Final Paper Draft Outline – Week 7
For the second to last homework, you need to submit an outline of your final paper. What does
that mean? You need to read the article “Writing for College: What is an Academic Paper” and
conceptualize what the paper assignment for this course is about:
https://depts.washington.edu/owrc/Handouts/What%20is%20an%20Academic%20Paper.pdf
Next, you need to read the “Final Paper Minimum Requirements” to get a sense of how you shall
start creating the paper. Think of a topic that you are interest the most – it can be a critical paper,
project, applicative hacks – and then apply the instructions from the first two sources indicated.
The draft outline needs to answer:
• what is your topic,
• what are your main sections in the paper,
• what are the preliminary sources you will use,
• how you plan to write in each of these sections/use the sources.
The APA, IEEE, or MLA is required for this assignment. Why? You can just use the same
document to proceed with actually writing the paper, project report, or the white paper of the
hack. You can find the formatting guidelines in the “Paper Guidelines” module in D2L.
Once you have finalized your homework, please take a look at the document named “How to
Read an Academic Paper” that is also attached together in the same D2L module as the other
two. Make sure you read it – it is an excellent and critical tool that you will need in reading the
academic sources you plan to build upon in your paper.
Risking Security: Policies and Paradoxes
of Cyberspace Security
Ronald J. Deibert
University of Toronto
and
Rafal Rohozinski
University of Toronto
Conceptualizations of cyberspace security can be divided into two related
dimensions, articulated as ‘‘risks’’: risks to the physical realm of computer
and communication technologies (risks to cyberspace); and risks that arise
from cyberspace and are facilitated or generated by its technologies, but
do not directly target the infrastructures per se (risks through cyberspace).
There is robust international consensus, growing communities of practice,
and an emerging normative regime around risks to cyberspace. This is less
the case when it comes to risks through cyberspace. While states do collabo-
rate around some policy areas, cooperation declines as the object of risk
becomes politically contestable and where national interests vary widely.
These include the nature of political opposition and the right to dissent
or protest, minority rights and independence movements, religious belief,
cultural values, or historical claims. The contrast between the domains has
led to contradictory tendencies and paradoxical outcomes.
Globalization is generating new security challenges. Modern societies confront a
myriad of risks that threaten economic prosperity, undermine the safety and
security of citizens, and cause significant disruption to society and politics. These
risks range from empowered and mili.
Measures of Central Tendency: Mean, Median and Mode
Final Paper Draft Outline – Week 7 For the second to last.docx
1. Final Paper Draft Outline – Week 7
For the second to last homework, you need to submit an outline
of your final paper. What does
that mean? You need to read the article “Writing for College:
What is an Academic Paper” and
conceptualize what the paper assignment for this course is
about:
https://depts.washington.edu/owrc/Handouts/What%20is%20an
%20Academic%20Paper.pdf
Next, you need to read the “Final Paper Minimum
Requirements” to get a sense of how you shall
start creating the paper. Think of a topic that you are interest
the most – it can be a critical paper,
project, applicative hacks – and then apply the instructions from
the first two sources indicated.
The draft outline needs to answer:
• what is your topic,
• what are your main sections in the paper,
• what are the preliminary sources you will use,
• how you plan to write in each of these sections/use the
sources.
The APA, IEEE, or MLA is required for this assignment. Why?
You can just use the same
document to proceed with actually writing the paper, project
report, or the white paper of the
hack. You can find the formatting guidelines in the “Paper
2. Guidelines” module in D2L.
Once you have finalized your homework, please take a look at
the document named “How to
Read an Academic Paper” that is also attached together in the
same D2L module as the other
two. Make sure you read it – it is an excellent and critical tool
that you will need in reading the
academic sources you plan to build upon in your paper.
Risking Security: Policies and Paradoxes
of Cyberspace Security
Ronald J. Deibert
University of Toronto
and
Rafal Rohozinski
University of Toronto
Conceptualizations of cyberspace security can be divided into
two related
dimensions, articulated as ‘‘risks’’: risks to the physical realm
of computer
and communication technologies (risks to cyberspace); and risks
that arise
from cyberspace and are facilitated or generated by its
technologies, but
do not directly target the infrastructures per se (risks through
cyberspace).
3. There is robust international consensus, growing communities
of practice,
and an emerging normative regime around risks to cyberspace.
This is less
the case when it comes to risks through cyberspace. While
states do collabo-
rate around some policy areas, cooperation declines as the
object of risk
becomes politically contestable and where national interests
vary widely.
These include the nature of political opposition and the right to
dissent
or protest, minority rights and independence movements,
religious belief,
cultural values, or historical claims. The contrast between the
domains has
led to contradictory tendencies and paradoxical outcomes.
Globalization is generating new security challenges. Modern
societies confront a
myriad of risks that threaten economic prosperity, undermine
the safety and
security of citizens, and cause significant disruption to society
and politics. These
risks range from empowered and militant nonstate actors to
technological and
human-made processes, such as environmental degradation and
global warming.
Risk mitigation has become a routine matter of good public
policy.
Cyberspace represents a special category of risk.1 A term once
found only in
science fiction novels, cyberspace describes the human-made
domain for action
4. 1There are perennial debates about how to define cyberspace
and distinguish it from related concepts, like the
Internet. The latter is typically defined as ‘‘a worldwide
network of computer networks that use the TCP ⁄ IP network
protocols to facilitate data transmission and exchange.’’
Although this definition is important and at the core
of the subject matter under investigation in this paper, it is
primarily focused on the material infrastructure of
networked devices while excluding from consideration other
important non-physical elements and characteristics.
In this paper, we adopt the definition of cyberspace recently put
forward by the US Department of Defense. Accord-
ing to the US Department of Defense’s National Strategy for
Military Operations in Cyberspace (2006:3), cyberspace
is as ‘‘a domain characterized by the use of electronics and the
electromagnetic spectrum to store, modify, and
exchange data via networked systems and associated physical
infrastructures.’’ There are several benefits of this
broader definition: First, it covers more than just networked
computers, and includes cellular technologies,
space-based systems, and other technologies that are not at first
blush usually associated with the Internet. Second,
the reference to cyberspace as a ‘‘domain’’ allows for inclusion
of non-physical elements, such as ideas and virtual
realities, which are increasingly the subject of securitization
today.
� 2010 International Studies Association
International Political Sociology (2010) 4, 15–32
D
ow
nloaded from
https://academ
5. ic.oup.com
/ips/article-abstract/4/1/15/1917052 by D
eP
aul U
niversity user on 06 M
arch 2019
that exists as a consequence of an interconnected and
interdependent global
communications and computing infrastructure. Cyberspace
connects more than
half of all humanity and is an indispensable component of
political, social, eco-
nomic, and military power worldwide. In strategic terms,
cyberspace is accepted
now as a domain equal to land, air, sea, and space.
Predictably, in the post-9/11 era, cyberspace is the focus of
security concerns
as states weigh the risks and benefits of omnipresent global
connectivity. How-
ever, cyberspace presents special security challenges, for a
variety of reasons.
First, and most importantly, it is a communication network that
is organized
transnationally and not through the institutional structures of
the state system.
Although states and individuals may claim sovereignty or
ownership over seg-
ments of cyberspace, particularly parts of its material
infrastructure, or even opt
6. out of it entirely, once in they are never fully in control.
Cyberspace has emergent
properties, in other words, that elude state control.
Second, and closely related, cyberspace is operated as a mix of
public and private
networks. Governance of cyberspace, like its architecture, is
distributed, and does
not take place within a singular forum or point of control
(Dutton and Peltu 2007).
Even the Internet Corporation for Assigned Names and Numbers
(ICANN),
that is most often associated with Internet governance issues, is
only narrowly
concerned with domain and routing management and not with
the full panoply
of cyberspace governance issues (Mueller 2002). There are
instead numerous
sites of cyberspace governance, from spectrum allocation to
copyright and intel-
lectual property regulation to content filtering and cyber-crime
(among many
others). Each of these sites involves numerous stakeholders,
including govern-
ments, businesses, and civil society networks. In addition,
private sector actors
from multiple countries operate most of the core infrastructural
components of
cyberspace. What James Der Derian (2003) calls
‘‘heteropolarity’’ perhaps best
characterizes the state of cyberspace governance.
Third, unlike other domains, such as the sea, land, air, or space,
cyberspace is
a human-made domain in constant flux based on the ingenuity
7. and participation
of users themselves. One of the core design features of
cyberspace is the end-to-
end principle, which allows for generative technologies to be
introduced into
cyberspace by end users as long as they conform to the basic
protocols of inter-
connectivity (Saltzer, Reed, and Clark 1984). The latter
introduces not only great
variation and constant innovation, but also new and unforeseen
security risks
(Zittrain 2007). It also creates major problems for regulation,
insofar as regula-
tors are always chasing a moving target. In other words,
cyberspace is a domain
of constant transformation and a high degree of complexity.
Fourth, cyberspace is comprised of both a material and a virtual
realm—a
space of things and ideas, structure and content. Theorists and
observers of cyber-
space often focus on one of these elements to the exclusion or
diminution of
the other, but both are important and interdependent.
Cyberspace is indeed a
‘‘consensual hallucination’’ as Gibson (1984) famously defined
it, but one that
could not exist without the physical infrastructure that supports
it. Attempts to
control and monitor the virtual realm of cyberspace often begin
with interven-
tions in the physical infrastructure, at key Internet chokepoints
(Deibert, Palfrey,
Rohozinski, and Zittrain 2008). However, these efforts are
never entirely compre-
hensive; once released into cyberspace, the distributed
8. properties of the network
help ideas and information circulate, duplicate and proliferate.
Even radical
measures, such as disconnecting the Internet entirely as was
done recently in
Burma and Nepal, can only limit, but not entirely contain the
flow of ideas.
In this paper, we examine processes of securing cyberspace and
their wider
implications. Drawing from the sociologist Ulrich Beck, we do
so by first disaggre-
gating cyberspace security into two related but distinct
dimensions, articulated as
‘‘risks’’: risks to the physical realm of computer and
communication technologies
16 Risking Security
D
ow
nloaded from
https://academ
ic.oup.com
/ips/article-abstract/4/1/15/1917052 by D
eP
aul U
niversity user on 06 M
arch 2019
9. and their associated networks (risks to cyberspace, commonly
known as critical
infrastructure protection); and risks that arise from cyberspace
and are facilitated
or generated by its associated technologies, but do not directly
target the infra-
structures per se (risks through cyberspace). As we show, there
is a robust interna-
tional consensus, growing communities of practice, and even an
emerging
normative regime around critical infrastructure protection. Even
in military areas,
where states compete for strategic advantage and have
developed doctrines for
operations in cyberspace, there is, for the moment, a reluctance
to employ overt
computer-based attacks against other state’s national
information infrastructures
and a mutual deterrent norm is slowly developing, albeit in fits
and starts.
