UCL Department of Science, Technology, Engineering and Public Policy


Digital Policy Lab - Featured Researchers

Francesca Stevens - Research Assistant, Gender and IoT

Francesca Stevens headshot



Can you briefly describe what your research project is about?

Our research project’s focus is on the applicability of the Computer Misuse Act 1990 (CMA), and to analyse its relevance for technology-facilitated abuse (tech abuse). At this current time, tech abuse is not a domestic abuse offence per se, however, activities including limiting someone’s technology use, tracking a person’s online behaviour, or installing malicious software (i.e., spyware) are offences that can also fall under the CMA. This legislation is traditionally associated with unauthorised access to computer material, for example for financial gain whereby an individual hacks into a business’s computer server in order to access funds, but the Act may also be used to prosecute Intimate Partner Violence (IPV) tech abuse perpetrators. However, one of the few existing studies into the CMA has demonstrated that a limited number of perpetrators had previously been convicted of domestic abuse. We, therefore, set out to examine and analyse court cases in England and Wales in which the CMA was of relevance (since its introduction in 1990). We extracted cases from the following legal databases: Westlaw, LexisNexis and Bailii, and then systematically analysed the features of these cases, examining the extent and nature of domestic violence/IPV cases in CMA offences, as well as identifying how the use of technology in domestic violence/IPV cases has evolved over time.

Furthermore, we also conducted a systematic search of court cases that were of relevance to domestic abuse within England and Wales using the same three legal databases as with the CMA systematic review. We used a time-limited dip sample (~ last six months) due to the vast number of court cases that take place where the law report involves some form of mention or reference to domestic abuse. This additional systematic review meant that we were able to examine: (a) court cases that have taken place during the last six months that were of relevance to domestic abuse; (b) cases where tech abuse had occurred; (c) technologies utilised to carry out such abuse; and (d) sentencing types across a few cases which were directly concerned with domestic abuse between two individuals.

How is it different from other research projects on the topic?

To our knowledge, this is the first research project which has systematically analysed court cases relating to the CMA, in order to better understand the features and dynamics of each case, including the intricacies of the offence at hand, the possible sentence and outcome and relevance to tech abuse and IPV. We are seeking to improve our knowledge on tech abuse perpetrators, the technological enablers of domestic abuse and the use of the CMA in relation to prosecuting such offences. This research has allowed us to directly address the Home Office’s interest in studying technological enablers of domestic abuse and develops our understanding of tech abuse perpetrators. The latter, to date, has not yet been subject to any analysis and produces insights that we think will benefit research, policy, and practice.

What are you working on now to prepare for the next stage of the project?

To date, this research has been funded by the Home Office Domestic Abuse Perpetrators Research fund. At the end of May, we submitted our final report detailing our findings so far. We have recently submitted another research funding application to REPHRAIN for funding, as we have a myriad of additional avenues that we wish to explore and investigate.

We are also hoping to be able to write a journal paper for our current findings so that our research is able to be disseminated to the wider community.

What do you find exciting about this project?

My academic research is in the cyber abuse sphere, and IPV and tech abuse are of course a crucial element in this field and one that continues to need great focus and attention. Since the onset of the COVID-19 pandemic, we have seen how technology has been utilised by offenders within domestic abuse contexts, including IPV, and it is of great importance that we continue to research, explore relevant legislation such as the CMA and how it could be more widely used regarding prosecutions, and challenge its use in order to better protect victims going forward.

To have had the opportunity to conduct systematic reviews of legal cases has been challenging (in a positive sense) and fascinating, and has certainly added an exciting and novel element to this research.

It has also been an honour to work so closely with Dr Leonie Tanczer (the Principal Investigator on this project), whose work in the field is an inspiration to me.

Our previous featured researchers:

Dr Mark Sallos - Research Fellow, Cyber Readiness for Boards (CR4B)

Mark Sallos
Can you briefly describe what your research project is about?

In a sentence, Cyber Readiness for Boards (CR4B) is about supporting boardroom decision-making on issues of cyber risk. It aims to systematically engage directors and senior managers with cybersecurity oversight across several key sectors, understand their evolving needs, and generate a series of outputs based on the resulting knowledge. To achieve this aim, the research strategy employs a variety of tools which range from interviews and observations, to simulation exercises. This is all supported by the blend of expertise brought forward by the project team, which includes both academic institutions, private sector partners, and entities like the UK’s National Cyber Security Centre and Lloyd’s Register Foundation. Given the ever-increasing role of private sector cybersecurity as a societal concern, the outputs of the project have the potential to generate a significant positive impact and set the foundation for a new generation of boardroom support initiatives.

