PDF Security and Law Legal and Ethical Aspects of Public Security Cyber Security and Critical Infrastructure Security Anton Vedder Ebook Full Chapter

Security And Law: Legal And Ethical
Aspects Of Public Security, Cyber

Security And Critical Infrastructure
Security Anton Vedder
Visit to download the full and correct content document:
https://textbookfull.com/product/security-and-law-legal-and-ethical-aspects-of-public-s
ecurity-cyber-security-and-critical-infrastructure-security-anton-vedder/
More products digital (pdf, epub, mobi) instant
download maybe you interests ...
Cyber Security Erickson Karnel
https://textbookfull.com/product/cyber-security-erickson-karnel/
Critical infrastructure : homeland security and

emergency preparedness Fourth Edition. Edition Allan
Mcdougall
https://textbookfull.com/product/critical-infrastructure-
homeland-security-and-emergency-preparedness-fourth-edition-
edition-allan-mcdougall/
Cyber Security Power and Technology Martti Lehto
https://textbookfull.com/product/cyber-security-power-and-
technology-martti-lehto/
Cyber Security Intelligence and Analytics Zheng Xu
https://textbookfull.com/product/cyber-security-intelligence-and-
analytics-zheng-xu/
Cyber Security Cryptography and Machine Learning Itai
Dinur
https://textbookfull.com/product/cyber-security-cryptography-and-
machine-learning-itai-dinur/
Cyber Security in Critical Infrastructures A Game

Theoretic Approach Stefan Rass
https://textbookfull.com/product/cyber-security-in-critical-
infrastructures-a-game-theoretic-approach-stefan-rass/
Principles of Computer Security: CompTIA Security+ and

Beyond Conklin
https://textbookfull.com/product/principles-of-computer-security-
comptia-security-and-beyond-conklin/
Socio-Political Order and Security in the Arab World:

From Regime Security to Public Security 1st Edition
Andreas Krieg (Auth.)
https://textbookfull.com/product/socio-political-order-and-
security-in-the-arab-world-from-regime-security-to-public-
security-1st-edition-andreas-krieg-auth/
Handbook of System Safety and Security Cyber Risk and

Risk Management Cyber Security Threat Analysis
Functional Safety Software Systems and Cyber Physical
Systems 1st Edition Edward Griffor
https://textbookfull.com/product/handbook-of-system-safety-and-
security-cyber-risk-and-risk-management-cyber-security-threat-
analysis-functional-safety-software-systems-and-cyber-physical-
SECURITY AND LAW
SECURITY AND LAW
Legal and Ethical Aspects of Public

Security, Cyber Security and
Critical Infrastructure Security
Anton Vedder
Jessica Schroers
Charlotte Ducuing
Peggy Valcke
(eds.)
Cambridge – Antwerp – Chicago

Intersentia Ltd
Sheraton House | Castle Park
Cambridge | CB3 0AX | United Kingdom
Tel.: +44 1223 370 170 | Fax: +44 1223 370 169
Email: mail@intersentia.co.uk
www.intersentia.com | www.intersentia.co.uk
Distribution for the UK and Ireland:

NBN International
Airport Business Centre, 10 Thornbury Road
Plymouth, PL6 7 PP
United Kingdom
Tel.: +44 1752 202 301 | Fax: +44 1752 202 331
Email: orders@nbninternational.com
Distribution for Europe and all other countries:
Intersentia Publishing nv
Groenstraat 31
2640 Mortsel
Belgium
Tel.: +32 3 680 15 50 | Fax: +32 3 658 71 21
Email: mail@intersentia.be
Distribution for the USA and Canada:
Independent Publishers Group
Order Department
814 North Franklin Street
Chicago, IL60610
USA
Tel.: +1 800 888 4741 (toll free) | Fax: +1312 337 5985
Email: orders@ipgbook.com
Security and Law. Legal and Ethical Aspects of Public Security, Cyber Security and
Critical Infrastructure Security
© Anton Vedder, Jessica Schroers, Charlotte Ducuing en Peggy Valcke (eds.) 2019
First published in hardcover in 2019, ISBN 978-1-78068-889-3

PDF edition, 2019
The editors have asserted the right under the Copyright, Designs and Patents Act 1988, to be
identified as editors of this work.
No part of this book may be reproduced, stored in a retrieval system, or transmitted, in any form,
or by any means, without prior written permission from Intersentia, or as expressly permitted by
law or under the terms agreed with the appropriate reprographic rights organisation. Enquiries
concerning reproduction which may not be covered by the above should be addressed to Intersentia
at the address above.
Cover image: Thatsaphon Saengnarongrat / Alamy Stock Photo
ISBN 978-1-78068-890-9
NUR 827
British Library Cataloguing in Publication Data. A catalogue record for this book is available from
the British Library.
CONTENTS
List of Contributors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiii
Chapter 1.
Introduction: Security and Law in a Digitizing World
Charlotte Ducuing, Jessica Schroers and Anton Vedder . . . . . . . . . . . . . 1
Chapter 2.
Safety, Security and Ethics
Anton Vedder . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
2. Definitions and distinctions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
3. Security and safety as values in ethics and normative political theory . . 15
4. Security and safety in conflict . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
5. Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
Acknowledgement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
Bibliography . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
Chapter 3.
National and Public Security within and beyond the Police Directive
Plixavra Vogiatzoglou and Stefano Fantin . . . . . . . . . . . . . . . . . . . . . . . 27
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
2. The scope of the Data Protection Law Enforcement Directive . . . . . . . . . . 29
3. Security in international law . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
3.1. Theoretical bases from philosophy of law . . . . . . . . . . . . . . . . . . . . . . 32
3.2. International law . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
3.3. Council of Europe . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
4. Security in European Union law . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
4.1. EU treaties . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
4.2. Jurisprudence on security as derogation . . . . . . . . . . . . . . . . . . . . . . . 41
4.3. EU Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
4.4. Security and personal data in secondary EU law . . . . . . . . . . . . . . . . 44
4.5. EU Member States . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
5. Competent authorities under the DPLE Directive . . . . . . . . . . . . . . . . . . . . 48
5.1. General guidance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
Intersentia v
Contents
5.2. National implementation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51

United Kingdom . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
Republic of Ireland. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52
Italy. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53
Belgium . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55
France . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56
Germany . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56
6. Conclusions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57
Acknowledgement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59
Bibliography . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59
Chapter 4.
Criminal Profi ling and Non-Discrimination: On Firm Grounds for
the Digital Era?
Laurens Naudts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63
2. Criminal and algorithmic profi ling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65
3. The Law Enforcement Directive: special categories of data as non-
discrimination grounds . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67
4. Equality and non-discrimination in the European Convention of
Human Rights . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73
4.1. Discrimination grounds and the European Court of Human
Right’s case law . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75
4.2. Ground or status: a divergent approach by the ECtHR . . . . . . . . . . . 76
4.3. Recent illustrations: settling on the past? . . . . . . . . . . . . . . . . . . . . . . 79
4.4. Big data profi ling: new grounds? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80
4.5. Differential treatment: reasonable and objective justification . . . . . 84
4.6. Ethnic profi ling: an example? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88
5. Future research . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90
6. Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92
Bibliography . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94
Chapter 5.
Operationalization of Information Security through Compliance with
Directive 2016/680 in Law Enforcement Technology and Practice
Thomas Marquenie and Katherine Quezada . . . . . . . . . . . . . . . . . . . . . . 97
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97
2. Principles of information security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98
2.1. Confidentiality . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100
2.2. Integrity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101
2.3. Availability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102
3. Information security in data protection for law enforcement . . . . . . . . . 103
vi Intersentia
Contents
3.1.
The EU legal framework on cybersecurity and data protection . . . 104
3.2.
Data protection principles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 108
3.3.
Data processing obligations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 110
3.4.
Data protection impact assessment. . . . . . . . . . . . . . . . . . . . . . . . . . . 112
3.5.
Reporting of data breaches and supervisory oversight . . . . . . . . . . 113
3.6.
Representation of IS requirements in the DPLE . . . . . . . . . . . . . . . . 114
3.7.
The scope and purpose of information security and data
protection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115
4. Operationalization of security in law enforcement . . . . . . . . . . . . . . . . . . 119
5. Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122
Acknowledgement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124
Bibliography . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124
Chapter 6.
Protecting Human Rights through a Global Encryption Provision
Danaja Fabčič Povše . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129
2. Encryption, (cyber)security and human rights. . . . . . . . . . . . . . . . . . . . . . 131
3. Fragmented provisions in international human rights law. . . . . . . . . . . . 137
3.1. General human rights framework. . . . . . . . . . . . . . . . . . . . . . . . . . . . 137
3.2. Security measures and standards in data protection laws . . . . . . . 140
3.2.1. European Union (EU). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 140
3.2.2. Convention no. 108 of the Council of Europe . . . . . . . . . . . 143
3.2.3. Economic Community of West African States (ECOWAS) . . 144
3.2.4. Asia-Pacific Economic Cooperation (APEC) . . . . . . . . . . . . 144
3.3. Recommendations of expert bodies . . . . . . . . . . . . . . . . . . . . . . . . . . 145
3.4. Other upcoming initiatives by regional organisations . . . . . . . . . . 148
4. Enabling global encryption obligations in the absence of specific
treaty provisions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 149
4.1. Option 1 – a global treaty with encryption requirements . . . . . . . . 149
4.2. Option 2a – globalisation by means of accession . . . . . . . . . . . . . . . 151
4.3. Option 2b – globalisation by GDPR’s ‘adequate protection’
standard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 151
4.4. Option 3 – maintain the status quo . . . . . . . . . . . . . . . . . . . . . . . . . . 153
5. Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 153
Acknowledgement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 154
Bibliography . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 154
Chapter 7.
Identity Management and Security
Jessica Schroers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 161
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 161
2. What is identity management? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 162
Intersentia vii
Contents
2.1. Attributes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 162

