The TPRC is seeking to select up to 6 TPRC Junior Fellows – early-career researchers engaged in research on the Internet, telecommunication and media policy in the digital age. Please nominate individuals whom you think might make outstanding fellows. Those who have wond student paper awards at the TPRC conference as well as those who served Benton Award winners could be candidates, but we are open to anyone you feel to have the potential to do outstanding research on key issues for the TPRC, and engage other early-career researchers in our activities.
The TPRC Junior Fellows Program was designed in part to award excellence but also tobring new members into the TPRC community. Those appointed will be honoured and serve as ambassadors for TPRC, working pro bono and appointed to two-year terms by the Board. Junior Fellows will be emerging scholars with good connections to their peers, including but not limited to successful TPRC paper presenters and alumni of the Graduate Student Consortium and Benton Award.
TPRC hopes that Junior Fellows will help broaden the TPRC community, and improve the participation of underrepresented groups, such as young academics, certain disciplines not traditionally involved in telecom research who are engaged in new media and digitial policy, and those engaged in new research areas, as well as those who bring greater diversity to our community, including women, minorities, and under-represented groups.
The TPRC Board anticipates that Fellows will disseminate information about TPRC on their personal networks, and identify and engage 1-1 with prospective attendees and encourage them to participate in TPRC. In return, TPRC will recognize Fellows on the TPRC web site, and publicly welcome new appointees during the conference, and provide material and mentoring to support their outreach mission. Of course, the Early Career Fellows will be able to list this service on their resumes. Each Fellow will have a designated Board liaison, who will check in periodically to discuss support needed and progress made. TPRC will aim to support your career.
We’re looking for people that meet as many of the following criteria as possible. None of them are required qualifications; we don’t expect that anyone will check all the boxes.
From under-represented groups, including women and minorities
Working in new research areas and those under-represented at TPRC
Academic talent and promise
Good network of contacts, e.g. active on social media
The fifth annual conference of Oxford’s Global Cyber Security Capacity Centre (GCSCC) was held in late February 2019 at the Oxford University’s Martin School. It engaged over 120 individuals from the capacity building community in one full day of conference sessions, preceded and followed by several days of more specialized meetings.*
The focus of the conference was on taking stock of the last five years of the Centre’s work, and looking ahead to the next five years in what is an incredibly fast moving area of Internet studies. So it was an ideal setting for reflecting on current themes within the cybersecurity and capacity building community. The presentations and discussions at this meeting provided a basis for reflections on major themes of contemporary discussions of cybersecurity and how they come together in ways that reinforce the need for capacity building in this area.
The major themes I took away from the day concerned 1) changing nature of threats and technologies; 2) the large and heterogeneous ecology of actors involved in cybersecurity capacity building; 3) the prominence of cross-national and regional differences; and 4) the range and prevalence of communication issues. These themes gave rise to a general sense of what could be done. Essentially, there was agreement that there was no technical fix to security, and that fear campaigns were ineffective, particularly unless Internet users are provided instructions on how to respond. However, there was also a clear recommendation not to throw up your hands in despair, as ‘cybersecurity capacity building works’ – nations need to see capacity building as a direction for their own strategies and actions.
I’ll try to further develop each of these points, although I cannot hope to give justice to the discussion throughout the day. Voices from Oxford (VOX) has helped capture the day in a short clip that I will soon post. But here, briefly, are my major takeaways from the day.
Changing Threats and Technologies
The threats to cybersecurity are extremely wide ranging across contexts and technologies, and the technologies are constantly and rapidly changing. Contrast the potential threats to national infrastructures from cyberwarfare with the threats to privacy from the Internet of Things, such as a baby with a toy that is online. The number of permutations of contexts and technologies is great.
The Complex Ecology of Actors
There is a huge and diverse set of actors and institutions involved in cybersecurity capacity building. There are: cybersecurity professionals, IT professionals, IT, software, and Internet industries; non-governmental organizations; donors; researchers; managers of governments and organizations; national and regional agencies; and global bodies, such as the World Economic Forum and the Internet Governance Forum. Each has many separate but overlapping roles and areas of focus, and each has a stake in global cybersecurity given the risks posed by malicious actors that can take advantage of global weaknesses.
One theme of our national cybersecurity reviews was that the multitude of actors within one country that were involved with cybersecurity often came together in one room for the very first time to speak with our research team. Cybersecurity simply involves a diverse range of actors at all levels of nations and organizations, and with a diverse array of relationships to the Internet and information and communication technologies, from professional IT teams and cybersecurity response teams to users. Developing a more coherent perspective on this ecology of actors is a key need in this area.