This is less the case when it comes to risks through cyberspace.
While states do
collaborate around some policy areas where consensus and
mutual interests can
be found (for example, ‘‘piracy,’’ and to a lesser degree child
pornography),
cooperation declines as the object of risk becomes politically
contestable and
where national interests can vary widely. These include the
nature of political
opposition and the right to dissent or protest, minority rights
and independence
movements, religious belief, cultural values, or historical
claims.
10. The contrast between policies around these two domains has led
to contradic-
tory tendencies. States seek policy coordination and regulations
so as to make
cyberspace a more secure, safe, and predictable environment
recognizing its stra-
tegic importance to economic and social development. These
efforts to combat
risks to the network are driven by a desire to sustain-through-
security a friction-
free and distributed global communications environment. At the
same time,
regime type and legitimacy varies greatly between states, and
actions taken in
response to risks through cyberspace can have the opposite
effect, introducing fric-
tion in the form of filtering of undesirable content, intimidation
and self-censor-
ship through pervasive surveillance, and even the disabling or
disconnection of
critical infrastructures in an attempt to neutralize the risks
posed by networked
political or social actors.
This paper examines the larger implications of these seemingly
paradoxical
tendencies. We suggest that securing cyberspace is not a simple
balkanization of
the Internet or a ‘‘return of the state,’’ as some have suggested
(Goldsmith and
Wu 2006). Rather, it is a complex process entwining both the
development of
universally accepted norms and ever-expanding ‘‘rules of the
game,’’ state regu-
lation of issues of vital domestic, political and cultural concern,
privatization of
11. risk mitigation, and the internationalization of public policy.
Risk Society
In a globalizing world, risk mitigation has become a routine
matter of politics,
good public policy, and a major market segment in its own
right. Politicians
employ risk in lieu of ideology as a justification for policies
ranging from eco-
nomic and social development to national security and
international aid. Risk
mitigation, management, and governance are now widely
studied, propagated
and institutionalized techniques of governance.
The German sociologist Ulrich Beck (1992) first teased out the
connections
between ‘‘risks’’ and modern industrialism and globalization
organized around a
historical narrative of modern social development. According to
Beck, European
and North American life has undergone a series of historical
transformations,
from traditional to modern to reflexive, as a result of a variety
of economic,
political, and social factors. In the last and latest period
coinciding with contem-
porary times, individualism and human agency have become
more pronounced.
Educated individuals and skilled labor forces have reflected on
the institutions
that surround them, and have questioned their legitimacy—a
development Beck
famously refers to as ‘‘reflexive modernization’’ (see also
Giddens 1990).
12. 17Ronald J. Deibert and Rafal Rohozinski
D
ow
nloaded from
https://academ
ic.oup.com
/ips/article-abstract/4/1/15/1917052 by D
eP
aul U
niversity user on 06 M
arch 2019
There are several elements of Beck’s risk society thesis that
pertain to our anal-
ysis and from which we draw inspiration. First, and most
importantly, is the
notion of ‘‘risk’’ itself, and the social redistribution of risks.
According to Beck,
the central principle of industrial society is the distribution of
goods and ser-
vices, while the central principle of the risk society is the
distribution of ‘‘bads,’’
or risks. In general terms, risk is simply defined as the
possibility of incurring
loss. Analyzing how risks are distributed tells us much about
the functioning and
politics of particular societies. One of the more remarkable
aspects of securing
13. cyberspace is the way in which some risks are distributed by
states to private
actors and the consequences that flow from that redistribution.
A second element of Beck’s thesis is the artificial or
constructed nature of
risks. Here, our analysis both overlaps and parts ways with the
Copenhagen
school of securitization (Buzan, Wæver, and de Wilde 1998;
Stritzel 2007). Like
that school, and Beck’s risk society thesis, we take the position
that risks are
socially constructed. Unlike the Copenhagen school, however,
we do not limit
our analysis to discourses and discourse analysis, but broaden it
to include non-
discursive, indeed even physical structures, that shape and limit
notions of secu-
rity and risk. In our analysis, the technological characteristics
of cyberspace itself
are restrictive factors that shape the realm of the possible in
ways that discourse
alone cannot explain.
Third, like Beck, we place a great deal of emphasis on
unintended and often
paradoxical consequences of risk mitigation.2 For Beck, a
central characteristic
of reflexive modernization is the tendency for risk mitigation to
beget further
risk, and so on, until the mitigation of risk becomes the central
element of poli-
tics and public policy. Each risk mitigation strategy breeds new
uncertainty and
unpredictable consequences, which in turn require further
mitigation, often
14. undermining risk mitigation strategies in other sectors of
society. As the title of
our paper suggests, there is a paradox at the heart of some of
the ways in which
states are securing cyberspace, which leads to an insecurity of a
different sort.
To understand that paradox, the two different conceptions of
risks emerging
from cyberspace need to be unpacked and evaluated separately:
risks to cyber-
space and risks through cyberspace.
Risks to Cyberspace: Critical Infrastructure Protection
As the Internet was specifically designed to be a resilient
communications network,
security vulnerabilities have always been a major factor with
which to
contend and are at the core of the network’s distributed
architecture. These vul-
nerabilities have become more pronounced, however, as
cyberspace has grown
from an experimental network, to a university-based research
network, to an inte-
gral part of the global political economy on which all modern
societies exist
(Kleinrock 2008). Cyberspace is the domain through which
electronic clearances
take place, irrigation systems are controlled, hospitals and
educational systems
interconnect, and governments and private industries of all
types function. It
2Anthony Giddens (1990:153) best describes the dynamics in
this regard: ‘‘Design faults and operator failure
15. clearly fall within the category of unintended consequences, but
the category includes much more. No matter how
well a system is designed and no matter how efficient is the
operators, the consequences of its introduction and
function, in the contexts of the operation of other systems and
of human activity in general, cannot be wholly pre-
dicted. One reason for this is the complexity of systems and
actions that make-up world society. But even if it were
conceivable—as in practice it is not—that the world (human
action and the physical environment) could become a
single design system, unintended consequences would persist.
The reason for this is the circularity social knowl-
edge, which affects in the fist instance the social rather than the
natural world. In conditions of modernity, the
social world can never form a stable environment in terms of
the input of new knowledge about its character and
functioning. New knowledge (concepts, theories, findings) does
not simply render the social world more transpar-
ent, but alters its nature, spinning it off in novel directions.’’
18 Risking Security
D
ow
nloaded from
https://academ
ic.oup.com
/ips/article-abstract/4/1/15/1917052 by D
eP
aul U
niversity user on 06 M
arch 2019
16. can be found aboard nuclear submarines and bicycles, watches
and air traffic
control systems—it is ubiquitous and pervasive, and is most
acutely felt when it is
absent.
The vulnerability of cyberspace to malicious or accidental
disruption came to
light in several high profile incidents, including the infamous
1988 Morris Worm
in which a virulent program was mistakenly released on the
Internet causing
worldwide traffic to come to a standstill. Beginning in the
1990s, it became more
common to hear scenarios involving actors targeting the
Internet (and cyber-
space more broadly) to bring about widespread havoc—
famously coined an
‘‘electronic pearl harbor’’ by President Clinton’s National
Cyber-Security Advisor,
Richard Clarke (Denning 2000). Whether through
cyberterrorism, or through
accident, a growing recognition of all advanced societies’
increasing dependence
on cyberspace has brought about ever more pronounced efforts
at cyberspace
securitization. Although there have been many that have been
rightly skeptical
of the scope of the claims made, as well as the interests served
by the articulation
of threats, there has been a growing consensus among advanced
industrialized
states around defining cyberspace as a key national asset and
17. critical infrastruc-
ture to be secured.
There are numerous policy documents, legislative and
institutional initiatives,
and analyses around securing critical infrastructures (Dunn
Cavelty 2008; Lewis
2008). Rather than attempt to be comprehensive, our aim here is
instead to
highlight several crosscutting characteristics of these
initiatives. A growing num-
ber of states have created new institutions or re-tasked existing
ones with the
mandate to either oversee critical infrastructure security and ⁄ or
make recom-
mendations as to how the security should be undertaken. In
almost all cases, a
similar justification is employed pointing to society’s growing
dependence on
information and communication technologies, the vulnerabilities
that exist in
these systems, and the steps that need to be taken to secure
cyberspace to keep
it functioning as the infrastructure of the global political
economy, either from
deliberate attack or disruption through accident (Lewis 2008).
The latter is the
area with, not surprisingly, the greatest scope for policy
divergences among
states. Generally speaking, though, among advanced
industrialized economies,
like Canada, the United States, and the countries of Europe and
parts of Asia,
there is recognition of the significant role played by private
actors in the consti-
tution of cyberspace and the need for public-private
18. partnerships. Many coun-
tries are unwilling, or their constituencies would not tolerate,
heavy-handed
regulations that impose requirements on private actors from the
state.
Second, and related, is that there is a particular ideological
notion of cyber-
space that is supported by these policies, one closely related to
the functioning
of global capitalism. This may seem self-evident, but it is
important to under-
score and scrutinize. Although discussions of Internet security
are often couched
in technical-functional terms, the political economy of critical
infrastructure is
never absent and broad values always inform security policies.
The often unspo-
ken logic of securing critical infrastructures is to support and
sustain a friction-
free communications environment in which ideas ⁄ data ⁄
purchase orders ⁄ financial
transactions move freely and with as much speed as possible
across borders and
around the word (Deibert 2002). Disruption to critical
infrastructures means,
first and foremost, disruption to global capital markets.
Third, there is a delicate matter of balancing the security
requirements of criti-
cal infrastructure protection with national security imperatives,
and in particular
the collection of intelligence. In many states, the main agency
charged with criti-
cal infrastructure protection is also the central agency charged
with signals intel-
19. ligence and actionable electronic information (Bronk 2008). In
part, this is a
vestige of the critical assurance role played by these agencies
for governments’
communications and increasingly for businesses. Both the
Communications
19Ronald J. Deibert and Rafal Rohozinski
D
ow
nloaded from
https://academ
ic.oup.com
/ips/article-abstract/4/1/15/1917052 by D
eP
aul U
niversity user on 06 M
arch 2019
Security Establishment Canada (CSEC) and National Security
Agency (NSA) pro-
vide due diligence for government encryption standards, for
example, a role that
has continued and in fact broadened to include private actors.
Although prima facie this may seem appropriate, the risk
distribution creates a
significant tension for a variety of reasons. First, many of these
organizations
20. operate in secrecy and with limited public accountability, and
have both a track
record and putative interest in having covert access to private
communications.
Since much of the operation of critical infrastructures is in
private hands, it cre-
ates a tension between the interests of national security agencies
and private
actors and raises major privacy concerns, particularly as many
of the companies
themselves are constituted as multi-national or transnational
joint ventures.
