policy.bib

@article{bellovin.hutchins.ea:when,
  author = {Steven M. Bellovin and {Ren\'{e}e} M. Hutchins and Tony
		  Jebara and Sebastian Zimmeck},
  date-added = {2013-09-02 20:55:30 +0000},
  date-modified = {2013-09-10 00:40:00 +0000},
  journal = {NYU Journal of Law and Liberty},
  note = {To appear},
  title = {When Enough is Enough: Location Tracking, Mosaic Theory,
		  and Machine Learning},
  url = {http://digitalcommons.law.umaryland.edu/fac_pubs/1375/},
  year = {2014},
  bdsk-url-1 = {http://digitalcommons.law.umaryland.edu/fac_pubs/1375/}
}
@article{bellovin.blaze.ea:going,
  abstract = {Mobile IP-based communications and changes in
		  technologies, including wider use of peer-to-peer
		  communication methods and increased deployment of
		  encryption, has made wiretapping more difficult for law
		  enforcement, which has been seeking to extend wiretap
		  design requirements for digital voice networks to IP
		  network infrastructure and applications. Such an extension
		  to emerging Internet-based services would create
		  considerable security risks as well as cause serious harm
		  to innovation. In this article, the authors show that the
		  exploitation of naturally occurring weaknesses in the
		  software platforms being used by law enforcement's targets
		  is a solution to the law enforcement problem. The authors
		  analyze the efficacy of this approach, concluding that such
		  law enforcement use of passive interception and targeted
		  vulnerability exploitation tools creates fewer security
		  risks for non-targets and critical infrastructure than do
		  design mandates for wiretap interfaces.},
  author = {Bellovin, Steven M. and Blaze, Matt and Clark, Sandy and
		  Landau, Susan},
  date-added = {2013-02-02 20:51:50 +0000},
  date-modified = {2013-02-02 20:51:50 +0000},
  doi = {10.1109/MSP.2012.138},
  issn = {1540-7993},
  journal = {{IEEE} Security \& Privacy},
  keywords = {Computer security;Law enforcement;Peer to peer
		  computing;Privacy;Software;Surveillance;Technological
		  innovation;CALEA;Communications Assistance for Law
		  Enforcement Act;exploit;law enforcement;national
		  security;security;surveillance;telecommunications;wiretap;},
  month = {January--February},
  number = {1},
  pages = {62--72},
  title = {Going Bright: Wiretapping without Weakening Communications
		  Infrastructure},
  url = {https://www.cs.columbia.edu/~smb/papers/GoingBright.pdf},
  volume = {11},
  year = {2013},
  bdsk-url-1 = {http://dx.doi.org/10.1109/MSP.2012.138},
  bdsk-url-2 = {https://www.cs.columbia.edu/~smb/papers/GoingBright.pdf}
}
@misc{hawthorn.simons.ea:statewide,
  author = {Paula Hawthorn and Barbara Simons and Chris Clifton and
		  David Wagner and Steven M. Bellovin and Rebecca Wright and
		  Arnold Rosenthal and Ralph Poore and Lillie Coney and
		  Robert Gellman and Harry Hochheiser},
  month = {February},
  note = {Report commissioned by the U.S. Public Policy Committee of
		  the Association for Computing Machinery},
  title = {Statewide Databases of Registered Voters: Study Of
		  Accuracy, Privacy, Usability, Security, and Reliability
		  Issues},
  url = {http://usacm.acm.org/usacm/VRD/},
  year = 2006,
  bdsk-url-1 = {http://usacm.acm.org/usacm/VRD/}
}
@misc{bellovin.blaze.ea:comments,
  author = {Steven M. Bellovin and Matt Blaze and David Farber and
		  Peter Neumann and Gene Spafford},
  month = {December},
  title = {Comments on the {Carnivore} System Technical Review
		  Draft},
  url = {http://www.crypto.com/papers/carnivore_report_comments.html},
  year = 2000,
  bdsk-url-1 = {http://www.crypto.com/papers/carnivore_report_comments.html}
}
@misc{bellovin:cybersecurity,
  author = {Steven M. Bellovin},
  month = {July},
  note = {Testimony before the House Select Committee on Homeland
