Below is the uncorrected machine-read text of this chapter, intended to provide our own search engines and external engines with highly rich, chapter-representative searchable text of each book. Because it is UNCORRECTED material, please consider the following text as a useful but insufficient proxy for the authoritative book pages.
Appendix A Biographies of Committee Members and Staff COMMITTEE MEMBERS STEPHEN T. KENT, Chair, is chief scientist in information security at BEN Technologies, a part of Verizon Communications. During the past two decades, Dr. Kent's research and development activities have in- cluded the design and development of user authentication and access control systems, network layer encryption and access control systems, secure transport layer protocols, secure e-mail technology, multilevel se- cure (X.500) directory systems, and public key certification authority sys- tems. His most recent work focuses on security for Internet routing, very high speed Internet Protocol (IP) encryption, and high-assurance crypto- graphic modules. Dr. Kent served as a member of the Internet Architec- ture Board (1983-1994), and he chaired the Privacy and Security Research Group of the Internet Research Task Force (1985-1998~. He chaired the Privacy Enhanced Mail working group of the Internet Engineering Task Force from 1990 to 1995 and has co-chaired the Public Key Infrastructure Working Group since 1995. He is the primary author of the core IPsec standards: RFCs 2401, 2402, and 2406. He is a member of the editorial board of the Journal of Computer Security (1995 to the present), serves on the board of the Security Research Alliance, and served on the board of directors of the International Association for Cryptologic Research (1982- 1989~. Dr. Kent was a member of the National Research Council's (NRC's) Information Systems Trustworthiness Committee (1996-1998), which pro- duced Trust in Cyberspace. His other NRC service includes membership 197
198 APPENDIX A on the Committee on Rights and Responsibilities of Participants in Net- worked Communities (1993-1994), the Technical Assessment Panel for the NIST Computer Systems Laboratory (1990-1992), and the Secure Systems Study Committee (1988-1990~. The U.S. Secretary of Commerce appointed Dr. Kent as chair of the Federal Advisory Committee to Develop a Federal Information Processing Standard for Federal Key Management Infrastruc- ture (1996-1998~. The author of two book chapters and numerous techni- cal papers on network security, Dr. Kent has served as a referee, panelist, and session chair for a number of conferences. Since 1977 he has lectured on network security on behalf of government agencies, universities, and private companies throughout the United States, Europe, Australia, and the Far East. Dr. Kent received the B.S. degree in mathematics, summa cum laude, from Loyola University of New Orleans and the S.M., E.E., and Ph.D. degrees in computer science from the Massachusetts Institute of Technology. He is a fellow of the Association for Computing Machin- ery and a member of the Internet Society and Sigma Xi. MICHAEL ANGELO is currently a staff fellow at Compaq Computer Corporation and runs a laboratory at Compaq that assesses biometrics and other security-enhancing technologies, such as smart cards. He is considered a subject-matter expert for security and its associated tech- nologies. His job is to provide technical guidance and input into strategic planning and development of secure solutions. In addition, he is respon- sible for providing technical assistance to the corporate security team. Dr. Angelo possesses expertise in both biometric and token access authentica- tion technology, including technical threat model and implementation analysis, as well as risk reduction enhancement methodology, applied computer system security, computer forensics, advanced data-protection methodologies, and practical encryption techniques. His experience com- prises 15 years in designing, implementing, managing, and supporting secure intra- and internets, including gateways, firewalls, and sentinels, and 20 years working at the kernel level of numerous operating systems, including a wide variety of hardware platforms (from personal comput- ers to supercomputers) and software platforms (including UNIX [several flavors], MS-DOS/Windows/NT, and VMS). He holds several patents. Dr. Angelo has been active in a number of trade standards organizations: the Trusted Computing Platform Association, Americans for Computer Privacy, the Bureau of Export Administration Technical Advisory Com- mittee, the Information Security Exploratory Committee, the Key Recov- ery Alliance, the Computer Systems Policy Project, the Cross-Industry Working Team Security Working Group, and the National Institute of Standards and Technology's Industry Key Escrow Working Group.
