author = {Steven M. Bellovin and Adam Shostack and Tarah Wheeler},
  date = {2022-02-09},
  date-added = {2022-02-08 20:16:19 -0500},
  date-modified = {2022-02-09 09:22:28 -0500},
  journal = {Lawfare},
  month = {February 9,},
  title = {Ten Questions We Hope the {Cyber Safety Review Board}
		  Answers---and Three It Should Ignore},
  url = {https://www.lawfareblog.com/ten-questions-we-hope-cyber-safety-review-board-answers—and-three-it-should-ignore},
  year = {2022},
  bdsk-url-1 = {https://www.lawfareblog.com/ten-questions-we-hope-cyber-safety-review-board-answers%E2%80%94and-three-it-should-ignore}
  author = {Hal Abelson and Ross Anderson and Steven M. Bellovin and
		  Josh Benaloh and Matt Blaze and Jon Callas and Whitfield
		  Diffie and %Matthew Green and Susan Landau and Peter G.
		  Neumann and Ronald L. Rivest and Jeffrey I. Schiller and
		  Bruce Schneier and %Michael A. Specter and Vanessa Teague
		  and Carmela Troncoso},
  date = {2021-10-15},
  date-added = {2021-10-14 11:53:11 -0400},
  date-modified = {2021-10-21 21:59:31 -0400},
  month = {October 15,},
  title = {Bugs in our Pockets: The Risks of Client-Side Scanning},
  url = {https://www.cs.columbia.edu/~smb/papers/bugs21.pdf},
  year = {2021},
  bdsk-url-1 = {https://www.cs.columbia.edu/~smb/papers/bugs21.pdf}
  author = {Steven Bellovin and Adam Shostack},
  date = {2021-06-07},
  date-added = {2021-06-07 11:46:24 -0400},
  date-modified = {2021-06-07 12:14:57 -0400},
  journal = {Lawfare},
  month = {June 7,},
  title = {Finally! {A} Cybersecurity Safety Review Board},
  url = {https://www.lawfareblog.com/finally-cybersecurity-safety-review-board},
  year = {2021},
  bdsk-url-1 = {https://www.lawfareblog.com/finally-cybersecurity-safety-review-board}
  author = {Steven M. Bellovin},
  date-added = {2021-01-10 13:47:32 -0500},
  date-modified = {2021-01-10 13:47:32 -0500},
  journal = {Columbia Spectator},
  month = {October 13,},
  title = {Columbia's riots and rebellions in the 1970s},
  url = {https://www.columbiaspectator.com/opinion/2016/10/12/columbias-riots-and-rebellions-1970s/},
  year = {2016},
  bdsk-url-1 = {https://www.columbiaspectator.com/opinion/2016/10/12/columbias-riots-and-rebellions-1970s/}
  author = {Steven M. Bellovin},
  date = {2020-12-15},
  date-added = {2020-12-16 17:42:20 -0500},
  date-modified = {2020-12-16 17:44:11 -0500},
  month = {December 15,},
  title = {Testimony for the {New York City Council Committee on
		  Technology} Hearing on {``Benefits and Disadvantages of
		  Cloud-computing Systems''}},
  url = {https://www.cs.columbia.edu/~smb/papers/nyc-cloud.pdf},
  year = {2020},
  bdsk-url-1 = {https://www.cs.columbia.edu/~smb/papers/nyc-cloud.pdf}
  author = {Steven M. Bellovin},
  date = {2020-10-23},
  date-added = {2020-10-23 18:06:50 -0400},
  date-modified = {2020-10-23 18:06:50 -0400},
  journal = {Columbia News},
  month = {October 23,},
  title = {Mail-in Ballots Are Secure, Confidential, and
  url = {https://news.columbia.edu/in-mail-absentee-ballots-secure-vote-election},
  year = {2020},
  bdsk-url-1 = {https://news.columbia.edu/in-mail-absentee-ballots-secure-vote-election}
  author = {Steven M. Bellovin},
  date-added = {2020-03-06 14:08:23 -0500},
  date-modified = {2020-03-06 15:41:44 -0500},
  month = {February 25,},
  title = {Testimony for the {New York City Council Committee on
		  Technology and Committee on Small Business} Hearing on
		  {``Cybersecurity for Small Businesses''}},
  url = {https://www.cs.columbia.edu/~smb/papers/nyc-council-testimony.pdf},
  year = {2020},
  bdsk-url-1 = {https://www.cs.columbia.edu/~smb/papers/nyc-council-testimony.pdf}
  abstract = {The right to a fair trial is fundamental to American
		  jurisprudence. The Fifth Amendment of the Bill of Rights
		  guarantees ``due process,'' while the Sixth provides the
		  accused with the right to be ``confronted with the
		  witnesses against him.'' But ``time works changes, brings
		  into existence new conditions and purposes.'' So it is with
		  software. From the smartphones we access multiple times a
		  day to more exotic tools---the software ``genies'' of
		  Amazon Echo and Google Home---software is increasingly
		  embedded in day-to-day life. It does glorious things, such
		  as flying planes and creating CAT scans, but it also has
		  problems: software errors.
