author = {Steven M. Bellovin and Matt Blaze and Susan Landau},
  date = {2014-10-31},
  date-added = {2014-10-31 19:48:47 +0000},
  date-modified = {2014-10-31 19:50:45 +0000},
  month = {October},
  title = {Comments on Proposed Remote Search Rules},
  url = {https://www.cs.columbia.edu/~smb/papers/rsearch.pdf},
  year = {2014},
  bdsk-url-1 = {https://www.cs.columbia.edu/~smb/papers/rsearch.pdf}
  abstract = {Mobile IP-based communications and changes in
		  technologies, including wider use of peer-to-peer
		  communication methods and increased deployment of
		  encryption, has made wiretapping more difficult for law
		  enforcement, which has been seeking to extend wiretap
		  design requirements for digital voice networks to IP
		  network infrastructure and applications. Such an extension
		  to emerging Internet-based services would create
		  considerable security risks as well as cause serious harm
		  to innovation. In this article, the authors show that the
		  exploitation of naturally occurring weaknesses in the
		  software platforms being used by law enforcement's targets
		  is a solution to the law enforcement problem. The authors
		  analyze the efficacy of this approach, concluding that such
		  law enforcement use of passive interception and targeted
		  vulnerability exploitation tools creates fewer security
		  risks for non-targets and critical infrastructure than do
		  design mandates for wiretap interfaces.},
  author = {Bellovin, Steven M. and Blaze, Matt and Clark, Sandy and
		  Landau, Susan},
  date = {2013-01/2013-02},
  date-added = {2013-02-02 20:51:50 +0000},
  date-modified = {2013-02-02 20:51:50 +0000},
  doi = {10.1109/MSP.2012.138},
  issn = {1540-7993},
  journal = {{IEEE} Security \& Privacy},
  keyword = {Computer security;Law enforcement;Peer to peer
		  innovation;CALEA;Communications Assistance for Law
		  Enforcement Act;exploit;law enforcement;national
  month = {January--February},
  number = {1},
  pages = {62--72},
  title = {Going Bright: Wiretapping without Weakening Communications
  url = {https://www.cs.columbia.edu/~smb/papers/GoingBright.pdf},
  volume = {11},
  year = {2013},
  bdsk-url-1 = {http://dx.doi.org/10.1109/MSP.2012.138},
  bdsk-url-2 = {https://www.cs.columbia.edu/~smb/papers/GoingBright.pdf}
  author = {Paula Hawthorn and Barbara Simons and Chris Clifton and
		  David Wagner and Steven M. Bellovin and Rebecca Wright and
		  Arnold Rosenthal and Ralph Poore and Lillie Coney and
		  Robert Gellman and Harry Hochheiser},
  month = {February},
  note = {Report commissioned by the U.S. Public Policy Committee of
		  the Association for Computing Machinery},
  title = {Statewide Databases of Registered Voters: Study Of
		  Accuracy, Privacy, Usability, Security, and Reliability
  url = {http://usacm.acm.org/usacm/VRD/},
  year = {2006},
  bdsk-url-1 = {http://usacm.acm.org/usacm/VRD/}
  author = {Steven M. Bellovin and Matt Blaze and Ernest Brickell and
		  Clinton Brooks and Vint Cerf and Whitfield Diffie and Susan
		  Landau and Jon Peterson and John Treichler},
  title = {Security Implications of Applying the {Communications
		  Assistance to Law Enforcement Act to Voice over IP}},
  url = {https://www.cs.columbia.edu/~smb/papers/CALEAVOIPreport.pdf},
  year = {2006},
  bdsk-url-1 = {https://www.cs.columbia.edu/~smb/papers/CALEAVOIPreport.pdf}
  author = {Steven M. Bellovin and Matt Blaze and David Farber and
		  Peter Neumann and Gene Spafford},
  month = {December},
  title = {Comments on the {Carnivore} System Technical Review
  url = {http://www.crypto.com/papers/carnivore_report_comments.html},
  year = {2000},
  bdsk-url-1 = {http://www.crypto.com/papers/carnivore_report_comments.html}
  author = {Steven M. Bellovin},
  month = {July},
  note = {Testimony before the House Select Committee on Homeland
		  Security, Subcommittee on Cybersecurity, Science, Research,
		  \& Development, hearing on ``Cybersecurity---Getting it
  psurl = {https://www.cs.columbia.edu/~smb/papers/Statement.ps},
  smb-major = {yes},
  title = {Cybersecurity Research Needs},
  url = {https://www.cs.columbia.edu/~smb/papers/Statement.pdf},
  year = {2003},
  bdsk-url-1 = {https://www.cs.columbia.edu/~smb/papers/Statement.pdf}
  author = {Steven M. Bellovin and Scott O. Bradner and Whitfield
		  Diffie and Susan Landau and Jennifer Rexford},
  journal = {Communications of the {ACM}},
