https://www.schneier.com/blog/archives/2024/03/ross-anderson.html Schneier on Security Menu * Blog * Newsletter * Books * Essays * News * Talks * Academic * About Me Search Powered by DuckDuckGo [ ] [Go] ( ) Blog ( ) Essays (*) Whole site Subscribe Atom FeedFacebookTwitterKindleE-Mail Newsletter (Crypto-Gram) HomeBlog Ross Anderson Ross Anderson unexpectedly passed away Thursday night in, I believe, his home in Cambridge. I can't remember when I first met Ross. Of course it was before 2008, when we created the Security and Human Behavior workshop. It was well before 2001, when we created the Workshop on Economics and Information Security. (Okay, he created both--I helped.) It was before 1998, when we wrote about the problems with key escrow systems. I was one of the people he brought to the Newton Institute, at Cambridge University, for the six-month cryptography residency program he ran (I mistakenly didn't stay the whole time)--that was in 1996. I know I was at the first Fast Software Encryption workshop in December 1993, another conference he created. There I presented the Blowfish encryption algorithm. Pulling an old first-edition of Applied Cryptography (the one with the blue cover) down from the shelf, I see his name in the acknowledgments. Which means that sometime in early 1993--probably at Eurocrypt in Lofthus, Norway--I, as an unpublished book author who had only written a couple of crypto articles for Dr. Dobb's Journal, asked him to read and comment on my book manuscript. And he said yes. Which means I mailed him a paper copy. And he read it. And mailed his handwritten comments back to me. In an envelope with stamps. Because that's how we did it back then. I have known Ross for over thirty years, as both a colleague and a friend. He was enthusiastic, brilliant, opinionated, articulate, curmudgeonly, and kind. Pick up any of his academic papers--there are many--and odds are that you will find a least one unexpected insight. He was a cryptographer and security engineer, but also very much a generalist. He published on block cipher cryptanalysis in the 1990s, and the security of large-language models last year. He started conferences like nobody's business. His masterwork book, Security Engineering--now in its third edition--is as comprehensive a tome on cybersecurity and related topics as you could imagine. (Also note his fifteen-lecture video series on that same page. If you have never heard Ross lecture, you're in for a treat.) He was the first person to understand that security problems are often actually economic problems. He was the first person to make a lot of those sorts of connections. He fought against surveillance and backdoors, and for academic freedom. He didn't suffer fools in either government or the corporate world. He's listed in the acknowledgments as a reader of every one of my books from Beyond Fear on. Recently, we'd see each other a couple of times a year: at this or that workshop or event. The last time I saw him was last June, at SHB 2023, in Pittsburgh. We were having dinner on Alessandro Acquisti's rooftop patio, celebrating another successful workshop. He was going to attend my Workshop on Reimagining Democracy in December, but he had to cancel at the last minute. (He sent me the talk he was going to give. I will see about posting it.) The day before he died, we were discussing how to accommodate everyone who registered for this year's SHB workshop. I learned something from him every single time we talked. And I am not the only one. My heart goes out to his wife Shireen and his family. We lost him much too soon. Tags: cryptanalysis, cryptography, cybersecurity, economics of security, security conferences, security engineering Posted on March 31, 2024 at 8:21 PM * 15 Comments Comments MarkH * March 31, 2024 9:48 PM Bruce, I've been imagining that this startling loss would have a significant personal dimension for you ... I now see it's even more than that. I learned so much from Security Engineering, and have greatest respect for his insights. His death has left a void. ResearcherZero * March 31, 2024 10:41 PM Ross also provided a lot of his work for free. Which is incredibly generous, as his work is excellent. It's through the distribution and sharing of ideas that we learn, and this only happens due to the hard work of champions of academic freedom. There are few among us. There is no freedom without knowledge. It is the essential tool with which we overcome fear and misunderstanding. With understanding we learn to avoid repeating catastrophic mistakes. Cambridge Computer Laboratory and the people who have worked at Cambridge have contributed an enormous amount to many subjects, efforts which have often been crucial for important issues. Freedom of communication, government overreach, chat control and backdoors... Without people like Ross Anderson such knowledge remains locked up and inaccessible. Anonymous * March 31, 2024 11:14 PM As a professional with only tangential conections to the security world (20 odd years ago :)), his work and unexpected insights pulled me closer and closer. It started to be more like a philosophic aproach to the enderstanding of various incredibly complex systems and I enjoyed it tremendously (still do). R.I.P Mr. Andersson. Steve Russelle * April 1, 2024 1:22 AM I was in the room when Ross was summoned outside and served civil papers that halted in the nick of time his presentation regarding the Millenium Digital Copyrights Act. Let us not forget his self assured sense of independence and liberty and his brilliant, side splitting sense of humor. For example, as demonstrated in his short speech when he returned to the podium still holding his latest book displayed full frontal in front of his heart, as he had just done while the press shot pictures of him being served the papers and asked him questions after. What a guy. I still use to great effect a few quips he made during our brief conversations during a riverboat ride at that conference. Amakiri * April 1, 2024 2:08 AM OMG so sad to hear this. I had just ordered the latest edition of his Security Engineering book. Read lots of his security rated papers and I was once a student of his Security Economics program on EDx. We lost a great mind way too soon. May his soul rest in peace. Robin * April 1, 2024 4:47 AM I met Ross