Discourse and Security Practice
Information security work often adopts an inward looking perspective. This means that the interests of individual organizations dominate the development of information security cultures and practices. In this project, we have approached the issue from a wider perspective, analyzing the ways in which societal values are understood and taken into account in information security practices and policies.
Within the project, we have conducted two studies. The first study, which focuses on values such as privacy and health equality, includes interviews with sixteen individuals from eleven different policy actors, all active in the development of the e-health sector in Sweden. The individual e-health account Health for me [Sw. Hälsa för mig] was used as a focal point for addressing questions related to the development of the e-health sector.
The results of the first study shows that value conflicts frequently occur in the process of developing e-health technology, particularly when privacy is perceived as an impeding on the ability to achieve goals such as higher quality health care and economic efficiency. In addition, the study shows that complex issues such as the meaning of privacy in different situations, or the ways in which the development of welfare technology affects the ability to achieve health equality, are often overlooked in the process of developing new systems.
The second study focuses on whistleblowing and freedom of communication. The study is based on a survey of officials in Swedish organizations where we asked questions concerning whistleblowing and freedom of communication in relation to information security work. The result of the study shows high levels of acceptance for whistleblowing within organizations. However, acceptance is low for employees disclosing information about serious wrongdoings to the media (i.e. exercising freedom of communication). Despite the low acceptance for disclosing information to the media, the support for freedom of communication as a societal value is high. In addition, the study shows support for the idea that whistleblowing procedures should be part of the information security culture of organizations.
The result of the project points to the need for developing guidelines and policies that better safeguards fundamental human rights and democratic values, such as privacy and whistleblowing, in developing information security systems. Furthermore, new research projects ought to be developed that focus on structures and perceptions within the information security sector and how these relate to issues of democracy and human rights in the development of information security cultures and new information systems.