How is it different from other research projects in the topic?

The project is quite unique in a variety of ways. Firstly, it operates in an understudied space, with sensitive themes and participants which have historically been largely inaccessible for researchers. We are fortunate to benefit from the support of the project’s funders, and from the substantial experience of key team members in working with boards on sensitive topics. Secondly, the project’s methodology is geared towards depth and flexibility. There are very few starting assumptions, given our priority to reflect the voices, contexts, and actions of our participants as the foundation of our outputs. Thirdly, the project is informed by a rich understanding of context, as it encompasses multiple levels of analysis which converge to generate the outputs (i.e. individual context, tensions and interactions; organisational phenomena and considerations; and macro drivers and dynamics). As the research space is largely occupied by commercial actors, CR4B is well positioned to engage with and contribute to its target communities without compromising on academic rigour and methodological transparency. 

What do you find exciting about this project?

I find CR4B to be of broad importance for a variety of stakeholders, who currently operate with a limited systematic/cross-field understanding of boardroom-level cyber risk decision making. On a more personal level, I also find it to be a stimulating and rewarding project to work on. This dynamic is a valuable mix between broadly impactful and personally engaging work. Having researched cybersecurity decision-making, risk and strategy for a number of years now, I have had to deal with a plethora of domain obstacles which restrict data access, inhibit possible transparency, and limit the potential scope of the work. It is a difficult space to study. Most incidents are disclosed to the public through involuntary means, which generates an incomplete perspective of the phenomena at play, creating a dangerous dynamic between complacency and ‘hype’. Without rigorous, systematic research, the knowledge gaps associated with cybersecurity and organisational decision making are, at best, filled with anecdotal accounts and informed assumptions; at worst, they enable speculations and disinformation. There are also a number of myths, or over simplistic explanations for incidents which commonly frame the subsequent discourse. Needless to say, there is no reasonable substitute for thorough research as the basis for better diagnosing and tackling these issues. In this sense, the project provides a great platform to overcome the domain’s research barriers, leading to rich data collection opportunities — something that is both scarce and valuable for researchers within the field. Lastly, I find the challenges it raises to be incredibly formative. To summarise the answer to the previous question: we are engaging people that are very hard to reach, on topics that are hard to discuss, in a variety of different-yet-complementary ways, to tackle an important problem. As a result, each stage of the process involves measures of complexity, nuance and uncertainty. This makes for a very interesting, stimulating and challenging research experience. 

What are you working on now to prepare for the next stage of the project?

I am currently working on finalising a series of preliminary outputs and analyses which are a starting point for the previously mentioned emphasis on context. More broadly, the team is hard at work, making the necessary efforts to coordinate the project’s multiple dimensions and their respective data collection streams. We are also very actively engaged with our key stakeholders as we are setting-up for the first round of interviews. Fun times ahead...

Dr Feja Lesniewska - Post-doctoral research associate working on the EPSRC funded PETRAS project
Image of Feja Lesniewska

Feja is a post-doctoral research associate working on the EPSRC funded PETRAS project located at STEaPP, UCL.

Can you briefly describe what your research project is about?

My research focuses on issues relating to the Internet of Things (IoT), security and governance. The world is becoming increasingly dependent on the IoT for the functioning and delivery of critical services like health, banking, transport and energy. This is a situation that is only going to increase and in doing so become more complex to manage effectively without undermining security and established privacy rights.

In my research I initially focused on how established international governance mechanisms, both multilateral and multi-stakeholder, have approached the novel security issues that the IoT raises. I am now taking the research forward to focus  on the introduction of the IoT into the maritime sector, focusing primarily on ‘smart’ ports.

The maritime sector is experiencing a radical transformation with new digital technologies being incorporated into ships, logistics and ports. Drivers behind this change include the sector trying to reduce greenhouse gas emissions to not only mitigate climate change but also to improve air quality in port cities. Understanding the security challenges this radical technological transformation will pose for the maritime sector is necessary so that appropriate legal and governance responses can be developed.

