Hardly a day goes by that the media do not confront us with headlines on the latest breaches, hacks, and attacks, whether political, criminal, or both and which effect all areas of society. Many of these attacks are not even new, but sometimes years old and have only recently been discovered and reported. It is therefore reasonable to assume that there are many security breaches that we don’t know about and perhaps, for various reasons, never will. At least with regard to what we do know, the cost of cybercrime and cyber attacks has been estimated in the hundreds of billions of dollars, quite apart from the other damaging effects, for example, loss of trust in the effectiveness of our law enforcement and security institutions. It has become apparent that traditional law enforcement and security measures do not work when it comes to preventing or combatting cyber-warfare, cyber-crime, and cyber-terrorism. For example, it is often difficult to find the scene of the crime, the weapons or tools used in the crime, to assess the damage done, or determine who is responsible. And even if it is possible to find out who did it, this information is mostly useless. One is left with the impression that despite enormous efforts by law enforcement and security institutions, cybercriminals and hackers move through our networks with impunity.
Of course, there are many reasons for this, including our own negligence. We ourselves, whether it be infrastructure and software providers or users are often a major part of the problem. The state of simple and normal “digital hygiene,” such as updates, anti-virus software, strong passwords, and so on is so deplorable that it makes you WANNACRY.
What can we do? Whereas new technologies of trust by design and new networked organizational models are slowly becoming focuses of interest for cyber security solutions, legal and ethical proposals seem not to have moved beyond positions developed in the bygone industrial era. The digital transformation seems not to have changed much in our conceptions of what security means and how freedom, autonomy, and human dignity are to be preserved in the information age. Although ethics and discussions of values and norms may appear of only incidental significance when standing on the front in the struggle against cyber-crime, cyber-warfare, and cyber-terrorism, they play a very important role in the foundational regulative frameworks that condition law enforcement and security strategies. For this reason, it is perhaps time to take a critical look at ethics with regard to cyber security.
If values and norms do not come from God or his representatives on Earth – including pure reason –, and if they are not hardwired into our DNA, then it is at least plausible that they emerge from the interactions of social actors. What has become apparent in the digital era is that technologies, artifacts, and non-humans must also be considered to be social actors. Non-humans have become our partners in constructing social order. This means that the “affordances” of information and communication technologies (ICTs), contribute to our norms and values. It is the network as a whole that is the actor and the actor is always a network. Let us therefore ask: What do networks want? What are the norms inherent in the affordances of ICTs?