  note = {Note: this is a shorter version of ``Can it really
  title = {As Simple As Possible---But Not More So},
  url = {https://www.cs.columbia.edu/~smb/papers/simple-as-possible.pdf},
  xmonth = {August},
  xnumber = {8},
  xvolume = {54},
  year = {2011},
  bdsk-url-1 = {https://www.cs.columbia.edu/~smb/papers/simple-as-possible.pdf}
  abstract = {In 2004 the increasing number of attacks on U.S. federal
		  civilian agency computer systems caused the government to
		  begin an active effort to protect federal civilian agencies
		  against cyber intrusions . This classified program,
		  EINSTEIN, sought to do real-time, or near real-time,
		  automatic collection, correlation, and analysis of computer
		  intrusion information as a first step in protecting federal
		  civilian agency computer systems . EINSTEIN grew into a
		  series of programs, EINSTEIN, EINSTEIN 2, and EINSTEIN 3,
		  all based on intrusion-detection and intrusion-prevention
		  systems (IDS and IPS). Then there was public discussion of
		  extending the EINSTEIN system to privately held critical
		  infrastructure. \par Extending an EINSTEIN-like program to
		  the private sector raises serious technical and managerial
		  issues. Scale matters, as do the different missions of the
		  private sector and the public one. Expanding EINSTEIN-type
		  technology to critical infrastructure is complicated by the
		  complex legal and regulatory landscapes for such systems.
		  There are simply fundamental differences between
		  communication networks supporting the U.S. federal
		  government and those supporting the private-sector critical
		  infrastructures that create serious difficulties in
		  attempting to extend EINSTEIN-type technologies beyond the
		  federal sector. This paper examines the technology's
		  limitations, pointing out the problems involved in
		  expanding EINSTEIN beyond its original mandate.},
  author = {Steven M. Bellovin and Scott O. Bradner and Whitfield
		  Diffie and Susan Landau and Jennifer Rexford},
  journal = {National Security Journal},
  publisher = {Harvard},
  title = {Can It Really Work? {Problems} with Extending {EINSTEIN~3}
		  to Critical Infrastructure},
  url = {http://harvardnsj.org/wp-content/uploads/2012/01/Vol.-3_Bellovin_Bradner_Diffie_Landau_Rexford.pdf},
  volume = {3},
  year = {2012},
  bdsk-url-1 = {http://harvardnsj.org/wp-content/uploads/2012/01/Vol.-3_Bellovin_Bradner_Diffie_Landau_Rexford1.pdf}
  author = {Steven M. Bellovin},
  date = {2013-10--15},
  journal = {CNN.com},
  month = {October 15},
  title = {Why Healthcare.gov Has So Many Problems},
  url = {http://www.cnn.com/2013/10/14/opinion/bellovin-obamacare-glitches/},
  year = {2013},
  bdsk-url-1 = {http://www.cnn.com/2013/10/14/opinion/bellovin-obamacare-glitches/}
  author = {Elli Androulaki and Binh Vo and Steven M. Bellovin},
  booktitle = {Engaging Data: First International Forum on the
		  Application and Management of Personal Electronic
  month = {October},
  title = {Cybersecurity Through Identity Management},
  url = {https://www.cs.columbia.edu/~smb/papers/idenman_edf09.pdf},
  year = {2009},
  bdsk-url-1 = {https://www.cs.columbia.edu/~smb/papers/idenman_edf09.pdf}
  abstract = {Computer security research frequently entails studying
		  real computer systems and their users; studying deployed
		  systems is critical to understanding real world problems,
		  so is having would-be users test a proposed solution. In
		  this paper we focus on three key concepts in regard to
		  ethics: risks, benefits, and informed consent. Many
		  researchers are required by law to obtain the approval of
		  an ethics committee for research with human subjects, a
		  process which includes addressing the three concepts
		  focused on in this paper. Computer security researchers who
		  conduct human subjects research should be concerned with
		  these aspects of their methodology regardless of whether
		  they are required to by law, it is our ethical
		  responsibility as professionals in this field. We augment
		  previous discourse on the ethics of computer security
		  research by sparking the discussion of how the nature of
		  security research may complicate determining how to treat
		  human subjects ethically. We conclude by suggesting ways
		  the community can move forward.},
  author = {Maritza L. Johnson and Steven M. Bellovin and Angelos D.
