Skip to main content
Cybersecurity

Cybersecurity Reframing Fuels Governance Risks

Empty chairs surround a podium in a formal conference room with subtle digital technology hints.

"Cybersecurity is experiencing mission creep," the Article states, and it proceeds to show how an expanding lens — one that treats many social and regulatory problems as security threats because they appear through digital technologies — reshapes policy debate and governance.

Misinformation, child social media safety laws, and antitrust recast as cybersecurity

The Article documents a pattern in which policymakers "are casting more and more problems as issues of cybersecurity." It names specific domains now being reframed: misinformation, child social media safety laws, antitrust regulations, alleged journalist misconduct, and anti‑sex trafficking statutes. Once those problems are reframed as technical or cybersecurity threats, the Article argues, they become what it calls "cybersecuritized." That single label lifts otherwise distinct policy questions into a common register dominated by urgency, exception, and the language of threat.

How cybersecuritization changes the politics and law

According to the Article, when cybersecuritization "positions the issues as threats intensified by their technological nature," those issues "gain access to the politics and law of urgency and exceptionalism and invite troubling governance responses." The effect is procedural and normative: problems that previously appeared important but non‑existential begin to draw on legal and political tools reserved for immediate or exceptional threats. That reprioritization changes both the instruments policymakers use and the speed and secrecy with which decisions are made.

Oversimplification, unidimensional solutions, and legal trump cards

The Article warns that cybersecuritization "endows [issues] with the apparent normative power to override countervailing considerations," producing an oversimplified view of complex problems. The reductive tendency risks promoting "unidimensional solutions" and invites the use of "argumentative trump cards, like First Amendment challenges." In other words, reframing a dispute as a cybersecurity issue can compress debates into binary frames — security versus permissiveness — and drive courts and legislatures toward stark legal confrontations rather than calibrated policy tradeoffs.

Deference to specialists and opaque governance

Another core contention in the Article is that cybersecuritization "invites deference to purported specialists and their proposed solutions." That deference, coupled with the reductive framing, makes ultimate governance choices "more opaque" and risks eroding "public trust and political legitimacy." The Article connects the opacity to both a shift in who sets agendas — specialists rather than broader democratic deliberation — and to the public perception that extraordinary measures are justified simply because a problem wears a digital label.

What this means for policymakers, technologists, and the public

  • Policymakers and regulators: The Article implies they will confront pressure to adopt security‑framed responses across widely different policy areas and must decide whether to accept the urgency and exceptionalism that cybersecuritization carries.
  • Technologists and security teams: They may be called upon more frequently as arbiters of policy because cybersecuritization "invites deference to purported specialists," placing technical actors in roles that involve normative tradeoffs beyond technical fixes.
  • The general public and civic actors: As governance becomes more opaque and decisions are justified by cybersecurity framing, public trust and political legitimacy may erode unless the broader democratic process reengages these debates outside the security frame.

The Article mines cases "from across criminal and civil domains" to demonstrate the "insidiousness of cybersecuritization" and concludes the trend is likely to continue. That prognosis leads to a prescriptive warning: "If we continue to ignore it, we risk abdicating further responsibility for difficult choices to the trump card of cybersecurity." The Article proposes a novel analytic framework to name and critique the phenomenon and, in doing so, to "help reclaim the hard work of governance for our hands."

The central question the Article leaves before readers is concrete. If problems dressed in digital terms can so readily borrow the extraordinary weight of cybersecurity, who will insist on the democratic, pluralistic deliberations that ordinary policy tradeoffs require? The Article's answer is at once narrow and ambitious: recognize the pattern, analyze it with the framework offered, and resist surrendering difficult social choices to the rhetorical and institutional shortcuts of cybersecuritization.

Read the original Article