RIGHT TO PRIVACY AND STATE POLICY ON CYBER SECURITY.

In the era of extremely rapid technological development, the state is directing particular interest towards security in cyberspace and cyber security is becoming a dominant value in its policy. Such a policy may cause a number of negative consequences, such as the willingness to introduce legal regulations that may limit civil rights and freedoms, and in the next stage may lead to violence. As a result, their implementation causes excessive, and often unauthorized, interference of public authorities in the sphere of citizens’ privacy. It should also be stressed that the global nature of the Internet means that mechanisms based on territoriality in a rather limited way ensure effective protection of individual rights against violations by public authorities in cyberspace. In addition to significant physical damage and direct financial losses, the mere likelihood of future cyber threats may cause social distrust and unwillingness to work with new technologies.

cantly emphasizes the notion of the right to privacy, as this term was previously known in American doctrine. The point is that it presents a new perspective on civil rights, while at the same time extending their scope to include an autonomous right aimed at protecting the sphere of private life (Braciak, 2002: 288). The authors pointed out that technological progress is conducive to the danger of violating individual privacy. They therefore saw a need to identify legal means that could be used to protect a good called "privacy" (Sieńczyło-Chlabicz, 2006: 26).
The issue of the right to privacy began to change at the turn of the 1960s and 1970s. of the 20th century. The factor which led to the separation of personal data protection as a separate area of law was technological development in the field of information processing (Jagielski, 2010: 10).
The sphere of private life also found its place in civil case law as a separate personal good (Kordasiewicz, 2000: 20). A breakthrough in this respect was the ruling of the Supreme Court on January 18, 1984, in which it was stated that "an open catalogue of personal rights makes it possible to include in their scope goods which [...] are connected with the sphere of private and family life, with the sphere of intimacy. Protection in this area may relate to the disclosure of facts from personal and family life, the misuse of information obtained, the collection of information and assessments from the sphere of intimacy through private interviews in order to publish them or otherwise publicise them" (OSN, 1984). This ruling, combined with the construction of the presumption of unlawfulness of an act violating personal interests adopted by the legislator (Article 24 of the Civil Code), gave the aggrieved party the possibility to pursue claims for the infringement of privacy (Radwański, Olejniczak, 2015: 150-151).
The first normative regulation concerning the civil law protection of private life in Poland was made in 1984. At that time, on the basis of art. 14 sec. 6 of the Press Law Act, a ban was introduced on publishing information and data concerning the private sphere of life without the consent of the person concerned. The exception was the defence of a socially justified interest or public activity of the person concerned. Art. 49 of the Act provided for the sanction of a fine for violation of its provisions, while under Art. 40 it became possible to grant monetary compensation for harm suffered in case of intentional violation of personal rights by publishing press materials (Kordasiewicz, 2000: 22).
Privacy is about an individual's anonymity, but at the same time, many of the information that appears on the market exists objectively, independently of the person concerned, allowing him or her to be identified. It seems right to assume that each of us strives to control the circulation of information about ourselves and wants to hide from the curiosity of others (Piotrowski, 2016: 18). As a result, privacy also identifies with the control of information about oneself. Privacy is equated here with selective disclosure, i.e. deciding when, what data and how much of it we reveal about ourselves. This understanding of privacy is also closest to the concept of the right to the protection of personal data.
In the literature on the subject, there are four basic ways of understanding privacy and, consequently, the right to privacy: -The perception of privacy as an expression of an individual's personality and his or her ability to define himself or herself as a human being; -Treating privacy as a synonym for autonomy, i.e. the freedom of the individual to think, decide and act; -To see privacy as an individual's ability to control the circulation of information about him or her, and thus to control his or her relationship with other people; -Defining privacy by listing its essential components, such as: secrecy, anonymity and seclusion, identity and intimacy, mental peace, physical seclusion, physical exclusivity and autonomy (Mednis, 2016: 14).
In the age of a global society, the issue of information autonomy, which is a kind of subcategory of privacy, has gained particular importance. Closely linked to it are the safeguards offered by the right to the protection of personal data. The danger to be averted by the use of increasingly specialised legal tools is external interference in the private life of individuals. This is due to the acquisition of information belonging to its privacy sphere or centralisation or the monopolisation of the data collected in the files (Preisner, 2002: 909). The right to personal data protection focuses on the protection of information autonomy, which is also referred to as information privacy. Its essence boils down to stating that an individual should have the right to control the content and circulation of information that concerns him/her. It should also be rendered anonymous, as this is required by respect for its privacy and the right to correct and update its data. The inability to exercise such control deprives the individual of his or her sense of freedom to decide his or her own fate. In this case, privacy goes beyond the traditional right to remain at peace. Currently, the right to control personal data, which means the possibility to decide when and to what extent this data can be shared with other entities, is considered the most important aspect of privacy (Piotrowski, 2016: 20).
