A Focus on the Future
2020 provided a stark reminder that the future arrives faster than we think. CLTC regularly develops forward-looking scenarios — divergent narratives about how the future might unfold — as a methodology for thinking broadly about emerging trends in cybersecurity and society.
After it became obvious how dramatically the world would be transformed by COVID-19, we crafted a new set of scenarios for the year 2025, examining diverse possibilities for how digital security could be transformed in the past-pandemic world. Read our Post-Pandemic Scenarios.
Read an interview with Steve Weber and Ann Cleaveland about the importance of “taking the long view.”
Measuring Internet Fragmentation
Understanding the nature of the “splinternet” — how the internet is diverging across geographies — could have profound consequences for the future of digital security. In 2020, CLTC continued our groundbreaking work on the Internet Interoperability Index (III), a unique tool for measuring how (and how quickly) the internet is changing in different parts of the world.
Led by Nick Merrill, a post-doctoral researcher at CLTC, this project now enables analysis of how internet interoperability corresponds to a range of geopolitical domains, including foreign relations and trade agreements. Merrill published an article about the III in TechDirt, and he penned an op-ed in The Hill highlighting what the project reveals about U.S.-China relations. A more comprehensive paper was recently published in First Monday.
"Imagine a world in which internet regulators had well-defined levers to pull — levers that allowed them to optimize for things that they cared about domestically and internationally," Merrill says. "Imagine these regulators had good data to track the effect their interventions had. When I think about the long-term vision of our internet fragmentation work, I think about how our data could create better levers for managing the internet."
Developing Tomorrow's Cybersecurity Leaders
CLTC is working to develop the next generation of interdisciplinary cybersecurity professionals. This includes our collaboration and support for the UC Berkeley School of Information’s Masters of Information and Cybersecurity (MICS) degree program, and our work to create innovative, research-based cybersecurity curricula to fill gaps in specific areas. We are dedicated to supporting researchers at all stages in their careers, including by creating opportunities for up-and-coming scholars from fields not traditionally associated with cybersecurity.
"Our team created a cybersecurity playbook for a nonprofit law firm that advocates for human and environmental rights in developing countries," said Bo Tefu (pictured), Citizen Clinic alumna and UCB Master of Journalism student. "Working with incredible thought leaders in the tech, law, and human rights space fueled my passion for social impact by eradicating the digital divide through safe cybersecurity practices and access to information.”
Supporting Original, Student-Driven Research
“The security field is often reactive, rather than proactive, so I am grateful to be able to work on a problem that — true to the name of the Center for Long-Term Cybersecurity — is still somewhat in the future,” says Nathan Malkin, a PhD student in the Department of Electrical Engineering and Computer Science (EECS) and recipient of CLTC's 2020 Cal Cybersecurity Fellowship.
Malkin researches privacy controls for "always-listening" devices, including smart home devices and other appliances connected to the "internet of things." His fellowship was made possible through a generous gift from an anonymous UC Berkeley alumnus.
His research was featured in a video produced by Vox (see below). “I’m hopeful that, by raising these issues early, we’ll be better prepared than if we waited to start thinking about them until passive-listening devices hit the market," Malkin says.
CLTC Grantees & Research Exchange Series
At the start of 2020, CLTC provided funding to 22 groups of UC Berkeley-affiliated researchers, students and faculty working across a wide range of disciplines. Their research spans important emerging topics, including:
- Secure machine learning
- Data protection
- Detecting malicious photo manipulation
- The privacy and security of mobile health apps
- Defending against nation-state surveillance
- Authentication in blockchain environments
We showcased the work of our grant-funded researchers at the 2020 CLTC Research Exchange, which was presented as a series of three themed events to showcase different areas of research.
Acting on Foresight
The era of artificial intelligence has only just begun, and the decisions we make today about AI will have profound implications for decades to come. In 2020, we led dialogue about important questions related to how strong AI principles and ethical guidelines can be put into practice by companies, governments, and other institutions.