		  Security, Subcommittee on Cybersecurity, Science, Research,
		  \& Development, hearing on ``Cybersecurity---Getting it
		  Right''},
  psurl = {https://www.cs.columbia.edu/~smb/papers/Statement.ps},
  smb-major = {yes},
  title = {Cybersecurity Research Needs},
  url = {https://www.cs.columbia.edu/~smb/papers/Statement.pdf},
  year = 2003,
  bdsk-url-1 = {https://www.cs.columbia.edu/~smb/papers/Statement.pdf}
}
@misc{abelson.anderson.ea:risks,
  author = {Hal Abelson and Ross Anderson and Steven M. Bellovin and
		  Josh Benaloh and Matt Blaze and Whitfield Diffie and John
		  Gilmore and Peter G. Neumann and Ronald L. Rivest and
		  Jeffrey I. Schiller and Bruce Schneier},
  month = {May},
  note = {A report by an ad hoc group of cryptographers and computer
		  scientists},
  title = {The Risks of Key Recovery, Key Escrow, and Trusted
		  Third-Party Encryption},
  url = {https://www.cs.columbia.edu/~smb/papers/paper-key-escrow.pdf},
  year = 1997,
  bdsk-url-1 = {https://www.cs.columbia.edu/~smb/papers/paper-key-escrow.pdf}
}
@misc{blaze.bellovin:open,
  author = {Matt Blaze and Steven M. Bellovin},
  month = {July},
  note = {Written testimony for a hearing on ``Fourth Amendment
		  Issues Raised by the FBI's `Carnivore' Program'' by the
		  Subcommittee on the Constitution, House Judiciary
		  Committee},
  title = {Open {Internet} Wiretapping},
  url = {http://www.crypto.com/papers/openwiretap.html},
  year = 2000,
  bdsk-url-1 = {http://www.crypto.com/papers/openwiretap.html}
}
@inproceedings{rekhter.resnick.ea:financial,
  author = {Yakov Rekhter and Paul Resnick and Steven M. Bellovin},
  booktitle = {Proceedings of Telecommunications Policy Research
		  Conference},
  title = {Financial Incentives for Route Aggregation and Efficient
		  Address Utilization in the {Internet}},
  url = {https://www.cs.columbia.edu/~smb/papers/piara/index.html},
  year = 1997,
  bdsk-url-1 = {https://www.cs.columbia.edu/~smb/papers/piara/index.html}
}
@article{blaze.bellovin:tapping,
  author = {Matt Blaze and Steven M. Bellovin},
  journal = {Communications of the ACM},
  month = {October},
  number = 10,
  title = {Tapping on my Network Door},
  url = {http://www.crypto.com/papers/carnivore-risks.html},
  volume = 43,
  year = 2000,
  bdsk-url-1 = {http://www.crypto.com/papers/carnivore-risks.html}
}
@inproceedings{schneider.bellovin.ea:critical,
  author = {Fred Schneider and Steven M. Bellovin and Alan Inouye},
  booktitle = {Telecommunications Policy Research Conference},
  month = {October},
  psurl = {https://www.cs.columbia.edu/~smb/papers/tprc.ps},
  title = {Critical Infrastructures You Can Trust: Where
		  Telecommunications Fits},
  url = {https://www.cs.columbia.edu/~smb/papers/tprc.pdf},
  year = 1998,
  bdsk-url-1 = {https://www.cs.columbia.edu/~smb/papers/tprc.pdf}
}
@article{bellovin.blaze.ea:real,
  author = {Steven M. Bellovin and Matt Blaze and Susan Landau},
  journal = {Communications of the ACM},
  month = {November},
  note = {``Inside RISKS'' column},
  number = 11,
  title = {The Real National-Security Needs for {VoIP}},
  url = {https://www.cs.columbia.edu/~smb/papers/voip-calea.pdf},
  volume = 48,
  year = 2005,
  bdsk-url-1 = {https://www.cs.columbia.edu/~smb/papers/voip-calea.pdf}
}
@article{bellovin:wiretapping,
  author = {Steven M. Bellovin},
  journal = {The Bridge},
  month = {Summer},
  number = 2,
  organization = {National Academy of Engineering},
  pages = {21--26},
  psurl = {https://www.cs.columbia.edu/~smb/papers/bridge.ps},
  title = {Wiretapping the {Net}},
  url = {https://www.cs.columbia.edu/~smb/papers/bridge.pdf},
  volume = 20,
  year = 2000,
  bdsk-url-1 = {https://www.cs.columbia.edu/~smb/papers/bridge.pdf}
}
@article{bellovin.blaze.ea:risking,
  author = {Steven M. Bellovin and Matt Blaze and Whitfield Diffie and
		  Susan Landau and Peter G. Neumann and Jennifer Rexford},