		  Software has also found its way into trials. Software's
		  errors have meant that defendants are often denied their
		  fundamental rights. In this paper, we focus on
		  ``evidentiary software''---computer software used for
		  producing evidence---that is routinely introduced in modern
		  courtrooms. Whether from breathalyzers, computer forensic
		  analysis, data taps, or even FitBits, computer code
		  increasingly provides crucial trial evidence. Yet despite
		  the central role software plays in convictions, computer
		  code is often unavailable to examination by the defense.
		  This may be for proprietary reasons---the vendor wishes to
		  protect its confidential software---or it may result from a
		  decision by the government to withhold the code for
		  security reasons. Because computer software is far from
		  infallible---software programs can create incorrect
		  information, erase details, vary data depending on when and
		  how they are accessed---or fail in a myriad of other
		  ways---the only way that the accused can properly and fully
		  defend himself is to have an ability to access the software
		  that produced the evidence. Yet often the defendants are
		  denied such critical access.
		  In this paper, we do an in-depth examination of the
		  problem. Then, providing a variety of examples of software
		  failure and discussing the limitations of technologists'
		  ability to prove software programs correct, we suggest
		  potential processes for disclosing software that enable
		  fair trials while nonetheless prevent wide release of the
		  code. },
  author = {Steven M. Bellovin and Matt Blaze and Susan Landau and
		  Brian Owsley},
  date = {2020-12},
  date-added = {2020-02-15 11:15:44 -0500},
  date-modified = {2021-10-16 12:15:21 -0400},
  journal = {Ohio State Technology Law Journal},
  month = {December},
  number = {1},
  title = {Seeking the Source: Criminal Defendants' Constitutional
		  Right to Source Code},
  url = {https://kb.osu.edu/bitstream/handle/1811/92288/OSTLJ_V17N1_001.pdf?sequence=1},
  volume = {17},
  year = {2020},
  bdsk-url-1 = {https://moritzlaw.osu.edu/ostlj/2020/12/22/seeking-the-source-criminal-defendants-constitutional-right-to-source-code/}
  author = {Simha Sethumadhavan and Steven M. Bellovin and Paul Kocher
		  and Ed Suh},
  date = {2019-02-07},
  date-added = {2019-02-07 19:38:37 -0500},
  date-modified = {2019-02-07 19:40:15 -0500},
  month = {February 7,},
  title = {Please Disclose Security Vulnerabilities!},
  url = {Simha Sethumadhavan, Steven M. Bellovin, Paul Kocher, Ed
  year = {2019},
  bdsk-url-1 = {Simha%20Sethumadhavan,%20Steven%20M.%20Bellovin,%20Paul%20Kocher,%20Ed%20Suh}
  author = {Steven M. Bellovin},
  date = {2019-01-24},
  date-added = {2019-01-24 20:13:32 -0500},
  date-modified = {2019-01-24 20:15:55 -0500},
  journal = {Ars Technica},
  month = {January 24,},
  title = {Yes, "algorithms" can be biased. {Here's} why},
  url = {https://arstechnica.com/tech-policy/2019/01/yes-algorithms-can-be-biased-heres-why/},
  year = {2019},
  bdsk-url-1 = {https://arstechnica.com/tech-policy/2019/01/yes-algorithms-can-be-biased-heres-why/}
  author = {Steven Bellovin and Susan Landau},
  date = {2018-10-26},
  date-added = {2018-12-16 10:57:43 -0500},
  date-modified = {2018-12-16 10:57:43 -0500},
  journal = {Lawfare},
  month = {October 26,},
  title = {Encryption by Default Equals National Security},
  url = {https://www.lawfareblog.com/encryption-default-equals-national-security},
  year = {2018},
  bdsk-url-1 = {https://www.lawfareblog.com/encryption-default-equals-national-security}
  abstract = {Today, all privacy regulations around the world are based
		  on the 50-year-old paradigm of notice and consent. It no
		  longer works. The systems we deal with---web pages with
		  their multiple levels of advertising, the Internet of
		  Things, and more---are too complex; consumers have no idea
		  what sites they are contacting nor what their privacy
		  policies are. Privacy harms are not well-defined,
		  especially under U.S. law. Furthermore, their privacy
		  policies are ambiguous and confusing. Use controls---the
		  ability for users to control how their data is used, rather
		  than who can collect it---are more promising but pose their
		  own challenges. I recommend research on a new privacy
		  paradigm, and give suggestions on interim changes to
		  today's privacy regulations until there is something new.
