Regulating security on the Internet: control versus trust

ABSTRACT

This article focuses on the role of government in relation to cybersecurity. Traditionally, cybersecurity was primarily seen as a technical issue. In recent years, governments have realised that they, too, have a stake in securing the Internet. In their attempts to grapple with cybersecurity, governments often turn to technical solutions to ‘code away’ illegal or undesired behaviours. ‘Techno-regulation’ has become popular because it may seem to be an effective and cheap way of increasing control over end users’ behaviours and increasing cybersecurity. In this article, we will explain why using techno-regulation has significant downsides and, therefore, why it may be unwise to use it as a dominant regulatory strategy for securing the Internet. We argue that other regulatory strategies ought to be considered as well, most importantly: trust. The second part of this article explains that trust can be used as an implicit strategy to increase cybersecurity or as an explicit mechanism for the same goal.