Cyber security in the European Union : an historical institutionalist analysis of a 21st century security concern

Dewar, Robert Scott

January 2017

This thesis uses cyber security, an important topic in today's world, as a vector for analysis in order to contribute to a better understanding of the European Union (EU)’s policy-making processes. Although EU policy has received extensive scholarly attention, cyber security policy is under-researched, a gap in current literature this thesis addresses. The goal of the thesis is to understand why the Union adopted and maintained a socio-economic approach to cyber security when other actors added military and defence considerations. The thesis employs an historical institutionalist (HI) framework to examine the long-term institutional and ideational influences underpinning policy development in this area between 1985 and 2013. This was achieved using a longitudinal narrative inquiry employing an original, conceptual content analysis technique developed to gather data from both relevant EU acquis communautaire and over 30 interviews. There were three main findings resulting from this analysis, two empirical and one theoretical. The first empirical finding was that the EU’s competences established an institutional framework – a set of rules and procedures – for policy development in this sector. By restricting the EU’s capacity to engage in military or national security-oriented issues, its competences required it to respond to emerging security matters from a socio-economic perspective. The second empirical finding was that there exists a specific discourse underpinning EU cyber security policy. That discourse is predicated upon a set of five ideational elements which influenced policy continuously between 1985 and 2013. These five elements are: maximising the economic benefits of cyberspace; protecting fundamental rights; tackling cyber-crime; promoting trust in digital systems and achieving these goals through facilitating actor co-operation. Throughout the thesis the argument is made that the EU adopted and maintained its socio-economic policy as a result of an interaction between this ideational discourse and the institutional framework provided by competences. This interaction created a linear, but not deterministic path of policy development from which the EU did not deviate. The third, theoretical, finding relates to the HI mechanisms of path dependency and punctuated equilibrium. The EU’s policy discourse was exposed to major stresses after 2007 which, according to punctuated equilibrium, should have caused policy change. Instead, those stresses entrenched the Union’s discourse. This demonstrates an explanatory flexibility not normally associated with punctuated equilibrium. The findings of the thesis have implications for policy practitioners by providing a way to identify underlying ideational dynamics in policy development. Due to a combination of empirical and conceptual findings, the thesis provides a potential basis for future research in EU policy development and HI analyses.

364.16

Timber trafficking and its impacts on human security in Vietnam

Anh, Cao Ngoc

January 2016

As with other forms of green crime, timber trafficking is frequently overlooked by traditional criminology. This research is an exploratory investigation into the problem of timber trafficking in Vietnam, which aims to obtain a detailed understanding of the typology of, victimisation from, and key factors driving this crime. To achieve this aim, 41 semi-structured interviews with seven different cohorts (environmental police, investigative police, forest protection officers, commune authorities, forest-based inhabitants, timber traders, and green NGO staff) were conducted. Over one hundred pages of official documents (criminal case records, operational reports, and conference papers), and more than two hundred relevant newspapers were collected and analysed to enhance and triangulate the primary data. This research reveals a multifaceted typology of timber trafficking in Vietnam, comprising five different components: harvesting, transporting, trading, supporting, and processing. Each of these components is further constituted by distinctive, parallel forms of illicit operation. There are, for example, three parallel forms of illegal timber harvesting, termed small-scale, medium-scale and large-scale (SSITH, MSITH and LSITH). While having certain overlaps, in general SSITH, MSITH and LSITH are fundamentally distinctive not only in terms of the volumes of illicit timber they produce and the methods of illegally felling trees they employ, as typically identified in the previous studies, but more importantly in terms of the harvesters‘ attributes, their motivations, and the sophistication and security implications of the criminal operations. It is thus argued that the typology of illegal timber harvesting in this research challenges the typical classification in the existing literature, and offers an alternative way of understanding more comprehensively the dynamic of illegal logging. Regarding the victimisation from timber trafficking, due to the employment of a broad conceptual framework of human security, it is revealed that timber trafficking has substantial harmful impacts on all seven elements of human security: economic, food, health, environmental, personal, community, and political. These impacts are closely interconnected, but vary between different groups of victims. These findings culminate in the proposal that there are three main typical characteristics of green victimisation: suffering hierarchy, victim-offender overlap, and multidimensionality. Additionally, the employment of a human security paradigm in this research leads to another proposal that it is highly achievable and productive to integrate perspectives from the field of security studies into the discipline of green criminology, for the purpose of systematically examining green victimisation. Finally, this research offers five solutions to control timber trafficking in the context of Vietnam, by refining the current policy framework of forest governance and improving the efficiency of law enforcement.