It should be emphasized that the right to privacy, as expressed in Article 47 of the Constitution and the right to the protection of personal data, which is covered by Article 51 of the Constitution, may constitute assessment criteria used in the process of adjudicating on compliance with the Constitution. However, these rights -due to the provisions of the preamble to the Constitution and its Article 30 concerning human dignity -are at the same time the normative basis of the system, expressing its identity, determined by the dignity and freedom of the individual (Constitution of the Republic of Poland).
The Constitutional Tribunal aptly points out that "the protection of privacy and information autonomy is a consequence of the protection of the inherent and inalienable dignity of man (Article 30 of the Constitution)" (CT judgment, 2014). It is precisely the preservation of human dignity that requires respect for his purely personal sphere, in which he is not exposed to the need to "be with others" or to "share" his experiences or experiences with others (ECJ, 2009).
According to Article 51.1 of the Constitution, no one may be obliged, other than under the Act, to disclose information concerning his person. According to Article 51.2 of the Basic Law, public authorities may acquire, collect and make available only such information about citizens as is necessary in a democratic state of law (Constitution of the Republic of Poland). The Constitution -as indicated by the CJEU jurisprudence -thus implements the most essential elements of the right to the protection of private life: respect for the individual's informational autonomy, i.e., the very obligation to provide access to data limited to strictly defined statutory situations and limiting the arbitrariness of the legislator -therefore, the act cannot shape the scope of the obligation freely (CT judgment, 2002).
In the light of doctrine and jurisprudence, the right to privacy and protection of personal data, as constitutional values associated with the protection of privacy -determines not only the relationship between public authority and the individual, but also the relationship between individuals. The protection of privacy therefore applies to all forms of communication "in any form of communication, regardless of the physical medium used (e.g. personal and telephone calls, written communications, fax, text and multimedia messages, e-mail)" (CT judgment, 2014). According to the CT, this protection covers 'not only the content of the message, but also all the circumstances of the communication process, which include personal data of the participants in the process, information about the telephone numbers dialled, the websites viewed, data showing the time and frequency of calls or enabling the geographical location of the participants in the call, and finally data about the IP or IMEI number (CT judgment, 2014). In the light of the CT's jurisprudence, the "constitutionally guaranteed freedom of man and his information autonomy also includes protection against covert monitoring of the individual and his conversations, even in public and generally accessible places. It does not matter whether the exchange of information concerns strictly private life or professional activity, including business activity. For there is no such sphere of a person's personal life that constitutional protection would be excluded or self-limiting. In each of these spheres, therefore, the individual has the constitutionally guaranteed freedom to transmit and obtain information, including making available information about himself" (CT judgment, 2014).
The right to privacy is linked to the protection of personal data. Recent changes in the area of personal data protection were introduced by the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation) -the so-called RODO (General Data Protection Act of 10 May 2018).

SECURITY IN CYBERSPACE
The term "cyberspace" was created for the science fiction literature and popularised by William Gibson, who described cyberspace as an unimaginable complexity that is like a "consensual hallucination experienced every day by billions of authorised users in all countries [...]" (Wasilewski, 2013: 226).
However, there is no commonly accepted definition of cyberspace. Attempts to define this concept are more or less general. In a broad, and at the same time abstract, cyberspace is a global information infrastructure, the interconnectivity between people by means of computers and telecommunications, a communication space created by a system of Internet connections that facilitates the network user's contacts in real time and includes all electronic communication systems that transmit information coming from numerical sources (Lakomy, 2015: 76) or "a world-wide information domain where the data carrier is electromagnetic spectrum" (Banasiński, 2018: 24), as well as "a space for open communication through interconnected computers and computer memories working around the world" (Levy, 2002: 380). Such an approach draws attention to the basic elements of the cyberspace environment, which are: "the vastness (global reach), the fusion of all resources into a single, huge database, complexity and spatiality understood as the inability of cyberspace to relate to the physical (including geographic) dimensions of the real world" (Wasilewski, 2013: 226). In other words, cyberspace is "plastic, liquid, calculable with great accuracy and processable in real time, hypertextual, interactive and finally virtual" (Levy, 2002: 380). The term "virtual" most often refers to an artificial image of reality created by computer devices using graphic programs. But not only -the virtuality of cyberspace also allows for the creation of communities (groups of people) playing specific roles, similarly as in the real world, the so-called cybertrols creating a kind of cyberbrain; such virtual communities are athermal, unrelated neither temporally nor physically (Kawecka, Wójcik, 2015: 155-157).