The difficulty is that this is all happening very quickly. It is becoming apparent that some of the regulatory tools we have traditionally relied on to deliver governance objectives may no longer actually be reliable. The IoT is not only the object of governance but is rapidly becoming integral to the design of new governance models. Lawyers and policy makers need to understand the challenges so they can effectively create a regulatory approach that ensures the security and well-being of people and the environment.

How is your research different from other research on the Internet of Things?

A great deal of the research on IoT governance issues focuses on the consumer aspects including standards, labelling, behavioural psychology, ethics, data protection and privacy rights. My research is specifically on critical infrastructure systems: transport, energy, ecosystems and communication. These are often not just domestic problems as many have a public goods dimension to them that transcends the usual regulatory boundaries. I am exploring how concepts used to tackle other global public goods issues, such as climate change, chemical and nuclear waste management for example, could be applied to IoT governance contexts. I am researching how the concept of polycentric governance could be used to mobilise and build trust and cooperation across multiple agents who shape the IoT ecosystem. In the research I have focused on the UN Paris Agreement on climate change as an example of an evolving polycentric governance system at the start of the 21st century.

What are you working on at the moment to prepare you for the next stage of the project?

I am developing a research plan to take our work on the IoT, security and ports forward. I will be comparing the strategies to develop smart ports in the UK, Netherlands and Singapore. In January 2019 the UK government launched the Maritime 2050: Navigating the Future. Digitalisation is a key component in the government’s strategy.  This is a particularly historic moment in the UK with the country leaving the European Union. The government is keen to learn lessons from the innovators in incorporating IoT into the maritime sector so it can become a leader itself in the new phase in its history in the world. The IoT, port and security research will contribute to a greater understanding of what the challenges are for the UK and how it can best learn from others.

Given the pace of change in this sector, research that contributes to understanding the challenges will be valuable to all those involved. Getting the future of the maritime sector right will be important for addressing the challenges of climate change, sustainable development and improving the vitality of the ocean ecosystem as a whole.

Dr Jose Tomas Llanos - Research Fellow in Privacy Aware Cloud Ecosystems (PACE)

Can you briefly describe what your research project is about?

Broadly speaking, the Privacy-Aware Cloud Ecosystems (PACE) project aims to develop a computational infrastructure capable of both enabling users to better understand which entities have access to and process their personal data, and enabling cloud-hosted services to elicit meaningful user consent for personal data processing. Both positive developments, in turn, have the potential to improve compliance with the General Data Protection Regulation (GDPR) in a way that is dynamic and more consistent with the expectations of cloud ecosystems’ stakeholders (i.e. cloud service providers, cloud service customers and data subjects). 

How is it different from other research projects in the topic?

Legal research on data protection in general and consent in particular almost invariably follows a silo approach, with an excessive focus on the current regulatory framework and its pitfalls, paying lip service to other disciplines that can dramatically contribute to improving data protection law compliance and thereby protect individuals’ fundamental rights. PACE, conversely, is a multi-disciplinary project, featuring the involvement of data scientists from Cardiff University and Newcastle University, as well as public policy scholars from UCL STEaPP. The computer science team is developing a permission-based ledger built upon blockchain technology that will ensure that all personal data access instances by diverse players in cloud ecosystems can be securely recorded and verified by users of cloud-hosted services. This solution will improve transparency by enabling the possibility to audit users’ data trail, thereby eliciting greater trust. The public policy team, in turn, is developing a set of policy requirements which will align with the GDPR and will be embedded in the technological solution. All recorded events on the blockchain will comply with said requirements, thereby promoting data protection law compliance. Accordingly, PACE is a unique and ambitious multi-facetted project, not so much aimed at exposing the rather apparent pitfalls of the data protection regulatory framework in the context of cloud ecosystems, but instead seeking to take advantage of technology to produce a solution capable of adapting such framework to the actual operation of cloud-based services.

What do you find exciting about this project?