364.16

Anti-money laundering : the conditions for global governance and harmonisation

Oliveira, Inês Sofia de

January 2015

This thesis advances global governance literature by focusing on the conditions under which procedural harmonisation occurs and how it is characterised. It suggests that the existence of a network of intergovernmental organisations (IGOs) complements great powers’ action and acts as a force for harmonisation in the making of international anti-money laundering (AML) standards. Procedural harmonisation is identified firstly, through a discussion on great power coalitions and how their interests set international agendas and impose compliance. Secondly, it is also recognised as an outcome of the IGOs’ network action through shared preferences, resource exchanges and stable relationships. Ultimately, the analysis determines that great powers are a necessary but not sufficient condition for procedural harmonisation, which is moreover favoured when legitimacy, expertise, and the need to achieve compliance are present. In sum, the thesis discusses the impact of international actors’ interactions in the making of international AML standards from 1989 to 2014, particularly the development of FATF Recommendations on ‘Customer Due Diligence’. The analysis identifies that the United States and the European Union, as great powers and members to the G-7, are the most influential actors. However, it adds that the IGOs network structure created between the Financial Action Task Force (FATF), the International Monetary Fund, the World Bank, the United Nations, and the Committee of Experts on the Evaluation of Anti-Money Laundering Measures and the Financing of Terrorism is also a necessary actor to the achievement of procedural harmonisation. Data analysis is carried out through process-tracing, which triangulates elite interviews and non-participant observation with primary and secondary documents of legal, policy and expert nature. This thesis concludes that: a) procedural harmonisation is a product of international cooperation; b) IGOs gain influence in standard-making through network structures; and, c) procedural harmonisation may be an example to future global governance strategies if complemented with levels of legitimacy, expertise and the need to achieve compliance.

364.16

The prevention of mobile phone theft : a case study of crime as pollution : rational choices and consumer demand

Mailley, Jennifer

January 2011

This thesis makes two contributions to environmental criminology. The first contribution is a rational choice event model for mobile phone thieves. This is based on interviews with 40 mobile phone thieves. In addition, the deterrent effects of 23 designs of phone are assessed. Comparisons are made between the responses of offenders and non-offenders; and between experienced offenders and less experienced offenders. The results show that mobile phone thieves make discerning choices about which model of phone to steal at the point of theft. The factors affecting handset choice reflect Clarke s (1999) CRAVED characteristics. Mobile phone thieves are differentially deterred by a variety of design solutions, the most effective of which reduce the resale value of stolen handsets. In contrast with offenders, non-offenders are more easily deterred, and statistically significantly more deterred for five of the 23 designs presented in this thesis; do not appreciate the importance of resale value; and are not so aware of the possibilities for circumventing or neutralising security technology. The differences between offender and non-offender responses mean that offenders are arguably best placed to assess product use and misuse in the process of designing-out crime. The second contribution of this thesis is a Mobile Phone Theft Index which controls for phone availability in the absence of handset sales data. Mobile phone theft is arguably a form of pollution (Roman and Farrell, 2002) and can, therefore, be controlled using traditional pollution control instruments (Farrell and Roman, 2006). Informing the public of their risk of victimisation according to handset ownership would make security a marketable aspect of handset design, incentivising industry to decrease theft rates. Industry action to date shows evidence of obstructionism and pre-regulatory initiatives (Newman, 2004) meaning that a novel instrument such as the Index is necessary to alter the current status quo where industry costs UK society an estimated £1.2 billion per year (Mailley and Farrell, 2006).

364.16

The legal aspects of cybercrime in Nigeria : an analysis with the UK provisions

Ibekwe, Chibuko Raphael

January 2015

Cybercrime offences know no limits to physical geographic boundaries and have continued to create unprecedented issues regarding to the feasibility and legitimacy of applying traditional legislations based on geographic boundaries. These offences also come with procedural issues of enforcement of the existing legislations and continue to subject nations with problems unprecedented to its sovereignty and jurisdictions. This research is a critical study on the legal aspects of cybercrime in Nigeria, which examines how laws and regulations are made and applied in a well-established system to effectively answer questions raised by shortcomings on the implementation of cybercrime legislations, and critically reviews various laws in Nigeria relating or closely related to cybercrime. This research will provide insight into current global cybercrime legislations and the shortfalls to their procedural enforcement; and further bares the cybercrime issues in Nigeria while analysing and proffering a critique to the provisions as provided in the recently enacted Nigerian Cybercrime (Prohibition and Prevention) Act 2015, in contradistinction to the existing legal framework in the United Kingdom and the other regional enactments like the Council of Europe Convention on Cybercrime, African Union Convention on Cybersecurity and Personal Data Protection 2014, and the ECOWAS Directive on Cybercrime 2011.

364.16