  author = {Steven M. Bellovin},
  date = {2018-11-07},
  date-added = {2018-11-07 11:19:47 -0500},
  date-modified = {2018-11-07 11:21:39 -0500},
  howpublished = {LawArXiv},
  month = {November},
  note = {Comments submitted to the NTIA request for comments on
  title = {Comments on Privacy},
  url = {https://osf.io/preprints/lawarxiv/5s2vt},
  year = {2018},
  bdsk-url-1 = {https://osf.io/preprints/lawarxiv/5s2vt}
  author = {Steven M. Bellovin and Peter G. Neumann},
  date = {2018-11},
  date-added = {2018-10-29 18:34:14 -0400},
  date-modified = {2018-10-29 18:35:26 -0400},
  journal = {Communications of the {ACM}},
  month = {November},
  number = {11},
  title = {The Big Picture},
  url = {http://www.csl.sri.com/users/neumann/cacm245.pdf},
  volume = {61},
  year = {2018},
  bdsk-url-1 = {http://www.csl.sri.com/users/neumann/cacm245.pdf}
  author = {Steven M. Bellovin and Matt Blaze and Dan Boneh and Susan
		  Landau and Ronald L. Rivest},
  date = {2018-05-07},
  date-added = {2018-05-07 17:05:15 +0000},
  date-modified = {2018-05-07 17:06:14 +0000},
  journal = {Ars Technica},
  month = {May 07,},
  title = {Op-ed: {Ray Ozzie's} crypto proposal---a dose of technical
  url = {https://arstechnica.com/information-technology/2018/05/op-ed-ray-ozzies-crypto-proposal-a-dose-of-technical-reality/},
  year = {2018},
  bdsk-url-1 = {https://arstechnica.com/information-technology/2018/05/op-ed-ray-ozzies-crypto-proposal-a-dose-of-technical-reality/}
  author = {Steve Bellovin},
  date-added = {2018-01-21 20:12:27 +0000},
  date-modified = {2018-01-21 20:13:35 +0000},
  journal = {Ars Technica},
  month = {January 21,},
  title = {Here's how to make sure {Hawaii's} missile warning fiasco
		  isn't repeated},
  url = {https://arstechnica.com/information-technology/2018/01/heres-how-to-make-sure-hawaiis-missile-warning-fiasco-isnt-repeated/},
  year = {2018},
  bdsk-url-1 = {https://arstechnica.com/information-technology/2018/01/heres-how-to-make-sure-hawaiis-missile-warning-fiasco-isnt-repeated/}
  author = {Jonathan Bair and Steven Bellovin and Andrew Manley and
		  Blake Reid and Adam Shostack},
  date-added = {2017-12-01 23:50:16 +0000},
  date-modified = {2018-09-14 16:10:21 -0700},
  journal = {Colorado Technology Law Journal},
  number = {2},
  title = {That Was Close! {Reward} Reporting of Cybersecurity ``Near
  url = {https://ctlj.colorado.edu/wp-content/uploads/2018/09/4-Shostack-8.7.18-FINAL.pdf},
  volume = {16},
  year = {2018},
  bdsk-url-1 = {https://ctlj.colorado.edu/wp-content/uploads/2018/09/4-Shostack-8.7.18-FINAL.pdf}
  author = {Steven Bellovin},
  date = {2017-10-05},
  date-added = {2017-10-05 17:25:04 +0000},
  date-modified = {2017-10-05 17:25:04 +0000},
  journal = {Vice Motherboard},
  month = {October 5,},
  title = {Replacing Social Security Numbers Is Harder Than You
  url = {https://motherboard.vice.com/en_us/article/pakwnb/replacing-social-security-numbers-is-harder-than-you-think},
  year = {2017},
  bdsk-url-1 = {https://motherboard.vice.com/en_us/article/pakwnb/replacing-social-security-numbers-is-harder-than-you-think}
  author = {Steven M. Bellovin and Susan Landau and Herbert S. Lin},
  date-added = {2016-11-23 23:03:06 +0000},
  date-modified = {2017-04-27 21:32:59 +0000},
  journal = {Journal of Cybersecurity},
  number = {1},
  title = {Limiting the Undesired Impact of Cyber Weapons: Technical
		  Requirements and Policy Implications},
  url = {https://academic.oup.com/cybersecurity/article/3/1/59/3097802/Limiting-the-undesired-impact-of-cyber-weapons},
  volume = {3},
  year = {2017},
  bdsk-url-1 = {https://academic.oup.com/cybersecurity/article/3/1/59/3097802/Limiting-the-undesired-impact-of-cyber-weapons}
  author = {Steven M. Bellovin and Adam Shostack},
  date = {2016-09-08},
  date-added = {2016-09-08 16:10:32 +0000},
  date-modified = {2016-09-08 16:12:57 +0000},
  month = {September},
  title = {Input to the {Commission on Enhancing National
  url = {https://www.cs.columbia.edu/~smb/papers/Current_and_Future_States_of_Cybersecurity-Bellovin-Shostack.pdf},
  year = {2016},
  bdsk-url-1 = {https://www.cs.columbia.edu/~smb/papers/fcc-nprm-bias.pdf}
  author = {Steven M. Bellovin},
  date = {2016-07-06},
  date-added = {2016-07-21 00:13:32 +0000},
  date-modified = {2016-07-21 00:18:45 +0000},
  month = {July},
  title = {Comments on ``{P}rotecting the Privacy of Customers of
		  Broadband Other Telecommunications Services''},
  url = {https://www.cs.columbia.edu/~smb/papers/fcc-nprm-bias.pdf},
  year = {2016},
  bdsk-url-1 = {https://www.cs.columbia.edu/~smb/papers/fcc-nprm-bias.pdf}
  abstract = {For more than forty years, electronic surveillance law in
		  the United States developed under constitutional and
		  statutory regimes that, given the technology of the day,
		  distinguished content from metadata with ease and
		  certainty. The stability of these legal regimes and the
		  distinctions they facilitated was enabled by the relative
		  stability of these types of data in the traditional
		  telephone network and their obviousness to users. But what
