Assembling

In this article, we advance the literature on publics in international politics by exploring the nexus between publicness and big tech companies. This nexus finds a significant expression in the increasing impact of big tech companies to mediate disputes over societal problems, deliver social goods and rearticulate public‐private relationships. We develop an analytical framework by combining recent scholarship on assemblage theory and publics, allowing us to understand publicness as enacted in practices which revolve around issues and rearticulate relations of authority and legitimacy. To demonstrate the value of the framework, we show how Microsoft is involved in assembling publicness around cybersecurity. Microsoft does so by problematising and countering state‐led cybersecurity activities, questioning the state as a protector of its citizens and proposing governance measures to establish the tech sector as authoritative, and legitimate “first responders.” With this rearticulating of public‐private relations, we see the emergence of a political subject for whom security is not solely the right of a citizen secured by the state but also a customer service provided as a service agreement. The study hence offers important insights into the connection between publicness and cybersecurity, state and big tech relations, and the formation of authority and legitimacy in international politics.


Introduction
In this article, we advance the literature on publics in international politics by exploring how big tech companies assemble distinct forms of publicness, arguing that it marks important transformations in contemporary global governance.To do so, we develop an analytical framework uniting recent scholarship on assemblage theory and public theory.In line with the goal of the thematic issue (Mende & Müller, in press), we do not ask if "a global public exists" but "investigate the various manifestations of publics."Mende and Müller (in press) identify four manifestations of global publics, and we contribute primarily to the understanding of the second manifestation: "Publics are groups of actors that form communicative spaces….What makes the group of act-ors hang together is that its members react and refer to each other's arguments about the issue."In this article, we specifically focus on how private companies can create these issues and how thereby, a public is assembled.More specifically, we examine how Microsoft assembles publicness around cybersecurity and thereby rearticulates relations of authority and legitimacy between big tech companies, citizens, and the state.
Research on the international political role of private companies has produced valuable knowledge about present forms of global governance (Hofferberth, 2019;Mende, 2023), security practices (Berling & Bueger, 2015;Leander, 2005), and the corporate power of big tech (Beaumier et al., 2020;Monsees et al., 2023;Srivastava, 2021).This article draws on but also extends insights from this literature to examine the nexus between publics and private companies in international politics.This nexus, we argue, finds a significant expression in the increasing impact of big tech companies, elsewhere captured in concepts such as "surveillance capitalism" (Zuboff, 2019), "internet-industry complex" (Flyverbom et al., 2019), or "data capitalism" (West, 2019).However, what is at stake here is not just a simple transfer of public functions from the state to the private sector.What we tease out is the ambivalence of the rearticulation of public and private.While private companies help in making issues relevant to public problems (such as privacy and cybersecurity), they also claim capability, legitimacy, and authority by providing social goods.In the case of cybersecurity, we observe a tension in which citizens become users in need of the protection provided by big tech companies.This is an expression of a broader trend in which relations of authority and legitimacy between both states and companies as well as companies and individuals are being rearticulated through extensive commercialization and corporate regulation of cybersecurity (Beaumeir, 2020;Christensen & Petersen, 2017;Liebetrau & Monsees, 2022).
In order to demonstrate how this plays out and captures the assembling of publicness, we develop an analytical framework combining works on assemblage theory and publics in global governance (Best & Gheciu, 2014;Bueger, 2018;Walters & D'Aoust, 2015), critical security studies (Abrahamsen & Williams, 2009;Monsees, 2019;Stevens, 2016), and sociology (Marres, 2012).Building on these diverse approaches, we treat assembling publicness as a research strategy for empirically grounded analysis of the process of composition (Buchanan, 2020, p. 458) rather than a unified theory or approach (Bueger & Liebetrau, 2023, p. 240), enabling us to examine publicness as enacted in practices, which revolve around issues and rearticulating relations of authority and legitimacy.
While existing literature has shown how developments in communication technology, the internet, and social media demand a rethink of the public sphere (Baum & Potter, 2019;Dahlgren, 2005;Papacharissi, 2002;Pond & Lewis, 2019), we focus on big tech companies given their unique role in mediating disputes over public problems, delivering societal goods, and rearticulating public-private relationships (Culpepper & Thelen, 2020;Oyedemi, 2020).Concretely, we explore Microsoft's involvement in cybersecurity.Cybersecurity is an issue that has emerged with the development of information communication technologies in everyday life (Dunn Cavelty & Wenger, 2020).Appearing as a new kind of public good over which states and commercial actors are negotiating the boundaries for their respective roles, cybersecurity is a paradigmatic case for understanding how private companies can assemble publics.