  journal = {IEEE Security \& Privacy},
  month = {January/February},
  number = 1,
  pages = {24--33},
  title = {Risking Communications Security: Potential Hazards of the
		  {``Protect America Act''}},
  url = {https://www.cs.columbia.edu/~smb/papers/j1lanFIN.pdf},
  volume = 6,
  year = 2008,
  bdsk-url-1 = {https://www.cs.columbia.edu/~smb/papers/j1lanFIN.pdf}
}
@article{bellovin.blaze.ea:internal,
  author = {Steven M. Bellovin and Matt Blaze and Whitfield Diffie and
		  Susan Landau and Peter G. Neumann and Jennifer Rexford},
  journal = {Communications of the ACM},
  month = {December},
  number = 12,
  title = {Internal Surveillance, External Risks},
  volume = 50,
  year = 2007
}
@inproceedings{androulaki.vo.ea:cybersecurity,
  author = {Elli Androulaki and Binh Vo and Steven M. Bellovin},
  booktitle = {Engaging Data: First International Forum on the
		  Application and Management of Personal Electronic
		  Information},
  month = {October},
  title = {Cybersecurity Through Identity Management},
  url = {https://www.cs.columbia.edu/~smb/papers/idenman_edf09.pdf},
  year = 2009,
  bdsk-url-1 = {https://www.cs.columbia.edu/~smb/papers/idenman_edf09.pdf}
}
@misc{bellovin.blaze.ea:security,
  author = {Steven M. Bellovin and Matt Blaze and Ernest Brickell and
		  Clinton Brooks and Vint Cerf and Whitfield Diffie and Susan
		  Landau and Jon Peterson and John Treichler},
  title = {Security Implications of Applying the {Communications
		  Assistance to Law Enforcement Act to Voice over IP}},
  url = {https://www.cs.columbia.edu/~smb/papers/CALEAVOIPreport.pdf},
  year = 2006,
  bdsk-url-1 = {https://www.cs.columbia.edu/~smb/papers/CALEAVOIPreport.pdf}
}
@incollection{johnson.bellovin.ea:computer,
  abstract = { Computer security research frequently entails studying
		  real computer systems and their users; studying deployed
		  systems is critical to understanding real world problems,
		  so is having would-be users test a proposed solution. In
		  this paper we focus on three key concepts in regard to
		  ethics: risks, benefits, and informed consent. Many
		  researchers are required by law to obtain the approval of
		  an ethics committee for research with human subjects, a
		  process which includes addressing the three concepts
		  focused on in this paper. Computer security researchers who
		  conduct human subjects research should be concerned with
		  these aspects of their methodology regardless of whether
		  they are required to by law, it is our ethical
		  responsibility as professionals in this field. We augment
		  previous discourse on the ethics of computer security
		  research by sparking the discussion of how the nature of
		  security research may complicate determining how to treat
		  human subjects ethically. We conclude by suggesting ways
		  the community can move forward.},
  author = {Maritza L. Johnson and Steven M. Bellovin and Angelos D.
		  Keromytis},
  booktitle = {Financial Cryptography and Data Security},
  publisher = {Springer Berlin / Heidelberg},
  series = {Lecture Notes in Computer Science},
  title = {Computer Security Research with Human Subjects: Risks,
		  Benefits and Informed Consent},
  url = {https://www.cs.columbia.edu/~smb/papers/wecsr2011-irb.pdf},
  year = 2011,
  bdsk-url-1 = {https://www.cs.columbia.edu/~smb/papers/wecsr2011-irb.pdf}
}
@article{bellovin.bradner.ea:as,
  author = {Steven M. Bellovin and Scott O. Bradner and Whitfield
		  Diffie and Susan Landau and Jennifer Rexford},
  journal = {Communications of the {ACM}},
  note = {Note: this is a shorter version of ``Can it really
		  work?''},
  title = {As Simple As Possible --- But Not More So},
  url = {https://www.cs.columbia.edu/~smb/papers/simple-as-possible.pdf},
  xmonth = {August},
  xnumber = 8,
  xvolume = 54,
