The role of the private sector in combatting gendered cyber harms

This research paper argues that private sector actors play a crucial part in generating, enabling and mitigating gendered cyber harms. They can both seriously endanger and meaningfully advance gender-transformative cybersecurity – cybersecurity defined broadly to challenge harmful gender norms, roles and realities, and to consider a wide range of gendered harms experienced in cyberspace. The private sector has a crucial role to play in advancing gender-transformative cybersecurity. As developers, designers and deployers of technology, they bear significant responsibility for ensuring that their technologies do not lead to, or exacerbate, gendered cyber harms. Given these important responsibilities, private sector actors should commit to recognizing and addressing such harms and advancing a stable, secure cyberspace for all. Technology design choices have implications for security at all levels: from an individual’s experience of cybersecurity to the implications of technology for national and international security. Features of technology design can be commercialized and ‘weaponized’ by third parties. However, technologies developed by the private sector can also be redesigned and readapted for new contexts, including those that seek directly to counter or mitigate gendered cyber harms. Design and redesign choices about technologies and the protections afforded to users do not take place in a vacuum. They are influenced by a complex array of internal and external pressures on those responsible for developing and deploying those technologies, ranging from gendered assumptions to public outcry and criticism. Choices made in this process can contribute to gendered cyber harms by incorporating explicit and implicit gendered structures, ideals and assumptions, which are then propagated and reinforced as technologies are adopted – even if inadvertently. Chapters 1 and 2 of this paper consider the complex interactions between gender, technology design, the private sector and security. The paper then presents a series of case studies showing the real-world effects of gendered cyber harms. Chapter 3 documents cyber harms experienced by queer social media users in Nigeria and South Africa, while Chapter 4 exposes how these harms can be generated through the commercialization and ‘weaponization’ of sensitive data – with reference to examples from the US and the Middle East and North Africa. Chapter 5 shows how technologies can be used to improve cybersecurity and combat gender-based violence, citing examples from South Korea and India. The paper then concludes with a set of recommendations for private sector stakeholders seeking to design and deploy secure and gender-transformative technologies. Specific measures include:Critically evaluating data sharing and cooperation with state entities, adopting a human rights and gender perspective to map potential harms;Assessing the efficacy of user privacy and data sharing settings for all technologies, and the accessibility and ease of changing those options;Mapping technological relationships with commercial partners and potential risks;Implementing additional technical features and mitigations that enable users to reduce risks;Incorporating user experiences and feedback into technology design, redesign and readaptation; andBuilding independent internal gender expertise and connecting to international networks seeking to establish and promote best practices.