In the remainder of this article, we first develop the analytical framework of assembling publicness.In the main part of the research, we show how Microsoft is involved in assembling publicness around the issue of cybersecurity.This section illustrates how the assem-bling of publics achieves political force by rearticulating public-private relations and the formation of authority and legitimacy in cybersecurity governance.In the conclusion, we suggest three ways as for further research to unpack the assembling of publicness in international politics on the one hand, and problematize big tech practices and their political implications on the other.

Assembling Publicness in International Politics
Developing an analytical approach which draws on assemblage theory, critical security studies, sociology, and sciences and technology studies, this section lays the foundation for the following analysis, which examines Microsoft's efforts to assemble publicness around cybersecurity.The section consists of two parts.The first situates the article in relation to the existing literature on IR and the thematic issue.The second outlines the assemblage approach and how it allows us to capture the formation of publics through three central features, namely, practices, issues, and power relations.

Manifestations of Publicness
This article speaks to two major changes to international politics observed in IR in the past decades.The first concerns the shift from government to governance invoked by the global governance literature (Rosenau, 1995;Rosenau & Czempiel, 1992).As stressed by Mende and Müller (in press), global governance is "characterised by a complex and constantly evolving constellation of actors-among them states, international organisations, non-governmental organisations and firms-that perform governance tasks and assume governance authority" (Avant et al., 2010;Stone, 2020;Zürn, 2018, as cited in Mende & Müller, in press).Zooming in on privatization and commercialization of security, scholars have shown how public and private are not two pre-existing realms but emergent spheres in which relations of legitimacy, authority, and responsibility are distributed, negotiated, and contested (Abrahamsen & Williams, 2009;Avant, 2005;Krahmann, 2008;Leander, 2005;Leander & van Munster, 2007).However, as Walters and D'Aoust (2015, p. 47) observe, publics "remain undertheorised and underproblematised in critical security studies."We thus build on previous work that highlighted how publics manifest through practices but expand on it with a distinct focus on big tech companies and security governance, rather than centering on privatization, commercialization, or neoliberalism as it is usually the case in the literature (Walters & D'Aoust, 2015, p. 48).
Alongside this development, scholars have explored the existence, possibility, and importance of global publics.They have analysed how the proliferation of transnational issues (e.g., trade, finance, and environment), actors (e.g., IOs and NGOs), and governance arrangements demands us to pay attention to publicness at a global and transnational level (Best & Gheciu, 2014;Brem-Wilson, 2017;Eckersley, 2007;Mitzen, 2005;Norman, 2019;Ruggie, 2004;Volkmer, 2014).According to the introduction to the thematic issue, this literature has been preoccupied with analysing and debating whether a global public exists or not.Here, we rather follow the editors' suggestion to embrace and "investigate various manifestations of publics that exist in, and co-evolve with, global politics" (Mende & Müller, in press).Taking that as our starting point, we explore how big tech companies assemble forms of publicness, arguing that it marks important transformations in contemporary global governance.
In doing so, we understand publics as plural, situated, and dynamic.Their existence and boundaries are due to constant (trans)formation, negotiation, and contestation (Dean, 1999;Dewey, 1999;Fraser, 1990;Marres, 2007).We hence need an analytical perspective that can grasp emergent and multiple empirical manifestations of publics as well as their effects on claims to legitimacy and authority.To capture this formation, we construct an analytical strategy that introduces the manifestation of publics through three central features and presuppositions: practices, issues, and power relations.

Assembling Publicness as an Analytical Strategy
Our research strategy allows us to examine how publics "are assembled and actor constellations produced, without relying on an a priori definition on the identity, position or interest of actors" (Bueger & Liebetrau, 2023, p. 240), while emphasising that the assembling of publics is provisional, processual, and dynamic (Stevens, 2016, pp. 32-36).This research strategy thereby directs the study away from answering essentialist questions, such as what a global or international public is or where it is located, towards an empirically grounded analysis of how publicness emerges, stabilises, and decays.The framework does not exclude the possibility that publics reach a form in which they are organised by a dominating logic, are institutionalised, or are hierarchically structured.However, rather than presume a priori how publics are ordered and structured, it leaves this question open to empirical analysis.
