The Center for Long-Term Cybersecurity is pleased to welcome two new members to our team: Sarah Powazek will be joining as Program Director of Public Interest Cybersecurity, and Hanlin Li will be a Visiting Scholar this fall and a Postdoctoral Scholar starting in 2023. Below are brief Q&As with Sarah and Hanlin.
As our first-ever Program Director of Public Interest Cybersecurity, Sarah Powazek will lead CLTC’s flagship work in this arena, including continuing to grow UC Berkeley’s Citizen Clinic and the newly launched Consortium of Cybersecurity Clinics. A graduate of MIT with a B.S. in Political Science (with a focus on technology policy), Sarah previously worked with CrowdStrike Strategic Advisory Services; prior to that, she was Program Manager of the Ransomware Task Force, an initiative led by the Institute for Security and Technology.
What interested you about the role of Program Director of Public Interest Cybersecurity?
I care deeply about working in the public interest. My very first job was working for the City of Cambridge, Massachusetts, and I think it is important to protect folks who need it the most. Many critical organizations, such as budget-strapped nonprofits, medical centers, and local governments, cannot necessarily afford to hire corporate consultants, so there is a real and critical role for CLTC to play in protecting these organizations and formulating solutions to fill these gaps. I have never seen a cybersecurity position that prioritizes filling these long-term gaps in cyber maturity, and that involves convening hackers and policy folks, so I knew right away it was something I wanted to be a part of.
What are some of the key past experiences you’ve had that relate to this role?
I have always enjoyed liaising between practitioner and policy communities. I’m coming to CLTC from CrowdStrike Strategic Advisory Services, where I interviewed infosec professionals, evaluated the company’s use of technical controls and cybersecurity risk, and packaged that into strategic advice for CISOs and C-Suite executives. I led engagements with nonprofit entities, hospitals, and Fortune 50 companies alike, and know what it takes to run assessments for vulnerable organizations with specific threat profiles.
Prior to that, I worked at a think tank as the Program Manager for the Ransomware Task Force, a group of over 60 experts from threat intelligence, government, and industry. I oversaw the production of their groundbreaking report on combating ransomware with a whole-of-government approach, which made waves as we saw several high-profile ransomware cases in Colonial Pipeline and JBS just a month later. This program solidified my belief that folks doing work on-the-ground should be integrally involved in creating long-term solutions to systemic cybersecurity issues. I’ve since spent my free time volunteering for community efforts like Hackers on the Hill, which brings hackers to Capitol Hill to speak directly with Congressional staffers, and DEF CON Policy, which hosts interactive public policy talks on content directly applicable to hackers.
What are you excited about when it comes to working at CLTC and UC Berkeley?
I am most excited to continue strengthening partnerships between technical practitioners and those who need their help most. As an academic institution, UC Berkeley has an incredible ability to convene the public and private sectors, and my goal is to facilitate a circle of trust between high-level decision-makers, organizations in need, and the hackers on the front lines. I am thrilled to be joining a hub of experts on the West Coast — there is so much talent and goodwill in the California cyber community and especially in the Bay Area, and it is a great resource for UC Berkeley to be able to host these conversations right at the heart of technological development.
Also, I’m looking forward to working with all the UC Berkeley students and helping them explore career paths in public interest cybersecurity. Students are volunteering their time at CLTC’s Citizen Clinic, and I want to make sure they have every opportunity to stay in the field. I’m also excited to help expand the clinic model to other universities through the Consortium of Cybersecurity Clinics.
Hanlin Li is a fifth-year PhD Candidate in Technology and Social Behavior at Northwestern University. This fall, she will be joining CLTC as a Visiting Scholar, then (upon completion of her PhD) she will be a Postdoctoral Scholar, leading the development of a multidisciplinary research program on data scraping and data privacy issues at scale. Hanlin will begin as Assistant Professor at the University of Texas, Austin in August 2023.
Hanlin’s research focuses on reimagining data collection and monetization approaches, with the goal of developing more equitable and democratic data governance models and empowering the public in its relationship with technology companies. Among her recent publications is “Measuring the Monetary Value of Online Volunteer Work,” which received honorable mention for best paper at the International Conference on Web and Social Media 2022. Hanlin’s work has been covered by Bloomberg, MIT Technology Review, The New York Times, Fortune, and other outlets.
What is the primary focus of your research?
My research focuses on investigating how we’re all working for big tech companies, in that we’re using our volunteer time to subsidize for-profit businesses and help them make revenue. A good example of this is when people write ratings that not only help others find better restaurants, but also generate advertising revenue for platforms like Google Maps and Yelp. This business model can be seen in a lot of other products. My work has been focused on how people volunteer, and what is the monetary value of this volunteer work. I’m also hoping to work more on data governance as a way to allow people to have a say in how the data they voluntarily generate is used downstream.
What are some of the key takeaways or findings from your research?
One key finding is that the data people are giving away is of tremendous value for technology companies. In some cases, people volunteering is the primary force keeping a company sustainable. Moderators on Reddit, for example, are constantly working on the platform to help the company keep the conversation civil. The other part that I’m experimenting with is, how can we fairly compensate people for their time and effort? Yelp has organized social events for their expert reviewers to make sure they are constantly producing content for the platform, and YouTube has a monetization program where influencers can earn a share of the advertising on their channel. There are ways of distributing the benefits or having some form of compensation. Now my next step is figuring out how to redistribute the benefits more broadly to the public. How can we make sure that the data economy benefits everyone without exacerbating income inequality?
What will you be doing in your role at CLTC?
This fall, I will be helping to organize a workshop related to data scraping. A lot of the data sets we collect for academic research come from data scraping, so the research community is benefitting from all the data that is generated by the public. But on the other hand, I can see why companies have concerns about how their user profiles are being scraped. ClearView AI made a huge mistake by scraping images of people’s faces, and that has caused a lot of controversy. There’s a lot of tension between these two groups, so I’m hoping that with this position, I can help these two communities find a collaborative approach — where we can help researchers do good research, but also preserve user privacy and address other concerns the companies may have.
The job at CLTC is a very good match with my interest in thinking through privacy issues around data. The broader context of my research is thinking about data as a public good. Right now, data is primarily governed by a few industry practitioners. I’m thinking through how we can involve more people to make decisions about data. That’s one of the goals of the CLTC postdoc. There’s great overlap, and I’m looking forward to joining.