Home > Essay examples > Regulating Internet Security: Control vs. Trust – Benefits of Trust Over Techno-Regulation

Essay: Regulating Internet Security: Control vs. Trust – Benefits of Trust Over Techno-Regulation

by

Essay details and download:

  • Subject area(s): Essay examples
  • Reading time: 12 minutes
  • Price: Free download
  • Published: 23 February 2023*
  • Last Modified: 22 July 2024
  • File format: Text
  • Words: 3,498 (approx)
  • Number of pages: 14 (approx)

Text preview of this essay:

This page of the essay has 3,498 words.



Jin Chang

February 11, 2018

INFO 450: Critical Essay

Regulating security on the Internet: control versus trust

PART 1

Over the past decade, as the internet has become fully integrated within society, internet security has become an increasingly crucial topic. Currently, the government firmly believes in the idea of having more control over the internet results in more security. They embrace this idea represented in form of a strategy called techno-regulation. The authors, Bibi Van den Berg and Esther Keymolen contest against this idea by exploring the fundamental flaws of techno-regulation. They introduce the advantages of considering other regulatory strategies, more specifically: trust.  In their article, van den Berg and Keymolen expands on how techno-regulation is implemented and how it's implementation affects users while presenting other alternative strategies.

According to van den Berg and Keymolen (2017), although techno-regulation results in an increase in compliance (p. 4), it is not transparent. The authors assert that the users are unaware when they are being regulated and what rules or norms are being implemented. They state, "Citizens need to know under which rule (laws, standards, institutional frameworks) they live and need to be able to hold government accountable for the proper implementation of laws and law enforcement that government executes on their behalf" (van den Berg & Keymolen, 2017, p. 5). Without the knowledge of what rules are being implemented, accountability becomes an issue as well as impinges on the user's rights. Van den Berg and Keymolen's (2017) article states, "If end users do not know that their actions are regulated by specific architectures, they have no possibility to question, appeal or object to this" (p. 5). With more control, users are ignorant to how their internet is being regulated and in turn accountability and their right to appeal becomes skewed. Van den Berg and Keymolen further argue that it is debatable to whether techno-regulation targets the correct audience.

Techno – regulation prevents users from making mistakes that can harm their own security and others but, it does not apply to intentional attackers. According to van den Berg and Keymolen's (2017) article:

While it is true that techno-regulation may prevent end users from making mistakes that can have a negative effect on their own cybersecurity or that of other, using this strategy will not weed out the biggest threat to security: that of intentional attackers. (p. 6)

Since techno-regulation has a high level of compliance, users almost always comply with the implemented norm which prevents engaging in risky behaviors. However, intentional attackers are different. They make it their goal to locate weaknesses in systems and exploit them to their benefits. Van den Berg and Keymolen (2017) further explains, "Techno-regulation interventions . . . have no effect on those who intentionally seek to exploit vulnerabilities in it" (p. 6). Since intentional attackers do not follow the implemented norms this strategy does not provide more cybersecurity. Rather, instead of affecting cyber criminals, it is the end users who face the negative consequences. Authors, van den Berg and Keymolen (2017) assert in their article:

In contrast, techno-regulatory interventions may have negative effects for end users, because they limit and shape their action space. So, while techno-regulatory interventions may promise more control and more cybersecurity . . . end users pay a price in terms of their freedom to act. (p. 14, 15)

Van den Berg and Keymolen address that the only party being affected by techno-regulation is the users. This strategy restricts them of their action space and costs them their freedom.

Based upon the flaws that both authors present it can be clearly inducted that the assumption of having more control does not necessarily result in more cybersecurity. Instead, the authors focus upon the negative consequences it has on end users. As Keymolen and van den Berg brings to light the major flaws of techno-regulation, they introduce the idea of trust being the key element to increasing cybersecurity.

The advantage of trust is that experts are not the only individuals to regulate the internet but, every user is an integral part of regulating it. In their article, Keymolen and van den Berg (2017) state, "For example when the public is actively asked to call if they see something suspicious, they become the deputy sheriffs of the police" (p. 12). By trusting in citizens to report and react to any suspicious actions they themselves are securing their own internet while enjoying the freedom to act. Unlike techno-regulation which comes with the cost of losing one's freedom, trust is the opposite. Another advantage of trust is that, ". . . when there is (mutual) trust, this uncertainty is neutralized and risk management measures and costs of address damaging, opportunistic or hostile behavior can be avoided (cf. Möllering 2006, 26-29)" (van den Berg & Keymolen, 2017, p.8). By having trust, risks and uncertainties can be neutralized without removing them. Van den Berg and Keymolen support that trust can achieve what techno-regulation cannot and that would be neutralizing intentional attackers. Based on the facts presented, it can be concluded that as trust is implemented users have a secure network that they are aware of and are able to maintain their freedom.