APPENDIX A 199 STEVEN BELLOVIN is a fellow at AT&T Research. He received a B.A. degree from Columbia University and M.S. and Ph.D. degrees in com- puter science from the University of North Carolina at Chapel Hill. While a graduate student, he helped create Netnews; for this, he and the other collaborators were awarded the 1995 USENIX Lifetime Achievement Award. At AT&T Laboratories, Dr. Bellovin does research in networks and security and why the two do not get along. He has embraced a number of public interest causes and weighed in (e.g., through his writings) on initia- tives (e.g., in the areas of cryptography and law enforcement) that appear to threaten privacy. He is currently focusing on cryptographic protocols and network management. Dr. Bellovin is the coauthor of the book Firewalls and Internet Security: Repelling the Wily Hacker, and he is one of the Security Area directors for the Internet Engineering Task Force. He was a member of the CSTB committee that produced Trust in Cyberspace (1999) and served on the Information Technology subcommittee of the group that produced the NRC report Making the Nation Safer. He has been a member of the National Academy of Engineering since 2001. BOB BLAKLEY is chief scientist for security and privacy at IBM Tivoli Software. He is general chair of the 2003 Institute for Electrical and Electronics Engineers Security and Privacy Conference and has served as general chair of the Association for Computing Machinery's (ACM's) New Security Paradigms Workshop. He was named Distinguished Security Practitioner by the 2002 ACM Computer Security and Applications Con- ference and serves on the editorial board for the International Journal of Information Security. Dr. Blakley was the editor of the Object Management Group's Common Object Request Broker Architecture (CORBA) security specification and is the author of CORBA Security: An Introduction to Safe Computing with Objects, published by Addison-Wesley. Dr. Blakley was also the editor of the Open Group's Authorization Application Program- ming Interface specification and the OASIS Security Services Technical Committee's Security Assertion Markup Language specification effort. He has been involved in cryptography and data security design work since 1979 and has authored or coauthored seven papers on cryptogra- phy, secret-sharing schemes, access control, and other aspects of com- puter security. He holds nine patents on security-related technologies. Dr. Blakley received an A.B. in classics from Princeton University and a master's degree and a Ph.D. in computer and communications sciences from the University of Michigan. DREW DEAN is a computer scientist at SRI International. He joined SRI in July 2001; prior to that he was a member of the research staff at Xerox PARC. He pioneered the systematic study of lava security and more
200 APPENDIX A recently has worked across a wide range of security issues, including denial of service, the theory of access control, and IP traceback. Among his publications, he has received a Best Student Paper award from the ACM Computer and Communications Security conference (1997), an Outstanding Paper award from the ACM Symposium on Operating Sys- tem Principles (1997), and a Best Paper Award from the Internet Society's Network and Distributed Systems Security Symposium (2001~. Dr. Dean is a member of the editorial board of Springer-Verlag's International Jour- nal of Information Security. Dr. Dean holds M.A. and Ph.D. degrees from Princeton University and a B.S. degree from Carnegie Mellon University, all in computer science. BARBARA FOX is a senior software architect in cryptography and digital rights management at Microsoft Corporation and is currently a senior fellow at the Kennedy School of Government at Harvard University. She serves on the technical advisory board of The Creative Commons and the board of directors of the International Financial Cryptography Associa- tion. Ms. Fox joined Microsoft in 1993 as director of advanced product development and led the company's electronic commerce technology de- velopment group. She has coauthored Internet standards in the areas of Public Key Infrastructure and XML security. Her research at Harvard focuses on digital copyright law, public policy, and privacy. STEPHEN H. HOLDEN is an assistant professor in the Department of Information Systems at the University of Maryland, Baltimore County. Dr. Holden's research, publications, and teachings leverage his substan- tial federal government experience in government-wide policy in infor- mation technology management and electronic government. He left the Internal Revenue Service (IRS) in 2000 after a 16-year career in the federal career service. While at the IRS, he served as the program executive for electronic tax administration (ETA) modernization, reporting to the assis- tant commissioner (ETA). He also served on the Federal Public Key Infra- structure Steering Committee during his time at the IRS. Prior to going to the IRS, Dr. Holden worked for 10 years at the Office of Management and Budget, doing a variety of policy, management, and budget analysis work. His federal civil servant career began in 1983 when he was a Presidential management intern at the Naval Sea Systems Command. He holds a Ph.D. in public administration and public affairs from Virginia Polytech- nic and State University, a Master of Public Administration, and a B.A. in public management from the University of Maine. DEIRDRE MULLIGAN was recently appointed director of the new Samuelson Law, Technology and Public Policy Clinic at the University of