Putting AI Principles into Practice
CLTC’s Artificial Intelligence Security Initiative (AISI), led by Research Fellow Jessica Newman, published Decision Points in AI Governance, an analysis of 35 recent efforts to translate AI principles into practice. The report drew attention from tech policy executives and was covered in media outlets like VentureBeat, Global Government Forum, and Biometric Update. Read a related op-ed that Newman authored for The Hill.
Will Hunt, a graduate student researcher, published a report entitled The Flight to Safety-Critical AI: Lessons in AI Safety from the Aviation Industry, which drew on interviews with experts to explore whether there is a “race to the bottom” in the adoption of AI in aviation and other industries. Hunt penned an op-ed based upon this research that was featured in Fortune.
Together with the CITRIS Policy Lab, the AISI launched a year-long collaboration with the California Department of Technology focused on analyzing the role of AI-enabled tools in select departments of the California state government, including the Department of Motor Vehicles, the Department of Fish and Wildlife, and the Department of Water Resources. This project aims to develop statewide policy recommendations to inform the procurement, development, implementation, and monitoring of such tools in the public sector. The project will culminate in a symposium and report in early summer 2021.
Helping Secure Newsrooms of the Future
Attacks on journalists and freedom of the press have increased markedly over the past several years. In 2020, CLTC's Citizen Clinic secured a generous gift from Craig Newmark Philanthropies that enabled us to conduct a first-of-its-kind analysis of the online security guides available for journalists.
We also launched a groundbreaking collaboration with the UC Berkeley Graduate School of Journalism, through which CLTC trains first-year journalism students on how to defend themselves against surveillance, cyberattacks, and other threats they may face in the course of reporting.
Throughout the year, CLTC published research reports exploring emerging issues at the rapidly changing intersection of humans and technology:
- Resilient Governance for Boards of Directors: Considerations for Effective Oversight of Cyber Risk presents research conducted in partnership with Booz Allen Hamilton on how boards of directors should approach cybersecurity governance — an important but often neglected question.
- Designing Risk Communications: A Roadmap or Digital Platforms provides a framework that digital platforms and other firms can use to better communicate potential privacy and security risks to their users. The research findings were also presented in an article in the Harvard Business Review, authored by Jessica Newman, Ann Cleaveland, Steven Weber, and Grace Gordon, a Master of Development Practice student at UC Berkeley.
- Digital Safety Technical Assistance at Scale, authored by Sean Brooks, Director of CLTC's Citizen Clinic program, explores the opportunities and challenges of expanding the digital safety technical assistance resources available to civil society organizations. The report draws in part upon lessons learned from the first two years of operating Citizen Clinic.
- A Data Sharing Discipline, by Steven Weber, Matthew Nagamine, and Max Ingraham-Rakatansky, presents new approaches for sharing data, which has become more vital for organizations using algorithmic decision-making.
- A New Era for Credit Scoring: Financial Inclusion, Data Security, and Privacy Protection in the Age of Digital Lending, by Tarunima Prabhakar, a former research fellow at CLTC, examines the trade-offs associated with digital lending platforms in India, which have broadened access to credit for low-income borrowers, but come with associated privacy and security risks.
- Security Implications of 5G Networks, a report by Jon Metzler, a lecturer at the Haas School of Business at UC Berkeley and a former CLTC grantee, explores how the widespread adoption of fifth-generation (5G) cellular service will lead to improvements in security while introducing new threats and attack vectors.
Expanding Who Participates in Cybersecurity
Cybersecurity is too often viewed through the lens of tired tropes like the “hacker in the hoodie," or as a topic that is too technical or complex for the average person to understand. CLTC is dedicated to shifting these perceptions, and finding ways to make digital security more widely accessible.
For example, our Cybersecurity Arts Contest led to the production of "The Price is Wrong" (pictured), a sophisticated "mockumentary" that uses comedy to raise awareness about digital security in Uganda.
