Research Library

Representing Privacy Legislation as Business Risks

By: Andrew Chong, Richmond Wong

For this CLTC white paper, researchers Richmond Wong and Andrew Chong used Form 10-K documents — annual regulatory reports for investors that publicly traded companies must file with the U.S. Securities and Exchange Commission (SEC) — to analyze how nine major technology companies assess and integrate the business risks of privacy regulation like the EU’s General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and the California Privacy Rights Act (CPRA).

Cybersecurity Futures 2030: New Foundations

To better understand how diverse forces are shaping the future of cybersecurity for governments and organizations, the Center for Long-Term Cybersecurity (CLTC), the World Economic Forum Centre for Cybersecurity, and CNA’s Institute for Public Research collaborated on “Cybersecurity Futures 2030: New Foundations,” a foresight-focused research initiative that aims to inform cybersecurity strategic plans around the globe.

AI Risk-Management Standards Profile for General-Purpose AI Systems (GPAIS) and Foundation Models

By: Anthony Barrett, Jessica Newman, Brandie Nonnecke

Increasingly general-purpose AI systems, such as BERT, CLIP, GPT-4, DALL-E 2, and PaLM, can provide many beneficial capabilities, but they also introduce risks of adverse events with societal-scale consequences. This document provides risk-management practices or controls for identifying, analyzing, and mitigating risks of such AI systems. The document is intended primarily for developers of these AI systems; others that can benefit from this guidance include downstream developers of end-use applications that build on a general-purpose AI system platform. This document facilitates conformity with leading AI risk management standards and frameworks, adapting and building on the generic voluntary guidance in the NIST AI RMF and ISO/IEC 23894 AI risk management standard, with a focus on the unique issues faced by developers of increasingly general-purpose AI systems.

A Comparative Study of Interdisciplinary Cybersecurity Education

By: Lisa Ho, Sahar Rabiei, Drake White, A Comparative Study of Interdisciplinary Cybersecurity Education

Authored by Lisa Ho and researchers from the UC Berkeley School of Information, this report examines how different universities approach the challenge of teaching cybersecurity through an interdisciplinary lens, with a goal to guide other educational institutions as they develop and create their cybersecurity programs.

A Template for Voluntary Corporate Reporting on Data Governance, Cybersecurity, and AI

By: Jordan Famularo, A Template for Voluntary Corporate Reporting on Data Governance, Cybersecurity, and AI

Corporations are increasingly called upon to disclose their practices around technology, including how they manage data, cybersecurity, and artificial intelligence. Yet no clear standard prescribes what such reporting…

Future Directions in Corporate Disclosure on Digital Responsibility

A CLTC report, Future Directions in Corporate Disclosure on Digital Responsibility, authored by CLTC Postdoctoral Scholar Jordan Famularo, illustrates how institutional investors, technology firms, and civil society are engaged in an elaborate set of processes and communications that are shaping norms about how companies should disclose information related to digital responsibility. The paper examines organizational dynamics that deter companies from reporting on digital responsibility, as well as factors that enable or motivate them to disclose such data.

Privacy Legislation on the Ground: Effects of and Responses to the GDPR and CCPA

A new report from the Center for Long-Term Cybersecurity examines how firms have responded to two major privacy laws: the European Union’s General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).

A Taxonomy of Trustworthiness for Artificial Intelligence

By: Jessica Newman

A new report published by the UC Berkeley Center for Long-Term Cybersecurity (CLTC) aims to help organizations develop and deploy more trustworthy artificial intelligence (AI) technologies. “A Taxonomy of Trustworthiness for Artificial Intelligence: Connecting Properties of Trustworthiness with Risk Management and the AI Lifecycle,” by Jessica Newman, Director of CLTC’s AI Security Initiative (AISI) and Co-Director of the UC Berkeley AI Policy Hub, is a complement to the NIST AI Risk Management Framework.

A Secure and Equitable Metaverse: Designing Effective Community Guidelines for Social VR

By: Rafi Lazerson

Authored by Rafi Lazerson, this white paper calls upon Meta and other technology-makers to establish stronger, clearer guidelines to reduce the potential harms of “social virtual reality,” or social VR.

Moving Left and Right: Cybersecurity Processes and Outcomes in M&A Due Diligence

By: Andrew Reddie, Prakash Krishnan

This study from the the Center for Long-Term Cybersecurity presents a model framework to help organizations improve their consideration of cybersecurity risk as part of a merger or acquisition (M&A). Developed through interviews with academics and practitioners who are experts in M&A, the report, “Moving Left and Right: Cybersecurity Processes and Outcomes in M&A Due Diligence,” integrates insights and best practices to improve on due diligence for security risk.