Second, and as will be explained in more detail below, the
effort to secure
cyberspace by these agencies has been used to justify a massive
expansion of
surveillance powers, and even in some cases an alteration to the
very framework
of that which is to be protected.3
Third, although national critical infrastructure initiatives are the
most
common, there is a slow but steady internationalization of
critical infrastructure
protection initiatives, policy coordination, and legislation.
These include initia-
tives at the regional, inter-state, and global levels. The G8,
APEC, CoE, the
OECD, NATO, and the ITU (IMPACT) all have cyber-security
initiatives of some
sort (Hosein 2008; ITU 2008). There is also sub-state policy
coordination among
critical infrastructure bodies, in particular the Computer
Emergency Response
Teams (CERTs) that have been set up in countries around the
world, through
21. the mechanism of the Forum of Incident Response and Security
Teams (FIRST).
These initiatives are noteworthy for a variety of reasons. First,
they suggest a
growing international consensus and norm around the
importance of securing
critical infrastructures along the lines of the principles outlined
earlier. Second,
they represent a nascent ‘‘internationalization’’ of public
policy, particularly in
areas of early warning, notification, harmonization of law
enforcement, data
retention, and best security practices (although that has yet to
be fully realized,
as will be explained below). Third, the mix of private and
public actors involved
in these initiatives gives them an embeddedness (and thus
stickiness) in state-society
relations and across multiple jurisdictions. Fourth, and most
importantly, they
represent a growing recognition of the mutual interdependence
generated by
cyberspace. Although protection of national assets is obviously
first priority
among states worldwide, there is also acknowledgment that
cyberspace cannot
truly be secured single-handedly and that the definition of
‘‘national assets’’
itself is problematic for this very reason.
The emerging norm around securing critical infrastructures, and
the recogni-
tion of mutual interdependence of cyberspace, can be seen most
clearly in the
limits that shape states’ offensive operations in cyberspace. A
growing number of
22. states have developed or are exploring doctrines around
offensive operations in
cyberspace. These doctrines are a legacy of a variety of factors:
the ‘‘revolution
in military affairs,’’ a greater understanding of the
vulnerabilities of cyberspace
and ways to exploit those vulnerabilities, the natural
imperatives of defense orga-
nizations whose mandate is to pursue military technologies to
their fullest limits,
and also a growing recognition of, and need to counteract, the
risks through
cyberspace that are described in more detail below. However,
the limits to these
actions are also widely acknowledged and a variety of legal and
technical factors
prohibit offensive operations (Kelsey 2008). For example,
during the 2003
3Here we see starkly an illustration of how risk mitigation and
distribution begets further risk, in this case to pri-
vacy. One example of this is the recent exploration at a UN
working group, supported by both the Chinese and US
national security agencies, for an end to anonymity online
through an infrastructural alteration to cyberspace to
allow for Internet Protocol (IP) trace-backing (McCullagh
2008).
20 Risking Security
D
ow
nloaded from
https://academ
23. ic.oup.com
/ips/article-abstract/4/1/15/1917052 by D
eP
aul U
niversity user on 06 M
arch 2019
invasion of Iraq, the full range of offensive computer network
attack capabilities
was constrained by both legal restrictions and the fears of a
cascading effect on
European financial institutions.4
Certainly there are many gaps in critical infrastructure
protection, and
legitimate questions that are raised about the ways in which
critical infra-
structure protection policies are conceived and implemented.
Short-sighted and
wrong-headed solutions to cyberspace security are plentiful and
well
documented by researchers, and many of the institutions created
to secure
risks to cyberspace are inadequately resourced, improperly
designed, and lack
mechanisms to share information across borders. However, in
spite of these
gaps and questions, a growing ‘‘community of practice’’ is
emerging in the
area of critical infrastructure protection that is spreading
internationally (Adler
2005). This community of practice includes a large cross
24. section of states and
private sector actors that shares a common vision of that which
is to be
secured and why.
Risks Through Cyberspace: Dealing with Dark and Resistance
Nets5
Cyberspace, in particular the Internet, has made networking
between like-
minded individuals and groups possible on a global scale and
has contributed to
a massive explosion of civic networks. Powerful, easy-to-use
search technologies,
media of self-expression, like blogs, and communicative
systems make it easy to
form virtual communities, connect causes, and organize
political activities. Global
civic networks have consistently been the earliest adopters of
Internet technolo-
gies for their collective activities, and oftentimes have been at
the forefront of
innovative uses of new media, like SMS, VoIP, Facebook,
Twitter, and blogs. The
medium’s constitutive architecture—distributed, decentralized,
and relatively
cheap and easy to employ—‘‘fits’’ with the organizational and
political ‘‘logic’’
of global civic networks (Naughton 2001). Local causes seek
and find moral and
financial support on a global basis and consequently, local
politics can now play
to a global audience.
But the technological explosion of civil society has not emerged
without unin-
25. tended and even negative consequences, particularly for
nondemocratic,
authoritarian, and competitive authoritarian states (Way and
Levitzsky 2002).
Cyberspace has enabled new, nimble and distributed challenges
to these regimes,
manifest in vigorous, mobilized opposition movements,
protests, and in some
cases, even revolutionary challenges to political authority. In
many countries,
cyberspace presents the only medium of expression not rigidly
or traditionally
controlled by the state. Activists in even the most tightly
controlled societies, like
Uzbekistan, Burma, Iran, China, Vietnam, Belarus, Tunisia, and
Vietnam, are
able to find links across borders and mobilize support for their
cause through
the medium of cyberspace. For these regimes, these movements
represent a new,
fluid, and very formidable security risk. We call these risks
through cyberspace
that challenge nondemocratic, authoritarian, and competitive
authoritarian
regimes, resistance networks.
4One rather perverse outcome of these constraints is that they
may create an incentive for states to offload or
outsource offensive computer operations to third parties or
criminal organizations and thus allow for plausible
deniability. For example, in several recent instances involving
DDoS computer network attacks on adversaries of the
Russian state, there was unverified, but circumstantially
compelling evidence connecting criminal organizations
involved in the attacks with Russian security forces. It is
noteworthy that China’s doctrine of enlisting the people,
26. and nationalist fervor, in offensive computer network attacks is
compatible with such an incentive structure. Such
offloading and outsourcing allow states plausible deniability
although capitalizing on some of the limited outcomes
of offensive computer network operations, examples of which
are picked up in more detail in subsequent sections
of this article.
5The following section draws from Deibert and Rohozinski
(2008).
21Ronald J. Deibert and Rafal Rohozinski
D
ow
nloaded from
https://academ
ic.oup.com
/ips/article-abstract/4/1/15/1917052 by D
eP
aul U
niversity user on 06 M
arch 2019
Even among democratic states, the explosion of civic networks
has presented
serious challenges, though of a slightly different nature. Just as
progressive
and social justice groups have made use of the Internet to
advance global
27. norms, so too have a wide variety of militant groups, extremists,
criminal orga-
nizations, and terrorists to serve more ulterior purposes.
Cyberspace has facili-
tated their activities in much the same way as it has for more
benign civil
society networks that often get more attention, but the aims of
these groups
are often criminal, covert, and sometimes violent. We call these
risks through
the network dark nets, of which there are two different sorts
(Deibert and
Rohozinski 2008).
The most well known of the dark nets are armed social
movements, which can
represent a multiplicity of local causes, but whose ability to
share tactics, con-
tacts, and at times, drink from the same ideological well, make
them appear as a
unified global network. In the post-9/11 era, Al Qaeda and the
Jihad movements
represent the most visible manifestation of this kind of armed
social movement.
However, they are by no means the first and only networks of
this kind. Many of
the ‘‘new wars’’ (as Mary Kaldor calls them) that occurred
during the 1990s were
fought essentially as transnational civil wars where participants
pursued both gue-
rilla and conventional warfare against government and rival
groups (Kaldor
1999). In conflicts that included Sri Lanka, Somalia, former
Yugoslavia, West
Africa and Chechnya, ‘‘new wars’’ demonstrated that armed
social movements
28. are capable of challenging and at times defeating state actors
without the need
of state-based patrons or backers.
More importantly, this new generation of armed social actors
has also increas-
ingly embraced cyberspace (Rohozinski 2004). They recognize
the capacity
afforded by cyberspace to ‘‘effect’’ both their supporters and
opponents. Signi-
ficantly, it was these groups, rather than militaries of the First
World War, that
were the first to leverage cyberspace as means to wage
information operations
redefining the main battlefield away from the military and
towards the political
sphere (Weimann 2006b). Beginning with the first Chechen war,
the video
taping of attacks on the Russian military became more
important than the
military significance of the attacks themselves. When shown to
supporters, as well
as the Russian public (via rebroadcast in Russian television, and
later on the In-
ternet) their shock value was enough to convey the impression
that the Russian
military was being defeated. Similar tactics were adopted and
further refined by
Hezbollah in its resistance against Israeli occupation of
Southern Lebanon prior
to their withdrawal in 2001, and again in the 2006 summer war.
Attacks were
documented and produced in the form of music videos, that
were both broad-
cast across Hezbollah’s terrestrial TV station, (al Manar) as
well as made available
29. for download from a website, the movement established as part
of its strategic
communications and information warfare strategy (Pahlavi
2007; Wehrey 2002).
These video shorts proved highly effective, and have since
undergone several
significant evolutions, paralleling the spread and popularity of
such on-line
resources as YouTube and Twitter that are used by ‘‘civil’’
networks. They are
now one of the key instruments used by these movements to
attract interest in
their causes and are a significant feature of the more than
4,500+ active jihad
websites, chat rooms, and forums (Weimann 2006a; Kimmage
2008). As the
resources necessary for producing multimedia technologies
continue to fall, and
access to inexpensive digital cameras and computers increases,
the threshold and
number of video and other multimedia products in circulation
has grown expo-
nentially, while the age of the producers has declined. During
the early months
of the second Intifada, for example, several of the more
compelling PowerPoint
slides circulating on the Internet depicting the brutality of the
Israeli reoccupa-
tion of the West bank were produced by a 14-year-old living in
a refugee camp
in Lebanon.
22 Risking Security
D
30. ow
nloaded from
https://academ
ic.oup.com
/ips/article-abstract/4/1/15/1917052 by D
eP
aul U
niversity user on 06 M
arch 2019
In addition to changing the nature of the conflicts, cyberspace
has also
served to change the nature of the movements themselves. They
have elimi-
nated the need for strict command and control, especially for
smaller and
more marginal movements who can now claim legitimacy for
their actions by
‘‘virtually’’ piggy-backing on the perceived effectiveness and
success of others.
