elsehow

I am Nick Merrill, a research scientist at the U.C. Berkeley Center for Long-Term Cybersecurity (CLTC), and worker-owner of DAO DAO.

I live in the traditional territory of the Ohlone people, who have still not been recognized by the U.S. federal government. If you do too, check out ‘oṭṭoytak/Cafe Ohlone and consider giving shuumi.

A timeline of research questions I’ve worked on

2019: Who controls the internet? Who should control the internet?

• Internet concentration. The internet is not controlled by any one party. However, a handful of (mostly) U.S.-domiciled corporations own so much of the internet’s core infrastructure that any one of them could effectively switch the whole thing off.

  • Inside the Internet

  • Comments of Nick Merrill and Tejas N. Narechania, Business Practices of Cloud Computing Providers, No. FTC-2023-0028

  • Internet Society Pulse - Internet Concentration Dashboard - Our data powers this dashboard, which measures the overall level of concentration in core internet infrastructure (roughly, how few parties own how much of the internet).

• Internet fragmentation & geopolitics. Corporations may dominate the internet, but states have their own designs on it. As our research shows, the internet both shapes and reflects geopolitical relationships.

  • Internet Fragmentation: Beyond “free” and “closed”

  • Website blocking as a proxy of policy alignment

• What do we do about it? What do we want the internet’s governance structure to look like, if not this?

  • This internet, on the ground

2018: How can design methods improve the work of cybersecurity?

• Papers

  • Security Fictions: Bridging Speculative Design and Computer Security

  • Seeing Like a Toolkit: How Toolkits Envision the Work of AI Ethics

  • Differential Vulnerabilities and a Diversity of Tactics: What Toolkits Teach Us about Cybersecurity

  • Sensor illumination: Exploring design qualities and ethical implications of smart cameras and image/video analytics

• Artifacts

  • Adversary Personas - This thread modeling game is used by the U.S. Cybersecurity and Infrastructure Security Agency, Taiwan’s Ministry of Digital Affairs, and Meta.

2013: What can machines ‘know’ about the mind?

You’re at the park, it's a beautiful day, the light is shimmering off the lake. If we outfit you with one or two electromagnetic sensors (in a headband for example), to what extent can we describe the way you feel in that moment? Using neural signals and/or signals generated by muscular activity? Can we communicate your state to other people?

• Papers

  • What users and designers think biosensors can reveal

    • Trust Your Heart: Assessing Cooperation and Trust with Biosignals in Computer-Mediated Interactions

    • Sensing is Believing: What People Think Biosensors Can Reveal About Thoughts and Feelings

    • From Scanning Brains to Reading Minds: Talking to Engineers about Brain-Computer Interface

  • Brain-computer interface/passthought authentication

    • Passthoughts authentication with low cost EarEEG

    • One-step, three-factor passthought authentication with custom-fit, in-ear EEG

  • My ultimate conclusion: Beliefs about what the mind is are shaped by the technologies we build and use—questions about the possibility of mind-reading are ultimately situated in the use and practice of technology.

    • Models of minds: reading the mind beyond the brain

    • Mind-Reading and Telepathy for Beginners and Intermediates: What People Think Machines Can Know About the Mind, and Why Their Beliefs Matter

• Artifacts

  • The Aaronson Oracle

Recurring themes

Some themes and topics recur in my research across research questions.

• AI

• The good life

• Social class

• Tech use/non-use

ewweh ṭuuxi huyyuwiš (brighter days lie ahead)