2.2. Credentials . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 163
2.3. PKI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 163
2.4. Identity management systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 164
2.5. Levels of Assurance (LoA) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 166
3. Examples of different systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 167
4. Security obligations for users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 171
4.1. Exclusive control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 171
4.2. Notification obligation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 173
4.3. No longer using electronic identification means in case of
withdrawal/revocation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 173
4.4. Secure environment. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 174
5. Can and should users be responsible? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 175
6. Some aspects to take into account. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 177
7. Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 179
Bibliography . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 180
Chapter 8.
Towards an Obligation to Secure Connected and Automated Vehicles
“by Design”?
Charlotte Ducuing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 183
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 183
2. Technological developments in CAM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 186
2.1. Increased connectivity of vehicles. . . . . . . . . . . . . . . . . . . . . . . . . . . . 186
2.2. Driving automation, towards vehicle autonomy . . . . . . . . . . . . . . . . 188
3. Overview of vehicle technical regulations and type-approval
legislation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 190
3.1. EU type-approval process legislation in a nutshell. . . . . . . . . . . . . . 190
3.2. The proposal for a General Safety Regulation: cybersecurity as
part of safety requirements. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 192
3.3. The UNECE mandate to develop vehicle technical regulations . . . 193
4. Legal analysis of the proposed recommendations of UNECE on
cybersecurity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 194
4.1. An extensive interpretation of ‘the CAM vehicle’ in space . . . . . . . 194
4.2. Extending the scope of vehicle technical regulations to the
whole lifecycle of vehicles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 196
4.3. Extension of the scope of technical regulation to the
manufacturer’s organization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 198
5. Is type-approval legislation fit for the purpose of securing CAM
vehicles? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 200
5.1. Where technical regulation calls for further regulation of the
manufacturer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 201
5.2. A limit of type-approval legislation: the integration of the
CAM vehicle in its spatial environment. . . . . . . . . . . . . . . . . . . . . . . 204
viii Intersentia
Contents
6. Implications of the analysis beyond type-approval legislation . . . . . . . . 207

6.1. The extension of the role as manufacturer… or an emerging
role as fleet operator? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 208
6.2. Consequences for liability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 209
7. Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 211
Bibliography . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 211
Chapter 9.
The Cybersecurity Requirements for Operators of Essential Services
under the NIS Directive – An Analysis of Potential Liability Issues from
an EU, German and UK Perspective
Daniela Brešić . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 215
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 215
2. The scope of CI protection on an EU and national level . . . . . . . . . . . . . . 217
2.1. The EU regulatory Framework of CI protection compared to
the scope of the NIS Directive . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 217
2.2. The scope of CI protection from the German perspective . . . . . . . 220
2.3. The scope of CI protection from the UK perspective. . . . . . . . . . . . 221
3. The security requirements and incident notification for operators of
essential services from an EU and national perspective . . . . . . . . . . . . . . 223
3.1. The security requirements and incident notification set out by
the NIS Directive, Article 14 and 15 . . . . . . . . . . . . . . . . . . . . . . . . . . 223
3.2. The security requirements set out by the German BSI Act,
section 8, 8a and 8b BSI Act . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 224
3.3. The security requirements set out by the UK NIS Regulation,
section 10 and 11 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 226
4. Deliberations on liability issues from an EU and national perspective . 228
4.1. The uncertain meaning of the NIS Directive, Article 14 NIS
Directive . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 228
4.2. The national implementation of Article 14 NIS Directive from
an UK and German perspective . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 230
4.3. The problem of fault / the burden of proof . . . . . . . . . . . . . . . . . . . . 233
4.4. State liability in the context of CI . . . . . . . . . . . . . . . . . . . . . . . . . . . . 234
5. Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 235
Bibliography . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 237
Chapter 10.
The ‘by Design’ Turn in EU Cybersecurity Law: Emergence, Challenges
and Ways Forward
Domenico Orlando and Pierre Dewitte . . . . . . . . . . . . . . . . . . . . . . . . . 239
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 239
2. Decoding ‘security by design’: a tale of ‘security’ and ‘design’ . . . . . . . . . 239
Intersentia ix
Contents
3. The ‘by design’ turn in the European legislative framework . . . . . . . . . . 241

3.1. Integrating legal requirements in the soft ware development
lifecycle . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 241
3.2. Data protection (and security) by design in the GDPR . . . . . . . . . . 243
3.3. Security by design in Regulation 45/2001 . . . . . . . . . . . . . . . . . . . . . 245
3.4. Security by design in the new Cybersecurity Act Regulation . . . . 245
3.5. Security by design in the IoT sector . . . . . . . . . . . . . . . . . . . . . . . . . . 246
4. Challenges of the ‘by-design’ approach . . . . . . . . . . . . . . . . . . . . . . . . . . . . 247
4.1. A call for interdisciplinarity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 247
4.2. Specific challenges of security by design . . . . . . . . . . . . . . . . . . . . . . 248
4.3. The interaction between SbD and DPbD . . . . . . . . . . . . . . . . . . . . . . 249
5. Conclusions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 250
Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 250
Bibliography . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 250
Chapter 11.
Promoting Coherence in the EU Cybersecurity Strategy
Alessandro Bruni . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 253
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 253
2. The concept of coherence . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 254
2.1. Coherence vs consistency . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 255
2.2. Coherence principle in the EU cybersecurity legislative
framework . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 256
3. The EU cybersecurity context . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 257
3.1. The EU and cybersecurity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 257
3.2. The initial EU cybersecurity legislative initiatives . . . . . . . . . . . . . . 258
4. EU cybersecurity Actors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 261
4.1. ENISA . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 261
4.2. Public-private partnership . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 263
5. The EU Cybersecurity Strategies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 265
5.1. The European Union Cybersecurity Strategy 2013 . . . . . . . . . . . . . 265
5.2. The European Union 2017 Cybersecurity Strategy . . . . . . . . . . . . . 271
6. Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 275
Bibliography . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 276
Chapter 12.
Challenges of the Cyber Sanctions Regime under the Common Foreign
and Security Policy (CFSP)
Yuliya Miadzvetskaya . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 277
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 277
2. Current EU sanctions framework . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 280
x Intersentia
Contents
3. Challenges of the cyber sanctions regime . . . . . . . . . . . . . . . . . . . . . . . . . . 282

3.1. Challenge of attributing cyber-attacks . . . . . . . . . . . . . . . . . . . . . . . . 283
3.2. Challenge of a common approach . . . . . . . . . . . . . . . . . . . . . . . . . . . . 285
3.3. Challenge of the fundamental rights test . . . . . . . . . . . . . . . . . . . . . . 287
3.4. Challenge of providing evidence . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 290
4. Overview of the US cyber sanctions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 292
5. Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 294
Bibliography . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 295
Chapter 13.
International (Cyber)security of the Global Aviation Critical
Infrastructure as a Community Interest
Ivo Emanuilov . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 299
1. (Cyber)security in an interconnected international community . . . . . . . 299

2. Critical (aviation) infrastructure: an international outlook . . . . . . . . . . . 302
2.1. Defining critical infrastructure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 302
2.2. Criteria for the designation of critical infrastructure . . . . . . . . . . . 303
2.3. Critical information infrastructure . . . . . . . . . . . . . . . . . . . . . . . . . . 305
2.4. (Global) critical infrastructure in aviation . . . . . . . . . . . . . . . . . . . . 306
3. (Cyber)security obligations under general international law . . . . . . . . . . 308
3.1. Right to security as an international human right . . . . . . . . . . . . . . 309
3.2. (Cyber)security due diligence obligations . . . . . . . . . . . . . . . . . . . . . 311
4. Safety and (cyber)security obligations in international air law . . . . . . . . 317
4.1. Aviation (cyber)security obligations . . . . . . . . . . . . . . . . . . . . . . . . . . 318
4.2. Relationship between the obligations for aviation safety and
(cyber)security: protecting community interests? . . . . . . . . . . . . . . 322
5. Towards erga omnes aviation (cyber)security obligations . . . . . . . . . . . . . 326
5.1. Erga omnes obligations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 326
5.2. Ius cogens obligations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 330
5.3. Safety oversight as a peremptory norm of international law . . . . . 334
5.4. Community interests and the (cyber)security of the global
aviation critical infrastructure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 336
6. Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 338
Bibliography . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 339
Cumulative Bibliography . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 343
Intersentia xi
LIST OF CONTRIBUTORS
All contributors are affiliated to the KU Leuven Centre for IT and IP law (CiTiP)
and members of CiTiP’s security research team.
Daniela Brešić completed her legal clerkship in the district of the Higher
Regional Court Munich, after graduating from Ludwig-Maximilians-University
Munich, Germany. She also obtained an LL.M. degree in Law and Technology
from Tilburg University, the Netherlands.
Alessandro Bruni is focusing his research activities primarily on communication

law and legal challenges related to new technologies such as Artificial Intelligence
and blockchain. He obtained his degrees in Law at the University of Siena and at
Tilburg University. He was affiliated to a civil society organisation on specific EU
digital dossiers involving fundamental rights, to a consultancy group, dealing with
cybersecurity matters, and to a European telecom operator as a Regulatory Officer.
Pierre Dewitte mainly focuses his research on Data Protection by Design,

privacy engineering, smart cities and algorithmic transparency issues.
Charlotte Ducuing holds a master’s degree in law with specialisation in

European law, a master’s degree in political sciences from the University Lille
(Institut d’Etudes Politiques de Lille) and an LL.M. Intellectual Property and
ICT Law from KU Leuven. As a PhD fellow, her main research interests extend
to the regulation of emerging digital infrastructure in network industries.
Ivo Emanuilov is a PhD fellow in public international law working on the (in)
adequacy of the concept of control in risk-based international law. His research
is centered around problems of (shared) international responsibility, non-
state actors, due diligence, risk analysis and new technologies in international
humanitarian law, air and space law and cyber law. Ivo has degrees in
international and EU law, English law, ICT law, and soft ware engineering.
He is a visiting lecturer on legal and ethical aspects of artificial intelligence at
the University of Sofia and biometrics and privacy law at the Swiss Distance
Learning University (UniDistance), Switzerland.
Stefano Fantin joined CITIP in 2017 after previous public sector and
e-Government experiences. His research now covers various aspects of
Intersentia xiii
List of Contributors
cybersecurity and accountability in the counter-terrorism and national security

governance domains, as well as critical infrastructures protection and cyber
defense policies. He is also an affi liated guest researcher at the Center for EU
Policy Studies (CEPS).
Thomas Marquenie obtained his master’s degree of Laws from the University of
Leuven in 2015 and specialised in Criminal, International and European Law. In
2016, he obtained an Advanced Master’s (LL.M.) in Intellectual Property Rights &
ICT Law at the University of Leuven. At CiTiP, his research focuses on human rights
and data protection as well as the legal aspects of Artificial Intelligence, security
and law enforcement. He has contributed to several European Commission projects
on the development and implementation of innovative police technologies, such
as FP7 VALCRI and the ongoing H2020 MAGNETO, and is currently preparing a
PhD project regarding fairness and accountability in law enforcement AI.
Yuliya Miadzvetskaya joined CiTiP in 2019, after having worked as an academic

assistant at the College of Europe in Bruges. She also was trainee in the Legal
Service of the European Parliament in Brussels and at the United Nations offices
in Minsk.
Laurens Naudts is a doctoral researcher. His research focuses on the

interrelationship between artificial intelligence, ethics, justice, fairness and the
law. Laurens’ doctoral research reconsiders the concepts of equality and data
protection within the context of machine learning and algorithmically guided
decision-making. Laurens has also been involved in several national and EU
funded research projects, including amongst others iLINC and Preemptive,
and, currently, VICTORIA (Video Analysis for Investigation of Criminal and
Terrorist Activities). Laurens was formerly appointed as a researcher at the
European University Institute (Centre for Media Pluralism and Media Freedom).
Domenico Orlando is currently involved in two projects about smart grids

development (ROLECS and SNIPPET). He graduated in Business and
Competition law at the Bocconi University and has an LL.M. in ICT law from
the University of Oslo. He is interested in themes such as Security and Data
Protection by Design and he focuses on data protection, cybersecurity and energy.
Danaja Fabčič Povše focuses her research activities on legal and ethical aspects
of data security, data protection and privacy within organisations and in design
processes.
Katherine Quezada is mainly working on the MAGNETO project within CiTiP.