		  happens to these legal frameworks when they confront the
		  Internet? The Internet's complex architecture creates a
		  communication environment where any given individual unit
		  of data may change its status---from content to non-content
		  or visa-versa---as it progresses Internet's layered network
		  stack while traveling from sender to recipient. The
		  unstable, transient status of data traversing the Internet
		  is compounded by the fact that the content or non-content
		  status of any individual unit of data may also depend upon
		  where in the network that unit resides when the question is
		  asked. In this IP-based communications environment, the
		  once-stable legal distinction between content and
		  non-content has steadily eroded to the point of collapse,
		  destroying in its wake any meaningful application of the
		  third party doctrine. Simply put, the world of Katz and
		  Smith and the corresponding statutes that codify the
		  content/non-content distinction and the third party
		  doctrine are no longer capable of accounting for and
		  regulating law enforcement access to data in an IP-mediated
		  communications environment. Building on a deep technical
		  analysis of the Internet architecture, we define new terms,
		  communicative content, architectural content, and
		  architectural metadata, that better reflect the structure
		  of the Internet, and use them to explain why and how we now
		  find ourselves bereft of the once reliable support these
		  foundational legal structures provided. Ultimately, we
		  demonstrate the urgent need for development of new rules
		  and principles capable of regulating law enforcement access
		  to IP-based communications data. },
  author = {Steven M. Bellovin and Matt Blaze and Susan Landau and
		  Stephanie Pell},
  date-added = {2016-03-23 04:59:32 +0000},
  date-modified = {2021-04-16 16:31:49 -0400},
  journal = {Harvard Journal of Law and Technology},
  month = {Fall},
  number = {1},
  pages = {1--101},
  title = {It's Too Complicated: How the {Internet} Upends {\em
		  Katz}, {\em Smith}, and Electronic Surveillance Law},
  url = {http://jolt.law.harvard.edu/assets/articlePDFs/v30/30HarvJLTech1.pdf},
  volume = {30},
  year = {2016},
  bdsk-url-1 = {https://www.cs.columbia.edu/~smb/papers/internet-3rd-party.pdf}
  author = {Steven M. Bellovin and Matt Blaze and Susan Landau},
  date-added = {2016-03-03 23:20:16 +0000},
  date-modified = {2021-04-16 16:35:59 -0400},
  journal = {{IEEE} Computer},
  month = {March},
  note = {An earlier version is available at
  number = {3},
  pages = {14--24},
  title = {Insecure Surveillance: Technical Issues with Remote
		  Computer Searches},
  url = {https://www.computer.org/csdl/magazine/co/2016/03/mco2016030014/13rRUEgarwD},
  volume = {49},
  year = {2016},
  bdsk-url-1 = {https://www.computer.org/cms/Computer.org/ComputingNow/issues/2016/06/mco2016030014.pdf}
  abstract = { Twenty years ago, law enforcement organizations lobbied
		  to require data and communication services to engineer
		  their products to guarantee law enforcement access to all
		  data. After lengthy debate and vigorous predictions of
		  enforcement channels ``going dark,'' these attempts to
		  regulate security technologies on the emerging Internet
		  were abandoned. In the intervening years, innovation on the
		  Internet flourished, and law enforcement agencies found new
		  and more effective means of accessing vastly larger
		  quantities of data. Today, there are again calls for
		  regulation to mandate the provision of exceptional access
		  mechanisms. In this article, a group of computer scientists
		  and security experts, many of whom participated in a 1997
		  study of these same topics, has convened to explore the
		  likely effects of imposing extraordinary access mandates.We
		  have found that the damage that could be caused by law
		  enforcement exceptional access requirements would be even
		  greater today than it would have been 20 years ago. In the
		  wake of the growing economic and social cost of the
		  fundamental insecurity of today's Internet environment, any
		  proposals that alter the security dynamics online should be
		  approached with caution. Exceptional access would force
		  Internet system developers to reverse ``forward secrecy''
		  design practices that seek to minimize the impact on user
		  privacy when systems are breached. The complexity of
		  today's Internet environment, with millions of apps and
		  globally connected services, means that new law enforcement
		  requirements are likely to introduce unanticipated, hard to
		  detect security flaws. Beyond these and other technical
		  vulnerabilities, the prospect of globally deployed
		  exceptional access systems raises difficult problems about
		  how such an environment would be governed and how to ensure
		  that such systems would respect human rights and the rule
		  of law. },
  author = {Abelson, Harold and Anderson, Ross and Bellovin, Steven M.
