Nominate an Early Career Research to Become a TPRC Junior Fellow

The TPRC is seeking to select up to 6 TPRC Junior Fellows – early-career researchers engaged in research on the Internet, telecommunication and media policy in the digital age. Please nominate individuals whom you think might make outstanding fellows. Those who have wond student paper awards at the TPRC conference as well as those who served Benton Award winners could be candidates, but we are open to anyone you feel to have the potential to do outstanding research on key issues for the TPRC, and engage other early-career researchers in our activities.

The TPRC Junior Fellows Program was designed in part to award excellence but also tobring new members into the TPRC community. Those appointed will be honoured and serve as ambassadors for TPRC, working pro bono and appointed to two-year terms by the Board. Junior Fellows will be emerging scholars with good connections to their peers, including but not limited to successful TPRC paper presenters and alumni of the Graduate Student Consortium and Benton Award.

TPRC hopes that Junior Fellows will help broaden the TPRC community, and improve the participation of underrepresented groups, such as young academics, certain disciplines not traditionally involved in telecom research who are engaged in new media and digitial policy, and those engaged in new research areas, as well as those who bring greater diversity to our community, including women, minorities, and under-represented groups.

The TPRC Board anticipates that Fellows will disseminate information about TPRC on their personal networks, and identify and engage 1-1 with prospective attendees and encourage them to participate in TPRC. In return, TPRC will recognize Fellows on the TPRC web site, and publicly welcome new appointees during the conference, and provide material and mentoring to support their outreach mission. Of course, the Early Career Fellows will be able to list this service on their resumes. Each Fellow will have a designated Board liaison, who will check in periodically to discuss support needed and progress made. TPRC will aim to support your career.

Desiderata

We’re looking for people that meet as many of the following criteria as possible. None of them are required qualifications; we don’t expect that anyone will check all the boxes.

  • From under-represented groups, including women and minorities
  • Working in new research areas and those under-represented at TPRC
  • Academic talent and promise
  • Good network of contacts, e.g. active on social media
  • Able and willing to advocate for TPRC

For information about the TPRC, see: http://www.tprcweb.com/

If you have ideas, you may contact me on this site, or by email at william.dutton@gmail.com

Cybersecurity and the Rationale for Capacity Building: Notes on a Conference

The fifth annual conference of Oxford’s Global Cyber Security Capacity Centre (GCSCC) was held in late February 2019 at the Oxford University’s Martin School. It engaged over 120 individuals from the capacity building community in one full day of conference sessions, preceded and followed by several days of more specialized meetings.*

The focus of the conference was on taking stock of the last five years of the Centre’s work, and looking ahead to the next five years in what is an incredibly fast moving area of Internet studies. So it was an ideal setting for reflecting on current themes within the cybersecurity and capacity building community. The presentations and discussions at this meeting provided a basis for reflections on major themes of contemporary discussions of cybersecurity and how they come together in ways that reinforce the need for capacity building in this area.

The major themes I took away from the day concerned 1) changing nature of threats and technologies; 2) the large and heterogeneous ecology of actors involved in cybersecurity capacity building; 3) the prominence of cross-national and regional differences; and 4) the range and prevalence of communication issues. These themes gave rise to a general sense of what could be done. Essentially, there was agreement that there was no technical fix to security, and that fear campaigns were ineffective, particularly unless Internet users are provided instructions on how to respond. However, there was also a clear recommendation not to throw up your hands in despair, as ‘cybersecurity capacity building works’ – nations need to see capacity building as a direction for their own strategies and actions.

Bill courtesy of Voices from Oxford (VOX)

I’ll try to further develop each of these points, although I cannot hope to give justice to the discussion throughout the day. Voices from Oxford (VOX) has helped capture the day in a short clip that I will soon post. But here, briefly, are my major takeaways from the day.

Changing Threats and Technologies

The threats to cybersecurity are extremely wide ranging across contexts and technologies, and the technologies are constantly and rapidly changing. Contrast the potential threats to national infrastructures from cyberwarfare with the threats to privacy from the Internet of Things, such as a baby with a toy that is online. The number of permutations of contexts and technologies is great.

The Complex Ecology of Actors

There is a huge and diverse set of actors and institutions involved in cybersecurity capacity building. There are: cybersecurity professionals, IT professionals, IT, software, and Internet industries; non-governmental organizations; donors; researchers; managers of governments and organizations; national and regional agencies; and global bodies, such as the World Economic Forum and the Internet Governance Forum. Each has many separate but overlapping roles and areas of focus, and each has a stake in global cybersecurity given the risks posed by malicious actors that can take advantage of global weaknesses.