Her educational background includes an LL.B. from Universidad Autónoma
de Santo Domingo (2013, homologated to the Spanish equivalent in 2017), a
xiv Intersentia
List of Contributors
master’s degree of Criminology and Criminal Justice from Universidad Camilo

José Cela (2015) and an LL.M. in IP and ICT law from KU Leuven (2018–2020).
Jessica Schroers is a doctoral researcher at CiTiP. Her research focuses on data

protection law and the legal issues related to identity management. She writes
her doctoral thesis on the responsibility for electronic identity. Originally from
Germany, she studied in the Netherlands at the University of Tilburg, where
she obtained a bachelor’s degree in Law and Management and Master’s degrees
in International Business Law and in Law and Technology. In 2009 she was an
Erasmus exchange student at the University of Helsinki. Before joining CiTiP in
2013, Jessica completed an internship at a Dutch law firm where she focused on
IT and intellectual property law.
Peggy Valcke is professor of technology and law at KU Leuven, CiTiP, and

principal investigator at the Security & Privacy Group at imec (previously
iMinds). She is also member of Leuven.AI (the Leuven Centre for Artificial
Intelligence) and LICT (Leuven Centre on ICT). In previous years, she has
taken up part-time or visiting professorships at Bocconi University in Milan;
the European University Institute in Florence; Tilburg University; and Central
European University in Budapest. Peggy has been assessor (member of the
deciding body) of the Belgian Competition Authority and member of the
General Chamber of the Flemish Media Regulator since 2008. She was a member
of Google’s Advisory Council on the Right to be Forgotten and of Digital Minds
for Belgium, and also sits on the Scientific Committee of AI4People, the first
global forum in Europe on the Social Impacts of Artificial Intelligence set up by
Atomium-European Institute for Science, Media and Democracy.
Anton Vedder is a professor of IT Law at CiTiP. He is especially interested in

the interplay of technological developments and the articulation of basic moral
and legal concepts. Recent publications include articles and books on trust in
e-health, innovative technologies, care, enhancement, and justice, privacy,
data protection and profi ling, ethics of artificial intelligence in a big data
environment, and privacy versus public security. He is the academic director of
KU Leuven’s LL.M. program of IP and IT Law and a member of KU Leuven’s
Ethics Committee on Dual Use, Military Use and Misuse of Research.
Plixavra Vogiatzoglou is a doctoral researcher at CiTiP and a certified lawyer

in Greece. Her main interests revolve around surveillance and criminal
analytics, and their effects on fundamental rights, in particular privacy and data
protection. Before joining CiTiP in January 2017, Plixavra obtained an LL.M. in
Intellectual Property and ICT law from the Faculty of Law of KU Leuven and an
LL.M. in International Studies from the Faculty of Law of Aristotle University of
Thessaloniki.
Intersentia xv
CHAPTER 1
INTRODUCTION: SECURITY AND
LAW IN A DIGITIZING WORLD
Charlotte Ducuing, Jessica Schroers and Anton Vedder
Few people would doubt the importance of security of a state, society, its
organizations and institutions, and individuals as an unconditional basis
for personal and societal flourishing. Equally few people would deny being
concerned by the often-occurring conflicts between security and other values
and fundamental freedoms and rights, such as individual autonomy or privacy
to name but a few. While the search for a balance between these public values is
far from new, ICT and data-driven technologies have undoubtedly given it a new
impulse. These technologies have a complicated and multifarious relationship
with security.
Based on their knowledge discovery capacity – e.g. in the form of big data
analysis – they are powerful tools in the hands of public authorities in charge
of public and national security. In other words, they can have an instrumental
function to security. Protection of citizens and individuals from abuses
committed by public authorities having a monopoly of legitimate violence is
far from new and has been a major task of the law, especially at national and
EU levels. By significantly reinforcing the security public authorities, these new
technologies may affect the balance of power to the detriment of citizens in
many ways. There is a need for reconsidering the balance between the pursuit of
public and national security, on the one hand, and the legitimate interests and
fundamental rights of citizens, on the other.
Moreover, these new technologies have pervaded our daily environment to
the point that they have become critical to the functioning of the economy and
of society at large. Against this background, they themselves are increasingly
perceived as requiring security, for example when they lie at the core of
essential societal services such as healthcare, energy, education or mobility.
Safeguarding the security of ICT and data-driven technologies is, however,
a challenging endeavour. Amongst others, one has to deal with their inherent
connectedness, which makes them liable to the ‘least secured link of the chain’
risk. The anonymity and global scale of the internet multiplies their risk
Intersentia 1
exposure. Furthermore, while security is pursued to the benefit of all, who is or

should be made responsible for achieving it remains a highly debated question.
The public good features of security therefore require the law to regulate and
allocate responsibilities. Simultaneously, however, the task of the law-maker is
made difficult by four aspects of the nature of technologies: the often specialized
expertise required to understand them, their fast pace of development, their
border-crossing character, and the fact that they are mostly run and managed
by private entities altogether. As a result, there is a need for reflection on the
regulatory means which can be leveraged by the law-maker and the entities
exactly to be made responsible for security, as well as the levels of organizations
at which such obligations can best promote security.
The protection of ICT and data-driven technologies has been given various
names and ‘cybersecurity’ seems to be the best-established. This term illustrates
another connection between these technologies and security. ‘Cybersecurity’
would at first glance seem to point quite simply to security of ‘cyber’ assets and/
or security in the cyber environment. Yet, cybersecurity appears to reach beyond
‘security’ strictly speaking. Cybersecurity was often found to lie at the crossroads
of security and safety. The delineation of these two concepts has never been
entirely clear, but the reliance of safety-critical products and services on ICT
technologies has been bringing them even closer to each other. For instance, the
reliance of transport means on ICT technologies simultaneously affects their
sensitivity to external attacks on the one hand and can make them hazardous
for users on the other hand. This calls for a more comprehensive management of
risks and consequently has important legal consequences, such as the choice of
the right regulatory instrument.
It is against the backdrop of this three-dimensional impact of ICT and big
data technologies on security that this book discusses security and the law. In
the midst of the on-going debates on security, the book combines theoretical
discussion of the concepts at stake and case studies following the development of
the technologies.
Part I sets the scene, by looking at the definition of security. On the one hand,
security must be distinguished from neighbouring concepts. On the other hand,
security itself is subject to sub-categories which, while they are of paramount
importance to delineate the reach of the law, appear to be difficult to ascertain in
practice such as the distinction between public and national security.
With the aim to define security in a technological environment, part I
begins with “Safety, security, and ethics” (chapter 2), where Anton Vedder sets
out to clarify definitions of security and safety and to analyse these notions as
normative concepts. According to him, many recent authors on safety and
security seem to agree – albeit often tacitly – that safety is primarily concerned
with the adverse effects an entity might have on (the integrity of) the entities
2 Intersentia
Chapter 1. Introduction: Security and Law in a Digitizing World
surrounding it, while security primarily is the unimpairedness of the integrity