		  and Benaloh, Josh and Blaze, Matt and Diffie, Whitfield and
		  Gilmore, John and Green, Matthew and Landau, Susan and
		  Neumann, Peter G. and Rivest, Ronald L. and Schiller,
		  Jeffrey I. and Schneier, Bruce and Specter, Michael A. and
		  Weitzner, Daniel J.},
  date-added = {2015-11-24 16:07:02 +0000},
  date-modified = {2021-06-03 18:48:34 -0400},
  doi = {10.1093/cybsec/tyv009},
  issn = {2057-2085},
  journal = {Journal of Cybersecurity},
  month = {September},
  number = 1,
  publisher = {The Oxford University Press},
  title = {Keys Under Doormats: Mandating Insecurity by Requiring
		  Government Access to All Data and Communications},
  url = {https://academic.oup.com/cybersecurity/article/1/1/69/2367066?login=true},
  volume = 1,
  year = {2015},
  bdsk-url-1 = {http://dx.doi.org/10.1093/cybsec/tyv009}
  author = {Steven M. Bellovin and Matt Blaze and Susan Landau},
  date = {2014-10-31},
  date-added = {2014-10-31 19:48:47 +0000},
  date-modified = {2014-10-31 19:50:45 +0000},
  month = {October},
  title = {Comments on Proposed Remote Search Rules},
  url = {https://www.cs.columbia.edu/~smb/papers/rsearch.pdf},
  year = {2014},
  bdsk-url-1 = {https://www.cs.columbia.edu/~smb/papers/rsearch.pdf}
  abstract = {Mobile IP-based communications and changes in
		  technologies, including wider use of peer-to-peer
		  communication methods and increased deployment of
		  encryption, has made wiretapping more difficult for law
		  enforcement, which has been seeking to extend wiretap
		  design requirements for digital voice networks to IP
		  network infrastructure and applications. Such an extension
		  to emerging Internet-based services would create
		  considerable security risks as well as cause serious harm
		  to innovation. In this article, the authors show that the
		  exploitation of naturally occurring weaknesses in the
		  software platforms being used by law enforcement's targets
		  is a solution to the law enforcement problem. The authors
		  analyze the efficacy of this approach, concluding that such
		  law enforcement use of passive interception and targeted
		  vulnerability exploitation tools creates fewer security
		  risks for non-targets and critical infrastructure than do
		  design mandates for wiretap interfaces.},
  author = {Steven M. Bellovin and Matt Blaze and Sandy Clark and
		  Susan Landau},
  date = {2013-01/2013-02},
  date-added = {2013-02-02 20:51:50 +0000},
  date-modified = {2016-12-28 01:28:40 +0000},
  doi = {10.1109/MSP.2012.138},
  issn = {1540-7993},
  journal = {{IEEE} Security \& Privacy},
  keyword = {Computer security;Law enforcement;Peer to peer
		  innovation;CALEA;Communications Assistance for Law
		  Enforcement Act;exploit;law enforcement;national
  month = {January--February},
  number = {1},
  pages = {62--72},
  title = {Going Bright: Wiretapping without Weakening Communications
  url = {https://www.cs.columbia.edu/~smb/papers/GoingBright.pdf},
  volume = {11},
  year = {2013},
  bdsk-url-1 = {http://dx.doi.org/10.1109/MSP.2012.138},
  bdsk-url-2 = {https://www.cs.columbia.edu/~smb/papers/GoingBright.pdf}
  author = {Paula Hawthorn and Barbara Simons and Chris Clifton and
		  David Wagner and Steven M. Bellovin and Rebecca Wright and
		  Arnold Rosenthal and Ralph Poore and Lillie Coney and
		  Robert Gellman and Harry Hochheiser},
  date-modified = {2020-02-16 13:28:53 -0500},
  month = {February},
  note = {Report commissioned by the U.S. Public Policy Committee of
		  the Association for Computing Machinery},
  title = {Statewide Databases of Registered Voters: Study Of
		  Accuracy, Privacy, Usability, Security, and Reliability
  url = {https://www.acm.org/binaries/content/assets/public-policy/usacm/e-voting/reports-and-white-papers/vrd_report2.pdf},
  year = {2006},
  bdsk-url-1 = {http://usacm.acm.org/usacm/VRD/}
  author = {Steven M. Bellovin and Matt Blaze and Ernest Brickell and
		  Clinton Brooks and Vint Cerf and Whitfield Diffie and Susan
		  Landau and Jon Peterson and John Treichler},
  title = {Security Implications of Applying the {Communications
		  Assistance to Law Enforcement Act to Voice over IP}},
  url = {https://www.cs.columbia.edu/~smb/papers/CALEAVOIPreport.pdf},
  year = {2006},
  bdsk-url-1 = {https://www.cs.columbia.edu/~smb/papers/CALEAVOIPreport.pdf}
  author = {Steven M. Bellovin and Matt Blaze and David Farber and
		  Peter Neumann and Gene Spafford},
  month = {December},
  title = {Comments on the {Carnivore} System Technical Review
  url = {http://www.mattblaze.org/papers/carnivore_report_comments.html},
  year = {2000},
  bdsk-url-1 = {http://www.mattblaze.org/papers/carnivore_report_comments.html}
  author = {Steven M. Bellovin},
  date-modified = {2017-02-04 22:00:29 +0000},
  month = {July},
  note = {Testimony before the House Select Committee on Homeland
		  Security, Subcommittee on Cybersecurity, Science, Research,
