Call for Proposals
RESEARCH IN INTERNET POLICY
$125,000 per year for a maximum of two years
Online submission link (Submissions due Jan 31, 2017)
- $125,000 per year for a maximum of two years
- Requesting funding proposals from MIT PIs for research related to:
- System security research informed by behavioral and social science methods
- Privacy technology, human behavior and global public policy
- Surveillance policy and system resilience
- Critical infrastructure security
- Network infrastructure engineering and public policy
- Deadline for initial proposals (roughly 1 page submitted online) is January 31st 2017.
The mission of the Internet Policy Research Initiative (IPRI) is to work with policy makers and technologists to increase the trustworthiness and effectiveness of interconnected digital systems. We accomplish this through engineering and public policy research, education and engagement. We invite proposals from MIT faculty and principal investigators in all departments to further IPRI’s research mission.
There is a pressing need to bridge the gap between the technical and policy communities, and we are doing this with our fully interdisciplinary research approach that pulls together expertise from across the MIT community. With the support of a generous grant from the William and Flora Hewlett Foundation and the Ford Foundation, the MIT Internet Policy Research Initiative (IPRI), a cross-campus Initiative hosted at the MIT Computer Science and Artificial Intelligence Laboratory (CSAIL), is spearheading a multi-year effort with the goal of improving the intellectual and scientific landscape of Internet policy.
We have identified five broad focus areas and invite the MIT community to propose multidisciplinary research projects that can support any of the broad research themes.
Over the course of the first year of operation year, IPRI organized a series of Internet policy dialogues with government, industry and civil society groups from around the world in order to identify key research priorities and opportunities (see Appendix for summary of those activities). These include:
System security research informed by behavioral and social science methods
Privacy technology, human behavior and global public policy
Surveillance policy and system resilience
Critical infrastructure security
Network infrastructure engineering and public policy
We now seek research proposals from the MIT community with particular interest in the five topics identified as priority areas.
1. System security research informed by behavioral, social science and quantitative methods
Cybersecurity failures often occur not because of technical weakness, but rather because systems are designed and deployed without consideration for the impact of economic, behavioral or public policy factors affecting the system performance. We seek research that explores the relationship between security architectures and the social context in which they are deployed. Such research may address general purpose computing or network architectures, or may concentrate on specific cyber-physical systems. Projects in this area may also seek to explore ways in which different public policy frameworks may be designed to respond to such system dynamics to improve security properties.
2. Privacy technology, human behavior and global public policy
3. Surveillance policy and system resilience
A pressing Internet policy question on the global stage is the tension between the need for strong, end-to-end encryption and legitimate surveillance goals of law enforcement and national security agencies. Initial IPRI research (“Keys Under Doormats: Mandating insecurity by requiring government access to all data and communications”) has established the technical risks of mandating so-called ‘backdoors’ in crypto systems. The report’s timely release before the Apple vs. FBI case helped inform the encryption debate in the US and abroad. Now we seek research to explore options for both law enforcement and the technical community that will help meet needs to investigate crime and protect national security without compromising the security of our digital infrastructures.
4. Critical infrastructure security
Cyber attacks are a persistent, fundamental and a growing problem as we increasingly leverage digital networks in our society. Any critical infrastructure failures can have catastrophic and cascading effects across the economy. Integrating data connectivity into new and existing critical infrastructures introduces new attack vectors and increases system complexity in a way that can put these systems at risk. IPRI held several workshops in 2015-2016 examining the challenge of protecting critical infrastructures against cyber attacks in four critical infrastructure sectors: Electricity, Finance, Communications, and Oil & Natural Gas. These meetings pulled together high-level network managers, key government officials, and academic engineering and policy experts to discuss challenges and research needs. The policy aspects of critical infrastructure security are a rich research stream that we would like to develop. We are looking for projects that can connect critical infrastructure security to policy levers.
5. Network infrastructure engineering and public policy
The Internet is ushering in dramatic changes throughout our society, and relies on network infrastructure engineering to accommodate rapid growth in demand for bandwidth, ensure that networks are reliable, and provide a platform for continued innovation. Policymakers have taken very different approaches to encourage physical network rollouts, allow access to spectrum, and regulate how data is handled as it passes over the network. We are interested in research projects that connect cutting-edge network infrastructure engineering with public policy goals and outcomes.
Developing educational pathways - In addition to supporting research, IPRI’s mission includes developing new education pathways in a variety of disciplines. The long run creation of a new field of study can only be considered complete if there are clear pathways for students at all levels of study and in all relevant disciplines. We will consider proposals to develop new educational opportunities, whether in the form of new course offerings or other educational activities for students in this new field.
Proposal requirements and selection process
The research awards are for up to $125,000 per year for a maximum of two years. The IPRI Research Council requests submission of short, one page project summaries, from which the Committee will select teams to submit more detailed final proposals. In exceptional cases, the Committee may consider larger-scale awards.
Proposals will be evaluated according to the following criteria:
Cross-disciplinary research synergy - This RFP will favor cross-disciplinary research projects with teams comprising faculty, staff and students from a diversity of disciplines.
