Below is the uncorrected machine-read text of this chapter, intended to provide our own search engines and external engines with highly rich, chapter-representative searchable text of each book. Because it is UNCORRECTED material, please consider the following text as a useful but insufficient proxy for the authoritative book pages.
A Committee Member and Staff Biographies STEPHEN T. KENT, Chair, is chief scientist for information security at BBN Technologies, a division of Verizon Communications. During the last two decades, Dr. Kentâs R&D activities have included the design and development of user authentication and access control systems, network layer encryption and access control systems, secure transport layer proto- cols, secure e-mail technology, multilevel secure (X.500) directory sys- tems, and public-key certification authority systems. His most recent work focuses on security for Internet routing, very high-speed IP encryp- tion, and high-assurance cryptographic modules. Dr. Kent served as a member of the Internet Architecture Board (1983-1994) and chaired the Privacy and Security Research Group of the Internet Research Task Force (1985-1998). He chaired the Privacy Enhanced Mail (PEM) working group of the Internet Engineering Task Force (IETF) from 1990 to 1995 and co- chairs the Public Key Infrastructure Working Group (1995-present). He is the primary author of the core IPsec standards: RFCs 2401, 2402, and 2406. He is a member of the editorial board of the Journal of Computer Security (1995-present), serves on the board of the Security Research Alliance, and served on the board of directors of the International Association for Cryptologic Research (1982-1989). Dr. Kent was a member of CSTBâs Information Systems Trustworthiness Committee (1996-1998), which pro- duced Trust in Cyberspace. His other previous NRC service includes the CSTB Committee on Rights and Responsibilities of Participants in Net- worked Communities (1993-1994), the Technical Assessment panel for the NIST Computer Systems Laboratory (1990-1992), and the CSTB Secure 51
52 IDsâNOT THAT EASY Systems Study Committee (1988-1990). The U.S. Secretary of Commerce appointed Dr. Kent as chair of the Federal Advisory Committee to De- velop a FIPS for Federal Key Management Infrastructure (1996-1998). The author of two book chapters and numerous technical papers on network security, Dr. Kent has served as a referee, panelist, and session chair for a number of conferences. Since 1977 he has lectured on the topic of net- work security on behalf of government agencies, universities, and private companies throughout the United States, Europe, Australia, and the Far East. Dr. Kent received the B.S. degree in mathematics summa cum laude from Loyola University of New Orleans and the S.M., E.E., and Ph.D. degrees in computer science from the Massachusetts Institute of Technol- ogy. He is a fellow of the Association for Computing Machinery and a member of the Internet Society and Sigma Xi. MICHAEL ANGELO is currently a staff fellow at Compaq Computer Corporation and runs a laboratory at Compaq that assesses biometrics and other security-enhancing technologies, such as smart cards. He is considered a subject-matter expert for security and its associated tech- nologies. His job is to provide technical guidance and input into strategic planning and the development of secure solutions. In addition, he is responsible for providing technical assistance to the corporate security team. Dr. Angelo possesses expertise in both biometric and token access authentication technology, including technical threat model and imple- mentation analysis, as well as in risk reduction enhancement methodol- ogy, applied computer system security, computer forensics, advanced data protection methodologies, and practical encryption techniques. His experience comprises 15 years in designing, implementing, managing, and supporting secure intra- and Internets, including gateways, firewalls, and sentinels, plus 20 years working at the kernel level of numerous operating systems, including a wide variety of hardware platforms (from PCs to supercomputers) and software platforms (including several fla- vors of UNIX, MS-DOS/Windows/NT, and VMS). He holds several pat- ents. Dr. Angelo has been active in a number of trade standards organiza- tions: the Trusted Computing Platform Association (TCPA), Americans for Computer Privacy (ACP), the Bureau of Export Administration Tech- nical Advisory Committee (BXA-TAC), the Information Security Explor- atory Committee (ISEC), the Key Recovery Alliance (KRA), the Computer Systems Policy Project, the Cross-Industry Working Team Security Work- ing Group, and the National Institute of Standards and Technologyâs In- dustry Key Escrow Working Group. STEVEN BELLOVIN is a fellow at AT&T Research. Dr. Bellovin re- ceived a B.A. degree from Columbia University and an M.S. and Ph.D. in
