Ethical Value-Centric Cybersecurity: A Methodology Based on a Value Graph

  • Josep Domingo-FerrerEmail author
  • Alberto Blanco-Justicia
Original Research/Scholarship


Our society is being shaped in a non-negligible way by the technological advances of recent years, especially in information and communications technologies (ICTs). The pervasiveness and democratization of ICTs have allowed people from all backgrounds to access and use them, which has resulted in new information-based assets. At the same time, this phenomenon has brought a new class of problems, in the form of activists, criminals and state actors that target the new assets to achieve their goals, legitimate or not. Cybersecurity includes the research, tools and techniques to protect information assets. However, some cybersecurity measures may clash with the ethical values of citizens. We analyze the synergies and tensions between some of these values, namely security, privacy, fairness and autonomy. From this analysis, we derive a value graph, and then we set out to identify those paths in the graph that lead to satisfying all four aforementioned values in the cybersecurity setting, by taking advantage of their synergies and avoiding their tensions. We illustrate our conceptual discussion with examples of enabling technologies. We also sketch how our methodology can be generalized to any setting where several potentially conflicting values have to be satisfied.


Cybersecurity Ethics Privacy Fairness Autonomy 



  1. AFP. (2018). German spies can keep monitoring internet hubs, court rules. The
  2. Bamberger, W. (2010). Interpersonal trust—Attempt of a definition. Scientific Report, Technical University Munich.Google Scholar
  3. Bier, E., Chow, R., Golle, P., Holloway King, T., & Staddon, J. (2009). The rules of redaction: Identify, protect, review (and repeat). IEEE Security & Privacy, 7(6), 46–53.CrossRefGoogle Scholar
  4. Blanco-Justicia, A., & Domingo-Ferrer, J. (2016). Privacy-aware loyalty programs. Computer Communications, 82, 83–94.CrossRefGoogle Scholar
  5. Blanco-Justicia, A., & Domingo-Ferrer, J. (2018). Efficient privacy-preserving implicit authentication. Computer Communications, 125, 13–23.CrossRefGoogle Scholar
  6. Brands, S. (1994). Untraceable off-line cash in wallet with observers. In CRYPTO’93 (pp. 302–318). Berlin: Springer.Google Scholar
  7. Bundesverfassungsgericht. (1983). BVerfGE 65,1 - Volkszählungsurteil. 15 December. Retrieved September 22, 2019.
  8. Danezis, G., Domingo-Ferrer, J., Hansen, M., Hoepman, J.-H., Le Métayer, D., Tirtea, R., et al. (2015). Privacy and data protection by design-from policy to engineering. Heraklion: European Union Agency for Network and Information Security.Google Scholar
  9. De Pietro, C., & Francetic, I. (2018). E-health in Switzerland: The laborious adoption of the federal law on electronic health records (EHR) and health information exchange (HIE) networks. Health Policy, 122(2), 69–74.CrossRefGoogle Scholar
  10. Domingo-Ferrer, J., Blanco, A., Parra-Arnau, J., Herrmann, D., Kirichenko, A., Sullivan, S., Patel, A., Bangerter, E., & Inversini, R. (2017). CANVAS white paper 4-technological challenges in cybersecurity. The CANVAS project. Retrieved September 22, 2019.
  11. Domingo-Ferrer, J., & Mateo-Sanz, J. M. (2002). Practical data-oriented microaggregation for statistical disclosure control. IEEE Transactions on Knowledge and Data Engineering, 14(1), 189–201.CrossRefGoogle Scholar
  12. Domingo-Ferrer, J., Wu, Q., & Blanco-Justicia, A. (2015). Flexible and robust privacy-preserving implicit authentication. In IFIP SEC 2015 (pp. 18–34). Springer.Google Scholar
  13. EU Scientific Advice Mechanism. (2016). Scoping paper: Cybersecurity. High Level Group of Scientific Advisors.Google Scholar
  14. EU Scientific Advice Mechanism. (2017). Cybersecurity in the European digital single market. High Level Group of Scientific Advisors, Scientific Opinion No. 2.Google Scholar
  15. European Commission. (2013). Cybersecurity strategy of the European Union: An open, safe and secure cyberspace. Communication from the Commission to the European Parliament, the Council, the European Economic and Social Committee and the Committee of the Regions.Google Scholar
