PDFLINK |
A Conversation with 2024 Bertrand Russell Prize Winner Susan Landau
This is an interview with Susan Landau about her career and contributions. In November 2023, the AMS announced that Landau would receive the 2024 Bertrand Russell Prize. This prize is awarded every three years for research contributions or service that promote good in the world and show how mathematics can support fundamental human values.
Q1: Susan, let me first congratulate you on the Betrand Russell Prize. In your case it was for work on encryption policy and digital privacy, spanning technical research papers, public-facing articles, national studies, and work that informed policymakers. Which specific contributions do you feel best exemplify your work?
A: Privacy on the Line: The Politics of Wiretapping and Encryption, coauthored with Whitfield Diffie, was the first policy-oriented book in this area and has become a standard reference. Three coauthored papers, “Security Implications of Applying the Communications Assistance to Law Enforcement Act to Voice over IP”
Q2: I enjoyed reading your account of the formation of the cryptographic policy community in Rebecca Slayton’s book celebrating 2015 Turing Award winners Martin Hellman and Whitfield Diffie
A: Life is full of accidents and deliberate decisions. In my case, the accidental aspect came from my academic career becoming somewhat derailed after my husband did not get tenure at Yale; the deliberate part includes the fact that I always had a strong interest in policy work. So when I did not receive an anticipated faculty appointment in 1993, I worked on an Association of Computing Machinery study on encryption policy; then Whit Diffie, who was on the study, suggested we write a book on the issue. Thus, he and I wrote Privacy on the Line. After the book came out, Sun Microsystems, where Whit worked, offered me a position. While my role was intended to be two-thirds technical, after five years at Sun, I found I was increasingly focusing on policy. I was happy, Sun was happy, and there it was.
Q3: Your early mathematics research included work on polynomial decomposition and factoring polynomials over algebraic number fields. That’s quite different in substance from privacy and surveillance. Do you have any advice for young mathematicians on how to select areas in which to expand and apply their knowledge?
A: I have always been attracted to problems at the confluence of fields. My early work was on fast algorithms for algebraic problems, which lies at the intersection of algebra and theoretical computer science. There’s a richness in such questions, but it is also challenging, since you must learn the language and techniques from two areas. And publication can prove complicated, since people in the two fields may not always get the point of the research question—and thus the value of the contribution. All that said, there are great intellectual problems at such intersections; finding which are the rich and important ones requires reading deeply and talking to experts—and not being taken in by the easy, but less important, questions at that intersection.
Q4: You worked alongside Whitfield Diffie for 11 years at Sun Microsystems, and published several joint works. What big differences did you see between your activities and priorities while in industry, compared to your career in academia?
A: The answer to this could be a chapter in itself…I was very lucky to work at Sun, where people were really smart, generous about guiding me in learning new technologies, and where the technology itself was really cutting edge. The most important thing I learned was to be realistic in solving problems. What resources—computing, people, policy, etc.—would actually be needed to instantiate the proposed solution? That was an invaluable lesson for an academic. Another invaluable lesson was to learn to talk with and understand different players in the ecosystem, salespeople, engineers working at low-level implementations, architects, policy folks, senior leadership. Each focused on a different aspect of an issue, which meant that to be successful I had to understand—and be able to talk about—these different dimensions. It was a great education.
Q5: The fields of cryptography, security, and privacy have grown hugely in the 50 years since the 1974 call for proposals for the Data Encryption Standard and the conception of public-key cryptography (1976) and RSA (1978). Those of us already interested in these areas as students in the 1980s could absorb this slowly—but students today must climb a mountain of knowledge. Can you offer any advice on how to get started on this climb, for new students wishing to contribute as you have?
A: One answer, which is what I did, was to learn science first, even while taking a course or two along the way in the policy issues. (In my case, this included constitutional law as an undergraduate, a course from Joe Weizenbaum on computers and society as a graduate student, and always reading on science policy issues. I did this last aspect from early on.) As you are establishing yourself as a scientist, you afford a bit of time to learn the policy work. Do it by going to seminars and developing an understanding for what and how the smart scholars are asking about. Here it’s worth taking a look at the article on “How I Learned to Concentrate” by Cal Newport in the New Yorker earlier this year about thinking deeply—which also goes back to my earlier comment about figuring out what the important issues are at the intersection and focusing there.
