Ross Anderson

Ross Anderson unexpectedly passed away Thursday night in, I believe, his home in Cambridge.

I can’t remember when I first met Ross. Of course it was before 2008, when we created the Security and Human Behavior workshop. It was well before 2001, when we created the Workshop on Economics and Information Security. (Okay, he created both—I helped.) It was before 1998, when we wrote about the problems with key escrow systems. I was one of the people he brought to the Newton Institute, at Cambridge University, for the six-month cryptography residency program he ran (I mistakenly didn’t stay the whole time)—that was in 1996.

I know I was at the first Fast Software Encryption workshop in December 1993, another conference he created. There I presented the Blowfish encryption algorithm. Pulling an old first-edition of Applied Cryptography (the one with the blue cover) down from the shelf, I see his name in the acknowledgments. Which means that sometime in early 1993—probably at Eurocrypt in Lofthus, Norway—I, as an unpublished book author who had only written a couple of crypto articles for Dr. Dobb’s Journal, asked him to read and comment on my book manuscript. And he said yes. Which means I mailed him a paper copy. And he read it. And mailed his handwritten comments back to me. In an envelope with stamps. Because that’s how we did it back then.

I have known Ross for over thirty years, as both a colleague and a friend. He was enthusiastic, brilliant, opinionated, articulate, curmudgeonly, and kind. Pick up any of his academic papers—there are many—and odds are that you will find a least one unexpected insight. He was a cryptographer and security engineer, but also very much a generalist. He published on block cipher cryptanalysis in the 1990s, and the security of large-language models last year. He started conferences like nobody’s business. His masterwork book, Security Engineering—now in its third edition—is as comprehensive a tome on cybersecurity and related topics as you could imagine. (Also note his fifteen-lecture video series on that same page. If you have never heard Ross lecture, you’re in for a treat.) He was the first person to understand that security problems are often actually economic problems. He was the first person to make a lot of those sorts of connections. He fought against surveillance and backdoors, and for academic freedom. He didn’t suffer fools in either government or the corporate world.

He’s listed in the acknowledgments as a reader of every one of my books from Beyond Fear on. Recently, we’d see each other a couple of times a year: at this or that workshop or event. The last time I saw him was last June, at SHB 2023, in Pittsburgh. We were having dinner on Alessandro Acquisti‘s rooftop patio, celebrating another successful workshop. He was going to attend my Workshop on Reimagining Democracy in December, but he had to cancel at the last minute. (He sent me the talk he was going to give. I will see about posting it.) The day before he died, we were discussing how to accommodate everyone who registered for this year’s SHB workshop. I learned something from him every single time we talked. And I am not the only one.

My heart goes out to his wife Shireen and his family. We lost him much too soon.

EDITED TO ADD (4/10): I wrote a longer version for Communications of the ACM.

EDITED TO ADD (4/11): Two weeks before he passed away, Ross gave an 80-minute interview where he told his life story.

Tags: , , , , ,

Posted on March 31, 2024 at 8:21 PM22 Comments

Comments

MarkH March 31, 2024 9:48 PM

Bruce,

I’ve been imagining that this startling loss would have a significant personal dimension for you … I now see it’s even more than that.

I learned so much from Security Engineering, and have greatest respect for his insights.

His death has left a void.

ResearcherZero March 31, 2024 10:41 PM

Ross also provided a lot of his work for free. Which is incredibly generous, as his work is excellent. It’s through the distribution and sharing of ideas that we learn, and this only happens due to the hard work of champions of academic freedom. There are few among us.

There is no freedom without knowledge. It is the essential tool with which we overcome fear and misunderstanding. With understanding we learn to avoid repeating catastrophic mistakes.

Cambridge Computer Laboratory and the people who have worked at Cambridge have contributed an enormous amount to many subjects, efforts which have often been crucial for important issues. Freedom of communication, government overreach, chat control and backdoors…

Without people like Ross Anderson such knowledge remains locked up and inaccessible.

Anonymous March 31, 2024 11:14 PM

As a professional with only tangential conections to the security world (20 odd years ago :)), his work and unexpected insights pulled me closer and closer.
It started to be more like a philosophic aproach to the enderstanding of various incredibly complex systems and I enjoyed it tremendously (still do).

R.I.P Mr. Andersson.

