Steven M. Bellovin. Is cybersecurity liability a liability? IEEE Security & Privacy, 21(4):100, July--August 2023. [ bib | http ]

Steven M. Bellovin. Open source and trust. IEEE Security & Privacy, 20(2):107--108, March-April 2022. [ bib | DOI | http ]

Steven M. Bellovin. Policies on privacy. IEEE Security & Privacy, 18(2):76--76, March--April 2020. [ bib | DOI ]

Keywords: computer security;privacy

Steven M. Bellovin. Layered insecurity. IEEE Security & Privacy, 17(3):96--95, May-June 2019. [ bib | http ]

Steven M. Bellovin. Toward a national cybersecurity policy. IEEE Security Privacy, 16(3):108--108, May--June 2018. [ bib | DOI ]

Keywords: Last Word;policy;security

S. M. Bellovin. Unnoticed consent [last word]. IEEE Security Privacy, 16(6):80--79, Nov--Dec 2018. [ bib | DOI ]

Addresses the issue of information privacy in an era that now has to deal with such regulations as the European Union's General Data Protection Regulation (GDPR). For more than 45 years, the root of privacy policy has been transparency and agreement: the subject must be told what is being collected and stored and then can assent or decline. This has generally been called notice and consent. The root is a 1973 U.S. government advisory committee report, which held, among other things, that people had the right to know what was being collected about them and to limit or prevent secondary uses of the data. These notions, the fair information practice principles (FIPPs), are the basis for laws around the world, up to and including the European Union's General Data Protection Regulation. These ideas have been with us for so long that they sound obviously correct. Perhaps they were, at the dawn of the web 25 years ago, but they no longer fit the modern world. The FIPPs no longer work, and, if we are to retain (or regain) privacy, we need a different basic structure.

Keywords: Privacy;Data privacy;Data protection;Best practices;General Data Protection Regulation;Government policies;Legislation

Steven M. Bellovin. Who are you? IEEE Security & Privacy, 15(6), November--December 2017. [ bib | http ]

Steven M. Bellovin. Jurisdiction and the internet. IEEE Security & Privacy, 15(3), May--June 2017. [ bib | http ]

Steven M. Bellovin. Easy email encryption. IEEE Security & Privacy, 14(6), November--December 2016. [ bib | http ]

Steven M. Bellovin. Attack surfaces. IEEE Security Privacy, 14(3):88--88, May--June 2016. [ bib | DOI ]

Keywords: security;attack surface;cryptography;cybersecurity

Steven M. Bellovin. What a real cybersecurity bill should address. IEEE Security & Privacy, 13(3):88--88, May--June 2015. [ bib | http ]

Steven M. Bellovin. The key to the key. IEEE Security Privacy, 13(6):96--96, Nov--Dec 2015. [ bib | DOI ]

Keywords: cryptography;cybersecurity;encryption

Steven M. Bellovin. What should crypto look like? IEEE Security & Privacy, 12(6):108--108, November--December 2014. [ bib | DOI ]

Keywords: Computer security;Cryptography;Electronic mail;Encryption;Failure analysis;Usability;cryptanalysis;cryptography;email security;encryption;key handling;security

Steven M. Bellovin. Dr. Strangecode. IEEE Security & Privacy, 12(3), May--June 2014. [ bib | http ]

Steven M. Bellovin. Walls and gates. IEEE Security & Privacy, 6(11), November--December 2013. [ bib | .pdf ]

Steven M. Bellovin. Military cybersomethings. IEEE Security & Privacy, 11(3):88, May--June 2013. [ bib | http ]

Steven M. Bellovin. The major cyberincident investigations board. IEEE Security & Privacy, 10(6):96, November--December 2012. [ bib | DOI ]

Steven M. Bellovin. Fighting the last war. IEEE Security & Privacy, 10(3), May--June 2012. [ bib | http ]

Steven M. Bellovin. Security think. IEEE Security & Privacy, 9(6), November--December 2011. [ bib | .pdf ]

Steven M. Bellovin. Clouds from both sides. IEEE Security & Privacy, 9(3), May--June 2011. [ bib | .pdf ]

Steven M. Bellovin. Perceptions and reality. IEEE Security & Privacy, 8(5), September--October 2010. [ bib | .pdf ]

Steven M. Bellovin. Identity and security. IEEE Security & Privacy, 8(2), March--April 2010. [ bib | .pdf ]

Steven M. Bellovin. Security as a systems property. IEEE Security & Privacy, 7(5), September--October 2009. [ bib | .pdf ]

Steven M. Bellovin. The government and cybersecurity. IEEE Security & Privacy, 7(2), March--April 2009. (Ignore the part that says I work for Microsoft---I don't...The editor and I both missed that in the galleys.). [ bib | .pdf ]

Steven M. Bellovin. The puzzle of privacy. IEEE Security & Privacy, 6(5), September--October 2008. [ bib | .pdf ]

Steven M. Bellovin. Security by checklist. IEEE Security & Privacy, 6(2), March--April 2008. [ bib | .pdf ]

Steven M. Bellovin. Seers and craftspeople. IEEE Security & Privacy, 5(5), September--October 2007. [ bib | .pdf ]

Steven M. Bellovin. DRM, complexity, and correctness. IEEE Security & Privacy, 5(1), January--February 2007. [ bib | .pdf ]

Steven M. Bellovin. On the brittleness of software and the infeasibility of security metrics. IEEE Security & Privacy, 4(4), July--August 2006. [ bib | .pdf ]

Steven M. Bellovin. Unconventional wisdom. IEEE Security & Privacy, 4(1), January--February 2006. [ bib | .pdf ]

Steven M. Bellovin. Security and privacy: Enemies or allies? IEEE Security & Privacy, 3(3), May--June 2005. [ bib | .pdf ]