 Well, good evening everyone. Welcome to the National Security College and welcome to our Cyber Security Conference, the first, this evening is the first of our three public lectures. I'll soon hand over to Paul Cornish, but first I'd like to give the welcome to country that we do at the ANU. We acknowledge and celebrate the first Australians on whose traditional lands we meet tonight and pay our respects to the elders of the Ngunnawal people past and present. We've got Paul Cornish speaking tonight and as I said we've got two other public lectures, one tomorrow night and one on Thursday lunchtime. You'll see flyers for those talks out there. Paul, who comes from Rand, Europe, is going to be speaking to us about quantum sovereignty. Now I've followed quantum computing a little bit and know a little bit about quantum entanglement, but I've yet to see a quantum sovereign, so I'm quite intrigued to find out where he's going to take us tonight and I'm sure it's going to be very interesting. Before I formally introduce Paul, I'd like to introduce, I have to stay by here, the cameraman said, I'd like to introduce Gary Hale from Cisco. Cisco has been kind enough to sponsor tonight's event and we're very pleased with that. Gary is the head of Cyber Security and Innovation for Cisco and he's resident in Australia and he's also on the board of AXRI, the Australian Centre for Cyber Security. The Australian Cyber Security Research Institute, new acronym we're still learning to and ANU is about to join, is signing up for AXRI as we speak. Gary can I offer the podium to you for a couple of moments? Welcome everyone and first of all I guess many questions would be about why a vendor or an IT player would care about international governance in the cyberspace. If anyone's noticed over the last few years in particular since Snowden came along that there is a level of trust that disappeared between nations fairly quickly which had a massive impact on international companies such as Cisco. From a standardisation and certification of products to every nation wanting to test a product you can imagine the costs and changes that has created through the process but interestingly enough not all countries end game was about security. Depending on where you were in the world it would be about localisation of content, building up their content, creating their own companies and it was amazing the number of different ways Snowden was used to describe security yet for national advantage. I think there's been good and bad things out of Snowden. I've talked about some of the bad things. Some of the good things are getting people to talk about what international governance might look like and opening up those discussions and so in keeping this short and sweet we do have a history of creating international laws. Laws of the sea, laws of space and how the moon and Antarctica and places like that are used. Some of those are running out and will be interesting to see how they turn around in the next piece and I think it's a great time to be talking about international cyber security, sovereignty and of course quantum at speed. So Paul, I look forward to your discussion. Thank you very much. Ladies and gentlemen, good evening. Thank you very much. It's a great pleasure to be back here and before I begin I want to thank Roger and his colleagues here at the NSC for putting on a really yet another fantastic cyber week. It really is quite an extraordinary feat or was until now anyway. Let me also thank Gary and Cisco for very kindly sponsoring this evening. I was asked to talk for 40 minutes and I have got a 40 minute talk. As long as my voice lasts until the end, if it doesn't then my colleague Nathan Ryan has very kindly agreed to step in and finish off for me. That woke him up. I'm going to begin with two points of reference and the first of those is China. Where global cyber security and governance are concerned for many, China is the big problem. It's the spoiler whose behavior holds everything back. China is consistently held up as cyberspace's lead villain. Stealing, spying, preparing to fight. General Keith Alexander, former head of the US NSA once referred to Chinese cyber theft of IP as quote, the greatest transfer of wealth in human history and he was being polite. Others are far more colorful. I'm going to return to China's behavior later in my talk briefly when I'll also observe that China is regarded not simply as a pariah but also as a partner in the development of a stable cyber order. So what could be the solution to that awkward little dilemma? Well, here I come to my second point of reference which is or who is rather Henry Kissinger. He wrote this in 2014. The peace of West failure became a turning point in the history of nations because the elements it set in place were as uncomplicated as they were sweeping. The state, not the empire, dynasty or religious confession was affirmed as the building block of the European order. The concept of state sovereignty was established. The right of each signatory to choose its own domestic structure and religious orientation free from intervention was affirmed. And I'll return to Kissinger later too. At its simplest, cyberspace is a global medium for communication and information exchange between computers and their human operators. An environment of sorts, if you like, in which it's possible for digital signals to be sent and received and processed. Like other communications media, the governing conceit of cyberspace is that it should be indifferent to the quality and meaning of the traffic that it carries. It comes as no surprise then that cyberspace can be a vehicle for challenge, insecurity, instability, crime and competition. But it can just as often signify opportunity, commercially, economically, culturally, politically, socially and even morally in terms of individual human fulfillment. It's not unusual for us to find challenge and opportunity sitting side by side. This is the case, after all, in most arenas of human interchange. And if that interchange or interaction is to be defined more by opportunity than by challenge, then the human instinct is to oversee it and to regulate it. This regulatory impulse can lead us in a number of directions. The most conservative or minimalist rationale for intervention in cyberspace might be to maintain the well-ordered, disinterested global information access and traffic management system that I just described. A median position conveyed by, conveying libertarian, anti-authoritarian convictions might be to argue that the internet was designed and built on the presumption of self-regulation and that it should only ever operate as such. Then the most ambitious maximalist rationale might see cyberspace as a revolutionary new opportunity not just for human fulfillment but also for the emancipation of individuals and societies around the world. By this view, the purpose of regulation would be to persuade or even coerce governments and corporations to improve their behavior in one way or another. The 2011 OECD Communique on Principles for Internet Policymaking captures this sentiment perfectly. The internet allows people to give voice to their democratic aspirations and any policymaking associated with it must promote openness and be grounded in respect for human rights and the rule of law. These different perspectives at