Steve Russelle April 1, 2024 1:22 AM

I was in the room when Ross was summoned outside and served civil papers that halted in the nick of time his presentation regarding the Millenium Digital Copyrights Act. Let us not forget his self assured sense of independence and liberty and his brilliant, side splitting sense of humor. For example, as demonstrated in his short speech when he returned to the podium still holding his latest book displayed full frontal in front of his heart, as he had just done while the press shot pictures of him being served the papers and asked him questions after.
What a guy.
I still use to great effect a few quips he made during our brief conversations during a riverboat ride at that conference.

Amakiri April 1, 2024 2:08 AM

OMG so sad to hear this. I had just ordered the latest edition of his Security Engineering book. Read lots of his security rated papers and I was once a student of his Security Economics program on EDx. We lost a great mind way too soon. May his soul rest in peace.

Robin April 1, 2024 4:47 AM

I met Ross once, some 30 years ago, at a business meeting for editors of a set of journals, so I can’t claim to have known him well. But I still remember that his presence in the room was electric, and the breadth of his knowledge and his natural authority were striking. One of those people whose presence stays with you for a long time.

Condolences to his family, friends and colleagues.

John Beattie (jkb) April 1, 2024 7:29 AM

I’m deeply sorry to hear this. Anderson was a major force for good in our world.

David Clark April 1, 2024 8:11 AM

This is so sad. We should remember one other thing about which Ross was passionate: playing the bagpipes. He told me that he played pipes in pubs to make money in college, and the nice thing about being a piper is that there were no other members of the band with whom you had to split the money. I remember sitting in his yard listening to him play a small set of pipes at the end of the day. As with anything else, he was very scholarly about piping–he corrected the music historian at the BL about the attribution of one piece because the tune contained a note too low for the pipes played by that piper to sound. He was a man of many talents. We will miss him greatly.

Clive Robinson April 1, 2024 10:48 AM

@ ALL,

Like one or two others, I made comment on the sad news on the Squid page, almost as soon as I’d heard the news.

https://www.schneier.com/blog/archives/2024/03/68676.html/#comment-434499

Hearing it was a shock, in part because Ross was only a little older than many on this blog.

In part because Ross was an individual who was dynamically alive. Not just curious about all around but determined to find out not just why, but where things were destined, and where appropriate warn.

He will be missed not just by the people that knew him, and knew of him through his work and influence, but also by those that he would in his gentle way have helped.

As always it’s difficult to describe in a few words what a person ment not just to yourself, but others. In Ross’s case this is made all the harder because of his nature, his kindness and his desire to lift others up.

There is a belief in some Native American and other belief systems that you live on in others thoughts and memories.

So, Ross, may your spirit carry on to invigorate and teach others both in knowledge, capabilities and honesty of behaviour and purpose. And may others come to know you long into the future.

Cassandra April 1, 2024 1:17 PM

A great loss.

But he was inspirational for many, and I hope that inspiration kindles more enthusiastic, brilliant, opinionated, articulate, (curmudgeonly), and kind people who can stand on the shoulders of this giant and make the (security) world a better place.

He set an example that is difficult to exceed. I wish every good fortune to those who can, and will.

While his academic work speaks for itself, I hope others will take up the cause of the ‘little people’ being steamrollered by large organisations. His work as an expert witness for people suffering financial loss due to the poor processes of financial institutions affected many lives in a positive way. He was very angry at people’s mistreatment.

His family can be proud of what he achieved.

cybershow April 1, 2024 1:32 PM

As well as being a “security person”, Ross was a secure person. By that I mean,
regardless his status, he had time for others. For minor professors from backwater
universities and their students. Sometimes I sent students his way with something I
didn’t quite get, and they’d come excitedly into the next lecture saying “Hey, Ross
replied me!”, and we’d go through it together.

If I felt intrusive, as if wasting his bandwidth with my ideas, he’d reply in depth,
warmly and humorously, validating, suggesting further research, encouraging.

We enjoyed talking about clear communication and writing, about the least words to say
something, about publishers, and about the failings of academia as a place for security
research.

Only later did Ross twig who I was in previous life in sound physics and we were able
to briefly touch on a love of music.

It’s said that the definition of a gentleman is someone who knows how to play the
bagpipes but chooses not to. Ross Anderson disproved that, as a piper and a
gentleman.

Alessandro April 1, 2024 2:53 PM

Thank you, Bruce, for honoring the memory of Ross. I do remember the first time I met him: he was presenting his “Why Security is Hard” manuscript – which essentially started, or contributed to start, the entire field of research on infosec economics – at Berkeley. I was a junior PhD student there. I sent him an email in the scant hope he could meet with me while at the conference where he was presenting. Incredibly, he did reply, and did find time to meet with me, and chat.
That was the first of many, many wonderful interactions I was so lucky to have with him over the subsequent 20 years. And now they seem too few.
RIP Ross.
-alessandro

William April 1, 2024 4:01 PM

My deepest condolences to you and everyone whose life he touched. He not only possessed a brilliant mind, but the even rarer ability to clearly explain his insights.

