policy.bib

@misc{bellovin.landau.ea:limiting,
  author = {Steven M. Bellovin and Susan Landau and Herbert S. Lin},
  date = {2016-11-23},
  date-added = {2016-11-23 23:03:06 +0000},
  date-modified = {2016-11-23 23:05:04 +0000},
  howpublished = {Draft},
  month = {November},
  note = {In submission.},
  title = {Limiting the Undesired Impact of Cyber Weapons: Technical
		  Requirements and Policy Implications},
  url = {https://papers.ssrn.com/sol3/papers.cfm?abstract_id=2809463},
  year = {2016},
  bdsk-url-1 = {https://papers.ssrn.com/sol3/papers.cfm?abstract_id=2809463}
}
@misc{bellovin.shostack:input,
  author = {Steven M. Bellovin and Adam Shostack},
  date = {2016-09-08},
  date-added = {2016-09-08 16:10:32 +0000},
  date-modified = {2016-09-08 16:12:57 +0000},
  month = {September},
  title = {Input to the {Commission on Enhancing National
		  Cybersecurity}},
  url = {https://www.cs.columbia.edu/~smb/papers/Current_and_Future_States_of_Cybersecurity-Bellovin-Shostack.pdf},
  year = {2016},
  bdsk-url-1 = {https://www.cs.columbia.edu/~smb/papers/fcc-nprm-bias.pdf}
}
@misc{bellovin:comments,
  author = {Steven M. Bellovin},
  date = {2016-07-06},
  date-added = {2016-07-21 00:13:32 +0000},
  date-modified = {2016-07-21 00:18:45 +0000},
  month = {July},
  title = {Comments on ``{P}rotecting the Privacy of Customers of
		  Broadband Other Telecommunications Services''},
  url = {https://www.cs.columbia.edu/~smb/papers/fcc-nprm-bias.pdf},
  year = {2016},
  bdsk-url-1 = {https://www.cs.columbia.edu/~smb/papers/fcc-nprm-bias.pdf}
}
@article{bellovin.blaze.ea:its,
  abstract = {For more than forty years, electronic surveillance law in
		  the United States developed under constitutional and
		  statutory regimes that, given the technology of the day,
		  distinguished content from metadata with ease and
		  certainty. The stability of these legal regimes and the
		  distinctions they facilitated was enabled by the relative
		  stability of these types of data in the traditional
		  telephone network and their obviousness to users. But what
		  happens to these legal frameworks when they confront the
		  Internet? The Internet's complex architecture creates a
		  communication environment where any given individual unit
		  of data may change its status---from content to non-content
		  or visa-versa---as it progresses Internet's layered network
		  stack while traveling from sender to recipient. The
		  unstable, transient status of data traversing the Internet
		  is compounded by the fact that the content or non-content
		  status of any individual unit of data may also depend upon
		  where in the network that unit resides when the question is
		  asked. In this IP-based communications environment, the
		  once-stable legal distinction between content and
		  non-content has steadily eroded to the point of collapse,
		  destroying in its wake any meaningful application of the
		  third party doctrine. Simply put, the world of Katz and
		  Smith and the corresponding statutes that codify the
		  content/non-content distinction and the third party
		  doctrine are no longer capable of accounting for and
		  regulating law enforcement access to data in an IP-mediated
		  communications environment. Building on a deep technical
		  analysis of the Internet architecture, we define new terms,
		  communicative content, architectural content, and
		  architectural metadata, that better reflect the structure
		  of the Internet, and use them to explain why and how we now
		  find ourselves bereft of the once reliable support these
		  foundational legal structures provided. Ultimately, we
		  demonstrate the urgent need for development of new rules
		  and principles capable of regulating law enforcement access
		  to IP-based communications data. },
  author = {Steven M. Bellovin and Matt Blaze and Susan Landau and
		  Stephanie Pell},
  date-added = {2016-03-23 04:59:32 +0000},