least have in common the notion that cyberspace should be subject to governance to some level, in some way, and by someone or something. But this is merely to agree a list of questions to be answered without actually answering them. How far should regulation go? Should regulation be imposed or consensual? Who or what should have the authority to drive the process? The minimalist argument might allow the emergence of technical standards and rules of procedure devised by committees of experts but little more than that. My median self-regulatory approach might accept anything by way of regulation as long as it evolves naturally. At the most ambitious end of the scale, the maximalist argument might be that the international community should assume the responsibility to devise a complete, comprehensive, and decisive regulatory framework nothing less than the normative international order for cyberspace. My talk this evening covers but one aspect of the contemporary debate concerning the governance of cyberspace and the direction that it might take and that of course is state sovereignty. For better or for worse, the nation state is a central and enduring feature of the modern international system, determining the success or indeed otherwise of each of the three governance approaches that I've described. It goes almost without saying, I think, that the claims of sovereignty are intrinsic to the idea of modern statehood and therefore to the interaction of states within the international political system, of which cyberspace is arguably one part. Yet for all that national sovereignty is a robust and foundational idea, it is almost by definition also a contested concept. And these contending understandings and expectations of national sovereignty will do much, I think, to either hinder or to determine the character and the course of national and international policy for cyberspace over the coming years. The sovereignty problem, as I've put it here, is encapsulated in the following extract from a 2014 report by the U.S.-China Economic and Security Review Commission. China supports the extension of state sovereignty and non-interference to cyberspace. China prefers sovereign states to be the principle governing entity in cyberspace, just as in the physical world. Beijing generally emphasizes two corollaries of this principle. First, states should be able to assert sovereignty in cyberspace over both their own and foreign citizens and organizations within their borders. On this aspect, China diverges from the United States, which is highly protective of individual freedom of speech and other individual liberties, and views state efforts to control online content as inappropriate. Second, states should not interfere with the sovereignty of other states in cyberspace. States should refrain from undermining the right of other countries to exert sovereignty within their own borders. Well, in very broad terms, there are two options concerning the role of sovereign governments in the development of international policy for cyberspace. The first, I think, is to suggest that state sovereignty, as an analogue concept, if you like, can have little relevance in the digital age. By this view, the governance and the ordering of cyberspace and the full realization of its human potential can only be achieved by placing antiquated notions, such as national sovereignty, to one side. Not only will other non-state agents then be able to contribute fully to the development of cyberspace, but cyberspace itself might become a vehicle for human development and political improvement around the world. The alternative option is to do precisely the opposite, to ensure that as international policy for cyberspace develops, it must conform to an understanding of sovereignty which is concerned primarily with the ownership and control of territory by established authorities. Now, as far as I'm concerned, neither of those two options is actually at all convincing. The first offers the illusion of a technologically determined cosmopolitan future free from state-centric politics, while the second offers the equal and opposite illusion of status quo global politics shaped by an incomplete and actually rather primitive interpretation of sovereignty and largely uninflected by technology. I think we need to find a way between these two positions. I'm going to go on now to have a brief reminder, if you like, of the principal tenets of modern state sovereignty before I discuss both simple and then simplistic arguments for the extension of sovereignty into cyberspace. I'm then going to suggest that what is too often overlooked in the debate about the exercise of state sovereignty in or over cyberspace is the impulse for cultural sovereignty. And finally, in an adaptation of a very well-known thought experiment, I'm going to offer the metaphor of quantum sovereignty. I did say adaptation and I did say metaphor. I argue that the Westphalian principle upon which modern state sovereignty is founded, the principle which insists that difference should be tolerated in the international... sorry, tolerated in the name of order, that that can have a similarly foundational role in the governance of cyberspace. So a word or two about sovereignty. Andrew Haywood, Andrew Haywood's textbook on international or global politics rather, offers a definition of sovereignty which is probably as clear and concise as could be expected. In the final analysis he writes, states are states because they are capable of exercising sovereign jurisdiction within defined territorial borders and so are autonomous and independent actors. Well, implicit in that explanation, I think, is the claim that state sovereignty must be exercised both externally with each state being an acknowledged actor within the international system as a whole and internally, whereby the domestic authority of the government of a state is largely unchallenged, think Max Weber. An unchallenged whatever that government's character. Richard Faulk underlines the latter point when he observes that the fundamental claim of sovereignty is its emphasis on unrestricted governmental authority within territorial boundaries. This understanding of state sovereignty is embedded in the 1945 Charter of the United Nations. Quote, the organization is based on the principle of the sovereign equality of all its members, Article 2.1. To emphasize the central significance of sovereignty in the post-45 international system, the Charter also made clear that the exercise of state sovereignty required a counterpart complementary obligation of non-intervention. I'm sure you all know this stuff, Article 2.4. All members shall refrain in their international relations from the threat of use of force against the territorial integrity or political independence of any state or in any other manner inconsistent with the purposes of the UN. The UN General Assembly's 1970 Declaration on the Principles of International Law is clearer still regarding the importance of what it called the principle concerning the duty not to intervene in matters within the domestic jurisdiction of any state. The declaration sets out the dual necessity of sovereignty and non-intervention in the form of an exchange of rights, both negative and positive rights, and obligations. First, no state or group of states has the right to intervene directly or