APPENDIX A 53 computer science from the University of North Carolina at Chapel Hill. While a graduate student, he helped create Netnews; for this, he and the other collaborators were awarded the 1995 USENIX Lifetime Achieve- ment Award. At AT&T Laboratories, he does research in networks and security and why the two do not get along. Dr. Bellovin has embraced a number of public interest causes and weighed in (e.g., through his writ- ings) on initiatives (e.g., in cryptography and law enforcement) that ap- pear to threaten privacy. He is currently focusing on cryptographic pro- tocols and network management. Bellovin is the coauthor of the recent book Firewalls and Internet Security: Repelling the Wily Hacker, and he is a member of the Internet Architecture Board. He was a member of the CSTB committee that produced Trust in Cyberspace (1999), and he is a member of the National Academy of Engineering. BOB BLAKLEY is chief scientist for security and privacy at IBM Tivoli Software in Austin, Texas. Dr. Blakley was chief scientist for DASCOM, Inc., at the time of its acquisition by IBM and integration into Tivoli. Before joining DASCOM, Dr. Blakley was lead security architect for IBM, where he was employed for 9 years. In addition to his product design responsibilities, Dr. Blakley led the IBM Security Architecture Board and was the IBM representative to the Open Group Security Program Group. He also served for 2 years as the chair of the OSF DME/DCE security working group. He is the author of CORBA Security: An Introduction to Safe Computing with Objects, published by Addison-Wesley. Dr. Blakley was also the editor of the Open Group PKI working groupâs âArchitec- ture for Public Key Infrastructure.â He has been involved in cryptogra- phy and data security design work since 1979 and has authored or coau- thored seven papers on cryptography, secret-sharing schemes, access control, and other aspects of computer security. He was designated âDis- tinguished Practitionerâ by the 2001 Annual Computer Security and Ap- plications Conference. He is currently the general editor of the OASIS Security Services Technical Committeeâs SAML specification effort. He holds eight patents on security-related technologies. Dr. Blakley cochaired the ACM New Security Paradigms Workshop in 1997 and 1998, and he served on the program committees for several industry and academic conferences, including the NSA/OMG Distributed Object Computing Workshop, IEEE Security and Privacy, and ISOC Network and Distrib- uted Systems Security (NDSS). Dr. Blakley received an A.B. in classics from Princeton University and a masterâs degree and Ph.D. in computer and communications sciences from the University of Michigan. DREW DEAN is a computer scientist at SRI International. He joined SRI full time in July 2001; prior to that he was a member of the research staff
54 IDsâNOT THAT EASY at Xerox PARC. Dr. Dean holds M.A. and Ph.D. degrees from Princeton University and a B.S. degree from Carnegie Mellon University, all in com- puter science. He pioneered the systematic study of Java security and more recently has worked across a wide range of areas in security, includ- ing cryptography, the theory of access control, and IP traceback. He has received a Best Student Paper award from the ACM Computer and Com- munications Security conference (1997), an Outstanding Paper award from the ACM Symposium on Operating System Principles (1997), and a Best Paper award from the Internet Societyâs Network and Distributed Systems Security Symposium (2001). Dr. Dean is a member of the edito- rial board of Springer-Verlagâs International Journal of Information Security. BARBARA FOX is currently senior architect, Digital Rights Management and Cryptography, at Microsoft Corporation. She is coauthor of a num- ber of research papers in the application of public key infrastructures to payment systems and, most recently, the IETF/W3C XML Digital Signa- ture standard. Ms. Fox also serves on the board of directors for the Inter- national Financial Cryptography Association. STEPHEN H. HOLDEN is an assistant professor in the Department of Information Systems at the University of Maryland, Baltimore County (UMBC). Dr. Holdenâs research, publications, and teachings leverage his substantial federal government experience in government-wide policy in information technology management and electronic government. Other research interests include information policy, electronic authentication policies and practices, and strategic management processes. He recently left the Internal Revenue Service (IRS) as a senior executive after a 16-year career in the federal career service. While at the IRS he served as the program executive, Electronic Tax Administration (ETA) Modernization, reporting to the assistant