Salisbury Laboratories, 310F
I am Professor of Cybersecurity Policy in the Department of Social Science and Policy Studies here at Worcester Polytechnic Institute. I have been a senior staff Privacy Analyst at Google, a Distinguished Engineer at Sun Microsystems, a faculty member at the University of Massachusetts at Amherst and at Wesleyan University and held visiting positions at Harvard, Cornell, and Yale, and the Mathematical Sciences Research Institute. I am the author of Surveillance or Security? The Risks Posed by New Wiretapping Technologies (MIT Press, 2011) and co-author, with Whitfield Diffie, of Privacy on the Line: The Politics of Wiretapping and Encryption (MIT Press, 1998, rev. ed. 2007). I’ve also written numerous scientific and policy research papers, as well as published in more popular venues such as Science, Scientific American, and the Washington Post. I’ve testified in Congress on cybersecurity and on electronic surveillance. I’m presently serving on the Computer Science Telecommunications Board of the National Research Council.
I was originally trained as a theoretical computer scientist, and it was a circuitous path that led me to where I am now. My technical work started with seeking fast algorithms for such classic algebraic computations as factoring polynomials or determining the square parts of integers. Some of these problems, such as polynomial decomposition, had cryptographic applications. I’ve always had a strong interest in policy, so when in 1993 the Clinton administration proposed the Clipper chip, in which encryption keys would be escrowed with agencies of the US government, I participated in an ACM study on cryptography policy issues. From there I developed a scholarly interest in policy issues.
Currently my work focuses on cybersecurity policy generally, with particular attention devoted to communications surveillance issues. I approach these questions as a scientist. Are there security risks in building a CALEA-compliant switch? (CALEA is a federal law requiring that all digital telephone switches be built wiretap accessible.) How might the Federal Communications Commission handle such security risks? What role can federal agencies play in securing telecommunications infrastructure? What technical architectures permit identity management but also provide the user with privacy controls? How can we characterize the most serious of types of cyberattacks, and what will that tell us about the potential efficacy of alternative forms of attribution?
What drives me is how to secure us even while preserving a modicum of privacy in our highly connected electronic communications world. Security and privacy are not just technical issues. I’m really pleased to be at WPI where I can work with students to frame security and privacy engineering solutions within a broader social context.
- Cybersecurity Policy
- Surveillance (Especially Communications Surveillance)
- BA, Princeton University, 1976
- MS, Cornell University, 1979
- PhD, MIT, 1983
- Susan Landau, “Control Use of Date to Protect Privacy,” Science, Vol. 347, Issue 6221, January 30, 2015.
- Susan Landau, "Under the Radar: NSA's Efforts to Secure Private-Sector Telecommunications Infrastructure,'' Journal of National Security Law and Policy, Vol. 7, No. 3 (2014).
- Steve Bellovin, Matt Blaze, Sandy Clark, and Susan Landau, ``Lawful Hacking: Using Existing Vulnerabilities for Wiretapping on the Internet,'' Northwestern Journal of Technology and Intellectual Property, Vol. 12, Issue 1 (2014).
- Susan Landau, Surveillance or Security? The Risks Posed by New Wiretapping Technologies, MIT Press, 2011.
- D. D. Clark and S. Landau, "Untangling Attribution,'' Harvard National Security Journal, Vol. 2, Issue 2 (2011).
- Whitfield Diffie and Susan Landau, Privacy on the Line: The Risks Posed by New Wiretapping Technologies, MIT Press, rev. ed. 2007.
- Surveillance Studies Book Prize, 2012.
- Guggenheim Fellowship, 2012.
- Fellow, Radcliffe Institute for Advanced Study, 2010-2011.
- Fellow, Association for Computing Machinery.
- Fellow, American Association for the Advancement of Science.