		  \& Development, hearing on ``Cybersecurity---Getting it
		  Right''. Transcript at
  psurl = {https://www.cs.columbia.edu/~smb/papers/Statement.ps},
  smb-major = {yes},
  title = {Cybersecurity Research Needs},
  url = {https://www.cs.columbia.edu/~smb/papers/Statement.pdf},
  year = {2003},
  bdsk-url-1 = {https://www.cs.columbia.edu/~smb/papers/Statement.pdf}
  author = {Steven M. Bellovin and Scott O. Bradner and Whitfield
		  Diffie and Susan Landau and Jennifer Rexford},
  journal = {Communications of the {ACM}},
  note = {Note: this is a shorter version of ``Can it really
  title = {As Simple As Possible---But Not More So},
  url = {https://www.cs.columbia.edu/~smb/papers/simple-as-possible.pdf},
  xmonth = {August},
  xnumber = {8},
  xvolume = {54},
  year = {2011},
  bdsk-url-1 = {https://www.cs.columbia.edu/~smb/papers/simple-as-possible.pdf}
  abstract = {In 2004 the increasing number of attacks on U.S. federal
		  civilian agency computer systems caused the government to
		  begin an active effort to protect federal civilian agencies
		  against cyber intrusions . This classified program,
		  EINSTEIN, sought to do real-time, or near real-time,
		  automatic collection, correlation, and analysis of computer
		  intrusion information as a first step in protecting federal
		  civilian agency computer systems . EINSTEIN grew into a
		  series of programs, EINSTEIN, EINSTEIN 2, and EINSTEIN 3,
		  all based on intrusion-detection and intrusion-prevention
		  systems (IDS and IPS). Then there was public discussion of
		  extending the EINSTEIN system to privately held critical
		  infrastructure. \par Extending an EINSTEIN-like program to
		  the private sector raises serious technical and managerial
		  issues. Scale matters, as do the different missions of the
		  private sector and the public one. Expanding EINSTEIN-type
		  technology to critical infrastructure is complicated by the
		  complex legal and regulatory landscapes for such systems.
		  There are simply fundamental differences between
		  communication networks supporting the U.S. federal
		  government and those supporting the private-sector critical
		  infrastructures that create serious difficulties in
		  attempting to extend EINSTEIN-type technologies beyond the
		  federal sector. This paper examines the technology's
		  limitations, pointing out the problems involved in
		  expanding EINSTEIN beyond its original mandate.},
  author = {Steven M. Bellovin and Scott O. Bradner and Whitfield
		  Diffie and Susan Landau and Jennifer Rexford},
  date-modified = {2020-08-06 14:53:41 -0400},
  journal = {National Security Journal},
  publisher = {Harvard},
  title = {Can It Really Work? {Problems} with Extending {EINSTEIN~3}
		  to Critical Infrastructure},
  url = {https://www.cs.princeton.edu/~jrex/papers/einstein12.pdf},
  volume = {3},
  year = {2012},
  bdsk-url-1 = {http://harvardnsj.org/wp-content/uploads/2012/01/Vol.-3_Bellovin_Bradner_Diffie_Landau_Rexford1.pdf}
  author = {Steven M. Bellovin},
  date = {2013-10-15},
  date-modified = {2021-10-19 21:04:26 -0400},
  journal = {CNN.com},
  month = {October 15,},
  title = {Why Healthcare.gov Has So Many Problems},
  url = {http://www.cnn.com/2013/10/14/opinion/bellovin-obamacare-glitches/},
  year = {2013},
  bdsk-url-1 = {http://www.cnn.com/2013/10/14/opinion/bellovin-obamacare-glitches/}
  author = {Steven M. Bellovin},
  date = {2015-11-18},
  journal = {CNN.com},
  month = {November 18,},
  title = {The Danger of `Exceptional Access'},
  url = {http://www.cnn.com/2015/11/18/opinions/bellovin-encryption-debate/index.html},
  year = 2015,
  bdsk-url-1 = {http://www.cnn.com/2015/11/18/opinions/bellovin-encryption-debate/index.html}
  abstract = {Computer security research frequently entails studying
		  real computer systems and their users; studying deployed
		  systems is critical to understanding real world problems,
		  so is having would-be users test a proposed solution. In
		  this paper we focus on three key concepts in regard to
		  ethics: risks, benefits, and informed consent. Many
		  researchers are required by law to obtain the approval of
		  an ethics committee for research with human subjects, a
		  process which includes addressing the three concepts
		  focused on in this paper. Computer security researchers who
		  conduct human subjects research should be concerned with
		  these aspects of their methodology regardless of whether
		  they are required to by law, it is our ethical
		  responsibility as professionals in this field. We augment
		  previous discourse on the ethics of computer security
		  research by sparking the discussion of how the nature of
		  security research may complicate determining how to treat
		  human subjects ethically. We conclude by suggesting ways
		  the community can move forward.},
  author = {Maritza L. Johnson and Steven M. Bellovin and Angelos D.