  year = 2011,
  bdsk-url-1 = {https://www.cs.columbia.edu/~smb/papers/simple-as-possible.pdf}
}
@article{bellovin.bradner.ea:can,
  abstract = { In 2004 the increasing number of attacks on U.S. federal
		  civilian agency computer systems caused the government to
		  begin an active effort to protect federal civilian agencies
		  against cyber intrusions . This classified program,
		  EINSTEIN, sought to do real-time, or near real-time,
		  automatic collection, correlation, and analysis of computer
		  intrusion information as a first step in protecting federal
		  civilian agency computer systems . EINSTEIN grew into a
		  series of programs, EINSTEIN, EINSTEIN 2, and EINSTEIN 3,
		  all based on intrusion-detection and intrusion-prevention
		  systems (IDS and IPS). Then there was public discussion of
		  extending the EINSTEIN system to privately held critical
		  infrastructure. \par Extending an EINSTEIN-like program to
		  the private sector raises serious technical and managerial
		  issues. Scale matters, as do the different missions of the
		  private sector and the public one. Expanding EINSTEIN-type
		  technology to critical infrastructure is complicated by the
		  complex legal and regulatory landscapes for such systems.
		  There are simply fundamental differences between
		  communication networks supporting the U.S. federal
		  government and those supporting the private-sector critical
		  infrastructures that create serious difficulties in
		  attempting to extend EINSTEIN-type technologies beyond the
		  federal sector. This paper examines the technology's
		  limitations, pointing out the problems involved in
		  expanding EINSTEIN beyond its original mandate. },
  author = {Steven M. Bellovin and Scott O. Bradner and Whitfield
		  Diffie and Susan Landau and Jennifer Rexford},
  journal = {National Security Journal},
  publisher = {Harvard},
  title = {Can It Really Work? {Problems} with Extending {EINSTEIN~3}
		  to Critical Infrastructure},
  url = {http://harvardnsj.org/wp-content/uploads/2012/01/Vol.-3_Bellovin_Bradner_Diffie_Landau_Rexford1.pdf},
  volume = 3,
  year = 2012,
  bdsk-url-1 = {http://harvardnsj.org/wp-content/uploads/2012/01/Vol.-3_Bellovin_Bradner_Diffie_Landau_Rexford1.pdf}
}
@misc{bellovin:submission,
  author = {Steven M. Bellovin},
  month = {July},
  title = {Submission to the {Privacy and Civil Liberties Oversight
		  Board}: Technical Issues Raised by the {Section} 215 and
		  {Section} 702 Surveillance Programs},
  url = {https://www.cs.columbia.edu/~smb/papers/PCLOB-statement.pdf},
  year = 2013,
  bdsk-url-1 = {https://www.cs.columbia.edu/~smb/papers/PCLOB-statement.pdf}
}
@article{bellovin.blaze.ea:lawful,
  abstract = { For years, legal wiretapping was straightforward: the
		  officer doing the intercept connected a tape recorder or
		  the like to a single pair of wires. By the 1990s, though,
		  the changing structure of telecommunications---there was no
		  longer just ``Ma Bell'' to talk to---and new technologies
		  such as ISDN and cellular telephony made executing a
		  wiretap more complicated for law enforcement. Simple
		  technologies would no longer suffice. In response, Congress
		  passed the Communications Assistance for Law Enforcement
		  Act (CALEA), which mandated a standardized lawful intercept
		  interface on all local phone switches. Technology has
		  continued to progress, and in the face of new forms of
		  communication---Skype, voice chat during multiplayer online
		  games, many forms of instant messaging, etc.---law
		  enforcement is again experiencing problems. The FBI has
		  called this ``Going Dark'': their loss of access to
		  suspects' communication. According to news reports, they
		  want changes to the wiretap laws to require a CALEA-like
		  interface in Internet software.
		  