National and Regional Differences
Another clear theme of the day was the differences across the various nations and regions, including the obvious issues of the smaller versus larger nations in the scale of their efforts, but also between the low and high income nations. We heard cases of Somalia juxtaposed with examples from the UK and Iceland. And the range and nature of actors across these nations often differed dramatically, such as in the relevance of different global facilitating organisations, such as the World Bank.
Communication in So Many Words
Given this ecology of actors in a global arena, it might not be surprising that communication emerged as a dominant theme. It arose through many presentations and discussions of the need for awareness, coordination, collaboration (across areas and levels within nations, across countries, regions), as well as the need for prioritizing efforts and instruction and training, both of which work through communication. Of course, the conference itself was an opportunity for communication and networking that seemed to be highly valued.
What Can Be Done? Capacity Building
However, despite these technical, individual, and national differences, requiring intensive efforts to communicate, coordinate, and collaborate nationally, regionally, and globally, there were some common thoughts on what needs to be done. Time and again, speakers stressed the lack of any technical fix – or what one participant referred to as a silver bullet – to fix cybersecurity. And there was a general consensus that awareness campaigns that were basically fear campaigns did not work. Internet users, whether in households or major organizations, need instructions on what to do in order to improve their security. But doing nothing was not an option, and given the conference, it may not be surprising, but there did seem to be a general acceptance that cybersecurity capacity building was a set of instructions on a way forward. Our own research has provided empirical evidence than capacity building works, and is in the interest of every nation.**
Ofcom reports that fewer people are using their mobile phones for making phone calls (Williams 2018). The use of smartphones for calls is declining while their use for texting, emailing, searching and using social media is rising. Clearly, this trend is not unique to the UK, nor is it simply limited to the use if smartphones. But I fear this interesting trend masks a more fundamental shift in communication: Put simply, more people are choosing not to speak with others – by phone or in person.
To illustrate, here is a typical conversation I would have with a former office assistant (OA) in my former university. She was a valued member of our team and went off for an exciting move when her husband was offered a better job. But here was a typical scenario:
Me: Has the approval for our research travel come through?
OA: No. I sent an email two days ago. No word yet.
Me: Could you check, and try to nudge them? We need to move ahead.
OA: OK. I’ll send another email.
Me: Maybe it would be easier if you just picked up the phone? Actually, the office is close – maybe you could pop in a speak to the grant officer.
OA: Its easier to email, and she’ll see it.
I stew for a moment and then walk the few minutes to the grant office, speak with the officer, and get the approval. All the time I am wondering why no one wants to simply pick up the phone or walk down the hall. Perhaps (undoubtedly) it is more efficient for the OA to email, but not for me waiting for approval. Perhaps the OA doesn’t want to disturb or interrupt the grant officer, but my work is effectively stalled. Am I simply being selfish or is my OA simply following a rational path that is not only the easy way but the contemporary way to do things?
Of course, this is a simple anecdote, but it happens so often that I cannot help but wonder how pervasive this style of communication is becoming. When I have shared this view with administrators, they acknowledge this as a growing pattern. And it is not just email, but also so-called enterprise platforms for conducting all sorts of financial, administrative, and personnel matters. Ask about health benefits, and I’m told to check or enroll on our enterprise business system. Of course, these systems are designed to permit fewer administrators to handle more personnel. But ironically, it might also lead to inefficiencies and ineffectiveness, such as sending an email rather than picking up a phone or speaking with the right person.
Maybe I am wrong. Video and voice over IP enables applications like Skype, Google Hangouts, and FaceTime that are permitting more interpersonal conversations to occur among people distributed around the world. And since the 1970s, when people expected electronic telecommunications to enable tradeoffs with travel, research has found that telecommunications tends to reinforce travel as we telecommunicate with those we meet with face-to-face before and after meetings. If we email someone, we are more likely to meet them face-to-face, and vice versa.
But I wonder if we have reached some tipping point where this might well be changing – a point when it is getting increasingly difficult to speak with anyone face-to-face or even on the phone.
Zoe Williams, ‘It’s so funny how we don’t talk any more’, The Guardian, Friday, 3 August 2018: 5.
I have been amazed by the level of consensus, among politicians, the press and the directors of security agencies, over the origins and motivations behind the Russian hacking of the 2016 presidential election. Seldom are security agencies willing to confirm or deny security allegations, much less promote them*, even when cyber security experts vary in their certainty over the exact details. Of course there are many interpretations of what we are seeing, including speaking arguments that this is simply a responsible press, partisan politics, reactions to the President-elect, or a clear demonstration of what has been called, in a study of a thread of Israeli journalism, ‘patriotic’ journalism.* For example, you can hear journalists and politicians not only demonizing WikiLeaks founder Julian Assange, the messenger, but also arguing that those who do not accept the consensus are virtually enemies of the state.