APPENDIX A 201 California, Berkeley, School of Law (Boalt Hall). While attending Georgetown University Law Center, Ms. Mulligan worked at the Ameri- can Civil Liberties Union's Privacy and Technology project, where she honed her interest in preserving and enhancing civil liberties and demo- cratic values. After law school, she became a founding member of the Center for Democracy and Technology, a high-tech public interest organi- zation for civil liberties based in Washington, D.C. For the past 6 years, Mulligan has been staff counsel at the center. She has worked with fed- eral lawmakers, government agencies, the judicial system, public interest organizations, and the high-tech business community, with the goal of enhancing individual privacy on the Internet, thwarting threats to free speech on the Internet, and limiting governmental access to private data. She has testified in several settings and has contributed to technical stan- dards development. Ms. Mulligan received her I.D., cum laude, from Georgetown University Law Center in 1994 and a B.A. in architecture and art history from Smith College in 1988. JUDITH S. OLSON is the Richard W. Pew Chair in Human Computer Interaction at the University of Michigan. She is also a professor in the School of Information, Computer and Information Systems, the Business School, and the Department of Psychology. Her research interests in- clude computer-supported cooperative work, human-computer interac- tion, the design of business information systems for organizational effec- tiveness, and cognitive psychology. Dr. Olson's recent research focuses on the nature of group work and the design and evaluation of technology to support it. This field combines cognitive and social psychology with the design of information systems. She began her career at the University of Michigan in the Department of Psychology, served as a technical su- pervisor for human factors in systems engineering at Bell Laboratories in New Jersey, and returned to the University of Michigan, first to the Busi- ness School and then the new School of Information. She has more than 60 publications in journals and books and has served on a number of national committees, including the National Research Council's Commit- tee on Human Factors and the council of the Association for Computing Machinery (ACM). She has recently been appointed to the CHI Academy of the ACM's Special Interest Group for Human-Computer Interaction. Dr. Olson earned a B.A. in mathematics and psychology from Northwest- ern University in 1965 and her Ph.D. 4 years later in the same disciplines from the University of Michigan. JOE PATO is the principal scientist for the HP Labs Trust, Security and Privacy research program. He has also served as chief technology officer for Hewlett-Packard's Internet Security Solutions Division. Mr. Pato's
202 APPENDIX A current research focus is the security needs of collaborative enterprises on the Internet, addressing both interenterprise models and the needs of lightweight instruments and peripherals directly attached to the Internet. Specifically, he is looking at critical infrastructure protection and the confluence of trust, e-services, and mobility. These interests have led him to look at the preservation of Internet communication in the event of cyberterrorism, trust frameworks for mobile environments, and how to apply privacy considerations in complex systems. His work in cybercrime and homeland security recently led him to become one of the founders and board members of the IT Sector Information Sharing and Analysis Center. His past work included the design of delegation protocols for secure distributed computation, key exchange protocols, interdomain trust structures, the development of public- and secret-key-based infra- structures, and the more general development of distributed enterprise environments. Mr. Pato has participated on several standards or advisory committees for the Institute for Electrical and Electronics Engineers, American National Standards Institute, National Institute of Standards and Technology, Department of Commerce, Worldwide Web Consortium, Financial Services Technology Consortium, and Common Open System Environment. He is currently the co-chair of the OASIS Security Services Technical Committee, which is developing Security Assertions Markup Language. RADIA PERLMAN