Our research strategy thus assumes that publicness is specific to certain times.This means that publics are distinct from the logics, criteria, or definitions that are assumed to be stable across time and space.This could mean, for example, assuming that there a "public" or "private" realm exists as a fixed sphere unaltered by its agents' behaviour.Following on from this, our approach is reflexive.The analyst does not have a God's eye view from which to construct objective and ahistorical definitions and concepts (Haraway, 1988).One result of thinking in these terms is that "every time we make reality claims in science we are helping to make some social reality more or less real" (Law & Urry, 2004, p. 396).Consequently, the analytical framework contains a double move.It aims to identify and describe situated publicness in context and to problematize it further for critical purposes (Aradau & Huysmans, 2014).
First, both assemblage theory and sociological concepts of publics emphasize the importance of practice (Acuto & Curtis, 2014;Bueger, 2018;Marres & Lezaun, 2011;Monsees, 2019).Shifting the analytical perspective towards assembling publicness through practice is a crucial step.IR scholars have demonstrated how the enactment of publics plays out in practice.For instance, Walters and D'Aoust (2015) demonstrate how publics are enacted through paintings and public demonstrations.Each public addresses itself in a particular way towards the state; it can either reify or challenge the previous (Walters & D'Aoust, 2015, p. 59).Best and Gheciu (2014) focus on the importance of practice and the performative aspects of public-making.We follow their understanding of public-making practices as practices: That seek to claim particular problems, actors, or processes as public-or of common concern-and in doing so, that effectively work to constitute those issues as public.In other words, public-making practices are performative: they seek to create the things that they describe.(Best & Gheciu, 2014, p. 32) Linking this to assemblage thinking, we understand publicness as based on relations and practice "in the sense that it depends on assembling practices involving actors, objects, rules, or principles in a particular territorial space and time, which gives them meaning in relation to one another" (Kolmasova, 2022(Kolmasova, , pp. 1329(Kolmasova, -1230)).Drawing on Bueger (2018, p. 619), we argue that the assembling of publicness requires "consistent practical work" and must "always remain unstable and open to tensions and contestation."This prompts research to engage empirically with public assembling practices.
Second, a critical function of the assemblage framework is that it brings to the fore "a specific historical, political, and economic conjuncture in which an issue becomes a problem" (Ong & Collier, 2005, p. 14).An assemblage framework emphasizes the ambivalence, contestation, and multiplicity of public-making practices (Bueger & Liebetrau, 2023, p. 238).This idea fits hand in glove with sociological conceptions of multiple publics emerging in relation to problems and issues (Callon et al., 2009;Marres, 2007).For example, Marres (2007Marres ( , 2012) ) directs our attention to how publics emerge as a result of issue formation.The public is not a pre-constituted sphere in which issues are deliberated.Rather, issues are perceived as needing action, and a public emerges as a result.This also means that publics are not necessarily linked to state politics but can be found everywhere and assembled around a multiplicity of actor or things (Honig, 2017;Marres, 2012;Marres & Lezaun, 2011).We argue that when we pay attention to publicmaking practices, we need to seriously consider how certain issues become public issues without reading them back into a state-centred framework.The political power of how big tech assembles publics only becomes visible when we look at the state and big tech symmetrically.Consequently, the making of publics is far from a neutral undertaking but a highly political practice.Combining assemblage thinking and sociological conceptions of publics sensitises us to the ambiguity, contestation, and disagreement over the issues at stake, and, following on from that, rearticulations of public-private relations.This allows us to identify how the notion of a citizen-user becomes core to Microsoft's assembling of publicness around cybersecurity.
Lastly, assemblage thinking addresses questions relating to power, authority, and legitimacy (Abrahamsen & Williams, 2009, p. 3, 14).Primarily, it allows us to see how assemblages generate the capacity to act in particular ways, rendering some actors more powerful than others (Bueger & Liebetrau, 2023, p. 243).When studying relations and practices of assembling publicness, we study how capability, expertise, and knowledge might become authoritative and legitimate.Zooming in on the historical concept of the public, it refers to the emergence of a public in which an opinion is formed.This public was considered both the opposite of the private sphere and the opposition to the state's power (Habermas, 1962, p. 55).In a democracy, the role of the public is to legitimize the actions of the state (Habermas, 1962, p. 82, 97).From this perspective, legitimate policies are those which are formulated in the name of the public and mirror the public's interest (Eckersley, 2007, p. 334).Legitimacy then relies on recognition by subjects (citizens) (Gronau & Schmidtke, 2016).In line with the overall analytical perspective, legitimacy is thus not a legal or formal concept but a relational and performative concept (Kratochwil, 2006).If publicness does not only centre on the state, formations and relations of legitimacy are multiple.As we show below, this means that claims about legitimacy can hinge on relations between private companies and citizens.Claiming to act in the public's interests or to fulfil the public's needs endows one with legitimacy and authority to act.Assemblage theory allows us to scrutinize how publicness is assembled across actors and thus enacts relations of authority and legitimacy.