indirectly for any reason, whatever, in the internal or external affairs of any other state. Second, no state may use or encourage the use of economic, political, or any other type of measures to coerce another state in order to obtain from it the subordination of the exercise of its sovereign rights and to secure from it advantages of any kind. And finally, every state has an inalienable right to choose its political, economic, social, and cultural systems without interference in any form by another state. State sovereignty is always a contested topic in the academic debate concerning international politics and global order, the distribution of power and human development and so on. And it hardly need be said here, I think, that the principles both of sovereignty and non-intervention have frequently been breached in practice. But if its basic tenets are, as I've just described, then I think it can readily be seen how a simple understanding of sovereignty might be extended into cyberspace. State sovereignty is traditionally understood to embody territorial identity, uniqueness, and above all, perhaps, inviolability. The practice of sovereignty must begin historically and conceptually on the land where human communities exist and compete and cooperate with each other. It's not difficult, then, to imagine sovereignty being extended out to sea, to encompass the source of food, perhaps, and to secure the freedom to send and receive merchant ships in the country's seaports. The extension of sovereignty upwards into the air and above the territorial space could then be seen as a matter both of protecting and perhaps privileging national commercial activity, hence, airport, and of ensuring territorial inviolability in the era of military air power. National sovereignty, by this understanding, is thus expressed in fairly tangible ways in the form of territorial boundaries and border posts and coastal waters, national airspace, overflight rights, and so on and so forth. Observe, though, that state sovereignty is extended into those parts of non-territorial environments which are contiguous to the landmass. And understood in this way, couldn't simple or, if you like, territorial sovereignty be extended into cyberspace just as in the past it was extended out to sea and into the air above. Well, although it's clear that cyberspace isn't a physical environment in the way that both the sea and the atmosphere are, it might nevertheless be conceived of as a contiguous space which can affect fundamentally the life and circumstances of human communities and individuals, both in terms of commercial opportunity and in terms of safety and security. So it might therefore be more reasonable to ask how it could not, more reasonable to ask how state sovereignty could not be extended into cyberspace. In response to the complaint that cyberspace is global and cannot therefore be nationalized, it need only be observed that both the atmosphere and the seas are global too. Yet there seems no difficulty with the notion of limited extensions of national sovereignty into both of those environments. Unfortunately, though, this simple sovereignty argument is revealed too soon, I think, to be simplistic. Where both the atmosphere and the seas are concerned, it's indeed conceivable that national territorial sovereignty could be exercised by analogy and without impinging to noticeably upon the notion of a global natural environmental commons. It seems possible, in other words, to exercise national sovereignty in the contiguous sea and atmosphere without questioning the fact that the earth has but one interconnected ocean and but one atmosphere. Yet the same might not be said of cyberspace. In cyberspace, the exercise of simple sovereignty, as I put it, confronts two different, albeit closely related, objections. First, that it would challenge the perception, which I'm going to discuss later, of cyberspace as a global public good in which state sovereignty should have limited authority. And second, that it would lead to the fracturing of cyberspace into a loose collection of digital fiefdoms. The notion of cyberspace as a common environment, available to all and for the benefit of all, is already difficult enough to accept. Largely because it is not in any real or tangible sense a physical space. For competitive state sovereignty to be extended into this non-space might extend, might complicate matters further still. Whereas it's been shown that the atmosphere and the sea can tolerate the intrusion of state sovereignty into them and still remain familiar to us, when sovereignty extends into cyberspace, it's much less clear, I think, that these incursions could be endured. Cyberspace, it seems, might not have the conceptual or the physical resilience of the atmosphere or the sea. If cyberspace is to be the borderless, global digital communications infrastructure that some wish it to be, then if it is subject to even limited nationalization, it might cease to be cyberspace, insofar as it would cease to be one environment or decentralized network of networks, as the OECD have called it. And it might become instead several environments or disconnected networks. And the effect of this fracturing of cyberspace is widely described as balkanization or less elegantly, much less elegantly, as sovereignization, and even less accurately as West failureization. The popular notion of cyberspace as a global commons has provoked a certain amount of debate. James Lewis at CSIS in the US has argued that cyberspace is not a global commons. It is a shared global infrastructure. There is rarely a moment when a collection of bits moving from one computer to another is not actually on a network that someone owns and that is physically located in a sovereign state. And in his same testimony, Lewis argued that at best cyberspace could be a pseudo commons. It looks like a commons but actually is not as someone owns the resources in question and that someone is subject to the laws of some nation. Cyberspace, he says, is in fact more like a condominium, where there are many contiguous owners. According to Lewis' perspective, then, even the idea of what I, in other places, termed a global technological commons, that's to say an intangible or virtual environment which nevertheless is perceived of and used according to the same customs and practices as those which govern a physical commons, even that might be to expect too much. Well, maybe a compromise between Lewis' position and my own might proceed as follows. Cyberspace is an artifact rather than a natural occurrence or environment and is generally privately owned in ways and in places which come under the sovereign authority of states. Fine. There's therefore very little about cyberspace which could be said to be genuinely common in the same way that the sea and the atmosphere could be said to be. What can be said, however, is that the users of cyberspace, and this is important, the users of cyberspace act increasingly as if it were held in common ownership and as if they have inalienable rights to use it. Now, whether that's erroneous or not, these presumptions of ownership and access carry political weight. So it would appear then that cyberspace is neither private property nor sovereign territory, nor global commons but something sui generis with characteristics drawn from each of these three