Dutch Political Parties' Aspirations for Cyberspace Governance - A test to the Pathetic Dot Theory

Faculty of Governance and Global Affairs

Dutch Political Parties’ Aspirations for

Cyberspace Governance

A test to the Pathetic Dot Theory

10-06-2018

Boudewijn Bongaerts Leiden University

MSc Crisis and Security Management Supervisor: Dr. E. de Busser

TABLE OF CONTENT

1. INTRODUCTION 3

1.1RELEVANCE 6

2. THEORETICAL FRAMEWORK 7

2.1POLITICAL PARTIES ROLE 7

2.1.1FUNCTION OF PARTY PROGRAMS 8

2.2GOVERNANCE 9

2.2.1POLITICAL PARTIES LINK WITH GOVERNANCE 10

2.3HUMAN BEHAVIOR:PATHETIC DOT THEORY 11

2.3.1MODALITY:LAW 13

2.3.2MODALITY:MARKET 13

2.3.3MODALITY:SOCIAL NORMS 14

2.3.4MODALITY:ARCHITECTURE 14

2.4CYBERSPACE 15

2.5REVIEW ON THE LAW OF THE HORSE 16

2.6POWER TRANSITION 19

2.7LINKING THE CONCEPTS 20

2.8DUTCH GOVERNANCE OF CYBER SECURITY 21

2.9CYBERSPACE GOVERNANCE:THE CURRENT APPROACH 24

3. METHODOLOGY 26

3.1RESEARCH METHOD 26

3.2CASE SELECTION 27

3.3RESEARCH DESIGN 28

3.4DATA COLLECTION METHOD 28

3.5OPERATIONALIZATION OF KEY CONCEPTS 29

3.6VALIDITY AND RELIABILITY 30

4. ANALYSIS: DATA EXTRACTION 31

4.1VVD 31 4.2CDA 34 4.3D66 35 4.4GROENLINKS 38 4.5PVV 40 4.6SP 40 4.7PVDA 42 4.8CU 43 4.9PVDD 45 4.1050PLUS 47 4.11SGP 48 4.12DENK 50 4.13FVD 51

5. ANALYSIS: DATA INTERPRETATION 54

5.1CYBERSPACE GOVERNANCE APPROACHES 54

5.2ASPIRED CYBERSPACE TOPICS TO REGULATE 57

5.3COMPARING THE POLITICAL PARTIES 60

5.4RANKING THE MODALITIES 64

6. CONCLUSION 67

7. BIBLIOGRAPHY 70

1. Introduction

Cyberspace has become an influential and fundamental ‘non-space’ for the well-functioning of modern societies. The urge for more investments in cybersecurity, coming from as well the public- and private- sector, is an expression of the growing importance of cyberspace as a whole. News reports in (western) societies include more and more cyber related news. Whether it is the Cambridge Analytica Facebook scandal (Greenfield, 2018) or a DDoS attack (Telegraaf, 2018) or the new General act on Data Protection Regulation coming from the European Union (Deloitte, 2018; Scally, 2018). With the tremendous pace in which cyberspace developed in the past decades, it changed the world. Nowadays 97% of Dutch citizens have access to the internet, 89% of Dutch citizens own a smartphone (CBS, 2018). The rise of cyberspace in the form of inter alia superfast internet, high-tech smartphones and big-data analyses have led to more efficiency in almost every sector (VTM Groep, 2016). Even the infrastructure of the economic sector became dependent on cyberspace. Also transport industries and financial markets, all thrive on automatic systems which are part of cyberspace (Pheijffer, 2017).

This research is an outlet of a fascination for this ‘new’ domain, which tends to keep gaining importance for practically all companies, governments and individuals. As private-, corporate- and government- life already became partly dependent on the functioning of cyberspace questions arose (Pheijffer, 2017). How do Dutch political parties aspire to regulate cyberspace? How can they influence actors protecting cyberspace? Do political parties aspire to contribute in the development of cyberspace? Academic literature has no answers to these questions, when focusing on the present situation of the Netherlands. On top of that, Eggenschwiler (2017) states that cyberspace is practically fully managed by private actors. She, together with many other academics, warn for a potential power disturbance, as a consequence of the growing dependency of societies on the well-functioning of cyberspace (Liaropoulos, 2016; Betz, 2017; Lessig, 2006). From a public administration perspective, the emergence of a mostly private-owned ‘non-space’ defining the well-functioning of a society, rather than state-private-owned institutions, is intriguing.

To better understand the governance of cyberspace from a Dutch perspective, the following research question has been conducted:

In which way do Dutch political parties aspire governance approaches for cyberspace? A test to Lessig’s Pathetic Dot Theory

This research will provide in-depth insights on how Dutch political parties aspire to influence the governance of cyberspace. It will do so by analyzing political party programs. This choice has been made because political parties have the ability (and function) to influence policy paths (Von der Dunk, 1984). Their party programs are instruments to express their plans, aimed to win votes. This democratic outlet enables citizens to steer national governments in the desired direction (Biezen van, 2004).

Extracting political parties aspirations is therefore a useful tool to determine future policy-paths. Do Dutch political parties share the concerns of academics (Lessig, 1999; Betz, 2017; Liaropoulos, 2016; et al.) that the growing importance of cyberspace leads to a potential powershift? How do they formulate their ambitions to govern cyberspace? Or do Dutch political parties lack the ambition to intervene (more) in the governance of cyberspace?

The leading hypothesis is that a power shift due to the growing importance of cyberspace asks for (more) governmental interference in cyberspace to prevent a loss of state sovereignty. This hypothesis is fueled by the findings of the to be tested theory of Lessig (1999, 2006). It is expected that political parties express their concerns concerning a power shift due to the growth of cyberspace and that aspirations are formulated to counter this potential shift.

Lawrence Lessig expressed his concerns concerning a potential powershift as a consequence of the growing dependency of society on the functioning of cyberspace already in the late ‘90’s. He substantiated his arguments by showing how different modalities possess the capabilities of regulating behavior. As new capabilities, due to the emergence of cyberspace, strengthen modality X, modality Y will simultaneously lose power (Lessig, 1998). This theory is called the Pathetic Dot Theory and the analysis of the party programs will be used to test this theory. First, an extensive Theoretical Framework will demarcate and explain all concepts relevant in this research. Furthermore, the Theoretical Framework explains the theory that will be tested during the analysis. Next to that, a concise overview of the current state of Dutch cybersecurity (governance) is provided. This information is needed for an integral understanding of the

research’s subject. The last paragraph of the Theoretical Framework expresses the academic call for public actors to intervene in the governance of cyberspace.

The third chapter is devoted to the methodology of this research. The research methods and strategy are explained, together with the case selection and data collection method. This leads to the operationalization of key concepts coming from the Theoretical Framework. Last, the research’s validity and reliability are discussed in chapter three.

