Madeline Carr

Madeline Carr

At first glance, it’s hard to relate the work of Madeline Carr (UCL) work to cyber security. She talks about policy-making and power relations, not passwords and phishing attacks. But bear with her. She is bringing into RISCS a discipline that hasn’t been represented before: international relations. The cyber attacks of the last year, from international hacker groups spreading fake news, to the first Internet of Things botnet attacks, to the 2016 hack of the Ukrainian power grid, all show the need for this approach.

Those who remember the earliest stirrings of the internet remember the rhetoric that accompanied its arrival. The internet was going to democratise the world, flattening hierarchies and changing power structures. Twenty-five or so years later, things have not gone the way the pioneers predicted. Instead, we have companies whose revenues are larger than those of some countries and persistent debates over governance.

By the time Carr, who was born in Australia but moved to Canada at the age of three, was hearing those claims about the internet, they were already familiar from multiple earlier contexts. The first was in the mid 1980s, when she was working in desktop publishing and everyone was talking about the democratisation of design technology and imagining a future in which people could print their own newspapers. Over time, however, “The big lesson was that everyone began to understand the skills that typographers, graphical designers, and professional writers brought that had been completely misunderstood.” The technology does of course offer democratisation, but that didn’t mean you could just hand the latest DTP program to a secretary untrained in any of these areas and put them in charge of print production.

The next time it was film. Because of digital transformation, “Now anyone could make a movie.” But again: taking away the financial constraints of filmmaking didn’t remove the need for ideas and skills.

Then it was web design. Carr was always interested in what was and was not changing. In the latter category were perennial skills like writing and visual design, skills that went back a long way and were always needed.

All of this was behind her when she started an undergraduate degree in English literature in 1999, when she, her husband, and her first child had all moved to Tasmania and she was running the local branch of the national film, TV, and radio school. She loved to read, and thought the degree would help her in reading and assessing film scripts. “I hated English literature at uni,” she says, “but one day in the second year I stumbled into the wrong lecture and there was a charismatic guy talking about Dylan Thomas’s poetry and how it contributed to his sense of nationhood. And I thought, ‘What is this?'” It was, in fact, a political science class, “which I had always thought was about voter patterns and other really dry, dull issues.” She found the subject so interesting she changed immediately to a double major in political science and then spent a year doing a master’s. With young children still at home, she then thought it made sense to go on to do a PhD, beginning in 2006, when she won a scholarship to the highly-regarded international relations department at Australian National University.

It was in the course of doing that degree that she adopted her present research focus. “I was working on American power in southeast Asia,” she says, “but I couldn’t find a single new thing to say about it, and the thing that kept coming back to me was, how come in all this stuff I’m reading about American power, global politics, and so on, there’s no mention of the biggest transformation that is taking place in the world today – what’s happening in digital technologies?” She wrote her PhD on American power and the internet in international relations. And there again were the same tropes: big assertions about what the internet would mean for the power of the US and other countries, but “without any teasing apart of that technology”. And this was even though international relations tends to view technology and power as closely related on the basis that the state that dominates in technology – weapons and production – is the one that most likely to prevail in a war.

Carr’s work in this area began with examining what US policy makers actually said they wanted the internet to do for the country. In the US, the Clinton-Gore administration’s vision was to use the information superhighway as a way of both promoting human rights and expanding US markets. “They saw that it could shore up American power in an appropriate way for the post Cold War world.” The policies they came up with, she says, “formed an incredibly successful approach that America still benefits from even now.”

But the US approach, while largely supported in the West, has been less accepted elsewhere. Internet freedom has been a particular sticking point. “Yes, there’s an important human rights element in this US policy,” Carr says, “but unless you acknowledge that it’s also a very powerful foreign policy tool, then you’re missing why some other states will never fully acquiesce.”

As the internet has expanded around the globe, the easy assumption that it would promote human rights and shore up post-Cold War American power isn’t shared by other countries, which have their own agendas and ambitions. The (largely) US-based internet pioneers had a specific set of democratic values that they tried to embed in the technology they exported. But new developments like the Internet of Things are being defined and built in other countries with different values and goals. Even in the mid-2000s, Carr says, it was noticeable that China was developing a clear strategy for what it wanted to happen over the coming 20 to 30 years. The combination of its manufacturing base and advanced research into new technologies means that its economic expectations are likely to contribute to some power transitions in global politics of the coming decades. Essentially, the shared values of early-adopter countries like the US, Britain, and Australia, “are likely to be of decreasing consequence when you look at the shifting demographics online. The sheer numbers still to come from the developing world and Southeast Asia will vastly outnumber them.”