One theme of our national cybersecurity reviews was that the multitude of actors within one country that were involved with cybersecurity often came together in one room for the very first time to speak with our research team. Cybersecurity simply involves a diverse range of actors at all levels of nations and organizations, and with a diverse array of relationships to the Internet and information and communication technologies, from professional IT teams and cybersecurity response teams to users. Developing a more coherent perspective on this ecology of actors is a key need in this area.

National and Regional Differences

Another clear theme of the day was the differences across the various nations and regions, including the obvious issues of the smaller versus larger nations in the scale of their efforts, but also between the low and high income nations. We heard cases of Somalia juxtaposed with examples from the UK and Iceland. And the range and nature of actors across these nations often differed dramatically, such as in the relevance of different global facilitating organisations, such as the World Bank.

Communication in So Many Words

Given this ecology of actors in a global arena, it might not be surprising that communication emerged as a dominant theme. It arose through many presentations and discussions of the need for awareness, coordination, collaboration (across areas and levels within nations, across countries, regions), as well as the need for prioritizing efforts and instruction and training, both of which work through communication. Of course, the conference itself was an opportunity for communication and networking that seemed to be highly valued.

What Can Be Done? Capacity Building

However, despite these technical, individual, and national differences, requiring intensive efforts to communicate, coordinate, and collaborate nationally, regionally, and globally, there were some common thoughts on what needs to be done. Time and again, speakers stressed the lack of any technical fix – or what one participant referred to as a silver bullet – to fix cybersecurity. And there was a general consensus that awareness campaigns that were basically fear campaigns did not work. Internet users, whether in households or major organizations, need instructions on what to do in order to improve their security. But doing nothing was not an option, and given the conference, it may not be surprising, but there did seem to be a general acceptance that cybersecurity capacity building was a set of instructions on a way forward. Our own research has provided empirical evidence than capacity building works, and is in the interest of every nation.**

A short video of the conference will give you a more personal sense of the international ecology of stakeholders and issues: https://vimeo.com/voicesfromoxford/review/322632731/ec0d5e5f9f 

Notes

*An overview of the first five years of the centre is available here: https://www.sbs.ox.ac.uk/cybersecurity-capacity/system/files/GCSCC%20booklet%20WEB.pdf 

**An early working paper is available online at: https://papers.ssrn.com/sol3/papers.cfm?abstract_id=2938078

 

 

 

Citizen Sensing of Broadband Access

I had the opportunity to work with Merit, Michigan’s research and education network, and the Quello Center at MSU, who have teamed up on a comment to the US NTIA on how to enhance indicators of broadband access. The comment provides an innovative approach to consumer sourcing of broadband availability data that builds off the FCC’s initiatives with crowd sourcing, but also leverages the strategic advantages of Merit, as a research educational network that covers the State of Michigan. If successful, this approach has the potential to be scaled nationally. The comment provides an overview of current approaches, the potential of consumer-sourced data, and an outline of their approach.

Comment is posted at: https://www.ntia.doc.gov/files/ntia/publications/quello_merit_commentsdocket_no.180427421-8421-01.pdf

Networked publics: multi-disciplinary perspectives on big policy issues

https://policyreview.info/articles/analysis/networked-publics-multi-disciplinary-perspectives-big-policy-issues

The editors of the Internet Policy Review are pleased to announce the publication of our newest special issue, bringing together the best policy-oriented papers presented at the 2017 annual conference of the Association of Internet Researchers (AoIR) in Tartu, Estonia. The issue – on the broad theme of networked publics – was edited by guest editor William H. Dutton, Professor of media and information policy at Michigan State University.

The seven papers in the special issue span topics concerning whether and how technology and policy are reshaping access to information, perspectives on privacy and security online, and social and legal perspectives on informed consent of internet users. As explained in the editorial to this issue, taken together, the papers reflect the rise of new policy, regulatory and governance issues around the internet and social media, an ascendance of disciplinary perspectives in what is arguably an interdisciplinary field, and the value that theoretical perspectives from cultural studies, law and the social sciences can bring to internet policy research.

This special issue is the first major release of Internet Policy Review in its fifth anniversary year. The open access journal on internet regulation is a high-quality publication put out by four leading European internet research institutions: The Humboldt Institute for Internet and Society (HIIG), Berlin; the Centre for Creativity, Regulation, Enterprise and Technology (CREATe), Glasgow; the Institut des sciences de la communication (ISCC-CNRS), Paris; the Internet Interdisciplinary Institute (IN3), Barcelona.