  date-modified = {2016-03-23 05:06:02 +0000},
  journal = {Harvard Journal of Law and Technology},
  month = {Fall},
  title = {It's Too Complicated: How the {Internet} Upends {{\em
		  Katz}}, {{\em Smith}}, and Electronic Surveillance Law},
  url = {https://www.cs.columbia.edu/~smb/papers/internet-3rd-party.pdf},
  volume = {30},
  year = {2016},
  bdsk-url-1 = {https://www.cs.columbia.edu/~smb/papers/internet-3rd-party.pdf}
}
@article{bellovin.blaze.ea:insecure,
  author = {Steven M. Bellovin and Matt Blaze and Susan Landau},
  date-added = {2016-03-03 23:20:16 +0000},
  date-modified = {2016-03-15 22:53:50 +0000},
  journal = {{IEEE} Computer},
  month = {March},
  note = {An earlier version is available at
		  {\url{https://www.cs.columbia.edu/~smb/papers/rsearch.pdf}}},
  number = {3},
  pages = {14--24},
  title = {Insecure Surveillance: Technical Issues with Remote
		  Computer Searches},
  url = {https://www.computer.org/cms/Computer.org/ComputingNow/issues/2016/06/mco2016030014.pdf},
  volume = {49},
  year = {2016},
  bdsk-url-1 = {https://www.computer.org/cms/Computer.org/ComputingNow/issues/2016/06/mco2016030014.pdf}
}
@article{abelson.anderson.ea:keys,
  abstract = { Twenty years ago, law enforcement organizations lobbied
		  to require data and communication services to engineer
		  their products to guarantee law enforcement access to all
		  data. After lengthy debate and vigorous predictions of
		  enforcement channels ``going dark,'' these attempts to
		  regulate security technologies on the emerging Internet
		  were abandoned. In the intervening years, innovation on the
		  Internet flourished, and law enforcement agencies found new
		  and more effective means of accessing vastly larger
		  quantities of data. Today, there are again calls for
		  regulation to mandate the provision of exceptional access
		  mechanisms. In this article, a group of computer scientists
		  and security experts, many of whom participated in a 1997
		  study of these same topics, has convened to explore the
		  likely effects of imposing extraordinary access mandates.We
		  have found that the damage that could be caused by law
		  enforcement exceptional access requirements would be even
		  greater today than it would have been 20 years ago. In the
		  wake of the growing economic and social cost of the
		  fundamental insecurity of today's Internet environment, any
		  proposals that alter the security dynamics online should be
		  approached with caution. Exceptional access would force
		  Internet system developers to reverse ``forward secrecy''
		  design practices that seek to minimize the impact on user
		  privacy when systems are breached. The complexity of
		  today's Internet environment, with millions of apps and
		  globally connected services, means that new law enforcement
		  requirements are likely to introduce unanticipated, hard to
		  detect security flaws. Beyond these and other technical
		  vulnerabilities, the prospect of globally deployed
		  exceptional access systems raises difficult problems about
		  how such an environment would be governed and how to ensure
		  that such systems would respect human rights and the rule
		  of law. },
  author = {Abelson, Harold and Anderson, Ross and Bellovin, Steven M.
		  and Benaloh, Josh and Blaze, Matt and Diffie, Whitfield and
		  Gilmore, John and Green, Matthew and Landau, Susan and
		  Neumann, Peter G. and Rivest, Ronald L. and Schiller,
		  Jeffrey I. and Schneier, Bruce and Specter, Michael A. and
		  Weitzner, Daniel J.},
  date-added = {2015-11-24 16:07:02 +0000},
  date-modified = {2015-11-24 16:07:22 +0000},
  doi = {10.1093/cybsec/tyv009},
  issn = {2057-2085},
  journal = {Journal of Cybersecurity},
  month = {September},
  number = 1,
  publisher = {The Oxford University Press},
  title = {Keys Under Doormats: Mandating Insecurity by Requiring
		  Government Access to All Data and Communications},