Q6: Metadata is immensely important in privacy and surveillance. You’ve written about this in 2016
A: To your first question—what do we mean by metadata—I wish I knew. Facetiousness aside, metadata means “data about data” such as the card catalogue information about a book (title, author, publisher, date of publication, etc.) or the call detail information about a phone call (as opposed to the call content). What we’ve learned about metadata in the last 30 years is its richness. By this, I mean that its use and, particularly, its aggregation can be just as revelatory—if not more so—than so-called content.
Q7: “The risks of key recovery, key escrow, and trusted third-party encryption” is a 1997 paper warning against architectural changes to communications products in order to grant law enforcement agencies “exceptional access” to message content. One concern is that backdoor access interfaces typically introduce security weaknesses. You’ve contributed to the previously mentioned sequel, “Keys under doormats”
A: End-to-end encryption is increasingly available for all the reasons I and many others have repeatedly argued, namely the need for the general public to secure their communications and data. Yet despite cyber threats and increasingly sophisticated threat actors, many governments—sometimes their law-enforcement agencies and sometimes law-enforcement and national-security agencies—continue to fight rearguard actions to roll back to technology that is significantly more hackable. As long as those rearguard actions continue, so will the Crypto Wars.
Q8: Edward Snowden’s 2013 revelations, which you have written about
A: I’d already been working on metadata at the time of the Snowden disclosures, so I was in a good position to write about the issues. The huge volume of material that Snowden disclosed was probably the most challenging aspect of working on it; I did not try to cover everything.
Most surprising to me was the public interest in all of it; public interest was also really high in the 2016 Apple-FBI case
Q9: One issue Snowden exposed was secret use of the US Patriot Act to justify systematic bulk collection of US citizens’ phone records (metadata), by taking the view that mass collection and data storage did not constitute surveillance. When US courts ruled this illegal in 2015, did anything actually change?
A: Yes, but not directly as a result of the court decision (there was another that went the other way). Rather, the 2015 USA FREEDOM Act put limits on collection and use of bulk metadata, with storage at the providers and use, under relatively tight conditions, by the government using “selectors.”
But, in fact, by the time of the Snowden disclosures, the bulk metadata collection had become less useful due to a combination of changes in technology and the way terrorist groups were organized (e.g., the shift from Al Qaeda to ISIS). Post the USA FREEDOM Act, the NSA set up a complex architecture for accessing metadata of domestic communications to comply with the new law, but then ran into technical problems. In June 2018, the agency purged three years worth of collection and later abandoned the program. They might have done so earlier had it not been for the Snowden disclosures, which made the whole issue something of a hot potato.
Q10: You’ve also written about NSA’s loss of trust due to their promotion of Dual_EC_DRBG
A: Yes and no. By that point, I had often heard testimony from the FBI on the encryption issue that was, at best, highly misleading. The NSA’s duplicitous activity of introducing a backdoored algorithm and having the National Institute of Standards and Technology (NIST) approve this was a different scale entirely. This badly damaged NIST’s reputation in the cryptographic community for a time (it also resulted in reforms that strengthened the NIST cryptographic competition process). And then a foreign adversary co-opted the algorithm, creating a backdoor into a widely used VPN product.
Finally, this behavior was undoubtedly the reason that Brian Snow, who had been technical director of NIST’s Information Assurance Directorate was moved out of that position as he never would have approved the Dual_EC_DRBG hack. That, coming toward the end of Brian’s impressive career in information assurance, was very damaging to Brian, who I think is insufficiently recognized for his contributions to increasing the public’s ability to use strong encryption.
