Communications and Encryption Policy

Susan Landau, Bridge Professor in Cybersecurity and Public Policy

Bridge Professor Susan Landau's research is published in law reviews, technical journals, and venues accessible to law and policy makers, and she often briefs policymakers in the US and Europe. Her work can be found at privacyink.org.

Landau's research focuses on:

  • How Surveillance Tools Actually Work
  • Encryption Policy
  • Cybersecurity in a National-Security Setting

How Surveillance Tools Actually Work

A major focus of Bridge Professor Susan Landau's work has been on communications surveillance and privacy, where she integrates understanding of communications and IP technology with law and policy to understand how surveillance tools actually work. With co-authors, she has shown how, from a technical vantage point, the distinction between content and metadata in IP-based communications is functionally meaningless, examined alternatives to bulk collection as a member of the National Academies study, and clarified what caused "irregularities" in the NSA collection of bulk metadata records and shown how 40 court orders could result in over a hundred million Call Detail Records collected through a "two-hop" process. More recently she has been focusing on reversing the privacy risks stemming from the use of smartphone communications metadata and software and device telemetry.

Encryption Policy

Landau reframed the encryption debate from a "security versus privacy" debate to a "security versus security" one. She did this by presenting convincing arguments that the widespread availability of end-to-end strong encryption significantly enhances U.S. national security. Some of Landau's research related to this topic was presented in the 1998 book, Privacy on the Line: The Politics of Wiretapping and Encryption, co-authored with Whitfield Diffie, Keys under Doormats: Mandating insecurity by requiring government access to all data and communications, which influenced the Obama administration not to seek legislation controlling encryption, her Congressional testimony, which laid out the disconnect between law-enforcement investigative techniques and digitized communications, demonstrating the need for ubiquitously securing mobile devices. More recently, in Bugs in our Pocket: The Risks of Client-Side Scanning she and co-authors demonstrated the risks of client-side scanning; Apple later dropped its efforts in that direction. 

Cybersecurity in a National-Security Setting

Landau's work has focused on how the technology actually works and thus what its impact is from a policy vantage point. The result is a rather wide-ranging set of publications, including research on the efficacy of attribution, on the ability to target cyber weapons, and on analyzing the Russian threats to disrupt US civil society. She has testified before Congress and the Massachusetts state legislature. Landau is the author of four books on cybersecurity policy issues.