  booktitle = {Financial Cryptography and Data Security},
  publisher = {Springer Berlin / Heidelberg},
  series = {Lecture Notes in Computer Science},
  title = {Computer Security Research with Human Subjects: Risks,
		  Benefits and Informed Consent},
  url = {https://www.cs.columbia.edu/~smb/papers/wecsr2011-irb.pdf},
  year = {2011},
  bdsk-url-1 = {https://www.cs.columbia.edu/~smb/papers/wecsr2011-irb.pdf}
  author = {Hal Abelson and Ross Anderson and Steven M. Bellovin and
		  Josh Benaloh and Matt Blaze and Whitfield Diffie and John
		  Gilmore and Peter G. Neumann and Ronald L. Rivest and
		  Jeffrey I. Schiller and Bruce Schneier},
  month = {May},
  note = {A report by an ad hoc group of cryptographers and computer
  title = {The Risks of Key Recovery, Key Escrow, and Trusted
		  Third-Party Encryption},
  url = {https://www.cs.columbia.edu/~smb/papers/paper-key-escrow.pdf},
  year = {1997},
  bdsk-url-1 = {https://www.cs.columbia.edu/~smb/papers/paper-key-escrow.pdf}
  abstract = {For years, legal wiretapping was straightforward: the
		  officer doing the intercept connected a tape recorder or
		  the like to a single pair of wires. By the 1990s, though,
		  the changing structure of telecommunications---there was no
		  longer just ``Ma Bell'' to talk to---and new technologies
		  such as ISDN and cellular telephony made executing a
		  wiretap more complicated for law enforcement. Simple
		  technologies would no longer suffice. In response, Congress
		  passed the Communications Assistance for Law Enforcement
		  Act (CALEA), which mandated a standardized lawful intercept
		  interface on all local phone switches. Technology has
		  continued to progress, and in the face of new forms of
		  communication---Skype, voice chat during multiplayer online
		  games, many forms of instant messaging, etc.---law
		  enforcement is again experiencing problems. The FBI has
		  called this ``Going Dark'': their loss of access to
		  suspects' communication. According to news reports, they
		  want changes to the wiretap laws to require a CALEA-like
		  interface in Internet software. CALEA, though, has its own
		  issues: it is complex software specifically intended to
		  create a security hole---eavesdropping capability---in the
		  already-complex environment of a phone switch. It has
		  unfortunately made wiretapping easier for everyone, not
		  just law enforcement. Congress failed to heed experts'
		  warnings of the danger posed by this mandated
		  vulnerability, but time has proven the experts right. The
		  so-called ``Athens Affair'', where someone used the
		  built-in lawful intercept mechanism to listen to the cell
		  phone calls of high Greek officials, including the Prime
		  Minister, is but one example. In an earlier work, we showed
		  why extending CALEA to the Internet would create very
		  serious problems, including the security problems it has
		  visited on the phone system. In this paper, we explore the
		  viability and implications of an alternative method for
		  addressing law enforcement's need to access communications:
		  legalized hacking of target devices through existing
		  vulnerabilities in end-user software and platforms. The FBI
		  already uses this approach on a small scale; we expect that
		  its use will increase, especially as centralized
		  wiretapping capabilities become less viable. Relying on
		  vulnerabilities and hacking poses a large set of legal and
		  policy questions, some practical and some normative. Among
		  these are: * Will it create disincentives to patching? *
		  Will there be a negative effect on innovation? (Lessons
		  from the so-called ``Crypto Wars'' of the 1990s, and, in
		  particular, the debate over export controls on
		  cryptography, are instructive here.) * Will law
		  enforcement's participation in vulnerabilities purchasing
		  skew the market? * Do local and even state law enforcement
		  agencies have the technical sophistication to develop and
		  use exploits? If not, how should this be handled? A larger
		  FBI role? * Should law enforcement even be participating in
		  a market where many of the sellers and other buyers are
		  themselves criminals? * What happens if these tools are
		  cpatured and repurposed by miscreants? * Should we sanction
		  otherwise-illegal network activity to aid law enforcement?