It also gives the impression of a unity and scale among groups
that in reality,
simply does not exist. As a result, much as the discourse of
human rights and
other universal issues provides an intellectual center that binds
many civil
networks together, the depictions, forums, and shared virtual
spaces of resis-
tance, wrapped in religious undertones, provide a means for
smaller, more
31. local struggles to identify with and benefit from a broader
ideological pool that
serves to demonstrate that resistance is not only possible, but
positively effective
(Kohlmann 2008).
Cyberspace is only one domain used by armed social movements
in the pursuit
of their cause, but it is certainly the one that, because of its
largely unregulated
character and relative freedom of access, causes the greatest
concern for states
under threat from such actors. It is seen, at least in part, as the
sea in which
global militants find sanctuary of the kind that Mao postulated
in his classical
treatise on people’s war. The difficulty, then as it is now, is
how to effectively
separate the insurgents from the people, or armed social
movements from cyber-
space, in a manner that does not destroy the latter. In this study
again the
unintended and paradoxical consequences or risk mitigation
strategies becomes
apparent.
Transnational criminal networks are a second form of dark nets.
These
actors, who can be large or small, local or transnational, exploit
the relative
anonymity offered by cyberspace as well as the absence of
harmonized
national laws defining cybercrime, to circumvent or avoid
prosecution. Cyber-
crime is typically broken down into two distinct realms: old
crimes, such as
32. fraud, child pornography, and theft (including digital
‘‘piracy’’), which have
been adapted to the new possibilities offered by the emergence
of the e-econ-
omy (Brenner 2001); and new crimes that are unique to
cyberspace, such as
phishing attacks, spam, or the use of malware, cyber-espionage,
and distrib-
uted denial-of-service attacks (DDoS), which would not have
emerged without
it (Brenner 2005; Wall 2005). In both cases, jurisdictions with
poorly function-
ing or nonexistent laws are used to hide otherwise criminal
activities out of
the reach of authorities in jurisdictions where they are clearly
criminalized
(Wall 2007). What Michael Froomkin (1997) characterized as
‘‘regulatory arbi-
trage’’ allows cybercriminals to exploit the lowest state
denominators as safe
harbors, electronically moving to lax jurisdictions when the net
tightens or
laws are progressively harmonized.
Globally, the incidence of cybercrime is reported to be
increasing in both
developed and developing economies. In Russia, for example,
acknowledged as
a source of some of the most imaginative forms of cybercrime,
incidences
reportedly grew by almost 300% between 2003 and 2006. Yet,
accurate compar-
ative statistics makes measuring global cybercrime difficult. For
example, in the
United States—an economy where the economic losses caused
by cybercrime
33. were cited by one Treasury Board official as exceeding $105
billion—only in
2006 did the Department of Justice belatedly begin the process
of establishing
a baseline for measuring cybercrime. In part, the absence of
reliable statistics
belies the difficulty faced by local police and justice
institutions when faced
with having to police activities that may not be defined or
considered criminal
in their jurisdiction (or against which they have few tools).
Indeed, the very
concept of jurisdiction itself is confused in cyberspace. Brenner
and Koops
(2004:3) elaborate:
23Ronald J. Deibert and Rafal Rohozinski
D
ow
nloaded from
https://academ
ic.oup.com
/ips/article-abstract/4/1/15/1917052 by D
eP
aul U
niversity user on 06 M
arch 2019
Acts on the Internet that are legal in the state where they are
34. initiated may
be illegal in other states, even though the act is not particularly
targeted at that
single state. Jurisdiction conflicts abound, both negative (no
state claims jurisdic-
tion) and positive (several states claim jurisdiction at the same
time). Above all,
it is unclear just what constitutes jurisdiction: is it the place of
the act, the coun-
try of residence of the perpetrator, the location of the effect, or
the nationality
of the owner of the computer that is under attack? Or all of
these at once?
Securing Risks Through Cyberspace
The state responses to risks through the network are much more
diverse, com-
petitive, and characterized by self-help policies than are risks to
the network,
where an emerging norm and growing international cooperation
can be dis-
cerned. Even in areas where one might anticipate international
coopera-
tion—control of child pornography, for example—the primary
responses have
been nationally based. In other areas, such as dealing with
extremists, militants,
and anti-regime resistance networks, perceptions of threats and
national interests
vary too widely for there to be any meaningful policy
coordination and national
controls predominate. Indeed, in certain cases, states support,
illicitly or other-
wise, the dark and resistance nets that pose challenges to other
states as part of
35. inter-state competition. Self-help policies also tend to
predominate because the
policy instruments deployed—filtering, surveillance, and
information warfare
attacks—tend to be highly secretive, lack transparency and
accountability and fall
within the realm of national security and military strategy.
Significantly, some of
the policies taken to secure risks through cyberspace are having
the paradoxical
outcome of undermining the very object of security in the risks
to cyberspace
domain.
The one risk through cyberspace where there is significant
policy coordination
is cybercrime, and in particular dealing with theft of intellectual
property and
fraud, although even here the coordination is limited mostly to
industrialized
countries. The most far-reaching is the Council of Europe’s
Cybercrime Conven-
tion, signed and ratified by 15 states, and signed but not yet
ratified by a further
28 in Europe and elsewhere (Weber 2003). Among other things,
the convention
harmonizes policies around dealing with crimes in cyberspace,
including those
relating to data retention and information sharing for law
enforcement and
intelligence. Outside of the convention’s regime, however,
national policies and,
most importantly, state capacities differ widely, allowing
criminal organizations to
triage among jurisdictions and find safe harbor within corrupt
and failed states
36. or where legal enforcement of existing laws is lax. Criminal
networks, therefore,
are able to continue to multiply and expand into new regions
and activities.
Russian hackers are implicated with identity theft and credit
card fraud in the
United States and Europe. Nigerian gangs have become
omnipresent in a variety
of scams and wire fraud, whereas Chinese, Iranian, Malaysian,
Thai, Peruvian
and Israeli networks preside over a global distribution network
of pirated DVDs
and software (USTR 2008).
Filtering, Surveillance, and Information Attacks
Several self-help and competitive strategies are employed by
states to deal with
risks through cyberspace, introducing friction and disruption to
cyberspace.
The starkest example is Internet filtering. Once thought
impossible in cyber-
space, Internet content filtering is now a widespread global
practice. Solid com-
parative research around Internet filtering practices is generally
lacking.
A notable exception is the research of the OpenNet Initiative
(ONI), which has
24 Risking Security
D
ow
nloaded from
https://academ
37. ic.oup.com
/ips/article-abstract/4/1/15/1917052 by D
eP
aul U
niversity user on 06 M
arch 2019
documented the growth in scope, scale and sophistication of
Internet filtering
practices since 2002 (Deibert et al. 2008, 2010).6 Whereas in
the early 2000s,
there were only a handful of states blocking access to
information, the latest
research of the ONI has documented more than 40 countries.
Filtering technolo-
gies are installed at key Internet chokepoints, and work by
preventing requests
for URLs, IPs, or domain names of banned content from being
carried through
(Villeneuve 2006). Although methods vary widely, most states
implement Inter-
net filtering practices by imposing upon Internet service
providers (ISPs) respon-
sibility for blocking access to a pre-determined list of websites,
IP addresses, and
services, while others impose nationwide uniform controls at
international gate-
ways. Other filtering systems can be implemented at more local
levels, such as
Internet cafes. The countries that are described by the ONI as
‘‘pervasive’’ filter-
38. ers of Internet content—China, Burma, Vietnam, Thailand, Iran,
Syria, Saudi
Arabia, UAE, Bahrain, Uzbekistan, Turkmenistan, Ethiopia—
routinely block
access to the websites, forums, and blogs of political
opposition, human rights,
independence, minority rights, alternative faiths, and cultural
groups. Almost all
of them do so without public accountability or transparency.
As the scope, scale, and sophistication of Internet censorship
and surveillance
has increased, so too has the market for the technologies
employed for such
ends. ONI research has empirically verified the use of a range
of commercial
technologies used in national filtering regimes around the
world. For example,
the ONI has documented the use of a product called Smartfilter,
made by the
US company Secure Computing Inc., in the filtering systems of
Kuwait, Oman,
Saudi Arabia, Tunisia, the United Arab Emirates, and Iran. The
US-produced
Netcache is often used in conjunction with filtering products
like Smartfilter and
is employed in Iran; the US product Websense was used in Iran,
and is now used
by Yemen; the US product Fortinet is employed in Burma;
Cisco routers filter at
the backbone level in China; and Singapore uses the US product
Surfcontrol.
There are issues of accountability and transparency having to do
with the pro-
prietary nature of these commercial filtering technologies.
39. Filtering software
works by having lists of categorized websites and keywords that
can be activated
by customers, and which are updated typically through online
connections to
databases operated by the companies. The companies
themselves treat the lists
as intellectual property and normally do not disclose what sites
are included
and ⁄ or how they are categorized. Although some companies,
like Secure
Computing, allow tests of their filtering software online, none
of the companies
openly discloses the contents of their lists to public scrutiny.
The lack of
openness, although understandable from a commercial
perspective, has signi-
ficant public policy implications when commercial filtering
software is used at a
national level to filter access to information on public networks,
as happens in
numerous countries around the world today.
There are related questions around the involvement of search
engines and
other Internet service companies that collude with governments
that violate
6The authors are two of four founders and principal
investigators. The other two are John Palfrey and Jonathan
Zittrain. The ONI’s methodology combines technical and
contextual research. Two lists of websites are checked in
each of the countries tested: a global list (constant for each
country) and a local list (different for each country).
The global list is composed of internationally relevant websites
with provocative or objectionable content in English.
40. The local lists are designed individually for each country to
unearth unique filtering and blocking behavior. In
countries where Internet censorship has been reported, the local
lists also include those sites that were alleged to
have been blocked. These lists, however, are not meant to be
exhaustive. The actual tests are run from within each
country using specially designed software. Where appropriate,
the tests are run from different locations to capture
the differences in blocking behavior across ISPs and across
multiple days and weeks to control for normal connec-
tivity problems. The completion of the initial accessibility
testing is just the first step in our evaluation process.
Additional diagnostic work is performed to separate normal
connectivity errors from intentional tampering. There
are a number of technical alternatives for filtering the Internet,
some of which are relatively easy to discover. Others
are difficult to detect and require extensive diagnostic work to
confirm.
25Ronald J. Deibert and Rafal Rohozinski
D
ow
nloaded from
https://academ
ic.oup.com
/ips/article-abstract/4/1/15/1917052 by D
eP
aul U
niversity user on 06 M
arch 2019
41. human rights. In order to gain a toehold in such jurisdictions,
companies have
been required to filter access to information on search engines,
or comply with
‘‘local laws’’ that contain none of the safeguards around due
process and privacy
that are typically found in liberal democratic regimes (Maclay
2010). In one of
the most egregious cases, the American Internet company
Yahoo! turned over
email records to the Chinese government leading to the arrest of
three people,
Jiang Lijun, Shi Tao, and Li Zhi. In testimony before the US
Congress, Yahoo!
said that they had no choice but to comply with the request, that
‘‘Yahoo! China
was legally obligated to comply with the requirements of
Chinese law enforce-
ment… or face the possibility of ‘‘criminal charges, including
imprisonment.
