Skip to main content Link Menu Expand (external link) Left Arrow Right Arrow Document Search Copy Copied

Overview

Our exploration of data sonification as a method stems from a larger multi-year SSHRC-funded project that traced the emergence of data breaches as a security crisis from 2005 to 2021. We examined 16 data breach cases and analyzed approximately 10-15 primary sources per year using critical discourse analysis1 2 to understand how knowledge about data breaches is produced through how these events are discussed and represented. We share more about our process in the methods section.

My interest in the topic stems from a series of breach notifications I received over a few months in 2018. Following several high-profile incidents, the topic congealed into a project that began with a straightforward question: What is a data breach?

A data breach is marked by unauthorized access to and loss of control of private, confidential, and sensitive data. Data breaches have grown exponentially over the last fifteen years because consumer data generated across platforms and between devices is circulated and collected at an unprecedented rate. Coupled with consumers’ willingness to share personal information, this has contributed to what Michael Parent3 called an “era of big data breaches”.4

Data breaches can have serious geopolitical impacts, affecting individuals, organizations, and nation-states increasingly in interlocking ways. However, cybersecurity rhetoric and mainstream media make data breaches intelligible, affecting what the term signifies and how it is used and understood. This project examines data breaches as social, political, and cultural processes rather than strictly technological phenomena. This is to say that while the connection between data breaches and security is real and not just rhetorical, the understanding of data breaches as security crises is shaped by the historical contexts from which data breaches emerge.4

The larger project is situated within the social histories of computer networks and cybersecurity scholarship, which understands cyberthreat representations as discursive and examines how representations can shape cybersecurity practices.5 6 7 8 9 10 11 For example, professional and popular discussions of computer viruses in the 1990s capitalized on analogies to biological viruses, notably AIDS. They imported ideas and anxieties about self-contained bodies from popular and medical discourses that must be protected from outside threats 12 13 14 15 16. The modification in language from virus to breach also indicates how experts and non-experts leverage the language of cultural anxieties to explain the complex, abstract, and arcane vulnerabilities of ubiquitous networked computing.4

Cybersecurity incidents like data breaches are often presented as a crisis to the ordinary function of networks.17 These discourses perpetuate a fallacy that the 2.5 quintillion bytes of data produced daily through various devices and physical objects over the internet and other communications networks are inherently manageable, governable, and controllable.4 To suggest otherwise that ubiquitous data collection practices are risky would undermine dominant data-driven business models, including but not limited to areas such as healthcare (e.g. 23andMe), subscription-based services (e.g. Netflix, Spotify), internet of things (IoT) and smart devices (e.g. Nest, FitBit), and advertising-based models (e.g. Meta, Google).

Breaches are so prevalent that the cybersecurity industry has coined the term ‘breach fatigue’ to describe the indifference caused by being overwhelmed by what feels like an unresolvable and inevitable string of events.4 Indeed, ‘breach fatigue’ neatly encapsulates how some people might feel about and understand a complex technological phenomenon. Yet, it universalizes the response and limits the affective dimensions of data breaches. How do people feel when confronted by data breaches?

Furthermore, because the research team spent approximately a year conducting critical discourse analysis on primary sources from widespread press coverage of data breaches, I was interested in revisiting the perceptions of data breaches that crystallized through discourse analysis. In short, I wanted to extend a consideration of the affective dimension of data breaches to reengage with our findings.

  1. Foucault, M. (1972). The archaeology of knowledge. Trans. A. Sheridan Smith. New York: Pantheon Books. 

  2. Foucault, M. (1978). The history of sexuality: Volume I. New York: Random House. 

  3. Parent, M. (2019 December 4). Growth in data breaches shows need for government regulations. The Conversation. https://theconversation.com/growth-in-data-breaches-shows-need-for-government-regulations-127600 

  4. Zeffiro, Andrea., Niessen, Gil, Oberst, Clementine, McEwan, Sam, Cochrane, Alexis, Carlota, Durand, Joshua. (2023). “Discourses on cybersecurity: The politics of the data breach as a security crisis.” Rivista di Digital Politics. pp. 369-398. https://www.rivisteweb.it/doi/10.53227/106451  2 3 4 5

  5. Ashenden, D. (2021). The future human and behavioural challenges of cybersecurity. In P. Cornish (Ed.), The Oxford handbook of cybersecurity. (pp.723-734). Oxford: Oxford University Press. 

  6. Cap, P. (2017). Threats in cyberspace. The language of fear: Communicating threat in public discourse. (pp. 53-66). London: Palgrave Macmillan 

  7. Dunn Cavelty, M. (2018). Cybersecurity research meets science and technology studies. Politics and Governance, 6(2), 22-20. https://doi.org/10.17645/pag.v6i2.1385 

  8. Gjesvik, L., and Szulecki, K, (2022) Interpreting cyber-energy-security events: experts, social imaginaries, and policy discourses around the 2016 Ukraine blackout, European Security, 32(1). https://doi.org/10.1080/09662839.2022.2082838 

  9. Hansen, L., & Nissenbaum, H. (2009). Digital disaster, cyber security, and the Copenhagen School. International Studies Quarterly, 53, 1155–1175. 

  10. Nissembaum, H. (2005). When computer security meets national security. Ethics in Information Technology (7), 61-73. 

  11. Rothschild, E. (1995). What is security? Daedalus, 124(3), 52-98. 

  12. Helmreich, S. (2000). Flexible infections: Computer viruses, human bodies, nation-states, evolutionary capitalism. Science, Technology, & Human Values, 25(4), 472–491. https://doi.org/10.1177/016224390002500404 

  13. McKinney, C. and Mulvin, D. (2019). Bugs: Rethinking the history of computing. Communication, Culture and Critique, 12(4), 476–49. 

  14. Parrika, J. (2005). Digital Monsters, binary aliens—computer viruses, capitalism and the flow of information. Fibreculture Journal 4. https://four.fibreculturejournal.org/fcj-019-digital-monsters-binary-aliens-%E2%80%93-computer-viruses-capitalism-and-the-flow-of-information/ 

  15. Ross, A. (1991). Hacking away at the counterculture. In C. Penley & A. Ross (Eds.), Technoculture, (pp. 107–34). Minneapolis, MN: University of Minnesota Press. 

  16. Rushkoff, D. (1994). Media virus! Hidden agendas in popular culture. New York: Ballantine. 

  17. Zeffiro, Andrea. (2022). “Breach.” Heliotrope. https://www.heliotropejournal.net/helio/breach