Ross John Anderson (born 15 September 1956) is a researcher, author, and industry consultant in security engineering. He is Professor of Security Engineering at the

Department of Computer Science and Technology, University of Cambridge The Department of Computer Science and Technology, formerly the Computer Laboratory, is the computer science department of the University of Cambridge. it employed 35 academic staff, 25 support staff, 35 affiliated research staff, and about 15 ...

where he is part of the University's security group.

Education

Anderson was educated at the

High School of Glasgow The High School of Glasgow is an independent, co-educational day school in Glasgow, Scotland. The original High School of Glasgow was founded as the choir school of Glasgow Cathedral in around 1124, and is the oldest school in Scotland, and the ...

. In 1978, he graduated with a

Bachelor of Arts Bachelor of arts (BA or AB; from the Latin ', ', or ') is a bachelor's degree awarded for an undergraduate program in the arts, or, in some cases, other disciplines. A Bachelor of Arts degree course is generally completed in three or four years ...

in mathematics and natural science from the

University of Cambridge The University of Cambridge is a public collegiate research university in Cambridge, England. Founded in 1209 and granted a royal charter by Henry III in 1231, Cambridge is the world's third oldest surviving university and one of its most pr ...

where he was an undergraduate student of

Trinity College, Cambridge Trinity College is a constituent college of the University of Cambridge. Founded in 1546 by King Henry VIII, Trinity is one of the largest Cambridge colleges, with the largest financial endowment of any college at either Cambridge or Oxford. ...

, and subsequently received a qualification in computer engineering. Anderson worked in the

avionics Avionics (a blend of ''aviation'' and ''electronics'') are the electronic systems used on aircraft. Avionic systems include communications, navigation, the display and management of multiple systems, and the hundreds of systems that are fit ...

and banking industry before moving back to the

in 1992, to work on his doctorate under the supervision of

Roger Needham Roger Michael Needham (9 February 1935 – 1 March 2003) was a British computer scientist. Early life and education Needham was born in Birmingham, England, the only child of Phyllis Mary, ''née'' Baker (''c''.1904–1976) and Leonard Wi ...

and start his career as an academic researcher.Curriculum Vitae – Ross Anderson
May 2007 He received his PhD in 1995, and became a lecturer in the same year.

Research and career

Anderson's research interests are in security,

cryptology Cryptography, or cryptology (from grc, , translit=kryptós "hidden, secret"; and ''graphein'', "to write", or ''-logia'', "study", respectively), is the practice and study of techniques for secure communication in the presence of adver ...

dependability In systems engineering, dependability is a measure of a system's availability, reliability, maintainability, and in some cases, other characteristics such as durability, safety and security. In real-time computing, dependability is the ability to ...

and

technology policy There are several approaches to defining the substance and scope of technology policy. According to the American scientist and policy advisor Lewis M. Branscomb, technology policy concerns the "public means for nurturing those capabilities and op ...

. In

cryptography Cryptography, or cryptology (from grc, , translit=kryptós "hidden, secret"; and ''graphein'', "to write", or ''-logia'', "study", respectively), is the practice and study of techniques for secure communication in the presence of adver ...

, he designed with

Eli Biham Eli Biham ( he, אלי ביהם) is an Israeli cryptographer and cryptanalyst, currently a professor at the Technion - Israel Institute of Technology Computer Science department. Starting from October 2008 and till 2013, Biham was the dean of t ...

the BEAR, LION and

Tiger The tiger (''Panthera tigris'') is the largest living cat species and a member of the genus ''Panthera''. It is most recognisable for its dark vertical stripes on orange fur with a white underside. An apex predator, it primarily preys on ...

cryptographic primitives, and co-wrote with Biham and

Lars Knudsen Lars Ramkilde Knudsen (born 21 February 1962) is a Danish researcher in cryptography, particularly interested in the design and analysis of block ciphers, hash functions and message authentication codes (MACs). Academic After some early work ...

the block cipher

Serpent Serpent or The Serpent may refer to: * Snake, a carnivorous reptile of the suborder Serpentes Mythology and religion * Sea serpent, a monstrous ocean creature * Serpent (symbolism), the snake in religious rites and mythological contexts * Serp ...

, one of the finalists in the Advanced Encryption Standard (AES) competition. He has also discovered weaknesses in the

FISH Fish are aquatic, craniate, gill-bearing animals that lack limbs with digits. Included in this definition are the living hagfish, lampreys, and cartilaginous and bony fish as well as various extinct related groups. Approximately 95% of ...

cipher and designed the stream cipher

Pike Pike, Pikes or The Pike may refer to: Fish * Blue pike or blue walleye, an extinct color morph of the yellow walleye ''Sander vitreus'' * Ctenoluciidae, the "pike characins", some species of which are commonly known as pikes * ''Esox'', genus of ...