is a Distinguished Engineer at Sun Microsystems Laboratories. She is the architect for a group that does research in net- work security issues, recently most focused on public key infrastructure deployment. Some of the group's implementation will be distributed as part of a reference implementation for lava. Dr. Perlman is the author of many papers in the field of network security, as well as coauthor of a textbook on network security (and author of a textbook on lower-layer networking protocols). She is well known for her work on sabotage-proof routing protocols. Her work on lower-layer protocols, also well known, forms the basis of modern bridging, switching, and routing protocols. This expertise is crucial to understanding the technology behind such things as providing Internet anonymity. Dr. Perlman has about 50 issued patents, a Ph.D. in computer science from the Massachusetts Institute of Technology, and S.B. and S.M. degrees in mathematics from MIT. She was recently awarded an honorary doctorate from the Royal Institute of Tech- nology, Sweden. PRISCILLA M. REGAN is an associate professor in the Department of Public and International Affairs at George Mason University. Prior to joining that faculty in 1989, she was a senior analyst in the congressional
APPENDIX A 203 Office of Technology Assessment (1984-1989) and an assistant professor of politics and government at the University of Puget Sound (1979-1984~. Since the mid-1970s, Dr. Regan's primary research interest has been analy- sis of the social, policy, and legal implications of the organizational use of new information and communications technologies. She has published more than 20 articles or book chapters, as well as Legislating Privacy: Tech- nology, Social Values, and Public Policy (University of North Carolina Press, 1995~. As a recognized researcher in this area, Dr. Regan has testified before Congress and participated in meetings held by the Department of Commerce, the Federal Trade Commission, the Social Security Adminis- tration, and the Census Bureau. She received her Ph.D. in government from Cornell University in 1981 and her B.A. from Mount Holyoke Col- lege in 1972. JEFFREY SCHILLER received his S.B. in electrical engineering (1979) from the Massachusetts Institute of Technology (MIT). As MIT network manager, he has managed the MIT Campus Computer Network since its inception in 1984. Before that, he maintained MIT's Multiplexed Informa- tion and Computing Service (Multics) time-sharing system during the time of the ARPANET TCP/IP conversion. He is an author of MIT's Kerberos authentication system. Mr. Schiller is the Internet Engineering Steering Group's area director for security. He is responsible for oversee- ing security-related working groups of the Internet Engineering Task Force. He was responsible for releasing a U.S. legal freeware version of the popular POP (Pretty Good Privacy) encryption program. Mr. Schiller is also responsible for the development and deployment of an X.509- based public key infrastructure at MIT. He is also the technical lead for the new Higher Education Certifying Authority being operated by the Corporation for Research and Educational Networking. Mr. Schiller is also a founding member of the Steering Group of the New England Aca- demic and Research Network (NEARnet). NEARnet, now part of Genuity, Inc., is a major nationwide Internet service provider. SOUMITRA SENGUPTA is assistant professor in the Department of Medical Informatics at Columbia University. Dr. Sengupta has focused his work on the challenges of security and privacy in health care, comple- menting his academic work by service as security officer for the New York Presbyterian Healthcare System. His research interests are in the areas of distributed systems, their monitoring, management, and security aspects, and their application in a health care environment. He is inter- ested in the architectural design and engineering concerns of building large, functioning systems over heterogeneous platforms and protocols. Dr. Sengupta holds a B.E. from Birla Institute of Technology and Science
204 APPENDIX A (electrical and electronics engineering), Pilani, India, and M.S. and Ph.D. degrees from the State University of New York at Stony Brook, New York, in computer science. He was a member of the Association for Computing Machinery (1984-1994), the Institute for Electrical and Electronics Engi- neers (IEEE) Computer Society (1984-1992) and is currently a member of the American Medical Informatics Association. NAMES L. WAYMAN has been the director of the Biometrics Test Center at San lose State University in California since 1995. The Test Center is funded by the U.S. government and other national governments to de- velop standards and scientific test and analysis methods and to advise on the use or nonuse of biometric identification technologies. The test center served as the U.S. National Biometrics Test Center from 1997 to 2000. Dr. Wayman received the