The fact that user consent as a legal basis legitimising the processing of personal data has been rendered unfit for purpose in the digital economy is undisputed. With the increasing adoption of online services, users are bombarded with consent requests, leading to a scenario where we just ‘tick the box’ and agree to highly intrusive data processing practices, without understanding the potential consequences of these actions. Worst still, data protection concerns are compounded in cloud ecosystems, where a common infrastructure scattered across different parts of the world is shared amongst an array of entities, and personal data is transferred in ways that data subjects and even data controllers cannot possibly anticipate. This state of affairs depicts a bleak data protection scenario, which fuels user distrust and prevents the full realisation of the benefits that cloud technology can offer. As a competition and data protection law scholar focused on online platform markets, I was increasingly concerned by such dreary scenario, overwhelmed by a growing sense of hopelessness arising from the observation that the emergence of privacy-enhancing market solutions was highly unlikely. However, PACE does in fact have a remarkable potential to endow again user consent with meaning, restore its role in the protection of users’ autonomy and informational self-determination, and enable the launching of new privacy-driven services. Being able to participate in a project having such potential for positive impact is tremendously exciting, as I was not even dreaming about such a possibility only a few months ago.

What are you working on now to prepare for the next stage of the project?

We are at the very early stages of PACE, so great challenges lie ahead! Currently, I am conducting a literature review of consent in the cloud, as well as identifying data protection concerns posed by blockchain technology. These activities have provided the basis for two data protection law articles, hopefully to be published in the first half of the next year. Importantly, I am making multiple efforts to achieve the necessary coordination with the other teams involved in PACE, with a view to kickstarting the project on the right track. 

Sneha Dawda - Research Assistant



Sneha Dawda
Research Assistant

I recently started working at STEaPP as a Research Assistant on a project led by Professor Madeline Carr, working alongside Dr Alex Chung on delivering a map of the UK cybersecurity policy community. The focus of the ECSEPA project is really understanding why policy makers formulate cybersecurity policy in the way they do. When we think about what the project is unearthing, it quickly becomes apparent we have to define what the cybersecurity policy landscape actually looks like in the first place. The mapping project, the focus of my research, is doing exactly this.

Sneha Dawda and the Cybersecurity Governance Map

By using innovative software and visual graphics I've been creating the map of the UK cybersecurity policy community, consulting policymakers and academics on the accuracy, utility, and core concept. Two months into the map, it's definitely as complex and mind-boggling as you can imagine! However, the genuinely exciting aspect of this project is the potential to facilitate more efficient collaboration across Government and bring cybersecurity policymaking to an audience as an invaluable visual tool.

My background in research and education made this project a perfect fit for my interests, and it helps that I get to talk to some incredible people working in and outside of government. I have a BScEcon(Hons) in International Politics from Aberystwyth University and an MA in Global Security from the University of Sheffield. Whilst both my degrees sound broad, my desire to shape my research towards cyber politics is reflected in both of my theses.

For my Bachelor's thesis, I wrote on the Foucauldian construction of the US Surveillance State using the Edward Snowden's revelations as the catalyst for the privacy versus security debate. At Master's level, I wrote a genealogy of the internet to highlight the militaristic undertones it was created in that are currently shaping our concepts of warfare and espionage today. My areas of cyber politics research are embedded in securitisation, militarisation, warfare, and espionage. In the future I hope to continue my research in cybersecurity and pursue the constant challenges that cyberspace is presenting to Government and society.

Dr Alex Chung - Research Associate
Alex Chung
Dr Alex Chung
Research Associate





Dr Alex Chung is a Research Associate working on the EPSRC-funded project, 'Evaluating Cyber Security Evidence for Policy Advice' (ECSEPA), led by Professor Madeline Carr, Associate Professor of International Relations and Cyber Security and Programme Leader of Digital Technologies and Public Policy (MPA) at STEaPP.

Can you briefly describe what ECSEPA is about?

ECSEPA seeks to understand the challenges faced by UK policymakers working in cybersecurity and how we can support them in the policy process. We do this by looking at how they engage with evidence used for policymaking in cybersecurity through interviews and an online survey. Later this year, we will explore how policymakers make operational and strategic decisions during a table-top policy game using simulated cybersecurity crisis scenarios.

How is ECSEPA different to other research projects in cybersecurity?

Studies in cybersecurity research investigating the human factor often focus on end users. Our project, however, examines issues surrounding the policy process, an aspect of human dimension that's rarely addressed.

Our project is also unique as it embodies STEaPP's 'mode of research' - interdisciplinary research that tackles real-world challenges through co-design, co-production, and action research by engaging with policy actors.


What do you find exciting about this project?

Being a part of a cutting-edge research project that will lead to real-world impact on governance policy, education, skills training and more is a huge privilege and goal of mine. Creating impactful research that is used and appreciated is a central aim in my career and having the opportunity to fulfil this through ECSEPA is brilliant. We are already seeing how our project is well-received across the UK Government and how it's generating positive influence.

