kaptchuk

It depends on the object of the sentence -- cybersecurity threats to whom? One answer might be something like ransomware that cripple critical infrastructure and companies. Alternatively, you could claim that subversion of cryptographic algorithms standards by nation states poses a huge threat to the security ecosystem that is very difficult to understand or spot.

My person answer might be the collection and aggregation of incredible amounts of information about individuals by companies and governments. I personally think that this poses a bigger existential threat to real people and the communities that they are a part of than something like ransomware. Unfortunately, addressing this problem is much more complicated than "software engineers need to be better at their jobs."

- Taking a course is the best way to get a foot in the door for doing research. Often times faculty (myself included) will basically insist that you take their course first so that they have an idea of your strengths. This is basically a survival mechanism for faculty, who often have too much going on.

- Office Hours! Especially the week after a homework assignment/project is due, office hours tend to be empty. Faculty have usually already committed to using that time to talk to students, so its the perfect time to start a conversation and getting to know each other. Maybe look a little bit at what kind of work the faculty member does and reach the introduction section of a couple papers. When you show up at office hours, starting a conversation about the kind of research they do -- even if you don't totally understand it -- will be easy! Faculty love talking about the stuff that they work on.

- Especially with larger research groups, building relationships with PhD students can be another helpful avenue in. TAs/TFs are often doing research and they probably also want to talk about it! As an undergrad you will often get paired with a PhD student anyhow to do research, so skipping the very busy middleperson and talking to the PhD students directly can be great.

- Seminar and Reading groups. Many research groups already are having speakers come in on a semi-regular basis. Send a faculty member an email asking where its happening and if its ok to show up. Then actually show up for a couple talks in a row. Faculty will notice when new people are showing up and you will get an idea of what kind of research the group is interested in.

I think what would be more helpful would be having widespread understanding of data processing paradigms at a high level. Programming languages aren't really necessary for understanding data processing paradigms. I don't think everyone need to understand how pointers work or recursion, which are classics of programming 101. Instead, it would be great if folks could understand how technology worked on a high-level schematic level. For instance, when i type "reddit" into my google search what happens. (1) some information about who I am and my query go to google, (2) google uses everything its learned about everyone to figure out what to send me back. (3) google sends me some data.

Having this level of understanding I think would make a big difference when it comes to having meaningful social commentary about the role of technology in our lives. It would mean that folks could start to imagine all the actors involved in surveillance capitalism. Understanding the problem would mean we could start working towards a society that is less extractive and harmful.

This is a great an challenging question. Heres some quick thoughts.

1. Have the application you imagine designed into the protocol from the get-go. When you write your definitions, don't be afraid to consider the social context in which your protocol could be used. Trying to cut out all the "politics and social considerations" from your protocol analysis will likely just mean that you have a protocol that risks causing harm.

2. If you are designing a protocol with the intention of actually having it deployed, its critical to be actively engaging with the community that you think will use it. Parachute crypto development will just yield protocols that don't match needs and get misused.

3. For me, I try to always say aware of the double edged sword that is cryptographic protocol development. Its easy to fall into a narrative about the destructive nature of technology or be absorbed by techno-saviorism. As a matter of practice, staying in the middle helps highlight the potential for abuse and harm

4. Its always possible for your math to get used for something you didn't intend it to be used for. Once it is out in the universe, you can't control it. But, you can stay active in advocating for its use in positive ways. This political aspect of designing cryptographic protocols cant just be ignored. I think that producing a protocol -- even just as research -- means that you are accepting the role of continuing to comment on the development and use of that protocol.

I was this kid in my first security/privacy course, I'm ashamed to say. I start out my course with discussing this exact issue.

I usually take a three pronged approach

(1) You might not need privacy now, but you don't know if you will need it in the future. Its hard to get rid of information about you once its out there. Something might happen in your future, and its easy to prepare for that future now.

(2) Even if you as an individual don't need privacy, data privacy isn't always about you. We need to be building systems that protect the most vulnerable among us. You should care about data privacy and invest in systems that promote data privacy because that means that folks who desperately need the privacy can have it. Note that what these folks might have to hide isn't illicit -- its just that systems of oppression mean that the value of personal information varies person to person

(3) Even if you dont care about the privacy of folks with marginalized identities, you should care about building a functioning society. Living in the panopticon, powered by a few companies and governments conducting massive amounts of digital surveillance, is bad for humanity as a whole. Promoting data privacy can be part of your effort into making society better.