once, some 30 years ago, at a business meeting for editors of a set of journals, so I can't claim to have known him well. But I still remember that his presence in the room was electric, and the breadth of his knowledge and his natural authority were striking. One of those people whose presence stays with you for a long time. Condolences to his family, friends and colleagues. John Beattie (jkb) * April 1, 2024 7:29 AM I'm deeply sorry to hear this. Anderson was a major force for good in our world. David Clark * April 1, 2024 8:11 AM This is so sad. We should remember one other thing about which Ross was passionate: playing the bagpipes. He told me that he played pipes in pubs to make money in college, and the nice thing about being a piper is that there were no other members of the band with whom you had to split the money. I remember sitting in his yard listening to him play a small set of pipes at the end of the day. As with anything else, he was very scholarly about piping-he corrected the music historian at the BL about the attribution of one piece because the tune contained a note too low for the pipes played by that piper to sound. He was a man of many talents. We will miss him greatly. Clive Robinson * April 1, 2024 10:48 AM @ ALL, Like one or two others, I made comment on the sad news on the Squid page, almost as soon as I'd heard the news. https://www.schneier.com/blog/archives/2024/03/68676.html/# comment-434499 Hearing it was a shock, in part because Ross was only a little older than many on this blog. In part because Ross was an individual who was dynamically alive. Not just curious about all around but determined to find out not just why, but where things were destined, and where appropriate warn. He will be missed not just by the people that knew him, and knew of him through his work and influence, but also by those that he would in his gentle way have helped. As always it's difficult to describe in a few words what a person ment not just to yourself, but others. In Ross's case this is made all the harder because of his nature, his kindness and his desire to lift others up. There is a belief in some Native American and other belief systems that you live on in others thoughts and memories. So, Ross, may your spirit carry on to invigorate and teach others both in knowledge, capabilities and honesty of behaviour and purpose. And may others come to know you long into the future. Cassandra * April 1, 2024 1:17 PM A great loss. But he was inspirational for many, and I hope that inspiration kindles more enthusiastic, brilliant, opinionated, articulate, (curmudgeonly), and kind people who can stand on the shoulders of this giant and make the (security) world a better place. He set an example that is difficult to exceed. I wish every good fortune to those who can, and will. While his academic work speaks for itself, I hope others will take up the cause of the 'little people' being steamrollered by large organisations. His work as an expert witness for people suffering financial loss due to the poor processes of financial institutions affected many lives in a positive way. He was very angry at people's mistreatment. His family can be proud of what he achieved. cybershow * April 1, 2024 1:32 PM As well as being a "security person", Ross was a secure person. By that I mean, regardless his status, he had time for others. For minor professors from backwater universities and their students. Sometimes I sent students his way with something I didn't quite get, and they'd come excitedly into the next lecture saying "Hey, Ross replied me!", and we'd go through it together. If I felt intrusive, as if wasting his bandwidth with my ideas, he'd reply in depth, warmly and humorously, validating, suggesting further research, encouraging. We enjoyed talking about clear communication and writing, about the least words to say something, about publishers, and about the failings of academia as a place for security research. Only later did Ross twig who I was in previous life in sound physics and we were able to briefly touch on a love of music. It's said that the definition of a gentleman is someone who knows how to play the bagpipes but chooses not to. Ross Anderson disproved that, as a piper and a gentleman. Alessandro * April 1, 2024 2:53 PM Thank you, Bruce, for honoring the memory of Ross. I do remember the first time I met him: he was presenting his "Why Security is Hard" manuscript - which essentially started, or contributed to start, the entire field of research on infosec economics - at Berkeley. I was a junior PhD student there. I sent him an email in the scant hope he could meet with me while at the conference where he was presenting. Incredibly, he did reply, and did find time to meet with me, and chat. That was the first of many, many wonderful interactions I was so lucky to have with him over the subsequent 20 years. And now they seem too few. RIP Ross. -alessandro William * April 1, 2024 4:01 PM My deepest condolences to you and everyone whose life he touched. He not only possessed a brilliant mind, but the even rarer ability to clearly explain his insights. Ian Grant * April 1, 2024 5:19 PM I met Ross when I was the security reporter for a computer trade weekly. He was unfailing in his patience with me, always ready with a quotable comment, and most importantly, respectful of my deadlines. He was rare indeed. The world seems a little darker without him in it. To his family, I am sorry for your loss. He is irreplaceable. Nick * April 2, 2024 2:44 PM That's tragic news and hard to believe, as I received a typical "what's going on in..." email from him just a few days before, asking about the ongoing smart metering fiasco. Ross was such an inspiration and this is a great loss. I hope that his pioneering spirit has been passed on to the generations of students he taught. I think everyone who met him learnt something. We need to honour his memory by applying those principles. Atom Feed Subscribe to comments on this entry Leave a comment Cancel reply Login Name [ ] Email [ ] URL: [ ] [ ] Remember personal info? Fill in the blank: the name of this blog is Schneier on ___________ (required): [ ] [ ] [ ] [ ] [ ] [ ] [ ] [ ] Comments: [ ] [loader] Allowed HTML * * * *
    1. * 
       Markdown Extra syntax via
https://michelf.ca/projects/php-markdown/extra/