Ultimately, US Companies in China face a choice: comply with
Chinese law, or
leave.’’7 These cases illustrate the ways in which the
distribution of risk mitiga-
tion strategies to private actors can create serious accountability
gaps, and ulti-
mately pervert the very service being delivered. Ironically, the
best and brightest
of Silicon Valley, once heralded by their own advertisements as
‘‘wiring the
world’’ and ‘‘connecting individuals,’’ are here being asked to
do precisely the
opposite.
42. Internet filtering is a practice spreading not only among
authoritarian and
democratically challenged states, it is one that is becoming
increasingly wide-
spread among industrialized democratic states as well, in
particular as a response
to the dark nets of online child pornography. This issue is
especially puzzling for
the propensity of self-help in spite of widespread condemnation
and available
mechanisms for international coordination (Villeneuve 2010).
Around the world,
children are sexually abused with the images and videos of that
abuse uploaded
and circulated in cyberspace—a practice that is nearly
universally illegal.
Although international policy coordination mechanisms have
been created
through the Council of Europe, and through such voluntary
arrangements as IN-
HOPE, the primary tool states are using to deal with online
child pornography is
by nationally based filtering schemes, typically carried out by
private ISPs and
national police and civilian agencies. Countries that have
implemented filtering
technology solutions for access to child pornography include
Australia (in
progress), Norway (September 2004), Germany (February
2005), Sweden
(May 2005), Denmark (October 2005), Canada (November
2006), Switzerland
(January 2007), Italy (January 2007), the Netherlands
(September 2007), and
Finland (January 2008).
43. Blocking access to child pornography through filtering is not
the only one
available to deal with online child pornography. An alternative
method is to
locate the source of the information (where it is hosted), issue a
take-down
notice to the provider, and arrest and prosecute those who post
or circulate the
information, if possible.8 However, this alternative tactic is less
often employed,
and in fact has been actually decreasing ever since national
filtering schemes
have begun to spread. This has led to the rather curious
situation in which coun-
tries filter child pornography hosted in countries that are party
to the Cybercri-
me Convention or the INHOPE notification system, rather than
sharing
information about such images and requesting the offending
information be
removed. As Nart Villeneuve reports, ‘‘in one particularly
awkward case, a Dutch
blogger found that the Dutch National Police were adding
domestically hosted
child pornography sites to their blocklist rather than taking
legal action against
the owners’’ (Villeneuve 2010:70).
7Testimony of Michael Callahan, Senior Vice President and
General Counsel, Yahoo! Inc., before the Subcom-
mittees on Africa, Global Human Rights and International
Operations, and Asia and the Pacific, February 15, 2006.
Recently, several major Internet services companies have
entered into a self-regulation pact called the Global
Network Initiative (GNI). The effectiveness of such self-
regulation is untested and still questionable.
44. 8Interestingly, this is the very same strategy often employed
with considerable effectiveness to deal with copy-
right violations online.
26 Risking Security
D
ow
nloaded from
https://academ
ic.oup.com
/ips/article-abstract/4/1/15/1917052 by D
eP
aul U
niversity user on 06 M
arch 2019
Why the reliance on self-help when it comes to child
pornography? There
appear to be several reasons. First, there is a growing
legitimization of Internet
filtering solutions, based on their growing use in national,
private, and some
public contexts, such as schools and libraries. In spite of the
fact that these tech-
nologies are widely prone to error, they provide a simple and
easy panacea for a
serious problem and can be delegated by governments to private
actors and sold
45. to uninformed public audiences as a viable solution. Credible
opposition to such
schemes is rare, given the hot-button nature of the topic and
fear of guilt by
association. Second, although there are mechanisms in place for
international
policy coordination and information sharing, as mentioned
above many residual
roadblocks stand in the way of law enforcement coordination
across borders.
Police tend to work in national jurisdictions, and seek
convictions in their own
territorial spaces, first and foremost. The incentives to facilitate
take-down
notices that result in convictions in other territorial
jurisdictions are relatively
low. The incentives drop even further for countries outside of
the so-called
Atlantic Alliance (Canada, United States, United Kingdom, New
Zealand, and
some European countries), where police cooperation is virtually
non-existent.
The ONI’s research suggests filtering is a fast-moving and
evolving trend,
particularly among authoritarian and competitive authoritarian
regimes. First
generation filtering relies on passive means where lists of
banned websites are
loaded into routers such that requests to the servers hosting
those websites were
denied. These classic methods, used by countries such as China,
Iran, and Saudi
Arabia, are relatively unsophisticated and easy to defeat.
Moreover, they are also
difficult to hide. As ONI testing reveals, it is relatively easy to
46. determine what
content is being filtered, and by whom. As a result, countries
engaging in first
generation filtering have been quickly targeted by advocacy
groups and labeled
as ‘‘pariahs.’’ It is therefore hardly surprising that first
generation methods are
being supplanted by ‘‘second’’ and ‘‘third generation’’
strategies designed to be
more stealthy, dynamic, and often ‘‘offensive’’ in nature
(Deibert et al. 2010).
Evidence gathered by ONI points to several emerging trends
that characterize
these next-generation filtering strategies. First, this new
generation of blocking is
applied temporarily, to coincide with particular events when a
certain type of
information has greatest value (or potential for disruption). This
is particularly
true during elections or protests, when interest in media
reporting and political
communications is heightened, and where the consequences of
an electoral
loss or awareness of a mass gathering may have major
repercussions. In several
cases—the February 2005 election in Kyrgyzstan (which led to
the toppling of
President Askar Akayev in the ‘‘Tulip revolution’’), the 2006
presidential
elections in Belarus, the 2007 demonstrations Burma (the so-
called Saffron
Revolution), and the 2008 protests in Tibet—ONI documented
this type of
‘‘just-in-time’’ blocking against key opposition media and
political sites. Second,
47. the methods used in second generation blocking are different. In
the Kyrgyzstan
and Belarus cases, for example, filtering of access to sites and
services was
achieved through offensive means, by attacking web servers
hosting information
with DDoS attacks, which flooded the servers with requests
rendering them
unable to respond (as opposed to passive interception and
blocking of requests
for web sites and service). In the Kyrgyz case, these attacks
were accompanied by
an ultimatum to the ISP hosting the websites, demanding that
they be removed. In
the case of Belarus, DDoS attacks were accompanied by other
tactics, such as intro-
ducing deliberate errors in domain name servers (which are
necessary for finding
servers on the Internet), and thus temporarily shutting down all
Internet access in
Minsk. These second-generation techniques are not restricted to
technologically
sophisticated states. During 2007, Ethiopia, Uganda, and
Cambodia shut down
access to SMS services during politically sensitive times,
presumably in recognition
that these technologies offer a means for opposition movements
to mobilize.
27Ronald J. Deibert and Rafal Rohozinski
D
ow
nloaded from
https://academ
48. ic.oup.com
/ips/article-abstract/4/1/15/1917052 by D
eP
aul U
niversity user on 06 M
arch 2019
Next-generation control strategies, such as just-in-time
blocking, can include
an even more pernicious example of self-help policies to deal
with risks
through the network: covert or semi-covert support of dark and
resistance net-
works. China, Russia, Burma, Iran, Belarus (among others) have
been accused
of supporting criminal organization and third parties to
denigrate resistance
networks, although determining the exact involvement of the
government in
each case is difficult. For example, China’s adversaries—the US
government,
Tibetan groups, the Falun Gong, pro-democracy groups—have
all experienced
increasingly sophisticated information warfare attacks,
including distributed
denial-of-service (DDoS) attacks, the use of Trojan horses and
viruses, cyber-
espionage, and targeted malware. Using forensic investigative
techniques,
researchers have been able to trace back some of these attacks
and espionage
49. networks to control servers in mainland China, the most famous
of which
being the ‘‘GhostNet’’ system (Information Warfare Monitor
2009). However,
determining whether the Chinese government itself is
responsible for the
attacks has not been possible given the ease by which such
attacks can be
launched through anonymous means or launched by private
actors for com-
mercial or illicit gain. It is instructive to note in this respect
that part of
China’s explicit information warfare strategy is to enlist the
‘‘people’s’’ support,
and there is a very vibrant nationalist-patriotic hacker
community in China that
erupts in defense of the Chinese regime whenever domestic
political incidents
arise. Likewise, several recent conflicts involving adversaries of
Russia have
experienced massive DoS attacks, including Estonia and
Georgia. However,
researchers have not been able to conclusively determine
whether the Russian
government is the source of the attacks, whether the attacks
were contracted
out to criminal organizations, or whether they originate from
patriotic hackers,
or some combination. We might infer that such outsourcing to
private actors
may in fact become more common because of the attractions of
plausible deni-
ability it affords to the regimes involved.
The risks posed by both dark and resistance networks have
contributed to a
50. massive expansion of electronic surveillance among all
countries, a significant
portion of it carried out through extra-legal means and ⁄ or
downloaded to
private companies. The attacks of 9/11 were a definite
watershed in this regard.
Following upon revelations that the hijackers employed
cyberspace as an organi-
zational domain to carry out the attacks, there was widespread
support for more
enhanced monitoring powers for law enforcement and
intelligence. The United
States quickly adopted wide-ranging legislation, in the form of
the PATRIOT
Act, which expanded the scope for electronic surveillance.
Numerous countries
around the world then passed legislation similar to the United
States PATRIOT
Act, requiring lawful access provisions for law enforcement to
be undertaken by
private ISPs.
Some non-democratic countries have used the excuse of the war
on terror and
followed the normative lead of the United States to legitimize
their surveillance
of opposition and minority. In several countries, notably Egypt,
a combination of
surveillance and selective prosecution is used to effectively
curtail bloggers, and
specific minority groups (especially the gay and lesbian
community). In 2008,
Russia expanded the powers previously established by SORM-
II, which obliged
ISPs to purchase and install equipment that would permit local
FSB offices to
51. monitor the Internet activity of specific users. The new
legislation makes it possi-
ble to monitor all Internet traffic and personal usage without
specific warrants.
The legislation effectively brings into the open covert powers
that were previ-
ously assigned to FAPSI, with the twist of transferring to the
entire ISPs the costs.
In many countries, Internet cafes are monitored by secret police
both physically
and through remote surveillance technologies. The measures
present a clear
warning to anyone seeking the anonymity of cyberspace to
voice political
28 Risking Security
D
ow
nloaded from
https://academ
ic.oup.com
/ips/article-abstract/4/1/15/1917052 by D
eP
aul U
niversity user on 06 M
arch 2019
criticism or express alternative lifestyles: you can be found, and
you can be
52. prosecuted.
