Cooperation between states and international businesses is necessary to create trust in the security of the internet
International relations and strategic studies face a dilemma over how to deal with the internet. There are questions about the future of the state and military force, the power of international businesses and new threats to global security. My research on the relations between states and international businesses in forging information security policies aims to provide some direction for future studies.
I first experienced the power of networks in 1989 when I started to exchange messages over the then NSFNET. My involvement in information security began when I joined the International Centre for Security Analysis, the consultancy arm of the department of war studies at King's College, London. Andrew Rathmell, head of ICSA, encouraged me to explore a new field creating a stir in the United States: information warfare.
As the internet continued to expand, government agencies began to fear the consequences of society's dependence on it. Information warfare builds on these fears, since it suggests the possibility for rogue agents to cripple western societies by disrupting information networks through cyber-attacks. Some analysts even went as far as to foresee an "electronic Pearl Harbor".
I did some fieldwork and ended up debating these issues with the individuals who had triggered information warfare: the hackers. I became exposed to a new technological and social environment that is now having some revenge with the commercial success of "open source" projects such as Linux.
From these experiences, coupled with some interesting ICSA projects for the UK Defence Evaluation Research Agency, starting a PhD at King's seemed natural. But literature on information warfare was too military, while the issues were mainly civilian or commercial. I needed to develop a different theoretical approach, as well as get some funding.
I secured a three-year Marie Curie research fellowship from the European Commission and began to explore how state organisations and international businesses can cooperate in developing information security policies and regulations. My core assumption is that, when it comes to the internet, businesses have the same role - if not equal - as states. Since the privatisation of the NSFNET in 1995, business controls the commercial traffic on the internet. Although it may look normal for the two actors to cooperate, the first months of my PhD were spent in the middle of debates over the control of encryption and electronic signatures. Government institutions and international businesses were, and still are, in conflict, although they realise they need one another.
I became more convinced that encryption and information security issues were pivotal for the success of the internet and electronic commerce. They create what web "inventor" Tim Berners-Lee calls a "web of trust". If users do not trust the internet, they will be reluctant to move their activities to the digital world. Researchers from the Owen Business School at Vanderbilt University have found that almost half of "experienced" internet users do not trust in the security of this medium. They need something to make them trust it. International business and states can create that trust.
A solution could be an international regime of norms and rules in encryption, security management and evaluation, which balances their own individual interests. The problem is how to create this cooperative spirit. I hope to find the solution to by April 2001, when my EC grant runs out.