of the entity as such. Many authors, furthermore, distinguish between safety
as controlling events caused by system malfunctions versus security as dealing
with mitigating attacks by malicious agents. With the blending of the physical
and virtual world through the Internet of Things, the notions of security and
safety come to be used more and more interchangeably. This chapter thus
informs the more sector-focused considerations on the increasing overlap of
safety and security aspects in cybersecurity law, which can then be found in
chapters 8 and 13 (introduced further below), respectively focusing on connected
and autonomous road vehicles and aviation. Concerning security and safety as
normative notions, Vedder claims that articulations and justifications of security
and safety as value notions can build on objectivist need-consequentialist
considerations. Security and safety policies and arrangements provide for the
satisfaction of basic, social, and functional needs. Some protect life, health and
shelter; some protect our institutions, some protect the facilities that make our
lives comfortable. The benefits and burdens of policies and other arrangements
for the protection of security and safety are not automatically distributed equally.
This raises questions of distributive justice. The issues of distributive justice
can overlap with the delicate fundamental issues of moral conflict in which the
realization of a (proposed) policy or measure of security or safety protection
collides with liberties or rights of individuals or specific groups. This chapter
ends with the discussion of two alternative ways of approaching the resulting
dilemmas.
The notion of ‘security’ is further discussed in chapter 3, where Plixavra
Vogiatzoglou and Stefano Fantin focus on the delineation between national
and public security (“National and public security within and beyond the
Law Enforcement Directive”). During the drafting of Directive (EU) 2016/680
(so-called ‘Data Protection Law Enforcement Directive’ or in short ‘DPLE
Directive’), the major European data protection supervisory bodies raised their
concerns as regards the scope of the Directive, and in particular the purpose of
safeguarding public security. The Directive does not further define the notion of
public security, while explicitly juxtaposing the concept with national security,
as the latter is excluded from the scope of application of EU legislation. Several
months after the official deadline for the national transposition of the Directive,
this question has not been given any more thought. This chapter seeks to clarify
the scope of the directive and the meaning of public security, first through
the confrontation with the concept of national security, and then through the
definition of competent authorities, as formulated in the text of the Directive
and transposed into national law.
Part II questions whether and to what extent the law has been able to regulate the
use of ICT and data-driven technologies as a means to maintain, create or protect
Intersentia 3
security in search of a balance between security and other public values, such
as privacy and equality. These technologies may be used by public authorities in
charge of security. Interestingly, they may also be used by citizens as a means
to ‘fire back’ and secure themselves from (perceived) intrusions and insecurity
stemming from third parties or from the State (e.g. encryption). Both chapters
4 and 5 discuss under which legal conditions public authorities in charge of
security may use these technologies, while keeping a balance with other public
values. In chapter 4 “Criminal Profiling and Non-Discrimination: on firm
grounds for the digital era?”, Laurens Naudts focusses on the value of equality.
He discusses the regulation of criminal profi ling practices. He explains how,
from a legal perspective, new forms of differentiation generated by data-driving
analytics tools, might constitute illegal forms of discrimination. The DPLE
Directive provides clear and concrete guidelines regarding the use of specific
types of information in building profi les, indicating quite well when, and under
what conditions, profiling practices could be allowed. Moreover, the Directive
includes equality-sensitive considerations, noting the potential discriminatory
nature data-driven techniques might have. It does so in particular where special
categories of data are involved. Nevertheless, considering the requirement that
profi ling practices should not be discriminatory, public bodies should still
consider the fundamental right to equality and non-discrimination as it has
been enshrined in the European Convention of Human Rights, and as it has
been interpreted by the European Court of Human Rights. The Court’s case law
is at times both complex and confusing. Through the open-ended phrasing of
article 14, the Convention’s non-discrimination clause can, in principle, allow
the Court to condemn new forms of discrimination. Yet, the case law shows that
the Court’s reasoning might be ill-equipped to tackle the risks new technologies
pose. Perhaps, so Naudts argues, a heightened level of awareness across society
regarding the dangers that profi ling techniques pose to the fundamental
principles of equality and non-discrimination, could become a common ground
amongst Member States and in turn increase the level of protection afforded to
citizens in the case of criminal profiling.
In chapter 5 entitled “Operationalization of information security through
compliance with Directive 2016/680 in law enforcement technology and
practice”, Thomas Marquenie and Katherine Quezada discuss the close
connection between information security and data protection law in the
law enforcement sector. Information security is the set of processes aimed
at protecting information from unauthorized access, modification, use or
destruction. At the basis of these practices lies the so-called CIA-triad which
envisions the preservation of the Confidentiality, Integrity and Availability of
information. While European Union legislation has previously covered specific
aspects of these security principles, it has been marked by a limited scope of
application and has not introduced extensive obligations in the law enforcement
4 Intersentia
sector. This might now be subject to change with the adoption of the DPLE
Directive. While not explicitly conceived as an information security instrument,
the Directive nevertheless harmonizes data management practices and institutes
numerous data protection requirements for criminal justice authorities and
police agencies in the European Union. The purpose of this chapter is to analyze
to what extent the fundamental principles of information security are reflected
in the provisions of the Directive and whether law enforcement agencies can
rely on their compliance with data protection law to adhere to the fundamental
principles of information security. Following an analysis of the three tenets
of information security, the chapter reviews the current legal framework on
cybersecurity and data protection in order to examine the relationship between
both disciplines and assess whether the Directive mandates high standards of
security which correspond to the triad. This assessment concludes with an
overview of a number of concrete measures identified in EU research projects
serving as a case study of the practical implementation of legal requirements
as a means of realizing information security in a law enforcement context.
The findings of this chapter convey that while information security and
data protection are separate concepts with a diverging scope of application
and general purpose, there exists a significant overlap between the two and
compliance with the Directive is expected to result in a standard of security that
satisfies and conforms with the fundamental tenets of information security.
Data protection law is also discussed in other contributions of the book,
although from different angles. Chapter 6 discusses whether EU data protection
law – and especially the GDPR – can constitute an international legal standard
for a legal right to encryption by data subjects. Chapter 10 discusses data
protection law as an illustration of a growing pattern in EU law to impose
‘compliance by design’ obligations in the ICT environment.
Chapter 6 (“Protecting human rights through a global encryption provision”)
by Danaja Fabčič Povše concentrates on encryption as a security measure for
citizens to defend themselves against (perceived) intrusions by third parties,
including public authorities. The elementary texts of human rights law, such as
the Universal Declaration of Human Rights, the International Covenant on Civil
and Political Rights, the European Convention on Human Rights, and the EU
Charter of Fundamental Rights all provide for the right to privacy, including
privacy of communications, with the EU Charter also explicitly providing
for the right to personal data protection. None of those, however, mentions
explicitly the need for security – let alone encryption – measures. More detailed
rules on data protection can be found in regional instruments. Fabčič Povše’s
chapter examines the EU framework (GDPR, ePrivacy Directive and the
proposed ePrivacy Regulation), Convention 108 of the Council of Europe, the
ECOWAS’s Model Data Protection Act and the APEC Privacy Framework.
The EU legal framework specifically refers to encryption as a security or data
Intersentia 5
masking measure, whereas the other instruments require data security measures
in general. Recommendations on encryption by the OECD and ENISA both
explicitly argue for use of encryption in order to facilitate online commerce
and data security. The OECD 1997 guidelines provide, however, for potential
backdoors or plaintext access by law enforcement, which puts the strength
of encryption in jeopardy. Lastly, ensuring a global encryption obligation is
discussed – a global treaty, possibly under the United Nations or World Trade
Organisation, is unlikely. As an alternative, globalisation of the GDPR or of
the Convention 108+ is proposed, although such globalisation does not come
without drawbacks. Should the states decide to maintain the status quo, further
ripple effects of seemingly domestic policy are to be expected.
Part III investigates the regulatory means that are or can be leveraged by the
law-maker in its attempt to ‘secure’ products, organizations or entities in a
technological and multi-actor’ environment. In order to feed this delicate
‘how’ question, this part includes two types of pieces. Some contributions
analyse various sector-specific case studies, such as security and online identity
management or connected transport means. Others provide horizontal
background on regulatory means leveraged by the EU law-maker. For instance,
the ‘by design’ approach is increasingly gaining traction in EU legislation and
recently culminated with the adoption of the Cybersecurity Act (Regulation
(EU) 2019/881) laying down the ground for EU-wide cybersecurity certification.
The first sectorial case study is provided by Jessica Schroers in her
chapter 7, “Identity management and security”. She discusses security
aspects of identification and authentication technologies. She describes the
different requirements a user has to comply with and challenges the over-
responsabilization of the users inherent to these requirements. The level of
expertise required to address the risks is rather high, and no only the individual
but also the community can be affected by the risks involved. She takes a look
at the standard of care in tort law. The standard of care is generally interpreted
in terms of the standard of reasonable care, the care an average person would
take. Further research into this ‘care an average person would take’ with regard
to the electronic identification means and the environment they are used in, is
therefore deemed to be necessary.
The concern about over-responsibilizing certain (weak) actors in the
value chain illustrates a more general challenge in the ICT and data-
driven technological environment. While these technologies are inherently
interconnected, who should be burdened with the obligation to secure?
This question also lies at the core of the following chapter, with regard to the
cybersecurity in the connected and automated driving environment. The right
allocation of cybersecurity responsibilities and the (sometimes unexpected)
case for shared responsibility are discussed in chapter 9 dealing with the liability
6 Intersentia
consequently arising from NIS obligations. They also lie at the core of the
enquiry about the legal status of cybersecurity obligations in international air
law in chapter 13.
In chapter 8 “Towards an obligation to secure connected and automated
vehicles “by design”?”, Charlotte Ducuing provides another sectoral case-
study. Road transport is undergoing significant changes by data-driven
technologies. Two technological developments are especially visible, namely the
development towards automated and autonomous driving on the one hand and
the growing connected character of vehicles on the other. Both developments are
increasingly converging for technical reasons but also for reasons of road safety,
environment-friendly mobility and optimization of the use of infrastructure and
vehicle capacity. They are referred to together here as ‘connected and automated
mobility’ (CAM). CAM has a paradoxical relation to safety. Road safety
constitutes one of the main political motives for moving to CAM. But increased
connectivity and automation – or even autonomy – of vehicles will also result in
increasing cybersecurity sensitivity. Both the European Union and the UNECE
at an international level are active in revising type-approval legislation so as to
include cybersecurity as part of vehicle safety requirements. The purpose of this
book chapter is to evaluate whether and to what extent type-approval legislation,
and the ‘by design’ approach at its heart, are fit for the purpose of ensuring
cybersecurity of CAM vehicles. To do so, Ducuing analyses the two recently
proposed recommendations of UNECE dealing with cybersecurity of CAM
vehicles, as part of vehicle technical regulations, which interestingly reflect the
changing nature of vehicles when growing in connectivity and autonomy.
Chapter 8 analyses the intrinsic limitations of the ‘security by design’
approach in the complex field of connected and automated vehicles. The
discussion surrounding the ‘by design’ regulatory approach reverberates in
several other chapters. Chapter 5 discusses the interactions between the data
protection by design approach in the DPLE Directive and the discipline of
information security. ‘Security by design’ is contemplated in chapter 7 as a
potential factor in the assessment of a required standard of care in the field of
identity management. Finally, chapter 10 is entirely dedicated to the ‘by design’
approach in both cybersecurity and data protection law, both being often
intertwined.
After the sectoral case-studies in chapters 7 and 8, the remaining chapters
of Part III provide horizontal analysis of cybersecurity legal frameworks, and
especially aim to assess the regulatory ‘toolbox’ used by the EU law-maker. In
chapter 9, “The cybersecurity requirements for operators of essential services
under the NIS Directive – An analysis of potential liability issues from an
EU, German and UK perspective”, Daniela Brešić provides an overview of
responsibilities and potential liability issues that may occur in the context
of critical infrastructure protection for operators of essential services. She
Intersentia 7
pays special attention to the NIS Directive as the first legislative initiative
enhancing cybersecurity protection for the EU, and to the implementation of
the Directive into national legislation in Germany and the United Kingdom.
Her chapter concludes with a deliberation on potential drawbacks in terms of
a shared responsibility between stakeholders, as well as on liability and critical
infrastructure protection from a broader perspective.
The NIS Directive is also critically discussed in chapter 11 as one of the main
components of EU cybersecurity legislation. In chapter 13, the NIS Directive
is referred to as a measurement standard with regard to the qualification of a
service as “essential”, from an international law perspective.
In chapter 10 “The ‘by Design’ Turn in EU Cybersecurity Law: Emergence,
challenges and ways forward”, Domenico Orlando and Pierre Dewitte
analyse the ‘by Design’ turn in the EU security and data protection legislative
frameworks. The ‘by design’ approach in EU legislation is on the rise. Both data
protection and cybersecurity law are involved in this trend, with the former
ahead. After an introduction on definitions, the chapter describes the steps made
by security by design, its focus in gaining attention and consideration in EU
and soft law. Finally, the authors assess the challenges posed for consistent and
effective development of the concept of ‘by design’ in general and of ‘security by
design’ in particular.
Chapter 11 by Alessandro Bruni evaluates the regulatory initiatives from the
EU institutions in the field of cybersecurity and pleads for “Promoting coherence
in the EU cybersecurity strategy”. Bruni explains how the commitment of the
European Union to establish secure and trustworthy cyberspace resulted in two
different but complementary European cybersecurity strategies. He explains
why their coherence has been questioned and which factors have hampered the
development of a coherent EU cybersecurity strategy. In his chapter, he intends
to understand the impact, if any, of key elements and actors, namely, the EU
cybersecurity agency ENISA and the role of public-private partnerships in the
development of EU cybersecurity. By doing so, this chapter intends to assess if
the progress that has been made that EU cybersecurity legislation can be labelled
as coherent.
The final part IV discusses international aspects of ICT. On the one hand,
their global, border-crossing, character requires appropriate international
response to secure the EU. On the other hand, cybersecurity can represent an
international collective good, especially in the case of safety-sensitive assets
(e.g. aviation). In chapter 12, Yuliya Miadzvetskaya analyses the new regime
concerning restrictive measures against cyber-attacks as a new tool of the EU
Cyber diplomacy toolbox, in her contribution “Challenges of the cyber sanctions
regime under the Common Foreign and Security Policy (CFSP)”. She sheds some
light on the main shortcomings for the efficient implementation of sanctions,
8 Intersentia
notably relating to a spectrum of challenges, such as a problem of technical and

