Originally Printed in Winter/Spring 2008 Newsletter
Susan Landau, Distinguished Engineer, Sun Microsystems, Inc. will be presented with the Anita Borg Institute Women of Vision Award for Social Impact at the awards banquet on May 8, 2008. This award is given to “a woman who has developed or applied technology with a significant impact on society and/or the community.”
Over the last four years, ever since the FBI announced it would ask for the Communications Assistance for Law Enforcement Act to be extended to Voice over IP, Susan has been concerned
about the building of surveillance technology into the communications infrastructure. She’s been writing papers in various venues, including a law review article (to get the lawyers to understand the security risks), and talking about it in many places (CRYPTO, a security meeting in the UK, another in Switzerland, etc.) With Whit Diffie, she brought together a group of technologists to write a report that influenced Congress on this issue.
Q: What do you do at Sun?
I work on an unusual combination of security, cryptography, and public policy. Sometimes I am quite technical I’ve run a security review of a set of identity management specifications, I’ve worked on implementing Creative Commons licenses in a Sun digital-rights management system, but more of the time I work on policy-related issues. Right now I am working on the security risks of U.S. government proposals for Internet wiretapping.
Q: What do you mean by, “working on the security risks of U.S. government proposals for Internet wiretapping”?
About three years ago, the FBI began pushing for building in surveillance capabilities into VoIP systems. At Sun we realized this was a problem for Internet innovation, but that it also posed a serious threat to security. More recently, there has been government warrantless national security wiretapping that introduces serious security risks. So several of us have been examining these risks.
Q: What specifically have you been doing?
Well, last summer Congress passed the “Protect America Act,” which allows warrantless wiretapping whenever one end of the communication is believed to be outside the United States. That’s a huge change from previous law, which required a wiretap whenever (with very narrow exceptions) anyone inside the U.S. was wiretapped.
I was asked to speak on NPR’s Science Friday and I also spoke at a Georgetown Law meeting aimed at Congressional staffers and journalists. I also did briefings in Congress. I thought it would be useful to have a longer, more detailed article on these issues, so several of us in computer security and networking wrote a paper entitled “Risking Communications Security: Potential Hazards of the “Protect America Act,” which appeared in IEEE Security and Privacy. I’ve also spoken on the issue in Canada and Europe.
Q: Wow; that is surprising work for a technologist. What’s your background?
I was an undergraduate math major at Princeton, and when I started graduate school at Cornell, it was also in mathematics. But I ended up getting a PhD in theoretical computer science (at MIT). In my second year at Cornell, I took an algorithms course in computer science from John Hopcroft, loved the material, and never looked back.
Q: How did you move into the technology policy arena?
It was an accident. But like the accidents that happen all of us, it’s easy to see choices I made that led me there.
I’ve been interested in public policy forever, and I always liked to write. Though I was a math major as an undergraduate, I also took a writing course from John McPhee as well as constitutional law. I’ve always had these other interests. While I was a graduate student, I wrote an arti- cle for the Notices of the American Mathematical Society on cryptography that discussed both the technical is- sues public-key crypto and the policy ones the U.S. government’s efforts to keep controls on cryptographic research. Then in 1987 the U.S. government tried to put a secrecy order on a piece of research done by three Is- raelis, and I wrote about that, again for the Notices. By then I was already a faculty member, so this was a bit complicated. Such a paper, even though it appeared in the AMS Notices, wasn’t research and so didn’t count for tenure. But I wrote the article anyway, because I thought letting the math community know about the various disputes in cryptography was important.
In 1993, I found myself in an awkward situation in my career. This was just at the time that the U.S. government proposed Clipper, a system of strong encryption with keys escrowed by agencies of the federal government.
There was a great public brouhaha about Clipper, and the ACM decided to put together a public policy committee to study the issue. I was asked to be staff for the committee, a somewhat odd situation, as I actually had a great deal of background in the area. But as I mentioned, my career was in an awkward place right then, and I accepted the staff position. The committee quickly realized my expertise, and so instead of stapling together other people’s chapters, I wrote the report. This led to all sorts of things, including a book on cryptography policy with Whitfield Diffie, the co-inventor of public-key cryptography, one of the com- mittee members, and a Sun Distinguished Engineer. Ten months after the book came out, Sun offered me a job, and I’ve been there ever since.
Q: Why did you leave academia?
That’s a complicated question, or rather, it has a complicated answer. The short answer is that I am married to a computer scientist and when he didn’t get tenure, we had to move during a difficult job market. We had small children and, in part because we were both theoretical computer scientists, our job hunt was very difficult. We moved somewhere that we had been led to believe would work out for both of us; it did not. So various things happened, including the ACM report, my book with Diffie, and then the offer from Sun.
Q: How long have you been at Sun? Do you miss academia?
I’ve been at Sun nine years. I never expected to go to industry. I originally went to graduate school because I loved to teach; I really only got turned on to research after my PhD. I was having a lot of fun in my work in algebraic algorithms when my job situation got bumpy. So after a difficult period, I ended up at Sun and I am having a wonderful time. I am surrounded by really smart colleagues who are doing cutting-edge technology; I have lots of freedom, loads of stimulation. I work with really smart technologists, with people in public policy, with people of all sorts of backgrounds and directions. It’s a much broader swath than in academia. I’m learning a lot, all the time. I feel really lucky.
Q: Do you have any advice for student as they plan their careers? Are there things you wish you did differently, things that you really did right that you want to share?
Knowing what you want really matters. This sounds elementary, but it’s not. You can’t always get what you want, but knowing what you want what research matters to you, what type of job/career you’d like to have, the balance you’d like to have in life versus career enables you to make better decisions for yourself. That was something my husband and I didn’t do very well early on (I like to think we’re better at it now). And following what you love for part of the time is worth it even if doesn’t lead to tenure or promotion. In my case, this was writing on science policy issues. For other people, it might be a “Friday project,” a piece of research they really care about, even if it is not what is being funded right then. You feel good while you’re doing it, and who knows? The work could lead you somewhere completely unexpected and tremendously exciting.