The basic factor creating cyberspace is the material ICT system, which is a set of cooperating IT devices and software, providing processing and storage, as well as sending and receiving data through telecommunication networks by means of a specific type of telecommunication end device. The literature stresses that cyberspace cannot be identified with the Internet (Banasiński, 2018: 25), treated as "a global system of data exchange based on interconnected local networks, located in many physical locations, allowing simultaneous multi-flat interaction of users from all over the world" (Kulesza, 2010: 57). Cyberspace equally covers the Internet, telecommunication networks or computer systems, and thus all IT systems included in a global network.
The normative definition contained in Polish legislation treats cyberspace as a space for the processing and exchange of information, created by ICT systems, i.e. teams of cooperating IT devices and software that ensure the processing, storage, as well as sending and receiving of data by telecommunications networks by means of a terminal device appropriate for a given type of telecommunications network, designed to be connected directly or indirectly to network terminations, together with the links between them and the relations with users. This definition is also developed in the Cyber Security Strategy of the Republic of Poland for 2017-2022, where, in addition, the Polish cyberspace, understood as "cyberspace within the territory of the Polish state and in places where Polish representations operate (diplomatic posts, military contingents, vessels and aircraft) outside the territory of the Republic of Poland, subject to Polish jurisdiction", has been identified by adopting the territorial criterion (Cyber Security Strategy, 2017).
Focusing primarily on the tool context, such definitions overlook or marginalise the social component of cyberspace, which refers to cyber users and which treats cyberspace as 'a complex environment resulting from non-material interaction between people, software and services on the Internet realised through technical devices and networks connected to it; an equally important, integral and interconnected element with technical infrastructure is its relationship with people and the interaction between people related to its use (Rzucidło, Węgrzyn, 2015: 142). It is therefore assumed in the literature that "cyberspace is a virtual environment for more or less open communication through interconnected computer systems and information and communication links" (Marcinkowski, 2015: 114).
Just as serious definition problems as cyberspace are caused by the concept of cyber security, or security in cyberspace. This is an effect of the blanketness of the concept of security itself, which takes on different content depending on its qualifier and its subjects. As a normative concept, security is a typical general clause justifying certain actions of the State in the public interest. The notion of security is a dynamic, variable category that needs constant redefinition and has an open scope (Korzeniowski 2016: 140-141).
The definition of cybersecurity proposed by the National Initiative for Cybersecurity Careers and Studies (NICCS) 1 defines security as a situation which ensures that "[...] information or communication systems and the information contained therein are protected or protected against damage, unauthorised use, modification or exploitation" (Chmielewski, 2016: 108). The same institution also proposed a broad definition of cyber security, as "a strategy, policy and standards for both cyber security and its activities, covering, on the one hand, the full range of activities aimed at reducing threats, reducing vulnerability and deterrence, international engagement, responding to events, and, on the other hand, a flexible prevention policy, including appropriate computer network operations, information provision, law enforcement, diplomacy, military, intelligence services, relating to the security and stability of global information and communication infrastructure" (Chmielewski, 2016: 108).
In turn, the International Telecommunications Union in its Recommendation ITU-T X.1205 defines cyber security as "a set of tools, policies, security concepts, safeguards, guidelines, risk management methods, actions, training, best practices, assurances and technologies that can be used to protect the cyber environment and user organisation and resources. User organisation and resources include connected computer facilities, personnel, infrastructure, applications, services, telecommunication systems and all information transmitted and/or stored in the cyber environment. Cyber security seeks to ensure that the security characteristics of the user organisation and resources are achieved and maintained in relation to relevant security threats in the cyberbased environment" (Rekomendacja). General security objectives include availability, integrity (which may include authentication and non-repudiation) and confidentiality.