		  CALEA, though, has its own issues: it is complex software
		  specifically intended to create a security
		  hole---eavesdropping capability---in the already-complex
		  environment of a phone switch. It has unfortunately made
		  wiretapping easier for everyone, not just law enforcement.
		  Congress failed to heed experts' warnings of the danger
		  posed by this mandated vulnerability, but time has proven
		  the experts right. The so-called ``Athens Affair'', where
		  someone used the built-in lawful intercept mechanism to
		  listen to the cell phone calls of high Greek officials,
		  including the Prime Minister, is but one example. In an
		  earlier work, we showed why extending CALEA to the Internet
		  would create very serious problems, including the security
		  problems it has visited on the phone system.
		  
		  In this paper, we explore the viability and implications of
		  an alternative method for addressing law enforcement's need
		  to access communications: legalized hacking of target
		  devices through existing vulnerabilities in end-user
		  software and platforms. The FBI already uses this approach
		  on a small scale; we expect that its use will increase,
		  especially as centralized wiretapping capabilities become
		  less viable.
		  
		  Relying on vulnerabilities and hacking poses a large set of
		  legal and policy questions, some practical and some
		  normative. Among these are:
		  
		  * Will it create disincentives to patching?
		  
		  * Will there be a negative effect on innovation? (Lessons
		  from the so--ÔÇÉcalled ``Crypto Wars'' of the 1990s, and,
		  in particular, the debate over export controls on
		  cryptography, are instructive here.)
		  
		  * Will law enforcement's participation in vulnerabilities
		  purchasing skew the market?
		  
		  * Do local and even state law enforcement agencies have the
		  technical sophistication to develop and use exploits? If
		  not, how should this be handled? A larger FBI role?
		  
		  * Should law enforcement even be participating in a market
		  where many of the sellers and other buyers are themselves
		  criminals?
		  
		  * What happens if these tools are cpatured and repurposed
		  by miscreants?
		  
		  * Should we sanction otherwise-illegal network activity to
		  aid law enforcement?
		  
		  * Is the probability of success from such an approach too
		  low for it to be useful?
		  
		  As we will show, though, these issues are indeed
		  challenging. We regard them, on balance, as preferable to
		  adding more complexity and insecurity to online systems. },
  author = {Steven M. Bellovin and Matt Blaze and Sandy Clark and
		  Susan Landau},
  date-modified = {2013-09-10 00:39:24 +0000},
  journal = {Northwestern Journal of Technology {\&} Intellectual
		  Property},
  url = {http://scholarlycommons.law.northwestern.edu/njtip/vol12/iss1/1/},
  title = {Lawful Hacking: Using Existing Vulnerabilities for
		  Wiretapping on the {Internet}},
  year = 2014,
  volume = 12,
  number = 1,
  bdsk-url-1 = {http://papers.ssrn.com/sol3/papers.cfm?abstract_id=2312107}
}
@article{bellovin:why,
  author = {Steven M. Bellovin},
  date = {2013-10--15},
  journal = {CNN.com},
  month = {October 15},
  title = {Why Healthcare.gov Has So Many Problems},
  url = {http://www.cnn.com/2013/10/14/opinion/bellovin-obamacare-glitches/},
  year = 2013,
  bdsk-url-1 = {http://www.cnn.com/2013/10/14/opinion/bellovin-obamacare-glitches/}
}