In sum, we see that who appears as a public actor or what issue is considered a public problem is the outcome of political processes.If we consider the public and the private as a result of political processes, the consequences of assigning something or someone as being public come into view.Claiming that an issue is a public problem or that someone acts in the public interest means simultaneously making claims about certain actors' authority and legitimacy (Dean, 1999).Deploying the assemblage framework hence enables us to examine processes of political ordering that are enmeshed with reconfiguring publicness.As we illustrate below, Microsoft assembles in assembling publicness around cybersecurity by challenging state behaviour in cyberspace and claiming authority and legitimacy for itself (and the tech sector) as a cybersecurity provider.These ordering processes unfold political power by influencing relations of legitimacy and authority.

Assembling Publicness: Microsoft, Cybersecurity, and Public-Private Relations
The following section presents an analysis of Microsoft's cybersecurity practices that demonstrates how the assemblage framework helps to think about publics in international politics.Microsoft has more than one billion customers in more than 140 markets.The company owns, operates, and leases data centres in more than 20 countries (Smith & Browne, 2019).Microsoft has promoted significant cybersecurity initiatives involving states, companies, and international organisations, such as the Digital Geneva Convention (Microsoft, 2017), the Cybersecurity Tech Accord (Smith, 2018a), and the Paris Call for Trust and Security in Cyberspace (81 states and more than 700 companies are supporting the call.As you can see in the following link: https://pariscall.international/en).Exploring the changing relationship between states, big tech, and citizens, recent scholarship has demonstrated how Microsoft positions itself as a dominant player in global cybersecurity governance, namely through practices of norm entrepreneurship and policy shaping (Fairbank, 2019;Gorwa & Peez, 2020;Hurel & Lobato, 2018).We add to this existing literature by examining how Microsoft also assembles publics around cybersecurity and thereby shifts notions of legitimacy and authority.
Put in methods terms, and following Flyvbjerg (2006, pp. 232-233), we consider the case of Microsoft a paradigmatic case as it highlights general characteristics and serves as an exemplar suitable for reinterpretation, contestation, and comparison by other scholars.We follow a qualitative-interpretative research design (Klotz & Prakash, 2008;Schwartz-Shea & Yanow, 2012).Examining the assembling of publicness around cybersecurity, we focus on sites of tensions and moments of controversy from the 2013 Snowden revelations to the present, analysing Microsoft's practices, accounts, and relations (Loughlan et al., 2015, pp. 38-39).In doing so, we rely on multiple empirical sources, including policy reports, white papers, speeches, blog posts, press releases, news sources covering Microsoft's actions, existing scholarship on Microsoft, as well as engagement in cybersecurity workshops, conferences, and debates featuring Microsoft practitioners.We analysed these documents collaboratively in several rounds, thereby following an iterative research strategy going back and forth between theoretical reflection and empirical analysis.

Problematising Cybersecurity: Destabilising State Authority and Legitimacy
A decade ago, Edward Snowden famously disclosed information about the extensive intelligence practices of the US National Security Agency and its partner services.The revelations surprised seasoned observers, questioned established understandings of the legitimacy of the institutions involved, and stimulated intense political controversy, confirming transformations in the relations between state security practices and democratic procedures, state and civil society, and state and corporate interests (Bauman et al., 2014, p. 122).The files revealed how intelligence services, particularly the US National Security Agency and Government Communication Headquarters (GCHQ), rely on voluntary or forced collaborations with private providers such as Microsoft, Google, Facebook, Verizon, and Vodafone.Despite their involvement in the collection of user data, the US tech industry publicly criticized the US government, called for intelligence reform, and pushed for stronger cyber security standards, rebuilding public and consumer trust (Roberts & Kiss, 2013).
