The Bridge Professor in Cybersecurity and Policy has dedicated her career to safeguarding personal online privacy and security
In recognition of her enduring contributions to policies and laws governing cybersecurity and data privacy, Susan Landau, Bridge Professor in Cybersecurity and Policy at the The Fletcher School and the School of Engineering, has been honored with the 2023 USENIX Lifetime Achievement Award.
She shares the honor with Matt Blaze of Georgetown University and Steven Bellovin of Columbia University. USENIX: The Advanced Computing Systems Association is a nonprofit organization dedicated to supporting advanced computing systems communities and furthering the reach of innovative research.
Landau and her colleagues were given the award for having made “a profound and lasting impact on computer science, computer security, law, and public policy through their groundbreaking research, their influential publications, and their dedication to advancing knowledge that informs public policy,” USENIX said. “They have shown how knowledge of technology is vital for lawyers, judges, and legislators, and have been pioneers in applying their expertise in those domains.”
In 2016, Landau provided pivotal testimony in Congress addressing the dispute between Apple and the FBI over whether and to what degree the manufacturer can be compelled to assist in unlocking encrypted data in cell phones.
In her 2017 book Listening In, Landau argues that if weaknesses are introduced into encryption, communications beyond what may be investigated by law enforcement can be compromised, leaving the door wide open to unlawful surveillance or hacking.
Landau and others also helped avert an overreach by Apple, when it tried to implement scanning of photographs on phones in an effort to stem the collection and distribution of child abuse material. Their article “Bugs in Our Pockets: The Risks of Client-Side Scanning pointed out the very real risks of false positives and the slippery slope of unwarranted search of other types of content.
Landau and her co-awardees also helped secure essential rights for defendants in criminal courts. In a paper [PDF] that was the basis for decisions in several New Jersey cases, they argued that individuals subject to evidence derived from software analysis from, for example, a breathalyzer test or DNA matching, have a right to examine the software for errors. This runs up against challenges of releasing proprietary code, but nonetheless, the courts cited their paper in deciding to grant that right.
Showing How to Keep Policy in Step with Technology
Landau also served on a working group for the Carnegie Foundation, which published the report “Moving the Encryption Policy Debate Forward.” One of the key messages of that report, according to Landau, was “do not implement any laws until you know you have a technical solution that actually works at scale.” Together with other members of the group, which included previous and future leaders in national intelligence and the Department of Justice, Landau established robust strategies to adapt policy to future technologies.
Her guiding principle has been that “the encryption debate is not about privacy vs. security. It is about security vs. security.” Encryption protects businesses and individuals from unconstitutional government searches and from illegal hacking. Those communications in the wrong hands can lead to loss of proprietary information or denial of individual rights. Compromising either can lead to threats to personal and national security.
Landau has also been active throughout her career as both mentor and role model for young women and underrepresented populations furthering their education and careers in computer science, security, and privacy. She co-founded GREPSEC, a graduate student workshop in cybersecurity and privacy for women and members of underrepresented groups.
She also co-created the ACM Athena Lectureship, an award celebrating outstanding women researchers in computer security at the Association for Computing Machinery. As a teacher in National Science Foundation programs she inspired many young people to pursue careers in computer science, including Tufts’ own Lenore Cowen, professor of computer science.
Looking to the future, Landau says she will continue to sort out the issues of privacy, law enforcement, and national security. “I’d like to get a deeper understanding of how the ever-changing world of big data, privacy, and national security all work together. We need to give policy- and lawmakers, and the courts the tools needed to enforce laws and national security, while preserving individual rights.”