  url = {http://cybersecurity.oxfordjournals.org/content/early/2015/11/17/cybsec.tyv009},
  volume = 1,
  year = {2015},
  bdsk-url-1 = {http://dx.doi.org/10.1093/cybsec/tyv009}
}
@misc{bellovin.blaze.ea:comments,
  author = {Steven M. Bellovin and Matt Blaze and Susan Landau},
  date = {2014-10-31},
  date-added = {2014-10-31 19:48:47 +0000},
  date-modified = {2014-10-31 19:50:45 +0000},
  month = {October},
  title = {Comments on Proposed Remote Search Rules},
  url = {https://www.cs.columbia.edu/~smb/papers/rsearch.pdf},
  year = {2014},
  bdsk-url-1 = {https://www.cs.columbia.edu/~smb/papers/rsearch.pdf}
}
@article{blaze.clark.ea:going,
  abstract = {Mobile IP-based communications and changes in
		  technologies, including wider use of peer-to-peer
		  communication methods and increased deployment of
		  encryption, has made wiretapping more difficult for law
		  enforcement, which has been seeking to extend wiretap
		  design requirements for digital voice networks to IP
		  network infrastructure and applications. Such an extension
		  to emerging Internet-based services would create
		  considerable security risks as well as cause serious harm
		  to innovation. In this article, the authors show that the
		  exploitation of naturally occurring weaknesses in the
		  software platforms being used by law enforcement's targets
		  is a solution to the law enforcement problem. The authors
		  analyze the efficacy of this approach, concluding that such
		  law enforcement use of passive interception and targeted
		  vulnerability exploitation tools creates fewer security
		  risks for non-targets and critical infrastructure than do
		  design mandates for wiretap interfaces.},
  author = {Steven M. Bellovinand Matt Blaze and Sandy Clark and Susan
		  Landau},
  date = {2013-01/2013-02},
  date-added = {2013-02-02 20:51:50 +0000},
  date-modified = {2015-07-16 20:04:52 +0000},
  doi = {10.1109/MSP.2012.138},
  issn = {1540-7993},
  journal = {{IEEE} Security \& Privacy},
  keyword = {Computer security;Law enforcement;Peer to peer
		  computing;Privacy;Software;Surveillance;Technological
		  innovation;CALEA;Communications Assistance for Law
		  Enforcement Act;exploit;law enforcement;national
		  security;security;surveillance;telecommunications;wiretap;},
  month = {January--February},
  number = {1},
  pages = {62--72},
  title = {Going Bright: Wiretapping without Weakening Communications
		  Infrastructure},
  url = {https://www.cs.columbia.edu/~smb/papers/GoingBright.pdf},
  volume = {11},
  year = {2013},
  bdsk-url-1 = {http://dx.doi.org/10.1109/MSP.2012.138},
  bdsk-url-2 = {https://www.cs.columbia.edu/~smb/papers/GoingBright.pdf}
}
@misc{hawthorn.simons.ea:statewide,
  author = {Paula Hawthorn and Barbara Simons and Chris Clifton and
		  David Wagner and Steven M. Bellovin and Rebecca Wright and
		  Arnold Rosenthal and Ralph Poore and Lillie Coney and
		  Robert Gellman and Harry Hochheiser},
  month = {February},
  note = {Report commissioned by the U.S. Public Policy Committee of
		  the Association for Computing Machinery},
  title = {Statewide Databases of Registered Voters: Study Of
		  Accuracy, Privacy, Usability, Security, and Reliability
		  Issues},
  url = {http://usacm.acm.org/usacm/VRD/},
  year = {2006},
  bdsk-url-1 = {http://usacm.acm.org/usacm/VRD/}
}
@misc{bellovin.blaze.ea:security,
  author = {Steven M. Bellovin and Matt Blaze and Ernest Brickell and
		  Clinton Brooks and Vint Cerf and Whitfield Diffie and Susan
		  Landau and Jon Peterson and John Treichler},
  title = {Security Implications of Applying the {Communications
		  Assistance to Law Enforcement Act to Voice over IP}},
  url = {https://www.cs.columbia.edu/~smb/papers/CALEAVOIPreport.pdf},
  year = {2006},
  bdsk-url-1 = {https://www.cs.columbia.edu/~smb/papers/CALEAVOIPreport.pdf}
}
@misc{bellovin.blaze.ea:comments*1,
  author = {Steven M. Bellovin and Matt Blaze and David Farber and
		  Peter Neumann and Gene Spafford},