The release of this special issue officially kicks off the Internet Policy Review anniversary series of activities, including both an Open Access Minigolf during the Long Night of the Sciences (Berlin) and the IAMCR conference (Eugene, Oregon) in June, a Grand anniversary celebration (Berlin) in September and a participation in the AoIR2018 conference in October (Montreal). For up-to-date information on our planned activities, please kindly access: https://policyreview.info/5years

Papers in this Special Issue of Internet Policy Review

Editorial: Networked publics: multi-disciplinary perspectives on big policy issues
William H. Dutton, Michigan State University

Political topic-communities and their framing practices in the Dutch Twittersphere
Maranke Wieringa, Utrecht University
Daniela van Geenen, University of Applied Sciences Utrecht
Mirko Tobias Schäfer, Utrecht University
Ludo Gorzeman, Utrecht University

Big crisis data: generality-singularity tensions
Karolin Eva Kappler, University of Hagen

Cryptographic imaginaries and the networked public
Sarah Myers West, University of Southern California

Not just one, but many ‘Rights to be Forgotten’
Geert Van Calster, KU Leuven
Alejandro Gonzalez Arreaza, KU Leuven
Elsemiek Apers, Conseil International du Notariat Belge

What kind of cyber security? Theorising cyber security and mapping approaches
Laura Fichtner, University of Hamburg

Algorithmic governance and the need for consumer empowerment in data-driven markets
Stefan Larsson, Lund University

Standard form contracts and a smart contract future
Kristin B. Cornelius, University of California, Los Angeles

Link to Special Issue
https://policyreview.info/articles/analysis/networked-publics-multi-disciplinary-perspectives-big-policy-issues

Frédéric Dubois | Managing editor, Internet Policy Review
 Alexander von Humboldt Institute for Internet and Society

 Französische Strasse 9 · 10117 Berlin · Germany · hiig.de ·

The Chatham House Rule Should be the Exception

Can We Make the Chatham House Rule the Exception?

gargoyleBalliol
May I quote you?

It is common to debate the definition and correct implementation of the Chatham House Rule. My issue is with its over-use. It should be used in exceptional cases, rather than being routinized as a norm for managing communication about meetings.

To be clear, the Chatham House Rule (singular) is: “When a meeting, or part thereof, is held under the Chatham House Rule, participants are free to use the information received, but neither the identity nor the affiliation of the speaker(s), nor that of any other participant, may be revealed.”*

One of the central rationales of this rule was to enable more transparency by freeing governmental and other officials to speak without attribution.** Clearly, there are cases in which individuals cannot speak publicly about an issue given their position. Think about the many cases in which news sources do not wish to be identified by journalists. Similar situations arise in meetings, and it is good that The Chatham House Rule exists to use in just such occasions to promote greater transparency.

However, it is arguable that The Chatham House Rule is used in ways that do not promote transparency. For example, it is often misunderstood and used to prevent members of a meeting from conveying information provided at the meeting. Clearly, the original rule left participants ‘free to use the information’, just without identifying the source. This expansion of the Rule runs counter to the aim of the rule’s establishment.

In addition, all too often the Rule is invoked not because the content of a meeting is particularly sensitive, but because it creates a sense of tradition, and an aura of importance. It conveys the message that something important will be discussed at this meeting. However, the function of this is more in marketing a meeting rather than creating a safe setting for revealing secret, confidential, or new information.

A related rationale is that it is just ‘the way we do things’ – the tradition. In this case, there is likely to be no need for less transparency, but a case of blindly following tradition, resulting in information being inadvertently suppressed.

In many ways, the times are making The Chatham House Rule more problematic.

First, history is pushing us toward more transparency, not less. The spirit of the Rule should lead us to apply it only when necessary to open communication, such as around a sensitive issue, not to routinely regulate discussion of what was said in a meeting.

Secondly, the authenticity of information that comes out of a meeting is often enhanced by knowing more information about its source. If a new idea or piece of information is attributed to an individual, that individual can become a first source for authenticating what was said, and for follow up questions.

Thirdly, technical advances are making it less and less realistic to keep the source of information confidential. Leaks, recordings, live blogging and more are making transparency the norm of nearly every meeting. That is, it is better to assume that any meeting is public than to assume any meeting is confidential.

