2020 Annual Report UC Berkeley Center for Long-Term Cybersecurity

Dear Friends,

By nearly all measures, 2020 was an extraordinary year. At a time when so many parts of our lives shifted online, the importance of forward-looking cybersecurity thinking and practice has never been greater.

The rapid changes brought on by COVID-19 brought to light the value of foresight and, more importantly, the ability to act on foresight and expect the unexpected.

At the University of California, Berkeley’s Center for Long-Term Cybersecurity (CLTC), our work is all about preparing for the future of human-technology interaction, and expanding who participates in — and has access to — cybersecurity.

The challenges of 2020 did not slow our progress in pursuing our important mission: to help individuals and organizations address tomorrow’s information security challenges, and amplify the upside of the digital revolution. We have continued to grow and improve in our roles as:

  • A hub for original research and scholarship, helping inform decision-makers and expand who participates in cybersecurity;
  • A convening platform and educational resource with unique insights, tools, and solutions to define and propose solutions to current and future cybersecurity challenges; and
  • An incubator for people and programs that will shape the future of cybersecurity debates for years to come.
Header image from "Sweetwire," by Greg Niemeyer, a project sponsored by the CLTC Cybersecurity Arts Contest that translates a successful containment of a cybersecurity attack into music and choreographed motion.

Scroll down to read more about highlights from CLTC’s activities in 2020.

A Focus on the Future

2020 provided a stark reminder that the future arrives faster than we think. CLTC regularly develops forward-looking scenarios — divergent narratives about how the future might unfold — as a methodology for thinking broadly about emerging trends in cybersecurity and society.

After it became obvious how dramatically the world would be transformed by COVID-19, we crafted a new set of scenarios for the year 2025, examining diverse possibilities for how digital security could be transformed in the past-pandemic world. Read our Post-Pandemic Scenarios.

Read an interview with Steve Weber and Ann Cleaveland about the importance of “taking the long view.”

Measuring Internet Fragmentation

Understanding the nature of the “splinternet” — how the internet is diverging across geographies — could have profound consequences for the future of digital security. In 2020, CLTC continued our groundbreaking work on the Internet Interoperability Index (III), a unique tool for measuring how (and how quickly) the internet is changing in different parts of the world.

Led by Nick Merrill, a post-doctoral researcher at CLTC, this project now enables analysis of how internet interoperability corresponds to a range of geopolitical domains, including foreign relations and trade agreements. Merrill published an article about the III in TechDirt, and he penned an op-ed in The Hill highlighting what the project reveals about U.S.-China relations. A more comprehensive paper was recently published in First Monday.

"Imagine a world in which internet regulators had well-defined levers to pull — levers that allowed them to optimize for things that they cared about domestically and internationally," Merrill says. "Imagine these regulators had good data to track the effect their interventions had. When I think about the long-term vision of our internet fragmentation work, I think about how our data could create better levers for managing the internet."

Developing Tomorrow's Cybersecurity Leaders

CLTC is working to develop the next generation of interdisciplinary cybersecurity professionals. This includes our collaboration and support for the UC Berkeley School of Information’s Masters of Information and Cybersecurity (MICS) degree program, and our work to create innovative, research-based cybersecurity curricula to fill gaps in specific areas. We are dedicated to supporting researchers at all stages in their careers, including by creating opportunities for up-and-coming scholars from fields not traditionally associated with cybersecurity.

"Our team created a cybersecurity playbook for a nonprofit law firm that advocates for human and environmental rights in developing countries," said Bo Tefu (pictured), Citizen Clinic alumna and UCB Master of Journalism student. "Working with incredible thought leaders in the tech, law, and human rights space fueled my passion for social impact by eradicating the digital divide through safe cybersecurity practices and access to information.”

Supporting Original, Student-Driven Research

Nathan Malkin

“The security field is often reactive, rather than proactive, so I am grateful to be able to work on a problem that — true to the name of the Center for Long-Term Cybersecurity — is still somewhat in the future,” says Nathan Malkin, a PhD student in the Department of Electrical Engineering and Computer Science (EECS) and recipient of CLTC's 2020 Cal Cybersecurity Fellowship.

