In Loving Memory of Ross
This is to preserve cherished memories shared by Ross's friends, students, colleagues, and those who had not met him but learnt lessons through his book. I went through online places to collect all public tributes, and also include private messages through internal emails and
handwritten notes with consent.
I believe future generations, including myself, will learn invaluable lessons from these remembrances by gaining a deeper understanding of Ross's vast contributions and how nicely he treated students and colleagues. If you have
something to write but have not yet shared it, please reach out to me and I will help archive it.
In memoriam: Cambridge Computer Laboratory
| Churchill College, Cambridge
| Cambridge Judge Business School
| Cambridge Energy Policy Research Group
| School of Informatics, University of Edinburgh
| Communications of the ACM
| Schneier on Security
| Ruhr-Universitat Bochum
| WEIS (Panel)
| SHB Panel
| Churchill College Memorial Service (video)
| BBC Last Word
| Computer Weekly
| The Record
| The Register
| Light Blue Touchpaper
| International Association of Privacy Professionals
| Open Rights Group
| Bill Buchanan
| Duncan Campbell
| Alec Muffett
| Wendy Grossman
| Paul Ducklin
| Virus Bulletin
| GBHackers
| Hacker News
| TU Darmstadt
| Cambridge Rossfest
| Ross's Life (also here)
| Fundraising for Woodland Trust
I remember I first met Ross around 1993 or 1994. I was working as a research engineer in an industrial lab in Cambridge, I was a kind of crypto nerd all excited about PGP, and I heard of this public talk at the University entitled "Why cryptosystems fail". So I went along, one evening, and I think it was the first talk I ever attended at the University of Cambridge. This speaker, of whom I knew absolutely nothing, talked about how banking systems claim to be infallible but in fact make a number of engineering mistakes that enable a variety of frauds. He explained the frauds, not in the abstract but with reference to actual cases, and daringly asserted that the banks made the mistakes but denied the evidence and blamed the victims. Wow, that was hot stuff! I was riveted in my seat. We need people like this to tell it straight, stick it to the man and defend us poor consumers, I thought. Who is this guy? I didn't know it then, but the speaker was just a lowly PhD student, a mature PhD student of computer security pioneer Roger Needham. He had graduated from Cambridge in maths some 15-20 years before and had since worked around the world, from the Far East to South Africa, in a variety of fields, including banking. And then, having saved enough to pay for graduate studies, he had gone back for a PhD, and he had taken to research like a fish to water. This was to become his first high profile paper, officially published in late 1993 but I wasn't able to reconstruct whether he gave that talk in the Babbage lecture theatre before or after publication.
In the meantime, a few years after attending that lecture, I too came to the decision of returning to University to earn a PhD as a mature student. As I looked for a supervisor there and considered various options I found him, by then a newly minted lecturer in the Computer Laboratory, what we would now call an Assistant Professor. He had half a dozen PhD students and had not yet graduated a single one. I had a couple more options on the table but it is largely on the strength of that first impression from his lecture as a mature student that I told myself: if I'm going to do a PhD at Cambridge, I can't miss the chance of working with this guy. This was the summer of 1997; by then he'd been a lecturer for a couple of years, and he did not seem too keen on taking on one more student on top of the ones he already had. I remember an early email exchange in which I mistakenly referred to him as English, to which he promptly and vehemently responded: "I am not a fucking Englishman!". I cheekily wrote back "I'd rather be a fucking Englishman than a non-fucking one". Shortly afterwards I received an acceptance letter as his student.
I started attending the security group meetings, ahead of my official start which would have been the following January, and got to know his other students: Harry, Fabien, Jong-Hyeon and Abida, joined in October by Markus who was at the time completing his Master's course in the US but had already coauthored with Ross in 1996: that paper, "Tamper Resistance: a cautionary note", soon became a classic. Maybe Uli was already there too, or he joined around that time. I started getting invited to the lavish dinner parties that Ross and Shireen frequently hosted for the security group, in their faraway home in the middle of nowhere ("that's the only place I could afford a big house and nice garden even on my lecturer's salary"). There were many more people at these parties than just Ross's students: it seemed he knew everyone and was quite inclusive in his invitations. One of these parties I remember celebrated Shireen's 40th birthday. The food was always delicious but the company was better. When the bulk of the guests had left, a pack of attention-hungry Yorkshire Terriers was unleashed on the remaining attendees who were lounging on the sofas.
