leidensecurityand­globalaffairsblog

Policing in cyberspace: It’s not always the police and not always about enforcing the law!

Policing in cyberspace: It’s not always the police and not always about enforcing the law!

There are indications that undesirable effects emerge with respect to policing cyberspace. It’s not always the police and not always about enforcing the law.

Policing cyberspace is often associated with public police forces. It is well known that it is actually done by various entities. These play a role in the environment that makes up cyberspace (or currently the most prominent part of cyberspace, the Internet). The entities can be considered as nodes providing security resources of in various security networks.

The nodes can be categorized in 6 main groups: Internet users themselves and user groups, virtual environment managers and security, Internet Service Providers (ISP’s), corporate security organizations, non-governmental non-police organizations, governmental non-police organizations and finally, public police organizations.

All the entities in these categories are becoming 'eyes and ears' and setting norms for behavior in cyberspace and the Internet. For instance several user groups are combatting child pornography by searching material and reporting it to the authorities. They are doing so by using contracts, nudging and regulations but also by the use of sanctions. Contracts are for instance used to make sure users are not misusing the provided services or infrastructure and sanctions are mostly in the form of temporary or permanent exclusions. The public police organizations are of course the only ones that lawfully perform investigations under criminal law and that can bring wrongdoers to criminal court.

None of this looks particularly worrying at first sight; it is the same situation as in physical life. When looking closer, however, there are indications that undesirable effects are starting to emerge. These are almost all related to the situations where private, non-governmental entities categorized as ISP’s, corporate security organizations and non-governmental non-police hybrids are: 1) a dominating (monopolist) party in providing services or infrastructure, and 2) the services and infrastructure they provide have become essential to the existence of their clients.

This means these non-governmental entities can, using their market domination and the impossibility of their clients to substitute these services, impose sanctions that can make the existence of some people and organizations almost impossible. This is even possible in cases where it is not at all clear these people or organizations are conducting illegal or criminal behavior. One thing is certain, some of security resource providing entities think the client’s behavior is unwanted and should be eliminated.

The driving force of non-public security providers is profit, and not necessarily the public interest. The question is therefore whether the process of excluding individuals, businesses and organization from vital services should meet certain standards or regulations to become more transparent. This would enable legal scrutiny and democratic control. We might as well try to arrange this before the situation gets out of hand.