political attribution of cyber-attacks, the lack of EU’s common approach and
will to name perpetrators and fundamental rights issues assessed on a case-by-
case basis by the ECJ in sanctions related case-law.
Ivo Emanuilov discusses in chapter 13 cybersecurity obligations in public
international law. “International (cyber)security of the global aviation critical
infrastructure as a community interest” investigates whether cybersecurity
obligations in the field of aviation can be considered as a ‘community interest’.
The international aviation system has become increasingly interconnected as a
result of the proliferation of systems operated by both traditional stakeholders
and new entrants. Civil aviation’s critical infrastructure has therefore become
exposed to an ever-growing number of physical, cyber and hybrid threats. While
the Convention on International Civil Aviation and its Annexes have established
a comprehensive and largely harmonised international legal framework of safety
rules for civil aviation, the same cannot be said in so far as aviation (cyber)
security is concerned. Cyber-attacks have unquestionably been considered
an offence against the principles and arrangement for the safe and orderly
development of the international civil aviation. While it has been argued that
states have due diligence obligations under international law to prevent harmful
international cyber operations, the nature and scope of these obligations in
modern civil aviation is not always clear-cut. Furthermore, the extent and
content of the obligations to ensure the (cyber)security of aviation critical
infrastructure. This determination is further complicated by the emergence
of a transnational (global) aviation critical infrastructure which exists across
borders and which comprises a complex network of physical, virtualised and
cyber components. This contribution aims to ascertain whether and in which
cases States could be argued to bear primary obligations in international law
to ensure the (cyber)security of such global aviation critical infrastructure. It
also seeks to explore the source and nature of these obligations under public
international law and asserts the view that the safety and certain safety-critical
aspects of (cyber)security could plausibly be construed as being reflective of an
interest of the international community as a whole. In light of virtualisation of
physical infrastructure and the emergence of new categories of cyber(-physical)
infrastructure, Emanuilov argues that this community interest could only be
protected effectively by erga omnes obligations so as to ensure the continued
“safe and orderly development” of international civil aviation.
Intersentia 9
CHAPTER 2
SAFETY, SECURITY AND ETHICS
Anton Vedder*
1. INTRODUCTION
What are safety and security? Why should we value safety and security? These
questions may sound redundant at first sight. Are safety and security not to
be considered as elementary conditions for a minimally functioning human
being? Exactly because of this apparent self-evidence, policy and law makers,
as well as researchers of the legal dimensions or technical or economic aspects
of safety and security might benefit from a more precise understanding of the
concepts and the normative starting points behind them. This is especially so
where specific measures or policies for ensuring or protecting safety and security
must be balanced against other values or principles. In this chapter, the notions
of security and safety will be clarified as normative concepts from an analytical
ethical perspective. In the next section, current discussions on the definitions
and conceptual distinctions with regards to the notion of security and the related
notion of safety will be discussed. In section 3, the focus will be on security and
safety as values. In section 4, the possibility of moral conflicts between safety and
security on the one hand and individual rights and interests on the other, will be
discussed.
2. DEFINITIONS AND DISTINCTIONS
Although the notions of safety and security have received an occasional modest
dose of attention during the last decades from the side of philosophers in some
subdomains of applied ethics, such as technology ethics and medical ethics,1
* Special thanks are due to Margaret Warthon, research intern at the KU Leuven Centre for IT
and IP Law 2018–19, for her support with bibliographical research.
1 Of course, security and safety play important substantial normative roles in the development
of technologies and in the regulatory field of standardization. The claim here merely concerns
conceptual analysis.
Intersentia 11
Anton Vedder
they have been most intensively debated in philosophy of law2 and in a branch
of practical philosophy, perhaps best referred to as normative political theory.
So-called “realist” or “neo-realist” political theorists – from Thucydides, over
Machiavelli, Hobbes, Morgenthau to Waltz – start from the assumption that
as individual human beings are fundamentally selfish and driven by a lust for
power, only (voluntary) subjection to a sovereign state that is able to provide
protection can offer security and safety for one individual from intrusions
by others or for one state from others. In the controversies among realists
themselves and in the debates between realists and their opponents, the
notions of safety and security have therefore been articulated primarily on
deep theoretical levels as global value-laden characteristics of individuals and
of societies or states overall.3 As a consequence, there exists an understandable
tendency of philosophers when reflecting on the concepts of safety and security
to treat these first and foremost as global concepts, indicating the overall
security or safety of either individuals or societies or states. Walt defines the
notion of security as such a global dimension when he claims that security is
the “preservation of the state territorial integrity and the physical safety of its
inhabitants,” meaning that a state is secure when it is able to defend itself from
hostile attacks and prevent other states from compelling it to adjust its behaviour
in significant ways or to sacrifice important political values.4 Focusing on the
differences between security and safety, Rigterink contends that safety is the
individual state of freedom from threats while security is the collective state of
freedom from threats.5
Over the last decades, the theoretical debate on security and safety has
incrementally expanded in scope and is slowly seeping into other fields than
political philosophy. Boholm et al., Ceccorulli and Lucarelli, Balzacq et al. have
contributed to the debate with intricate linguistic and semantic analyses on the
notions in general.6 Especially in connection with technology, the interest in
2 See also section 3.1 in the chapter by Plixavra Vogiatzoglou and Stephano Fantin in this
volume.
3 Lawrence Freedman, ‘The concept of security’ Encyclopedia of Government and Politics (2nd
edn, 2003).
4 Stephen Martin Walt, ‘Realism and Security’ Oxford Research Encyclopedia of
International Studies (2010) <https://oxfordre.com/internationalstudies/view/10.1093/
acrefore/9780190846626.001.0001/acrefore-9780190846626-e-286> accessed 25 June 2019.
5 Anouk Rigterink, ‘Does Security Imply Safety? On The (Lack of) Correlation Between
Different Aspects of Security’ (2015) (4) Stability: International Journal of Security &
Development <http://doi.org/10.5334/sta.fw> accessed 24 June 2019.
6 Max Boholm, Niklas Möller, Sven Ove Hansson, ‘The Concepts of Risk, Safety, and Security:
Applications in Everyday Language’ (2016) 36 Risk Analysis <https://doi 10.1111/risa.12464>
accessed 24 June 2019; Michela Ceccorulli, Sonia Lucarelli, ‘Security governance: making
the concept fit for the analysis of a multipolar, global and regionalized world’ 2014 41 Global
Governance Programme-98; European, Transnational and Global Governance <http://hdl.
handle.net/1814/31282> accessed 25 June 2019; Th ierry Balzacq, Sarah Léonard, Jan Ruzicka
‘‘Securitization’ revisited: theory and cases’ (2016) 30 International Relations <https://doi.
org/10.1177/0047117815596590> accessed 24 June 2019.
12 Intersentia
Another random document with
no related content on Scribd:
where her roystering boys may not in some mad Saturday afternoon
pull them down or burn their fingers. The sea and the iron road are
safer toys for such ungrown people; we are not yet ripe to be birds.
In the next place, to fifteen letters on Communities, and the
Prospects of Culture, and the destinies of the cultivated class,—what
answer? Excellent reasons have been shown us why the writers,
obviously persons of sincerity and elegance, should be dissatisfied
with the life they lead, and with their company. They have exhausted
all its benefit, and will not bear it much longer. Excellent reasons they
have shown why something better should be tried. They want a
friend to whom they can speak and from whom they may hear now
and then a reasonable word. They are willing to work, so it be with
friends. They do not entertain anything absurd or even difficult. They
do not wish to force society into hated reforms, nor to break with
society. They do not wish a township, or any large expenditure, or
incorporated association, but simply a concentration of chosen
people. By the slightest possible concert, persevered in through four
or five years, they think that a neighborhood might be formed of
friends who would provoke each other to the best activity. They
believe that this society would fill up the terrific chasm of ennui, and
would give their genius that inspiration which it seems to wait in vain.
But, “the selfishness!” One of the writers relentingly says, “What
shall my uncles and aunts do without me?” and desires distinctly to
be understood not to propose the Indian mode of giving decrepit
relatives as much of the mud of holy Ganges as they can swallow,
and more, but to begin the enterprise of concentration by
concentrating all uncles and aunts in one delightful village by
themselves!—so heedless is our correspondent of putting all the
dough into one pan, and all the leaven into another. Another
objection seems to have occurred to a subtle but ardent advocate. Is
it, he writes, a too great wilfulness and intermeddling with life,—with
life, which is better accepted than calculated? Perhaps so; but let us
not be too curiously good. The Buddhist is a practical Necessitarian;
the Yankee is not. We do a great many selfish things every day;
among them all let us do one thing of enlightened selfishness. It
were fit to forbid concert and calculation in this particular, if that were
our system, if we were up to the mark of self-denial and faith in our
general activity. But to be prudent in all the particulars of life, and in
this one thing alone religiously forbearing; prudent to secure to
ourselves an injurious society, temptations to folly and despair,
degrading examples, and enemies; and only abstinent when it is
proposed to provide ourselves with guides, examples, lovers!
We shall hardly trust ourselves to reply to arguments by which we
would too gladly be persuaded. The more discontent, the better we
like it. It is not for nothing, we assure ourselves, that our people are
busied with these projects of a better social state, and that sincere
persons of all parties are demanding somewhat vital and poetic of
our stagnant society. How fantastic and unpresentable soever the
theory has hitherto seemed, how swiftly shrinking from the
examination of practical men, let us not lose the warning of that most
significant dream. How joyfully we have felt the admonition of larger
natures which despised our aims and pursuits, conscious that a
voice out of heaven spoke to us in that scorn. But it would be unjust
not to remind our younger friends that whilst this aspiration has
always made its mark in the lives of men of thought, in vigorous
individuals it does not remain a detached object, but is satisfied
along with the satisfaction of other aims. To live solitary and
unexpressed, is painful,—painful in proportion to one’s
consciousness of ripeness and equality to the offices of friendship.
But herein we are never quite forsaken by the Divine Providence.
The loneliest man, after twenty years, discovers that he stood in a