Q11: Government agencies also have responsibility to strengthen security within their country, to strengthen national economies, financial and electrical critical infrastructures against criminal activities and foreign nation states. You’ve written about the NSA aiding US industry in this regard
A: It’s important to remember that the government is not a monolith. Different agencies—and even different parts of agencies—have very different viewpoints of balance between the security afforded by making strong encryption widely available and making it easier to track the “bad guys.” Such conflicting goals are common for cryptography policy—and for many other policy issues as well.
Q12: Your work has covered ethical and legal issues where surveillance laws intersect cryptography and computer security. For young experts who might be working in government agencies or considering such careers, do you have advice on how to avoid or address conflicts of interest between what agencies may view as critical to their mission success, and societal expectations to respect privacy laws?
A: It’s absolutely critical to understand why you’re doing the work you’re doing. That includes understanding the moral issues around the work as well as being willing to leave if the issues change to make the work no [longer] morally defensible.
This last is a question that many of the scientists working on the Manhattan Project lost sight of as the likelihood of the bomb project succeeding increased. One who didn’t is Joe Rotblat, a Polish physicist working at Los Alamos. Rotblat had debated hard with himself, deciding that working on an atomic weapon was valid because it was crucial to ensure that the Allies developed the weapon before the Germans did. Once word came back to Los Alamos in 1944 that the Germans had not succeeded in building a nuclear weapon, Rotblat left the bomb project, and was the only one to do so at that time. What enabled him to make that moral decision was his clearheadedness as to why he was working on an atomic weapon. Thus, when circumstances changed, Rotblat saw the reasons for his doing so were no longer valid.
Q13: Given the breadth of your research interests, how do you choose which projects to take on; how do you manage your time and commitments?
A: These days, with great difficulty. In the early days of cybersecurity policy, it was easy to be involved in many areas; now there’s simply too much going on.
I do baffingly simple things to manage my time and commitments; sometimes this works well, sometimes I am overambitious as to what I can accomplish in a week, a month, a semester. Every few weeks, I review what I hope to get done in the next few months; every week, I review what I’d like to do over the week; and every day, I do the same for the day. Even as I’m tempted by all these interesting projects, I remember that taking walks, reading books, having time for a trip to New York for theater and the ballet are important and that I should not overcommit on work so that I can do these things. But, as I said, I don’t always do this as well as I should.
Q14: Work such as yours spanning disparate communities can create publication problems, as reviewers of interdisciplinary work may reject papers beyond their own narrow, familiar confines as “better suited for other venues,” thus discouraging interdisciplinary research. What is your experience here; any advice on the pros and cons of interdisciplinary work?
A: Academia is siloed and that can mean that journal and conference editors and reviewers—and department tenure committees—don’t always understand the work and are not always appreciative of such efforts. That said, I’ve been lucky to have colleagues and funding agencies, including NSF and the William and Flora Hewlett Foundation, who see the value of such work.
So my advice is: to thine own self be true. If these interdisciplinary questions grab you, do the work but recognize that the path is nonstandard and put yourself in a professional situation where you can not only survive, but thrive. This might be in a “lesser” school that sees the value of this work, it might mean deciding to put off such work til post tenure when you can afford more risks. Talk to your elders—the people in the field, the people in the institution in which you’re working—and understand the risks you’re taking and whether they’re worth it to you (and your family).
While not the most positive of answers, this is my experience of working in interdisciplinary settings.
Q15: Some of your work, while highly relevant to practical researchers in cryptography, privacy, and security, is in venues atypical for CS and engineering security. For example, your 2006 critique of the FBI’s proposal to extend 1994 CALEA requirements (Communications Assistance for Law Enforcement Act) to the Internet and voice over IP communications
A: My odd path is, as I said, partially an accident stemming from my husband’s tenure decision and the disruption it caused to my career. Moving to Sun for eleven years was not at all a guarantee I’d find my way back to academia and, while the government and National Academies of Science, Engineering, and Medicine panels have been among the most interesting things I’ve ever worked on, doing so was not something that most academic departments focus on.