Then, an analysis of the party programs is provided in chapter 4 and 5. In chapter 4 the extracted data is provided, and interim conclusions are given. Chapter 5 continues analyzing the data, by grouping it and testing it to the theory of Lessig. Finally, in chapter 6, the conclusion is given in which the research question is answered.

1.1 Relevance

For decades academics have been discussing potential threats and the impact of cyberspace on the physical world (Hansen & Nissenbaum, 2009). Lawrence Lessig is one of them and he warns for a power shift as a result of the growing importance of cyberspace in the modern-day world. It could potentially destabilize constitutional values (Lessig, 1999, p. 549; Fiegerman, 2018). By applying the Pathetic Dot Theory on the current aspirations of Dutch political parties concerning the governance of cyberspace, a contribution to the academic discourse can be provided. It does so by providing new qualitative insights concerning the Dutch situation. Therefore, this research’s academic relevance can be found in its contribution to the ongoing cyberspace discourse and academic literature.

The societal relevance can be found in the growing amount of news reports devoted to cyberspace related issues (NRC, 2018; CNN, 2018; Morgan, 2018). As the internet became as indispensable as water for the Netherlands to function (VTM Groep, 2016) it is of great societal interest to explore how political parties currently situated in the parliament see the intertwined future of the physical-space and cyberspace. Traditional borders and boundaries are diminishing due to the occurrence of the endlessly growing cyberspace (Aas, 2007). This requires (new) governmental approaches and political visions (Lessig, 1998; 1999; 2006). Analyzing the current state of political parties’ ambitions concerning the governance of cyberspace is therefore relevant for society. As the parliament has the responsibility to steer society in the desired direction, it is informative to apply political parties’ aspirations on Lessig’s four modalities. Since the political parties will fill the parliament, and the parliament will execute governance- and governing-approaches - through different modalities. Therefore, knowing which modalities are most aspired to use by political parties will expand the understanding of the future of cyberspace governance, seen from a Dutch perspective. For society, knowing more about the aspirations of the current parliament concerning the regulation of cyberspace, is valuable already in itself.

2. Theoretical Framework

In creating a solid basis from where the leading research question can be answered this framework provides conceptualizations and explanations of all relevant subjects. First, the role of political parties in society is explained. This leads towards an overview of the function of political party programs. Thereafter, governance is conceptualized and linked with political parties. The Pathetic Dot Theory is then explained. Each modality is conceptualized. Then cyberspace is demarcated and conceptualized. A review on the law of the horse, a classical theory on cyberspace regulation, is then summarized. A paragraph devoted to the potential power transition as a consequence of the growing importance of cyberspace follows. Subsequently all concepts are linked together. The last two paragraphs provide an overview of the current state of cybersecurity governance, seen from a Dutch perspective, together with an argument why cyberspace governance should be a subject of interest for Dutch political parties.

2.1 Political Parties Role

Political parties have a versatile role. Throughout the academic literature on the functions of political parties, some functions are acknowledged by many academics. These functions are articulation, aggregation, selection, representation, socialization, communication and mobilization (Bolleyer, 2011; Min. BZ, 2018; Van den Brink, 1984; Voerman, 1992; Koole, 2000).

These functions can best be derived into three groups. The first group is about selection, recruiting and socialization. It is a political party’s role to determine which people will be nominated as representatives in the parliament or other administrative functions. The socialization function is about the integration of the electorate in the political system (Voerman, 1992).

The second group contains the functions of articulation and aggregation, which can also be qualified as the function of programming (Lipschits, 1984). These functions are about the articulation of aspired policies, regulations, norms and solutions. This process leads to the creation of a broad alignment in which the party acts. It leads to the qualification of parties; for example, liberalistic versus socialistic parties. But also, the formulation of the aspired measures to be implemented during the next term of office fit within this group (Koole, 2000). This group of functions is most important within this research.

The third group contains the functions of communication and mobilization. The function of mobilization expresses the role of political parties to motivate people to use their voting rights, whereas the communication function is about informing the people about the made decisions (Min. BZ, 2018; Koole, 2000).

Within this research the second group is most relevant. It is this group of functions that lead to the formulation of the party programs in which governance and governing aspirations are formulated. These will be analyzed and tested. Some authors name specifically a policy function of political parties. Following that perspective, a political party is an instrument to translate people’s concerns, ambitions, wishes and norms into actual policies and governance approaches (Lipschits, 1984). The articulation function is more specific; as it is about transferring the concerns and wishes of the followers on to the policy agenda. The articulation and aggregation function are therefore almost synonymous for the policy function.

The first and third group are no subject of study, as they focus more on the logistics and management of parties. This research is solely interested in the aspired policies and governance approaches of the parties, therefore only the second group of functions is relevant.

2.1.1 Function of Party Programs

The party programs of Dutch political parties will be analyzed during this research. A political party’s program can best be described as an instrument which expresses the ambitions and goals of a party for the upcoming term of office (Matlosa & Shale, 2008). The second and third group of political parties’ functions are therefore related to the party program. The third group since it uses the party program as an instrument to communicate and mobilize citizens. The second group since it contains the articulation of aspired policies and the broad alignment of the party’s vision.

Moreover, a party program contains an overview of the party’s ideology as well as the main and concrete policy measures. These formulated aspired moral, policies and governance approaches are promised to be implemented after the party gets elected (Min. BZ, 2018; Matlosa & Shale, 2008).

Academics review the party program after an office term to determine to which extent political parties have kept their promises. In the Netherlands, the Central Planning Agency (CPB) also

calculates upfront an office term what the implications of a party program would be for the national budget and economic and financial sector (CPB, 2017).

Although party programs are the leading instrument for positioning a political party during election time, the actual execution of a party program is always limited in reality. This can be explained by the fact that coalition forming is (practically) always needed after elections. Compromises have to be made with other parties in order to achieve a coalition agreement (Min. BZ, 2018; Matlosa & Shale, 2008).

In recent history the value of the instrument of party programs has declined. Today, people tend to determine their vote based on politicians’ personalities and live TV debates (Aalberts, 2011). Nevertheless, the party program is still the most defining instrument for expressing the views and ambitions of political parties (Min. BZ, 2018).

2.2 Governance

Since this research is focusing on the governance of cyberspace, a conceptualization of governance is needed. Traditional governing always intended to produce policy for a population or society. In recent times, inter alia due to the rice of New Public Management, governmental regulation shifted towards the art of using governance (Koppenjan & Klijn, 2015).

Governance is used to create rules and legislation intended to solve problems, without the original (governing) scope on society or a population. Governance is in that perspective not only focusing on the functioning of the public sector, but on the functioning of systems as a whole (Enroth, 2014).