circle of friends, who will then show like a close fraternity held by
some masonic tie. But we are impatient of the tedious introductions
of Destiny, and a little faithless, and would venture something to
accelerate them. One thing is plain, that discontent and the luxury of
tears will bring nothing to pass. Regrets and Bohemian castles and
æsthetic villages are not a very self-helping class of productions, but
are the voices of debility. Especially to one importunate
correspondent we must say that there is no chance for the æsthetic
village. Every one of the villagers has committed his several blunder;
his genius was good, his stars consenting, but he was a marplot.
And though the recuperative force in every man may be relied on
infinitely, it must be relied on before it will exert itself. As long as he
sleeps in the shade of the present error, the after-nature does not
betray its resources. Whilst he dwells in the old sin, he will pay the
old fine.
More letters we have on the subject of the position of young men,
which accord well enough with what we see and hear. There is an
American disease, a paralysis of the active faculties, which falls on
young men of this country as soon as they have finished their
college education, which strips them of all manly aims and bereaves
them of animal spirits; so that the noblest youths are in a few years
converted into pale Caryatides to uphold the temple of conventions.
They are in the state of the young Persians, when “that mighty
Yezdam prophet” addressed them and said, “Behold the signs of evil
days are come; there is now no longer any right course of action, nor
any self-devotion left among the Iranis.” As soon as they have
arrived at this term, there are no employments to satisfy them, they
are educated above the work of their times and country, and disdain
it. Many of the more acute minds pass into a lofty criticism of these
things, which only embitters their sensibility to the evil and widens
the feeling of hostility between them and the citizens at large. From
this cause, companies of the best-educated young men in the
Atlantic states every week take their departure for Europe; for no
business that they have in that country, but simply because they
shall so be hid from the reproachful eyes of their countrymen and
agreeably entertained for one or two years, with some lurking hope,
no doubt, that something may turn up to give them a decided
direction. It is easy to see that this is only a postponement of their
proper work, with the additional disadvantage of a two years’
vacation. Add that this class is rapidly increasing by the infatuation of
the active class, who, whilst they regard these young Athenians with
suspicion and dislike, educate their own children in the same
courses, and use all possible endeavors to secure to them the same
result.
Certainly we are not insensible to this calamity, as described by
the observers or witnessed by ourselves. It is not quite new and
peculiar; though we should not know where to find in literature any
record of so much unbalanced intellectuality, such undeniable
apprehension without talent, so much power without equal
applicability, as our young men pretend to. Yet in Theodore Mundt’s
account of Frederic Hölderlin’s “Hyperion,” we were not a little struck
with the following Jeremiad of the despair of Germany, whose tone is
still so familiar that we were somewhat mortified to find that it was
written in 1799. “Then came I to the Germans. I cannot conceive of a
people more disjoined than the Germans. Mechanics you shall see,
but no man. Is it not like some battle-field, where hands and arms
and all members lie scattered about, whilst the life-blood runs away
into the sand? Let every man mind his own, you say, and I say the
same. Only let him mind it with all his heart, and not with this cold
study, literally, hypocritically, to appear that which he passes for,—
but in good earnest, and in all love, let him be that which he is; then
there is a soul in his deed. And is he driven into a circumstance
where the spirit must not live? Let him thrust it from him with scorn,
and learn to dig and plough. There is nothing holy which is not
desecrated, which is not degraded to a mean end among this
people. It is heart-rending to see your poet, your artist, and all who
still revere genius, who love and foster the Beautiful. The Good!
They live in the world as strangers in their own house; they are like
the patient Ulysses whilst he sat in the guise of a beggar at his own
door, whilst shameless rioters shouted in the hall and asked, Who
brought the ragamuffin here? Full of love, talent and hope, spring up
the darlings of the muse among the Germans; some seven years
later, and they flit about like ghosts, cold and silent; they are like a
soil which an enemy has sown with poison, that it will not bear a
blade of grass. On earth all is imperfect! is the old proverb of the
German. Aye, but if one should say to these God-forsaken, that with
them all is imperfect only because they leave nothing pure which
they do not pollute, nothing holy which they do not defile with their
fumbling hands; that with them nothing prospers because the godlike
nature which is the root of all prosperity they do not revere; that with
them, truly, life is shallow and anxious and full of discord, because
they despise genius, which brings power and nobleness into manly
action, cheerfulness into endurance, and love and brotherhood into
towns and houses. Where a people honors genius in its artists, there
breathes like an atmosphere a universal soul, to which the shy
sensibility opens, which melts self-conceit,—all hearts become pious
and great, and it adds fire to heroes. The home of all men is with
such a people, and there will the stranger gladly abide. But where
the divine nature and the artist is crushed, the sweetness of life is
gone, and every other planet is better than the earth. Men
deteriorate, folly increases, and a gross mind with it; drunkenness
comes with a disaster; with the wantonness of the tongue and with
the anxiety for a livelihood the blessing of every year becomes a
curse, and all the gods depart.”
The steep antagonism between the money-getting and the
academic class must be freely admitted, and perhaps is the more
violent, that whilst our work is imposed by the soil and the sea, our
culture is the tradition of Europe. But we cannot share the
desperation of our contemporaries; least of all should we think a
preternatural enlargement of the intellect a calamity. A new
perception, the smallest new activity given to the perceptive power,
is a victory won to the living universe from Chaos and old Night, and
cheaply bought by any amounts of hard fare and false social
position. The balance of mind and body will redress itself fast
enough. Superficialness is the real distemper. In all the cases we
have ever seen where people were supposed to suffer from too
much wit, or, as men said, from a blade too sharp for the scabbard, it
turned out that they had not wit enough. It may easily happen that
we are grown very idle, and must go to work, and that the times must
be worse before they are better. It is very certain that speculation is
no succedaneum for life. What we would know, we must do. As if
any taste or imagination could take the place of fidelity! The old Duty
is the old God. And we may come to this by the rudest teaching. A
friend of ours went five years ago to Illinois to buy a farm for his son.
Though there were crowds of emigrants in the roads, the country
was open on both sides, and long intervals between hamlets and
houses. Now after five years he had just been to visit the young
farmer and see how he prospered, and reports that a miracle had
been wrought. From Massachusetts to Illinois the land is fenced in
and builded over, almost like New England itself, and the proofs of
thrifty cultivation abound;—a result not so much owing to the natural
increase of population, as to the hard times, which, driving men out
of cities and trade, forced them to take off their coats and go to work
on the land; which has rewarded them not only with wheat but with
habits of labor. Perhaps the adversities of our commerce have not
yet been pushed to the wholesomest degree of severity. Apathies
and total want of work, and reflection on the imaginative character of
American life, etc., etc., are like seasickness, and never will obtain
any sympathy if there is a wood-pile in the yard, or an unweeded
patch in the garden; not to mention the graver absurdity of a youth of
noble aims who can find no field for his energies, whilst the colossal
wrongs of the Indian, of the Negro, of the emigrant, remain
unmitigated, and the religious, civil and judicial forms of the country
are confessedly effete and offensive. We must refer our clients back
to themselves, believing that every man knows in his heart the cure
for the disease he so ostentatiously bewails.
As far as our correspondents have entangled their private griefs
with the cause of American Literature, we counsel them to
disengage themselves as fast as possible. In Cambridge orations
and elsewhere there is much inquiry for that great absentee
American Literature. What can have become of it? The least said is
best. A literature is no man’s private concern, but a secular and
generic result, and is the affair of a power which works by a
prodigality of life and force very dismaying to behold,—every trait of
beauty purchased by hecatombs of private tragedy. The pruning in
the wild gardens of nature is never forborne. Many of the best must
die of consumption, many of despair, and many be stupid and
insane, before the one great and fortunate life which they each
predicted can shoot up into a thrifty and beneficent existence.
VIII.
THE TRAGIC. [12]
He has seen but half the universe who never has been shown the
house of Pain. As the salt sea covers more than two thirds of the
surface of the globe, so sorrow encroaches in man on felicity. The
conversation of men is a mixture of regrets and apprehensions. I do
not know but the prevalent hue of things to the eye of leisure is
melancholy. In the dark hours, our existence seems to be a
defensive war, a struggle against the encroaching All, which
threatens surely to engulf us soon, and is impatient of our short
reprieve. How slender the possession that yet remains to us; how
faint the animation! how the spirit seems already to contract its
domain, retiring within narrower walls by the loss of memory, leaving
its planted fields to erasure and annihilation. Already our own
thoughts and words have an alien sound. There is a simultaneous
diminution of memory and hope. Projects that once we laughed and
leapt to execute, find us now sleepy and preparing to lie down in the
snow. And in the serene hours we have no courage to spare. We
cannot afford to let go any advantages. The riches of body or of mind
which we do not need to-day, are the reserved fund against the
calamity that may arrive to-morrow. It is usually agreed that some
nations have a more sombre temperament, and one would say that
history gave no record of any society in which despondency came so
readily to heart as we see it and feel it in ours. Melancholy cleaves to
the English mind in both hemispheres as closely as to the strings of
an Æolian harp. Men and women at thirty years, and even earlier,
have lost all spring and vivacity, and if they fail in their first
enterprises they throw up the game. But whether we and those who
are next to us are more or less vulnerable, no theory of life can have
any right which leaves out of account the values of vice, pain,
disease, poverty, insecurity, disunion, fear and death.
What are the conspicuous tragic elements in human nature? The
bitterest tragic element in life to be derived from an intellectual
source is the belief in a brute Fate or Destiny; the belief that the
order of nature and events is controlled by a law not adapted to man,
nor man to that, but which holds on its way to the end, serving him if
his wishes chance to lie in the same course, crushing him if his
wishes lie contrary to it, and heedless whether it serves or crushes
him. This is the terrible meaning that lies at the foundation of the old
Greek tragedy, and makes the Œdipus and Antigone and Orestes
objects of such hopeless commiseration. They must perish, and
