1. Knowledge Transfer - Policy Deirdre K. Mulligan School of Law School of Information University of California, Berkeley

2. Policy Audiences Colleagues and students TRUST; other academics; other disciplines Policy makers Legislative; regulatory; administrative Federal; state; local Private Sector Entities and individuals Technologists Private and public sector

3. Privacy Workshop “Exploring the Privacy Implications of Trustworthy Systems” - October 2006 Two-day workshop for TRUST graduate students from Berkeley, Stanford, Cornell Students and post docs presented their work to TRUST faculty and nationally-recognized privacy- policy experts – Kevin Bankston, Electronic Frontier Foundation – Janlori Goldman, Health Privacy Project – Jim Dempsey, Center for Democracy Workshop identified privacy issues within students’ research, and brainstormed on future interdisciplinary collaborations. – Several papers resulted, additional joint work in progress

4. Visual Privacy Symposium “Unblinking: New Perspectives on Visual Privacy in the 21 st Century” Symposium discussed the implications of increased network surveillance, cameras in public places, and public policy responses to this technology Participants included US and international experts in art, law, engineering, psychology, architecture, urban planning, sociology, human rights – Wiki, several forthcoming papers, collaborations

5. Coding for Policy & Regulating Design New reading group includes TRUST students Considers whether, when and how to embed policy in technical systems Emboding Values in technical design Considering entry points available for influencing technology design When technology design should be viewed as policy-making Who should be responsible for identifying and addressing

6. Private Sector: understanding and creating incentives Organizational Behavior Effects of Security Breach laws – More information Absent legal requirement only 20% of firms will report serious breaches (FBI/CSI 2005) – Broad reach -- electronic data – Privacy laws highly fragmented, sectoral, difficult to adjust – Security process focused  lacking performance metrics. – Put a price tag on failure Two studies underway – Theoretical, role of light-weight information disclosure as regulation model can play in raising security investment and practices (comparison to environmental sector) – Empirical analyzing breach type, relationship to consumer, remedial measures, disclosure practices. Which state provisions are more effective? Classifying breach types and feasible technology or policy solutions.

7. Private sector controls 85% of critical infrastructure Research underway to understand private sector officials (Chief Privacy Officers and Chief Security Officers) processes around privacy and security: – Policy development and implementation – Investment decisions – Relation to reputation and risk management Extent to which decisions are influenced by: – External factors Market, law, standard setting orgs, insurance – Internal factors Position, access, background – Technology Availability, price, standards Private Sector: understanding and creating incentives

8. Government: managing policy- significant technology change How have agencies identified and managed policy significant technological change? Case studies RFID Epassport Study How does government approach shape Understanding of security/privacy issues adoption of security/privacy mechanisms Remotely available court records Comparative (Germany/US) Engagement with DHS, DOS, CA leg RFID Video Theoretical => practical

9. Policy-makers Federal Trade Commission – Participated in “Protecting Consumers in multiple sessions of the Next Tech-ade” – Presented at “Negative Options Workshop” regarding effect of “short-notices” for consumers before installing software Department of Homeland Security - Testified before DHS Security Data Privacy and Integrity Advisory Committee. - Ongoing work on video surveillance with DHS and PIAC - Upcoming nprm-related workshop on REAL ID - Policy framework for information and network security research California Energy Commission – Held seminar for Commissioner Rosenfeld on security and privacy concerns re: “demand response” energy systems – Working with CEC to facilitate their access to data for energy forecasting & conservation in a way that protects privacy San Francisco, Fresno – Video surveillance assessment and policy development Anti-spyware coalition – Input into best practices – Input into litigation and enforcement

10. Policy-makers, cont’d Invited to testify before Senate Subcommittee on Terrorism, Technology & Homeland Security Briefed House and Senate on TRUST – Offices of Senators Feinstein, Boxer, Rockefeller, Webb – Senate and House Committees on the Judiciary – Offices of Representatives Lofgren, Lee, Eschoo Participated in the Congressional Internet Caucus’s “State of the Net” conference. – This summer state of the net west – Workshops on social networking and privacy and behavioral targeting Ongoing work with Federal and State legislatures Initial groundwork for TRUST researcher briefings at FTC and with Internet caucus