ideas of virtual commons, perhaps. Returning to the idea of balkanisation. The challenge represented by balkanisation is not simply that it threatens to weaken the functioning of cyberspace as a global communications environment, but that it offers a seemingly credible alternative to it. The rapid development of China's internet is a case in point. According to Tanglan, according to Tanglan between 1997 and 2013, the number of Chinese internet users increased from 620,000 by three orders of magnitude to 618 million. The number of websites in China increased from 265,000 in 2001 to 3.2 million in 2013. And over the same period, the number of Chinese domain names increased from 122,000 to 18.44 million. And it's salutary to note that these exponential rates of growth all took place behind the so-called Great Firewall. The complete exclusion of state sovereignty from all discussion of cyberspace couldn't be considered, I don't think, a serious or attainable proposition. Yet it's just as clear that a simple territorial understanding of state sovereignty must have its limits where the development of global rather than national or regional policy for cyberspace is concerned. For those digital cosmopolitan among us determined to pursue the goal of cyberspace as a global commons, just as for those of us concerned to prevent the political and technological balkanisation of cyberspace, an over-enthusiastic implementation of state sovereignty could have adverse and enduring structural effects. As I've outlined, even if the idea of a global commons can never be wholly achievable, the debate demonstrates the need for a more flexible and imaginative understanding of possession and control and access, then underdeveloped ideas of territorial sovereignty seem able to provide. Where international law is concerned, it appears that while state sovereignty does have a strong claim to make, that claim must be limited to acknowledged territory and ought not to embrace the whole of cyberspace. The risk associated with any attempt to do otherwise is implicit in the prospect of balkanisation. While some might hope that the unconstrained exercise of territorial sovereignty would make cyberspace more ordered and controllable and predictable, the effort could be to replace a singular global digital communications infrastructure with an incoherent collection of partial substitutes. So a paradox emerges, I think. The exercise of state sovereignty is to be expected, either because it's considered inevitable and unstoppable, or because state sovereignty is positively preferred as a source of authority and regulation and order. Yet we know or we feel that the extension of state sovereignty into cyberspace threatens to damage, if not destroy, that which we value so much that we wish to supervise it, even if only minimally. So how then can we proceed? Well, at this point, it's useful, I think, to note that state sovereignty, as well as being concerned with the possession and control of territory, is in its fullest historical meaning also deeply concerned with culture. And so it's to cultural sovereignty that I'm going to turn now with reference to the People's Republic of China. The PRC takes a very close working interest in the development of international policy for cyberspace. As one of the permanent five members of the UN Security Council, the PRC has contributed to the work of three UN groups of governmental experts, the GGEs, the first of which reported in 2010, second in 2013, and the third in July of last year. Chinese experts and officials also contribute to the standard setting and capacity building work of the Internet Engineering Task Force, the UN and the ITU and the WF and so on. Let's ditch the acronyms. Nevertheless, in spite of all that good citizenship, you might call it, a dividing line has emerged. Whereas western governments typically argue that international policy for cyberspace should be developed using existing governance framework and processes, and that a so-called multi-stakeholder approach is most appropriate, embracing governmental, commercial, and non-governmental interests, the claim made by the PRC and others is essentially that while new mechanisms are needed, these should nevertheless be agreed intergovernmentally, using traditional diplomatic procedures. So while the PRC accepts that cyberspace should be governed by an internationally agreed system of rules, the perception among western governments is that China's preference is for any such system to be derived from, to confer authority upon, and to reinforce the principle of state sovereignty. And this division emerges most closely, most obviously in respect of the International Code of Conduct for Information Security, proposed by the PRC, Russia, Tajikistan, and Uzbekistan in September 2011. The proposed code was subsequently co-sponsored at the United Nations by Kazakhstan and Turkmenistan, but according to Reza Hitchens, the code proposal, quote, has been rather vehemently rejected by the US and most western states who see the effort as aimed at establishing a strict national sovereignty model over content flow over the internet and potentially a tool of oppressive regimes. So you begin to get the flavor. Beneath all of this activity, it seems to me at least that the PRC has two other fundamental and closely related concerns. The first is the coherence and order of the Chinese state and society. And the second is the insistence upon international respect for China's national sovereignty. If my interpretation is even broadly accurate, then it's highly likely to color the PRC's dealings with western critics. In crude terms, western advocacy of internet freedom might well be perceived to challenge the PRC in respect of both order and sovereignty, to achieve regime change by stealth, causing social and political disorder in the process, to dominate the global economic and trading system to their advantage and to be little more than a surrogate for an evangelical mission to spread western models of democracy and liberalism to all parts of the earth. There is a perception in Beijing that uncontrolled, uncensored access to global ICT could undermine Chinese society, perhaps even to the extent of challenging the authority of the government. Concern about social volatility is evident in China's discourse on cyber power, writes Simon Hansen. And rather more vividly, Ethan Gutmann has described, quote, the real nightmare scenario feared by the Chinese government. Sophisticated western technology, such as advanced encryption, could end up in the hands of the Chinese Communist Party's internal enemies. He then advocates an openly confrontational approach to dealings with the PRC, quote, only if the state's internally controlled internet is threatened will China come back to the bargaining table. Other organizations and initiatives such as Dynareweb, Freegate, UltraReach, UltraSurf, the Global Internet Forum, Freedom Consortium, all of these might have been less directly confrontational, but they've been no less vehement in their advocacy of internet freedom in China and in their determination to see the removal of the Great Firewall. Well, my purpose this evening is not to debate the justification and the moral authority of these views. It's simply to suggest that if the goal, if our goal is a functioning, inclusive, global internet, then