Over a decade ago, I once organized and chaired a meeting that included the UK’s Information Commissioner (the privacy commissioner, if you will), and it was conducted under The Chatham House Rule. At the break, I checked with my IT group about how the recording was going, as we were recording the meeting for preparing a discussion paper to follow. Lo and behold, the meeting was being Webcast! This made for a good laugh by the Commissioner and all when we reconvened, but it also reminded me that everyone should assume the default of a meeting in the digital world is that all is public rather than private.

Finally, there are better ways to handle information in today’s technical and political contexts. Personally, I usually record meetings that are about academic or applied matters, as opposed to meetings about personnel issues, for example. So if we convene a group to discuss a substantive issue, such as a digital policy issue like net neutrality, we let all participants know that presentations and discussions will be recorded. We do not promise that anything will be confidential, as it is not completely under our control, but we promise that our recording will be used primarily for writing up notes of the meeting, and that if anyone is quoted, they will be asked to approve the quote before it is distributed publicly.

Of course, when individuals request that something remains confidential, or confined to those present, then we do everything we can to ensure that confidentiality. (As with The Chatham House Rule, much relies on trust among the participants in a meeting.) But this restriction is the exception, rather than the rule. This process tends to ensure more accurate reports of meetings, enable us to quote individuals, who should get credit or attribution, and support transparency.

The Chatham House Rule was established in 1927 with Chatham House being the UK’s Royal Institute of International Affairs. The worries at that time were more often about encouraging government officials to participate in a discussion about sensitive international concerns by assuring anonymity. Today there are still likely to be occasions when this rule could be useful in bringing people around the table, but that is likely to be exception and not the rule in the era of the Internet, distributed electronic conferencing, and live Tweeting.

th
Chatham House, London

Notes

* https://www.chathamhouse.org/about/chatham-house-rule

** As noted by Chatham House: “The Chatham House Rule originated at Chatham House with the aim of providing anonymity to speakers and to encourage openness and the sharing of information. It is now used throughout the world as an aid to free discussion.” https://www.chathamhouse.org/about/chatham-house-rule

 

Multistakeholder or Multilateral Internet Governance?

Global debate over alternative approaches to governing the Internet has been wide ranging, but increasingly has pivoted around the wisdom of “multistakeholder governance.” This paper takes controversy around a multistakeholder versus an alternative multilateral approach as a focus for clarifying the changing context and significance of Internet governance. A critical perspective on this debate challenges some of the conventional wisdom marshaled around positions on the history and future of Internet governance. By providing an understanding of the dynamics of Internet governance, this paper seeks to illuminate and engage with issues that are of rising importance to the vitality of a global infrastructure that is becoming more central to economic and social development around the world. Based on the perspective developed in this paper, a multistakeholder process appears best suited for helping a widening array of actors, including multilateral organizations, to connect a worldwide ecology of choices that are governing the Internet.

My paper is being posted on SSRN and I’ll be speaking at the Digital Futures Conference at Shanghai Jiao Tong University this week.

Inspiring a Startup Mentality in Legacy IT Organizations – FCC CIO at the OII on 19 June, 4-5pm

Modernizing and Inspiring a “Startup Mentality” in Legacy Information Technology Organizations

Speakers: David A. Bray, Oxford Martin Associate and CIO of the U.S. FCC, Yorick Wilks, and Greg Taylor

19 June 2014 from 4-5 pm

OII Seminar Room, 1 St Giles’, Oxford

By some estimates, 70% of IT organization budgets are spent on maintaining legacy systems. These costs delays needed transitions to newer technologies. Moreover, this cost estimate only captures those legacy processes automated by IT; several paper-based, manual processes exist and result in additional hidden, human-intensive costs that could benefit from modern IT automation.

This interactive discussion will discuss the opportunities and challenges with inspiring a “startup mentality” in legacy information technology organizations. Dr. David Bray, will discuss his own experiences with inspiring a “startup mentality” in legacy IT organizations as well as future directions for legacy organizations confronted with modernization requirements. The discussion will be chaired by OII’s Dr. Greg Taylor, and Yorick Wilks, an OII Research Associate, and Professor of Artificial Intelligence in the Department of Computer Science at the University of Sheffield, will offer his comments and responses to David’s ideas before opening the discussion to participation from the audience.

David A. Bray at OII
David A. Bray at OII

Information about the speakers:

David A. Bray: http://www.oxfordmartin.ox.ac.uk/cybersecurity/people/575

Yorick Wilks: http://www.oii.ox.ac.uk/people/?id=31

Greg Taylor: http://www.oii.ox.ac.uk/people/?id=166