The report, with its findings, was published last week. It is meant to bolster the argument in favour of a specific new law on that issue.
The document is not always easy reading. As happens with similar reports, it often falls into the temptation of verbosity and vagueness, occasionally approaching a threshold of incomprehensibility except, maybe, for the process insiders. The definition of the topic under discussion is a good example. The consultation document defines cyber security as:
‘Permanent and multi-sectoral activity aiming at ensuring the security of essential informatics networks, used by the operators of critical infrastructures, so as to preserve the integrity, confidentiality and availability of data circulating thereof and to prevent the networks from being stricken by incidents or unauthorised acts, namely the acquisition, invasion, usage, control, interference, exposure, damage, alteration and destruction.’
Possibly not many people can endure with indifference such a contrived ‘definition’. This may not seem too important. But unclear language is a source of misunderstanding and confusion. It impairs and is an obstacle to a rational and levelheaded discussion of any matter where it erupts. In issues that may touch on privacy and fundamental freedoms, as is the case of the one under consideration here, such obscurity may be especially damaging.
Compare this with the definition provided, for example, by the National Cyber Security Centre in the United Kingdom. Cyber security is the ‘the protection of devices, services and networks — and the information on them — from theft or damage.’
How much easier it is to understand what this is about. In fact, it is a matter of interest to anyone who has access to and uses computer networks. Of course, the scope here is narrower and seems to focus (exclusively?) on national security aspects – albeit in ways that are not always clearly defined.
Where the document fails more fundamentally, however, is on another issue. Nowhere does it indeed make a case for the new law and explain why the existing ones – on online criminality and national security – are inadequate, and there is, as argued, a ‘legal void’. That is doubly disconcerting, as neither the need nor the exact aims can be well discerned. Nonetheless, the Executive Council rushed this week to the discussion of a law proposal, signalling an also inexplicable urgency.