So my advice to students is don’t do what I did, but do a variation on it. Talk with industry folks and really understand their problems. Take a summer or a sabbatical at an industry lab and work on their problems (and not your academic generalization of it). Widen your perspective. Use the broad abstract thinking you learned to “get” what industry is doing, understand their details really well, solve some of their problems—and use that perspective to really inform your thinking.
I hope that advice is not so abstract that it can’t be implemented.
Q16: Supporting women in science is a priority close to your heart. Tell us why it’s so important, and about the workshop called GREPSEC (an acronym derived from G/rep{sec}).
A: There were any number of barriers in front of me as a young woman scientist: the male faculty member who looked me up and down when I went in with a question during office hours (this ensured I’d never come back), being told more than once that women weren’t good in math, having a department ombudsman explain to me that a faculty member’s discriminatory behavior was well known but his own personal opinion—and the department wouldn’t do anything about it. This was all exhausting to work with and ultimately very discouraging to many of us. None of what happened to me and other young women was fair—or appropriate. We need women and other members of underrepresented groups in the STEM fields. I do this work because I want things different for young people.
GREPSEC, a graduate student workshop for women and members of underrepresented groups in security and privacy, came about because Terry Benzel, Hilarie Orman, and I were sitting together at the 2012 IEEE Security and Privacy (a premier computer science meeting in security and privacy), when the following year’s program committee was announced. My recollection is that the proposed committee had forty men and two women on it.
The three of us looked at each other in consternation and immediately determined to do something about the lack of women. Within three months we had funding from NSF and the Computing Research Association Committee on the Status of Women in Computing Research to launch our workshop. Now some of our “graduates” are on the program committees of IEEE S&P and other privacy and security meetings.
Q17: You’ve written four books (five if we count a second edition): Privacy on the Line
A: I learned lots of different things from writing each of the books, sometimes technical material, sometimes economics, sometimes law—and always about how to write. In writing Privacy on the Line, digging into wiretap history taught me how people had already thought hard about the tradeoffs decades before the Crypto Wars. In writing Surveillance or Security, I learned about Internet architecture at a deeper level than I had previously understood. In Listening In, I learned about use of the Internet of Things in industry, while in People Count—a very new area for me—I learned some about biology and contagious diseases. A delight for me was that I relied on knowledge from Paul De Kruif’s 1926 Microbe Hunters, a book I read in my early teens that helped launch my interest in science.
Q18: Thank you so much for your time Susan, and your many rich contributions. Is there anything further you’d like to add in closing?
A: There are two things:
First, The Bertrand Russell Award is very personally meaningful because of the Pugwash Conferences on Science and World Affairs, which Russell and Rotblat founded. This international organization of scientists, founded in 1957, works on eliminating weapons of mass destruction. Pugwash—named after the location in Nova Scotia where the first meeting was held—has had tremendous impact, including being the movers behind the 1963 nuclear test ban treaty and other international arms treaties. The Student Pugwash Conference I attended in 1981 has influenced my work in science and science policy ever since.
And Paul, many thanks for this interview; you’ve asked a number of really insightful questions.