  month = {December},
  title = {Comments on the {Carnivore} System Technical Review
		  Draft},
  url = {http://www.crypto.com/papers/carnivore_report_comments.html},
  year = {2000},
  bdsk-url-1 = {http://www.crypto.com/papers/carnivore_report_comments.html}
}
@misc{bellovin:cybersecurity,
  author = {Steven M. Bellovin},
  month = {July},
  note = {Testimony before the House Select Committee on Homeland
		  Security, Subcommittee on Cybersecurity, Science, Research,
		  \& Development, hearing on ``Cybersecurity---Getting it
		  Right''},
  psurl = {https://www.cs.columbia.edu/~smb/papers/Statement.ps},
  smb-major = {yes},
  title = {Cybersecurity Research Needs},
  url = {https://www.cs.columbia.edu/~smb/papers/Statement.pdf},
  year = {2003},
  bdsk-url-1 = {https://www.cs.columbia.edu/~smb/papers/Statement.pdf}
}
@article{bellovin.bradner.ea:as,
  author = {Steven M. Bellovin and Scott O. Bradner and Whitfield
		  Diffie and Susan Landau and Jennifer Rexford},
  journal = {Communications of the {ACM}},
  note = {Note: this is a shorter version of ``Can it really
		  work?''},
  title = {As Simple As Possible---But Not More So},
  url = {https://www.cs.columbia.edu/~smb/papers/simple-as-possible.pdf},
  xmonth = {August},
  xnumber = {8},
  xvolume = {54},
  year = {2011},
  bdsk-url-1 = {https://www.cs.columbia.edu/~smb/papers/simple-as-possible.pdf}
}
@article{bellovin.bradner.ea:can,
  abstract = {In 2004 the increasing number of attacks on U.S. federal
		  civilian agency computer systems caused the government to
		  begin an active effort to protect federal civilian agencies
		  against cyber intrusions . This classified program,
		  EINSTEIN, sought to do real-time, or near real-time,
		  automatic collection, correlation, and analysis of computer
		  intrusion information as a first step in protecting federal
		  civilian agency computer systems . EINSTEIN grew into a
		  series of programs, EINSTEIN, EINSTEIN 2, and EINSTEIN 3,
		  all based on intrusion-detection and intrusion-prevention
		  systems (IDS and IPS). Then there was public discussion of
		  extending the EINSTEIN system to privately held critical
		  infrastructure. \par Extending an EINSTEIN-like program to
		  the private sector raises serious technical and managerial
		  issues. Scale matters, as do the different missions of the
		  private sector and the public one. Expanding EINSTEIN-type
		  technology to critical infrastructure is complicated by the
		  complex legal and regulatory landscapes for such systems.
		  There are simply fundamental differences between
		  communication networks supporting the U.S. federal
		  government and those supporting the private-sector critical
		  infrastructures that create serious difficulties in
		  attempting to extend EINSTEIN-type technologies beyond the
		  federal sector. This paper examines the technology's
		  limitations, pointing out the problems involved in
		  expanding EINSTEIN beyond its original mandate.},
  author = {Steven M. Bellovin and Scott O. Bradner and Whitfield
		  Diffie and Susan Landau and Jennifer Rexford},
  journal = {National Security Journal},
  publisher = {Harvard},
  title = {Can It Really Work? {Problems} with Extending {EINSTEIN~3}
		  to Critical Infrastructure},
  url = {http://harvardnsj.org/wp-content/uploads/2012/01/Vol.-3_Bellovin_Bradner_Diffie_Landau_Rexford.pdf},
  volume = {3},
  year = {2012},
  bdsk-url-1 = {http://harvardnsj.org/wp-content/uploads/2012/01/Vol.-3_Bellovin_Bradner_Diffie_Landau_Rexford1.pdf}
}
@article{bellovin:why,
  author = {Steven M. Bellovin},
  date = {2013-10--15},
  journal = {CNN.com},
  month = {October 15},
  title = {Why Healthcare.gov Has So Many Problems},
  url = {http://www.cnn.com/2013/10/14/opinion/bellovin-obamacare-glitches/},
  year = {2013},
  bdsk-url-1 = {http://www.cnn.com/2013/10/14/opinion/bellovin-obamacare-glitches/}
}
@article{bellovin:danger,
  author = {Steven M. Bellovin},
