Science, Technology, and Public Policy

The xz Utils backdoor incident reveals that the security of the global internet depends on countless obscure pieces of software written and maintained by even more obscure unpaid, distractible, and sometimes vulnerable volunteers. It’s an untenable situation, and one that is being exploited by malicious actors. Yet precious little is being done to remedy it.

Russia's 2022 invasion of Ukraine illuminated the long profound shadow of nuclear weapons over international security. Russia's nuclear threats have rightfully garnered significant attention because of the unfathomable lethality of nuclear weapons. However, the use of such weapons in Ukraine is only one way—albeit the gravest— that Russia could challenge the global nuclear order. Russia's influence extends deep into the very fabric of this order—a system to which it is inextricably bound by Moscow's position in cornerstone institutions such as the Nuclear Non-Proliferation Treaty (NPT) and the International Atomic Energy Agency (IAEA). From withdrawing from key treaties to stymieing resolutions critical of misconduct, Moscow has demonstrated its ability to challenge the legitimacy, relevance, and interpretations of numerous standards and principles espoused by the West.

Who should pay for massive, state-sponsored cyberattacks that cause billions of dollars’ worth of damage?

Authors Narayanamurti and Tsao propose a new architecture for how technoscientific knowledge advances, which maps to the actual operational practice of research and development nurtured at the iconic Bell Labs.

Kari A. Bingen and Heather W. Williams write that if Russia plans to deploy nuclear weapons in space to target satellites, the threat is definitely serious—and the U.S. should act fast.

The collection and sale of consumer data is too lucrative for companies to say no to participating in the data broker economy. New rules proposed by the Consumer Financial Protection Bureau may help eliminate the incentive for companies to buy and sell consumer data.

Sensors, actuators, and IoT devices will enable AI to interact with the physical plane on a massive scale. The question is, how does one build trust in its actions?

Spying has always been limited by the need for human labor. A.I. is going to change that, says Bruce Schneier.

Teaching generative AI systems to manipulate tools has the potential to supercharge AI applications - and comes with tremendous risks.

ChatGPT and other natural language models have recently sparked considerable intrigue and unease. Governments and businesses are increasingly acknowledging the role of Generative Pre-trained Transformers (GPTs) in shaping the cybersecurity landscape. This article discusses the implications of using GPTs in software development and the potential impact on cybersecurity in the age of artificial intelligence (AI). While GPTs can improve efficiency and productivity for programmers, they will not replace human programmers due to the complex decision-making processes involved in programming beyond simply writing code. And while they may help in finding shallow bugs to prevent short-lived vulnerabilities, GPTs are unlikely to change the balance of power between offense and defense in cybersecurity.