And our "What, Now What, So What?" video series is designed to provide an accessible overview of complex topics cybersecurity topics. In 2020, we released a video to help explain differential privacy, an important new approach to balancing privacy and security.
Citizen Clinic, CLTC’s trailblazing public-interest digital security clinic, trains teams of students to provide digital security assistance to non-profits and other organizations with limited resources. The Clinic remained active during the COVID-19 pandemic, with a team of 17 students working throughout the spring (and six during the summer), supporting seven client organizations.
- We hosted a panel discussion with representatives from Land is Life, a Citizen Clinic client organization that provides digital security and other services to indigenous communities around the world.
- We launched the Citizen Clinic Cybersecurity Education Center, a website dedicated to helping other universities adopt the cybersecurity clinic model in their own institutions. This site features a baseline security guide and curriculum modules for educators.
- Read what Lawfare had to say about the UC Berkeley Citizen Clinic as a pioneer of the "clinic" model for cybersecurity.
MLFailures: Learning to Detect and Address Bias in Algorithms
CLTC’s Daylight Security Research Lab launched a series of learning modules designed to teach students how to detect, identify, and address bias in real-world machine learning algorithms. These labs address a shortcoming in current computer science training, as many students may graduate and begin work as data scientists without having learned about bias or fairness in machine learning.
Published online as “notebooks” in Python, the MLFailures Labs (i.e. machine learning failures) teach students how algorithms used for decision-making in fields such as health care, lending, and hiring may have built-in biases that are highly consequential for BIPOC communities. The labs are currently being taught to 50 students in UC Berkeley's flagship Applied Machine Learning course, and we are working to have this new teaching tool included in other classes at UC Berkeley and other universities.
Bringing Together New, Diverse Voices
CLTC is committed to advancing diversity, equity, and inclusion in the cybersecurity field.
We were a founding signatory of the Making Space in Cybersecurity pledge in 2020, acknowledging the contributions of women, people of color, and other underrepresented communities to cybersecurity, and formalizing our commitment to represent the wide diversity of scholars and experts in the cybersecurity space.
Through our research and events, we strive to bring new voices together to make cybersecurity more widely accessible. To the right: images from "Surviving Election Season," an event we hosted on how civil society organizations can build the capacity to remain secure online, with Sarah Aoun, a human rights technologist, Chris Garaffa, Technology Director for Trans Lifeline, and Steve Trush, Deputy Director of Citizen Clinic.
Expanding Diverse Talent in the Cybersecurity Workforce
CLTC co-sponsored the 4th-annual Women in Tech Symposium, and we helped organize “What’s at Stake? Global and Systemic Cyber Threats,” a panel discussion featuring women working at the forefront of the intersection between people and digital technologies.
Such efforts are helping reduce the gender disparities in the field: 15 percent of attendees at this year’s Women in Tech Symposium said they are more likely to pursue a career in cybersecurity, and 42% said they are more confident about entering the field.
Our November CLTC Research Exchange concluded with a conversation on “Expanding Diverse Talent in the Cybersecurity Workforce,” featuring Sandra Wheatley Smerdon, SVP, Marketing, Threat Intelligence and Influencer Communications at Fortinet, an enterprise security firm, and Lisa Parcella, VP Product Management & Marketing for Security Innovation and a member of the International Consortium of Minority Cybersecurity Professionals (ICMCP).
“There are a lot of organizations realizing that public and private partnerships have to come together on this issue,” Smerdon said. “People are hungry for more education and curriculum training around this industry, and I think working together, we can really make inroads.”
The past year taught us important lessons about the value of flexibility and resilience. As we enter 2021, it is more important than ever to expand who gets to participate in cybersecurity. And with a focus on the future comes a responsibility to help decision-makers act on foresight. We will be ambitiously shaping our research, teaching, and convening activities toward both goals in the coming year.
And we are hopeful that we will soon be able to host you again back on campus!