Research Portfolio Post #5: Research Topic Post
I am proposing to research cyber security norms because I want to find out what explains the difference between regional and universal cyber norms in order to help my reader understand how cyber norms are currently being developed and whether the current composition of practices in the world order can promote a universal cyber norm practice in the future.
There has been a significant call for the formation of cyber norms to establish and maintain order in cyberspace. The concept of norms can be understood through international relations theory and in particular through the constructivist lens. Constructivists understand cyber in terms of norms and practices that govern how states interact. Constructivists posit that universal norms take priority over regional norms.[1] Nations such as China, the US, Russia, and other nations have established regional norms in so far as they have created values and practices to guide the usage of cyber capabilities in cyberspace. Some scholars such as Mette Eilstrup-Sangiovanni have made the case for an international institution to be put in place to codify the formation of cyber norms in order to make the world a safer and more predictable place, but there remains a puzzle surrounding the state-specific formation of cyber norms and whether the current practices of nations have been developed in a manner that allows for compatibility to create universal norms.[2]
I am interested to know how cyber norms differ in the nations that have high caliber cyber capabilities. What explains China, the US, Israel, and Russia’s differing approach to existing in the cyber domain? How do the interactions between countries differ? How are they the same?
China is one interesting example of a nation that uses cyber to advance their national interests outside the generally accepted cyber norms. China has engaged in stealing American intellectual property and this has resulted in “costs between $225 billion and $600 billion annually.”[3] A large portion of this intellectual property theft has been conducted by cyber means. This issue has been researched and examined by the Office of the US Trade Representative, and one portion of this investigation was the role cyber played in producing this outcome. When analyzing China’s usage of cyber, the report explicates, “China’s [cyber] activities stand in contrast to domestic and international standards adopted around the world.”[4] Countries like the US, Germany, Japan and Britain criminalize the act of cyber theft, yet China remains as an outlier in this norm. Another example of China being in contention with a broader understanding of cyber security norms, is the incompatibility between the European Union’s General Data Protection Regulation (GDPR) and China’s Cybersecurity Law. Although these laws are nascent and not fully implemented yet, there remains contention between the laws that offers an interesting analysis of the difference between the two regions varying organization of cyber practices.[5] [6] Namely, I would like to research the explanation behind the variance in these standards.
The explanation of this puzzle is significant for a variety of reasons. Firstly, in the case of China, because of the economic interdependence of nations, fair competition enables the expansion of national interests. According to a study on how cyber espionage affects U.S. National security interests, the “theft of intellectual property from individual companies also weakens the ability for nations to compete on a global scale.”[7] Cyber norms govern interaction between nations in economics and security, so it is important to gain a deeper understanding of why there are discrepancies between the standards of powerful countries in order to promote standards that strengthen competition. Secondly, a deeper understanding of the variance among the current cyber norms between nations may reveal a route for greater cohesiveness to achieve the international institution academics have been requesting.
Although I focused on China in this post, I am still researching other countries’ approaches to the formation of cyber norms. I aim to research Russia, Israel, Iran and other nations laws and application of cyber capabilities so that I can look for more potential case studies to answer my broad research puzzle. However, China remains as an interesting case study when analyzing the application of cyber practices that form norms.
Case Specific: What explains the difference between China’s cyber norms and the more widely accepted norms? How did the formation of the variance of norms shape the discrepancies in utilizing cyber capabilities and implementing laws?
General: What explains the variety of regional cyber norms in different nations or groupings of nations?
[1] T. V. Paul, International Relations Theory and Regional Transformation (Cambridge, UNITED KINGDOM: Cambridge University Press, 2012), accessed September 30, 2018, http://ebookcentral.proquest.com/lib/aul/detail.action?docID=866889. Page 183.
[2] Mette Eilstrup-Sangiovanni, “Why the World Needs an International Cyberwar Convention,” Philosophy & Technology 31, no. 3 (September 1, 2018): 379–407.
[3] Qtd. Pham Sherisse, “How Much Has the US Lost from China’s Intellectual Property Theft?” CNN Tech, last modified March 23, 2018, accessed September 30, 2018, https://money.cnn.com/2018/03/23/technology/china-us-trump-tariffs-ip-theft/index.html.
[4] Office of the U.S. Trade Representative, Findings of the Investigation into China’s Acts, Policies and Practices Related to Technology Transfer, Intellectual Property, and Innovation under Section 301 of the Trade Act of 1974 (Washington, DC: Executive Office of the President, 2018, accessed September 30, 2018, https://purl.fdlp.gov/GPO/gpo90942. Page 171.
[5] “Translation: Cybersecurity Law of the People’s Republic of China (Effective June 1, 2017),” New America, accessed October 1, 2018, https://www.newamerica.org/cybersecurity-initiative/digichina/blog/translation-cybersecurity-law-peoples-republic-china/.
[6] “General Data Protection Regulation (GDPR) – Final Text Neatly Arranged,” General Data Protection Regulation (GDPR), accessed October 1, 2018, https://gdpr-info.eu/.
[7] Adrian Merton Mayers, “A Study on How Cyber Economic Espionage Affects U.S. National Security and Competitiveness” (D.B.A., Northcentral University, 2018), accessed September 30, 2018, https://search.proquest.com/docview/2071837112/abstract/47CAFDBE9BA446AAPQ/1.
Hannah,
You seem to have a developed focus for your research, which I believe will lead you down an interesting path of analysis. When I was reading your post, I was interested in what you have found about the constructivist perspective on your topic and the development of cyber norms. However, I would suggest that you also explore other perspectives on your research. How is your topic approached from a realist or liberal perspective? In addition, how can your research be separated in a way that is more specific to your topic than the general theories about international relations research and account for differences within the theoretical lenses? In addition, I appreciated your reasoning for choosing China as a case study, I would be curious to know what made you want to choose the other case studies as well and what are the common variables that exist between them that makes them the most effective case study options. I look forward to seeing where you go with your research and what conclusions you draw.
Hannah, you are definitely off to a good start here in specifying the puzzle. As I read your post, though, I wonder whether you could make the outcome you are explaining — “…the difference between regional and universal cyber norms….” — more specific. What is the specific (empirical) shift, change or difference here? In your discussion of the proposed research it almost seemed as if you were aiming to explain the specific actions and strategies/policies of states rather than norms (commonly shared ideas or standards that have evolved over time and often can’t be traced back to a singular act or action). Which of these do you think you’re really aiming at researching?
Thank you for your feedback Professor. In response to your question about the terminology, I am looking at strategies more so than I am looking at norms, (but I wonder if my research will lead me to discover certain patterns that could uncover norms that are not immediately evident on the surface when doing an analysis of strategies.)
In terms of the specificity of “regional” and “universal,” I have noticed some similarities and differences in the policies states employ. Some similarities in the usage of cyber arms are more common in law and practice than others are. A part of my research, if I continue with this question, will be to categorize these similarities and differences in order to explain how states exist in the domain of cyber.
Hannah – one question that comes to mind for me, at least, when you mention these similarities and differences in states’ cyber policies is what exactly are you calling a “region?” Do regions as we typically might categorize them apply equally in cyberspace, where distance becomes rather immaterial? I’m thinking of Russia and China as two examples of countries that might not respect cyber norms in the ways that others do, despite being from different regions. If geographic regions do matter, then it would certainly be interesting to look at how cultural factors might shape those norms. If regions don’t matter as much, then there’s still the possibility of grouping states by income or by capability in order to identify differences – I think the grouping will have to come from a look at the data for some specific countries. Either way, I think your project will end up with some pretty interesting implications.