By presenting the arguments, I can condense van den Berg's and Keymolen's argument like this:

Premise 1: Users are unaware to when and what norms and rules are being regulated which interferes with the users right to speak up and hold the government accountable.

Premise 2: Techno-regulation has no effect on intentional attackers.

Premise 3: Users are the ones who pay for the negative consequences.

Sub Conclusion: Therefore, having more control does not lead to more cybersecurity and new alternative strategies must be considered

Premise 4: With trust, users are in charge of their own security, allowing users to enjoy freedom

Premise 5: Trust strategies would neutralize uncertainties and in turn create an efficient way of regulating the internet.

Conclusion: When trust is fully implemented we can see the benefits that far exceed techno – regulation as it regulates without intruding upon the user's freedom.

PART 2

  I found van den Berg's and Keymolen's article to be clearly conveyed and conclusive especially when they contest about the topic of control. The article provides sufficient evidence to support their premises. As a reader, I am strongly convinced on their stance regarding how control does not increase cybersecurity however, there is one specific aspect of their argument that I cannot completely agree with.

  While I do understand the idea of implementing trust in users to regulate cybersecurity, I cannot not wholeheartedly agree with Premise 5. I can agree that by implementing trust the users do not lose their freedom to act unlike with techno-regulation. However, freedom can likewise infer that users can accidently harm other users or themselves. With techno-regulation it prevented users from accidently injuring themselves and other users unknowingly but, once this strategy is removed wouldn't this problem occur? Van den Berg and Keymolen reference that by having mutual trust we would create a community where we would know who is secure and who is not but, how do we actually recognize who is really secure? I believe that van den Berg and Keymolen should have defined how trust in users is practical within this security strategy. Such as, what plans in place to prevent users from hurting themselves and others. How to regulate security if the users lack certain skills to manage their security? As well as what plans are in place if cyber criminals falsely disguise themselves as regular end users and try to exploit vulnerabilities from within. As stated previously intentional attackers purposefully try to identify weaknesses to break them down. There are multiple flaws with the trust strategy that van den Berg and Keymolen do not address and can result in a fallible security.

  To me, premise 5 is too vague and is the most problematic one presented as there are no set measures in place to neutralize risks or threats. Unlike van den Berg and Keymolen's description on how techno-regulation regulates the internet, the trust strategy's countermeasures against threats are ambiguous and are not clearly defined. Although the authors provide a clearly defined history of how trust was implemented within several strategies over time, it does not convince me that a trust strategy is beneficial. It is too non-descript to make Premise 5 a solid premise. Without a firm grasp on what the trust strategy blueprint is how can we firmly apply it as well as recognize that it is a better solution compared to techno-regulation. There are users who have the necessary skills to manage and regulate security but, we cannot automatically assume that everyone has the same skills. Likewise, this applies to being unable to recognize who each user is. The issue with an online community is that it is difficult to recognize if the person is who they say they are or if they are just outright lying. In order for trust to function as a security we must trust in the users to know what they are doing as well as trust them to be who they say they are. I believe that the ambiguity of putting wholeheartedly in the user is what makes it the most damaging criticism to van den Berg and Keymolen's argument.

  The authors do address counterarguments to provide strong credibility against utilizing more control over the internet and pushing toward resorting to alternative strategies. However, I believe that their arguments could have been strengthened if the authors explicitly mentioned some references to current strategies implementing trust from larger contexts as well as define how trusting in users can be possible. From my perspective, when the authors discussed the idea of trust with respect to security it felt like a theory rather than a strategy. If the authors define trust as a strategy rather than a theory I believe it would have made their argument for considering trust as a security strategy to be solid.

 

PART 3

  I firmly hold onto to the position that the details regarding how putting our trust in user to be regulators to be the controversial point of van den Berg's and Keymolen's argument. It is the area where the argument is both ambiguous and lacks strong credibility to support that the trust strategy is both secure and preferred method of security. However, van den Berg and Keymolen would likely argue otherwise.

