The state of Microsoft?: the role of corporations in international norm creation

Abstract

ABSTRACTThis research seeks to understand the role that corporations can play as global cyber norm entrepreneurs via a case study of tech giant Microsoft’s engagement in emergent international cybersecurity norms. Two key questions are addressed, including how Microsoft has been acting as a norm entrepreneur and what these actions indicate about the company's underlying objectives. Understanding Microsoft's processes and aims as a norm entrepreneur can help scholars better determine how corporate actors may fit into – or challenge – both existing norm creation theories and the development of global cyber policies. This research highlights three key takeaways that may inform further research: (1) In contrast to traditionally state-centric IR norm research, more focus is needed on the relationship between corporations and citizens when companies are acting as cyber norm entrepreneurs; (2) Four main objectives drive Microsoft’s attempts at cybersecurity norm entrepreneurship: trust building, software protection, balance of responsibility and sociopolitical influence; and (3) Microsoft provides an empirical example of a private corporation utilising all of Finnemore and Hollis’ tool categories for norm entrepreneurs. Through exploring the paths by which Microsoft strives to influence state behaviour and position themselves as a legitimate stakeholder in global cyber norm debates, we can gain insight into the methods and objectives of this newly identified form of corporate entrepreneurship and better understand the role that private actors may have in the ongoing formation of global cyber norms.