Alignment between public policy questions and research topics - Scholars from a number of disciplines including economics, engineering, political science, and others have a great deal to contribute to helping policymakers make more nuanced, forward-looking decisions about Internet policy. A goal of this project is to develop research activities that enhance the benefits of the Internet in the real world.
Impact on public policy dialogue - The aim of the Initiative is to make substantial contributions to the global public policy debate, including but not limited to the United States. Successful projects supported by this RFP will produce conceptual frameworks, formal models, data, and policy analysis that make a contribution to the terms of debate in policy venues around the world.
Formal frameworks to guide research - Internet policy debates in policy making centers around the world are, today, populated by advocates for various points of view, sometimes with shallow support for their positions. We aim to contribute research that provides a strong engineering, social and behavior scientific ground for choosing amongst various policy options.
This RfP is launching in late 2016 with funding available at the beginning of 2017 for projects selected by the Research Council.
The selection process and timeline is as follows:
- January 31, 2017: Short proposals are due via the online prospectus form (approximately 1 page). The prospectus includes:
- Statement of research goal and contribution to IPRI mission
- Summary of research methodology
- Team members and relevant prior research
- Key deliverables (1 to 2 years)
- February 20, 2017: Selected teams contacted and invited to prepare full proposals
- March 15, 2017: Follow-up proposals are due from selected teams, including responses to Research Council comments and a full budget. Budget to be calculated using the overhead of 10% total direct costs.
- April 5, 2017: Research Council announces funding decisions.
- June 2017: Funding awards can be distributed
Appendix: Summary of IRPI Activities Engagement and Outreach Activities during year one of operation
In our first year of operation, IPRI launched several seed research projects and hosted a series of outreach events on campus to inform our developing research agenda and shape Internet policy discussions both domestically and abroad.
Encryption: The IPRI-led project analyzing security risks associated with proposals to redesign Internet infrastructures to meet law enforcement surveillance needs led to the publication of a peer-reviewed paper, “Keys Under Doormats: Mandating insecurity by requiring government access to all data and communications” authored by experts from across MIT and colleagues around the world. The report’s timely release before the Apple vs. FBI case helped inform the encryption debate in the US Congress and legislatures around the world. Based on this initial dialogue we now have requests from lawmakers, law enforcement agencies and many others to help identify constructive technical and public policy options forward. Research agenda going forward: We seek to fund research in computer security, law, international relations and related fields to analyze ways to address law enforcement needs in the digital environment while also addressing critical security, privacy and international relations issues.
Privacy: An IPRI partnership with the University of Amsterdam and the Dutch Data Protection Authority held a series of meetings and produced a privacy report that included a list of ten “privacy bridges” that warrant policy to help bridge the divide between policy approaches in the US and EU. Just as the report was about to be launched, a European Court of Justice decision in late 2015 overturned as invalid the US-EU Safe Harbor Program that provided the legal agreement whereby US firms could process EU residents’ personal data by qualifying for and meeting a certain set of principles and guidelines. The ten bridges identified in the report immediately became an important input for a new international agreement. Research agenda going forward: We have identified a gap in privacy technology and policy research such as better understanding of cross-cultural privacy attitudes, impact of privacy tensions on global trade in goods and services online, and the need to develop more flexible technical architectures which are adaptable to a variety of privacy rules around the world.
Critical Infrastructure security: IPRI sponsored a series of workshops in 2016 that looked at the challenge of protecting critical infrastructures against cyber attacks in various sectors. The workshops brought together separate working groups of network managers, key government officials, and academic engineering and policy experts to discuss four critical infrastructure sectors: Electricity, Finance, Communications, and Oil & Natural Gas. Among our keys findings is that neither infrastructure operators nor regulators and policymakers have the information and tools they need to effectively and efficiently set policies to protect these critical resources. Research agenda going forward: We seek to fund research that builds on MIT’s strength in control theory and other engineering disciplines that can create models to provide for formal expression of system security goals and a better understanding of how public policy will affect such the security properties of such systems.
The Director of the UK’s GCHQ, Robert Hannigan, came to MIT in March 2016 to deliver a public speech in support of strong encryption, following on from the Keys Under Doormats report.
These Internet economy topics are important to policy makers at the highest levels of government. IPRI hosted European Commission Vice President Andrus Ansip and US Secretary of Commerce Penny Pritzker in March 2016 to talk about the issues confronting the Internet and the broader digital economy. The discussion focused on security, privacy, free expression, intellectual property and the “Internet of Things”.
The European Data Protection Supervisor Giovanni Buttarelli spoke at MIT on ethics as the root of privacy and the future of data protection”.
IPRI co-organized and hosted a large forum on data privacy convened by the Massachusetts Attorney General at MIT in March 2016. The meeting drew in close to 400 people and covered topics such as consumer data privacy risks in an evolving digital marketplace, and the role of states in protecting consumer privacy.
Agenda going forward: We look to fund projects that strengthen MIT’s role as a key forum for policy makers, industry and civil society come to engage in policy and technology discussions.
Members of the IPRI Research Council