For instance, several Government Departments have expressed interest in working with us to further extend the ECSEPA Mapping Exercise (undertaken by dedicated STEaPP Research Assistant Ms Sneha Dawda) by building capabilities that would allow it to be sustained and implemented as an internal tool for staff training and briefing within departments, and externally showcased to the public as an interactive educational resource.

We are confident that upon its completion, the research impact produced by ECSEPA in terms of its reach and significance will go well beyond academia.

What are you working on now to prepare for the next stage of the project?

We are now gearing up for the online survey to be sent out to policymakers and we will soon be working on building the policy crisis game. We are carrying out these tasks with our project partners in Coventry University where our project technical expertise is based. Professor Siraj Shaikh (project Co-Investigator) and Mr Atif Hussain (Research Assistant) have been developing an quantitative assessment model to evaluate the perceptions of cybersecurity evidence quality using qualitative metrics. This model will play a central role in the game design, including how we go about selecting evidence sources and fabricating evidence content for our fictitious cybersecurity crisis scenarios. Watch this space as our project is about to get very exciting!

Lise H. Andersen - PhD Candidate

Lise Andersen
Second-year PhD Candidate working under the supervision of Professor Madeline Carr, Professor of Global Politics and Cybersecurity

Can you briefly describe what your research project is about?

An increasing number of issues with complex scientific or technological basis are entering the international sphere requiring diplomatic solutions. Diplomatic processing of these types of problems requires a comprehensive grasp of the best and most up-to-date knowledge available. For this reason, it is important to understand the flow, exchange and management of knowledge within the setting of diplomatic multilateral negotiations. By studying several international multilateral negotiations, this project aims to identify and describe approaches to knowledge management throughout such diplomatic processes and if possible, identify best practices. 

How is it different from other research projects in the topic and what do you find exciting about this project?

This project is unique in that it sits at the intersection of two strands of literature that have had relatively little interaction in the past. That of the business literature and work on diplomatic practice. 
My interest in pursuing research in this area was gradually built up as I completed my previous university degrees. As I undertook my Bachelor of Arts in Global Studies at the University of California Santa Barbara, I gained a strong interest in climate change diplomacy. This interest further manifested itself in my dissertation Climate Change Negotiations 2015: Potential for an Effective Agreement? which I completed whilst studying for my Master of Science in Global Governance and Diplomacy at the University of Oxford. In my analysis of the positions of the five key parties in the 2015 climate negotiation, I duly noted that several major political parties around the world were ignoring, ignorant of or questioning the objectivity of important research in the natural sciences. Without a commonly accepted basis of facts diplomacy tends to struggle. I believe that knowledge management as a technical discipline will gain increased importance in years to come within the multilateral diplomatic context due to accelerating knowledge growth. I hope to uncover concepts from business literature applicable to diplomatic scholarship. The phenomenal knowledge growth, especially in the last 50 years, is constantly accentuating the need for interdisciplinary cooperation in many issues of a transnational nature.

What are you working on now to prepare for the next stage of the project?

I am currently working towards the completion of the PhD pilot study. This involves testing proposed methodologies and theories, investigating initial case study choices and presenting preliminary results in the form of a report and presentation to members of the department.

Andreas P Kopp - PhD Candidate

Email: andreas.kopp.16@ucl.ac.uk
Twitter: @AndyPKopp
Personal website: www.andreaskopp.org

Dr Irina Brass, Lecturer in Regulation, Innovation, and Public Policy (UCL STEaPP)
Professor  Rainer Kattel, Professor of Innovation and Public Governance (UCL Institute of Innovation and Public Purpose)

Can you briefly describe what your research project is about?

Innovations that address global challenges, for example mitigating climate change or resolving pressing mobility issues in increasingly urbanized societies, often result in multi-technology solutions. They comprise many interacting components, cater a variety of purposes, and involve stakeholders across governance, industry, and research organisations – they are complex. Connected autonomous vehicles are a good example, as they affect and are affected by many different policies, be they vehicle regulations, environmental restrictions, digital policies governing connectivity and data privacy, or infrastructure projects. As a consequence, governance organisations often face coordination challenges, when policies contradict each other or are missing entirely. My aim is to understand how and to what extent public administrations influence complex technological innovation systems? How do governance organisations coordinate across the system? Which governance mechanisms block, which induce innovation? To do so I explore the technological innovation systems of autonomous vehicles in three of the most innovative economies in the world: Singapore, Estonia, and Sweden.

