In 2001, I was elected to the National Academy of Engineering. I was awarded the 2007 NIST/NSA National Computer Systems Security Award.
I'm the co-author, with Bill Cheswick, of the book Firewalls and Internet Security: Repelling the Wily Hacker. The second edition had Aviel D. Rubin as an additional author. I've also written Thinking Security.
I earned a B.A. from Columbia University; following that, I wandered south and managed an M.S. and Ph.D. in computer science from the University of North Carolina at Chapel Hill.
While a graduate student, I helped create USENET. For this, the statute of limitations having expired, I and two others perpetrators (Tom Truscott and the late Jim Ellis) were awarded the 1995 Usenix Lifetime Achievement Award, known, appropriately enough, as "The Flame". The Usenix Lifetime Achievement Award recognizes and celebrates singular contributions to the Unix community in both intellectual achievement and service. USENET was an experiment started in 1979 to create an electronic bulletin board to facilitate the posting and reading of news messages and notices. Today it has more than 10,000 discussion groups, known as newsgroups, on a wide variety of subjects, tens of thousands of USENET sites, and many millions of participants. I've written up my recollections of its origins.
In years past, I was very active in the IETF, especially the Security Area. I was a member of the Internet Architecture Board from 1996-2002; I was Security Area co-director, and hence a member of the Internet Engineering Steering Group (IESG) from 2002-2004.
I was a member of the Science and Technology Advisory Committee of the Department of Homeland Security 2005–2014. I was also a member of the Technical Guidelines Development Committee of the Election Assistance Commission and a subject matter expert for Homeland Security's Data Privacy and Integrity Advisory Committee. For the 2012-2013 academic year, I was Chief Technologist of the Federal Trade Commission. For 2016, I was the Technology Scholar at the Privacy and Civil Liberties Oversight Board.
I spend a lot of my time writing papers (electrons?). Most of them are available electronically. You can find a few of my talks, too. In real life, I enjoy photography (especially bird photography), trains, making sawdust , and spending time with my family. But a persistent sense of unreality sometimes intervenes....
Worried about people reading your mail? That's not an unreasonable fear... See some notes I've written on what you should—and shouldn't—do about it.
I've served on many study committees of the National Academies of Science, Engineering, and Medicine. I was also a member of the the Academies' Computer Science and Telecommunications Board.
I'm very interested in nuclear weapons command and control. Apart from the relevance of the subject to the history of public key cryptography, I've done a fair amount of research on how permissive action links—the cryptographic unlocking mechanisms for nuclear weapons—ork.
Sometimes, bureaucracy can be simultaneously cool and preposterous. (Yes, the document is genuine.)
To reach me, it's best to send email to me at the address given at the top of the page. For other contact mechanisms, see my university directory page. If it's Secret Stuff for me, you can find my PGP key here. (That's a new key; the old one, which was used to sign the new one, is here.)
I'm an informal sort of guy, but if you want, you can find my formal bio here, as well as my CV here. You can find much of my technical history here.