there is no over-god to stop or to mollify this hideous enginery that
grinds or thunders, and snatches them up into its terrific system. The
same idea makes the paralyzing terror with which the East Indian
mythology haunts the imagination. The same thought is the
predestination of the Turk. And universally, in uneducated and
unreflecting persons on whom too the religious sentiment exerts little
force, we discover traits of the same superstition: “If you balk water
you will be drowned the next time;” “if you count ten stars you will fall
down dead;” “if you spill the salt;” “if your fork sticks upright in the
floor;” “if you say the Lord’s prayer backwards,”—and so on, a
several penalty, nowise grounded in the nature of the thing, but on
an arbitrary will. But this terror of contravening an unascertained and
unascertainable will, cannot coexist with reflection: it disappears with
civilization, and can no more be reproduced than the fear of ghosts
after childhood. It is discriminated from the doctrine of Philosophical
Necessity herein: that the last is an Optimism, and therefore the
suffering individual finds his good consulted in the good of all, of
which he is a part. But in destiny, it is not the good of the whole or
the best will that is enacted, but only one particular will. Destiny
properly is not a will at all, but an immense whim; and this the only
ground of terror and despair in the rational mind, and of tragedy in
literature. Hence the antique tragedy, which was founded on this
faith, can never be reproduced.
After reason and faith have introduced a better public and private
tradition, the tragic element is somewhat circumscribed. There must
always remain, however, the hindrance of our private satisfaction by
the laws of the world. The law which establishes nature and the
human race, continually thwarts the will of ignorant individuals, and
this in the particulars of disease, want, insecurity and disunion.
But the essence of tragedy does not seem to me to lie in any list of
particular evils. After we have enumerated famine, fever, inaptitude,
mutilation, rack, madness and loss of friends, we have not yet
included the proper tragic element, which is Terror, and which does
not respect definite evils but indefinite; an ominous spirit which
haunts the afternoon and the night, idleness and solitude.
A low, haggard sprite sits by our side, “casting the fashion of
uncertain evils”—a sinister presentiment, a power of the imagination
to dislocate things orderly and cheerful and show them in startling
array. Hark! what sounds on the night wind, the cry of Murder in that
friendly house; see these marks of stamping feet, of hidden riot. The
whisper overheard, the detected glance, the glare of malignity,
ungrounded fears, suspicions, half-knowledge and mistakes, darken
the brow and chill the heart of men. And accordingly it is natures not
clear, not of quick and steady perceptions, but imperfect characters
from which somewhat is hidden that all others see, who suffer most
from these causes. In those persons who move the profoundest pity,
tragedy seems to consist in temperament, not in events. There are
people who have an appetite for grief, pleasure is not strong enough
and they crave pain, mithridatic stomachs which must be fed on
poisoned bread, natures so doomed that no prosperity can soothe
their ragged and dishevelled desolation. They mis-hear and mis-
behold, they suspect and dread. They handle every nettle and ivy in
the hedge, and tread on every snake in the meadow.
“Come bad chance,
And we add to it our strength,
And we teach it art and length,
Itself o’er us to advance.”
Frankly, then, it is necessary to say that all sorrow dwells in a low
region. It is superficial; for the most part fantastic, or in the
appearance and not in things. Tragedy is in the eye of the observer,
and not in the heart of the sufferer. It looks like an insupportable load
under which earth moans aloud. But analyze it; it is not I, it is not
you, it is always another person who is tormented. If a man says, Lo!
I suffer—it is apparent that he suffers not, for grief is dumb. It is so
distributed as not to destroy. That which would rend you falls on
tougher textures. That which seems intolerable reproach or
bereavement, does not take from the accused or bereaved man or
woman appetite or sleep. Some men are above grief, and some
below it. Few are capable of love. In phlegmatic natures calamity is
unaffecting, in shallow natures it is rhetorical. Tragedy must be
somewhat which I can respect. A querulous habit is not tragedy. A
panic such as frequently in ancient or savage nations put a troop or
an army to flight without an enemy; a fear of ghosts; a terror of
freezing to death that seizes a man in a winter midnight on the
moors; a fright at uncertain sounds heard by a family at night in the
cellar or on the stairs,—are terrors that make the knees knock and
the teeth clatter, but are no tragedy, any more than seasickness,
which may also destroy life. It is full of illusion. As it comes, it has its
support. The most exposed classes, soldiers, sailors, paupers, are
nowise destitute of animal spirits. The spirit is true to itself, and finds
its own support in any condition, learns to live in what is called
calamity as easily as in what is called felicity; as the frailest glass-
bell will support a weight of a thousand pounds of water at the
bottom of a river or sea, if filled with the same.
A man should not commit his tranquillity to things, but should keep
as much as possible the reins in his own hands, rarely giving way to
extreme emotion of joy or grief. It is observed that the earliest works
of the art of sculpture are countenances of sublime tranquillity. The
Egyptian sphinxes, which sit to-day as they sat when the Greek
came and saw them and departed, and when the Roman came and
saw them and departed, and as they will still sit when the Turk, the
Frenchman and the Englishman, who visit them now, shall have
passed by,—“with their stony eyes fixed on the East and on the Nile,”
have countenances expressive of complacency and repose, an
expression of health, deserving their longevity, and verifying the
primeval sentence of history on the permanency of that people,
“Their strength is to sit still.” To this architectural stability of the
human form, the Greek genius added an ideal beauty, without
disturbing the seals of serenity; permitting no violence of mirth, or
wrath, or suffering. This was true to human nature. For, in life,
actions are few, opinions even few, prayers few; loves, hatreds, or
any emissions of the soul. All that life demands of us through the
greater part of the day, is an equilibrium, a readiness, open eyes and
ears, and free hands. Society asks this, and truth, and love, and the
genius of our life. There is a fire in some men which demands an
outlet in some rude action; they betray their impatience of quiet by
an irregular Catalinarian gait; by irregular, faltering, disturbed
speech, too emphatic for the occasion. They treat trifles with a tragic
air. This is not beautiful. Could they not lay a rod or two of stone wall,
and work off this superabundant irritability? When two strangers
meet in the highway, what each demands of the other is that the
aspect should show a firm mind, ready for any event of good or ill,
prepared alike to give death or to give life, as the emergency of the
next moment may require. We must walk as guests in nature; not
impassioned, but cool and disengaged. A man should try Time, and
his face should wear the expression of a just judge, who has nowise
made up his opinion, who fears nothing, and even hopes nothing,
but who puts nature and fortune on their merits: he will hear the case
out, and then decide. For all melancholy, as all passion, belongs to
the exterior life. Whilst a man is not grounded in the divine life by his
proper roots, he clings by some tendrils of affection to society—
mayhap to what is best and greatest in it, and in calm times it will not
appear that he is adrift and not moored; but let any shock take place
in society, any revolution of custom, of law, of opinion, and at once
his type of permanence is shaken. The disorder of his neighbors
appears to him universal disorder; chaos is come again. But in truth
he was already a driving wreck, before the wind arose which only
revealed to him his vagabond state. If a man is centred, men and
events appear to him a fair image or reflection of that which he
knoweth beforehand in himself. If any perversity or profligacy break
out in society, he will join with others to avert the mischief, but it will
not arouse resentment or fear, because he discerns its impassable
limits. He sees already in the ebullition of sin the simultaneous
redress.
Particular reliefs also, fit themselves to human calamities; for the
world will be in equilibrium, and hates all manner of exaggeration.
Time, the consoler, Time, the rich carrier of all changes, dries the
freshest tears by obtruding new figures, new costumes, new roads,
on our eye, new voices on our ear. As the west wind lifts up again
the heads of the wheat which were bent down and lodged in the
storm, and combs out the matted and dishevelled grass as it lay in
night-locks on the ground, so we let in time as a drying wind into the
seed-field of thoughts which are dark and wet and low bent. Time
restores to them temper and elasticity. How fast we forget the blow
that threatened to cripple us. Nature will not sit still; the faculties will
do somewhat; new hopes spring, new affections twine and the
broken is whole again.
Time consoles, but Temperament resists the impression of pain.
Nature proportions her defence to the assault. Our human being is
wonderfully plastic; if it cannot win this satisfaction here, it makes
itself amends by running out there and winning that. It is like a
stream of water, which is dammed up on one bank, overruns the
other, and flows equally at its own convenience over sand, or mud,
or marble. Most suffering is only apparent. We fancy it is torture; the
patient has his own compensations. A tender American girl doubts of
Divine Providence whilst she reads the horrors of “the middle
passage;” and they are bad enough at the mildest; but to such as
she these crucifixions do not come: they come to the obtuse and
barbarous, to whom they are not horrid, but only a little worse than
the old sufferings. They exchange a cannibal war for the stench of
the hold. They have gratifications which would be none to the
civilized girl. The market-man never damned the lady because she
had not paid her bill, but the stout Irishwoman has to take that once
a month. She however never feels weakness in her back because of
the slave-trade. This self-adapting strength is especially seen in
disease. “It is my duty,” said Sir Charles Bell, “to visit certain wards
of the hospital where there is no patient admitted but with that
complaint which most fills the imagination with the idea of
insupportable pain and certain death. Yet these wards are not the
least remarkable for the composure and cheerfulness of their
inmates. The individual who suffers has a mysterious
counterbalance to that condition, which, to us who look upon her,
appears to be attended with no alleviating circumstance.” Analogous
supplies are made to those individuals whose character leads them
to vast exertions of body and mind. Napoleon said to one of his
friends at St. Helena, “Nature seems to have calculated that I should
have great reverses to endure, for she has given me a temperament
like a block of marble. Thunder cannot move it; the shaft merely
glides along. The great events of my life have slipped over me
without making any demand on my moral or physical nature.”
The intellect is a consoler, which delights in detaching or putting
an interval between a man and his fortune, and so converts the
sufferer into a spectator and his pain into poetry. It yields the joys of
conversation, of letters and of science. Hence also the torments of
life become tuneful tragedy, solemn and soft with music, and
garnished with rich dark pictures. But higher still than the activities of
art, the intellect in its purity and the moral sense in its purity are not
distinguished from each other, and both ravish us into a region
whereinto these passionate clouds of sorrow cannot rise.
FOOTNOTES:
[5] The Dial, vol. i. p. 137.

