Susan Landau

Susan Landau
Tufts University | Tufts · Fletcher School of Law & Diplomacy and School of Engineering, Department of Computer Science

PhD

About

123
Publications
22,270
Reads
How we measure 'reads'
A 'read' is counted each time someone views a publication summary (such as the title, abstract, and list of authors), clicks on a figure, or views or downloads the full-text. Learn more
2,019
Citations
Citations since 2017
11 Research Items
668 Citations
2017201820192020202120222023020406080100
2017201820192020202120222023020406080100
2017201820192020202120222023020406080100
2017201820192020202120222023020406080100
Additional affiliations
September 2017 - October 2022
Tufts University
Position
  • Professor
June 2014 - August 2017
Worcester Polytechnic Institute
Position
  • Professor of Cybersecurity Policy
August 2013 - April 2014
Google Inc.
Position
  • Senior Staff Privacy Analyst

Publications

Publications (123)
Preprint
Full-text available
Our increasing reliance on digital technology for personal, economic, and government affairs has made it essential to secure the communications and devices of private citizens, businesses, and governments. This has led to pervasive use of cryptography across society. Despite its evident advantages, law enforcement and national security agencies hav...
Article
Apps can cut transmission of SARS-CoV-2-but how do we ensure that they don’t exacerbate public health inequities?.
Preprint
The right to a fair trial is fundamental to American jurisprudence. The Fifth Amendment of the Bill of Rights guarantees “due process,” while the Sixth provides the accused with the right to be “confronted with the witnesses against him.” But “time works changes, brings into existence new conditions and purposes.” So it is with software. From the s...
Article
The Communications Web site, http://cacm.acm.org, features more than a dozen bloggers in the [email protected] community. In each issue of Communications, we'll publish selected posts or excerpts. twitter Follow us on Twitter at http://twitter.com/blogCACM http://cacm.acm.org/blogs/blog-cacm Mark Guzdial considers an idea with significant education...
Article
There has been much public rhetoric on the widespread devastation of cyber weapons. We show that contrary to the public perception - and statements from some political and military leaders - cyber weapons not only can be targeted, they have been used in just such a manner in recent years. We examine the technical requirements and policy implication...
Article
The Snowden disclosures illuminated a gap between what information is legally permissible to collect and what the populace feels is appropriate collection. But this distinction applies in other realms as well, raising important questions about private-sector collection and use of individuals' data.
Article
Law enforcement needs 21st-century investigative savvy
Article
When Edward Snowden revealed that the United States government had been collecting domestic communications metadata in bulk, the administration responded that there was no great concern. The data were only how long, when, and which number called which, not what participants said. Two days after the secret Foreign Intelligence Surveillance Court ord...
Article
Proposed changes to federal rules authorizing warrants for remote computer searches mistake victims for criminals, confuse legitimate uses of location-anonymizing software with nefarious activity, and are likely to be both intrusive and damaging, creating serious security problems and potentially compromising criminal investigations.
Article
The Internet’s original design provided a modicum of privacy for users; it was not always possible to determine where a device was or who was using it. But a combination of changes, including “free” Internet services, increasing use of mobile devices to access the network, and the coming “Internet of Things” (sensors everywhere) make surveillance m...
Article
Why did the Obama administration treat threats against a Hollywood studio over a movie mocking North Korea as a matter of national security? It was sending a message to deter others.
Article
Full-text available
Mandating insecurity by requiring government access to all data and communications.
Article
Full-text available
Twenty years ago, law enforcement organizations lobbied to require data and communication services to engineer their products to guarantee law enforcement access to all data. After lengthy debate and vigorous predictions of enforcement channels “going dark,” these attempts to regulate security technologies on the emerging Internet were abandoned. I...
Article
If we hope to provide an Internet of Things that's useful, we must understand users' privacy expectations of their smart devices and the environment in which they operate. Samsung's Smart TV situation throws that into clear relief.
Article
Massive data collection by businesses and governments calls into question traditional methods for protecting privacy, underpinned by two core principles: (i) notice, that there should be no data collection system whose existence is secret, and (ii) consent, that data collected for one purpose not be used for another without user permission. But not...
Article
Considering recent privacy-and security-related events through this column.
Article
Full-text available
The public no longer sees computer scientists as heroes. With companies' data collection practices and near daily announcements of data breaches, computer scientists are now often viewed as part of the privacy and security problem. The decisions we make are too important for us not to have an understanding of the social values we're embedding in ou...
Article
Teaching privacy in a separate course affords the ability to spend time on techniques and technologies, social and policy aspects, and laws and regulations of privacy. A privacy course should aim to present sufficient information and context such that students can argue intelligently about privacy. A second aim should be to include diverse viewpoin...
Article
