Protecting digital systems and being resilient to computer hacking are not new concepts.  But the implications of cyber security (‘cyber’, in the lingo) have recently exploded.   

Cyber security is increasingly a national security matter; think: cyber-attacks against critical infrastructure or military equipment (like power grids and satellites). Global media is full of warnings that cyber threats to elections are coming “fast and furious” and include everything from sabotaged electronic voting systems to “social media botnet amplification”.  The economy is dependent on the integrity of the financial system, which increasingly requires strong security.

Not to mention how “the Internet of Things” has made the inherent insecurity of computers go super-nova, the subject of security expert Bruce Schneier’s new book, Click Here to Kill Everybody. Because of the vast compounding of computer vulnerabilities that get linked through “the Internet of Things”, it’s more than data that is at stake, it’s lives (think of the computerization of cars, and what happens when a single remote hack could make all cars of the same make and model run off the road at the same time).

Many countries are responding to these threats, including Canada, which has a new National Cyber Security Strategy.  It is critically important that our cyber security be effective.  And it’s critical that the approach be one that also upholds civil liberties and human rights. Wherever security threats loom, the government’s “extraordinary” powers often undermine personal security in the name of “national security.” Examples of over-reach of security in the digital realm are clear, and notably highlighted in the case of National Security Bill C-51, and in the current Bill C-59.

What does Rights Protective Cyber look like? 

That’s a question we’ll be exploring at the Canadian Cyber-Security Dialogue in Ottawa on November, 8^th.

Three of the proposals we’ll be advancing:

1. Cyber strategies should focus on defensive purposes, not offensive cyberattacks;
2. Cyber threats should not be used to expand domestic surveillance powers;
3. Cyber security initiatives need genuine oversight and more transparency.