The security and privacy community is mourning the death of security economics pioneer Ross Anderson, who died 28 March.
Anderson was a professor of security engineering at Cambridge University and the University of Edinburgh where he emphasized the social and economic responsibility of security and privacy operations. In 2014, Anderson was the opening keynote speaker at the IAPP Europe Data Protection Intensive where he spoke about access to medical data and risks to personal privacy, telling privacy professionals they "need to stop pretending that pseudonyms protect privacy."
"The world has to change," he said at the time.
In addition to his dedication to the development of security and privacy operations, Anderson was a pillar in cryptography research, known for his unique perspectives on a variety of topics including pseudonymization.
He created the Foundation for Information Policy Research in 1998 to study the connections between information systems, government agencies and businesses. He continued his research while advising the British Medical Association on clinical information systems in the 1990s and the U.K. Information Commissioner's Office on children's databases in 2006. Coined Anderson's Rule, he warned large databases would struggle with security breaches no matter the privacy safeguards put in place due to the design of large systems.
Anderson authored "Database State" and "Security Engineering: A Guide to Building Dependable Distributed Systems, Personal Medical Information: Security, Engineering, and Ethics," and co-wrote "The Global Trust Register."
He served on the advisory council of the Electronic Privacy Information Center and was awarded for his efforts in security economics, cryptography, hardware tamper-resistance, and API security when he was elected Fellow of the Royal Society in 2009. Anderson was also awarded the British Computer Society's Lovelace Medal in 2015 for contributions in security engineering.
Edinburgh Napier University Professor of Applied Cryptography William Buchanan OBE described Anderson in a Medium blog post as a "leader in defining new methods for assessing the true costs of information security and cybercrime." He said Anderson was known for his outspoken nature surrounding the use of surveillance measures, broke "down barriers in the 'art of the possible' and rallied against those who wish to spy on our citizens."
"He was one of those unforgettable people — fabulously erudite, generous with his knowledge and friendship, fiercely independent, and fearless," said John Naughton, Anderson's friend and senior research fellow in the Centre for Research in the Arts, Social Sciences, and Humanities at Cambridge University in a blog post. He called Anderson a "world authority on computer security, cybercrime and cryptography."
Information Security Officer at Trade Republic Bank Sybe Izaak Rispens wrote in a LinkedIn post that he was inspired by Anderson's "Security Engineering: A Guide to Building Dependable Distributed Systems," and persistent commitment to security. "He challenged authorities — be it governments, Boards, CEOs or managers — on issues of privacy, security, and technology," Rispens said. "If you care for information security, you need to be as radical, principled and fearless as he was."
Founder and Chief Scientist at Crimson Vista Seth James Nielson wrote on LinkedIn that Anderson's work and unique approach was one-of-a-kind.
"We are not going to be able to replace him, not even with all the advances in AI," Nielson said. "We will have, at best, cheap knock offs, often-imitated-but-never-duplicated avatars of that great mind. Perhaps that is one of the greatest compliments we will be able to pay great and original thinkers: they are (or were) AI proof."