Download PaperCybersecurity has become a top priority for policymakers these days, but as the engineering saying goes: “if you don’t know what you want, it’s hard to do it right.” This paper finds considerable shortcomings in current conceptual and legal frameworks for communications security policymaking. The misleading concept of cybersecurity incorporates a wide range of social issues under its umbrella, such as child protection, foreign policy and intellectual property protection. Cybersecurity distracts communications security conceptualizations and policies from the technical conception that should be at their core, i.e. ensuring confidentiality, integrity and availability of communications to authorized entities.
The paper develops a value chain approach for the conceptualization and legal governance of communications security. This value chain approach is informed by an empirical case study into HTTPS governance and multilateral security engineering methods SQUARE and MSRA. It offers a 9-step framework for granular, functional communications security conceptualizations, tailored to specific communications settings. The framework enables policymakers to devise technical security goals, apprise constitutional values, confront stakeholders interests and balance associated public and private interests. The value chain approach should assist policymakers in deciding what they want, and to know whether they are the appropriate actor to get it right.