How is it different from other research projects on the topic?

The unique aspect of this project is the combination of two mostly separate academic fields – innovation system research and public administration. On the one hand, although the system perspective is common in innovation research related to sustainability transitions, the influence of public administrative processes on innovation outcomes has hardly been addressed. On the other hand, many public policy scholars look either at policy design or at its implementation. Yet, due to the cross-cutting nature of ‘innovation policy’ and its impact, it is necessary to consider both jointly, looking at innovation processes holistically. Hence, I am glad that I can contribute to the theoretical development of both fields and at the same time also shed some light on a really fascinating technology, empirically.

What do you find exciting about this project?

The huge transformative potential of innovative solutions to socio-technical challenges and the trans-disciplinary approach required to address them, really spark my interest. Autonomous vehicles, for instance, have the potential to contribute to a smart and more environmentally sustainable transportation system. Needless to say, however, relying on forms of artificial intelligence means that there are risks involved. Inventors and innovators, but also policymakers and implementers, and we, the users, have to think about so many different aspects – political, economic, social, environmental, and technical – and almost everything relates to everything else.

As a political economist by training, I conducted a research project on innovation policy and technology governance already during my master’s degree at the University of Oxford, in the context of green tech in Brazil. Now, pursuing a PhD, allows me to look much deeper into governing innovation dynamics. Exploring a cutting-edge technology that in the long run has the potential to fundamentally change our cities, especially in the context of three highly innovative case studies, is very exciting!

What are you working on now to prepare for the next stage of the project?

After many months of reading and coursework, designing the research project, collecting the data, and weeks of coding and data analysis – and upon completing my teaching in the Department, which I thoroughly enjoyed – I am now at the stage of writing up my PhD thesis. On the side, I am also working on a few academic publications and will be presenting my work at several conferences this year. The final PhD year, although an intensive time, to me is also the most fulfilling part of this long research project, as I finally can deliver results and, hopefully, helpful insights. So, I am looking forward to it, and then to finally holding ‘the book’ in my hands!

Dr Saheli Datta Burton - Research Fellow in Geopolitics of Industrial Internet of Things Standards (GISt)
Saheli Datta BurtonDr Saheli Datta Burton is a Research Fellow in Geopolitics of Industrial Internet of Things Standards (GISt) at the UK EPSRC funded PETRAS National Centre for Excellence.

Can you briefly describe what your research project is about?

GISt is about understanding the extent to which political and economic interest is embedded in the fora, processes and communities of practice that set the security norms and standards through which Internet governance is enacted. Discussions and debates in forums like the UN International Telecommunication Union, European Union Agency for Cybersecurity, Institute of Electrical and Electronics Engineers and the Internet Engineering Task Force have become important sites for the global governance of the Internet of Things (IoT) but remain largely decoupled from cyber security discussions within the international policy community. Initially regarded as the domain of the technical community, standards are increasingly understood as a powerful mechanism through which IoT governance is implemented. At the same time, the governance and security of IoT infrastructure and implementation is regarded by states as linked to national security, national interest and state power. Consequently, understanding how different states are engaging with standards negotiations, which states are taking newly assertive roles, and which states are forming powerful alliances in standards forums is critical to understanding how technology and geopolitics intersect.

Drawing on a range of qualitative and quantitative research methods, GISt provides a unique perspective of the untidy, contingent and complex dynamics of the geopolitical and local interests embedded in the ecosystem of security standards in the specific domain of Industrial IoT. It is informed by theories and concepts from Science Technology and Innovation Studies, International Political Economy and International Relations. In particular, the project focuses on understanding the dynamics of state power underpinning interstate cooperation and competition that is essential for the UK, and the research team works closely with the UK standards negotiation teams to take this forward.

How is it different from other research projects on the topic?

GIST's unique focus on 'Industrial' IoT (IIoT) sets it apart from the 'consumer' IOT focus of existing scholarship. Industrial IoT, often referred as Industry 4.0, combines machine-to-machine communications with big-data analytics to drive industrial efficiency across sectors including across critical infrastructure systems like electricity, transportation, telecommunications, finance and healthcare. This raises substantive local and cross-border security concerns given IIOT's increased susceptibility to the vulnerabilities that emerge in IoT more generally. Understanding how these concerns intersect with the efficiency rationale (centred on (inter)national competitiveness) further extends GISt's unique remit to the conceptualisation of IR in STIS - which is a research space that remains curiously understudied and limited to the technical community.