Always gregarious, in the old Computer Lab on Corn Exchange Street he was a regular at the afternoon tea hour where he'd make a point of chatting with everyone. It is on those ugly faux-leather green armchairs that I remember discussing exciting ideas with him while they were still being shaped, from the Guy Fawkes protocol (a precursor to the blockchain) to How to cheat at the lottery to the bootstrapping process for the Resurrecting Duckling that later became my first highly cited paper with him. At conferences, too, he connected with everyone. More to the point, he pulled everyone together. On many occasions he served as the catalyst that created a new community that then went on for years, sometimes decades, well beyond his initial involvement as a founder. From the UK-crypto mailing list to the Foundation for Information Policy research, the Information Hiding workshop, the Fast Software Encryption workshop, the Workshop on Economics and Information Security, the one on Security and Human Behaviour and I'm missing out plenty more.
I remember he religiously took notes at every one of our security seminars, whoever the speaker was, building an encyclopedia of knowledge that he then distilled into his book, Security Engineering, which he wrote during the last year of my PhD. I was excited to read his drafts and to send him comments while I was working on my own dissertation and he was doing the same to me. I was over the moon when his prestigious publisher, Wiley, accepted my own book as well, thanks in part also to his influential recommendation. Now his encyclopedic 1200 page book, which he kept updating till his third edition in 2020, is a must read for anyone doing anything in security, and it's amazing that a single person could have so many insightful things to say on so many facets of our field. I'm rambling a bit by now, sorry, it's very sad to see him go at only 67, but I hope I am conveying a little bit of why I chose him, why I was excited at the prospect of working with him, and of why I feel that choosing him as my PhD supervisor was one of the best and most significant decisions in my career. And I had no idea at the time that, after completing my own PhD, I would be appointed to a Cambridge lectureship myself and become his colleague.
Thanks Ross, rest in peace and thank you for everything.
-- Frank Stajano (see more)
Ross broke down barriers. He treated everyone as equals, from the undergraduate intern to the visiting professor. He loved to bring people together from all walks of life. He saw the opportunity to learn from everyone he met. He loved nothing more than a robust argument; the opportunity to debate an issue at length.
There is a huge Ross Anderson-shaped hole in my life. He was a brilliant mentor, colleague, and friend to me and many others. His impact has been considerable in so many ways. He will be greatly missed.
-- Alice Hutchings
Ross Anderson unexpectedly passed away Thursday night in, I believe, his home in Cambridge.
I can't remember when I first met Ross. Of course it was before 2008, when we created the Security and Human Behavior workshop. It was well before 2001, when we created the Workshop on Economics and Information Security. (Okay, he created both - I helped.) It was before 1998, when we wrote about the problems with key escrow systems. I was one of the people he brought to the Newton Institute, at Cambridge University, for the six-month cryptography residency program he ran (I mistakenly didn't stay the whole time) - that was in 1996.
I know I was at the first Fast Software Encryption workshop in December 1993, another conference he created. There I presented the Blowfish encryption algorithm. Pulling an old first-edition of Applied Cryptography (the one with the blue cover) down from the shelf, I see his name in the acknowledgments. Which means that sometime in early 1993 - probably at Eurocrypt in Lofthus, Norway - I, as an unpublished book author who had only written a couple of crypto articles for Dr. Dobb's Journal, asked him to read and comment on my book manuscript. And he said yes. Which means I mailed him a paper copy. And he read it. And mailed his handwritten comments back to me. In an envelope with stamps. Because that's how we did it back then.
I have known Ross for over thirty years, as both a colleague and a friend. He was enthusiastic, brilliant, opinionated, articulate, curmudgeonly, and kind. Pick up any of his academic papers - there are many - and odds are that you will find a least one unexpected insight. He was a cryptographer and security engineer, but also very much a generalist. He published on block cipher cryptanalysis in the 1990s, and the security of large-language models last year. He started conferences like nobody's business. His masterwork book, Security Engineering - now in its third edition - is as comprehensive a tome on cybersecurity and related topics as you could imagine. (Also note his fifteen-lecture video series on that same page. If you have never heard Ross lecture, you're in for a treat.) He was the first person to understand that security problems are often actually economic problems. He was the first person to make a lot of those sorts of connections. He fought against surveillance and backdoors, and for academic freedom. He didn't suffer fools in either government or the corporate world.