Governance is not applicable on a state, territory, or political structure, but on people, individuals or groups (Enroth, 2014, p. 61). The global trend of using more governance shows and confirms the shift of diminishing values of institutional and spatial boundaries within the modern state-society constellation (Enroth, 2014, p. 61). It is therefore often used in problems exceeding the nation state constellation. Traditional governing has difficulties in controlling market or quasi-market influences, since they function loose from the public sector. This is where governance provides solutions.

Another characteristic that underlines the difference between governance and governing is that of the role of the involved actors. The decision-making process of governing is dominated by private actors who typically interact in a top-down approach. The decision-making process of governance is arranged by the involved network, a bottom-up approach is then used (Koppenjan & Klijn, 2015,).

Furthermore, privatization and de-regulation are all concepts that ask for, and led to, more governance. Seen the borderless and intangible nature of cyberspace, the use of governance rather than traditional governing is logic and needed. Since public actors are simply not capable of controlling private actors who are not bounded to a state’s constellation (Taylor, 2015; Marsden, 2011).

The willingness of states to influence other spheres such as social welfare and environmental protection strengthened the need for using governance, as traditional governing is not capable of addressing such problems (Enroth, 2014, p. 62). Markets, networks, functionalism, collective decision making, and bottom-up-hierarchy are keywords in understanding the dynamics of governance. According to Enroth the British even refer to governance in the literature as “the hollowing-out of a state” (Enroth, 2014, p. 64).

Cyberspace governance is built upon the same principles. Finding solutions to highly complex problems that are not limited within the borders of a nation state, in a highly complex and globalizing world, leads to the increasing use of governance worldwide.

The leading conceptualization of governance in this research project is therefore formulated as the process of public actors cooperating with private actors in a network to steer norms, regulations and processes, in the desired direction.

2.2.1 Political Parties link with Governance

Political parties influence on processes of governance starts already during the formulation of the party programs. The UN Democratic Governance Group’s handbook of Working with Political Parties expresses that political parties influence how governance is organized. It is namely the political parties who determine the policy-path and aggregate points of interest. This property is not only crucial for the functioning of a democratic state, but also for the execution of desired governance and governing (Janda, 2013, p. 58). It has been found that states without

a stable political party system achieve less qualitative and effective governance compared to states that do have a stable political party system. The explanation for this can be found in the competitive nature of party systems. States based on a party system are used to cooperate in order to reach consensus. As governance thrives by cooperation this finding is easy to accept (Janda, 2013, p. 60-62). Therefore, the link between political parties and the execution of governance can be understood when thinking of the role of political parties in a society. Political parties determine a state’s policy-path together with other governments institutions. Since political parties are built for cooperation with other parties, one can imagine that cooperating with other relevant (non)private actors is possible. This capability will be used whenever traditional governing is not capable of dealing with the problem (Jayawardane, 2015; Enroth, 2014). Jayawardane (and others) express the need for private actors to use governance as an instrument to regulate cyberspace.

Political parties’ goal is to become elected members of parliament. Once a political party is situated in parliament it has the official mandate to create legislation (Lipschits, 1984). At that point, political parties become an actor in the policy-making-arena. As explained, the policy making process increasingly uses the art of governance, when governing is not capable of solving the problem (Enroth, 2014; Koppenjan & Klijn, 2015). At that point, the link between using the art of governance and political parties becomes clear. This link justifies the choice of analyzing political party programs when researching the future of cyberspace governance. Furthermore, the represented political party in the (cyberspace) governance arena, is the only democratic outlet influencing the decision-making process.

2.3 Human Behavior: Pathetic Dot Theory

Lawrence Lessig has made a theory on how human behavior is shaped. Regulation is the core devise to influence the behavior of people. In the past, legislation was seen as the core instrument to regulate. Lessig continued. Not only legislation has the power to regulate, also the market, social norms and architecture have the ability to do so (Lessig, 1998).

The starting point of the pathetic dot theory is based upon the old Chicago school theory. The pathetic dot theory is therefore also known as the new Chicago school. It was the old Chicago school who found that next to legislation other modalities were capable of regulating the behavior of people. The old Chicago school stated that if these other modalities were found, they could outweigh law. Those other modalities would be more effective and efficient,

compared to the modality of law. Therefore, it concluded, that if regulation could be obtained through other modalities then law, law should step aside (Lessig, 1998, p. 663-666).

The new Chicago school has a different perspective and focusses on ‘alternatives as additional tools for more effective activism’ (Lessig, 1998, p. 661). The main difference therefore is that the new Chicago school does not conclude that other forms of regulation are automatically better in regulating behavior then legislation. This leads towards the following statement: “The moral of the old school is that the state should do less. The hope of the new is that the state can do more” (Lessig, 1998, p. 661). In other words; Lessig advocates that these modalities of constraint can regulate spheres. This provides opportunities to regulate cyberspace.

The four modalities, or the four types of constraint, that regulate behavior are thus: - Law

- Social Norms - The Market - Architecture

They differ in how the regulate behavior. By changing one of the four modalities, the whole balance of regulation changes.

The name ‘Pathetic Dot Theory’ is a metaphor, seeing an individual as the pathetic dot, submissive to the four modalities, shaping the behavior of the pathetic dot. Although all modalities influence behavior in their own way, special attention needs to be given to the modality of law. Law has a direct and indirect capability to regulate. By implementing a law, it can shape the abilities of other modalities. For instance, architectural laws set limits to the construction of a building. As the building will regulate people’s behavior, the actual construction is submissive on the construction law. The modality of law therefore indirectly affects the modality of architecture. This same indirect effect of legislation is applicable on the other modalities too (Lessig, 1998, p. 672).

Each modality is explained below. First, is explained how each modality can regulate behavior. Then, each concept is explained in order to be able to operationalize these concepts in a later stadium.

2.3.1 Modality: Law

Regulating Capabilities

Law regulates by punishment. If an individual does not obey the law, for instance by driving too fast, a punishment will follow. In that way it regulates the behavior of people because most will try to obey the law (Lessig, 1998).

Conceptualization

Legislation can best be conceptualized as the capability of an authority to conduct rules for multiple purposes. When a submissive entity does not obey to these rules punishment will follow. Usually legislation is made by a member of the congress or parliament. In a democracy the house of representatives and the house of deputies have to adopt new legislation by voting. As Montesquieu found; legislation, together with the judicial branch and the executive branch form the core of a government (The Trias Politica) (Kirchwey & Garner, 1905).

2.3.2 Modality: Market

Regulating Capabilities

The market regulates through the device of price. It constrains the behavior of people, not by punishment as law does, but trough scarcity. Work can be traded for money, money can then be traded for goods. Leading to individual choices and behavior constraint by the rules of the market. An individual always has to make choices. He is not capable of buying everything and has to choose which goods or products he will buy. This affects the behavior of people since an individual is bounded by his purchasing power (Lessig, 1998).