What do you find exciting about this project?

Unlike Kevin Reynolds' multimillion dollar flick of dubious box-office fame Waterworld, our increasingly onlineworld is no futuristic imaginary but a reality and here to stay. As the datafication and cyber-fication of anything and everything swamps and changes our world at a pace unprecedented in human history, many wonder how 'brave' tomorrow's world might be? The answer, as many of us suspect, depends largely on how the power relationships and structural hierarchies of today shape (and are shaped by) the cyber norms and standards through which future cyber-societies will be realised. While shared imperatives for securing global goods (such as cyber security) provide compelling motivation for interstate cooperation, the extent of cooperation is often decided by compromises (or its lack) among multiple competing interests. The result is spaces of cyber norm contestation that are as varied as they are diverse.

How should cyber sovereignty be understood and should it matter for (I)IOT standards? Is sovereignty a byword for protectionisim? Or are sovereignty clauses a protective tool against norm capture by private for-profit interests in the guise of multistakeholderism? Is self-regulation enough or even desired? Does multistakeholder participation in global fora perpetuate structural hierarchies, and does it marginalise the resource poor? On the technical side: to what extent do technical fixes marginalise the non-technical and the frugal, and what are its implications? Why some technical issues such as 'privacy' become visible at the expense of others - what is obscured, why and to what end? The opportunity to explore how knowledge is produced, mobilised and shared (in the specific case of IIOT) to answer these and other questions as they engage with the politics, economics and processes of norm contestation and formation is a unique one. Am I excited to be on board - absolutely!

What are you working on now to prepare for the next stage of the project?

My current work focuses on translating the broad conceptual framing of the project into methodological lenses and themes around which data collection will be organised. Under consideration are the merits of further refining methodological lenses to specific domains within IIOT such as emerging data-driven health and medicine. Identification and engagement with stakeholders for various discreet aspects of the project - from analytical and theory development to dissemination - are also underway. Most importantly, the team is committed to delivering its aforementioned aims and remains hard at work accommodating the project's imperatives with the evolving realities of the ongoing Covid-19 pandemic.

Anina Henggeler - PhD candidate

Twitter: https://twitter.com/aninahenggeler
LinkedIn: https://www.linkedin.com/in/anina-henggeler-498799b2/
E-Mail: anina.henggeler.18@ucl.ac.uk

Supervisors: Professor Madeline Carr (UCL STEaPP); Professsor Jeremy Watson (UCL STEaPP); Dr Catherine Mulligan (UCL Computer Science)

Can you briefly describe what your research project is about?

Our understanding of market power is changing. Over the last five years or so we’ve seen a growing interest and study of the many ways in which global technology companies are impacting our lives. One remarkable trend is the growing concern from policy makers, citizens, users, businesses and others, over the increasing power of a relatively small group of market organizations known as the tech giants, or GAF (Google, Amazon, Facebook). Organisations which have brought us many benefits, are now seen as direct contributors to some unfavourable developments, apparently affecting everything from our individual beings to our social structures and institutions –– shaping our beliefs, undermining our elections, threatening economic stability and aiding a burgeoning wealth divide, the list goes on. What we know is that these organisations are powerful and wealthy, however there is still very little understanding around the specific nature of power that these companies wield: how it is sourced and how it is exercised. Therefore, there is little scholarly guidance as to how we, as a policy community, can both detect as well as come to know (and therefore judge) instances where market power has become misaligned with democratic societal objectives.

Many of the traditional economic concepts and legal tools which we have deployed to identify, prevent and disrupt concentrations of market power in the past –– think the U.S.’s ‘trust busting’ movement of the early 1900s –– have so far proved less than effective on the new tech giants. So, what is it that makes Facebook different from two of the biggest monopolies of that time: Western Railway and Standard Oil? And, why haven’t the concepts and legal tools which were used to block Western Railway and Standard Oil (1904 and 1911 respectively), managed to safeguard us from the modern, tech-enabled monopolies of today?

