I joined the first Royal Holloway CDT cohort in September 2013 - Dr Steve Hersee

I joined the first Royal Holloway CDT cohort in September 2013 following careers in the RAF, police and private sector. Having spent 10 years working in security and intelligence I was attracted to a move into academia by the increasing relevance of cyberspace to the field of security, a desire to expose myself to a different perspective and a growing thirst to learn. Traditional PhDs were available but the Cyber Security PhD at Royal Holloway offered something different; a truly multidisciplinary approach, with a close connection between Geopolitics and Information Security; the chance to take classes as well as conduct research; a close connection to the real world through industrial placements; and a cohort environment where we had others around us to learn from, help us out and reassure us that we weren’t as far behind as we thought we were.

I began with no clear idea of my research area but soon realised that there was one topic which both interested me and animated the InfoSec community. In June 2013 Edward Snowden caused uproar by leaking top secret information from the National Security Agency and GCHQ. Within my previous world of security and intelligence Snowden had committed a cardinal sin, compromising our capabilities and assets and handing a massive advantage to our enemies. But to much of academia Snowden had exposed the reckless activities of the security agencies, who had run roughshod over individual privacy and left the Internet more insecure. Whilst the InfoSec community was working to improve network security, the security agencies were apparently undermining it.

Early within the CDT we held a debate amongst CDT students, geopolitics students and staff members about whether Snowden was a hero or a traitor. I led the argument against Snowden but was surprised by the passion and anger expressed by the other side and I sensed some hostility at my deviation from the academic status quo. The debate was great fun and was followed by further discussion in common rooms and pubs over the coming weeks, but this only succeeded in entrenching our pre-existing views. Mirroring the Crypto Wars, we were stuck in the same seemingly intractable problems of privacy versus security and state versus individual.

During this time, I attended Geopolitics classes with MSC students from the Department of Geography and I was exposed to a whole new way of thinking about security. Instead of focussing on how to create security we focussed on security practices and queried whose security we were trying to defend. One concept which caught my interest was that of securitisation; a constructivist approach which describes the process by which an issue becomes a matter of security due to the existence of an existential threat. Once an issue has become securitised in this way extraordinary activity (usually by a government) can be justified to counter this threat.

Within this framework I saw an interesting opportunity to study the crypto wars from a different perspective. To avoid becoming entangled in the debate I could use the securitisation framework to study how each side constructed their own versions of security. In doing so I hoped to bypass questions of who was right and expose ways by which better outcomes could be delivered for everyone.

Some limited literature covered the securitisation of cyberspace but focussed almost entirely on how the British and American governments justified mass surveillance through the securitisation of terrorism, cyber attacks and hostile states. The literature was interesting but often seemed highly partisan and designed to fuel the debate rather than help solve it.

I began to realise that whilst these acts of securitisation formed the building blocks of the crypto wars, they were also fuelling each other. Fearing threats to national security the state banned encryption but fearing a totalitarian state digital rights activists overturned the ban; the state enforced key escrow but activists resisted it; the state siphoned data from technology companies but those companies implemented end-to end encryption. As actions by one side lead to reactions by the other we descend into a spiral of increasing fear and insecurity.

Whilst looking for a way to describe this decent into insecurity I discovered the international relations concept of the spiral model, more commonly known as the security dilemma. This describes the process by which two parties can end up at war despite their peaceful nature. Initial distrust leads one side to take security measures which spook the other causing them to respond in kind. To the first party this action looks hostile they increase their own security further leading to a spiral of insecurity and fear ends in open conflict.

I realised that I could use this model and the vast volume of research surrounding it to study the crypto wars. My focus became not the actions of each side but the feelings of fear and insecurity which drove these actions. This required me to focus on personal experiences, which I was lucky enough to collect through interviews with staff at GCHQ and directors within the Open Rights Group. And through a random and serendipitous event I was able to use my industrial placement to participate in a show called ‘Hunted’, which investigated experiences of the surveillance state.

Through the unique opportunities presented by the CDT and the support of my supervisors I hope I have produced a unique thesis which adds a different perspective to the literature. I’m proud of what I achieved at Royal Holloway and left not only more qualified but more capable of embracing new ideas and viewing the world from different perspectives. I also left with a wife and 3 children but that’s a different story; a PhD really is a long old process.