  date = {2015-11-18},
  journal = {CNN.com},
  month = {November 18,},
  title = {The Danger of `Exceptional Access'},
  url = {http://www.cnn.com/2015/11/18/opinions/bellovin-encryption-debate/index.html},
  year = 2015,
  bdsk-url-1 = {http://www.cnn.com/2015/11/18/opinions/bellovin-encryption-debate/index.html}
}
@inproceedings{androulaki.vo.ea:cybersecurity,
  author = {Elli Androulaki and Binh Vo and Steven M. Bellovin},
  booktitle = {Engaging Data: First International Forum on the
		  Application and Management of Personal Electronic
		  Information},
  month = {October},
  title = {Cybersecurity Through Identity Management},
  url = {https://www.cs.columbia.edu/~smb/papers/idenman_edf09.pdf},
  year = {2009},
  bdsk-url-1 = {https://www.cs.columbia.edu/~smb/papers/idenman_edf09.pdf}
}
@incollection{johnson.bellovin.ea:computer,
  abstract = {Computer security research frequently entails studying
		  real computer systems and their users; studying deployed
		  systems is critical to understanding real world problems,
		  so is having would-be users test a proposed solution. In
		  this paper we focus on three key concepts in regard to
		  ethics: risks, benefits, and informed consent. Many
		  researchers are required by law to obtain the approval of
		  an ethics committee for research with human subjects, a
		  process which includes addressing the three concepts
		  focused on in this paper. Computer security researchers who
		  conduct human subjects research should be concerned with
		  these aspects of their methodology regardless of whether
		  they are required to by law, it is our ethical
		  responsibility as professionals in this field. We augment
		  previous discourse on the ethics of computer security
		  research by sparking the discussion of how the nature of
		  security research may complicate determining how to treat
		  human subjects ethically. We conclude by suggesting ways
		  the community can move forward.},
  author = {Maritza L. Johnson and Steven M. Bellovin and Angelos D.
		  Keromytis},
  booktitle = {Financial Cryptography and Data Security},
  publisher = {Springer Berlin / Heidelberg},
  series = {Lecture Notes in Computer Science},
  title = {Computer Security Research with Human Subjects: Risks,
		  Benefits and Informed Consent},
  url = {https://www.cs.columbia.edu/~smb/papers/wecsr2011-irb.pdf},
  year = {2011},
  bdsk-url-1 = {https://www.cs.columbia.edu/~smb/papers/wecsr2011-irb.pdf}
}
@misc{abelson.anderson.ea:risks,
  author = {Hal Abelson and Ross Anderson and Steven M. Bellovin and
		  Josh Benaloh and Matt Blaze and Whitfield Diffie and John
		  Gilmore and Peter G. Neumann and Ronald L. Rivest and
		  Jeffrey I. Schiller and Bruce Schneier},
  month = {May},
  note = {A report by an ad hoc group of cryptographers and computer
		  scientists},
  title = {The Risks of Key Recovery, Key Escrow, and Trusted
		  Third-Party Encryption},
  url = {https://www.cs.columbia.edu/~smb/papers/paper-key-escrow.pdf},
  year = {1997},
  bdsk-url-1 = {https://www.cs.columbia.edu/~smb/papers/paper-key-escrow.pdf}
}
@article{bellovin.blaze.ea:lawful,
  abstract = {For years, legal wiretapping was straightforward: the
		  officer doing the intercept connected a tape recorder or
		  the like to a single pair of wires. By the 1990s, though,
		  the changing structure of telecommunications---there was no
		  longer just ``Ma Bell'' to talk to---and new technologies
		  such as ISDN and cellular telephony made executing a
		  wiretap more complicated for law enforcement. Simple
		  technologies would no longer suffice. In response, Congress
		  passed the Communications Assistance for Law Enforcement
		  Act (CALEA), which mandated a standardized lawful intercept
		  interface on all local phone switches. Technology has
		  continued to progress, and in the face of new forms of
		  communication---Skype, voice chat during multiplayer online