He's listed in the acknowledgments as a reader of every one of my books from Beyond Fear on. Recently, we'd see each other a couple of times a year: at this or that workshop or event. The last time I saw him was last June, at SHB 2023, in Pittsburgh. We were having dinner on Alessandro Acquisti‘s rooftop patio, celebrating another successful workshop. He was going to attend my Workshop on Reimagining Democracy in December, but he had to cancel at the last minute. (He sent me the talk he was going to give. I will see about posting it.) The day before he died, we were discussing how to accommodate everyone who registered for this year's SHB workshop. I learned something from him every single time we talked. And I am not the only one.
My heart goes out to his wife Shireen and his family. We lost him much too soon.
-- Bruce Schneier (see more)
Ross made a profound impact on me. He was an outstanding mentor who set a positive example of how to be an effective academic and a genuinely good person.
His mentorship style was very effective. He provided plenty of guidance, advice, and feedback. But he also kept a healthy enough distance that helped me grow into an independent scholar. I'll never forget our first meeting in his office. He explained to me that at the end of the first year, I'll have a viva. Until then, he told me I was free "to work on whatever the hell I want", and that we'd figure out if it worked at the viva. Of course, I saw him plenty that first year, and he was always generous with his time when I had questions or needed feedback. But we never had regularly scheduled meetings. Instead, Ross would randomly pop into my office (which was next door to his) any time he had something that he thought might be of interest to me or if he had an idea he wanted to talk through. Those meetings would invariably lead to discussions of what I was working on, and in that way shaped my path.
Ross always sought out opportunities to elevate his PhD students (and really, any junior scholars). I benefited directly. Anytime he was asked to speak, if he had a conflict, he would recommend one of his students instead. That's how I got to travel all over Europe, from Austria to Cyprus, giving keynotes on security economics as a PhD student. It's also how I co-authored a paper with him in Science and a report for the European Commission. And the best part was, I was never just his stand-in. He expected real contributions, treating me as a fellow scholar even before I felt like one. Only later did I realize that by sharing these opportunities he helped make it true.
Ross imparted on me the importance of working on real problems that people care about. He valued collaboration and sought it out at every opportunity. And he was never satisfied with the status quo. He was unafraid to argue for change when warranted. I have done my best to internalize these lessons in my own career, inspired by his example.
On a more personal level, I always enjoyed the times he invited the Security Group to his home in Wrestlingworth. Shireen cooked a delicious meal, and the conversations would go on for hours. During one such visit, Ross broke out his bagpipes. Needless to say, the sound was impressively loud, particularly in a small dining room!
Finally, I really appreciated getting to know Shireen better during Financial Crypto conferences. Shireen, Jillian and "the moms" (my mother and mother-in-law) would hang out at the beach while Ross and I attended sessions. Then at meals and in the evenings and social events we would all come together and enjoy each other's company. I will always cherish those memories
-- Tyler Moore
I remember the first time I met Ross. He was presenting his "Why Security is Hard" manuscript – which essentially started, or contributed to start, the entire field of research on infosec economics – at Berkeley in 2002. I was a PhD student there. I sent him an email in the scant hope he could meet with me while at the conference where he was presenting. Incredibly, he did reply, and did find time to meet with me, and chat.
That was the first of many, wonderful interactions I was so lucky to have with him over the subsequent 20 years. And now they seem too few.
Ross fought the good fight. He was relentless in that, and seemingly fearless of the powers he was putting himself against. That was inspirational: wow, I would tell myself, here is a serious scholar who is not afraid of taking very clear positions on critical issues, and speaking truth to the power!
