Canvas White Paper 3 Attitudes and Opinions Regarding Cybersecurity
Social Science Research Network
Executive summary As we rely more and more on information and communication technology, cybersecurity becomes both essential and problematic to our societies. On the one hand, cybersecurity is essential to prevent cyber threats from undermining citizens' trust and confidence not only in the digital infrastructure but in policy makers and state authorities as well. On the other hand, cybersecurity is problematic because enforcing it may endanger fundamental values like equality, fairness,
... y, fairness, autonomy, or privacy. The CANVAS project aims to foster value-driven cybersecurity, with respect to European values and fundamental rights. Its first milestone is to consolidate existing knowledge and data related to cybersecurity in four areas, namely the ethical, legal, empirical, and technological domains. This White Paper summarises currently available empirical data about attitudes and opinions of citizens and state actors regarding cybersecurity. It describes what these stakeholders generally think, what they feel, and what they do about cyber threats and security (counter)measures. For citizens' perspectives, three social spheres of particular interest are examined: 1) health, 2) business, 3) police and national security. This unique synthesis builds on a variety of sources with both quantitative and qualitative data. For citizens' perspectives, our sources include reports from EU projects and Eurobarometer surveys, as well as additional scientific papers. As for state actors' perspectives, they rely essentially on policy documents, as they are the most relevant data available. In the general conclusion, we sum up our main findings and suggest four consequent actions: 1. We need to improve awareness about cybersecurity: more information about current risks and concrete measures should be provided to a broader public. 2. We ought to keep a holistic view on all value-related topics: we should not have to choose between (cyber)security and privacy, or any other value. 3. Most found data relates to general issues of security and privacy; therefore, further empirical research is needed to cover other values, but also to investigate specific issues such as in health or business. 4. In line with the Standard Data Protection Model, three new protection goals should be added to the CIA triad (confidentiality, integrity, availability): unlinkability, intervenability, and transparency. Thus, privacy and security can be mutually reinforcing. Ultimately, working towards value-driven cybersecurity goes beyond adding privacy requirements, although it is a first, significant and welcome step. Both citizens' perspectives and their direct involvement are crucial to enforce fundamental rights in the cyberspace and to contribute to a secure, value-driven information society.