Conceptualization

An (economic) market is a system in which entities engage in exchange of goods, labor and currencies. What is important for the conceptualization of markets within this research is that societies based on the market systems always have to deal with scarcity. The use of economic markets leads to limited possession for every entity. Therefore, each entity is limited in its capabilities to buy labor, goods or currencies. Markets therefore are the platform to allocate recourses. In the broadest sense a market facilitates exchange. A free market is a market free from government intervention (Investopedia, 2018).

2.3.3 Modality: Social Norms

Regulating Capabilities

Social norms regulate people’s behavior through a community. When an individual does not conform to social norms, exclusion can follow. Next to that social norms regulate through normalizing cultural practices (Lessig, 1998).

Conceptualization

People expect a certain type of behavior from people. There is ‘a proper way’ to behave oneself. Social norms are a social construct based on expectations, fueled by ‘what is perceived as normal’. Social norms vary between communities, nationalities and any other imaginable form of group. Each individual can be part of multiple groups at the same time and thus obey to a different set of social norms, depending on the place and time. Social norms are unwritten rules that describe how to behave. Social norms can be seen as a cultural asset (Lapinski & Rimal, 2006).

2.3.4 Modality: Architecture

Regulating Capabilities

Architecture is the fourth modality of regulation. It sets limits to capabilities of what people can and cannot do. A highway dividing a village will complicate integration. A wall will prevent someone from seeing what is behind that wall. The nature of cyberspace fits within that of the modality of architecture as an instrument to shape the behavior of people. Architecture is therefore not purely physical in the sense of construction but also technological; it determines what is possible and what is not. Another example is the creation of the airplane. This invention led to new possibilities concerning the behavior of people, fitting within the modality of architectural constraints. Architecture is thus a modality to regulate behavior as it sets limits, and creates possibilities, to human behavior. It doesn’t do so by a set of rules, but by actual capabilities what physically is possible to do (Lessig, 1998).

Conceptualization

In everyday life, architecture is understood as the construction of things build by humans. Mostly viewed as buildings or other constructions. But formally every object is an expression of architecture (Merriam-Webster, 2018). Even unaffected nature, space or physical laws can be perceived as an expression of architecture (Haan den, 2007). This broad conceptualization of architecture is leading during this research. Because architecture is not limited to the physical

world. The design of a videogame for instance can also be perceived as architecture. Therefore, architecture is defined as a construction designed by an entity in the physical or non-physical world. DNA has a certain kind of architecture, as well the human body, a computers operating system, gravity, and a school building.

To conclude, the pathetic dot theory has shown that four modalities together determine how human behavior is regulated. In the following stadium this will be linked to cyberspace. Extracting the aspired usage of these modalities out of the political party programs is the core of this research.

2.4 Cyberspace

Although the term cyberspace is often used in many spheres, a concise definition strongly depends on the context in which the term is used. As the territory of cyberspace cannot be easily mapped and is permeable and flexible, shifting across various zones such as industrial, commercial and academic zones (Strate, 1999, p. 382-383), a clear demarcation is needed within this research.

The broadest definition of cyberspace is the “diverse experiences of space associated with computing and related technologies” (Strate, 1999, p. 383). As this definition is too comprehensive and too broad more specification is needed.

Strate distinguishes three orders of cyberspace. The first order, called the zero order, contains the non-space and cyberspacetime. Zero order cyberspace includes fictional, imaginary or unrealized space together with the relationships of humans with and through computers. This zero order cyberspace includes therefore only the experiences coming from the use of computing technologies Strate, 1999, p. 384).

The first order of cyberspace includes the physical aspects of cyberspace. The physical aspects are the actual hardware such as computers and hard drives but also the sense of generated space as a consequence of the interaction with computer technology (Strate, 1999, p. 384). This can be within a person’s mind or by the sense of space generated by the computer-user interface, for instance Google Maps or Mario World on a TV screen.

The second order of cyberspace contains a synthesis of cybermedia, being the sense of space generated through the user’s commutations with and trough computers and related technologies (Strate, 1999, p. 385).

By breaking down cyberspace into these orders it is found that cyberspace has both physical and social aspects. Cyberspace being defined as a ‘non-space’ clearly shows the problematic and vague nature of this concept (Strate, 1999, p. 388). Bolter (1984) defines cyberspace as “an abstract, geometrical and mathematical field in which the programmer can build his data structures” (p. 243). What genetic space is to biology, cyberspace is for computing (Strate, 1999, p. 392). The plurality of cyberspace expresses the importance of the concept rather than the non-existence of cyberspace (Strate, 1999, p. 407).

Humans interacting with a set of interconnected information systems (Ottis & Lorents, 2010) is useful as conceptualization within this research as it expresses the two influencing components of cyberspace: humans and computers.

Cyberspace is (digital) communication through the use of computing power in any possible way. It is a non-space that is created through the communication of networked computers. But also, an individual computer that is not connected to any other computers can be perceived as a part of cyberspace (Choucri, 2013; Sigholm, 2013). During this research the conceptualization of cyberspace is very broad. It is not only about the physical instruments (hard drives, processors, ethernet cables, iPhones, etcetera) but also about the non-space that it creates. But; it is always about networked computing power. A loose computing device, not connected to the internet or any other device is irrelevant within this research and therefore not included in the conceptualization of what cyberspace is. Next to this limitation there are none, as well the physical as the non-physical aspects of cyberspace are part of the leading conceptualization of cyberspace.

2.5 Review on the law of the Horse

The four modalities that steer the behavior of people can be applied on cyberspace too. Lessig did so, in his review on the law of the horse by Easterbrook.

As cyberspace is built on a code, it functions in a certain, upfront determined, mode. What this means and how to make sense of this is well described in this review. This ‘code’ on which

cyberspace is built can best be seen as the architecture of cyberspace. Same as for buildings, this architecture regulates how users of cyberspace can act.

Since there are several paradigms when comparing the physical space with cyberspace, explaining them enables a more in depth-understanding of the impact of cyberspace regulating human behavior.

This code, or architecture, of cyberspace led to for instance the fact that forms of self-authentication applicable in real space do not apply in cyberspace (Lessig, 1999, p. 503). Once the code is understood, one can change the form in which he is seen. Another example of the architectural structure of cyberspace regulating behavior is that of the use of cookies. Tracking and monitoring is practically invisible for end-users of the internet. Without awareness, information is gathered and stored when using the non-space called cyberspace as an end-user. Contrary to the physical space “surveillance is not self-authenticating” (Lessig, 1999, p. 505). These examples explain that the code of cyberspace determines what is possible in cyberspace. Cyberspace is therefore not a totally free space. There are actors who determine what an end-user can do and cannot do. On top of that, the average end-user is not aware of all the processes happening in the background when using a device connected to the internet.

