Computing Community Consortium Blog

The goal of the Computing Community Consortium (CCC) is to catalyze the computing research community to debate longer range, more audacious research challenges; to build consensus around research visions; to evolve the most promising visions toward clearly defined initiatives; and to work with the funding organizations to move challenges and visions toward funding initiatives. The purpose of this blog is to provide a more immediate, online mechanism for dissemination of visioning concepts and community discussion/debate about them.

One-on-One With New FTC Chief Technologist Steven Bellovin

September 18th, 2012 / in policy, research horizons / by Erwin Gianchandani

Earlier this month, Columbia University computer science professor Steven Bellovin was named the Federal Trade Commission’s (FTC) chief technologist, taking over for Princeton’s Ed Felten following the conclusion of his successful two-year term. In his first post on the Tech@FTC Blog, Bellovin wrote:

Steven M. Bellovin, Columbia University and U.S. Federal Trade Commission [image courtesy Columbia].I’m delighted to succeed Ed Felten as Chief Technologist of the Federal Trade Commission. He’s a hard act to follow! But what does the FTC do, and what is the role of a technologist?


The FTC polices the online marketplace. While that often involves addressing complex issues, one essential requirement is that companies must keep the promises they make to consumers. If an organization’s privacy policy says that it won’t sell your personal information but it does, that’s deceptive under FTC law. Similarly, if it promises to “keep your personal information secure” but doesn’t follow industry-standard practices, that, too, can constitute deception. In such cases, the FTC can act.


Consumers have a role, too. How do you read a privacy policy? How can you tell if a web site is safe enough? Education is a big part of the FTC’s job as well…

Now Bellovin is featured in an interview in Digital Communities (following the link):

GT: Three years ago you said buggy code is the oldest unsolved problem in computer science, and that you expected it to remain that way. Is that still your viewpoint three years later? It seems that as our infrastructure becomes “smarter” we will become a much bigger target for the bad guys, with potentially much more dangerous consequences. One failed traffic light at a busy intersection, for example, can snarl vehicles for miles.


Bellovin: Yes, I still think that. Exactly what to do is still a research area; while I have some ideas, they’re not even to the half-baked stage yet. I think we need to build systems with different architectures, ones that are designed under the realization that there will be security failures.  Authentication won’t do it — in most breaches, the bad guys go around the strong authentication, not through it.


My own working philosophy is that programs will have security bugs — then what?  But that’s a research agenda, not guidance I can give to a programmer, let alone an end site. You cite the failed traffic light, and you’re absolutely right — what is the fallback position when a component fails?

Read the full interview here.

(Contributed by Erwin Gianchandani, CCC Director)

One-on-One With New FTC Chief Technologist Steven Bellovin

Comments are closed.