many of the views and initiatives outlined, that I've just outlined, are unlikely to be regarded with equanimity by a state which must surely be expected to play a leading role in the achievement of that goal. That's to say, China. At a more formal diplomatic level, concern might also be felt in Beijing at moments such as this in January 2010, a speech by former US Secretary of State Hillary Clinton, possibly the next president, in which she described access to global ICT as a right in the sense of the Universal Declaration of Human Rights. Interestingly, the same language has come up in the latest GG report. Fine, and she advocated a, quote, single internet where all of humanity has equal access to knowledge and ideas. This high-minded language, I think, might be discounted relatively easily as aspirational at best and moralizing at worst. But elsewhere in the same speech, a very different image was used. In what must have been, I think, a deliberate evocation of the language of the early Cold War, Clinton spoke of, quote, a new information curtain that is descending across much of the world, and even referred to viral videos and blog posts as, quote, the samizdat of our day. Well, if the government of the PRC were to have concerns about the domestic stability of its country, that could scarcely be said to be unprecedented. Which government of a modern state has not had similar concerns at one time or another? And please don't assume I'm being mindlessly relativist here. I do have my views. Yet the PRC is overarching a more significant concern which seemed to lie in its insistence that China's sovereignty in cyberspace, as in all things, should be respected by its interlocutors. The argument might then continue as follows. Since sovereignty is the attribute of and is exercised by the government of a state, then it is logical that any international efforts at regulation or even mere oversight of cyberspace should be intergovernmental. The PRC's emphasis on intergovernmental discussion and negotiation largely explains its argument that the UN, and specifically the ITU, should be the locus of internet governance activity. Now, at one level there's a clear enough logic, I think, to the PRC's case, as I've described it. Cyberspace, it could be argued, is a domain for human interactivity. However much that interactivity might be mediated by electronic devices and software programs and so on. And as such, it can't be expected to be immune from politics. It is human. In the international system, the state is the principal focus of politics, or locus of politics, I beg your pardon. And with the modern nation state comes sovereignty. The former cannot exist without the latter. Same old argument. So when China's representatives insist upon respect for their state's sovereignty, this should in principle be an unexceptional request, which every other state in the international system could make with equal vehemence. Think back to the language from the UN Charter. But the cyber sovereignty debate in the PRC I think goes deeper than this, with sovereignty understood not simply in terms of procedures and trade-offs, both internal and external, but also in terms of culture. So sovereignty by this view is concerned with the richness of Chinese culture, the coherence of Chinese society, and the respect that both culture and society should receive for their values and achievements and so on. And some sense of this can be found in the following passage from two Chinese strategic military authors. The cultural history of the Chinese nation lasted more than 5,000 years without interruption, forming a natural cultural tradition with its unique characteristics. Chinese philosophy values identity and unification. Chinese history is a history of a unified multinational state for more than 2,000 years. All of these imprint firmly and deeply the idea of unification on the psychology of the nation. Now that is a country with baggage. Territorial boundaries, coastal waters and national airspace are not, therefore, the embodiment of sovereignty. They're merely the physical expression of a deeper, more enduring and more important idea, the right of a very long-established society to choose the rules under which it lives. Whatever might be thought of the character of a given society and or its government, the sovereignty non-intervention exchange insists on recognizing a society's fundamental right to govern itself as it wishes, according to its own history and culture. So rather than border posts and so on and so forth, it's this sentiment which seems to be embedded within and so fundamental to the Chinese government's idea of sovereignty. So the PRC might insist that the established norms and practices of the international system did not all originate in the West, that the observance of international norms should be a matter of global consensus rather than Western hegemony, and that these norms can in any case be observed in more ways than one. Are you getting nervous, Nathan? None of this, however, should be a revelation, and none of this should require of the West anything more than an acknowledgement of what the classical Westphalian approach to state sovereignty actually, actually embodies and has always embodied. So let's go back to Henry Kissinger. The genius he wrote two years ago of this Westphalian system, and I know Kissinger comes with baggage too, let's not debate him, listen to the words, the genius of this Westphalian system and the reason it spread across the world, the world was that its provisions were procedural, not substantive. If a state would accept these basic requirements, it could be recognized as an international citizen able to maintain its own culture, politics, religion, and internal policies shielded by the international system from outside intervention. So let me now come to quantum sovereignty. The problem I've been describing is pretty complex. How do we find a non-confrontational means to exercise the conceptual, rather than the physical component of state sovereignty in a global yet non-physical environment? And if the answer to that problem has to correspond somehow with what I've described, or Kissinger's described as the pluralistic, founding idea of state sovereignty, then how on earth do we proceed? Well, here we go. Theoretical physics, I think, might offer a solution in the form of quantum sovereignty This is a difficult idea. I'm telling you, it's a very difficult idea for me. A difficult idea, yet I think it's one that could help different conceptions of state sovereignty to coexist. John Pokinghorn in Cambridge insists that, quote, the enjoyment, he does begin this this way, the enjoyment of quantum ideas should not be the sole preserve of theoretical physics. And he notes that quantum theory's core proposition, known as the superposition principle, I'm sure you all know, permits the mixing together of states that classically would be mutually exclusive of each other and strictly immiscible. In particle physics, superposition theory allows not only for an individual electron to behave either like a particle or like a wave, but also for a single electron to behave as if in multiple forms concurrently. And you can do that, the particle wave experiment on your own at home. With a little torch and some holes cut in a card. It's quite fascinating. It works. So in