Steven Bellovin | Protecting Privacy in Complex Systems

Steven Bellovin
Professor of Computer Science
This profile is included in the publication Excellentia, which features current research of Columbia Engineering faculty members.
Photo by Eileen Barroso

Ask Professor Steven Bellovin about computer privacy and he might start by discussing aviation.

“The technology is so good, there are no single causes of airplane crashes any more. But when complicated systems interact in complicated ways, you have unexpected failures,” he said.

Bellovin has seen that complexity emerge on the Internet. Thirty years ago, he helped create USENET, a precursor of today’s Internet forums. He wrote the first book on Internet security, and is now creating software to simplify network security. He remains an important voice in public discussions about privacy.

“Computers interact with the world around them,” Bellovin said. “We cannot be only scientists or engineers. We have to bring our knowledge to the debate. We have no more right to a policy opinion than anyone else, but no less right either.”

He sees the Internet’s interconnected technologies eroding personal privacy. For example, nearly all commercial Websites collect information about users. While some keep that information private, others do not. Anyone can crosscheck for-sale databases to unearth personal information.

“In 1994, Congress mandated that telecommunications switches include technology to make it easier to tap phones. We could tell this would be abused. Sure enough, someone tapped one hundred people in Greece, including the prime minister. When we see proposals like this, it is our obligation as specialists to say something.”

Some privacy mechanisms fail because large Websites actually consist of many different services. Not all of them share the same privacy policies. Facebook, for example, stored pictures on servers that did not enforce privacy rules. Hackers could scrape supposedly private data by entering through those servers.

A third area of concern is anonymization, a process that wipes identifying data from database records. Yet many companies can use anonymized data to build detailed records of individuals. Google, for example, captures queries, offers check-out services that record purchases, and owns Double-Click, which tracks clicks for advertisers.

This could enable it to create detailed profiles.

“Some people want to see ads about things they like. Others find it creepy that somewhere there’s a repository of all your information,” Bellovin said. “Part of the solution is educational,” he continued. “We can teach people to protect their privacy. But it’s also a technology issue.”

His group is looking at better ways to preserve privacy. This includes creating unlinkable aliases, improving the privacy of database searches, and encrypting advertising clicks so merchants cannot access private information.

B.A., Columbia, 1972; M.S., North Carolina (Chapel Hill), 1977; Ph.D., 1982

500 W. 120th St., Mudd 510, New York, NY 10027    212-854-2993