Since much of cyberspace flows through private networks, state
surveillance
measures target and often force the cooperation of businesses,
especially those
operating in national jurisdictions. For example, in the United
States a whistle-
blower revealed that the Bush administration had authorized
extra-legal wiretaps
on the US-based Internet exchange points of Tier 1 ISPs,
including AT&T and
Verizon, in order to monitor traffic passing through those hubs.
Another exam-
ple is a recent report that uncovered a major surveillance system
on the Chinese
version of the popular Internet telephone software, Skype
(Villeneuve 2009).
The full-text chat messages of TOM-Skype users, along with
Skype users who
communicated with TOM-Skype users, were regularly scanned
for sensitive
keywords, and if present, the resulting data were uploaded and
stored on servers
in China, ostensibly to be passed to Chinese security services.
The captured
messages contained specific keywords relating to sensitive
political topics such as
Taiwan independence, the Falun Gong, and political opposition
to the
Communist Party of China. This one case was revealed because
of a combination
of dogged detective work and sloppy information security on
the part of
TOM-Skype; presumably, though, many other targeted
surveillance attacks on
53. Internet services exist through covert channels.
Although far from exhaustive, the previous section highlights
some of the ways
in which states are attempting to secure against risks through
cyberspace. Of par-
ticular note is the extent to which self-help policies
predominate, transparency
and accountability are rare, risk mitigation includes outsourcing
to third parties
and illicit networks, and competition is often fierce. In
attempting to neutralize
risks through cyberspace, states are turning to filtering,
blocking, surveillance,
and information warfare tactics. These tendencies point to an
increasingly com-
petitive cyberspace commons where states, individuals, civil
society and dark and
resistance nets jostle for agency and advantage, often at the
expense of cyber-
space itself.
The Paradoxes of Risking Security
Securing cyberspace has become one of the major global policy
areas of the 21st
century. Although a growing literature has emerged about
cyberspace security,
very little of it covers the full range of risks and responses or
the implications of
the politics surrounding it. In this paper, we have untangled and
analyzed two
different risks associated with cyberspace security: risks to
cyberspace, and risks
through cyberspace. Although often confused, the two are
distinct, not least of
54. which in terms of levels of international cooperation and state
policies, but even
more so in terms of the way they can work at cross-purposes.
In the former area, risks to cyberspace, a growing international
norm has
emerged that sees cyberspace as vital to economics,
government, society, and cul-
ture. Policies have focused on securing systems that support a
friction-free global
communications environment in which commerce can flourish,
data can be
exchanged without corruption, and infrastructures can operate
without signifi-
cant downtime or disruption. The norm may in fact be leading to
some of the
most significant (though rarely acknowledged by Internet
governance experts)
institutions of international Internet governance through a wide
variety of regio-
nal and international regimes and sub-state communities of
practice. At the same
time, there are clearly some gaps in areas of international
notification, including
in those involving child pornography and cyber-espionage.
Risks through the network involve much wider divergence
among states, an
emphasis on national policies and self-help, and most
significantly policies
whose outcome are having the opposite effect of those
associated with risks to
29Ronald J. Deibert and Rafal Rohozinski
D
55. ow
nloaded from
https://academ
ic.oup.com
/ips/article-abstract/4/1/15/1917052 by D
eP
aul U
niversity user on 06 M
arch 2019
cyberspace. Ironically, in other words, security policies in
response to risks
through cyberspace are creating insecurities around cyberspace
itself. The
responses to the two ‘‘risks’’ operate at cross-purposes. The
aim of ‘‘risks to’’ is
to secure a friction-free, distributed and resilient global
communications net-
work. The aim of ‘‘risks through,’’ on the other hand, is to
introduce friction
and disruption through filtering, surveillance, and computer
network attacks.
Whether and how these two risk domains will co-exist into the
future, and what
implications will follow for international security, are areas
worthy of further
investigation.
Securing cyberspace has definitely entailed a ‘‘return of the
state’’ but not in
56. ways that suggest a return to the traditional Westphalian
paradigm of state sover-
eignty. First, efforts aimed at combating risks to the network
are supporting a
worldwide, interconnected domain of communications that, in
turn, is facilitat-
ing a rapid expansion of transnational non-state actor activities.
Second, many of
the policies described above entail devolution of
responsibilities and authority to
private actors. This includes the imposition of surveillance,
mining, and data
retention responsibilities to ISPs and other cyberspace service
companies (search
engines, cellular phone operators) in both democratic and
nondemocratic envi-
ronments. Privatization of a different sort is also implicated in
the outsourcing
of computer network attacks to illicit networks and criminal
organizations.
Privatization of security has become an area of active
investigation among some
theorists lately; this analysis suggests privatization of
intelligence and computer
network attacks should be added to that area. Lastly, the efforts
taken to combat
cybercrime, to harmonize laws across state jurisdictions, and to
facilitate interna-
tional policing and intelligence can be seen as an
internationalization of the
state, albeit among a core group of industrialized states.
Together these trends suggest that the paradoxes of securing
cyberspace will
ensure the continuation of a complex and multifaceted domain,
one that defies
57. simple and extreme characterizations. Cyberspace will continue
to be tugged in
heteropolar directions: from the ingenuity of end users who
develop technolo-
gies that have system-wide effects; from states who intervene to
try to shape, limit
and disable adversarial sources of information; from major
commercial providers
centralizing information and communication in ‘‘cloud’’
computing systems; to
anonymous tunneled networks hardened by advanced encryption
technologies.
This domain, like others before it, is an object of geopolitical
contestation that
at once shapes and constrains the nature of that contestation.
Unlike sea, land,
air and space, though, it is a domain entirely created, sustained
and ultimately
transformed by ongoing human interaction and competition.
References
Adler, Emmanuel. (2005) Communitarian International
Relations: The Epistemic Foundations of Interna-
tional Relations. London: Routledge.
Beck, Ulrich. (1992) Risk Society: Towards a New Modernity,
translated by Mark Ritter. London: Sage.
Brenner, Susan W. (2001) Is There Such a Thing as Virtual
Crime? California Criminal Law Review
4(1): 105–111.
Brenner, Susan W. (2005) Distributed Security: Moving Away
from Reactive Law Enforcement. Inter-
national Journal of Communications Law & Policy 9: 1–43.
58. Brenner, Susan W., and Bert-Jaap Koops. (2004) Approaches to
Cybercrime Jurisdiction. Journal of
High Technology Law 4(1): 3–44.
Bronk, Christopher. (2008) Webtapping: Securing the Internet
to Save Us from Transnational
Terror? First Monday 13(11).
Buzan, Barry, Ole Waever, and Jaap de Wilde. (1998) Security:
A New Framework of Analysis.
Boulder, CO: Lynne Rienner.
30 Risking Security
D
ow
nloaded from
https://academ
ic.oup.com
/ips/article-abstract/4/1/15/1917052 by D
eP
aul U
niversity user on 06 M
arch 2019
Deibert, Ronald J. (2002) Circuits of Power: Security in the
Internet Environment. In Information
Technologies and Global Politics: The Changing Scope of
Power and Governance, edited by James
59. N. Rosenau and J. P. Singh. Albany: State University of New
York.
Deibert, Ronald J., and Rafal Rohozinski. (2008) Good for
Liberty, Bad for Security? Global Civil
Society and the Securitization of the Internet. In Access Denied:
The Practice and Policy of Global
Internet Filtering, edited by Ronald J. Deibert, John Palfrey,
Rafal Rohozinski and Jonathan
Zittrain. Cambridge, MA: MIT Press.
Deibert, Ronald J., John Palfrey, Rafal Rohozinski, and
Jonathan Zittrain, Eds. (2008) Access
Denied: The Practice and Policy of Global Internet Filtering.
Cambridge, MA: MIT Press.
Deibert, Ronald J., John Palfrey, Rafal Rohozinski, and
Jonathan Zittrain, Eds. (2010) Access
Controlled: The Shaping of Power, Rights, and Rule in
Cyberspace. Cambridge, MA: MIT Press.
Denning, Dorothy E. (2000) Activism, Hacktivism, and
Cyberterrorism: The Internet as a Tool for
Influencing Foreign Policy. Computer Security Journal 16(3):
15–35.
Der Derian, James. (2003) The Question of Information
Technology in International Relations.
Millennium: Journal of International Studies 32(3): 441–456.
Dunn Cavelty, Myriam. (2008) Cyber-Security and Threat
Politics: US Efforts to Secure the Information Age.
London: Routledge.
Dutton, William H., and Malcom Peltu. (2007) The Emerging
Internet Governance Mosaic:
60. Connecting the Pieces. Information Polity 12(1–2): 63–81.
Froomkin, Michael. (1997) The Internet as a Source of
Regulatory Arbitrage. In Borders in
Cyberspace, edited by Brian Kahin and Charles Nesson.
Cambridge, MA: MIT Press.
Gibson, William. (1984) Neuromancer. New York: Ace Books.
Giddens, Anthony. (1990) The Consequences of Modernity.
Stanford, CA: Stanford University Press.
Goldsmith, Jack L., and Tim Wu. (2006) Who Controls the
Internet? Illusions of a Borderless World.
Oxford: Oxford University Press.
Hosein, Ian. (2008) Creating Conventions: Technology Policy
and International Cooperation
in Criminal Matters. In Governing Global Electronic Networks,
edited by William J. Drake and Ernest
J. Wilson III. Cambridge, MA: MIT Press.
Information Warfare Monitor. (2009) Tracking Ghostnet:
Investigating a Cyber Espionage Net-
work. Available at
http://www.scribd.com/doc/13731776/Tracking-GhostNet-
Investigating-a-
Cyber-Espionage-Network. (Accessed October 29, 2009)
International Telecommunications Union (ITU). (2008) ITU
Global Cybersecurity Agenda
(CGA) High-Level Experts Group (HLEG) Global Strategic
Report. International Telecommuni-
cations Union. Available at http://www.itu.int/cybersecurity/gca
(Accessed: January 3, 2010).
Kaldor, Mary. (1999) New and Old Wars: Organised Violence in
61. a Global Era. Cambridge, MA: Polity
Press.
Kelsey, Jeffrey T.G. (2008) Hacking into International
Humanitarian Law: The Principles of Dis-
tinction and Neutrality in the Age of Cyber Warfare. Michigan
Law Review 106(7): 1428–1450.
Kimmage, Daniel. (2008) The Al-Qaeda Media Nexus.
Washington, DC: Radio Free Europe. Available
at http://docs.rferl.org/en-US/AQ_Media_Nexus.pdf. (Accessed
October 28, 2009)
Kleinrock, Leonard. (2008) History of the Internet and Its
Flexible Future. IEE Wireless Communica-
tions 15(1): 8–18.
