In the world of cybersecurity, humanities research plays an integral role
Communications professor Andrea Zeffiro’s research helps bring a human perspective to cyber technology and network systems
BY Sara Laux
January 16, 2023
Cybersecurity is just a matter of better technology and more robust networks: stronger programming and more diligent privacy protections.
Right?
Wrong, says Andrea Zeffiro, an assistant professor in the Faculty of Humanities’ department of communication studies and media arts.
Zeffiro points out that networks, infrastructure and systems are protected — but the non-technological factors that impact how people experience cyber insecurity aren’t taken into account because they don’t align with current perceptions of what cyber safety actually is.
“Current cybersecurity is all about keeping our networks secure, but I’m trying to encourage more heterogeneous approaches to solving cybersecurity problems,” she explains.
“We’ve only been looking at the issue through a technology lens — and that’s important, but we’re missing the human factor about how people are being targeted or disproportionately impacted by data breaches and other forms of cyber-crime.”
That’s why Zeffiro’s current research tries to bring a human lens to the perception and mitigation of cyber security risks — and that involves looking at digital safety in a whole new way.
The problem with a strictly systems-based approach, says Zeffiro, who is also the academic director of the Lewis and Ruth Sherman Centre for Digital Scholarship, is that cyber-insecurity — and current approaches to mitigating risk — aren’t equitably distributed across society.
And that means that one-size-fits-all protective measures aren’t going to work for everyone — leaving both people and systems vulnerable.
Two-factor authentication, for example — where a code is texted to a cellphone in order to log on to a website or app — presumes that everyone has or is able to use a cellphone. Unauthorized access to a network is an acknowledged cyber threat, but gender-based forms of violence like revenge porn are also examples of online risks.
With those considerations, there’s a place for the humanities in developing approaches and policies for cybersecurity.
Currently, Zeffiro is working with a SSHRC Insight Development grant to look specifically at data breaches, how they’re presented in the media and what that means to the overall understanding of what data breaches are and what they signify for society as a whole.
“Data breaches are presented as exceptional to the ordinary function of a network, but networks aren’t and can’t be inherently secure — so breaches aren’t actually exceptions,” explains Zeffiro. “Presenting data breaches as ‘abnormal,’ though, allows stronger monitoring measures to be put in place in the name of security.”
The language used to describe data breaches, she points out, has shifted from analogies of biological threats like viruses, to narratives focusing on crime, like “information theft,” to linking data breaches with wider geopolitical security crises — and this kind of crisis-focused description means that people are more willing to accept higher levels of online surveillance.
“This logic is at the core of surveillance capitalism,” points out Zeffiro. “Even with the proliferation of news stories about the risks associated with pervasive data extraction and monetization, it is impractical to assume that people can simply opt-out. Certainly, we can adopt better security practices to keep our data secure — but there are embedded power dynamics that we’re taking for granted.”
“Reframing our understanding of data breaches can affect how we respond to surveillance and personal data collection.”
Since Zeffiro’s SSHRC research is about how society understands ideas around data and data breaches, it makes sense that she and her research team are also exploring entirely new ways to express those ideas. Currently, the team is working on an experimental media arts piece that turns the language used to talk about data breaches into sound.
“This involves feeding a language analysis into a spreadsheet — how a data breach is described in a news article, for example — then running that data through software that turns it into a sound composition,” explains Zeffiro. “I am interested in how sonification — the process of turning data into sound — can affect how we perceive and understand these events. What does a data breach sound like? And does the sound change if our descriptive language changes?”
Ultimately, Zeffiro wants her research to challenge the assumption that data breaches are neutral technological phenomena, and to start building a network for interdisciplinary research into critical cyber security studies.
“My research has always been about interrogating why we don’t all have access to the same thing,” she says. “There are fundamental ways in which we need to shift the balance of power — to allow people to have more agency over the kinds of tech and infrastructure that we use in our personal and professional lives.”
“Researchers in the humanities can affect change in the cyber security domain — it’s about asking people to confront something seemingly neutral like a data breach differently.”