The Cyber Security Strategy of the Republic of Poland for 2017-2022 identifies the concept of cyber security with the security of IT networks and systems and ICT security, treating them as synonyms meaning "the resilience of IT systems, at a given level of trust, to any activity that compromises the availability, authenticity, integrity or confidentiality of stored or transmitted or processed data or related services offered or accessible via these networks and IT systems" (Cyber Security Strategy, 2017). This definition reflects the provisions of the international standard ISO/IEC 27032, which defines security in cyberspace as preservation of confidentiality, availability and integrity, although it is indicated that other information security features, such as "authenticity, accountability, non-repudiation and reliability in cyberspace." The ISO/ IEC 27032 standard, which contains a set of recommendations for Internet service providers, does not necessarily refer to cyber protection (cybersafety), i.e. preventing the effects of negative events that may occur as a result of using information techniques (Chmielewski, 2016: 108-109).
The Act of 5.07.2018 on the National Cyber Security System, which, using the ISO/IEC 27032 standard, defines the notion of cyber security as "the resistance of information systems to any activities that violate the confidentiality, integrity, availability and authenticity of processed data or related services offered by these systems," takes a much broader approach to this issue (Act).
The Cyber Security Strategy of the Republic of Poland for 2017-2022 identifies the concept of cyber security with the security of IT networks and systems and ICT security, treating them as synonyms meaning "resistance of IT systems, at a given level of trust, to any activity that compromises the availability, authenticity, integrity or confidentiality of stored or transmitted or processed data or related services offered or accessible via these networks and systems" (Cyber Security Strategy, 2017). This definition reflects the provisions of the international standard ISO/IEC 27032, which defines security in cyberspace as preservation of confidentiality, availability and integrity, although it is indicated that other information security features, such as "authenticity, accountability, non-repudiation and reliability in cyberspace." The ISO/ IEC 27032 standard, which contains a set of recommendations for Internet service providers, does not necessarily refer to cyber protection (cybersafety), i.e. preventing the effects of negative events that may occur as a result of using information techniques (Chmielewski, 2016: 108-109).
The Act of 5.07.2018 on the National Cyber Security System, which, using the ISO/IEC 27032 standard, defines the notion of cyber security as "the resistance of information systems to any activities that violate the confidentiality, integrity, availability and authenticity of processed data or related services offered by these systems," takes a much broader approach to this issue (Act).
The Polish Cyber Security Doctrine of 2015 takes a different approach to this issue, which distinguishes the Polish Cyber Security (security of the Republic of Poland in cyberspace), treating it as "a process of ensuring safe functioning in cyberspace of the state as a whole, its structures, natural persons and legal entities, including entrepreneurs and other entities without legal personality, as well as information systems and information resources at their disposal in global cyberspace and the security of the Polish Cyberspace, understood as a part of the state's cyber security, comprising a set of organisational, legal, technical, physical and educational undertakings aimed at ensuring the undisturbed functioning of the cyberspace of the Republic of Poland together with the public and private critical information and communication infrastructure and the security of information resources processed therein" (Doktryna, 2015).

IMPACT OF GOVERNMENT POLICIES ON CYBER SECURITY AND THE RIGHT TO PRIVACY
Ensuring security in cyberspace raises the question of whether state authorities will not use this as an argument to restrict the freedoms and freedoms of citizens and, in particular, to violate their privacy.
The relevant services, with practically infinite possibilities to aggregate data from different sources, including those available only to authorised authorities, have the possibility to build a space where freedom and thus privacy is only a temporary illusion, maintained for as long as and to the extent that the authorities need it. The information disclosed by E. Snowden on the conduct of extensive intelligence programmes by the U.S. National Security Agency (NSA) and the UK Government Communications Headquarters (GCHQ) has become a cause for discussion on the limits of citizen surveillance, as well as a subject for consideration of the effectiveness and usefulness of existing legal standards for the protection of the legitimate interests of individuals (Grzelak, 2015: 196-199).
The case of E. Snowden, however, forces us to consider the consequences of arbitrary entry into the sphere of privacy in the context of the functioning of the standards that form the foundation of a democratic society -freedom, equality, freedom of expression or the right to information. Testifying before a special committee of the European Parliament and referring to the broad powers of access to information and the threats resulting from this fact to the protection of democratic standards, E. Snowden stated: "without getting up from my seat, I could read the private messages of any member of that committee, as well as any other citizen" (Rojszczak, 2019: 243-244). In addressing the problem of the scope of the justified use of surveillance mechanisms, it should be taken into account whether the transfer of such extensive powers and knowledge about the private affairs of all citizens to special services is, in fact, an activity that fosters the development and maintenance of the standards of a democratic state.