In the July/August 2013 issue of IEEE Security & Privacy, we published Susan Landau's analysis of the impact of Edward Snowden's initial leak of documents. As more files are revealed, we want to provide up-to-date analysis of what they mean to you, our readers. Accordingly, we're posting an in-depth follow-up to Landau's original article (http://do...
Article
Did Edward Snowden cause irreparable harm, or did he reveal facts that should be publicly examined? What are the facts, anyhow? This article seeks to put the Snowden revelations in context, explaining what's new, why it matters, and what might happen next.
Article
Full-text available
Is privacy possible in a state in which everyone's interests are visible via their postings—and those of their friends—on online social networks?
Article
Mobile IP-based communications and changes in technologies, including wider use of peer-to-peer communication methods and increased deployment of encryption, has made wiretapping more difficult for law enforcement, which has been seeking to extend wiretap design requirements for digital voice networks to IP network infrastructure and applications....
Article
For years, legal wiretapping was straightforward: the officer doing the intercept connected a tape recorder or the like to a single pair of wires. By the 1990s, though, the changing structure of telecommunications — there was no longer just “Ma Bell” to talk to — and new technologies such as ISDN and cellular telephony made executing a wiretap more...
Article
Full-text available
In the 10 years since IEEE Security & Privacy's initial launch, privacy has moved from being a side story occasionally covered in the newspaper to a central issue of our times. With the Internet, through the rise of online social networks, tracking technologies such as cookies and Web beacons, and the sharing of data with third parties, and the gov...
Article
Full-text available
The past and the future of privacy and cybersecurity are addressed from four perspectives, by different authors: theory and algorithms, technology, policy, and economics. Each author considers the role of the threat from the corresponding perspective, and each adopts an individual tone, ranging from a relatively serious look at the prospects for im...
Article
Designers of the first electronic telephone switches nicknamed them the "large immortal machines" because switches last decades. The 1994 Communications Assistance for Law Enforcement Act (CALEA) requires that all digital-switched telephone networks be built wiretap enabled; the law took longevity of switches into account by authorizing funding to...
Conference Paper
My husband Neil Immerman returned from the 1986 STOC meeting with an interesting proposition. Juris Hartmanis and Dexter Kozen had a small pocket of funds, and they proposed that the two of us visit the Cornell Computer Science Department for a week.
Article
Full-text available
An assessment of the U.S. government's EINSTEIN project.
Article
In 2004 the increasing number of attacks on U.S. federal civilian agency computer systems caused the government to begin an active effort to protect federal civilian agencies against cyber intrusions. This classified program, EINSTEIN, sought to do real-time, or near real-time, automatic collection, correlation, and analysis of computer intrusion i...
Article
Government's role in computer science is much larger than funding agencies. Digital rights management, net neutrality, and cybersecurity are hot topics in Washington, hot topics where regulation or legislation may have major impact on the computer systems we develop and enjoy. Yet the rules governing DC are very different than the rules that govern...
Article
Full-text available
Federated identity management (FIM) enables a user to authenticate once and access privileged information across disparate domains. FIM's proponents, who see the technology as providing security and ease of use, include governments and leaders in the IT industry. Indeed, a cornerstone of the current U.S. government's efforts to secure cyberspace is...
Article
Full-text available
As a result of increasing spam, DDoS attacks, cybercrime, and data exfiltration from corporate and government sites, there have been multiple calls for an Internet architecture that enables better network attribution at the packet layer. The intent is for a mechanism that links a packet to some packet level personally identifiable information (PLPI...
Article
Full-text available
As the sophistication of wiretapping technology grows, so too do the risks it poses to our privacy and security.
Article
We all know the scene: It is the basement of an apartment building and the lights are dim. The man is wearing a trench coat and a fedora pulled down low to hide his face. Between the hat and the coat we see headphones, and he appears to be listening intently to the output of a set of alligator clips attached to a phone line. He is a detective eaves...
Article
Over the last half decade the U.S. government has extended wiretapping capabilities through requiring surveillance capabilities be built into Internet voice communications systems and by expanding warrantless wiretapping to any communications where one end was "reasonably believed" to be located outside the U.S. These expansions have been viewed as...
Article
The US National Research Council has tackled a big set of issues: preserving privacy in the face of data mining and behavioral surveillance programs that are being used in the US government's fight against terrorists. It has come up with commonsense solutions: evaluate the programs for effectiveness, lawfulness, and consistency with US values, and...
Conference Paper
Full-text available
Federated identity management allows a user to e!ciently authenticate and use identity information from data distributed across multiple domains. The sharing of data across domains blurs security boundaries and potentially creates privacy risks. We examine privacy risks and fundamental privacy protections of federated identity-management systems. T...
Article