multiple forms concurrently, an electron can not only be here and not here, he writes, but also in any number of other states that are superpositions of here and not here. Now, this is certainly not easy to imagine. I find it very difficult to imagine. Hence my use of it this evening is indeed merely metaphorical. In his own discussion of what he called quantum weirdness, John Gribbin explains the superposition of states in the form of Irvin Schrodinger's well-known cat paradox. Schrodinger's cat, I'm sure you've all come across that too, is a thought experiment in which the live animal is placed in a very strangely, and you have to wonder who thought of it, who could possibly, anyway, be booby-trapped box with a radioactive source, a detector and a bottle of cyanide. If the monitor detects a certain level of radioactivity over a certain time, the bottle is broken and the cat dies. Up to that moment, the cat is notionally both alive and dead, or as Gribbin puts it, in a superposition of states, one corresponding to a live cat and one corresponding to a dead cat. The cat is both dead and alive at the same time, or if you prefer it, it's neither dead nor alive at the same time, and it stays that way until somebody opens the box and looks inside, and it's the act of opening the box and observing its contents, which returns theoretical superposition to physical reality in the form of a cat which is either alive or dead, but no longer both or neither. But it's to John Pokinghorn, who I think I'd like to return for a very brief comment upon quantum theory, which I think has particular resonance for this talk this evening. If quantum theory, he writes, if quantum theory encourages us to keep fluid, our conception of what is reasonable, it also encourages us to recognize that there is no universal epistemology, no single sovereign way in which we may hope to gain all knowledge. In the context of global cyberspace, the quantum sovereignty thought experiment seems at least to be viable, but what could be the point of it? Well, I think the purpose of the exercise would actually be rather simple. It's to remove an all too convenient obstacle to the construction of an international consensus on the management of cyberspace to mutual benefit. I've suggested above that the development of international policy for cyberspace is obstructed by the presence of two differing perceptions as to the role and relevance of sovereignty in cyberspace. Yet this is much more than a matter of the west versus the rest, and it's much more than a clash of approaches to the governance of cyberspace, the multi-stakeholder versus the intergovernmental. The difficulty is that these different perspectives and perceptions of reality can, when they're used mischievously, they can prove to be as incompatible with each other as our life and death for a single organism. Schrödinger's cat shows that when reality intrudes, it becomes impossible to be both alive and dead, or to be both multi-stakeholder and intergovernmental. In each of these dualities, one or the other condition must triumph. Yet, if a reasonably unified international policy for cyberspace as a virtual commons, if I can use that expression, if that's our goal, if that's to develop, then it's precisely the triumph of the multi-stakeholder argument of intergovernmentalism or vice versa that must be avoided at all costs because the result would be neither unified nor common. So the point of the quantum sovereignty thought experiment, therefore, is to persist in the willing suspension of disbelief, that everything inside Schrödinger's box or rather a very large, sovereignty-sized version of his box, that everything inside is viable and non-exclusive. In other words, we need to find a reason not to open the lid. And the only reason I can think of for the various participants not to open Schrödinger's sovereignty lid is that it would be rational for them not to do so. It must make more sense for them for us to sustain our suspension of disbelief than to end it. In terms of very elementary game theory, what's required is a move from the near certainty of a zero-sum result, life, death, to the possibility of a positive sum outcome, a move that can be achieved in a system of trade-offs in which governmental and other participants make concessions in return for desired benefits. Neither side, if that's the right term, has the ability to achieve its desired outcome without the willing participation and consent of the other. The multi-stakeholderists, so-called, cannot reach their goal of a reasonably open, stable, universal and inclusive internet. Intergovernmentalists insist that international cyber-policy can only be developed through interminable intergovernmental negotiations at the UN. And the multi-stakeholderists' goal could scarcely be said to have been achieved if the government of at least one-fifth of humanity, that's to say the population of the PRC, is excluded from it. The intergovernmentalists cannot have things all their way either. They cannot in seriousness maintain that 21st century international politics is exclusively the province of intergovernmental relations. Neither can they reasonably claim that cyberspace is a newly discovered land waiting to be explored and mapped before being allocated to and governed by the governments of interested states. So then what are the concessions and benefits that might be traded while Schrodinger's lid is kept firmly closed? Well, China and indeed other countries taking an intergovernmental sovereignty focused approach to cyberspace would first have to concede that cyberspace should not and logically cannot be territorialised by extending into a borderless non-physical quasi-environment a narrow physical understanding of sovereignty. It would then be necessary to concede that while a sovereign state, however it's defined, is arguably the protagonist in international politics, there are many other actors on stage and this would be to acknowledge that the multi-stakeholder approach is both more realistic than intergovernmentalism as to the scope and complexity of the project to develop international policy for cyberspace as well as more inclusive and therefore more likely to produce a durable results. Various benefits might be expected in return for these concessions. Having staked their claim as constructive contributors to the development of international policy, these governments China included, should expect to find themselves at the centre of governance norm and rule setting processes rather than be regarded as outliers or spoilers. The rules of the game should reasonably be expected therefore to correspond to the preferences of all interested parties rather than a small selection of them. By surrendering their insistence on a thin territorial understanding of sovereignty these governments should also expect a return to a thicker and deeper understanding in which culture and internal sovereignty are acknowledged and respected. As in any trade-off the concessions to be made and the benefits to be earned by the advocates of the multi-stakeholder approach are essentially the mirror image of those set out above. The central role of national governments and international politics is generally accepted but there would be a strong case for acknowledging this explicitly even to the point of accepting that the governance