  booktitle = {Financial Cryptography and Data Security},
  publisher = {Springer Berlin / Heidelberg},
  series = {Lecture Notes in Computer Science},
  title = {Computer Security Research with Human Subjects: Risks,
		  Benefits and Informed Consent},
  url = {https://www.cs.columbia.edu/~smb/papers/wecsr2011-irb.pdf},
  year = {2011},
  bdsk-url-1 = {https://www.cs.columbia.edu/~smb/papers/wecsr2011-irb.pdf}
  author = {Hal Abelson and Ross Anderson and Steven M. Bellovin and
		  Josh Benaloh and Matt Blaze and Whitfield Diffie and John
		  Gilmore and Peter G. Neumann and Ronald L. Rivest and
		  Jeffrey I. Schiller and Bruce Schneier},
  month = {May},
  note = {A report by an ad hoc group of cryptographers and computer
  title = {The Risks of Key Recovery, Key Escrow, and Trusted
		  Third-Party Encryption},
  url = {https://www.cs.columbia.edu/~smb/papers/paper-key-escrow.pdf},
  year = {1997},
  bdsk-url-1 = {https://www.cs.columbia.edu/~smb/papers/paper-key-escrow.pdf}
  abstract = {For years, legal wiretapping was straightforward: the
		  officer doing the intercept connected a tape recorder or
		  the like to a single pair of wires. By the 1990s, though,
		  the changing structure of telecommunications---there was no
		  longer just ``Ma Bell'' to talk to---and new technologies
		  such as ISDN and cellular telephony made executing a
		  wiretap more complicated for law enforcement. Simple
		  technologies would no longer suffice. In response, Congress
		  passed the Communications Assistance for Law Enforcement
		  Act (CALEA), which mandated a standardized lawful intercept
		  interface on all local phone switches. Technology has
		  continued to progress, and in the face of new forms of
		  communication---Skype, voice chat during multiplayer online
		  games, many forms of instant messaging, etc.---law
		  enforcement is again experiencing problems. The FBI has
		  called this ``Going Dark'': their loss of access to
		  suspects' communication. According to news reports, they
		  want changes to the wiretap laws to require a CALEA-like
		  interface in Internet software. CALEA, though, has its own
		  issues: it is complex software specifically intended to
		  create a security hole---eavesdropping capability---in the
		  already-complex environment of a phone switch. It has
		  unfortunately made wiretapping easier for everyone, not
		  just law enforcement. Congress failed to heed experts'
		  warnings of the danger posed by this mandated
		  vulnerability, but time has proven the experts right. The
		  so-called ``Athens Affair'', where someone used the
		  built-in lawful intercept mechanism to listen to the cell
		  phone calls of high Greek officials, including the Prime
		  Minister, is but one example. In an earlier work, we showed
		  why extending CALEA to the Internet would create very
		  serious problems, including the security problems it has
		  visited on the phone system. In this paper, we explore the
		  viability and implications of an alternative method for
		  addressing law enforcement's need to access communications:
		  legalized hacking of target devices through existing
		  vulnerabilities in end-user software and platforms. The FBI
		  already uses this approach on a small scale; we expect that
		  its use will increase, especially as centralized
		  wiretapping capabilities become less viable. Relying on
		  vulnerabilities and hacking poses a large set of legal and
		  policy questions, some practical and some normative. Among
		  these are: * Will it create disincentives to patching? *
		  Will there be a negative effect on innovation? (Lessons
		  from the so-called ``Crypto Wars'' of the 1990s, and, in
		  particular, the debate over export controls on
		  cryptography, are instructive here.) * Will law
		  enforcement's participation in vulnerabilities purchasing
		  skew the market? * Do local and even state law enforcement
		  agencies have the technical sophistication to develop and
		  use exploits? If not, how should this be handled? A larger
		  FBI role? * Should law enforcement even be participating in
		  a market where many of the sellers and other buyers are
		  themselves criminals? * What happens if these tools are
		  cpatured and repurposed by miscreants? * Should we sanction
		  otherwise-illegal network activity to aid law enforcement?