		  * Is the probability of success from such an approach too
		  low for it to be useful? As we will show, though, these
		  issues are indeed challenging. We regard them, on balance,
		  as preferable to adding more complexity and insecurity to
		  online systems.},
  author = {Steven M. Bellovin and Matt Blaze and Sandy Clark and
		  Susan Landau},
  date-modified = {2013-09-10 00:39:24 +0000},
  journal = {Northwestern Journal of Technology and Intellectual
  number = {1},
  title = {Lawful Hacking: Using Existing Vulnerabilities for
		  Wiretapping on the {Internet}},
  url = {http://scholarlycommons.law.northwestern.edu/njtip/vol12/iss1/1/},
  volume = {12},
  year = {2014},
  bdsk-url-1 = {http://scholarlycommons.law.northwestern.edu/njtip/vol12/iss1/1/}
  author = {Steven M. Bellovin and {Ren\'{e}e} M. Hutchins and Tony
		  Jebara and Sebastian Zimmeck},
  date-added = {2013-09-02 20:55:30 +0000},
  date-modified = {2021-02-01 21:06:07 -0500},
  journal = {NYU Journal of Law and Liberty},
  number = {2},
  pages = {555--628},
  title = {When Enough is Enough: Location Tracking, Mosaic Theory,
		  and Machine Learning},
  url = {https://digitalcommons.law.umaryland.edu/cgi/viewcontent.cgi?article=2379&context=fac_pubs},
  volume = {8},
  year = {2014},
  bdsk-url-1 = {http://lawandlibertyblog.com/s/Hutchins.pdf}
  author = {Matt Blaze and Steven M. Bellovin},
  month = {July},
  note = {Written testimony for a hearing on ``Fourth Amendment
		  Issues Raised by the FBI's `Carnivore' Program'' by the
		  Subcommittee on the Constitution, House Judiciary
  title = {Open {Internet} Wiretapping},
  url = {http://www.mattblaze.org/papers/openwiretap.html},
  year = {2000},
  bdsk-url-1 = {http://www.mattblaze.org/papers/openwiretap.html}
  author = {Steven M. Bellovin and Matt Blaze and Whitfield Diffie and
		  Susan Landau and Peter G. Neumann and Jennifer Rexford},
  date = {2008-01/2008-02},
  journal = {IEEE Security \& Privacy},
  month = {January--February},
  number = {1},
  pages = {24--33},
  title = {Risking Communications Security: Potential Hazards of the
		  {``Protect America Act''}},
  url = {https://www.cs.columbia.edu/~smb/papers/j1lanFIN.pdf},
  volume = {6},
  year = {2008},
  bdsk-url-1 = {https://www.cs.columbia.edu/~smb/papers/j1lanFIN.pdf}
  author = {Steven M. Bellovin and Matt Blaze and Whitfield Diffie and
		  Susan Landau and Peter G. Neumann and Jennifer Rexford},
  journal = {Communications of the ACM},
  month = {December},
  number = {12},
  title = {Internal Surveillance, External Risks},
  volume = {50},
  year = {2007}
  author = {Steven M. Bellovin},
  month = {July},
  title = {Submission to the {Privacy and Civil Liberties Oversight
		  Board}: Technical Issues Raised by the {Section} 215 and
		  {Section} 702 Surveillance Programs},
  url = {https://www.cs.columbia.edu/~smb/papers/PCLOB-statement.pdf},
  year = {2013},
  bdsk-url-1 = {https://www.cs.columbia.edu/~smb/papers/PCLOB-statement.pdf}
  author = {Yakov Rekhter and Paul Resnick and Steven M. Bellovin},
  booktitle = {Proceedings of Telecommunications Policy Research
  title = {Financial Incentives for Route Aggregation and Efficient
		  Address Utilization in the {Internet}},
  url = {https://www.cs.columbia.edu/~smb/papers/piara/index.html},
  year = {1997},
  bdsk-url-1 = {https://www.cs.columbia.edu/~smb/papers/piara/index.html}
  author = {Matt Blaze and Steven M. Bellovin},
  journal = {Communications of the ACM},
  month = {October},
  number = {10},
  title = {Tapping on my Network Door},
  url = {http://www.mattblaze.org/papers/carnivore-risks.html},
  volume = {43},
  year = {2000},
  bdsk-url-1 = {http://www.mattblaze.org/papers/carnivore-risks.html}
  author = {Fred Schneider and Steven M. Bellovin and Alan Inouye},
  booktitle = {Telecommunications Policy Research Conference},
  month = {October},
  psurl = {https://www.cs.columbia.edu/~smb/papers/tprc.ps},
  title = {Critical Infrastructures You Can Trust: Where
		  Telecommunications Fits},
  url = {https://www.cs.columbia.edu/~smb/papers/tprc.pdf},
  year = {1998},
  bdsk-url-1 = {https://www.cs.columbia.edu/~smb/papers/tprc.pdf}
  author = {Steven M. Bellovin and Matt Blaze and Susan Landau},
  journal = {Communications of the ACM},
  month = {November},
  note = {``Inside RISKS'' column},
  number = {11},
  title = {The Real National-Security Needs for {VoIP}},
  url = {https://www.cs.columbia.edu/~smb/papers/voip-calea.pdf},
  volume = {48},
  year = {2005},
  bdsk-url-1 = {https://www.cs.columbia.edu/~smb/papers/voip-calea.pdf}
  author = {Steven M. Bellovin},
  journal = {The Bridge},
  month = {Summer},
  number = {2},
  organization = {National Academy of Engineering},
  pages = {21--26},
  psurl = {https://www.cs.columbia.edu/~smb/papers/bridge.ps},
  title = {Wiretapping the {Net}},
  url = {https://www.cs.columbia.edu/~smb/papers/bridge.pdf},
  volume = {20},
  year = {2000},
  bdsk-url-1 = {https://www.cs.columbia.edu/~smb/papers/bridge.pdf}
  author = {Steven M. Bellovin and Preetam K. Dutta and Nathan
  date-modified = {2018-09-26 13:36:20 -0400},
  journal = {Stanford Technology Law Review},
  number = {1},
  title = {Privacy and Synthetic Datasets},
  url = {https://law.stanford.edu/publications/privacy-and-synthetic-datasets/},
  volume = {22},
  year = 2019,
  bdsk-url-1 = {https://law.stanford.edu/publications/privacy-and-synthetic-datasets/}