commissioner. Before that position in ETA he served as the national director of Electronic Program Enhancements. During that time he led efforts to develop new ETA programs, policies, and e-government systems for the IRS, including the ETA partnership effort, electronic payments, electronic authentication, and the IRS e-file promotional campaign. He also served on the federal Public Key Infra- structure Steering Committee. Prior to going to the IRS, Dr. Holden worked for 10 years at the Office of Management and Budget (OMB), doing a variety of policy, management, and budget analysis work. Sig- nificant accomplishments at OMB included drafting and completing a revision to the information technology management section of Circular A-130 and overseeing the publication of the first âInformation Resource Management Plan of the Federal Government.â Dr. Holdenâs career as a federal civil servant began in 1983 as a Presidential Management Intern at
APPENDIX A 55 the Naval Sea Systems Command. He holds a Ph.D. (public administra- tion and public affairs) from Virginia Polytechnic and State University and an M.P.A in public administration and a B.A. in public management from the University of Maine. DEIRDRE MULLIGAN is director of the new Samuelson Law, Technol- ogy and Public Policy Clinic at the University of California, Berkeley, School of Law (Boalt Hall). While attending Georgetown University Law Center, Mulligan worked on the American Civil Liberties Unionâs privacy and technology project, where she honed her interest in preserving and enhancing civil liberties and democratic values. After law school, she became a founding member of the Center for Democracy and Technol- ogy, a high-tech, civil liberties public interest organization based in Wash- ington, D.C. For 6 years, Mulligan was staff counsel at the center. She has worked with federal lawmakers, governmental agencies, the judicial sys- tem, public interest organizations, and the high-tech business commu- nity, with the goal of enhancing individual privacy on the Internet, thwart- ing threats to free speech on the Internet, and limiting governmental access to private data. She has testified in several settings and contributed to technical standards development. Ms. Mulligan received her J.D., cum laude, from Georgetown University Law Center in 1994 and a B.A. in architecture and art history from Smith College in 1988. JUDITH S. OLSON is the Richard W. Pew Chair in Human Computer Interaction at the University of Michigan. She is also a professor in the School of Information, the Business School, and the Department of Psy- chology. Her research interests include computer-supported cooperative work, human-computer interaction, the design of business information systems for organizational effectiveness, and cognitive psychology. Pro- fessor Olsonâs recent research focuses on the nature of group work and the design and evaluation of technology to support it. This field com- bines cognitive and social psychology with the design of information systems. She began her career at the University of Michigan in the De- partment of Psychology, served as a technical supervisor for human fac- tors in systems engineering at Bell Laboratories in New Jersey, and re- turned to Michigan to the Business School and the then-new School of Information. She has over 60 publications in journals and books and has served on a number of national committees, including the National Re- search Council Committee on Human Factors and the Council of the As- sociation for Computing Machinery. She has recently been appointed to the CHI Academy of ACMâs Special Interest Group on Computer-Human Interaction. Dr. Olson earned a B.A. in mathematics and psychology from
56 IDsâNOT THAT EASY Northwestern University in 1965 and a Ph.D. 4 years later in the same disciplines from the University of Michigan. JOE PATO is currently the principal scientist for the trust, security, and privacy research program at HP Labs and has served as the CTO for Hewlett-Packardâs Internet Security Solutions Division. Mr. Patoâs cur- rent research focuses on the trust needs of collaborative enterprises on the Internet, addressing both interenterprise models and the needs of light- weight information appliances representing the interests of the individual. He is looking at critical infrastructure protection and the confluence of trust, e-services, and mobility. This work recently led him to be one of the founders of the Information Technology Information Sharing and Analy- sis Center (IT-ISAC). His past work has included the design of delegation protocols for secure distributed computation; key exchange protocols; interdomain trust structures; the development of public- and secret-key- based infrastructures; and the more general development of distributed enterprise environments. Mr. Pato is