Microsoft played a crucial role in this campaign.Brad Smith, then Microsoft's general counsel, compared the government surveillance to "sophisticated malware or cyber attacks" and emphasized that Microsoft "are taking steps to ensure governments use legal process rather than technological brute force to access customer data" (Arthur, 2013).Corporate Vice President Scott Charney (2013) noted that "industry creates and operates most of the infrastructure that enables cyberspace" and argued that global cyber security norm building would hence benefit from including private companies to ensure "that nation-state behaviour in cyberspace does not erode the fundamental trust and security mechanisms of the internet."The increasing awareness of mass surveillance highlights the ambiguous role of state agencies in protecting as well as targeting its citizens' private sphere (see Monsees, 2019).While Microsoft's primary focus was on creating international norms that rein in government behaviour in cyberspace, the company emphasized the need for a multistakeholder approach, portraying this as an "operational reality rather than an ideology," thereby underlining the central role of the private sector in defending cyberspace and its users (McKay et al., 2014, pp. 14-16).Similarly, McKay et al. (2014) emphasised that "military espionage and other surreptitious activity reminds us that governments often have other interests that conflict with their role as protectors."Microsoft compared the contradictory cybersecurity priorities of the government to an industry that "wants to protect the security and privacy of users, and support efforts to protect public safety and national security" (Microsoft, 2014).The company outlines a transnational public problem concerning the growing dependence on digital technology and the vulnerability of tech customers.Microsoft relates this problem to the contradictory role of governments as both protectors and perpetrators in cyberspace.This provides a first glimpse of Microsoft's central role in defining state activities in cyberspace as a global problem and assembling publicness around it.In doing so, Microsoft questions the state's historical role as the primary provider of security and puts forth a notion of a citizen-user-a subject that is in need of protection in cyberspace through state actions as well as that provided by companies.We thus observe an ambivalent dynamic in which the relation between companies and states is renegotiated and not a simple empowering of big tech at the cost of the state.

Proposing a Digital Geneva Convention: Assembling Publicness Around Cybersecurity
Still unsatisfied with government action in and discussion about cyberspace, Microsoft scaled up its efforts in 2017 by proposing a Digital Geneva Convention to strengthen global cybersecurity (Microsoft, 2017;Smith, 2017a).Microsoft reiterated its commitment to ensuring corporate protection of users from the state in cyberspace: "The world needs new international rules to protect the public from nation-state threats in cyberspace.In short, the world needs a Digital Geneva Convention" (Microsoft, 2017).In this context, Smith (2017b) clarified the changing relationship between states and companies: Let's face it; cyberspace is the new battlefield.The world of potential war has migrated from land to sea to air and now cyberspace….Cyberspace is owned and operated by the private sector.It is private property, whether it is submarine cables, datacenters, servers, laptops, or smartphones….itputs you in a different position, because when it comes to these attacks in cyberspace, we not only are the plane of battle, we are the world's first responders.Instead of nation-state attacks being met by responses from other nation-states, they are being met by us.Smith (2017b) directs attention to the ways in which the cybersecurity practices of tech companies challenge the traditional security prerogative of the state.He contrasts a privately owned and operated cyberspace to conventional nation-state territory and national security responsibility.Smith thereby portrays the corporate tech sector as a global security actor in its own right, acting not just when mobilized by the state (Christensen & Liebetrau, 2019).This shows how Microsoft and the tech sector have "significant capacity to bolster or undermine government authority" and to increase "public demands for the companies to take action to protect users from governments" (Eichensehr, 2019, p. 668).This neither erodes state power nor is it automatically opposed to it, but it shows how relations of authority and legitimacy concerning cybersecurity between state and companies can become rearticulated.
According to Smith (2018b), the authority and legitimacy bestowed upon Microsoft and the tech sector stems not only from a lack of state capability but also from the fact that "nation-state hacking has evolved into attacks on civilians in times of peace."Consequently, private tech companies have "to help deter and respond to nation-state cyberattacks."They thereby increasingly "stand as competing power centers, challenging the primacy of governments."(Eichensehr, 2019, p. 668).Grounded in its supposed neutrality and expertise, Microsoft and the tech sector emerge as core actors in identifying cyber insecurity as a global problem and protecting against future security challenges.Microsoft thus not only defines what the problem is but also assembles publicness around it through its different initiatives (and the involvement of multiple global actors).As a result, the assembled public challenges the distribution of authority and legitimacy between states and private companies in relation to cybersecurity.