References
[ AAB 24] - Hal Abelson, Ross J. Anderson, Steven M. Bellovin, Josh Benaloh, Matt Blaze, Jon Callas, Whitfield Diffie, Susan Landau, Peter G. Neumann, Ronald L. Rivest, Jeffrey I. Schiller, Bruce Schneier, Vanessa Teague, and Carmela Troncoso, Bugs in our pockets: The risks of client-side scanning, J. Cybersecur. 10 (2024), 1–18.,
Show rawAMSref
\bib{abelson:2024:bugs}{article}{ author={Abelson, Hal}, author={Anderson, Ross~J.}, author={Bellovin, Steven~M.}, author={Benaloh, Josh}, author={Blaze, Matt}, author={Callas, Jon}, author={Diffie, Whitfield}, author={Landau, Susan}, author={Neumann, Peter~G.}, author={Rivest, Ronald~L.}, author={Schiller, Jeffrey~I.}, author={Schneier, Bruce}, author={Teague, Vanessa}, author={Troncoso, Carmela}, title={{Bugs in our pockets: The risks of client-side scanning}}, date={2024}, journal={{J. Cybersecur.}}, volume={10}, pages={1\ndash 18}, url={https://www.schneier.com/wp-content/uploads/2024/01/Bugs_in_Our_Pockets.pdf}, }
[ AAB 15] - Harold Abelson, Ross J. Anderson, Steven M. Bellovin, Josh Benaloh, Matt Blaze, Whitfield Diffie, John Gilmore, Matthew Green, Susan Landau, Peter G. Neumann, Ronald L. Rivest, Jeffrey I. Schiller, Bruce Schneier, Michael A. Specter, and Daniel J. Weitzner, Keys under doormats: Mandating insecurity by requiring government access to all data and communications, J. Cybersecur. 1 (2015), no. 1, 69–79.,
Show rawAMSref
\bib{abelson:2015:doormatsLong-jcybsec}{article}{ author={Abelson, Harold}, author={Anderson, Ross~J.}, author={Bellovin, Steven~M.}, author={Benaloh, Josh}, author={Blaze, Matt}, author={Diffie, Whitfield}, author={Gilmore, John}, author={Green, Matthew}, author={Landau, Susan}, author={Neumann, Peter~G.}, author={Rivest, Ronald~L.}, author={Schiller, Jeffrey~I.}, author={Schneier, Bruce}, author={Specter, Michael~A.}, author={Weitzner, Daniel~J.}, title={{Keys under doormats: Mandating insecurity by requiring government access to all data and communications}}, date={2015}, journal={J. Cybersecur.}, volume={1}, number={1}, pages={69\ndash 79}, url={https://doi.org/10.1093/cybsec/tyv009}, }
[ BBB] - S. Bellovin, M. Blaze, E.F. Brickell, C. Brooks, V. Cerf, W. Diffie, S. Landau, J. Peterson, and J. Treichler, Security implications of applying the Communications Assistance to Law Enforcement Act to Voice over IP. Information Technology Association of America, June 2006 report, https://privacyink.org/pdf/CALEAVOIPreport.pdf.,
Show rawAMSref
\bib{bellovin:2006:report}{misc}{ author={Bellovin, S.}, author={Blaze, M.}, author={Brickell, E.F.}, author={Brooks, C.}, author={Cerf, V.}, author={Diffie, W.}, author={Landau, S.}, author={Peterson, J.}, author={Treichler, J.}, title={{Security implications of applying the Communications Assistance to Law Enforcement Act to Voice over IP}}, note={Information Technology Association of America, June 2006 report, \url {https://privacyink.org/pdf/CALEAVOIPreport.pdf}}, }
[ DL98] - Whitfield Diffie and Susan Landau, Privacy on the Line: The Politics of Wiretapping and Encryption, MIT Press, 1998. Updated and expanded in 2007 (second edition).,
Show rawAMSref
\bib{diffieLandau:1998:book1e}{book}{ author={Diffie, Whitfield}, author={Landau, Susan}, title={{Privacy on the Line: The Politics of Wiretapping and Encryption}}, publisher={{MIT} Press}, date={1998}, note={Updated and expanded in 2007 (second edition)}, }
[ DL07] - Whitfield Diffie and Susan Landau, The export of cryptography in the 20th century and the 21st, The History of Information Security: A Comprehensive Handbook, 2007, pp. 725–736, https://www.sciencedirect.com/science/article/abs/pii/B9780444516084500274. Also in (2000): Sun Microsystems Laboratories: The First Ten Years.,
