top of page
Methods:

We will begin by reviewing reports from firms that supply malware to governments, government agencies, firms that research cyber-incidents and secondary sources.[i] We are aware of two wikis with downloadable primary source documents related to malware. WikiLeaks, in cooperation with the Washington Post, Privacy International, and other organizations, has developed an online repository of data on many of these firms, categorizing them by country location, what they sell, and how they try to sell it. In addition, a wiki site, Bugged Planet, focuses on Signals Intelligence (SIGINT), Communication Intelligence (COMINT), Tactical and Strategic Measures used to intercept Communications, and the Vendors and Governmental and Private Operators of this Technology. This site tries to distinguish between verified information and allegations.[ii] We will utilize this information to help us map the parameters of the international market for malware and to familiarize ourselves with firms located in and/or selling to our case study countries. We will also examine primary and secondary source documents from a wide range of cyber-security providers and research organizations including McAfee, Kaspersky, Trend Micro, the World Economic Forum, and CISCO that analyze global trends in cyber-issues; as well as from international organizations such as NATO and think tanks such as the Stockholm International Peace Research Institute, the Center for Strategic and International Studies, and Center for Naval Analysis. Next, we will examine how these issues have affected each country – mapping whether or not the country has developed policies to address the role of governments in the purchase, use, and regulation of malware. We will review and draw data from legislation, white papers, testimony (where available), and official reports from various agencies, such as commerce, trade, defense, and intelligence.

 

Once these data are collected, we will begin our comparative analysis. We will use a technique relied on by many political scientists called “process tracing.” We will trace how policymakers in our case study countries (our unit of analysis) make decisions related to the production, sale, and use of malware. We will then examine whether and how they weigh the human rights, economic growth, and trust spillovers of these decisions. Thus, our case analysis will be both intensive -- addressing many aspects of the market for malware -- and integrative -- examining the market for malware and how it may be creating cyber-insecurity.

bottom of page