We see the contours of a vulnerable and de-territorialized public, or community of affected, as Dewey (1999) called it, being assembled around cyber insecurity, consisting of a user who has a right to security and is in need of protection from the state.As emphasized by Smith (2017b): We've pledged our support for defending every customer everywhere in the face of cyberattacks, regardless of their nationality.This weekend, whether it's in London, New York, Moscow, Delhi, Sao Paulo, or Beijing, we're putting this principle into action and working with customers around the world.
Microsoft calls upon digital citizens and endows them with a universal right to protection that is determined neither by territoriality nor nationality.Through such digital acts (Isin & Ruppert, 2017), Microsoft enacts a new political subject-a citizen-user-that co-exists in the privately owned and operated cyberspace and the territory of states.For this subject, security is not solely the right of a citizen secured by the state, but also a service stipulated in the terms of agreement between Microsoft and its customers.Microsoft thus assembles an issue public around cybersecurity.The result is, however, not only the creation of certain norms but a challenge to boundary drawing as to what counts as "private" and what as "public" authority and legitimacy.In the next subsection, we look at how the lines of public and private are redrawn in more detail.

Aiming to Sit at the Head of the Table:
Rearticulating Public-Private Relations While Microsoft's proposals for a Digital Geneva Convention received extensive attention across state entities and private companies, the initiative was also perceived as brazen and met with pushback (Gorwa & Peez, 2020, p. 265;Jeutner, 2019, p. 161).Hence, in April 2018, Microsoft initiated the Cybersecurity Tech Accord (CTA).The CTA toned down the language of the Digital Geneva Convention.It was launched by a group of 34 technology companies, including giants such as Microsoft and Facebook, and a diverse group of interna-tional telecoms, hardware manufacturers, open-source software providers, and cybersecurity threat intelligence companies.The CTA is a four-point reformulation of central features of the Digital Geneva Convention principles of responsible behaviour in cyberspace for the private sector.According to one of the four principles, the "no offense," accord signees "will not help governments launch cyberattacks against innocent citizens and enterprises, and will protect against tampering or exploitation of their products and services through every stage of technology development, design and distribution" (The Cybersecurity Tech Accord, 2017).While the "stronger defence" principle encompasses a commitment to "protect all customers globally regardless of the motivation for attacks online."(The Cybersecurity Tech Accord, 2017).As Gorwa and Peez (2020, p. 279) stress, the Tech Accord demonstrates a major departure from past norm-building efforts in the cyber realm since it is led by tech companies and not states.
Continuing these efforts, Microsoft initiated the Digital Peace Now campaign in 2018.It is a global policy effort urging world leaders and citizens to create digital world peace (O'Sullivan, 2018a).Announcing the start of the campaign, Microsoft states that "Digital Peace Now is going to be all about people-people banding together to tell their world leaders that the internet must be a peaceful, shared community" (O'Sullivan, 2018a).In line with this, the campaign promotes two general courses of action.The first one is to "demand government action" by signing the online "Digital Peace Petition" (Digital Peace Now, n.d.).The second one encourages citizens to join the campaign and consider cybersecurity concerns when voting (O'Sullivan, 2018b).Once more, we see how Microsoft calls upon digital citizens and endows them with a universal right to protection determined neither by territoriality nor by nationality, while still relying on the state by demanding changes in government action.A public is thus assembled in which Microsoft defines the problem and the object of protection.However, the demarcation of this public does not follow those of a nation-state nor traditional notions of public and private authority.
Microsoft continues to form new spaces of cybersecurity governance, in which companies and government actors contest and renegotiate their respective authority and legitimacy regarding cybersecurity and the protection of individuals.At the time of writing, this has culminated in Microsoft's (informal) co-authorship of the French government initiative of the Paris Call for Trust and Security in Cyberspace and its sponsorship of the recently founded Cyber Peace Institute (Broeders & van der Berg, 2020, p. 11).Fairbank (2019, p. 16) argues that "through the CTA and the Paris Call, Microsoft has helped bring together valuable actor groups within industry, civil society and global government that encourage the adoption of international cybersecurity norms."Gorwa and Peez (2020, p. 273) go one step further in arguing that "Microsoft has not only aimed for a seat at the table, but for the seat at the head of the table as the cyber-norms effort grows with initiatives such as the Paris Call."This underlines how Microsoft, through its continued efforts in cybersecurity governance, plays a key role in assembling publicness around cybersecurity and rearticulating governance relations of authority and legitimacy across public and private actors.
