Gendered hate speech, data breach and state overreach

Cybersecurity is more inclusive, more resilient and more effective when it actively and deliberately considers the threats, risks and harms that all users might face when they interact with cyberspace and digital technologies. This means recognizing that different groups of people – depending on age, socio-economic status or gender, among many other factors – experience cyberspace, and harms in cyberspace, in different ways. This paper focuses on gendered cyber harms specifically. There are three main kinds of cyber harm that have different impacts depending on a person’s gender: hate speech (often via online harassment and abuse) and other content-based harms such as disinformation; data breach (privacy violations through the hacking or leaking of personal or sensitive data); and state overreach (for example, cybercrime laws or other legislation reinforcing discriminatory gender norms online). Studies of these gendered cyber harms have so far overlooked how each kind of harm interacts with the others. Understanding the interactions between hate speech, data breach and state overreach will contribute to better policy responses that view cybersecurity holistically, incorporating offline gendered dynamics and concerns into assessments of security risks. This paper analyses the connections between gendered cyber harms in six countries: the US, Poland, Uganda, Indonesia, Egypt and Brazil. This does not mean that gendered cyber harms occur only in these six countries, or that the prevalence or severity of such harms is exceptional there: the selection of countries is designed to show that gendered cyber harms are happening worldwide, across varying social and political contexts. The paper argues that gendered cyber harms are cascading and compounding. They are cascading because one form of gendered cyber harm leads to another. They are compounding because such cascades increase the impact on the people affected. Simply put, harms give rise to deeper harms. Understanding gendered cyber harms in this way leads to an appreciation of how offline and online gendered harms interact and intersect, thus reinforcing one another. For example, cyber threats to LGBTIQ+ people and communities might be an early indicator of a wider shift in negative government policies and attitudes to diverse gender expression in general. By identifying and understanding the connections between gendered cyber harms, states can, through policy and practice, better counter and mitigate these harms. The paper therefore makes the following policy recommendations:Combine technical, social and individual factors when analysing cyber threat and risk. All three factors facilitate gendered cyber harms and contribute to their impact, and so the analysis of cyber threat, risk and vulnerability should be equally significant.Prioritize the protection of at-risk, marginalized and minoritized groups so that their security is treated as seriously as that of other national security assets and interests. In practice, this entails improving data protection, privacy rights and cyber hygiene for everyone, especially vulnerable and at-risk groups. While this is not a gender-specific recommendation, it advances gender equality indirectly by ensuring that protection of vulnerable and at-risk groups is a priority.Adopt a gender-sensitive and human-centred approach to cybersecurity and cybercrime policy, legislation and strategy. Gender-sensitive policy and implementation help states to counter rather than (inadvertently) exacerbate or introduce new gendered harms.Increase knowledge and coordination across different agencies and organizations working on cyber. To avoid contradictions in policy and practice, states should institutionalize coordination between organizations and teams working on technical cybercrime, cybercrime legislation, gender policy and measures to counter disinformation.