of cyberspace is neither entirely novel nor entirely virtual and that territorial sovereignty does bear upon many of the physical aspects of cyberspace. Think back to Jim Lewis, the positioning and ownership of servers and cabling and the registration and regulation of internet companies, for example. Another concession will be to adhere more closely to a classical Westphalian understanding of sovereignty whereby a country's culture is in principle accepted for what it is and is not regarded as an imperfect replica of a Western ideal in need of enlightened intervention and correction. This would require the multi-stakeholderists to accept that the principle benefit of cyberspace is to provide a neutral medium for communication and cooperation among many different actors rather than be a vehicle for the homogenization of politics according to Western values, the enforcement of international standards or the spread of liberal democratic rule of law based systems of government. So a very big question arises should the international governance of cyberspace be as desiccated as possible with the minimal goal of a politically neutral, values free yet fully functioning global digital communication system or should cyberspace be the vehicle for some sort of emancipatory moral force? Or should the goal be to achieve in cyberspace an effective balance between system and substance order and justice? And if so can order and justice be pursued in parallel or is one the precondition for the other? Here I'm going to invoke an Australian. Headley Bull was very clear on this latter point. Order in social life you wrote in Anarchical Society Order is desirable because it is the condition of the realization of other values unless there is a pattern of human activities that sustains elementary primary and universal goals of social life it will not be possible to achieve or preserve objectives that are advanced secondary or the special goals of particular societies. Now norms and values are not trivial and easily disposable they form much of the substance of human life individually and socially yet while it's inconceivable to me at least that Western governments might somehow set to one side their society's normative underpinning. It would surely be feasible to concede that there might not after all be such a thing as a quote normal state unquote i.e. in the western mould to which other governments and societies should seek to conform. This would be challenging because essentially it's a concession to order before justice yet it wouldn't be without benefit to the extent that cyberspace would gradually become a more stable and predictable environment so the prospects should also improve for trade, investment and commercial exchange generally and if the purpose of this exercise is not to modify and improve the behaviour of certain governments but simply to include them as essential participants in global cyber governance so it should become correspondingly easier to argue for the inclusion of other stakeholders such as non-governmental bodies and the commercial sector and furthermore the development of a normative policy framework for global cyber governance needn't be precluded by respecting in the Westphalian sense the sovereignty of governments whose behaviour might not otherwise be applauded. These behaviours can no longer be held hostage to the achievement of a coherent and durable global cyberspace. However many flaws and compromises and imperfections it might contain, if a more or less unitary cyberspace can be sustained then its normative development at least becomes possible. This simple proposition cannot work in reverse a global cyber environment must first exist before it can be used to improve the human condition of its users. Some concluding thoughts, Jim Lewis describes the challenge of cyberspace in the following terms the long term goal for the US and other western nations is to bring China into the international system of rules that govern state behaviour and that means persuading it yet its cheating in trade and in cyberspace under control. The challenge though I think is more complex than simply prevailing upon China to behave and conform at the heart of the cyber governance problem is a fundamental disagreement over the relevance and significance of state sovereignty in the cyber era between those who argue for a progressive, inclusive bottom up and multi-stakeholder approach to the regulation of cyberspace and those who favour a more status quo orientated exclusive formal top down negotiation between and under the control of the governments of sovereign states. The multi-stakeholder approach is perceived by its critics at the very best to be an attempt to marginalise if not to undermine the sovereign state but state sovereignty advocates cannot be dismissed as an analogue artefact on the verge of extinction in the digital era. The sovereign state remains a potent source of authority and legitimacy in global politics on the basis for international security and stability and at its worst multi-stakeholderism is regarded as a thinly disguised normative agenda in which the privileges of national sovereignty are made conditional upon progression towards and conformity with western standards for the governments of China and other non-western cyber active countries this expectation however tacit is simply not acceptable. Conversely the inter-governmentalists are considered to adhere to a very narrow uncompromising interpretation of sovereignty concerned largely erroneously perhaps with the ownership and control of territory. This preoccupation with territory is then extended into cyberspace in defiance of logic and practicality and to the detriment of the internet. Concern for domestic order and stability which is used to validate the inter-governmental territorial approach received by its critics to be a front for non-liberal if not repressive measures which will impede the development of a cosmopolitan cyber order in which societies and individuals can flourish. My quantum sovereignty thought experiment aspires to nothing as tangible and useful as a policy framework you'll be relieved to hear. It cannot on its own answer the complex and complicated challenge of global cyber-governance of course it can't it's simply a metaphor. Quantum super positioning allows for difference and it insists essentially on the suspension of choice and judgment while the experiment and we're in an experiment while the experiment is allowed to develop. The classical Westphalian approach to sovereignty tolerated difference in order to achieve the widest possible participation in a more or less ordered community. The application of the Westphalian principle to cyber-governance would seek a broadly analogous role by allowing different understandings and expectations of sovereignty to coexist rather than conflict. Back to Kissinger for the third and last time. Reflecting upon his first visit to China in 1971 Kissinger observed how quote in our time the quest for world order will require relating the perceptions of societies whose realities have largely been self-contained. The mystery to be overcome is one all people share. How divergent historic experiences and values can be shaped into a common order. Now Kissinger has been dismissed as a core member of Westphalian international relations as an advocate