and proposed working groups to address each of these areas, including a point of contact for each working group drawn from the workshop participants.

    09:3010:00 Wrap up and steap ahead
    10:0012:30 Working session. Discuss research agenda for the next decade of cybersecurity justice research.
    12:3013:00 Lunch break
    13:3015:00 Final session: keynote + closing panel
    Please login to view the participants information. You have received the log in details in your registration confirmation.

    Kevin Dr Macnish, University of Twente  

    Francien Dechesne, Leiden University  

    Jeroen van der Ham, TU Twente  

    Myriam Dunn Cavelty, ETH Zurich  

    Patrick Tayler Smith, TU Twente  

Follow us on:

Niels Bohrweg 1 & 2

2333 CA Leiden

The Netherlands

+31 71 527 5400