One useful theoretical perspective that might help make sense of this unfolding display of consensus is the concept of the ‘certainty trough’, anchored in Donald MacKensie’s research** on missile systems and those who had different levels of certainty about their performance, such as their accuracy in hitting the targets they are designed to strike. He was trying to explain how the generals, for example, could be so certain of their performance, when those most directly involved in developing the missile systems were less certain of how well they will perform.
The figure applies MacKenzie’s framework to the hacking case. My contention is that you can see aspects of the certainty trough with respect to accounts of Russian hacking of John Podesta’s emails, which led to damaging revelations about the Democratic National Committee (DNC) and the Clinton Foundation during the election, such as in leading to the resignation of Representative Debbie Wasserman Schultz’s DNC post. On the one hand, there are security experts, most directly involved in, and knowledgeable about, these issues, with less certainty than the politicians and journalists about how sophisticated these hacks of an email account were, and whether they can attribute clear intentions to an ecology of multiple actors. At the other extreme, the public is the least knowledgeable about cyber security, and likely to have less certainty over what happened (see Figure). Put simply, it is not the case that the more you know the more certain you are about the facts of the case.
The upshot of this possibility is that the journalists and politicians involved in this issue should not demonize those who are less certain about who did what to whom in this case. The critics of the skeptics might well be sitting in the certainty trough.
A British High Court justice has ‘struck down a ban on sending books to prisoners’, as reported by the NYT: http://www.nytimes.com/2014/12/06/world/europe/british-judge-lifts-restriction-on-books-in-prison.html A number of writers, poets and human rights advocates have been pressing for the right of prisoners to buy books from the ‘outside world’. Apparently the prison service had supported access to books, but only through the prison libraries or purchases through the prison service, as a security measure: to prevent the smuggling of other things into the prison, as we have all seen in popular films and television series. It seems to me that it is arguably worth the time and effort of searching packages sent to prisoners in order to enhance access to books. Surely the value of books in educating and supporting the rehabilitation of those in prison is a long-term payoff that offsets the cost of screening.
About a decade ago, I was introduced to an imaginative plan to enable limited access to the Internet from prison. There are a number of programs that enable limited access to electronic text messaging, for example, but by and large, this is a huge hurdle. Nevertheless, I hope advocates of this development are continuing to pursue schemes that might enable safe access to the Internet, such as for access to education and entertainment that could be as important as the right to read. I would like to hear of initiatives in this area, and wish them well.
Modernizing and Inspiring a “Startup Mentality” in Legacy Information Technology Organizations
Speakers: David A. Bray, Oxford Martin Associate and CIO of the U.S. FCC, Yorick Wilks, and Greg Taylor
19 June 2014 from 4-5 pm
OII Seminar Room, 1 St Giles’, Oxford
By some estimates, 70% of IT organization budgets are spent on maintaining legacy systems. These costs delays needed transitions to newer technologies. Moreover, this cost estimate only captures those legacy processes automated by IT; several paper-based, manual processes exist and result in additional hidden, human-intensive costs that could benefit from modern IT automation.
This interactive discussion will discuss the opportunities and challenges with inspiring a “startup mentality” in legacy information technology organizations. Dr. David Bray, will discuss his own experiences with inspiring a “startup mentality” in legacy IT organizations as well as future directions for legacy organizations confronted with modernization requirements. The discussion will be chaired by OII’s Dr. Greg Taylor, and Yorick Wilks, an OII Research Associate, and Professor of Artificial Intelligence in the Department of Computer Science at the University of Sheffield, will offer his comments and responses to David’s ideas before opening the discussion to participation from the audience.
The 6th ACM Web Science Conference will be held 23-26 June 2014 on the beautiful campus of Indiana University, Bloomington. Web Science continues to focus on the study of information networks, social communities, organizations, applications, and policies that shape and are shaped by the Web.
The WebSci14 program includes 29 paper presentations, 35 posters with lightening talks, a documentary, and keynotes by Dame Wendy Hall (U. of Southampton), JP Rangaswami (Salesforce.com), Laura DeNardis (American University) and Daniel Tunkelang (LinkedIn). Several workshops will be held in conjunction with the conference on topics such as Altmetrics, computational approaches to social modeling, the complex dynamics of the Web, the Web of scientific knowledge, interdisciplinary coups to calamities, Web Science education, Web observatories, and Cybercrime and Cyberwar. Conference attendees will have an opportunity to enjoy the exhibit Places & Spaces: Mapping Science, meant to inspire cross-disciplinary discussion on how to track and communicate human activity and scientific progress on a global scale. Finally, we will award prizes for the most innovative visualizations of Web data. For this data challenge, we are providing four large datasets that will remain publicly available to Web