For one, these organisations managed to commodify a new, elusive type of resource, one which flows with ease and opacity between companies and across borders: data. Their services are also largely offered to users free-of-charge. And their global business models operate on a set of digital technologies. These are fused together, making them difficult to differentiate while they sustain technological development at a greater velocity and with a greater scale, scope and societal implication than perhaps ever before. Such differences challenge our traditional conception of monopoly, whilst rendering legal ideas that emphasise cost and pricing strategies ineffectual.

This project aims to provide theoretical and analytical tools by which to better understand the nature of market power in the global tech context. We do so with the objective to contribute to the understanding of power within our current era –– the fourth industrial revolution –– and with a view to inform public policy strategies that seek to detect and judge instances of excessive concentrations of market power.

What do you find exciting about this project?

I love that we are working on a topical issue. I have the feeling that these days, there is rarely a news cycle which fails to touch on issues of global tech, power or the scramble of public policy officials around the world looking to understand and act to improve the social implications of global tech organisations. I consider it one of the defining issues of our day and feel very fortunate to be able to contribute, even if in a small way, to learning in this area.

What are you working on now to prepare for the next stage of the project?

I just wrapped up a pilot study collaboration with Professor Igor Nikolic, Jochem Vlug and Tim van de Laarschot from the Delft University of Technology. Together we developed an Agent-Based Model (ABM) which tested the viability of a handful of proposed policy interventions in their effectiveness to curb data concentration in the social media sector –– we consider data concentration is a form of knowledge concentration, something we argue goes to the heart of monopoly power in the social media context. I am now working with the guys on developing a paper to present our findings, watch this space!

Niamh Healy - PhD candidate
Niamh Healy

Email: niamh.healy@ucl.ac.uk

Twitter: @NiamhFHealy

LinkedIn: https://www.linkedin.com/in/niamh-healy-ab50ab88/

Supervisors: Professor Madeline Carr (UCL STEaPP)

Can you briefly describe what your research project is about?

My research project focuses on the role of the private sector in the development of international norms for cyberspace. For the past decade or so, international policy-makers have identified the development of ‘norms’ as a priority for the stability of cyberspace. These norms are intended to regulate behaviour in cyberspace. Much of the activity to identify and develop cyber norms has centred on the United Nations Group of Governmental Experts (GGE) on ‘Advancing responsible State behaviour in cyberspace in the context of international security’ and more recently an Open-ended Working Group also based at the UN. It is not only states that have been working to promote cyber norms. International organisations, international NGOs, and corporations have all been working to advance certain norms.

I am particularly interested in the contributions of corporations to this effort. Much of what cybersecurity attempts to secure is privately owned, including Internet infrastructure itself. Large technology companies are increasingly ‘governing’ in new ways and in new areas due to their design and control of digital technologies. We see this from Facebook’s Oversight Board affecting the development of freedom of expression online, through to Google and Apple’s shaping of pandemic response through their contact tracing technology. My project will explore how this governance activity is shaping norms for cyberspace.

How is it different from other research projects on the topic?

Existing research on the contribution of corporations to cyber norm development has predominantly focused on public diplomacy work done by large technology companies like Microsoft. My project is interested in the less public ways that corporations impact cyber norms such as through decisions about the development of their technologies. I am also interested in exploring what these effects tell us about broader questions within international relations: what can they tell us about power, legitimacy and authority within a digital age?

What are you working on now to prepare for the next stage of the project?

I am based within UCL’s Centre for Doctoral Training (CDT) in Cybersecurity, a new interdisciplinary centre for the study of cybersecurity. My first year involved engaging with different areas of cybersecurity through completing various assignments and research projects on a mix of socio-technical topics. My next step is to take the insights I developed through my first-year work and develop my plans for my own PhD. For my first-year project, I spent my summer thinking and writing about Google and Apple’s intervention in contact-tracing technology. This case study is incredibly interesting from so many perspectives – digital rights, surveillance, data governance – but I focused on what it showed us about power and digital technology. I am interested in expanding the research I did here into a chapter of my PhD, through interviews and further analysis.

What do you find exciting about this project?

What I find so exciting about this project is how relevant and important it is. The idea for my first-year project came from just following the news around COVID-19 and observing emerging plans for technology to help control the outbreak. Questions around private sector power and technology have huge implications for rights, for accountability, and for democracy. I also love how interdisciplinary work in cybersecurity necessarily is. I don’t have a technical background, and I love the challenge of confronting a new piece of technology and trying to figure out how it ‘works’. Both in a technical sense but also in terms of how it works politically as well.