  They would argue that the general layout of how trust would be implemented would be to rely on a community of users to report and regulate the security. They state in their article, ". . . when governments call upon citizens to report suspicious situations, they trust citizens to be aware and react quickly by calling the number and report what they have seen" (van den Berg & Keymolen, 2017, p.13). However, the flaw I noticed to this layout is that we have to trust in the users to know what they are reporting as well as have the capabilities that are required to manage cyber security. In response to my arguement, the authors would likely contest that although the flow of information may not be the preferred information it is still more information collected than by a professional. There are some things that a user can catch that a professional user would miss. The authors, Keymolen and van den Berg would likely infer that the lack of skills that users do not have would not necessarily be an issue as I depict it would be rather it can be a good thing.  

Keymolen and van den Berg would most likely respond that professional regulators would filter information they see and could filter out information that normally would be harmless but, could be important. However, users are different they would more cautious and especially susceptible to reporting even miscellanies information that could prove to be useful. With more users within the community contributing to regulating the security there would be an increase in information provided. It may not be quality information but, in these contexts, quantity would be better than quality. A clue as to how Keymolen and van den Berg would respond is found in a reference article, where Keymolen (2016) states, "There is never enough information to give assurance and let complexity dissolve. Trust reduces complexity; it does not take it away" (p.45). Too little information would be a cause for worry but, with an abundance of information there would be less to worry about. Both authors would argue that when implementing trust, the issue of user expertise would not be a problem rather it would have the opposite effect.

  Another flaw I that I pointed out was the issue of user identity becoming an issue. As stated before within an online community it is difficult to determine who is who based upon their user account. Then, how are we to trust users to secure and regulate the internet when we are unsure about their identity? Keymolen and van den Berg would likely contest against this argument by stating that a peer to peer security can be applied. Where users rate one another based on their interaction which in turn determines how reliable and trustworthy they are. A clue as to how Keymolen and van den Burg may respond is found in their article, where both authors state:

Some platforms, such as Airbnb, go a step further and enable their users to 'flag' other people. On any moment in the interaction on Airbnb, users have the possibility to click on a flag when they believe something is suspicious or inappropriate. Airbnb investigates each flag on a case-by-case basis. (Keymolen & van den Berg, 2017, p. 14)

They would most like contest my argument by utilizing Airbnb as an example to help clarify how trust can be utilized to weed out disguised cyber criminals as well as determine how trustworthy a user is. Keymolen and van den Berg would most likely argue that by allowing the community to detect and determine suspicious activity they would also inadvertently be resolving the issue of user identity issues. Users would not be on the lookout for suspicious activities, but they would be monitoring user behaviors as well. Keymolen and van den Berg would probably assert that if users find a user's behavior to abnormal then, they would have the ability to contact administrators to look into the matter by flagging them in reference to Airbnb's security framework. The authors, Keymolen and van den Berg would likely further support their argument be referencing de Laat's article, "Trusting Virtual Trust". De Laat (2005) states:

A shows him/herself prepared to act on the presumption, B is trustworthy and B will continue to prove him/herself to be so . . . My act of trusting reliance effectively provides the other with an incentive to behave reliably. (p.168)

Keymolen and van den Berg would agree with de Laat's thoughts and explain that the trust strategy would be implementing the idea that if users trust and rely on one another then it would promote an environment where users would behave accordingly. They would address that trust between virtual strangers is not impossible and as such regulating the web by allowing users to be the regulators would be realistic.

Overall, the authors, Keymolen and van den Berg would likely argue that trust in the users

is not impossible within an online community. Even though users may not know each other in reality it is possible to trust one another thus, making a trust-based security strategy feasible. If users rely and trust one another then, other users will follow that same example and create an efficient method of securing the internet. Authors, Keymolen and van den Berg would probably assert that a security where users are the regulators would be more efficient as they would not filter out any information unlike how professionals would act.

PART 4

In contrast to what Keymolen and van den Berg believe, I still do not completely

agree that the idea of trusting users to be the regulators to be possible. Keymolen and van den Berg may argue that if users act with reliance and trust in users then, other users will follow their lead. However, I feel that this idea would only apply to the majority but, not all of the community. Likewise, if perhaps users are regulators within the community and they find some suspicious activities or abnormal user behaviors would this not be similar in respect to techno-regulation? If users are to monitor other users, then would this not also be intruding upon another user's privacy? Keymolen and van den Berg stated that trust would be implemented in a manner where users would be monitoring and securing their own cybersecurity. Previously, Keymolen and van den Berg stated that information is collected by users and that information is filtered by trustors which would infer that a certain degree of privacy is being intruded upon (2017, p. 13).