Lessig therefore asks: Should legislation prescribe and regulate the architectural features of cyberspace? Although many academics advocate that due to the very nature of cyberspace such governmental regulations aren’t allowed, Lessig disagrees. The architecture, the code, can be changed. As cyberspace in itself has no nature (Lessig, 1999, p. 506) it is the architect who writes the code. The architect thus determines what is possible in cyberspace and which processes occur.

Regulation could be for instance easily acquired by slightly adjusting the browser code, to provide information about the user, to for instance protect minors from seeing harmful content. Adjusting the code to allow ‘zoning’ could be easily realized by creating simple legislation. In that scenario the modality of law would be used to change the modality of architecture. In 1999, Lessig wrote the following: “Privacy concerns cannot be resolved by the appliance of such a top-down approach. Data collection is often executed without the user’s consent. The

lack of property interest leads to this situation where in user’s data is free for the taking. By legally allocating users data as a property right, this problem could be solved. It forces code makers to ask for consent of its users” (Lessig, 1999, p. 521). Individual as well as collective choice could be enabled in cyberspace due to regulation through legislation, altering the architectural structure of cyberspace (Lessig, 1999, p. 523). Now, in 2018 the new GDPR legislation, coming from the EU, realizes the sketched situation of Lessig to a certain extent (Deloitte, 2018).

Contrary to the above sketched scenario in which the modality of law alters the architectural structure, it can also be done the other way around. Values within the law of intellectual property and the law of contract are being displaced due to the emergence of an easy accessible cyberspace worldwide. A clear example is that of illegal downloads and streams, which most people used, regardless of the law. This shows how the architectural modality influences the modality of law (Lessig, 1999, p. 523). Values of public law are being displaced due to the code of cyberspace.

From an economic perspective cyberspace threatens to empower individual authors against the interest of the class. For the perspective of the commons, cyberspace changes the very nature of access. Leading to problems concerning autonomy (Lessig, 1999, p. 529). In real space the above-mentioned laws are designed to act within the architectural boundaries of physical space. But in cyberspace the architectural difference leads to problems. Since the code intervenes in values of laws “public law has a reason to intervene in order to restore public values” (Lessig, 1999, p. 532).

These already slightly outdated examples show how cyberspace’s architecture, being viewed as a modality to regulate, changes the balance. This changing balance leads to new threats and therefore a call for cyberspace governance. In recent times the overall mood concerning cyberspace governance goes out to more complex security issues. In essence, the debate is still about the changing balance due to new capabilities enabled by cyberspace.

The power to regulate the code depends on who owns the code. Government’s power is bigger when the code is private compared to when the code is a common good. A private owned code can be seen as a product, disabling the opportunity to change the code. Common goods in

cyberspace are often referred to as open source, do enable changes in the code (Lessig, 1999, p 535-538).

As transparency is hard to acquire in cyberspace, it also creates changes for governments to regulate in secrecy, just like other actors can (and do). Therefore, Lessig raises the question: Should transparency about any actors coding on the net be obligated (Lessig, 1999, p. 543)? What this paragraph clarifies is that cyberspace constitutes and regulates power. Since a liberal regime governing cyberspace cannot be assured, it is of great importance to think about and act towards a governing of cyberspace (Lessig, 1999, p. 549). As cyberspace evolves, so does the need to upgrade legislation in this domain.

Although the examples such as the illegal content downloading are outdated, the principles of a changing balance due to the growing importance of cyberspace is not. Explaining this power shift by applying the pathetic dot theory on the case is still very relevant in current times. Lessig’s review of The Law of the Horse warns for undesired situations for nation states as a result of a power shift. Traditional power division will change as a consequence of the growing dependency of societies on the well-functioning of cyberspace. Since cyberspace is practically fully controlled by private actors (the architects), public actors lose their capabilities to ensure the well-being and safety of their citizens (Lessig, 1999; Lessig, 2006).

More in general, what this review expressed is that the architects of cyberspace gain power over public actors as societies dependency on the well-functioning of cyberspace grows. The architects determine how cyberspace works and what can be done, whether with or without the consent of its users or a national government. Lessig warns for this power gain in the form of regulation trough architecture, executed by non-public actors.

2.6 Power Transition

As already can be withdrawn from the above elaboration of Lessig’s work, the rise of cyberspace leads to a (potential) shift in traditional power division. This leads to a call for (more) governmental interference in the processes of cyberspace governance (Lessig, 2006).

Nowadays, unprecedented pressure from globalization, cyberspace and human rights, is being exposed on sovereign states (Krasner, 2001). As control is getting harder due to the growth of cyberspace, state sovereignty can decline. Cyberspace threatens traditional political institutions and perhaps even the very concept of state sovereignty itself (Perritt, 1998, p. 423).

In cyberspace; power, wealth and moral guidelines are practically impossible to control by governments. Economic regulation on the internet asks for new approaches too, as traditional instruments cannot deal with the borderless and non-space characteristics of cyberspace (Spinello, 2010).

Fear arose about state’s losing their moral compass and cultural identities as a consequence of cyberspace. International governance of internet related issues lead to tension among states as political, economic and cultural differences are obstacles for effective cooperation (Perritt, 1998, p. 425-430). The type of state (totalitarian vs. liberal) strongly influences the potential threat level of cyberspace on a loss of state sovereignty. A factor that declines the potential loss of sovereignty is the implementation of international treaties. It can therefore be concluded that cyberspace in national and international governance alters the nature of the state and international relations. Whether this has a positive or negative effect on state sovereignty mostly depends on how governance is being formed and executed (Perritt, 1998, p. 439-442).

Although the call for (more) governance of cyberspace is expressed in order to prevent a state from losing a certain extent of power, this change not parse leads to a decline of sovereignty. Krasner (2001, p. 248) states that sovereignties resilience can be seen as a test of its tolerance for alternatives.

Private actors own and control critical structures of cyberspace on which modern societies depend. Lessig explains this by using the architectural modality. Cyberspace subsequently threatens to overtake a certain extent of power from public actors. Because public actors became dependent on the choices and instruments made by those private actors.

2.7 Linking the Concepts

Before the focus continuous on cyberspace, this paragraph provides a short overview on how the concepts are linked. This leads to a proverbial triangle between political parties, governance and the regulation of behavior.

It has been found that human behavior is shaped by regulation. Regulation can be executed through one or more modalities (Lessig, 1998). Governance is an instrument that can be used to regulate. The choice for using processes of governance or governing depends on the characteristics of the to be regulated context. Therefore, governance approaches aim to influence human behavior (Windholz, 2017).

