(excerpt from Prof. Peter Adey during the 2016 CDT Introduction day, held in the Windsor Building – 23/11/16)
Last week I gave a short talk to the new recruits from the Centre for Doctoral Training (CDT) in Cyber-Security at Royal Holloway, which has been funded as part of the UK’s cyber-security strategy. Royal Holloway has a long history of research in information security, going back to code-breaking at Bletchley Park and the earliest forms of computing. With Oxford it is one of two CDTs which fund and train an intake of 10 PhD studentships per year.
I’ve been invited onto the management team of the centre, particularly as in the first year of the students’ PhDs they undertake classes we run in the social sciences on a number of topics related to Geopolitics and Security. While most of the studentships awarded are primarily technical, the idea is both to give the students a broader training in debates and critical discussion, and potentially research methods more attuned to social science orientated thinking (which I’ll come on to). Moreover, each year several studentships are awarded to projects or students which are likely to be less technical. I’ll highlight some of these projects below.
In what follows I want to use some of what I said to reflect on what more social science and humanities oriented perspectives – from my limited position within human geography – could add to a centre like this. I should say that these views are just my own and clearly only scratch at the surface of wider research being conducted by geographers and others on these forms of computing, I’m thinking of especially Louise Amoore, Rob Kitchin, Jeremy Crampton, Lizzie Coles-Kemp, Martin Dodge, Claudia Aradau, James Ash, Nat O’Grady and many others.
It seems to me, that the research and training completed within the CDT should recognise the wider relationship of cyber-security – to politics, policy and the societies that both shape cyber-security and who are also on the other end of it. We should also be self-critical of our own relationship to these issues.
It has been said that the Royal Holloway CDT is in the national interest, but being somewhere between government industry and academia, we should never forget to always ask questions about what we mean by those national interests, which ones and should we share them? We should be always asking what kind of cyber security and for whom does it matter? For whom should cyber-security count? What better way to ensure cyber-security is accountable and justifiable, to our funders, to the public and other audiences? This is clearly timely with the Investigatory Powers Bill now becoming an Act. A petition intended to block it has quickly received over 100,000 signatories.
In this sense, cyber-security can’t hold its head in the sand as a purely technical set of problems, but recognise that it is infected by values, judgements, regulations, laws, ethics – relations both domestic and international or at other scales – that are inescapably political, societal, cultural, contextual – because it matters where cyber-security happens. It must be too reductive to label these as ‘human factors’ as occasionally these sort of issues are, or partitioned off as ‘soft’.
So it is in this kind of vein that we’ve tried to develop a small part of the different training on offer to the centre around these issues.
And so if I might do justice to some of the different projects already underway and most directly focused on these issues, I’m thinking of Pip Thornton’s work on the cultural and unintended distortions of language within Google’s search engine which tend to perpetuate highly gendered and sexually derogative values, underpinned by a fascinating political-economy of expertise, training, advertising and words. How to make these relations visible, and how to work against them in art or creative practice are issues Pip is exploring.
Steve Hersee’s in-depth work on the construction of UK cyber-security debates that see both government seeking to secure cyber-space through regulation, intervention and surveillance practices – which are on the other hand, re-securitised in a way by information rights groups, civil liberties organisations, and publics as new threats to privacy, equality, the integrity of the individual, and threaten to discriminate. Steve is trying to add balance to the debate.
I could also mention Andreas Haggman’s work, developing wargaming practices to intervene on the organisational and working cultures – specifically the training practices of cyber-security organisations – through really innovative and insightful means. Or Suleman Ibrahim’s exploration of cyber-crime debates and practices in Nigeria – asking in what ways does cyber-security and cyber-crime makes sense in a different legal, political system, of kinship networks, and different moral even spiritual values.
And Nick Robinson, who is developing his research on the relationship between data, security and citizenship in the geopolitical context of post-socialism in the Baltic States; primarily in Estonia, who have developed their own notions of e- or digital citizenship and developed a digital embassy. How they are using cyber-security techniques to try to democratise their citizen’s own data through blockchain technologies lies at the heart of Nick’s work.
But even if these topics are more at the periphery of the projects the centre pursues, they have been undoubtedly shaped by them. Many of these projects could simply not be done without greater understanding of the ways in which such systems work. As with research which has shed so much light on the technical and technological workings of drones and the systems and networks (legal, social, political) which they both serve and are caught (Gregory; Suchmann, Jones), we really must understand the how of cyber security.