		  games, many forms of instant messaging, etc.---law
		  enforcement is again experiencing problems. The FBI has
		  called this ``Going Dark'': their loss of access to
		  suspects' communication. According to news reports, they
		  want changes to the wiretap laws to require a CALEA-like
		  interface in Internet software. CALEA, though, has its own
		  issues: it is complex software specifically intended to
		  create a security hole---eavesdropping capability---in the
		  already-complex environment of a phone switch. It has
		  unfortunately made wiretapping easier for everyone, not
		  just law enforcement. Congress failed to heed experts'
		  warnings of the danger posed by this mandated
		  vulnerability, but time has proven the experts right. The
		  so-called ``Athens Affair'', where someone used the
		  built-in lawful intercept mechanism to listen to the cell
		  phone calls of high Greek officials, including the Prime
		  Minister, is but one example. In an earlier work, we showed
		  why extending CALEA to the Internet would create very
		  serious problems, including the security problems it has
		  visited on the phone system. In this paper, we explore the
		  viability and implications of an alternative method for
		  addressing law enforcement's need to access communications:
		  legalized hacking of target devices through existing
		  vulnerabilities in end-user software and platforms. The FBI
		  already uses this approach on a small scale; we expect that
		  its use will increase, especially as centralized
		  wiretapping capabilities become less viable. Relying on
		  vulnerabilities and hacking poses a large set of legal and
		  policy questions, some practical and some normative. Among
		  these are: * Will it create disincentives to patching? *
		  Will there be a negative effect on innovation? (Lessons
		  from the so-called ``Crypto Wars'' of the 1990s, and, in
		  particular, the debate over export controls on
		  cryptography, are instructive here.) * Will law
		  enforcement's participation in vulnerabilities purchasing
		  skew the market? * Do local and even state law enforcement
		  agencies have the technical sophistication to develop and
		  use exploits? If not, how should this be handled? A larger
		  FBI role? * Should law enforcement even be participating in
		  a market where many of the sellers and other buyers are
		  themselves criminals? * What happens if these tools are
		  cpatured and repurposed by miscreants? * Should we sanction
		  otherwise-illegal network activity to aid law enforcement?
		  * Is the probability of success from such an approach too
		  low for it to be useful? As we will show, though, these
		  issues are indeed challenging. We regard them, on balance,
		  as preferable to adding more complexity and insecurity to
		  online systems.},
  author = {Steven M. Bellovin and Matt Blaze and Sandy Clark and
		  Susan Landau},
  date-modified = {2013-09-10 00:39:24 +0000},
  journal = {Northwestern Journal of Technology {\&} Intellectual
		  Property},
  number = {1},
  title = {Lawful Hacking: Using Existing Vulnerabilities for
		  Wiretapping on the {Internet}},
  url = {http://scholarlycommons.law.northwestern.edu/njtip/vol12/iss1/1/},
  volume = {12},
  year = {2014},
  bdsk-url-1 = {http://papers.ssrn.com/sol3/papers.cfm?abstract_id=2312107}
}
@article{bellovin.hutchins.ea:when,
  author = {Steven M. Bellovin and {Ren\'{e}e} M. Hutchins and Tony
		  Jebara and Sebastian Zimmeck},
  date-added = {2013-09-02 20:55:30 +0000},
  date-modified = {2013-09-10 00:40:00 +0000},
  journal = {NYU Journal of Law and Liberty},
  number = {2},
  pages = {555--628},
  title = {When Enough is Enough: Location Tracking, Mosaic Theory,
		  and Machine Learning},
  url = {http://lawandlibertyblog.com/s/Hutchins.pdf},
  volume = {8},
  year = {2014},
  bdsk-url-1 = {http://lawandlibertyblog.com/s/Hutchins.pdf}
}
@misc{blaze.bellovin:open,
  author = {Matt Blaze and Steven M. Bellovin},