As a core function of political parties (the articulation- and policy- function) is to determine future aspirations concerning the governing and governance of a nation state, the link between political parties and the shaping of human behavior is made. Governance approaches formulated during the articulation phase of political parties express the aspirations for future regulation. So, the regulation of human behavior starts already during the creation of political parties’ programs.

The modality of law is the most direct form of influence and is being used through the basic democratic institutions such as the house of representatives and the chamber of deputies. This process is being executed by the elected political parties (Deth van & Vis, 2006). Since political parties have a moral function as well, their party programs influence human behavior through the modality of social norms too (Koole, 2000) The modalities of the market and architecture are also influenced by political parties, whether by direct policy making, indirect legislation or governance approaches.

Political parties’ aspirations are therefore an indicator of what and how will be regulated during the (current) legislative period, in which the choice can be made to use governance approaches.

2.8 Dutch Governance of Cyber Security

In 2012 the Dutch government has established the National Cyber Security Center. It is part of the NCTV (National Coordinator Security and Terrorism). The NCSC functions as the central information and expertise center for cybersecurity in the Netherlands. Concerning international threats, this institution functions as the main point of contact. Therefore, this institution can best be described as the core of the cybersecurity networks in the Netherlands. As well for the national and international coordination and cooperation (NCSC, 2018).

The Cyber Security Council (CSR) is an independent advisory board for the cabinet that monitors the implementation of the Cyber Security Strategy. Although this council is a public

institution, its members are a mix of experts, active in as well the private and public sector (NCTV CSBN, 2017).

In 2011 the Dutch National Security Strategy formulated that the establishment of the NCSC was needed in order to keep up with the growing cyberthreats (NSCS, 2018). This strategy expressed the need for cooperation between the private and public sector as a crucial aspect in achieving a solid network capable of dealing with cyberthreats.

The most recent Dutch cyber security agenda, made on behalf of the ministry of justice and security, is based upon seven ambitions:

1- Public-Private Cooperation 2- Increasing Effectiveness

3- Ensure international peace in cyberspace 4- Ensure safe soft- and hardware

5- Solid digital infrastructure 6- Successful barriers to cybercrime

7- Knowledge development of cybersecurity

95 Million euro has been allocated to achieve these ambitions. The National Cyber Security Agenda expresses that cybersecurity is directly influencing national security and is therefore of major importance (NCTV NCSA, 2018).

Physical borders don’t impact cybersecurity, and this expresses the need for international cooperation. Furthermore, private-public cooperation (governance) is crucial seen the intertwined nature of cybersecurity. The national government aspires to take a leading role, but private actors contributions are needed in ensuring cyber security (NCTV CSBN, 2017). The NCSC organizes conferences on cybersecurity focusing on technical issues, incident responses, governance approaches, strategic issues, the human factors of cybercrime and research and innovations (NCTV NCSA, 2018).

The NDN (National Detection Network) and NRN (National Response Network) are networks to improve cyber risks detection and cyber response capabilities. Both focus on private-public cooperation, and both are coordinated by the NCSC (NCTV NCSA, 2018).

CERT’s (Computer Emergency Response Teams) are formed in the Netherlands in several public institutions such as NCSC and the IBD (Information Security Service for Dutch municipalities) and the ministry of Defense, but also for private institutions such as major banks, telecom providers, universities and cyber security companies (NCSC, 2018). CERT’s are being used worldwide and can be seen as vital for ensuring a safe cyberspace. SURFnet established the first Dutch CERT in 1992. CERT’s are important actors when it comes to information and knowledge sharing but foremost concerning crisis management in cyber security.

Important private actors in the Dutch cybersecurity are telecom/internet providers such as KPN, banks (financial sector) and vital energy- and water- companies (CBS CSM, 2017).

The most common cyberthreats are DDoS attacks, data leaks, ransomware and computer viruses (CBS CSM, 2017; NCTV NCSA, 2018). Since many organizations are dependent on the services of foreign services of digital infrastructures (such as Microsoft, Google and Amazon web services) the societal impact is major after any disturbances (CBS CSM, 2017). The threats are coming from professional criminals, states, terrorists, cyber vandals, internal actors and malfunctioning systems (NCTV CSBN, 2017).

The creation of Information Sharing and Analysis Centers (ISACs) is the clearest expression of Dutch cybersecurity governance execution. ISACs are organized par sector and lead to sectoral approaches to counter cyber threats. Also, they formulate strategic plans to keep cybersecurity up to date. All current ISACs are provided in figure 1 (NCTV NCA, 2018).

To sum up; in recent times the national government is investing heavily in cybersecurity governance. It has created several arenas to foster governance between public and private institutions. The NCSC is the core of this network. ISACs, CERTs, the Cyber Security Council and many public and private actors are involved. The approach is as well reactive as proactive. Flexibility, adaptability and resilience are viewed as important in achieving an effective governance of cybersecurity.

2.9 Cyberspace Governance: The current approach

As cyberspace became an integral infrastructure on which modern societies depend, the need for effective governance within this domain grew (Jayawardane, 2015). According to the Hague Institute for Global Justice, improving transparency, empowering disadvantaged stakeholders and ensuring equitable participation in cyberspace decision-making arenas should improve the quality, fairness and effectiveness of cyberspace governance.

Seen the intertwined multistakeholder governance approaches that are being used in cyberspace, it is desired to minimize the use of vetoes in decision-making processes. Formal and informal processes are both significant in the overall governance of cyberspace. International treaty-making should be complemented by the usage of efforts of trust and consensus building, on the sectoral and regional level (Jayawardane, 2015, p. 3). As cyberspace is mostly owned and operated by private actors, the governance of this domain is challenging. The need for an effective governance of cyberspace by governments is fueled by the growing dependency of critical aspects of societies worldwide. Cyberspace governance as it is today, fits best within the category of multistakeholder models of governance. Because non-state actors are influencing the decision-making processes concerning the implementation of international policies. The private industry, international technical governance institutions and governments are constantly changing the balance of cyberspace governance (Jayawardane, 2015, p.5).

The use of a multistakeholder model of governance prevent the domain from being captured by a specific type of stakeholder. It enables each actor to contribute whenever that actor is relevant in a case. A downside is that decisions can be made in an informal setting, excluding relevant actors from the decision-making process. Next to that this form of governance is not well enough equipped for strengthening the rule of law in cyberspace and since the importance of

this domain is growing, so is the need for stronger formal legislation and treaties. On top of that the differing ambitions of nation states concerning the governance of cyberspace makes the governance of this domain more difficult (Jayawardane, 2015, p. 11).

Governance is in that perspective the most logic and effective instrument of regulating and controlling cyberspace as multiple private and public actors are relevant in the cyberspace arena. The current execution of cyberspace governance however has some downsides and problems that should be addressed and tackled by inter alia implementing international treaties and other forms of legislation. Because the importance of cyberspace recently grew exponentially; states have to be aware of this change and increase their degree of involvement (Forsyth & Pope, 2014).

