Distinguished Practitioner

speaker photo

Privacy: It's All in the Use Case

Susan Landau, Visiting Scholar, Computer Science, Harvard University, USA

read paper View Presentation

The standard approach to privacy is through the Fair Information Practice Principles (FIPPs): Notice, Choice/Consent, Access, Integrity/Security, and Enforcement/Redress. This decades-old set of principles has broad applicability and has been widely adopted internationally. Yet the FIPPs approach has had mixed impact "on the ground." It's hard to translate abstract principles into active code (either East Coast and West Coast code), and it has frequently been the case that incentive --- or enforcement --- have been lacking. So the FIPPs approach has often left privacy protections being empty abstractions rather than concrete instantiations.

If one wants to provide real privacy protections in technology, one way to approach the issue is through use cases. What identity information should be collected when someone posts a blog comment? What about when accessing an information resource? What object is this RFID tagging? A book? A can of coke? A sports jacket? How much information about the object should be shared? With whom?

In this talk, I'll discuss developing privacy through thoroughly understanding the use cases.

Susan Landau is a Visiting Scholar in the Computer Science Department at Harvard University. During 2010-2011 Landau was a fellow at the Radcliffe Institute for Advanced Study at Harvard. Her book "Surveillance or Security? The Risks Posed by New Wiretapping Technologies" was just published by MIT Press.

From 1999 to 2010, Landau was at Sun Microsystems, first as Senior Staff Engineer and then as Distinguished Engineer, where she worked on security, cryptography, and policy, including surveillance and digital-rights management issues. She advised government officials in the U.S. and abroad on security risks of various surveillance technologies, helped in the development of privacy and security policies for the Liberty federated identity management system, with Sun's CTO established Sun's innovative stance on digital-rights management, and was instrumental in keeping the control of federal civilian computer security within civilian agencies. Landau is coauthor, with Whitfield Diffie, of ``Privacy on the Line: the Politics of Wiretapping and Encryption'' (MIT Press, 1998; rev. 2007), and she is the author of numerous computer science and public policy papers, as well as op-eds on cybersecurity and encryption policy for various leading newspapers, including the Washington Post and the Chicago Tribune. She has spoken frequently on these issues for NPR. Prior to her time at Sun, Landau was a faculty member at the University of Massachusetts and at Wesleyan University. She is a member of the National Research Council Computer Science and Telecommunications Board, serves on the advisory committee for the National Science Foundation's Directorate for Computer and Information Science and Engineering, and on the CSIS Commission on Cyber Security for the 44th Presidency. Landau is a recipient of the 2008 Women of Vision Social Impact Award, a AAAS Fellow, and an ACM Distinguished Engineer. She received her BA from Princeton, her MS from Cornell, and her PhD from MIT.

Invited Essayist

speaker photo

The Science of Cyber Security Experimentation: The DETER Project

Terry Benzel, USC Information Sciences Institute, USA

read paper Read Paper         read paper View Presentation

Our critical infrastructures continue to be vulnerable to cyber attack, and we are at risk from the convergence of cyber attack and more traditional terrorist activities. As the Internet has become pervasive and our critical infrastructures inextricably tied to information systems, the risk for economic, social, and physical disruption due to the insecurities of information systems has increased immeasurably. Over the past 10 years there has been increased investment in research on cyber security technologies by U.S. government agencies and industry. However, a large-scale deployment of security technology sufficient to protect the vital infrastructure is lacking. One important reason for this deficiency is the lack of an experimental infrastructure and rigorous scientific methodologies for developing and testing next-generation cyber security technology.

Since 2004, the DETER Cybersecurity Testbed Project has worked to create the necessary infrastructure–facilities, tools, and processes–to provide a national resource for experimentation in cyber security. The DETER project is engaged in an active research program to extend DETER through advances in testbed design and experimental research methods, targeting improved experimental validity, enhanced usability, and increased size, complexity, and diversity of experiments. This paper outlines the DETER project's status, current R&D directions and summarizes lessons learned.

