The Berkman Klein Center has been at the heart of the cyberspace conversation since the early days of the internet and it is at the cutting edge of the modern digital landscape.
The internet is an incredible, powerful resource. Since the early days, there have always been questions about its impact, how it should be governed, how freedom should be protected, as well as how to safeguard users.
The Berkman Klein Center at Harvard University has asked many of these questions since it was established by Harvard Law School professors Charles Nesson and Jonathan Zittrain in 1996. In 2008, it was elevated to a university-wide centre.
Siliconrepublic.com spoke to senior cybersecurity and privacy researcher David O’Brien about his work, the centre and the future of the internet.
How the internet and policy co-exist
In short, O’Brien said the centre examines “how the internet and technology influence us and how policy reacts to it”, from a multidisciplinary perspective. Everything from privacy and security to freedom of expression and internet governance has been, or is being, looked at by the centre in some shape or form.
As a lead in the area of cybersecurity and privacy, O’Brien works a lot in these fields to examine ways in which common internet practices and occurrences can be improved upon. One such area is the concept of privacy when it comes to research data.
This collaborative project is funded by the National Science Foundation in the US and is also a collaboration with the Harvard Center for Research on Computation and Society, the Institute for Quantitative Social Science, Data Privacy Lab and MIT Libraries’ Program on Information Science.
One of the main projects within this is differential privacy, which is a rigorous mathematical definition of privacy. O’Brien explained: “Traditionally, we strip information out of datasets; this is what we used to call anonymisation (now de-identification), making it more difficult for someone to re-identify an individuals in a dataset.” There is a problem with this, as often there may be other datasets out there that can provide other information to identify people and breach their privacy.
With differential privacy, “rather than setting a floor, it introduces a ceiling”. It does this via software that uses an algorithm, which “introduces some very carefully calculated amounts of noise”. This could enable different tiers of access to sensitive data and, although it is not perfect, O’Brien said it is “progress in a space when there is not a lot of interest from the private sector at times in developing techniques”.
Growing public interest in privacy
O’Brien said there is a “growing public awareness” around privacy, citing incidents such as the Equifax breach and the Cambridge Analytica scandal as “a few drops in an enormous bucket” of digital privacy and data stories hitting headlines. GDPR is also a massive factor, as it is “pushing companies to think more about compliance”.
As it becomes even clearer that the law is often slower than the technological transformation, O’Brien was keen to note that the historical precedent for this has always been there. “Tech has always leapfrogged where the law has been.”
This is often intentional, O’Brien said. “The law moves much slower but that’s also by design. We don’t want to hastily make new laws that foreclose the propensity of innovators to create new and interesting things, but at the same time we don’t want them to get so far ahead of the law that it struggles catching up.”
The encryption debate
Another area of interest for O’Brien and the Berkman Klein Center team at Harvard is encryption, which presents “an endless list of issues” for both governments and industry. The surveillance debate is a major talking point at present, said O’Brien. “Encryption is something that has been discussed almost all over the world” and the area is “rife with trade-offs”.
The balance between allowing law enforcement to carry out investigations and the potential breach of individual privacy is a difficult one to strike. “If companies aren’t able to provide the contents of the communication to a law enforcement agency, then what might happen is these platforms get used for criminal purposes”. On the other side, “we are all hyper-aware of our vulnerability writ large when it comes to what we do online, so in some ways it is refreshing to see companies do more for our security than not”.
He said it is a debate that reopens every few years, but the change in government in the US makes it particularly unpredictable at present. “It’s tough to say what the next two years are going to hold.”
As well as encryption, “widespread espionage” by nation states around the world is something the centre is exploring. From the Stuxnet virus to WannaCry and NotPetya, O’Brien and fellow researchers have seen much more of this in recent times.
“The oddity here is that the battlefield for this is these platforms that are private companies that operate internationally,” he said, adding that there is a lack of a “strong set of norms”, creating particularly choppy waters to traverse. “We could really use more guidance than we have.”
He concluded by saying there needs to be once again a balance of trade-offs when it comes to this issue, highlighting the continuing importance of academic researchers in this space.