The challenge of discouraging undesirable conduct in cyberspace is, in many respects, similar to the management of misconduct ‘on the ground’. In terrestrial space, most social control is informal. Cultures— whether they are cultures of indigenous peoples or of the modern university—have their social norms, to which most of their members adhere. Minor transgressions tend to elicit expressions of disapproval, while more serious misconduct may be met with ridicule, ostracism, some form of ‘payback’ or expulsion from the group or organisation.
With the rise of the modern state, formal institutions of social control have evolved to provide rules of behaviour, forums for the resolution of disputes between citizens and institutions for policing, prosecution, adjudication and punishment of the most serious transgressions. However, it is now generally accepted that governmental agencies of social control are neither omnipresent nor omnipotent, thus creating a demand for supplementary policing and security services. ese state institutions are accompanied by a variety of non-state bodies that ‘coproduce’ security. Such entities vary widely in size and role, from large private security agencies and the manufacturers and distributors of technologies such as closed-circuit television (CCTV), to the good friend who keeps an eye on her neighbour’s house at vacation time.
is wider notion of policing terrestrial space has been nicely articulated by scholars such as Bayley and Shearing (1996) and Dupont (2006) (see also Brewer, Chapter 26, this volume).
Cyberspace di ers only slightly from terrestrial space in its response to antisocial behaviour. Most of us who use digital technology do the right thing not because we fear the long arm of the law in response to misconduct, but, rather, because we have internalised the norms that prevail in our culture (on compliance generally, see Parker and Nielsen, Chapter 13, this volume). Most of us take reasonable precautions to safeguard things of value that might exist in digital form. Nevertheless, because there are deviant subcultures whose members do not comply with wider social norms, and nonchalant citizens who are careless with their digital possessions, there is a need for formal institutions of social control in cyberspace. So, too, is there a need for the coproduction of cybersecurity.
One characteristic of cyber-deviance that di ers signi cantly from terrestrial misconduct is that cross-national activity is much more common. Very early on in the digital age it was said that ‘cyberspace knows no borders’. e nature of digital technology is such that one may target a device or system physically located on the other side of the world just as easily as one in one’s own hometown. A successful response to transnational cybercrime thus requires a degree of cooperation between states—cooperation that may not be automatically forthcoming.
e governance of cyberspace is no less a pluralistic endeavour than is the governance of physical territory. is chapter will provide an overview of regulatory and quasi-regulatory institutions that currently exist to help secure cyberspace. In addition to state agencies, we will discuss a constellation of other actors and institutions, some of which cooperate closely with state authorities and others that function quite independently. ese range from large commercial multinationals such as Microsoft, Google and Symantec; other non-governmental entities such as computer emergency response teams (CERTs); groups like Spamhaus and the Anti-Phishing Working Group; and hybrid entities such as the Virtual Global Task Force and End Child Prostitution, Child Pornography and Tra cking of Children for Sexual Purposes (ECPAT), both of which target online child sexual abuse. In addition, there are independent, ‘freelance’ groups such as Cyber Angels, which exist to promote cybersafety, and ad hoc, transitory collectives that engage in independent patrolling and investigation of cyberspace.
Other groups, such as Anonymous, and whistleblowers such as Edward Snowden, challenge apparent cyberspace illegality with sometimes questionable methods of their own. Anonymous attacked sites related to child pornography in 2011 (Operation Darknet) and Edward Snowden’s disclosures revealed questionable practices by the US National Security Agency.
e next section of this chapter will brie y review some of the more important published works on the social regulation of digital technology. We will then discuss, in order, state, private and hybrid regulatory orderings. e chapter will conclude with some observations on regulatory orderings in cyberspace, through the lens of regulatory pluralism.