  16. European Union. (2016). General data protection regulation. Regulation (EU) 2016/679. Retrieved September 22, 2019.
  17. Floridi, L., & Cowls, J. (2019). A unified framework of five principles for AI in society. Harvard Data Science Review, 1.
  18. Fung, B. (2018). The FCC’s net neutrality rules are officially repealed today. Here’s what that really means. The Washington Post.Google Scholar
  19. Hajian, S., & Domingo-Ferrer, J. (2013). A methodology for direct and indirect discrimination prevention in data mining. IEEE Transactions on Knowledge and Data Engineering, 25(7), 1445–1459.CrossRefGoogle Scholar
  20. Hajian, S., Domingo-Ferrer, J., & Farràs, O. (2014). Generalization-based privacy preservation and discrimination prevention in data publishing and mining. Data Mining and Knowledge Discovery, 28(5–6), 1158–1188.CrossRefGoogle Scholar
  21. Hajian, S., Domingo-Ferrer, J., Monreale, A., Pedreschi, D., & Giannotti, F. (2015). Discrimination and privacy-aware patterns. Data Mining and Knowledge Discovery, 29(6), 1733–1782.CrossRefGoogle Scholar
  22. Hoepman, J. -H. (2014). Privacy design strategies (extended abstract). In IFIP SEC 2014 (pp. 446–459). Springer.Google Scholar
  23. Hundepool, A., Domingo-Ferrer, J., Franconi, L., Giessing, S., Schulte Nordholt, E., Spicer, K., et al. (2012). Statistical disclosure control. Hoboken: Wiley.CrossRefGoogle Scholar
  24. Koops, B. -J. (2013) Crypto law survey. Version 27.0. February. Retrieved September 19, 2019.
  25. Loi, M., Christen, M., Kleine, N., & Weber, K. (2019). Cybersecurity in health—Disentangling value tensions. Journal of Information, Communication and Ethics in Society, 17(2), 229–245.CrossRefGoogle Scholar
  26. Ma, A. (2018). China has started ranking citizens with a creepy ’social credit’ system—Here’s what you can do wrong, and the embarrassing, demeaning ways they can punish you. Business Insider.
  27. Nakashima, E. (2016). Apple vows to resist FBI demand to crack iPhone linked to San Bernardino attacks. Washington Post.Google Scholar
  28. New Oxford American Dictionary. (2015). 3rd edition. Oxford: Oxford University Press.Google Scholar
  29. OWASP—Open Web Application Security Project. (2019). Retrieved September 19, 2019.
  30. Project Shield—Protecting news from digital attacks. (2019). Retrieved September 19, 2019.
  31. Riera-Jorba, A., & Castellà-Roca, J. (2007). Secure remote electronic voting system and cryptographic protocols and computer programs employed. U. S. Patent No. 7,260,552.Google Scholar
  32. Robinson, S. L. (1996). Trust and breach of the psychological contract. Administrative Science Quarterly, 41(4), 574–599.CrossRefGoogle Scholar
  33. Rogaway, P. (2015). The moral character of cryptographic work. IACR Cryptology ePrint Archive, Report 2015/1162. Retrieved September 22, 2019.
  34. The EU H2020-700540 “CANVAS” project (2016–2019).
  35. The Spamhaus Project. (2019). Retrieved September 19, 2019.
  36. The Tor Project. (2019). Retrieved September 19, 2019.
  37. UN General Assembly. (1948). Universal declaration of human rights. Accessed 22 Sept 2019.
  38. U.S. Department of Homeland Security. (2009). A roadmap for cybersecurity research. Retrieved September 22, 2019.
  39. Warren, L., & Warren, S. (1890). The right to privacy. Harvard Law Review, 4(5), 193–220.CrossRefGoogle Scholar
  40. Warren, T. (2015) UK government could ban encrypted communications with new surveillance powers. The Verge.
  41. Wassenaar Arrangement. (1995) The Wassenaar Arrangement on export controls for conventional arms and dual-use goods and technologies. Retrieved September 19, 2019.
  42. Westin, A. F. (1970). Privacy and freedom. New York: Atheneum.Google Scholar

Copyright information

© Springer Nature B.V. 2019

Authors and Affiliations

  1. 1.Department of Computer Engineering and Mathematics, CYBERCAT-Center for Cybersecurity Research of Catalonia, UNESCO Chair in Data PrivacyUniversitat Rovira i VirgiliTarragonaCatalonia

Personalised recommendations