currently cochair of the OASIS Secu- rity Services Technical Committee and has participated on several IEEE, ANSI, and NIST standards or advisory committees. RADIA PERLMAN is a Distinguished Engineer at Sun Microsystems Laboratories. She is the architect for a group that does research in net- work security issues, recently focused on PKI deployment. Some of the groupâs implementation will be distributed as part of a reference imple- mentation for Java. She is the author of many papers in the field of network security, as well as coauthor of a textbook on network security and author of a textbook on lower-layer networking protocols. She is also well known for her work on sabotage-proof routing protocols. Her work on lower-layer protocols is also well known and forms the basis of mod- ern bridging, switching, and routing protocols. This expertise is crucial to understanding the technology behind such things as providing Internet anonymity. She has about 50 issued patents, a Ph.D. in computer science from MIT, and S.B. and S.M. degrees in mathematics from that institution. She was recently awarded an honorary doctorate from KTH, the Royal Institute of Technology, Sweden. PRISCILLA M. REGAN is an associate professor in the Department of Public and International Affairs at George Mason University. Prior to joining that faculty in 1989, she was a senior analyst in the Congressional Office of Technology Assessment (1984-1989) and an assistant professor of politics and government at the University of Puget Sound (1979-1984). Since the mid-1970s, Dr. Reganâs primary research interest has been the analysis of the social, policy, and legal implications of organizational use
APPENDIX A 57 of new information and communications technologies. Dr. Regan has published over 20 articles or book chapters, as well as Legislating Privacy: Technology, Social Values, and Public Policy (University of North Carolina Press, 1995). As a recognized researcher in this area, Dr. Regan has testi- fied before Congress and participated in meetings held by the Depart- ment of Commerce, the Federal Trade Commission, the Social Security Administration, and the Census Bureau. Dr. Regan received her Ph.D. in government from Cornell University in 1981 and her B.A. from Mount Holyoke College in 1972. JEFFREY I. SCHILLER received his S.B. in electrical engineering (1979) from the Massachusetts Institute of Technology. As MIT network man- ager he has managed the MIT Campus Computer Network since its in- ception in 1984. Prior to his work in the Network Group, he maintained MITâs Multics timesharing system during the time frame of the ARPANET TCP/IP conversion. He is an author of MITâs Kerberos Authentication system. Mr. Schiller is the Internet Engineering Steering Groupâs (IESG) area director for security. He is responsible for overseeing security-re- lated working groups of the Internet Engineering Task Force (IETF). He was responsible for releasing a U.S. legal freeware version of the popular PGP encryption program. Mr. Schiller is also responsible for the develop- ment and deployment of an X.509-based PKI at MIT. He is the technical lead for the new Higher Education Certifying Authority being operated by the Corporation for Research and Educational Networking (CREN). Mr. Schiller is also a founding member of the Steering Group of the New England Academic and Research Network (NEARnet). NEARnet, now part of Genuity, Inc., is a major nationwide Internet service provider. SOUMITRA SENGUPTA is assistant professor in the Department of Medical Informatics at Columbia University. Dr. Sengupta has focused his work on the challenges of security and privacy in health care, comple- menting his academic work by service as security officer for the New York-Presbyterian Healthcare System. His research interests are in the areas of distributed systems, their monitoring, management, and security aspects, and their application in a health care environment. He is inter- ested in the architectural design and engineering concerns of building large, functioning systems over heterogeneous platforms and protocols. Dr. Sengupta holds a B.E. from Birla Institute of Technology and Science (electrical and electronics engineering), Pilani, India, and M.S. and Ph.D. degrees in computer science from the State University of New York at Stony Brook. He was a member of the Association for Computing Machinery (ACM) from 1984 to 1994 and the Institute for Electrical and Electronic