Show rawAMSref
\bib{whitSusan:2007:handbook}{incollection}{ author={Diffie, Whitfield}, author={Landau, Susan}, title={{The export of cryptography in the 20th century and the 21st}}, date={2007}, booktitle={{ The History of Information Security: A Comprehensive Handbook}}, editor={Leeuw, Karl~De}, editor={Bergstra, Jan}, publisher={{Amsterdam: Elsevier}}, pages={725\ndash 736}, url={https://www.sciencedirect.com/science/article/abs/pii/B9780444516084500274}, note={Also in (2000): \textit {Sun Microsystems Laboratories: The First Ten Years}}, }
[ Hal14] - Thomas C. Hales, The NSA back door to NIST, Notices Amer. Math. Soc. 61 (2014), no. 2, 190–192, DOI 10.1090/noti1078. MR3156686,
Show rawAMSref
\bib{hales:2014:ams}{article}{ author={Hales, Thomas C.}, title={The NSA back door to NIST}, journal={Notices Amer. Math. Soc.}, volume={61}, date={2014}, number={2}, pages={190--192}, issn={0002-9920}, review={\MR {3156686}}, doi={10.1090/noti1078}, }
[ KL22] - Nadiya Kostyuk and Susan Landau, Dueling over Dual_EC_DRBG: The consequences of corrupting a cryptographic standardization process, Harvard National Security J. 13 (2022), 224–284.,
Show rawAMSref
\bib{kostyuk:2022:harvardNatlSecJ}{article}{ author={Kostyuk, Nadiya}, author={Landau, Susan}, title={{Dueling over Dual\_EC\_DRBG: The consequences of corrupting a cryptographic standardization process}}, date={2022}, journal={Harvard National Security J.}, volume={13}, pages={224\ndash 284}, }
[ Lan06] - Susan Landau, National security on the line, J. Telecommun. High Technol. Law 4 (2006), no. 2, 409–448.,
Show rawAMSref
\bib{landau:2006:jTelecomHighTechLaw}{article}{ author={Landau, Susan}, title={National security on the line}, date={2006}, journal={{J. Telecommun. High Technol. Law}}, volume={4}, number={2}, pages={409\ndash 448}, url={http://www.jthtl.org/content/articles/V4I2/JTHTLv4i2_Landau.PDF}, }
[ Lan11] - Susan Landau, Surveillance Or Security? The Risks Posed by New Wiretapping Technologies, MIT Press, 2011, https://mitpress.mit.edu/9780262518741/surveillance-or-security/.,
Show rawAMSref
\bib{DBLP:books/mit/Landau2011}{book}{ author={Landau, Susan}, title={{Surveillance Or Security? The Risks Posed by New Wiretapping Technologies}}, publisher={{MIT} Press}, date={2011}, isbn={9780262015301}, url={https://mitpress.mit.edu/9780262518741/surveillance-or-security/}, }
[ Lan13a] - Susan Landau, Making sense from Snowden: What’s significant in the NSA surveillance revelations, IEEE Secur. Priv. 11 (2013), no. 4, 54–63.,
Show rawAMSref
\bib{DBLP:journals/ieeesp/Landau13a}{article}{ label={Lan13a}, author={Landau, Susan}, title={{Making sense from Snowden: What's significant in the NSA surveillance revelations}}, date={2013}, journal={{IEEE} Secur. Priv.}, volume={11}, number={4}, pages={54\ndash 63}, url={https://doi.org/10.1109/MSP.2013.90}, }
[ Lan13b] - Susan Landau, The large immortal machine and the ticking time bomb, J. Telecommun. High Technol. Law 11 (2013), no. 1, 1–44.,
Show rawAMSref
\bib{landau:2013:jTelecomHighTechLaw}{article}{ label={Lan13b}, author={Landau, Susan}, title={{The large immortal machine and the ticking time bomb}}, date={2013}, journal={J. Telecommun. High Technol. Law}, volume={11}, number={1}, pages={1\ndash 44}, url={http://www.jthtl.org/content/articles/V11I1/JTHTLv11i1_Landau.PDF}, }
[ Lan14a] - Susan Landau, Highlights from making sense of Snowden, part II: What’s significant in the NSA revelations, IEEE Secur. Priv. 12 (2014), no. 1, 62–64.,