Terry V. Benzel is Deputy Director for the Computer Networks Division at the Information Sciences Institute (ISI) of the University of Southern California (USC). She participates in business development, technology transfer and special projects with industrial and academic partners. She is the technical project lead for the Cyber Defense Technology Experimental Research (DETER) testbed projects funded by DHS, NSF and DARPA. The projects are developing an experimental infrastructure network and scientifically rigorous testing frameworks and methodologies to support the development and demonstration of next-generation information security technologies for cyber defense.

Ms. Benzel has a joint appointment at the Marshall School of Business where she is a researcher at the Institute for Critical Information Infrastructure Protection. She is responsible for helping to develop Systemic Security Management as an open source body of work and developing public/private partnerships in information security research.

Prior to joining USC ISI, Ms. Benzel was a Division Vice President at Network Associates, Inc. where she was responsible for all aspects of the 125-staff advanced research organization performing government funded R&D for DARPA and other agencies.

Ms. Benzel has served as an advisor to government and industry on R&D strategy and roadmap development, providing guidance to White House Office of Science Technology and Policy, Critical Infrastructure Assurance Office, Department Of Defense and industry alliances. She testified before House Committee on Science, "Cyber Security —How Can We Protect American Computer Networks from Attack: The Importance of Research and Development."

Classic Paper 1

speaker photo

A Peel of Onion

Paul Syverson, US Naval Research Laboratory, USA

read paper Read Paper         read paper View Presentation

Onion routing was invented fifteen years ago to separate identification from routing in network communication. Since that time there has been much design, analysis, and deployment of onion routing systems. This has been accompanied by much confusion about what these systems do, what security they provide, how they work, who built them, and even what they are called. Here I give an overview of onion routing from its earliest conception to the latest usage of Tor, a global network with about a half million users on any given day. We will also take a peek at where onion routing is headed.

Paul Syverson---inventor of onion routing and other technologies, designer of Tor, multiply published author, chair of many security and privacy conferences---has received various patents and awards, several advanced degrees, and an origami magic rabbit folded for him by Gus Simmons. For over two decades as Mathematician at the U.S. Naval Research Laboratory, he has investigated authentication, epistemic logic, information flow in probabilistic systems, incentives in protocols and systems, anonymous communication, and other aspects of computer security and privacy. Paul is currently Associate Editor of the Journal of Computer Security, has served as director of international computer security organizations, and has been a visiting scholar and guest faculty member at universities and institutes in the U.S., England, and Italy. You can humor him by feigning interest in any of this or something you find at

Classic Paper 2

speaker photo

Key Escrow from a Safe Distance

Matt Blaze, Univ. of Pennsylvania, USA

read paper Read Paper

In 1993, the US Government proposed an "Escrowed Encryption Standard" (popularly known as the "Clipper Chip"), in which keys to encrypt public communication could be recovered by law enforcement if needed during a wiretap. It was a wildly unpopular proposal, mostly for obvious political and social reasons, but it was also a bad idea for technical reasons. This talk will explore the early history of the 1990's crypto wars with the benefit of 15 years of technical hindsight.

Matt Blaze is Associate Professor of Computer and Information Science at the University of Pennsylvania. Cryptology and computer security have important relationships to vital areas of public policy, and Matt's work has discussed on these in several ways. In 1994, he discovered a serious flaw in the US Government's "Clipper" encryption system, which had been proposed as a mechanism for the public to encrypt their data in a way that would still allow access by law enforcement. He has edited several influential reports on encryption policy, including the 1998 study of "key escrow" systems that demonstrated that such systems are inherently less secure and more expensive than systems without such a feature. This work contributed to the shift in U.S. encryption policy. More recently, he has been active in the analysis of the FBI's ``Carnivore'' Internet wiretap system. He has testified before various committees of the US Congress and European Parliament several times, providing technical perspective on the problems surrounding law enforcement and intelligence access to communications traffic and computer data. Matt holds a PhD in Computer Science from Princeton University.