According to Almeida (2016) cybersecurity governance is about people, information, logical building blocks and physical foundations. Its characteristics are divers and complex. Since many different layers, actors, norms and rules are applicable. It should be viewed as a real domain such as land, sea, air and space. The most important issues in the governance of cybersecurity are: DNS, crime, war, sabotage, espionage, privacy, content control and human rights. All in all, a diverse playfield has to be analyzed when trying to understand the governance of cybersecurity (Almeida, 2016).

3. Methodology

This chapter contains the methodological framework used in this research. The first paragraph justifies the chosen research method. Then, the case selection is given. The research design is next, in which the strategy is explained. In 3.4 the data collection method is given, demarcated and placed in its context. This leads to the operationalization of key concepts in 3.5. The final paragraph of this chapter is devoted to the validity and reliability of the research.

3.1 Research Method

This research is a qualitative research fitting in the category of the comparative case studies. Landman (2008) distinguishes multiple types of case studies. Namely; a contextual description, a classification, a hypothesis testing and a predictive type. This research fits best in the group of a contextual description. Furthermore, the analysis is based upon the principles of a content analysis. This type of analysis has been chosen because it enables in-depth research. This has to create the opportunity to extract new in-depth insights concerning the cyberspace governance aspirations of Dutch political parties. During the analysis thirteen cases will be analyzed, being the thirteen political parties currently represented in the parliament. More information about the case selection is provided in the next paragraph. Since this research intends to analyze an empirical phenomenon the correct choices have been made according to Baxter and Jack (2008, p. 245). Since thirteen cases will be compared, a cross-case analysis is executed (Ayres & Kavanaugh & Knafl, 2003).

Although a triangulation of research methods would increase the internal validity of the study, the choice has been made to only execute an in-depth content analysis. Since all present political parties in the parliament are subject of study, thirteen case studies have to be executed. This is a large number of cases. Adding more research methods would not be realistic, seen the limited timeframe in which the research has to be done.

By making these realistic choices the production of high quality content has to be ensured. The content analysis will be executed in an open perspective, acquiring unexpected findings to be extracted too. The reliability will be ensured by only using authoritarian sources.

During the analysis the pathetic dot theory will be applied on the empirical findings, in order to research if the theory matches the empirical findings.

3.2 Case Selection

In creating a solid ground from which the research question can be answered, all Dutch political parties who formally have capabilities to regulate (or govern) are subject of study. Therefore, the unit of analysis are all thirteen Dutch political parties currently represented in the parliament. A list of the parties can be found in the Index. Other Dutch political parties are excluded since they lack any official capabilities to regulate. There aspirations can therefore be qualified as meaningless, in the context of this research. By analyzing all parties in parliament instead of a selection of them, cherry picking is avoided. Next to that this enables the creation of the best possible overview of the current situation.

Concerning the research scope, this clear demarcation of cases helps in determining what the unit of analysis should include, in order to be able to obtain the needed information.

The qualitative nature has to be taken into account when it comes to the generalization of the cases. This research only provides an analysis of the current situation. It is very delineated and is not applicable on other cases or scenario’s. Not even when selecting the same cases (parties) later in time. It is not of any use in explaining the views of other parties or actors. Nevertheless, since the governance of cyberspace is subject of debate in several arena’s, this research can be qualified as useful and relevant. It can contribute to the understanding of political choices and views, and it aspires to contribute to an outline of Dutch government’s capabilities to regulate and influence cyberspace.

This research fits within that of the diverse case studies seen the maximum degree of representativeness. By analyzing all political parties in parliament, the final conclusion can possibly generalize findings into an overall Dutch political vision and zeitgeist. Since the amount of relevant parties is limited to 13 it is not needed to make a selection of deviant-, most-likely or typical-cases. All parties will form a unique case. This research has a descriptive nature although some paragraphs and sub questions first provide explanatory research.

3.3 Research Design

In order to be able to provide an answer to the research question in the most satisfying way the theoretical framework (based on the desk study method) has enabled an in depth-understanding of the context of the topic. Since the question leads to testing a theory, the necessity of the framework increased. The qualitative analysis based on the principles of a content analysis requires coding. In ensuring qualitative coding in a coherent way, the key concepts are operationalized in 3.5. Data can thus be collected according to academic standards due to the precise and careful coding. This process, together with the desk study in mind, creates the design from which the question can be answered – being a test to a theory while simultaneously providing in-depth and topical insights which can contribute to adamic and/or societal discourses. Furthermore, this research aims to translate empirical findings into useful insights. This is done in a value-neutral way. This is in contrast with a normative approach, which describes ‘what ought to be’ and includes values (Toshkov, 2015). This research is not about confirming or falsifying relations between variables, but about testing a theory on new extracted empirical in-depth findings.

3.4 Data collection Method

The Theoretical Framework has been based upon academic literature. The literature has been carefully selected to achieve a balanced and reliable rendering.

The analysis is based upon party programs. As described in the theoretical framework party programs contain the most reliable and clear aspirations which political parties promise to implement after they get elected. Since the analysis has to be based upon academic principles, in order to answer the research question in the desired way, coding is needed. This process of coding is based upon the operationalization of the key concepts.

The coding started with underlining all cyberspace related content. After this first step, the coding continued by extracting expressions of the four modalities. These expressions were marked in the assigned color. This marking has only been done on the underlined (cyberspace indicating) text. This choice has been made because the expressions of modalities based on other subjects then cyberspace are not relevant in answering the research question. The third and final step in the coding process was crossing the underlined text, whenever indicators of aspired governance approaches were found. This coding strategy enabled the coding of all modalities in one single document.

3.5 Operationalization of Key Concepts

The conceptualizations provided in chapter 2 are operationalized in order to enable qualitative coding. This is done by the means of indicators. Each concept is given its own marking which will be applied on the party programs, this is the process of coding. Indicators are used exactly as the term suggests. The list is therefore not 100% perfect, furthermore when an indicator has been found this not parse leads to the coding of the concept. The context in which the indicator is found should be interpreted before the indicator is allowed to be linked to a concept. This also works the other way around. When interpreting the context; sometimes innovation points out cyberspace related matters, sometimes not. Same for technological developments. They are mostly linked to cyberspace although ‘mostly’ is not enough reason to include this terminology into a group of indicators. This underlines the importance of the correct interpretation of the data.