Ian Grant April 1, 2024 5:19 PM

I met Ross when I was the security reporter for a computer trade weekly. He was unfailing in his patience with me, always ready with a quotable comment, and most importantly, respectful of my deadlines. He was rare indeed. The world seems a little darker without him in it. To his family, I am sorry for your loss. He is irreplaceable.

Nick April 2, 2024 2:44 PM

That’s tragic news and hard to believe, as I received a typical “what’s going on in…” email from him just a few days before, asking about the ongoing smart metering fiasco.

Ross was such an inspiration and this is a great loss. I hope that his pioneering spirit has been passed on to the generations of students he taught. I think everyone who met him learnt something. We need to honour his memory by applying those principles.

Anonymous April 3, 2024 5:04 AM

Professor Ross Was one of my teachers at the Computer Lab. I had frequent emails with him even years after I left the lab. His strong desire for security really put it even more into me.

Once in class we were discussing vulnerabilities in vehicles, this was about 4 years ago. He asked “whats the worst attack one could do”, he got super annoyed that we didnt have a good answer, banged his hand on the table, full-red faced shouted “No, the worst attack is to remote compromise the cars, lock all the doors, increase the heat, put them drive and kill everyone”. Well, he was right, that was the worst attack. You could see from his face he was dissappointed his students did not realise, maybe he felt bad of his teaching, but his teaching was phenomenal.

It is really a sad day, the world has lost one of the worlds best security professors ever. He will be dearly missed.

He taught me the tricks he used to get people in power to listen, advice id never forget.

Tony Vance April 4, 2024 11:15 AM

Ross gave a 80-minute interview to Elisabetta Mori of Archives of IT on March 12, 2024, two weeks before Ross passed away. He talked about his childhood, becoming interested in math and later security, his consulting career, and later how he decided to seek a PhD.

Ross was very generous and welcoming to me and my research. It didn’t matter that he was a one of the most accomplished people in security—he was open to new people and ideas in security. And he was a gracious host for the Security and Human Behavior workshop. I’ll always remember punting with Ross on the River Cam.

Ben April 4, 2024 11:53 AM

Prof Ross had a truly brilliant mind and a big heart. My exchanges with Prof Ross ranged from having picked up a small discrepancy in his masterpiece Security Engineering (I was later chuffed to learn that I was the first of two people that had), to incorporating his amazing lectures in some of my own course design and delivery, to chats about the Crypto Wars, among some other topics. All too brief now. Prof Ross was a giant of the security world, who leaves it a better place. My thoughts are with Prof Ross’ family. Truly one-of-a-kind.

john glover April 5, 2024 5:58 PM

Today I was reviewing the articles either authored or co-authored by Ross related to AI, LLMs and ML. Following that I was just reviewing the comments that Ross had made about being forced to retire from Cambridge, aged 67, in 2023.

Then I decided to visit the Schneier on Security site to gather more insight about the AI hype that seems to be gripping everyone. I am gob-smacked to learn that one of my all time favorite security gurus has passed.

Hard to fathom such a loss for this old Phart of 88 years. I guess there is truth to that old saying “the good die young”. A devastating loss indeed.

Mere words cannot convey the sorrow to learn of this loss and then to try to offer condolences to his family, close friends and colleagues. R.I.P. and the heavens have inherited a very fine mind.

JohnG

John Doe April 5, 2024 9:39 PM

While I usually don’t like praising the deceased as if they would have been flawless saints, Anderson was among the greatest, the security and crypto scene has ever had. His textbook “Security Engineering” is a pure stroke of genius, simple but still deeply profound. This is a giant loss for all of civilized mankind, a loss that can’t be mourned enough. Very, very, very sad.

Still Not ForgettING April 10, 2024 8:57 PM

I feel for the loss and the solidarity and the resonance. Thanks for letting others know.

Jesse Slicer April 15, 2024 6:39 PM

I am very sad to hear this. I implemented the Tiger hash in .NET almost 20 years ago. Brought it up to date two years ago: https://github.com/jslicer/Aesop.Tiger . We had a great conversation about it in 2005. My condolences for the loss of your close friend and colleague.

Leave a comment

Login

Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via https://michelf.ca/projects/php-markdown/extra/

Sidebar photo of Bruce Schneier by Joe MacInnis.