58 IDsâNOT THAT EASY Engineers (Computer Society) from 1984 to1992, and is currently a mem- ber of the American Medical Informatics Association. JAMES L. WAYMAN has been the director of the Biometrics Test Center at San Jose State University in San Jose, California, since 1995. The center is funded by the United States and other countries to develop standards and scientific test and analysis methods and to advise on the use or non- use of biometric identification technologies. The test center served as the U.S. National Biometrics Test Center from 1997 to 2000. Dr. Wayman received the Ph.D. degree in engineering from the University of Califor- nia at Santa Barbara in 1980 and joined the faculty of the Department of Mathematics at the U.S. Naval Postgraduate School in 1981. In 1986, he became a full-time researcher for the Department of Defense in the areas of technical security and biometrics. Dr. Wayman holds three patents in speech processing and is the author of dozens of articles in books, techni- cal journals, and conference proceedings on biometrics, speech compres- sion, acoustics, and network control. He serves on the editorial boards of two journals and on several national and international biometrics stan- dards committees. He is a senior member of the Institute of Electrical and Electronic Engineers. DANIEL J. WEITZNER is director of the World Wide Web Consortiumâs Technology and Society activities. As such, he is responsible for develop- ment of technology standards that enable the Web to address social, legal, and public policy concerns such as privacy, free speech, protection of minors, authentication, intellectual property, and identification. He is also the W3Câs chief liaison to public policy communities around the world and a member of the ICANN Protocol Supporting Organizationâs Protocol Council. Mr. Weitzner holds a research appointment at MITâs Laboratory for Computer Science and teaches Internet public policy at MIT. Before joining the W3C, Mr. Weitzner was cofounder and deputy director of the Center for Democracy and Technology, an Internet civil liberties organi- zation in Washington, D.C. He was also deputy policy director of the Electronic Frontier Foundation. As a leading figure in the Internet public policy community, he was the first to advocate user control technologies such as content filtering and rating to protect children and avoid govern- ment censorship of the Internet. These arguments played a critical role in the 1997 U.S. Supreme Court case Reno v. ACLU, awarding the highest free speech protections to the Internet. He successfully advocated the adoption of amendments to the Electronic Communications Privacy Act, creating new privacy protections for online transactional information such as Web site access logs. Mr. Weitzner has a degree in law from Buffalo Law School and a B.A. in philosophy from Swarthmore College. His pub-
APPENDIX A 59 lications on communications policy have appeared in the Yale Law Review, Global Networks, Computerworld, Wired, Social Research, Electronic Network- ing: Research, Applications & Policy, and Whole Earth. He is also a commen- tator for NPRâs Marketplace Radio. STAFF LYNETTE I. MILLETT is a study director and program officer with the Computer Science and Telecommunications Board of the National Re- search Council. She is currently involved in several CSTB projects along with the authentication study, including a comprehensive exploration of privacy in the information age and a study examining the fundamentals of computer science. She is also exploring possible study options for CSTB with respect to the issues of open source software development, dependability of complex software systems, and women in computer sci- ence. She recently completed the CSTB study that produced Embedded, Everywhere: A Research Agenda for Networked Systems of Embedded Comput- ers. Before joining CSTB, she was involved in research on static analysis techniques for concurrent programming languages as well as research on value-sensitive design and informed consent online. She has an M.Sc. in computer science from Cornell University. Her undergraduate degree is in mathematics and computer science from Colby College. Her graduate work was supported by both an NSF graduate fellowship and an Intel graduate fellowship. While at Cornell, Ms. Millett cofounded its Engi- neering Graduate Student Association. JENNIFER BISHOP is a senior project assistant with the Computer Sci- ence and Telecommunications Board of the National Research Council. Before moving to Washington, Ms. Bishop worked for the City of Ithaca, New York, coordinating the Police Departmentâs transition to a new SQL- based time accrual and scheduling application. Her other work experi- ence includes designing customized hospitality industry performance re- ports for Ithaca-based RealTime Hotel Reports, LLC, maintaining the police records database for the City of Ithaca, and hand-painting furni- ture for Mackenzie-Childs, Ltd., of Aurora, New York. She is an artist working in oil and mixed media and is currently attempting to make her professional debut on the Washington art scene. Ms. Bishop holds a B.F.A (2001) in studio art from Cornell University.