Carr moved to Britain in 2012, taking up a newly-created position at the University of Aberystwyth for someone working in international politics in the cyber dimension. There, she developed a master’s degree programme and worked in the UK policy community. Two years ago, she moved to Cardiff to do similar work. In 2017 she moved to UCL to take up a position in the multi-disciplinary Department of Science, Technology, Engineering and Public Policy, where she will develop a new digital research agenda and an MPA in Digital Technologies and Policy.

In the 2015 paper Power Plays in Global Internet Governance, Carr considered all this in the light of discussions over the future of the Internet Corporation for Assigned Names and Numbers as the US Department of Commerce relinquished the last vestiges of its control. The rhetoric surrounding the importance of ensuring an ongoing multistakeholder model of governance – along with suggestions that the internet’s version of it might inspire those concerned with other “post-state” issues to adopt it as a model – led Carr to tackle the subject. “I felt that it was so untouchable – in the sense that it was widely accepted as a ‘good thing’ – that I wanted to say, hang on: multistakeholderism itself isn’t an end goal. It may be a mechanism for doing something, but look at the power dynamics behind it.” Whereas, she says, “If you unpack multistakeholderism it’s easy to see why it’s perceived as an American or Western mechanism for the protection of power.” To date, private-sector representation has largely been limited to huge US companies, and even the NGOs involved as “civil society” are often largely US-funded even when they’re based in other countries. “Multistakeholderism is a positive approach, but ignoring the flaws in contemporary practices only weakens it. We know that if global arrangements privilege one group too much, people won’t adhere to them.”

Carr believes it’s essential therefore, to look ahead: even if something is working now and for years into the future, smart policy-making requires understanding why it may not be sustainable in the long run and finding better options that will produce the desired outcomes.

Here is where Carr lands on cybersecurity. Her PhD work had three prongs: internet governance, network neutrality, and cyber security. She saw them all as deeply entwined, although as her research agenda has developed, cyber security has drawn her attention because of her interest in global security. In “Cyberspace and International Order”, a chapter for the book she co-edited, The Anarchical Society at 40, Carr looks at the implications of the problem of attribution in cyberspace. Most views about this tend to be polarised. Some people insist that it’s not a problem and that war and political conflict are still very much the same as ever. Others think that anonymity in international conflict places the world in great danger because in the past it’s been generally clear in international relations who was acting against a given country. “IR scholars need to unpick this,” Carr says. “What difference does it make to the maintenance of international order that states can act under the cloak of plausible deniability?” The kind of strategic studies that have focused most on this are “one dimension, but not the whole story of global security”.

Another of her examples is public-private partnerships, which are also rarely critiqued. In 2016’s Public-Private Partnerships in National Cyber-Security Strategies, Carr highlights the problems of responsibility in these “partnerships”, pointing out that both the US and UK have built heavily on the idea of PPPs as the cornerstone of the national cyber security strategy. “It’s not possible for governments to relegate responsibility for national security to the private sector,” she says, “and the private sector certainly doesn’t want that responsibility, not the least because they would be concerned about the liability. So what exactly is the nature of this partnership?” She points out that PPPs require shared goals, mutual benefits, and clarity about roles, responsibilities, and the hierarchy of relationships, none of which characterize the PPP in national cyber security strategies. “To their credit, the most recent UK National Cyber Security Strategy really acknowledges that and takes a much more realistic and pro-active approach.”

The driving principle behind Carr’s work, therefore, is to take a multidimensional approach to questioning the things that are too widely accepted and not critically examined or challenged. She does this across disciplines – technology, law, social science. “Essentially, I’m interested in the global politics of technology and the way the world will change in terms of security and international order as technology continues to develop” she says. “I think we need to do a lot more work to understand how the world is changing. And of course, those factors that remain constant throughout significant technological shifts. You still can’t make a good film without creativity.”

Categories: BlogPeople

Wendy M. Grossman

Freelance writer specializing in computers, freedom, and privacy. For RISCS, I write blog posts and meeting and talk summaries