		  * Is the probability of success from such an approach too
		  low for it to be useful? As we will show, though, these
		  issues are indeed challenging. We regard them, on balance,
		  as preferable to adding more complexity and insecurity to
		  online systems.},
  author = {Steven M. Bellovin and Matt Blaze and Sandy Clark and
		  Susan Landau},
  date-modified = {2013-09-10 00:39:24 +0000},
  journal = {Northwestern Journal of Technology {\&} Intellectual
  number = {1},
  title = {Lawful Hacking: Using Existing Vulnerabilities for
		  Wiretapping on the {Internet}},
  url = {http://scholarlycommons.law.northwestern.edu/njtip/vol12/iss1/1/},
  volume = {12},
  year = {2014},
  bdsk-url-1 = {http://papers.ssrn.com/sol3/papers.cfm?abstract_id=2312107}
  author = {Steven M. Bellovin and {Ren\'{e}e} M. Hutchins and Tony
		  Jebara and Sebastian Zimmeck},
  date-added = {2013-09-02 20:55:30 +0000},
  date-modified = {2013-09-10 00:40:00 +0000},
  journal = {NYU Journal of Law and Liberty},
  number = {2},
  pages = {555--628},
  title = {When Enough is Enough: Location Tracking, Mosaic Theory,
		  and Machine Learning},
  url = {http://lawandlibertyblog.com/s/Hutchins.pdf},
  volume = {8},
  year = {2014},
  bdsk-url-1 = {http://lawandlibertyblog.com/s/Hutchins.pdf}
  author = {Matt Blaze and Steven M. Bellovin},
  month = {July},
  note = {Written testimony for a hearing on ``Fourth Amendment
		  Issues Raised by the FBI's `Carnivore' Program'' by the
		  Subcommittee on the Constitution, House Judiciary
  title = {Open {Internet} Wiretapping},
  url = {http://www.crypto.com/papers/openwiretap.html},
  year = {2000},
  bdsk-url-1 = {http://www.crypto.com/papers/openwiretap.html}
  author = {Steven M. Bellovin and Matt Blaze and Whitfield Diffie and
		  Susan Landau and Peter G. Neumann and Jennifer Rexford},
  date = {2008-01/2008-02},
  journal = {IEEE Security \& Privacy},
  month = {January--February},
  number = {1},
  pages = {24--33},
  title = {Risking Communications Security: Potential Hazards of the
		  {``Protect America Act''}},
  url = {https://www.cs.columbia.edu/~smb/papers/j1lanFIN.pdf},
  volume = {6},
  year = {2008},
  bdsk-url-1 = {https://www.cs.columbia.edu/~smb/papers/j1lanFIN.pdf}
  author = {Steven M. Bellovin and Matt Blaze and Whitfield Diffie and
		  Susan Landau and Peter G. Neumann and Jennifer Rexford},
  journal = {Communications of the ACM},
  month = {December},
  number = {12},
  title = {Internal Surveillance, External Risks},
  volume = {50},
  year = {2007}
  author = {Steven M. Bellovin},
  month = {July},
  title = {Submission to the {Privacy and Civil Liberties Oversight
		  Board}: Technical Issues Raised by the {Section} 215 and
		  {Section} 702 Surveillance Programs},
  url = {https://www.cs.columbia.edu/~smb/papers/PCLOB-statement.pdf},
  year = {2013},
  bdsk-url-1 = {https://www.cs.columbia.edu/~smb/papers/PCLOB-statement.pdf}
  author = {Yakov Rekhter and Paul Resnick and Steven M. Bellovin},
  booktitle = {Proceedings of Telecommunications Policy Research
  title = {Financial Incentives for Route Aggregation and Efficient
		  Address Utilization in the {Internet}},
  url = {https://www.cs.columbia.edu/~smb/papers/piara/index.html},
  year = {1997},
  bdsk-url-1 = {https://www.cs.columbia.edu/~smb/papers/piara/index.html}
  author = {Matt Blaze and Steven M. Bellovin},
  journal = {Communications of the ACM},
  month = {October},
  number = {10},
  title = {Tapping on my Network Door},
  url = {http://www.crypto.com/papers/carnivore-risks.html},
  volume = {43},
  year = {2000},
  bdsk-url-1 = {http://www.crypto.com/papers/carnivore-risks.html}
  author = {Fred Schneider and Steven M. Bellovin and Alan Inouye},
  booktitle = {Telecommunications Policy Research Conference},
  month = {October},
  psurl = {https://www.cs.columbia.edu/~smb/papers/tprc.ps},
  title = {Critical Infrastructures You Can Trust: Where
		  Telecommunications Fits},
  url = {https://www.cs.columbia.edu/~smb/papers/tprc.pdf},
  year = {1998},
  bdsk-url-1 = {https://www.cs.columbia.edu/~smb/papers/tprc.pdf}
  author = {Steven M. Bellovin and Matt Blaze and Susan Landau},
  journal = {Communications of the ACM},
  month = {November},
  note = {``Inside RISKS'' column},
  number = {11},
  title = {The Real National-Security Needs for {VoIP}},
  url = {https://www.cs.columbia.edu/~smb/papers/voip-calea.pdf},
  volume = {48},
  year = {2005},
  bdsk-url-1 = {https://www.cs.columbia.edu/~smb/papers/voip-calea.pdf}
  author = {Steven M. Bellovin},
  journal = {The Bridge},
  month = {Summer},
  number = {2},
  organization = {National Academy of Engineering},
  pages = {21--26},
  psurl = {https://www.cs.columbia.edu/~smb/papers/bridge.ps},
  title = {Wiretapping the {Net}},
  url = {https://www.cs.columbia.edu/~smb/papers/bridge.pdf},
  volume = {20},
  year = {2000},
  bdsk-url-1 = {https://www.cs.columbia.edu/~smb/papers/bridge.pdf}