Mansoor Ahmed-Rengers and I had the privilege of presenting our work on the privatisation of cyber norms formation at the 2020 Hague Cyber Norms Conference this week. This was my first taste of the field of cyber norms, which seems to mainly focus on international relations perspectives on cybersecurity. Much of the work in the field assumes strong ties between cybersecurity, national security, and international conflict/competition. The presentations revolved around themes like digital national sovereignty, military strategy, and national “cyber power.”
The militarised and empirical focus of the field of cyber norms somewhat surprised me, as it is decidedly different from the field of AI ethics – even though the two fields sound like they would be closely related.
The conference ended with a keynote from Bruce Schneier – a big name in the world of cybersecurity. His talk was less about military strategy, and more about the need for regulation in cyberspace.
Smart regulations in a few large markets improve security everywhere. I don’t see any alternatives.Bruce Schneier
Schneier emphasised the fact that the internet is now so pervasive, so integrated into all our devices and daily activities, that “internet security becomes everything security.” The internet has become too crucial for governments to not regulate. In his view, the market cannot solve existing vulerabilities, because market actors have short term, profit-driven motivations. Fortunately, as the internet connects everything everywhere, regulatory leadership from a few powerful governments would raise the bar for security everywhere.
Policy-makers will never get the policy right, if they get the technology wrong.Bruce Schneier
However, Schneier also described a risk associated with government regulation: policy-makers may legislate in a way that is not useful, because they do not fully understand the intricacies of the technology. He called on “techies” to take an interest in policy-making, and get involved in the debates, to avoid the risk of regulation that’s not grounded in technological reality. He therefore argued for interdisciplinary training in tech education, so that the new generations of “techies” will be “public interest technologists.”
I fully support Schneier’s call for interdisciplinary education. Coming from a legal background, I’ve spent a year studying computer science, to be able to understand ML and computer vision. I was lucky that I was given the space within my PhD to do this. In traditional legal education, there is no space to cross disciplines in this way, and neither is there much space in computer science education for law, politics, and ethics.
To close this gap in education, we’re starting a new MSc in Responsible Data Science at the University of Birmingham. We will start educating a new generation of tech-savvy lawyers and policy-makers in 2021. Feel free to contact me with any questions about this programme.