. Anderson has always campaigned for computer security to be studied in a wider social context. Many of his writings emphasise the human, social, and political dimension of security. On online voting, for example, he writes "When you move from voting in person to voting at home (whether by post, by phone or over the internet) it vastly expands the scope for vote buying and coercion", making the point that it's not just a question of whether the encryption can be cracked. In 1998, Anderson founded the Foundation for Information Policy Research, a

think tank A think tank, or policy institute, is a research institute that performs research and advocacy concerning topics such as social policy, political strategy, economics, military, technology, and culture. Most think tanks are non-governmenta ...

and

lobbying In politics, lobbying, persuasion or interest representation is the act of lawfully attempting to influence the actions, policies, or decisions of government officials, most often legislators or members of regulatory agencies. Lobbying, which ...

group on information-technology policy. Anderson is also a founder of the UK-Crypto mailing list and the economics of security research domain. He is well-known among Cambridge academics as an outspoken defender of academic freedoms, intellectual property and other matters of university politics. He is engaged in the "Campaign for Cambridge Freedoms" and has been an elected member of Cambridge University Council since 2002. In January 2004, the student newspaper '' Varsity'' declared Anderson to be Cambridge University's "''most powerful person''". In 2002, he became an outspoken critic of

trusted computing Trusted Computing (TC) is a technology developed and promoted by the Trusted Computing Group. The term is taken from the field of trusted systems and has a specialized meaning that is distinct from the field of Confidential Computing. The core ide ...

proposals, in particular

Microsoft Microsoft Corporation is an American multinational technology corporation producing computer software, consumer electronics, personal computers, and related services headquartered at the Microsoft Redmond campus located in Redmond, Washin ...

Palladium Palladium is a chemical element with the symbol Pd and atomic number 46. It is a rare and lustrous silvery-white metal discovered in 1803 by the English chemist William Hyde Wollaston. He named it after the asteroid Pallas, which was itself na ...

operating system vision. Anderson's TCPA FAQ has been characterised by IBM TC researcher David R. Safford as "full of technical errors" and of "presenting speculation as fact." For years Anderson has been arguing that by their nature large

database In computing, a database is an organized collection of data stored and accessed electronically. Small databases can be stored on a file system, while large databases are hosted on computer clusters or cloud storage. The design of databases s ...

s will never be free of abuse by breaches of security. He has said that if a large system is designed for ease of access it becomes insecure; if made watertight it becomes impossible to use. This is sometimes known as ''Anderson's Rule''. Anderson is the author of ''Security Engineering'', published by Wiley in 2001. He was the founder and editor of ''Computer and Communications Security Reviews''. After the vast

Global surveillance disclosure Global means of or referring to a globe and may also refer to: Entertainment * ''Global'' (Paul van Dyk album), 2003 * ''Global'' (Bunji Garlin album), 2007 * ''Global'' (Humanoid album), 1989 * ''Global'' (Todd Rundgren album), 2015 * Bruno ...

leaked by Edward Snowden beginning in June 2013 Anderson suggested one way to begin stamping out the British state's unaccountable involvement in this NSA spying scandal is to entirely end the domestic secret services. Anderson: "Were I a legislator, I would simply abolish

MI5 The Security Service, also known as MI5 ( Military Intelligence, Section 5), is the United Kingdom's domestic counter-intelligence and security agency and is part of its intelligence machinery alongside the Secret Intelligence Service (MI6), G ...

". Anderson notes the only way this kind of systemic data collection has been made possible was through the

business model A business model describes how an organization creates, delivers, and captures value,''Business Model Generation'', Alexander Osterwalder, Yves Pigneur, Alan Smith, and 470 practitioners from 45 countries, self-published, 2010 in economic, soci ...

s of private industry. The value of information-driven web companies such as Facebook and

Google Google LLC () is an American Multinational corporation, multinational technology company focusing on Search Engine, search engine technology, online advertising, cloud computing, software, computer software, quantum computing, e-commerce, ar ...

is built around their ability to gather vast tracts of data. It was something the intelligence agencies would have struggled with alone. Anderson is a critic of smart meters, writing that there are various privacy and energy security concerns.https://www.fipr.org/100110smartmeters.pdf

Awards and honours

Anderson was elected a Fellow of the Royal Society (FRS) in 2009. His nomination reads: Anderson was also elected a

Fellow of the Royal Academy of Engineering Fellowship of the Royal Academy of Engineering (FREng) is an award and fellowship for engineers who are recognised by the Royal Academy of Engineering as being the best and brightest engineers, inventors and technologists in the UK and from aroun ...

(FREng) in 2009. He is a fellow of Churchill College, Cambridge.

References

{{DEFAULTSORT:Anderson, Ross J. British technology writers Modern cryptographers Fellows of the Institute of Physics Fellows of Churchill College, Cambridge Computer security academics Copyright scholars Alumni of Trinity College, Cambridge Members of the University of Cambridge Computer Laboratory Living people Fellows of the Royal Society 1956 births People from Sandy, Bedfordshire