  month = {July},
  note = {Written testimony for a hearing on ``Fourth Amendment
		  Issues Raised by the FBI's `Carnivore' Program'' by the
		  Subcommittee on the Constitution, House Judiciary
		  Committee},
  title = {Open {Internet} Wiretapping},
  url = {http://www.crypto.com/papers/openwiretap.html},
  year = {2000},
  bdsk-url-1 = {http://www.crypto.com/papers/openwiretap.html}
}
@article{bellovin.blaze.ea:risking,
  author = {Steven M. Bellovin and Matt Blaze and Whitfield Diffie and
		  Susan Landau and Peter G. Neumann and Jennifer Rexford},
  date = {2008-01/2008-02},
  journal = {IEEE Security \& Privacy},
  month = {January--February},
  number = {1},
  pages = {24--33},
  title = {Risking Communications Security: Potential Hazards of the
		  {``Protect America Act''}},
  url = {https://www.cs.columbia.edu/~smb/papers/j1lanFIN.pdf},
  volume = {6},
  year = {2008},
  bdsk-url-1 = {https://www.cs.columbia.edu/~smb/papers/j1lanFIN.pdf}
}
@article{bellovin.blaze.ea:internal,
  author = {Steven M. Bellovin and Matt Blaze and Whitfield Diffie and
		  Susan Landau and Peter G. Neumann and Jennifer Rexford},
  journal = {Communications of the ACM},
  month = {December},
  number = {12},
  title = {Internal Surveillance, External Risks},
  volume = {50},
  year = {2007}
}
@misc{bellovin:submission,
  author = {Steven M. Bellovin},
  month = {July},
  title = {Submission to the {Privacy and Civil Liberties Oversight
		  Board}: Technical Issues Raised by the {Section} 215 and
		  {Section} 702 Surveillance Programs},
  url = {https://www.cs.columbia.edu/~smb/papers/PCLOB-statement.pdf},
  year = {2013},
  bdsk-url-1 = {https://www.cs.columbia.edu/~smb/papers/PCLOB-statement.pdf}
}
@inproceedings{rekhter.resnick.ea:financial,
  author = {Yakov Rekhter and Paul Resnick and Steven M. Bellovin},
  booktitle = {Proceedings of Telecommunications Policy Research
		  Conference},
  title = {Financial Incentives for Route Aggregation and Efficient
		  Address Utilization in the {Internet}},
  url = {https://www.cs.columbia.edu/~smb/papers/piara/index.html},
  year = {1997},
  bdsk-url-1 = {https://www.cs.columbia.edu/~smb/papers/piara/index.html}
}
@article{blaze.bellovin:tapping,
  author = {Matt Blaze and Steven M. Bellovin},
  journal = {Communications of the ACM},
  month = {October},
  number = {10},
  title = {Tapping on my Network Door},
  url = {http://www.crypto.com/papers/carnivore-risks.html},
  volume = {43},
  year = {2000},
  bdsk-url-1 = {http://www.crypto.com/papers/carnivore-risks.html}
}
@inproceedings{schneider.bellovin.ea:critical,
  author = {Fred Schneider and Steven M. Bellovin and Alan Inouye},
  booktitle = {Telecommunications Policy Research Conference},
  month = {October},
  psurl = {https://www.cs.columbia.edu/~smb/papers/tprc.ps},
  title = {Critical Infrastructures You Can Trust: Where
		  Telecommunications Fits},
  url = {https://www.cs.columbia.edu/~smb/papers/tprc.pdf},
  year = {1998},
  bdsk-url-1 = {https://www.cs.columbia.edu/~smb/papers/tprc.pdf}
}
@article{bellovin.blaze.ea:real,
  author = {Steven M. Bellovin and Matt Blaze and Susan Landau},
  journal = {Communications of the ACM},
  month = {November},
  note = {``Inside RISKS'' column},
  number = {11},
  title = {The Real National-Security Needs for {VoIP}},
  url = {https://www.cs.columbia.edu/~smb/papers/voip-calea.pdf},
  volume = {48},
  year = {2005},
  bdsk-url-1 = {https://www.cs.columbia.edu/~smb/papers/voip-calea.pdf}
}
@article{bellovin:wiretapping,
  author = {Steven M. Bellovin},
  journal = {The Bridge},
  month = {Summer},
  number = {2},
  organization = {National Academy of Engineering},
  pages = {21--26},
  psurl = {https://www.cs.columbia.edu/~smb/papers/bridge.ps},
  title = {Wiretapping the {Net}},
  url = {https://www.cs.columbia.edu/~smb/papers/bridge.pdf},
  volume = {20},
  year = {2000},
  bdsk-url-1 = {https://www.cs.columbia.edu/~smb/papers/bridge.pdf}
}