Concept Code Indicators

Cyberspace Underlined Internet, cyber, online, high-tech, smartphone, digital, e-, automatization, social media, robotization, smart-

Governance Crossed Cooperation, involvement, names of actors, agenda setting, participation

Modality: Law Blue Rules, constitution, agreement, treaty, pact, legislation, regulation, sanctions

Modality: Market

Green Import, export, investments, budget, money, allocation, economy, incentive

Modality: Social Norms

Pink Trust, education, knowledge, responsibility, advice, norms, experiences, skills, role, acceptance, good example, campaigns, reflection, expertise

Modality: Architecture

Purple Infrastructure, internet, software, DDoS, creating, application, networks, innovation, WIFI, means, instruments, innovation, initiatives

3.6 Validity and Reliability

According to Flick (2014) qualitative studies’ validity is about whether researchers actually see what they intend to see. The validity of qualitative research based on a limited amount of cases is always debatable. Although a decent amount of cases is subject of study, the external validity is still low. For the conclusions are not applicable on any other groups or populations, not even on the same cases measured at a different moment in time (when using new party programs). Since the goal of the research is to extract topical information, about these specific cases, the low external validity does not infringe the quality and reliability of the research.

The internal validity is relatively high since the coding of the data has been done in an unambiguously manner. Furthermore, the operationalization has been done according to the academic standards. This ensures that whenever the analysis is redone, the same findings will be extracted. A systematic and consequent coding procedure is needed to ensure the internal validity according to Fick (2014), which thus is ensured due to the above-mentioned approach. A pitfall of this research is that some expressed aspirations to regulate cyberspace only express the desired goal. As governance is often needed in the process to achieve certain goals this leads to false conclusions. Because in such a scenario the analysis has to conclude that governance is not used, while in reality governance will be used to achieve the aspired goal. This research design is not capable of addressing this problem and its data extraction is therefore not 100% accurate. By careful and precise interpretation of the data, this problem is tackled.

Since this research analysis is limited to party programs, other expressions of political parties’ aspirations concerning the governance of cyberspace are excluded. Party programs are the main indicator of political parties’ goals, as explained in chapter 2. But they are not the sole indicator. Therefore, analyzing only party programs affects the reliability in a negative way.

Moreover, this research has problems in determining the relative value of the expressed ambitions concerning the governance of cyberspace. Adding quantitative research methods could counter this problem. The core objective however is to provide new in-depth information about the current situation in the Netherlands, concerning cyberspace governance. It is therefore that this problem of relativity does not outweigh the aspired addition in the academic discourse on the research’s subject. The reliability is ensured by retaining academic standards and using only qualitative literature and data.

4. Analysis: Data Extraction

Now that the foundation has been thoroughly explained, the analysis starts. Each party program has been coded based on the operationalization. Each paragraph starts with concise general information about the party (program). Then, all findings are provided per modality. A fifth header is then devoted to the extracted cyberspace governance aspirations. When each party has been analyzed, the data extraction is finished. This data will then be further analyzed in chapter 5.

4.1 VVD

With 33 seats in parliament the VVD is the biggest political party of the Netherlands. The party can best be qualified as an economic liberal party. Their party program is 102 pages long. 30 of the pages contain cyberspace related content. A significant amount of attention has been provided to cyberspace related aspirations and pronunciations.

Modality: Market

The following aspirations concerning regulation through the market have been extracted from the party program. By modernizing terms of employment, the VVD aspires to attract more cyber professionals to defense (VVD, 2017, p. 28). Next to that, flexibility has to lead to more cooperation between defense and private companies (VVD, 2017, p. 28). The European internal market has to be stimulated by means such as the abolishment of roaming costs (VVD, 2017, p. 42). In order to accelerate the implementation of e-health measures, private financial constructions are needed (VVD, 2017, p. 64). In general, investments have to be made in digital infrastructure (VVD, 2017, p. 76). The government has to be able to attract cyber specialist to work for her, therefore she needs to be able to pay appropriate wages (VVD, 2017, p. 96).

Modality: Law

Extracted aspirations fitting in the modality of law are now provided. The legal capabilities of Intelligence Agencies have to be renewed in order to keep up with technological developments, such as new communication means (VVD, 2017, p. 14). Cybercrime has to be punished more sever (VVD, 2017, p. 14). European legislation concerning online entrepreneurship has to be harmonized and geo-blocking must stop (VVD, 2017, p. 14, 59). Legislation should have a stimulating effect on cybersecurity, therefore changes have to be implemented (VVD, 2017, p. 42). The legislation on financial supervision must be renewed for enabling the implementation of fin-tech innovations (VVD, 2017, p. 45). Personal medical data should be fully owned by

the patient himself (VVD, 2017, p. 64). Whenever local initiatives to implement cyber innovations are obstructed by legislation, legislation has to be simplified (VVD, 2017, p. 76). Concerning the use of drones, legislation has to change too (VVD, 2017, p. 77). Privacy has to be protected more by legislation (VVD, 2017, p. 94, 99). Privacy however may be infringed whenever there are indications that there is a major security threat. Tapping phones of suspected terrorists is an example of that. The VVD provides special attention towards the protection of the privacy of children by legislative means (VVD, 2017, p. 99).

Modality: Social Norms

Now, the aspirations concerning regulation through social norms are provided. Artificial intelligence and robotization may not change social values and norms, the VVD states (VVD, 2017, p. 11). The VVD aspires more education concerning safe use of the internet. Furthermore, the police’s and judicial authorities’ knowledge on cyber related crime has to be expanded (VVD, 2017, p. 14). More in general, education has to adapt smoothly to the digitization (VVD, 2017, p. 33-34). A critical and safe attitude is expected when it comes to the use of personal data and other information (VVD, 2017, p. 14). Digital skills (and e-health) must receive more attention within education (VVD, 2017, p. 49, 65). Also, digital education has to be normalized (VVD, 2017, p. 55). ICT knowledge organizations have to share knowledge to enable cooperation and ensure the competitive position of the Netherlands (VVD, 2017, p. 55). This cooperation can be viewed as an expression of cyberspace governance. The VVD wants to maintain its position as ‘top country’ when it comes to fin-tech innovations. The Dutch digital mainport has to strengthen its profile as ‘a safe place to do business’ (VVD, 2017, p. 45). Museums have to be stimulated to digitalize their collections and make them accessible online (VVD, 2017, p. 58). Health insurance companies have to be motivated to implement e-health into their guidelines and protocols (VVD, 2017, p. 64). In this era of digitization, the government has to reassure it does not become to impersonal, also because some people are not capable of using computers well enough to use all digital systems (VVD, 2017, p. 94, 100). The government has to inform people about the security of privacy, as this became such a sensitive topic in this era of digitization. To conclude, companies also have a moral obligation to assure the correct use of personal data (VVD, 2017, p. 97).

Modality: Architecture

The most critical digital systems and networks have to be secured as well as possible (VVD, 2017, p. 14). ‘Luring adolescents’ (lokpubers) have to be used in order to detect pedophiles