for a discredited body of ideas which cannot conclude otherwise 21st century China poses a threat. But I think that in the context of the project to achieve global cyber-governance and stability and opportunity it seems to me that for the cyber era a permissive and imaginative adaptation of the Westphalian principle could be more of a solution than a problem. Thank you very much. I'm thinking about it from the pragmatics point of view that one of the sectors, service sectors that is global has already well established norms and is struggling with cyber to a huge extent is healthcare. Now the idea of actually looking at how we safeguard healthcare and open up opportunity in a digitally disrupted healthcare system has been at the forefront of at least a decade if not two decades of work nobody has figured it out yet and much of it comes because of the perceived threat from hackers and the like. Having said that healthcare is making strides to embrace digitization and the thought I had was why not take your exercise and talk about a globally interconnected health system that permits the movement of people because the Chinese are moving around globally now as much as the Japanese were in greater numbers but to actually look at it from shared norms that the health sector has and then look at the opportunity and the threats that exist in an unregulated no constraints cyber environment. Thanks very much. We were talking yesterday evening about what we touched on this specifically on the problem of the internet of things in health and the problem of the telemetry you have a pacemaker or something else monitoring one of your organs and someone else is reading that and what if they get so fed up with you or they decide you've had long enough and they just pull the plug and all that. I'm being frivolous but the serious point is that we haven't yet worked out in our own little communities in Australia or the UK what on earth we do about this. So it follows I think from that that we don't really have a very clear idea of what the limits of acceptable and unacceptable behavior would be. What is manslaughter or murder by health related IOT? We've got to think all these things through. Once we do and I'm sure we will then we get to the point at which we can actually begin to have that discussion at the international level and I think things happen in parallel as well. China has long been unwilling to embrace the Budapest Convention on Cybercrime but it isn't inconceivable that once we get our ideas in a row about this and other sorts of things that agenda could be introduced into that discussion and we're talking about mutual self-interest and let's not forget as well that Obama and Xi Jinping had their we're talking baby steps here but they did have a discussion and they did agree that this might be something they could look at perhaps at some point possibly in the future whenever that might happen. So yeah, I take your point but I think I see no reason at all why we shouldn't be having that sort of discussion at some point soon. Paul I'm taken very much by your metaphor and up here two of us at least suggest that Heisenbergs should somehow be brought into this particularly the nature of certainty as applicable but I have uncertainty in this case but I'm striving for certainty but Heisenberg and Paul would have something to say about quantum mechanics in this space but I think useful because I've used it as a metaphor to explain intelligence processes to the RAF unsuccessfully. My question however is in talking to Nathan the other significant player here is global corporations whether it's Cisco, Microsoft and particularly I'm taken by the interaction between the European Union and Google where we are facing a set of philosophies around the nature of access to information versus cultural and legal norms around issues of privacy so there's another player there that is incredibly powerful and then we start to add the financial systems and others and how governments react to that so I put that into the mix I guess as a question to say how do we address this because it's not Westphalia and it's beyond that it's more British East India company or Dutch East India company for an earlier metaphor Yeah I think you're right another very good question in a sense in classical understandings of sovereignty we've never had any problem really about having sovereign governments interacting with corporations and other sorts of non-sovereign bodies I'm not going to answer your question it's a very good one except to observe I'm going to counter your observation with my observation which is that increasingly in the literature you're finding discussions of the likes of Google as a sort of sovereign power of their own right in cyberspace and that really is interesting what actually is going on in this more or less discreet domain that we call cyberspace there is a thing that is acting there and only there more or less in a more or less sovereign way it's making up its own norms rules it's having its own diplomatic relations with analog ideas such as China for example so again I take your point I can't work out a way standing here with Heisenberg or indeed Schrodinger of how to make everything fit together I am uncertain You talked at length about Hillary Clinton's comments about how they have It wasn't at length it was only about that a lot but I mean you talked about the Great Firewall and everyone's heard about that but I'm just wondering why is it such a big theme in cyber security that China filters its content and what sort of cybercrime would be reduced by getting rid of that Great Firewall What sort of cybercrime would be reduced well let me go back a step why do people make a big thing of it well I make a big thing of it in my not here but in private because it seems to me to suggest that there could be all sorts of activities going on behind the wall that I might not necessarily like I think we also need to make a big thing of it because I think we do as I've been trying to argue here have to look at this from the Chinese perspective and what they're saying is we've got it here for these reasons whether you like it or not and by the way it's consistent with international law so the thrust of your the second part of your question about cybercrime if we got rid of the firewall due to international cybercrime who knows I mean if we could if we if we got rid of it then we might be in a serious position of actually I mean it's a different world maybe that no, no, precisely you can't you can't at the moment as I'm saying if we had got rid of it then we'd be talking to a different China that would have joined the Budapest convention that we would be talking about digital hot pursuit across borders and so on all that sort of thing I don't know that it technically you can't go through it and find people but that's not that's symptomatic of a bigger problem as far as international cybercrime is concerned which is that China by and large not entirely by and large doesn't play if China chose to play then we wouldn't be worried at all about the firewall it wouldn't be there you better ask the big corporations who are present here I'm sure I don't know okay well I think we'll wrap it there everyone thank you very much please join us for a drink after the event and I'd like you to offer your support thank you thank you