Project Overview
The Internet has a dark side. As more people use and become dependent on the Internet, these users are also increasingly threatened by malware. Malware is malicious software which individuals create or use to steal, alter, or delete information or damage physical equipment. Until recently, criminals were the main users of malware. However, in 2013, several reputable media sites reported that states are increasingly important customers, creators, and users of malware. States use malware for a wide range of purposes; some use malware to test their cyber security defenses, while others use malware to probe, steal information, or destroy infrastructure in other countries. In addition, growing numbers of democracies use malware to spy on their own citizens or those from other countries. Hence state use of malware is becoming a problem with direct and indirect effects on the economy, human rights, trust and governance. State demandeurs of malware appear to be bidding up the price of malware, increasing its cost and supply. When malware moves across borders (we call this a cross-border infection), states, firms and individuals may respond by restricting the free flow of information. In addition, government use of malware can undermine people’s trust in institutions, policies and policymakers and make people feel less secure online.
Herein, we seek to understand why governments create, purchase, and use malware across borders and how other governments respond to such use, an important foreign policy question. Our case studies are Brazil and Estonia. Other governments have used malware against Brazil and Estonia. Estonia has taken a leading role in cyber-defense, while Brazil has taken a leading role in global internet governance. By bringing greater transparency to government use of malware, we hope to encourage a broader public debate about the costs and benefits of government use of malware. The desk study is part of a planned study to review and compare the policies of 8 governments.
Project Objectives:
We aim to use scholarly research to improve understanding of government policies towards the creation, purchase and use of malware across borders.
We will research:
-
Do Brazil and Estonia purchase, create, and use malware across borders? Under what legal authority?
-
Who and what agencies participate in the decision-making process? Is the process transparent and accountable?
-
Do policymakers weigh the economic, human rights and trust implications of the use of malware?
-
What norms affect the deployment of malware for non-warfare purposes?
-
How have these countries responded to other country’s use of malware?
With these questions we can develop a typology of the norms related to government malware use, and carefully illuminate the unintended costs of cross-border use of malware. We will also make recommendations for policymakers on global governance strategies for malware use.
In so doing, we will explore the following thematic focus:
-
How are countries and other strategic global players using the Internet to reach foreign policy objectives?
-
The effects of Snowden and the NSA revelations on the creation of Internet policies and narratives about the Internet in national/regional/and international contexts; and
-
How normative frameworks and narratives about the Internet are “exported” from one country or region to others