Malkin researches privacy controls for "always-listening" devices, including smart home devices and other appliances connected to the "internet of things." His fellowship was made possible through a generous gift from an anonymous UC Berkeley alumnus.

His research was featured in a video produced by Vox (see below). “I’m hopeful that, by raising these issues early, we’ll be better prepared than if we waited to start thinking about them until passive-listening devices hit the market," Malkin says.

CLTC Grantees & Research Exchange Series

At the start of 2020, CLTC provided funding to 22 groups of UC Berkeley-affiliated researchers, students and faculty working across a wide range of disciplines. Their research spans important emerging topics, including:

  • Secure machine learning
  • Data protection
  • Detecting malicious photo manipulation
  • The privacy and security of mobile health apps
  • Defending against nation-state surveillance
  • Authentication in blockchain environments

We showcased the work of our grant-funded researchers at the 2020 CLTC Research Exchange, which was presented as a series of three themed events to showcase different areas of research.

Acting on Foresight

The era of artificial intelligence has only just begun, and the decisions we make today about AI will have profound implications for decades to come. In 2020, we led dialogue about important questions related to how strong AI principles and ethical guidelines can be put into practice by companies, governments, and other institutions.

Putting AI Principles into Practice

CLTC’s Artificial Intelligence Security Initiative (AISI), led by Research Fellow Jessica Newman, published Decision Points in AI Governance, an analysis of 35 recent efforts to translate AI principles into practice. The report drew attention from tech policy executives and was covered in media outlets like VentureBeat, Global Government Forum, and Biometric Update. Read a related op-ed that Newman authored for The Hill.

Will Hunt, a graduate student researcher, published a report entitled The Flight to Safety-Critical AI: Lessons in AI Safety from the Aviation Industry, which drew on interviews with experts to explore whether there is a “race to the bottom” in the adoption of AI in aviation and other industries. Hunt penned an op-ed based upon this research that was featured in Fortune.

Together with the CITRIS Policy Lab, the AISI launched a year-long collaboration with the California Department of Technology focused on analyzing the role of AI-enabled tools in select departments of the California state government, including the Department of Motor Vehicles, the Department of Fish and Wildlife, and the Department of Water Resources. This project aims to develop statewide policy recommendations to inform the procurement, development, implementation, and monitoring of such tools in the public sector. The project will culminate in a symposium and report in early summer 2021.

Helping Secure Newsrooms of the Future

Attacks on journalists and freedom of the press have increased markedly over the past several years. In 2020, CLTC's Citizen Clinic secured a generous gift from Craig Newmark Philanthropies that enabled us to conduct a first-of-its-kind analysis of the online security guides available for journalists.

We also launched a groundbreaking collaboration with the UC Berkeley Graduate School of Journalism, through which CLTC trains first-year journalism students on how to defend themselves against surveillance, cyberattacks, and other threats they may face in the course of reporting.

Throughout 2020, CLTC organized events that featured industry leaders, creating important bridges between research and practice. Shown above (top left): “Perspectives on digital security policy in the time of Covid-19," featuring Amit Elazari, Director, Global Security Policy at Intel Corporation and Cristin Goodwin, Assistant General Counsel for Cybersecurity and Digital Trust at Microsoft. Botton left: "What’s at Stake in Digital Fragmentation," a conversation between CLTC's Steve Weber and Zoom's Josh Kallmer; Right: Royal Hansen, VP of Security at Google.

Throughout the year, CLTC published research reports exploring emerging issues at the rapidly changing intersection of humans and technology:

Expanding Who Participates in Cybersecurity

Cybersecurity is too often viewed through the lens of tired tropes like the “hacker in the hoodie," or as a topic that is too technical or complex for the average person to understand. CLTC is dedicated to shifting these perceptions, and finding ways to make digital security more widely accessible.

For example, our Cybersecurity Arts Contest led to the production of "The Price is Wrong" (pictured), a sophisticated "mockumentary" that uses comedy to raise awareness about digital security in Uganda.

And our "What, Now What, So What?" video series is designed to provide an accessible overview of complex topics cybersecurity topics. In 2020, we released a video to help explain differential privacy, an important new approach to balancing privacy and security.