Ph.D. degree in engineering from the University of California at Santa Barbara in 1980 and joined the faculty of the Depart- ment of Mathematics at the U.S. Naval Postgraduate School in 1981. In 1986, he became a full-time researcher for the Department of Defense in the areas of technical security and biometrics. Dr. Wayman holds three patents in speech processing and is the author of dozens of articles in books, technical journals, and conference proceedings on biometrics, speech compression, acoustics, and network control. He serves on the editorial boards of two journals and on several national and international biometrics standards committees. He is a senior member of the Institute for Electrical and Electronic Engineers. DANIEL l. WEITZNER is the director of the World Wide Web Con- sortium's (W3C's) Technology and Society activities. As such, he is re- sponsible for the development of technology standards that enable the Web to address social, legal, and public policy concerns such as privacy, free speech, protection of minors, authentication, intellectual property, and identification. He is also the W3C's chief liaison to public policy communities around the world and a member of the Internet Corporation for Assigned Names and Numbers Protocol Supporting Organization Pro- tocol Council. Mr. Weitzner holds a research appointment at the Massa- chusetts Institute of Technology's (MIT's) Laboratory for Computer Sci- ence and teaches Internet public policy at MIT. Before joining the W3C, he was cofounder and deputy director of the Center for Democracy and Technology, an Internet civil liberties organization in Washington, D.C. He was also deputy policy director of the Electronic Frontier Foundation. As one of the leading figures in the Internet public policy community, he was the first to advocate user control technologies such as content filter- ing and rating to protect children and avoid government censorship of
APPENDIX A 205 the Internet. These arguments played a critical role in the 1997 U.S. Su- preme Court case, Reno v. ACLU, awarding the highest free speech pro- tections to the Internet. He successfully advocated the adoption of amend- ments to the Electronic Communications Privacy Act creating new privacy protections for online transactional information such as Web site access logs. Mr. Weitzner has a degree in law from Buffalo Law School and a B.A. in Philosophy from Swarthmore College. His publications on com- munications policy have appeared in the Yale Law Review, Global Networks, Computerworld, Wired Magazine, Social Research, Electronic Networking: Re- search, Applications and Policy, and The Whole Earth Review. He is also a commentator for National Public Radio's Marketplace Radio. STAFF LYNETTE I. MILLETT is a study director and program officer with the Computer Science and Telecommunications Board (CSTB) of the National Research Council. She is currently involved in several CSTB projects, including a study examining certification and dependable systems, a com- prehensive exploration of privacy in the information age, and a look at the fundamentals of computer science as a research discipline. She is also exploring possible study options for CSTB with respect to the issues of biometrics and open source software development. She recently com- pleted a CSTB study that produced Embedded, Everywhere: A Research Agendafor Networked Systems of Embedded Computers. Before joining CSTB, Ms. Millett was involved in research on static analysis techniques for concurrent programming languages as well as research on value-sensi- tive design and informed consent online. She has an M.Sc., is "ABD" in computer science from Cornell University, and has a B.A. in mathematics and computer science from Colby College. Her graduate work was sup- ported by both a National Science Foundation graduate fellowship and an Intel graduate fellowship. JENNIFER M. BISHOP has been a senior project assistant with the Com- puter Science and Telecommunications Board (CSTB) since October 2001. She is currently supporting several projects, including Digital Archiving and the National Archives and Records Administration; Computing Fron- tiers: Prospects from Biology; and Telecommunications Research and De- velopment. She also maintains CSTB's contact database, handles updates to the CSTB Web site, and has designed book covers for several reports. Prior to her move to Washington, D.C., Ms. Bishop worked for the City of Ithaca, New York, coordinating the police department's transition to a new SQL-based time accrual and scheduling application. Her other work
206 APPENDIX A experience includes designing customized hospitality-industry perfor- mance reports for RealTime Hotel Reports, maintaining the police records database for the City of Ithaca, and hand-painting furniture for Mackenzie-Childs, Ltd., of Aurora, New York. She is an artist working in oil and mixed media. Ms. Bishop holds a B.F.A (2001) in studio art from Cornell University.