I disagree with Keymolen's and van den Berg's argument of how the behavior of the

community would be set by users who act with reliance and trust. Pettit (2004) states:

I may not have very much solid evidence available about that person over the Internet-deception is not easily detectable-but there is nothing to block the possibility that what evidence I have make it rational for me to rely on their doing this or that; what evidence I have makes that a rational gamble. (p. 117)

As Pettit explains we do know who the users are, nor what their personality is like so by trusting in users to regulate the internet is like taking a gamble. A gamble that at least one of the users is not secretly an intentional attacker who is under the guise of a normal user persona. Pettit addresses an interesting point that I wish to point out. He states:

The striking thing about Internet contact is that it does not allow me to avail myself of such bodies of evidence, whether of face, frame, or file. The contact whose address and words reach my screen is only a virtual presence, albeit a presence I may dress up in the images that fantasy supplies . . . There won't be any way of tracking that person for sure, since a given person may assume many addresses and the address of one person can be mimicked by others. (Pettit, 2004, p.118)

How can we firmly rely and trust a user is who they say they are when some users can have multiple different accounts? Pettit raises a great point regarding an online community, we can create multiple internet personas and without knowing them outside of the online environment we cannot truly know who they really are. A user in an online environment is as Pettit states a "spectral presence" and it is difficult to determine where they come from or connect with them (2004, p.118). This brings me be back onto the topic of not being able to agree one-hundred percent with Keymolen's and van den Berg's argument of trusting in users.

I do agree a bit with the idea that users can be more susceptible to noticing activities that

Professionals may miss and would report them. However, I cannot wholeheartedly agree with Keymolen's and van den Berg's argument entirely. Keymolen and van den Berg state in their article, ". . . trust citizens to be aware and react quickly" but what if the case is that they do not recognize what is considered suspicious activity (2017, p.13). If users are unable to recognize between what behaviors may signal as being suspicious and normal user behavior, then how would trusting users to be internet regulator be efficient? Nissembaum (2001) states, "Trust would invigorate the online world; suspicion and insecurity would sap its vibrancy and vitality" (p.102). Trust would be effective if all users have the similar level of expertise however, the reality is that not all users do so, a flaw is that users can be overtly be suspicious.

Keymolen and van den Berg assert that trust is much more efficient in securing and

regulating cyberspace compared to techno-regulation. It grants users their freedom to act and secure their own security. I agree that unlike techno-regulation where it strips users of their freedom, trust does grant users their freedom. But, I cannot agree that a security strategy based on trust is more efficient when there are significant areas where trusting in users can lead to several complications. I cannot agree with Keymolen's and van den Berg's argument for there are several issues that can interfere with implementing the trust strategy efficient: user identity and the user's level of skill.

Reference:

Bibi van den Berg & Esther Keymolen (2017) Regulating security on the

Internet: control versus trust, International Review of Law, Computers & Technology, 31:2, 188-205, DOI: 10.1080/13600869.2017.1298504

http://dx.doi.org/10.1080/13600869.2017.1298504

de Laat, Paul. 2005. "Trusting Virtual Trust." Ethics and Information Technology 7: 167-

180. doi: 10.1007/s10676-006-0002-6

Keymolen, Esther. 2016. Trust on the Line. A Philosophical Exploration of Trust in the

Networked Era. Den Hague: Wolf Legal Publishers.

Nissenbaum, Helen. 2001. "Securing Trust Online: Wisdom or Oxymoron?" Boston

University Law Review 81: 101-131.

Pettit, Philip. 2004. "Trust, Reliance and the Internet." Analyse & Kritik 26: 108-121.

doi: 10.1515/auk-2004-0106

About this essay:

If you use part of this page in your own work, you need to provide a citation, as follows:

Essay Sauce, Regulating Internet Security: Control vs. Trust – Benefits of Trust Over Techno-Regulation. Available from:<https://www.essaysauce.com/essay-examples/2018-3-11-1520730519/> [Accessed 11-04-26].

These Essay examples have been submitted to us by students in order to help you with your studies.

* This essay may have been previously published on EssaySauce.com and/or Essay.uk.com at an earlier date than indicated.

NB: Our essay examples category includes User Generated Content which may not have yet been reviewed. If you find content which you believe we need to review in this section, please do email us: essaysauce77 AT gmail.com.