Security pioneer Ross Anderson dies at 67

Obituary Venerable computer scientist and information security expert Ross Anderson has died at the age of 67.

His family broke the news to Anderson’s friends and colleagues at the University of Cambridge, where he worked as a professor of security engineering and senior research fellow at Churchill College. He passed away unexpectedly in his sleep on Thursday, March 28.

While it’s difficult to label Anderson as a single type of professional since, like many great minds, his interests were as deep as they were broad, it would be fair to describe him as a decorated security expert and celebrated engineer – among the finest and most respected of his time.

Among a long, long list of personal awards, notably, he was a former winner of the British Computer Society’s Lovelace Medal – the UK’s most prestigious computing award – and was also a Fellow of the Royal Society, joining intellectual hall of famers Isaac Newton, Charles Darwin, Stephen Hawking, and Alan Turing.

His professional work spanned many areas including information security, cryptography, reliability of systems, information hiding, adversarial machine learning, cybercrime analysis, security psychology, and more.

Anderson’s work was driven largely by real-world problems and he authored and co-authored an extensive array of papers, many of which he has made available for free under the Creative Commons License.

A pioneer in peer-to-peer systems and hardware tamper-resistance, he spent years working, and ultimately had a significant influence, on the secure design of widely used real-world technologies, including chip and PIN bank cards. Anderson’s efforts to publicize security flaws in ATMs led to changes made to their design across the world.

The publication for which he will most likely be remembered best is Security Engineering. First published by Wiley in 2001 and now in its third edition, it’s described by close friends as his “masterwork book.”

Security Engineering covers a broad spectrum of topics from infrastructure to embedded systems, and more recently cloud services and social media. Like Anderson as an author, the book is seen by many as an authority on information security, rich in insights.

Away from academia, Anderson had a keen interest in information security policy, creating the Foundation for Information Policy Research (FIPR) think tank in 1998.

FIPR has advised and affected various pieces of UK tech policy since then, and was instrumental in bringing amendments to the Regulation of Investigatory Powers Act 2000. Such examples include preventing browser surveillance without a warrant and raising the authorization level for police to access passwords and decryption keys to chief constable.

Anderson was also known for never shying away from fights with his employer. He and the University of Cambridge, where he taught since earning his PhD there in 1995, have clashed on various matters for decades, with Anderson fighting fiercely for what he believed. 

His successful campaigns led to Cambridge academics retaining their intellectual property amid threats it would instead be transferred to the university, and for an institutional approach of tolerance rather than respect in response to free speech debates within university walls.

Most recently, he was embroiled in a battle against a policy that mandated the retirement of academics at the end of the academic year once they turn 67 years old – one adopted only by Cambridge and Oxford. It meant this year would have been his last at Cambridge, but he planned to continue teaching at the University of Edinburgh.

Cambridge colleague and friend John Naughton said one of Anderson’s final acts before passing was being engaged in an email discussion with colleague Jon Crowcroft about potentially using generative AI to “add spice to the campaign” against forced retirement.

“As Jon observed afterwards, it could almost serve as an obituary,” Naughton wrote in a flattering piece about Anderson. 

An illuminating extract from Naughton’s blog described Anderson as a friend and respected colleague:

Frank Stajano, a professor of security and privacy at Cambridge and former PhD student under Anderson, remembered the late academic in a piece published via the blog to which many of the university’s brightest security minds contributed, including Anderson. He wrote:

Bruce Scheiner, another of Anderson’s colleagues and friends of over 30 years, also described at length his fond relationship with the Cambridge man. He said:

As well as a brilliant academic, Anderson will be remembered as a loving husband, father, and grandfather by his wife Shireen, daughter Bavarni, and his grandchildren. The family has asked for privacy at this difficult time. ®