[6] The Dial, vol. ii. p. 262.
[7] The Dial, vol. iii. p. 77.
[10] The Dial, vol. iv. p. 96.
[11] The Dial, vol. iv. p. 262.
[12] From the course on “Human Life,” read in Boston, 1839-40.
Published in The Dial, vol. iv. p. 515.
TRANSCRIBER’S NOTE
Obvious typographical errors and punctuation errors have been

corrected after careful comparison with other occurrences within
the text and consultation of external sources.
Some hyphens in words have been silently removed, some added,

when a predominant preference was found in the original book.
Except for those changes noted below, all misspellings in the text,
and inconsistent or archaic usage, have been retained.
Pg. 100: ‘χόσμος’ replaced by ‘Κόσμος’.

Pg. 211: ‘ageeably entertained’ replaced by ‘agreeably entertained’.
*** END OF THE PROJECT GUTENBERG EBOOK NATURAL
HISTORY OF INTELLECT, AND OTHER PAPERS ***
Updated editions will replace the previous one—the old editions

will be renamed.
Creating the works from print editions not protected by U.S.

copyright law means that no one owns a United States copyright
in these works, so the Foundation (and you!) can copy and
distribute it in the United States without permission and without
paying copyright royalties. Special rules, set forth in the General
Terms of Use part of this license, apply to copying and
distributing Project Gutenberg™ electronic works to protect the
PROJECT GUTENBERG™ concept and trademark. Project
Gutenberg is a registered trademark, and may not be used if
you charge for an eBook, except by following the terms of the
trademark license, including paying royalties for use of the
Project Gutenberg trademark. If you do not charge anything for
copies of this eBook, complying with the trademark license is
very easy. You may use this eBook for nearly any purpose such
as creation of derivative works, reports, performances and
research. Project Gutenberg eBooks may be modified and
printed and given away—you may do practically ANYTHING in
the United States with eBooks not protected by U.S. copyright
law. Redistribution is subject to the trademark license, especially
commercial redistribution.
START: FULL LICENSE

THE FULL PROJECT GUTENBERG LICENSE
PLEASE READ THIS BEFORE YOU DISTRIBUTE OR USE THIS WORK
To protect the Project Gutenberg™ mission of promoting the

free distribution of electronic works, by using or distributing this
work (or any other work associated in any way with the phrase
“Project Gutenberg”), you agree to comply with all the terms of
the Full Project Gutenberg™ License available with this file or
online at www.gutenberg.org/license.
Section 1. General Terms of Use and

Redistributing Project Gutenberg™
electronic works
1.A. By reading or using any part of this Project Gutenberg™
electronic work, you indicate that you have read, understand,
agree to and accept all the terms of this license and intellectual
property (trademark/copyright) agreement. If you do not agree to
abide by all the terms of this agreement, you must cease using
and return or destroy all copies of Project Gutenberg™
electronic works in your possession. If you paid a fee for
obtaining a copy of or access to a Project Gutenberg™
electronic work and you do not agree to be bound by the terms
of this agreement, you may obtain a refund from the person or
entity to whom you paid the fee as set forth in paragraph 1.E.8.
1.B. “Project Gutenberg” is a registered trademark. It may only

be used on or associated in any way with an electronic work by
people who agree to be bound by the terms of this agreement.
There are a few things that you can do with most Project
Gutenberg™ electronic works even without complying with the
full terms of this agreement. See paragraph 1.C below. There
are a lot of things you can do with Project Gutenberg™
electronic works if you follow the terms of this agreement and
help preserve free future access to Project Gutenberg™
electronic works. See paragraph 1.E below.
1.C. The Project Gutenberg Literary Archive Foundation (“the
Foundation” or PGLAF), owns a compilation copyright in the
collection of Project Gutenberg™ electronic works. Nearly all the
individual works in the collection are in the public domain in the
United States. If an individual work is unprotected by copyright
law in the United States and you are located in the United
States, we do not claim a right to prevent you from copying,
distributing, performing, displaying or creating derivative works
based on the work as long as all references to Project
Gutenberg are removed. Of course, we hope that you will
support the Project Gutenberg™ mission of promoting free
access to electronic works by freely sharing Project
Gutenberg™ works in compliance with the terms of this
agreement for keeping the Project Gutenberg™ name
associated with the work. You can easily comply with the terms
of this agreement by keeping this work in the same format with
its attached full Project Gutenberg™ License when you share it
without charge with others.
1.D. The copyright laws of the place where you are located also
govern what you can do with this work. Copyright laws in most
countries are in a constant state of change. If you are outside
the United States, check the laws of your country in addition to
the terms of this agreement before downloading, copying,
displaying, performing, distributing or creating derivative works
based on this work or any other Project Gutenberg™ work. The
Foundation makes no representations concerning the copyright
status of any work in any country other than the United States.
1.E. Unless you have removed all references to Project

Gutenberg:
1.E.1. The following sentence, with active links to, or other

immediate access to, the full Project Gutenberg™ License must
appear prominently whenever any copy of a Project
Gutenberg™ work (any work on which the phrase “Project
Gutenberg” appears, or with which the phrase “Project
Gutenberg” is associated) is accessed, displayed, performed,
viewed, copied or distributed:
This eBook is for the use of anyone anywhere in the United

States and most other parts of the world at no cost and with
almost no restrictions whatsoever. You may copy it, give it
away or re-use it under the terms of the Project Gutenberg
License included with this eBook or online at
www.gutenberg.org. If you are not located in the United
States, you will have to check the laws of the country where
you are located before using this eBook.
1.E.2. If an individual Project Gutenberg™ electronic work is

derived from texts not protected by U.S. copyright law (does not
contain a notice indicating that it is posted with permission of the
copyright holder), the work can be copied and distributed to
anyone in the United States without paying any fees or charges.
If you are redistributing or providing access to a work with the
phrase “Project Gutenberg” associated with or appearing on the
work, you must comply either with the requirements of
paragraphs 1.E.1 through 1.E.7 or obtain permission for the use
of the work and the Project Gutenberg™ trademark as set forth
in paragraphs 1.E.8 or 1.E.9.
1.E.3. If an individual Project Gutenberg™ electronic work is

posted with the permission of the copyright holder, your use and
distribution must comply with both paragraphs 1.E.1 through
1.E.7 and any additional terms imposed by the copyright holder.
Additional terms will be linked to the Project Gutenberg™
License for all works posted with the permission of the copyright
holder found at the beginning of this work.
1.E.4. Do not unlink or detach or remove the full Project

Gutenberg™ License terms from this work, or any files
containing a part of this work or any other work associated with
Project Gutenberg™.

PDF Security and Law Legal and Ethical Aspects of Public Security Cyber Security and Critical Infrastructure Security Anton Vedder Ebook Full Chapter

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

PDF Security and Law Legal and Ethical Aspects of Public Security Cyber Security and Critical Infrastructure Security Anton Vedder Ebook Full Chapter

Uploaded by

Copyright:

Available Formats

Security And Law: Legal And Ethical

Aspects Of Public Security, Cyber

Cyber Security Erickson Karnel

Critical infrastructure : homeland security and

Cyber Security Power and Technology Martti Lehto

Cyber Security Intelligence and Analytics Zheng Xu

Cyber Security in Critical Infrastructures A Game

Principles of Computer Security: CompTIA Security+ and

Socio-Political Order and Security in the Arab World:

Handbook of System Safety and Security Cyber Risk and

Legal and Ethical Aspects of Public

Cambridge – Antwerp – Chicago

Distribution for the UK and Ireland:

First published in hardcover in 2019, ISBN 978-1-78068-889-3

Cover image: Thatsaphon Saengnarongrat / Alamy Stock Photo

List of Contributors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiii

5.2. National implementation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51

2.1. Attributes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 162

6. Implications of the analysis beyond type-approval legislation . . . . . . . . 207

3. The ‘by design’ turn in the European legislative framework . . . . . . . . . . 241

3. Challenges of the cyber sanctions regime . . . . . . . . . . . . . . . . . . . . . . . . . . 282

1. (Cyber)security in an interconnected international community . . . . . . . 299

Cumulative Bibliography . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 343

Alessandro Bruni is focusing his research activities primarily on communication

Pierre Dewitte mainly focuses his research on Data Protection by Design,

Charlotte Ducuing holds a master’s degree in law with specialisation in

cybersecurity and accountability in the counter-terrorism and national security

Yuliya Miadzvetskaya joined CiTiP in 2019, after having worked as an academic

Laurens Naudts is a doctoral researcher. His research focuses on the

Domenico Orlando is currently involved in two projects about smart grids

Katherine Quezada is mainly working on the MAGNETO project within CiTiP.

master’s degree of Criminology and Criminal Justice from Universidad Camilo

Jessica Schroers is a doctoral researcher at CiTiP. Her research focuses on data

Peggy Valcke is professor of technology and law at KU Leuven, CiTiP, and

Anton Vedder is a professor of IT Law at CiTiP. He is especially interested in

Plixavra Vogiatzoglou is a doctoral researcher at CiTiP and a certified lawyer

Charlotte Ducuing, Jessica Schroers and Anton Vedder

exposure. Furthermore, while security is pursued to the benefit of all, who is or

surrounding it, while security primarily is the unimpairedness of the integrity

notably relating to a spectrum of challenges, such as a problem of technical and

2. DEFINITIONS AND DISTINCTIONS

THE TRAGIC. [12]

[5] The Dial, vol. i. p. 137.

Obvious typographical errors and punctuation errors have been

Some hyphens in words have been silently removed, some added,

Pg. 100: ‘χόσμος’ replaced by ‘Κόσμος’.

Updated editions will replace the previous one—the old editions

Creating the works from print editions not protected by U.S.

START: FULL LICENSE

To protect the Project Gutenberg™ mission of promoting the

Section 1. General Terms of Use and

1.B. “Project Gutenberg” is a registered trademark. It may only

1.E. Unless you have removed all references to Project

1.E.1. The following sentence, with active links to, or other

This eBook is for the use of anyone anywhere in the United

1.E.2. If an individual Project Gutenberg™ electronic work is

1.E.3. If an individual Project Gutenberg™ electronic work is

1.E.4. Do not unlink or detach or remove the full Project

You might also like