[Preview] [Edit]

[Submit] 

 [                                             ] 
 [                                             ] 
 [                                             ] 
 [                                             ] 
 [                                             ] 
 [                                             ] 
 [                                             ] 
D[                                             ] 

- Friday Squid Blogging: The Geopolitics of Eating Squid Magic
Security Dust -

Sidebar photo of Bruce Schneier by Joe MacInnis.

Powered by WordPress Hosted by Pressable

About Bruce Schneier

[Bruce-Schn]

I am a public-interest technologist, working at the intersection of
security, technology, and people. I've been writing about security
issues on my blog since 2004, and in my monthly newsletter since
1998. I'm a fellow and lecturer at Harvard's Kennedy School, a board
member of EFF, and the Chief of Security Architecture at Inrupt, Inc.
This personal website expresses the opinions of none of those
organizations.

Related Entries

  * xz Utils Backdoor
  * Security Vulnerability in Saflok's RFID-Based Keycard Locks
  * On Secure Voting Systems
  * Google Pays $10M in Bug Bounties in 2023
  * Drones and the US Air Force

Featured Essays

  * The Value of Encryption
  * Data Is a Toxic Asset, So Why Not Throw It Out?
  * How the NSA Threatens National Security
  * Terrorists May Use Google Earth, But Fear Is No Reason to Ban It
  * In Praise of Security Theater
  * Refuse to be Terrorized
  * The Eternal Value of Privacy
  * Terrorists Don't Do Movie Plots

More Essays

Blog Archives

  * Archive by Month
  * 100 Latest Comments

Blog Tags

  * 3d printers
  * 9/11
  * A Hacker's Mind
  * Aaron Swartz
  * academic
  * academic papers
  * accountability
  * ACLU
  * activism
  * Adobe
  * advanced persistent threats
  * adware
  * AES
  * Afghanistan
  * air marshals
  * air travel
  * airgaps
  * al Qaeda
  * alarms
  * algorithms
  * alibis
  * Amazon
  * Android
  * anonymity
  * Anonymous
  * antivirus
  * Apache
  * Apple
  * Applied Cryptography
  * artificial intelligence

More Tags

Latest Book

A Hacker's Mind

More Books

Support Bloggers' Rights! Defend Privacy--Support Epic

  * Blog
  * Newsletter
  * Books
  * Essays
  * News
  * Talks
  * Academic
  * About Me