The article discusses privacy and security issues as they relate to computer science and computing technology, examining the social impact of computer programming and computers in general. Computer scientists aren't getting privacy and security matters right, the author suggests, citing weekly reports of cross-site scripting attacks and polymorphic...
Article
Full-text available
Some of significant factors that need to be considered to prevent intrusion during telephone conversations, are discussed. The advancement of computer based telephones conversation and Internet provides more secure conversation and government is facing problems to monitor the communication between criminals, spies, and terrorists. Government and fe...
Article
Full-text available
Organizations are making efforts for security of infrastructure system by adopting industrial control system (ICS) and emergency management system or incident management system. ICS with supervisory control and data acquisition (SCADA) can be used to monitor and control large infrastructure frameworks including electrical power generation, transmis...
Article
In considering identity management, the first issue is—What is identity? This is, of course, an issue that has plagued poets, philosophers, and playwrights for centuries. We're concerned with a more prosaic version of the question: How does an entity recognize another entity? This important question occurs when access to resources, such as health o...
Article
Full-text available
The new Protect America Act permits warrantless foreign-intelligence wire-trapping whenever one end of the communication is believed to be outside the US. The US systems for foreign intelligence surveillance located outside the US minimize access to the traffic of US persons on the grounds of their location. The new act can lead to surveillance on...
Chapter
This chapter examines the evolution of export control in the cryptographic area and considers its impact on the deployment of privacy-protecting technologies within the United States. The shortcomings of the export law in the cryptographic area are typical of the shortcomings of the export laws in general. Cryptography may therefore point the way t...
Article
Decoding the magnetic attraction of criminals to swiping.
Article
Full-text available
This paper does not report the results of research in the usual sense. It reports the outcome of seven years work whose results are measured not in increased knowledge but in an improved environment for Sun development and Sun marketing. The lifespan of Sun Microsystems coincides closely with the era of globalization. To compete in the global econo...
Article
Full-text available
the unreasonable effectiveness of mathematics, delightful, and unex-pected, applications of theory to the real world. In the world of the In-ternet, we've seen it in the use of number theory in public-key cryptography (the Diffie-Hellman sys-tem, the RSA algorithm, elliptic curve cryptosys-tems), in the utilization of graph theory in net-work desig...
Conference Paper
Functional decomposition—whether a function f(x) can be written as a composition of functions g(h(x)) in a nontrivial way—is an important primitive in symbolic computation systems. The problem of univariate polynomial decomposition was shown to have an efficient solution by Kozen and Landau [9]. Dickerson [5] and von zur Gathen [13] gave algorithms...
Conference Paper
Full-text available
Through legislation and technology the film industry has been seeking to fully control usage of the bits it creates; their model is "restrictive" digital-rights management (DRM) that only allows the user to view the film rather than copy, edit, or create new content. Meanwhile, the experience that the Internet generation has of interacting with, ra...
Article
Full-text available
The steps taken by the US Federal Bureau of Investigation regarding extension of communications for Law Enforcement Act to voice over IP, are discussed. The Communications Assistance for Law Enforcement Act(CALEA), passed in 1944 by US Congress, was controversial as, it stated that telephone networks standards would be determined through consultati...
Article
The Federal Communications Commission (FCC) announced that the Communications Assistance for Law Enforcement Act (CALEA) would be applied to broadband Internet access and interconnected voice over IP (VoIP). FCC ruling implies that all VoIP implementations would now have to pass federal wiretapping standards before they could be deployed. This new...
Article
Full-text available
Wiretaps have been used since the invention of the telegraph and have been a legal element of the U.S. law-enforcement arsenal for over a quarter century. In 1994, in keeping with law enforcement's efforts to have laws stay current with changing technologies, Congress passed the Communications Assistance for Law Enforcement Act (CALEA). This contro...
Article
children. These are ambitious versions of proposals being discussed in many places. In a post-September 11th, post-Beslan world, closed-circuit televi-sion (CCTV) is the newest idea for public schools. CCTV in schools is not universally embraced, however. For example in Israel, where public-safety issues are paramount and security guards stand in f...
Article
The Internet, originally a development of the USA government, opened to commercial traffic in the early 1990s. Since then, its growth internationally has been phenomenal. In several nations, the Internet is now fundamental for communication, and it has become basic to society, including supporting several aspects of the USA national critical inform...
Conference Paper
Full-text available
We live in perilous times. We live in times where a dirty bomb going off in lower Manhattan is not unimaginable. We live in times where the CIA interrogations of al Qaeda leaders were so harsh that the FBI would not let its agent participate [36]. We live in times when security and liberty are both endangered. We also live in times of unimaginable...
Article
approaches to S-box design. Meier and Staffelbach observed that certain nonlinearity properties (in particular, distance of nonlinear functions to affine functions) were preserved under affine transformations [28]. I need some formalism to explain what that means.
