At the Nexus of Cybersecurity and Public Policy: Some Basic Concepts and Issues

Technology, Policy, Law, and Ethics Regarding U.S. Acquisition and Use of Cyberattack Capabilities

All Papers and Patents

Tom Berson

I am the founder and owner of Anagram Laboratories, a thriving information security consultancy. Anagram will celebrate its 30th Anniversary in 2016.

I have been interested in technologies of security since 1957, and have been working in the field since 1967.

There are few things sweeter than the respect of one's peers. In January 2004 I was the first person appointed a Fellow of the International Association for Cryptologic Research. My citation reads, "For visionary and essential service to the IACR and for numerous valuable contributions to the technical, social, and commercial development of cryptology and security."

Since its founding in 1999 I have been an Advisory Board Member and the Chief Security Advisor at (NYSE: CRM). is a pioneer and leader in enterprise cloud computing, Software as a Service (SaaS), and Platform as a Service (PaaS), not to mention customer relationship management (CRM). The trust issues raised by cloud computing go far beyond traditional security concerns.

At Stanford University, I am an Affiliate at the Center for International Security and Cooperation of the Freeman Spogli Institute for International Studies. I work there on issues of cyber policy and security.

I am a member of the National Research Council's Committee on Policy Consequences and Legal/Ethical Implications of Offensive Information Warfare. This is very interesting stuff. Our recent report, Technology, Policy, Law, and Ethics Regarding U.S. Acquisition and Use of Cyberattack Capabilities, concludes that, although cyberattack capabilities are an important asset for the United States, the current policy and legal framework for their use is ill-formed, undeveloped, and highly uncertain. It further concludes that U.S. policy should be informed by an open and public national debate on technological, policy, legal, and ethical issues they pose.

I am a lifelong student of Oriental wisdom literature and martial arts. I was an Advisor to the Fourth Council of the China International Cultural Exchange Center.

I was a Founder and Program Chair for CEAS 2004, the First Conference on Email and Anti-Spam. Email is understudied. CEAS aims to remedy that.

Anagram Laboratories planned to bring the world's foremost short cryptography course to Asia in 2003. Alas, the SARS outbreak made these plans impractical. Course information (2003 version) is here.

During 2000-2002 I also worked part time as a Principal Scientist at the fabled but dysfunctional Palo Alto Research Center (PARC). My PARC colleagues and I investigated the implications of a future in which cryptographic operations are abundant. I organized workshops on Life in a Future of Cryptographic Abundance in 2000 and 2001. You are invited to read and comment on the Quicksilver Manifesto, our call to political and social action. My essay, Cryptographic Abundance, appeared in Technology Review for Jan/Feb 2002.

In December 2000 I had the honor of delivering the IACR Distinguished Lecture in Kyoto. I spoke about the past 30 years and the next 20 years from personal, technical, and professional points of view. The title of my talk was "Cryptography Everywhere."

My professional life is full. I am Past-Chair of the IEEE Computer Society Technical Committee on Security and Privacy. I have been an Officer or Director of the International Association for Cryptologic Research (IACR) for thirty years. I enjoyed a 14-year stint as an editor of the Journal of Cryptology, an archival journal of important results. I am also Editor Emeritus of the Journal of Craptology, a much less serious affair. Why be simply mediocre? Aim your work for one of these extreme journals.

I am on the advisory board of the International Journal of Information Security (IJIS).

From 1979-1986 I was a successful Silicon Valley entrepreneur at Sytek, Inc., a pioneer in broadband local area networking. I still love the problems and opportunities at early-stage and fast-growing companies.

Other completed projects include membership in the National Research Council Committee to Review C4I Plans and Programs and participation in a six-month Program in Coding Theory, Computer Security and Cryptography at the Isaac Newton Institute in the University of Cambridge. I am a life member of Clare Hall, Cambridge.

My Erdös number is 2.

Here is my professional bibliography.

My amateur radio call sign is ND2T.

You will have to type this.
or phone/mail. My PGP public keys are here.