Citizen Clinic, CLTC’s trailblazing public-interest digital security clinic, trains teams of students to provide digital security assistance to non-profits and other organizations with limited resources. The Clinic remained active during the COVID-19 pandemic, with a team of 17 students working throughout the spring (and six during the summer), supporting seven client organizations.

  • We hosted a panel discussion with representatives from Land is Life, a Citizen Clinic client organization that provides digital security and other services to indigenous communities around the world.
  • We launched the Citizen Clinic Cybersecurity Education Center, a website dedicated to helping other universities adopt the cybersecurity clinic model in their own institutions. This site features a baseline security guide and curriculum modules for educators.
  • Read what Lawfare had to say about the UC Berkeley Citizen Clinic as a pioneer of the "clinic" model for cybersecurity.

MLFailures: Learning to Detect and Address Bias in Algorithms

CLTC’s Daylight Security Research Lab launched a series of learning modules designed to teach students how to detect, identify, and address bias in real-world machine learning algorithms. These labs address a shortcoming in current computer science training, as many students may graduate and begin work as data scientists without having learned about bias or fairness in machine learning.

Published online as “notebooks” in Python, the MLFailures Labs (i.e. machine learning failures) teach students how algorithms used for decision-making in fields such as health care, lending, and hiring may have built-in biases that are highly consequential for BIPOC communities. The labs are currently being taught to 50 students in UC Berkeley's flagship Applied Machine Learning course, and we are working to have this new teaching tool included in other classes at UC Berkeley and other universities.

Bringing Together New, Diverse Voices

CLTC is committed to advancing diversity, equity, and inclusion in the cybersecurity field.

We were a founding signatory of the Making Space in Cybersecurity pledge in 2020, acknowledging the contributions of women, people of color, and other underrepresented communities to cybersecurity, and formalizing our commitment to represent the wide diversity of scholars and experts in the cybersecurity space.

Through our research and events, we strive to bring new voices together to make cybersecurity more widely accessible. To the right: images from "Surviving Election Season," an event we hosted on how civil society organizations can build the capacity to remain secure online, with Sarah Aoun, a human rights technologist, Chris Garaffa, Technology Director for Trans Lifeline, and Steve Trush, Deputy Director of Citizen Clinic.

Expanding Diverse Talent in the Cybersecurity Workforce

CLTC co-sponsored the 4th-annual Women in Tech Symposium, and we helped organize “What’s at Stake? Global and Systemic Cyber Threats,” a panel discussion featuring women working at the forefront of the intersection between people and digital technologies.

Such efforts are helping reduce the gender disparities in the field: 15 percent of attendees at this year’s Women in Tech Symposium said they are more likely to pursue a career in cybersecurity, and 42% said they are more confident about entering the field.

Our November CLTC Research Exchange concluded with a conversation on “Expanding Diverse Talent in the Cybersecurity Workforce,” featuring Sandra Wheatley Smerdon, SVP, Marketing, Threat Intelligence and Influencer Communications at Fortinet, an enterprise security firm, and Lisa Parcella, VP Product Management & Marketing for Security Innovation and a member of the International Consortium of Minority Cybersecurity Professionals (ICMCP).

“There are a lot of organizations realizing that public and private partnerships have to come together on this issue,” Smerdon said. “People are hungry for more education and curriculum training around this industry, and I think working together, we can really make inroads.”

Looking Ahead

The past year taught us important lessons about the value of flexibility and resilience. As we enter 2021, it is more important than ever to expand who gets to participate in cybersecurity. And with a focus on the future comes a responsibility to help decision-makers act on foresight. We will be ambitiously shaping our research, teaching, and convening activities toward both goals in the coming year.

And we are hopeful that we will soon be able to host you again back on campus!

Help us amplify the upside of the digital revolution! We invite your engagement and support.

Visit our website and sign up for our newsletter.

Last but not least, we offer heartfelt thanks to our valued partners and contributors that propel our future. 

Special thanks for 2020 support goes to: Booz Allen Hamilton, Charles Koch Foundation, Craig Newmark Philanthropies, Facebook, Internet Society, Microsoft, Inc., McAfee, T-Mobile, The William and Flora Hewlett Foundation, and numerous alumni & friends of UC Berkeley.

Our Team