Those who support the use of mass surveillance programmes argue that this is due to the ever-increasing terrorist threat and the associated emergence of various forms of extremism. Such an understanding of surveillance is treated as a necessary measure to ensure public security and, consequently, as a justified case of applying a limitation of legal privacy protection mechanisms (Rojszczak, 2017: 172-174).
Mass surveillance programmes are conducted on a different legal basis from individual surveillance. These are usually regulations related to the functioning of the telecommunications market or the rights of special services. Therefore, the provisions of criminal procedure cannot be applied in this case. Therefore, it requires separate consideration of the legitimacy of applying restrictive standards of conduct for the implementation of individual surveillance in a situation where the application of the same measures -however, in relation to a large group of people (or the society as a whole) can be carried out without the procedural safeguards resulting from the criminal procedure (Rzucidło, Węgrzyn, 2015: 145).
In an attempt to explain what mass surveillance programmes are, it can be concluded that there are activities of public authorities or private entities acting on their behalf, whose aim is to collect information on an unspecified group of people (often the entire population) in an unbiased and wholesale manner. Such programmes do not have generally known and transparent rules on the use of the data, so it is not clear what is the purpose of the processing, to whom the data can be made available -in particular whether and what are the rules on their transfer to third countries (Rojszczak, 2017: 181). As can be seen from this, mass surveillance programmes have as their object the introduction of unlimited control in electronic communications.
Several major surveillance programmes can be identified (Rojszczak, 2017: 182-184): -PRISM -this program enables NSA to have permanent access to data collected by major Internet service providers such as Microsoft, Yahoo, Google, Facebook, PalTalk, Youtube, Skype, AOL or Apple; -RAMPART-A -thanks to this program, the NSA is able to obtain any information transmitted on the Internet all over the world. The program has been used by intelligence agencies from Germany and Denmark, allowing the installation of eavesdropping devices on fiber optic links and transferring the obtained data for further processing in the USA; -OAKSTAR is part of UPSTREAM. Within its framework, NSA cooperated with a Polish partner, 2 within the BUFALLOGREEN operation. It allowed NSA to intercept metadata (since March 3, 2009) and communication content (since March 25). The conducted activities were aimed at collecting information related to international communications passing through the territory of Poland. It is not entirely clear whether these activities have been completed and what were the legal grounds for cooperation of Polish services with the NSA in the field of wholesale collection and transmission of information covered by the telecommunication secrecy to foreigners. This is particularly important if one takes into account the fact that the right to respect for privacy guaranteed in the Constitution covers all persons subject to Polish jurisdiction and not only citizens; -MUSCULAR -this is a programme aimed at intercepting data from Google and Yahoo processing centres located in the UK. In addition to the above mentioned surveillance programs, another extremely dangerous program has appeared, called PEGASUS. This program exploits vulnerabilities in phone systems and allows you to take control of the entire device. What's more, the program includes encrypted communicators such as WhatsApp and Signal because of access to the microphone and keypad (encryption of the message by the communicator takes place only at the moment of sending it) and PEGASUS intercepts the message as it is written.
When discussing the issue of state surveillance of a citizen, one cannot overlook the so-called legal path of obtaining and collecting data on citizens by state authorities, i.e. a path based on legal regulations, in particular: The situation is similar for Microsoft and Apple. In the second half of 2018, Polish services asked Microsoft for information about the data 101 times, and this concerned 1,444 accounts. Of these, 34% of the requests were rejected, 34% of the data were not found, and in the remaining 30% the data were provided. At the same time, 61 requests for data were sent from Poland to Apple and concerned 1,702 devices, 29 financial identifiers and 15 accounts. Apple 60% of the requests were positively received. The size of such activities may be proved by the report of the Minister of Justice of the Public Prosecutor General for 2018, which also includes information concerning acquisition of telecommunications and Internet data. According to the report, the Police, the National Revenue Administration, the Border Guard, the Internal Security Agency, the CBA, the Treasury Intelligence Service, the Military Police Headquarters, the Military Police Branches and the Military Counterintelligence Service processed a total of 1,356,775 data, including the following: 1,325,241 telecommunications and 22,933 Internet. 3 The scale of this phenomenon is constantly growing anyway: -in 2012 -The police registered 5,995 applications and orders for operational control; -in 2013 -6,814; -in 2014 -7,975; -in 2015 -8,945; -in 2016 -9,506; -in 2017 -9,876. Out of the total number of applications, only 151 were not permitted to order an operational control, including 142 applications did not obtain consent of the prosecutor and 9 of the regional court having territorial jurisdiction. 4 * * * Certain circumstances may make democratic values an obstacle to cybersecurity. Cyber-security management is an extreme in authoritarian states that control access to the Internet, with the aim of, among other things, restricting users access to websites selected and accepted by the authorities. The methods used to make the elements of cyber security management work together, especially between the government and individuals, increasingly determine the model of power in the state. The pluralist nature of cyberspace provides an opportunity for free, individual and unfettered expression. However, if democratic values are limited in this area, then the balance between democracy and security will be compromised in favour of security. Evidence of unethical and illegal activities is provided by documents leaked thanks to a former NSA employee -Edward Snowden. They revealed, among other things, the enormous scale of cyber surveillance used by intelligence services and their activities penetrating private areas in communication networks.
