RIP Ross Anderson

posted by Roy Schestowitz on Mar 30, 2024,
updated Apr 11, 2024

Someone else will undoubtedly say it much better than I will here but one of us has to break the very sad news: Ross Anderson died yesterday.

His enthusiasm, his wide-spectrum intellectual curiosity and his engaging prose were unmatched. He stood up vigorously for the causes he believed in. He formed communities around the new topics he engaged with, from information hiding to fast software encryption, security economics, security and human behaviour and more. He served as an inspiring mentor for generations of graduate students at Cambridge—I know first hand, as I was fortunate enough to be admitted as his PhD student when he was still a freshly minted lecturer and had not graduated any students yet. I learnt my trade as a Cambridge Professor from him and will be forever grateful, as will dozens of my “academic brothers” who were also supervised by him, several of whom post regularly on this blog.

Read on

Update

More here:

• Ross Anderson

  I have known Ross for over thirty years, as both a colleague and a friend. He was enthusiastic, brilliant, opinionated, articulate, curmudgeonly, and kind. Pick up any of his academic papers—there are many—and odds are that you will find a least one unexpected insight. He was a cryptographer and security engineer, but also very much a generalist. He published on block cipher cryptanalysis in the 1990s, and the security of large-language models last year. He started conferences like nobody’s business. His masterwork book, Security Engineering—now in its third edition—is as comprehensive a tome on cybersecurity and related topics as you could imagine. (Also note his fifteen-lecture video series on that same page. If you have never heard Ross lecture, you’re in for a treat.) He was the first person to understand that security problems are often actually economic problems. He was the first person to make a lot of those sorts of connections. He fought against surveillance and backdoors, and for academic freedom. He didn’t suffer fools in either government or the corporate world.

More coming in now:

• Monday 1 Apr: Remembering Ross

  Many people found him formidable and indeed sometimes forbidding. He didn’t do small talk. And yet when you were lucky enough to get to know him (as I was) he was great company. He and I used to walk round the ‘800’ Wood near Cambridge with his two lovely dogs, deep in conversation about the sordid ingenuity of cyber-criminals, the short-sightedness of academic administrators, the intrusiveness of national security agencies, as well as about Celtic folk music of which he knew a lot. (He was a piper and shared my interest in Uileann piping.)

  I learned such a lot from those conversations. Ross changed the way I looked at computing, and alerted me to the political economy of the technology which has shaped my thinking ever since. He always spoke his mind — which is why when an email from him would arrive at 8am on Sunday mornings I knew that he had read my Observer column and had something to say about it, and accordingly braced myself before reading further.

O.R.G.:

• Tribute to Ross Anderson

  Ross’ organisation, the Foundation for Information Policy Research, co-ordinated campaigning and activism. FiPR helped launch the activism of the late Caspar Bowden. Ross was right about his targets, and championed many causes long before others would pick them up. Targets include the claim of software infallibility, as seen in the Post Office, banks, identity fraud, the police; and of course, most importantly, the security agencies for their continuing war against encryption. His blogs are entertaining and clear about the motivations behind what looks like error: highlighting venality, cover-ups and other forms of narrow self-interest. Ross contributed to a blog with his Cambridge colleagues; Light Blue Touch Paper is a good place to find some of his accessible and clear explanations of the consequences when the state and private sector fail to do computer security competently.

Long form:

• Essays: In Memoriam: Ross Anderson, 1956-2024

  I can’t remember when I first met Ross. It was well before 2008, when we created the Security and Human Behavior workshop. It was before 2001, when we created the Workshop on Economics and Information Security (okay, he created that one, I just helped). It was before 1998, when we first wrote about the insecurity of key escrow systems. In 1996, I was one of the people he brought to the Newton Institute at Cambridge University, for the six-month cryptography residency program he ran (I made a mistake not staying the whole time)—so it was before then as well.