Kohlmann, Evan F. (2008) Homegrown Terrorists: Theory and
Cases in the War on Terror’s Newest
Front. The Annals of the American Academy of Political and
Social Science 618(1): 95–109.
Lewis, James. (2008) Securing Cyberspace for the 44th
Presidency: A Report of the CSIS Commission on Cyber-
security for the 44th Presidency. Washington, DC: Center for
Strategic and International Studies.
Maclay, Colin. (2010) Protecting Privacy and Expression
Online: Can the Global Network Initiative
Embrace the Character of the Net? In Access Controlled: The
Shaping of Power, Rights, and Rule in
Cyberspace, edited by Ronald. J. Deibert, John G. Palfrey, Rafal
Rohozinski, and Jonathan Zittrain.
Cambridge, MA: MIT Press.
McCullagh, Declan. (2008) U.N. Agency Eyes Curbs on Internet
62. Anonymity. CNET. Available at
http://news.cnet.com/8301-13578_3-10040152-38.html.
(Accessed October 28, 2009).
Mueller, Milton L. (2002) Ruling the Root: Internet Governance
and the Taming of Cyberspace.
Cambridge, MA: MIT Press.
Naughton, John. (2001) Contested Space: The Internet and
Global Civil Society. In Global Civil
Society, edited by Helmut Anheier, Marlies Glasius, and Mary
Kaldor. London: Sage.
Office of the United States Trade Representative. (2008) 2008
Special 301 Report. Available
at
http://www.ustr.gov/assets/Document_Library/Reports_publicati
ons/2008/2008_Special_
301_Report/asset_upload_file553_14869.pdf. (Accessed
October 28, 2009).
31Ronald J. Deibert and Rafal Rohozinski
D
ow
nloaded from
https://academ
ic.oup.com
/ips/article-abstract/4/1/15/1917052 by D
eP
aul U
niversity user on 06 M
63. arch 2019
Pahlavi, Pierre. (2007) The 33 Day War: An Example of
Psychological Warfare in the Information
Age. Canadian Army Journal 10(1): 12–24.
Rohozinski, Rafal. (2004) Bullets to Bytes: Reflections on ICTs
and Local Conflict. In Bombs and
Bandwidth: The Emerging Relationship Between Information
Technology and Security, edited by Robert
Latham. New York: Free Press.
Saltzer, Jerome H., David P. Reed, and David D. Clark. (1984)
End-to-End Arguments in System
Design. Transactions on Computer Systems 2(4): 277–288.
Stritzel, Holger. (2007) Toward a Theory of Securitization:
Copenhagen and Beyond. European
Journal of International Studies 13(3): 357–383.
United States Department of Defense. (2006) The National
Military Strategy for Cyberspace
Operations. Available at http://www.dod.mil/pubs/foi/ojcs/07-F-
2105doc1.pdf. (Accessed
October 28, 2009)
Villeneuve, Nart. (2006) The Filtering Matrix: Integrated
Mechanisms of Information Control and
the Demarcation of Borders in Cyberspace. First Monday 11(1–
2) Available at http://firstmonday.
org/htbin/cgiwrap/bin/ojs/index.php/fm/article/view/1307/122.
(Accessed October 28, 2009)
Villeneuve, Nart. (2009) Breaching Trust: An Analysis of
64. Surveillance and Security Practices on
China’s TOM-Skype Platform. Information Warfare Monitor ⁄
ONI-Asia. Available at http://
www.nartv.org/mirror/breachingtrust.pdf. (Accessed October
28, 2009)
Villeneuve, Nart. (2010) Barriers to Cooperation: An Analysis
of the Origins of International
Efforts to Protect Children Online. In Access Controlled: The
Shaping of Power, Rights, and Rule
in Cyberspace, edited by Ronald J. Deibert, John Palfrey, Rafal
Rohozinski and Jonathan Zittrain.
Cambridge, MA: MIT Press.
Wall, David S. (2005) Digital Realism and the Governance of
Spam as Cybercrime. European Journal
on Criminal Policy and Research 10(4): 309–335.
Wall, David S. (2007) Policing Cybercrimes: Situating the
Public Police in Networks of Security
within Cyberspace. Police Practice & Research 8(2): 183–205.
Way, Lucan, and Steven Levitzsky. (2002) The Rise of
Competitive Authoritarianism. Journal of
Democracy 13(2): 51–65.
Weber, Amalie M. (2003) The Council of Europe’s Convention
on Cybercrime. Berkeley Technology
Law Journal 18(1): 425–446.
Wehrey, Fredrick M. (2002) A Clash of Wills: Hizballah’s
Psychological Campaign Against Israel in
South Lebanon. Small Wars and Insurgencies 12(3): 53–74.
Weimann, Gabriel. (2006a) Virtual Disputes: The Use of the
Internet for Terrorist Debates. Studies
65. in Conflict and Terrorism 29(7): 623–639.
Weimann, Gabriel. (2006b) Terror on the Internet: The New
Arena, The New Challenges. Washington, DC:
The United States Institute of Peace.
Zittrain, Jonathan. (2007) The Future of the Internet and How to
Stop It. New Haven, CT: Yale Univer-
sity Press.
32 Risking Security
D
ow
nloaded from
https://academ
ic.oup.com
/ips/article-abstract/4/1/15/1917052 by D
eP
aul U
niversity user on 06 M
arch 2019
CNS440 – Homework – Week 6
You will find the following article in the Week 6 Module in
D2L:
66. Deibert, Ronald J, and Rafal Rohozinski. 2010. “Risking
Security: Policies and Paradoxes of
Cyberspace Security.” International Political Sociology 4 (1):
15–32. doi:10.1111/j.1749-
5687.2009.00088.x.
You need to read it carefully and critically review it. Please
carefully read or recall the “Writing
a Critical Review Guidelines” included in the Course Logistics
Module in D2L.
There is no minimum or maximum page limit. The grading is
based on the substance of your
arguments in the review, rather than a simple summary of the
article and word/page count.
Page 1 of 9
Courtesy the Odegaard Writing & Research Center
http://www.depts.washington.edu/owrc
Adapted from
www.dartmouth.edu/~writing/materials/student/ac_paper/what.s
hmtl
What is an Academic Paper?
WRITING FOR COLLEGE
67. How It Differs From Writing in High School
One of the first things you'll discover as a college student is
that writing in college is
different from writing in high school. Certainly a lot of what
your high school writing
teachers taught you will be useful to you as you approach
writing in college: you will want
to write clearly, to have an interesting and arguable thesis, to
construct paragraphs that are
coherent and focused, and so on.
Still, many students enter college relying on writing strategies
that served them well in high
school but that won't serve them well here. Old formulae, such
as the five-paragraph
theme, aren't sophisticated or flexible enough to provide a
sound structure for a college
paper. And many of the old tricks - such as using elevated
language or repeating yourself so
that you might meet a ten-page requirement - will fail you now.
So how does a student make a successful transition from high
school to college?
The first thing that you'll need to understand is that writing in
college is for the most part a
particular kind of writing, called "academic writing." While
academic writing might be
defined in many ways, there are three concepts that you need to
understand before you
write your first academic paper.
1. Academic writing is writing done by scholars for other
68. scholars. Writing done by
scholars for scholars? Doesn't that leave you out? Actually, it
doesn't. Now that you are in
college you are part of a community of scholars. As a college
student, you will be engaged
in activities that scholars have been engaged in for centuries:
you will read about, think
about, argue about, and write about great ideas. Of course,
being a scholar requires that
you read, think, argue, and write in certain ways. Your
education will help you to
understand the expectations, conventions, and requirements of
scholarship. If you read on,
so will this Web site.
2. Academic writing is devoted to topics and questions that are
of interest to the
academic community. When you write an academic paper, you
must first try to find a
topic or a question that is relevant and appropriate. But how do
you know when a topic is
relevant and appropriate? First of all, pay attention to what your
professor is saying. She
will certainly be giving you a context into which you can place
your questions and
observations. Second, understand that your paper should be of
interest to other students
and scholars. Remember that academic writing must be more
than personal response. You
must write something that your readers will find useful. In other
words, you will want to
write something that helps your reader to better understand your
topic, or to see it in a new
way.
69. 3. This brings us to our final point: Academic writing should
present the reader with
an informed argument. To construct an informed argument, you
must first try to sort out
what you know about a subject from what you think about a
subject. Or, to put it another
way, you will want to consider what is known about a subject
and then to determine what
you think about it. If your paper fails to inform, or if it fails to
argue, then it will fail to meet
the expectations of the academic reader.
Page 2 of 9
Courtesy the Odegaard Writing & Research Center
http://www.depts.washington.edu/owrc
Adapted from
www.dartmouth.edu/~writing/materials/student/ac_paper/what.s
hmtl
CONSTRUCTING AN INFORMED ARGUMENT
What You Know
When you sit down to write an academic paper, you'll first want
to consider what you know
about your topic. Different writing assignments require
different degrees of knowing. A
short paper written in response to a viewing of Alfred
Hitchcock's Rear Window, for
70. example, may not require you to be familiar with Hitchcock's
other works. It may not even
require you to have mastered the terms important to film
criticism - though clearly any
knowledge you bring to the film might help you to make a
thoughtful response to it.
However, if you are asked to write an academic paper on the
film, then you will want to
know more. You will want to have certain terms in hand so that
you can explain what
Hitchcock is doing in key moments. You will want to be
familiar with Hitchcock's other films
so that you can understand what themes are important to him
and his work. Moreover, if
you are watching this film in an upper-level film class, you will
want to be aware of different
critical perspectives on Hitchcock's films and on films in
general, so that you can "place"
your argument within the larger ongoing conversation.
When you sit down to write an academic paper, ask yourself
these questions:
What do I know about my topic?
where, why,
how?
might be important to my
topic?
71. topics?
now about this genre?
What seems important to me about this topic?
points would I focus on?
How does this topic relate to other things that I know?
understand it in new
ways?
What DON'T I know about my topic?
What You Think
You'll discover as you consider the questions listed above that
you are moving beyond what
you know about a topic and are beginning to consider what you
think. In the process of
really thinking about your topic, your aim is to come up with a
fresh observation. After all,
72. Page 3 of 9
Courtesy the Odegaard Writing & Research Center
http://www.depts.washington.edu/owrc
Adapted from
www.dartmouth.edu/~writing/materials/student/ac_paper/what.s
hmtl
it's not enough to summarize in a paper what is already known
and talked about. You must
also add something of your own to the conversation.
Understand, however, that "adding something of your own" is
not an invitation simply to
bring your own personal associations, reactions, or experiences
to the reading of a text. To
create an informed argument, you must first recognize that your
writing should be analytical
rather than personal. In other words, your writing must show
that your associations,
reactions, and experiences of a text have been framed in a
critical, rather than a personal,
way.
How does one move from personal response to analytical
writing?