Article
1. INTRODUCTION. Cryptography, the science of transforming communications so that only the intended recipient can understand them, should be a mathematician's playground. Certain aspects of cryptography are indeed quite mathematical. Public-key cryptography, in which the encryption key is public but only the intended recipient holds the decryption...
Article
This document gives an introduction to the Liberty Version 1 specifications. It briefly discusses some of the underlying technologies, including HTTP, the establishment of web connections, and SSL. Liberty version 1 technologies are presented in overview, along with a brief discussion of Liberty security characteristics, including a review of the r...
Chapter
Full-text available
About two thirds or 480 pages of Knuth’ [Knuth 1998] volume on Seminumerical algorithms are devoted to Chapter 4, entitled Arithmetic. He states Research on seminumerical algorithms continues at a phenomenal rate. They are called seminumerical because they lie on the borderline between numeric and symbolic calculation. Each algorithm not only compu...
Article
Full-text available
For the man on the street, the businesswoman in her office, the shopper or investor at home, identity on the Internet is a straightforward idea with a complex solution. Using Amazon, there is one sign-on and password; using United Airlines, another; connecting to L.L. Bean, yet another, and with Fidelity Investments, a fourth. Within the enterprise...
Article
The article features the technical development in the process of designing public-key cryptography to protect international commerce and communications The article features the technical development in the process of designing public-key cryptography to protect international commerce and communications. In 1997, the National Institute of Standards...
Article
F ast and hard, that is all that cryptographers have ever wanted: a system that encrypts quickly but is essentially impossible to break. With their reliance on elementary number theory, public-key systems have captured mathematicians' imagination. Public-key algorithms are too slow to be used for most data transmissions, and instead public-key algo...
Article
Full-text available
generals and small children, but the ad-vent of the Information Age changed that. In the early 1970s the National Security Agency (NSA) and the National Bureau of Standards (NBS) realized that noncom-batant adults needed to protect their sensitive, but unclassified, information. Though NSA is the usual government agency for building cryptosys-tems,...
Article
Full-text available
This paper answers the following question: Given an "erector set" linkage, a connected set of fixed-length links, what is the minimal ffl needed to adjust the edge lengths so that the vertices of the linkage can be placed on integer lattice points? Each edge length is allowed to change by at most ffl. Angles are not fixed, but collinearity must be...
Book
A guide to the debate over cryptography policy and the implications for individual privacy. Telecommunication has never been perfectly secure, as a Cold War culture of wiretaps and international spying taught us. Yet many of us still take our privacy for granted, even as we become more reliant than ever on telephones, computer networks, and electro...
Article
Full-text available
. Functional decomposition---whether a function f(x) can be written as a composition of functions g(h(x)) in a nontrivial way---is an important primitive in symbolic computation systems. The problem of univariate polynomial decomposition was shown to have an efficient solution by Kozen and Landau [9]. Dickerson [5] and von zur Gathen [13] gave algo...
Article
For a monoid G, the iterated multiplication problem is the computation of the product of n elements from G. By refining known completeness arguments, we show that as G varies over a natural series of important groups and monoids, the iterated multiplication problems are complete for most natural, low-level complexity classes. The completeness is wi...
Article
Full-text available
The purpose of this paper is to examine the two domains of the integers and the polynomials, in an attempt to understand the nature of complexity in these very basic situations. Can we formalize the integer algorithms which shed light on the polynomial domain, and vice versa? When will the casting of one in the other speed up an existing algorithm?...
Article
Full-text available
Radical simplification is an important part of symbolic computation systems. Until now no algorithms were known for the general denesting problem. If the base field contains all roots of unity, then we give necessary and sufficient conditions for a denesting, and our algorithm computes a denesting of ff when it exists. If the base field does not co...
Article
The approval of the US Escrowed Encryption Standard (EES) as a voluntary federal standard for the encryption of telecommunication information has met with some criticisms. Some said private citizens may invoke their right to privacy in questioning the legality of EES. US manufacturers want to include strong cryptography in their products in order t...
Article
Full-text available
this article, we will briefly present some recent theorems for radical simplification, and the algorithms they lead to. For proofs, and complete presentations, the reader is urged to read the original papers.
Article
The problem: Given a field K with a finite extension K(α), K(α) described in terms of the minimal polynomial of α over K, find all maximal subfields of K(α) containing K. (K is assumed to be characteristic zero.)
Article
Radical simplification is an important part of symbolic computation systems. Zippel gave a sufficient condition for a nested radical to be expressed in terms of radicals of lower nesting depth. We fill a lacuna in his proof, and show that his sufficient condition is also necessary. Previous work by Landau and Miller leads to an algorithm for the pr...

Network

Cited By