September 28, 2021

New CLTC White Paper Tackles Tech Industry’s Engagement Maximization

This CLTC white paper, “Tech Has an Attention Problem,” by Aileen Nielsen, a PhD Student at the ETH Zurich’s Center for Law & Economics and a Fellow in Law & Tech, examines the potential harms of the technology industry’s widespread practice of “attention harvesting,” using algorithms and other techniques to maximize the amount of time consumers spend using a technology product.

August 9, 2021

Guidance for the Development of AI Risk and Impact Assessments

A new report from the Center for Long-Term Cybersecurity provides a set of recommendations to help governments and other organizations evaluate the potential risks and harms associated with new artificial intelligence (AI) technologies. The paper, Guidance for the Development of AI Risk and Impact Assessments, by Louis Au Yeung, a…

July 1, 2021

Timelines: Design Activities for Surfacing Values and Ethics in Technologies

A new white paper authored by Richmond Wong, a postdoctoral fellow at the Center for Long-Term Cybersecurity, introduces “Timelines,” a group activity that can help organizations uncover potential issues related to ethics and values during the design phase of a new technology. The paper, Timelines: Design Activities for Surfacing Values…

March 16, 2021

The Cybersecurity Risks of Smart City Technologies: What Do The Experts Think?

This report by an interdisciplinary team of scholars from the University of California, Berkeley aims to help local-level policymakers better understand how cybersecurity risks vary among different “smart city” technologies. “The Cybersecurity Risks of Smart City Technologies: What Do The Experts Think?” presents results from a 2020 survey in which 76 cybersecurity experts ranked different technologies according to underlying technical vulnerabilities, their attractiveness to potential attackers, and the potential impact of a successful serious cyberattack.

January 20, 2021

CLTC Report: An Evaluation of Online Security Guides for Journalists

This report, “An Evaluation of Online Security Guides for Journalists,” posits that a key reason why journalists do not take sufficient action to protect themselves online is that there is an overwhelming amount of security advice on the internet, most of which is difficult for journalist-readers to understand or translate into practice, and difficult for the guides’ authors to keep up to date. Authored by Kristin Berdan, a fellow at the Citizen Clinic and research fellow at the University of Toronto’s Citizen Lab, the paper is based upon an analysis that included a review of 33 online security guides available on the public internet that are geared toward journalists. The paper concludes with recommendations to make guides and security education of journalists overall more effective.

December 15, 2020

Designing Risk Communications: A Roadmap for Digital Platforms

“Designing Risk Communications, that looks at some of the existing risk communication practices used by digital platforms, and provides a framework that firms can use to more effectively communicate risks to their users. Published as part of the CLTC White Paper Series, the report was authored by Jessica Newman, CLTC Research Fellow and Program Lead for the AI Security Initiative; Ann Cleaveland, CLTC’s Executive Director; Grace Gordon, a Master of Development Practice student at UC Berkeley who was a 2020 Summer Graduate Student Researcher at CLTC; and Steven Weber, Faculty Director of CLTC and current Associate Dean and Head of School of the UC Berkeley School of Information.

October 6, 2020

CLTC and McAfee Study: MITRE ATT&CK Improves Security, But Many Struggle to Implement

Together with McAfee®, a device-to-cloud cybersecurity company, CLTC has released a new research study, MITRE ATT&CK as a Framework for Cloud Threat Investigation, focused on threat investigation in the cloud through the lens of the most widely adopted framework, MITRE ATT&CK. Authored by Jasdeep Basra and Tanu Kaushik from UC Berkeley’s…

September 22, 2020

CLTC Report: “Security Implications of 5G Networks”

A new report published by the Center for Long-Term Cybersecurity explores how the widespread adoption of fifth-generation (5G) cellular service will lead to improvements in security — and also expose new threats and attack vectors. The report, “Security Implications of 5G Networks,” is authored by Jon Metzler, a lecturer at the Haas School of Business at UC Berkeley and founder of Blue Field Strategies, a consulting firm helping infrastructure clients such as network operators. The report is based upon research and interviews that Metzler conducted with support from a CLTC grant.

September 8, 2020

New Paper: “A Data Sharing Discipline”

A new white paper from the Center for Long-Term Cybersecurity (CLTC) explores the increasingly important domain of data sharing, when individuals and/or organizations voluntarily share data for mutual benefit. The paper considers an array of questions related to the sharing of data, which in recent years has become a valuable asset as organizations use algorithms to extract insights and drive decision-making.

June 23, 2020

“A New Era for Credit Scoring: Financial Inclusion, Data Security, and Privacy Protection in the Age of Digital Lending”

The Center for Long-Term Cybersecurity (CLTC) has published a new report, A New Era for Credit Scoring: Financial Inclusion, Data Security, and Privacy Protection in the Age of Digital Lending, that examines the trade-offs associated with digital lending platforms in India. By providing small loans to consumers through their mobile phones, lending apps have broadened access to credit for low-income borrowers. But they have also introduced new threats to fairness, privacy, and digital security, as lenders use an array of personal data — including age, location, and even personal contacts — to gauge an individual’s willingness and ability to pay.

June 3, 2020

New Report: Digital Safety Technical Assistance at Scale

“Digital Safety Technical Assistance at Scale,” a report by Sean Brooks, Director of the Center for Long-Term Cybersecurity’s Citizen Clinic program, explores the opportunities and challenges of expanding the digital safety technical assistance resources available to civil society organizations. The report draws in part upon lessons learned from the first two years of operating Citizen Clinic, a first-of-its-kind program that engages interdisciplinary teams of UC Berkeley students to provide digital safety services to politically targeted civil society organizations.

May 5, 2020

Decision Points in AI Governance

“Decision Points in AI Governance” takes an in-depth look at recent efforts to translate artificial intelligence (AI) principles into practice. Authored by CLTC Research Fellow and AI Security Initiative (AISI) Program Lead Jessica Cussins Newman, the report provides an overview of 35 efforts already under way to implement AI principles, and highlights three recent efforts as case studies.

March 18, 2020

Looking Over the Horizon: A Report on Five Years of Growth and Impact at CLTC

  To mark our five-year anniversary, the Center for Long-Term Cybersecurity (CLTC) has produced a new report looking back on what we’ve achieved so far — and where we’re going. “Five years ago, we launched CLTC with a mission to look over the horizon,” wrote Steve Weber and Ann Cleaveland,…

February 5, 2020

“What, So What, Now What?”: Adversarial Machine Learning

    CLTC has launched a new series of “explainer videos” to break down complex cybersecurity-related topics for a lay audience. The first of these videos focuses on “adversarial machine learning,” when AI systems can be deceived (by attackers or “adversaries”) into making incorrect assessments. An adversarial attack might entail…

February 5, 2020

Post-Mortem 2020: Looking Back on CLTC’s Scenarios from 2020

In 2015, CLTC developed a set of scenarios depicting various “cybersecurity futures” for the year 2020. As the year 2020 has arrived, Professor Steve Weber, Faculty Director for CLTC, wrote a post on the CLTC Bulletin assessing those scenarios, including what we foresaw — and what we didn’t.