The domination of the value of cyber security in state policy may cause a number of negative consequences, which may include, among others, the desire to introduce legal regulations that may restrict civil rights and freedoms, and in the next stage may lead to violence. In addition to the high physical damage and direct financial losses, the very likelihood of future cyber threats may cause social distrust and aversion to working with new technologies.
It seems obvious that programmes of mass and unlimited surveillance do not meet the criterion of necessity in a democratic society. As a result, their implementation causes unauthorised interference of public authorities in the sphere of citizens privacy. It should also be emphasized that the global nature of the Internet means that mechanisms based on territoriality in a rather limited way ensure effective protection of individuals' rights against violations by public authorities in cyberspace.
The above considerations lead to the conclusion that legal privacy safeguards are an effective mechanism that can lead to a limitation of the scope of data collected by the State, including for mass surveillance programmes. While the use of other measures, including technical ones, may increase the sense of privacy in individual cases, they do not systematically address the lack of respect by intelligence services for rights under international and national legislation.
There is no doubt that ICT surveillance methods play an extremely important role in the activities of state security services, allowing, inter alia, interception of communications and metadata through searches of databases. These activities -both legal and illegal -undoubtedly constitute interference with fundamental rights, especially the right to data protection and privacy. Therefore, it is extremely important to consider the necessity of subjecting such state actions to the control of independent bodies, which will make it possible to maintain a kind of balance between citizens' right to privacy and arbitrary decisions of state bodies violating this sphere. The practice of exchanging information obtained through covert surveillance between States is becoming more and more common "The increasing practice of governments to transfer and share intelligence obtained through covert surveillance -a practice whose usefulness in the fight against international terrorism, as already stated, is beyond doubt and which concerns both exchanges between Council of Europe Member States and with other jurisdictions -is another factor requiring special attention as regards external surveillance and remedies" (Judgment of the ECHR of 12 January 2016).
A citizen's clash with the machinery of the state puts the former in a position to lose out if he is not equipped with real means and possibilities of effective defense against the services' aspirations to omniscient knowledge of citizens. Without depreciating the power of the competent authorities to legitimately interfere in the sphere of privacy, it must be stated that such interference must take place solely on the basis of the rules of law, "[The] interference can only be justified under Article 8(2) if it is lawful, pursues one or more of the legitimate aims set out in Article 8(2) and is necessary in a democratic society in order to achieve those aims [...]" (ECtHR judgment of 4 December 2015) and should always be reviewed by independent judicial authorities if we are not to be threatened by the vision of an Orwellian totalitarian state. konsekwencji, do których można zaliczyć m.in. chęć wprowadzenia regulacji prawnych, które ograniczać mogą prawa i swobody obywatelskie, a w następnym etapie mogą prowadzić do stosowania przemocy. Skutkiem tego, ich realizacja powoduje nadmierną, a niejednokrotnie nieuprawnioną ingerencję organów publicznych w sferę prywatności obywateli. Należy też podkreślić, że globalny charakter Internetu sprawia, iż mechanizmy oparte na terytorialności w dość ograniczony sposób zapewniają skuteczną ochronę praw jednostek przed naruszeniami ze strony władzy publicznej w cyberprzestrzeni. Obok dużych szkód fizycznych i bezpośrednich strat finansowych, samo prawdopodobieństwo wystąpienia przyszłych cyberzagrożeń wywoływać może społeczną nieufność i niechęć do pracy z nowymi technologiami.