Show rawAMSref
\bib{DBLP:journals/ieeesp/Landau14}{article}{ label={Lan14a}, author={Landau, Susan}, title={{Highlights from making sense of Snowden, part {II:} What's significant in the {NSA} revelations}}, date={2014}, journal={{IEEE} Secur. Priv.}, volume={12}, number={1}, pages={62\ndash 64}, url={https://doi.org/10.1109/MSP.2013.161}, }
[ Lan14b] - Susan Landau, Under the radar: NSA’s efforts to secure private-sector telecommunications infrastructure, J. National Security Law & Policy 7 (2014), 411–422.,
Show rawAMSref
\bib{landau:2014:lawPolicy}{article}{ label={Lan14b}, author={Landau, Susan}, title={{Under the radar: NSA's efforts to secure private-sector telecommunications infrastructure}}, date={2014}, journal={J. National Security Law \& Policy}, volume={7}, pages={411\ndash 422}, url={https://jnslp.com/wp-content/uploads/2015/03/NSA%E2%80%99s-Efforts-to-Secure-Private-Sector-Telecommunications-Infrastructure_2.pdf}, }
[ Lan16] - Susan Landau, Transactional information is remarkably revelatory, Proc. Natl. Acad. Sci. USA 113 (2016), no. 20, 5467–5469.,
Show rawAMSref
\bib{landau:2016:pnas}{article}{ author={Landau, Susan}, title={Transactional information is remarkably revelatory}, date={2016}, journal={Proc. Natl. Acad. Sci. {USA}}, volume={113}, number={20}, pages={5467\ndash 5469}, url={https://doi.org/10.1073/pnas.1605356113}, }
[ Lan20] - Susan Landau, Categorizing uses of communications metadata: Systematizing knowledge and presenting a path for privacy, NSPW: New Security Paradigms Workshop, 2020, pp. 1–19, https://doi.org/10.1145/3442167.3442171.,
Show rawAMSref
\bib{landau:2020:nspw}{inproceedings}{ author={Landau, Susan}, title={{Categorizing uses of communications metadata: Systematizing knowledge and presenting a path for privacy}}, date={2020}, booktitle={{NSPW: New Security Paradigms Workshop}}, publisher={{ACM}}, pages={1\ndash 19}, url={https://doi.org/10.1145/3442167.3442171}, }
[ Lan22] - Susan Landau, The development of a crypto policy community: Diffie-Hellman’s impact on public policy, Democratizing Cryptography: The Work of Whitfield Diffie and Martin Hellman, 2022, pp. 213–256, https://doi.org/10.1145/3549993.3550002.,
Show rawAMSref
\bib{DBLP:books/acm/22/000122}{incollection}{ author={Landau, Susan}, title={{The development of a crypto policy community: Diffie-Hellman's impact on public policy}}, date={2022}, booktitle={{Democratizing Cryptography: The Work of Whitfield Diffie and Martin Hellman}}, editor={Slayton, Rebecca}, series={{ACM} Books}, volume={42}, publisher={{ACM}}, pages={213\ndash 256}, url={https://doi.org/10.1145/3549993.3550002}, }
[ LVL23] - Susan Landau and Patricia Vargas Leon, Reversing privacy risks: Strict limitations on the use of communications metadata and telemetry information, Colo. Tech. LJ 21 (2023), 225–336.,
Show rawAMSref
\bib{landau:2023:coloTechLawJ}{article}{ author={Landau, Susan}, author={Vargas~Leon, Patricia}, title={{Reversing privacy risks: Strict limitations on the use of communications metadata and telemetry information}}, date={2023}, journal={Colo. Tech. LJ}, volume={21}, pages={225\ndash 336}, }
[ Wik] - Wikipedia, Apple-FBI encryption dispute. Last accessed May 8, 2024., https://en.wikipedia.org/wiki/Apple-FBI_encryption_dispute.,
Show rawAMSref
\bib{appleFBI:2016:case}{misc}{ author={Wikipedia}, title={{Apple-FBI encryption dispute}}, note={Last accessed May 8, 2024.}, url={https://en.wikipedia.org/wiki/Apple-FBI_encryption_dispute}, }
Credits
Photo of Paul C. van Oorschot is courtesy of Paul C. van Oorschot.
Photo of Susan Landau is courtesy of Susan Landau.