In sum, the analysis shows how Microsoft assembles publicness around the issue of cybersecurity, which contours it defines as a global problem, and claims is solvable only through the intervention of private companies on account of their neutrality, expertise, and extensive reach.The analysis highlights the ways in which relations of authority and legitimacy between both states and companies, as well as companies and individuals, are being rearticulated through extensive commercialization and corporate regulation of cybersecurity, relying on ownership of infrastructure, technical expertise, and global customer bases.

Conclusion
To explore the nexus between publicness and big tech companies, this article introduced an analytical framework for assembling publicness.By shifting the perspective from state-based territorial and institutional conditions of publicness to processes of public-making, the framework provided tools to defamiliarize and rethink relations between companies and states on the one hand, and companies and individuals on the other.Investigating these relations through Microsoft's assembling of publicness around cybersecurity, we saw how claims to authority and legitimacy rearticulated publicprivate relations.This demonstrates that paying further attention to the assembling of publicness, without automatically reading it back into strict spatial or functional frames, is of fundamental importance to our understanding of publicness in international politics, including how the practices of big tech companies question conventional politics and political ordering.In conclusion, we therefore suggest three ways forward as to how further research can unpack the assembling of publicness in international politics on the one hand and problematize big tech practices and their political implications on the other.
First, looking closer at the political and democratic implications of the analysis, we observe an ambiguous double movement: On the one hand, it shows how, through assembling publicness, new issues which cannot be sufficiently addressed by national politics, are put on the international political agenda.It opens possibilities for engagement in the processes of determining what cybersecurity is, can, and should be, as well as determining the political issues at stake and, not least, who has a legitimate stake in these issues and a right to security.On the other hand, the analysis demonstrates how assembling publicness by a private company alters subject positions and can lead to the creation of a citizen-user, where rights become services that customer need to pay for.From a democratic perspective, this is problematic since the erosion of the role of the state as the provider of security clashes with the right of the citizen to claim protection against outside threats.As critical security studies have shown, many of today's persistent security issues, such as climate change and migration, do not neatly align with the spatio-functional borders of the state and its institutional framework (Walker, 2010).Rather, they implicate a wide range of different actors, technologies, and governance measures, cutting across spatial and functional lines of demarcation.Rooted in various strands of IR research on the role of private companies in the constitution of international politics and public policy, future research could unpack this ambiguity and its political and normative consequences through the assembling of publicness.
Second, the analysis suggests there is further work to be done in examining how big tech practices rearticulate public-private relations by questioning state behaviour, providing social goods, and assembling publicness.A prime case here is the recent unpreceded support to Ukraine offered by Microsoft and other tech companies (Microsoft, 2022).It has been argued that a key reason Ukraine has not suffered a major cyber-blow is exactly because of this support.Microsoft moved Ukrainian digital data to its European cloud facilities, Google provided free licensing of its products, Palantir offered data analytics software, and Starlink satellites permitted Ukraine to keep its critical communication running.The involvement of big tech on the side of Ukraine shows that big tech companies now play a decisive role in war.This involvement could also be scrutinized in light of Microsoft's and other tech companies' activities in the past decades.
Investigating the extent to which big tech has "become supplemental sovereigns, governing individuals alongside states" (Eichensehr, 2019, p. 668), the research could also explore the role and political implications of these companies in providing other social goods such as health or mobility (Maghalaes & Couldry, 2021).This would allow us to grasp the manifold forms of authority and legitimacy that big tech companies can assume in global governance.Such studies could benefit from problematising how big tech practices of assembling publicness intersect with questions concerning the enduring legacies of state-centrism, Western bias, gender relations, and socio-economic status.
Third, the framework paves the way for an openended, empirically driven research agenda on assembling publicness in international politics and governance, allowing scholarship to examine the evolvement of public-private and state-company relations over time to grasp both continuity and change in the contemporary role of private companies in the constitution of publicness and relations of authority and legitimacy.Leveraging perspectives from international political economy, the history of international relations, and international political sociology dealing with the role of private companies, could support research on the assembling of publicness to spark alternative imaginaries and nurture novel futures of public-private relations in international politics.Linda Monsees is a researcher at the Center for Governance of Emerging Technologies.Her expertise lies in the study of international security and how digital technologies impact security practices but also wider society.At the moment, she conducts research on the idea of digital sovereignty, the politics of semiconductors, and broader questions about the role of private companies in this field.