Summarize.
First, summarize what the primary text is saying. You'll notice
that you can construct
several different summaries, depending on your agenda.
Returning to the example of
Hitchcock's film, you might make a plot summary, a summary
73. of its themes, a summary of
its editing, and so on. You can also summarize what you know
about the film in context. In
other words, you might write a summary of the difficulties
Hitchcock experienced in the
film's production, or you might write a summary of how this
particular movie complements
or challenges other films in the Hitchcock canon. You can also
summarize what others have
said about the film. Film critics have written much about
Hitchcock, his films, and their
genre. Try to summarize all that you know.
Evaluate.
The process of evaluation is an ongoing one. You evaluate a
text the moment you encounter
it, and - if you aren't lazy - you continue to evaluate and to re-
evaluate as you go along.
Evaluating a text is different from simply reacting to a text.
When you evaluate for an
academic purpose, it is important to be able to clearly articulate
and to support your own
personal response. What in the text is leading you to respond a
certain way? What's not in
the text that might be contributing to your response? Watching
Hitchcock's film, you are
likely to have found yourself feeling anxious, caught up in the
film's suspense. What in the
film is making you feel this way? The editing? The acting? Can
you point to a moment in the
film that is particularly successful in creating suspense? In
asking these questions, you are
straddling two intellectual processes: experiencing your own
personal response, and
74. analyzing the text.
Analyze.
This step in constructing an informed argument asks you first to
consider the parts of your
topic and then to examine how these parts relate to each other
or to the whole. To analyze
Hitchcock's film, you may want to break the film down by
examining particular scenes, point
of view, camera movements, and so on. In short, you'll want to
ask: What are the
components of Hitchcock's film, and how do these components
contribute to the film's
theme? How do they contribute to Hitchcock's work as a whole?
When you analyze, you
break the whole into parts so that you might see the whole
differently. In the process of
analysis, you find things that you might say.
Synthesize.
When you analyze, you break down a text into its parts. When
you synthesize, you look for
connections between ideas. Consider once again the Hitchcock
film. In analyzing this film,
you might come up with elements that seem initially disparate.
You may have some
observations that at first don't seem to gel. Or you may have
read various critical
perspectives on the film, all of them in disagreement with one
another. Now would be the
time to consider whether these disparate elements or
observations might be reconciled, or
75. Page 4 of 9
Courtesy the Odegaard Writing & Research Center
http://www.depts.washington.edu/owrc
Adapted from
www.dartmouth.edu/~writing/materials/student/ac_paper/what.s
hmtl
synthesized. This intellectual exercise requires that you create
an umbrella argument -
some larger argument under which several observations and
perspectives might stand.
CHOOSING AN APPROPRIATE TOPIC
Many students writing in college have trouble figuring out what
constitutes an appropriate
topic. Sometimes the professor will provide you with a prompt.
She will give you a question
to explore, or a problem to resolve. When you are given a
prompt by your professor, be
sure to read it carefully. Your professor is setting the
parameters of the assignment for you.
She is telling you what sort of paper will be appropriate.
In many cases, however, the professor won't provide you with a
prompt. She might not
even give you a topic. For example, in a psychology course you
might be asked to write a
paper on any theory or theories of self. Your professor has
given you a subject, but she has
not given you a topic. Nor has she told you what the paper
should look like. Should it
76. summarize one of the theories of self? Should it compare two or
more theories? Should it
place these theories into some historical context? Should it take
issue with these theories,
pointing out their limitations?
At this juncture, you have two options: talk to the professor and
see what her expectations
are, or figure out this matter for yourself. It's always a good
idea to talk with the professor.
At the very least, you'll want to find out if the professor wants a
report or a paper. In other
words, is your professor looking for information or argument?
Chances are she'll want you to make an argument. It will be up
to you to narrow your topic
and to make sure that it's appropriately academic. As you think
about a topic, ask yourself
the following questions:
have you constructed a
question that will require a complex, thoughtful answer?
pages? Or is the
question impossibly broad?
words, have you
considered the historical and cultural circumstances that
77. influenced this text? Have
you considered what other scholars have said about it?
question? Or will she say,
"So what?"
Your Topic elsewhere in this
Web site.
FINDING A RHETORICAL STANCE
When writing an academic paper, you must not only consider
what you want to say, you
must also consider to whom you are saying it. In other words,
it's important to determine
not only what you think about a topic, but also what your
audience is likely to think. What
are your audience's biases? Values? Expectations? Knowledge?
To whom are you writing,
and for what purpose?
When you begin to answer all of these questions, you have
started to reckon with what has
been called "the rhetorical stance." "Rhetorical stance" refers to
the position you take as a
writer in terms of the subject and the reader of your paper.
http://www.dartmouth.edu/~writing/materials/student/ac_paper/t
opic.shtml
Page 5 of 9
Courtesy the Odegaard Writing & Research Center
78. http://www.depts.washington.edu/owrc
Adapted from
www.dartmouth.edu/~writing/materials/student/ac_paper/what.s
hmtl
Consider Your Position
Let's first consider your relationship to your topic. When you
write a paper, you take a stand
on a topic. You determine whether you are for or against,
passionate or cool-headed. You
determine whether you are going to view this topic through a
particular perspective
(feminist, for example), or whether you are going to make a
more general response. You
also determine whether you are going to analyze your topic
through the lens of a particular
discipline - history, for example. Your stance on the topic
depends on the many decisions
you have made in the reading and thinking processes.
In order to make sure that your stance on a topic is
appropriately analytical, you might
want to ask yourself some questions. Begin by asking why
you've taken this particular
stance. Why did you find some elements of the text more
important than others? Does this
prioritizing reflect some bias or preconception on your part? If
you dismissed part of a text
as boring or unimportant, why did you do so? Do you have
personal issues or experiences
that lead you to be impatient with certain claims? Is there any
part of your response to the
text that might cause your reader to discount your paper as
biased or un-critical? If so, you
79. might want to reconsider your position on your topic.
Consider Your Audience
Your position on a topic does not by itself determine your
rhetorical stance. You must also
consider your reader. In the college classroom, the audience is
usually the professor or your
classmates - although occasionally your professor will instruct
you to write for a more
particular or more general audience. No matter who your reader
is, you will want to
consider him carefully before you start to write.
What do you know about your reader and his stance towards
your topic? What is he likely to
know about the topic? What biases is he likely to have?
Moreover, what effect do you hope
to have on the reader? Is your aim to be controversial?
Informative? Entertaining? Will the
reader appreciate or resent your intention?
Once you have determined who your reader is, you will want to
consider how you might
best reach him. If, for example, you are an authority on a
subject and you are writing to
readers who know little or nothing about it, then you'll want to
take an informative stance.
If you aren't yet confident about a topic, and you have more
questions than answers, you
might want to take an inquisitive stance.
In any case, when you are deciding on a rhetorical stance,
choose one that allows you to be
sincere. You don't want to take an authoritative stance on a
subject if you aren't confident
80. about what you are saying. On the other hand, you can't avoid
taking a position on a
subject: nothing is worse than reading a paper in which the
writer has refused to take a
stance. What if you are of two minds on a subject? Declare that
to the reader. Make
ambivalence your clear rhetorical stance.
Finally, don't write simply to please your professor. Though
some professors find it flattering
to discover that all of their students share their positions on a
subject, most of us are
hoping that your argument will engage us by telling us
something new about your topic -
even if that "something new" is simply a fresh emphasis on a
minor detail. Moreover, it is
impossible for you to replicate the "ideal paper" that exists in
your professor's head. When
you try, you risk having your analysis compared to your
professor's. Do you really want that
to happen?
Page 6 of 9
Courtesy the Odegaard Writing & Research Center
http://www.depts.washington.edu/owrc
Adapted from
www.dartmouth.edu/~writing/materials/student/ac_paper/what.s
hmtl
81. CONSIDERING STRUCTURE
In high school you might have been taught various strategies for
structuring your papers.
Some of you might have been raised on the five paragraph
theme, in which you introduce
your topic, come up with three supporting points, and then
conclude by repeating what
you've already said. Others of you might have been told that the
best structure for a paper
is the hour-glass model, in which you begin with a general
statement, make observations
that are increasingly specific, and then conclude with a
statement that is once again
general.
When you are writing papers in college, you will require
structures that will support ideas
that are more complex than the ones you considered in high
school. Your professors might
offer you several models for structuring your paper. They might
tell you to order your
information chronologically or spatially, depending on whether
you are writing a paper for a
history class or a course in art history. Or they may provide you
with different models for
argument: compare and contrast, cause and effect, and so on.
But remember: the structure
for your argument will in the end be determined by the content
itself. No prefab model
exists that will provide adequate structure for the academic
argument. (For more detailed
advice on various ways to structure your paper, see Writing:
82. Considering Structure and
Organization.)
When creating an informed argument, you will want to rely on
several organizational
strategies, but you will want to keep some general advice in
mind.
Introductions:
Your introduction should accomplish two things: it should
declare your argument, and it
should place your argument within the larger, ongoing
conversation about your topic. Often
writers will do the latter before they do the former. That is, they
will begin by summarizing
what other scholars have said about their topic, and then they
will declare what they are
adding to the conversation. Even when your paper is not a
research paper you will be
expected to introduce your argument as if into a larger
conversation. "Place" your argument
for your reader by naming the text, the author, the issues it
raises, and your take on these
issues. (For more specific advice on writing a good
introduction, see Introductions and
Conclusions.)
Thesis Sentence:
Probably you were taught in high school that every paper must
have a declared thesis, and
that this sentence should appear at the end of the introduction.
While this advice is sound, a
thesis is sometimes implied rather than declared in a text, and it
can appear almost
83. anywhere - if the writer is skillful.
Still, if you want to be safe, your paper will have a declared
thesis and it will appear where
the reader expects it to appear: at the end of the introduction.
Your thesis should also be an
arguable point - that is, it should declare something that is
interesting and controversial.
Because your thesis is probably the single most important
sentence in your paper, you will
want to read more about it in Developing Your Thesis.
The Other Side(s):
Because every thesis presents an arguable point, you as a writer
are obligated to
acknowledge in your paper the other side(s) of an argument.
Consider what your opponents
might say against your argument. Then determine where and
how you want to deal with the
opposition. Do you want to dismiss the opposition in the first
paragraph? Do you want to list
each opposing argument and rebut them one by one? Your
decisions will determine how you
structure your paper.
http://www.dartmouth.edu/~writing/materials/student/ac_paper/
write.shtml
http://www.dartmouth.edu/~writing/materials/student/ac_paper/
write.shtml
http://www.dartmouth.edu/~writing/materials/student/ac_paper/
write.shtml
http://www.dartmouth.edu/~writing/materials/student/ac_paper/
write.shtml#intros
http://www.dartmouth.edu/~writing/materials/student/ac_paper/