I recall how intimated and amazed by him I was when I approached him in Berkeley in 2002 for our first chat. Over the years (especially thanks to organizing together the Security and Human Behavior workshop), I discovered such a warm, gentle, and incredibly funny side of his personality. And yet that sense of amazement never went away. Over the years, Ross was to me a mentor, an inspiration, a model, and a friend. He will be missed.
-- Alessandro Acquisti
I first met Ros in another century when I was working in industry and trying to persuade Governments they were doing dumb things to control the Internet, to control encryption and to listen in to everything we said in private. I was always impressed by how he would turn up, apparently unprepared, listen for a while, scribble down a few notes and then stand up and make a short intervention that made more sense than the previous speakers all put together.
Later, I was there to help him, Caspar, Ian and others kick-start FIPR, and there again at a Christmas drinks do in London when a casual conversation changed my life -- he'd sounded a bit bored with teaching and I was getting bored working for an ISP. I said we should swap jobs for six months and he said perhaps not, but I could come to Cambridge and do a PhD if I wanted. He then navigated the system for me, because we were taking little notice of rules of when and how you should apply and in the following September I started to become an academic. Twenty-four years later and with much help from him and I am beginning to get the hang of it.
He was much in demand, and rightly so, to speak on panels. If he could not go he'd recommend one of his PhD students or RAs to go instead; when they would never have been asked in their own right. That's why I got a trip to Financial Cryptography in Dominica. I came back and explained the attractiveness of Caribbean islands in February (and how this conference only had talks in the morning because everyone went to the beach in the afternoon) and thereafter he always managed to be able to go to FC himself.
One of the things I have learnt over the past week is how normal these types of stories are for people who knew Ross. I've read dozens of little notes and appreciations, scattered over blog comments, or in emails by many of the people I know well, and a lot that I don't, of how Ross changed the course of their lives too, by advice, by finding some improbable way to give them a job or a speaking chance, by supporting their endeavours elsewhere, or just by being there to chat with them whilst walking the dogs.
Governments (and University hierarchies) are still doing dumb things, but Ross did so much more than most to try and change that -- not least by encouraging others and by building communities that will continue the struggle to make things better.
Some people change the world through their inventions or their wise words. Ross did some of that -- but he was also that rarest of people, someone who has changed the world by empowering others to do that changing for us all. RIP
-- Dr Richard Clayton
When I first met Ross, in June 1996, at the Isaac Newton Institute Programme that he ran at the time, I was immediately impressed by how many of the most famous and influential names from the world of coding theory, cryptography and computer security he had brought together there, and the wide range of topics he was interested in and collaborating on, with lots of people. He was always exploring new aspects of the field, picked up new ideas quickly and enthusiastically and was able to communicate them in the most engaging ways, whether in discussions, talks, or papers.
Ross was never an abstract theoretician but always keenly interested in topics that directly affect people in the real world. He spent enormous energy on fighting for consumer protection, holding banks to account over flaws in their procedures and systems and their attempts to pass on liability and the burden of proof to customers when things went wrong. His early papers on these topics contained some of the most engaging writing I had ever seen in scholarly communication.
Ross was a real force of nature and a great storyteller. He was never boring. I will miss him very much.
-- Markus Kuhn
Ross, you were an outstanding researcher who had a knack for starting original projects out of the mainstream. Your sharp knowledge of several diverse fields was impressive and listening to you about any of them was always a delight. You were a very supportive and inspiring mentor to whom I owe an important part of my career. But, above all, since my first (scary) meeting with you in 1996, you had become a friend who I will deeply miss.
-- Fabien Petitcolas
It is hard to overstate the impact that Ross Anderson has had on Leigh and my lives over the last 25 years. This started with his invitation for me to join him for a summer internship with the Cambridge security research group. Leigh and I remember clearly a rattling drive through the countryside with David Wheeler to join you both for the security-group summer garden party that year! The internship led to an invitation to return for a PhD -- an offer that I only took up quite a few years later, once Leigh had begun her own PhD at Cambridge. It is extremely difficult to imagine the halls of the Lab without the sound of his voice and excitement about the latest ideas in the world of computer security (and beyond) -- just a few doors down still, now a colleague, but always a mentor. It is comforting to know that there remain so many people, both at the Lab and in many international communities he worked with, who likewise benefited not just from his research, but also his generously given mentorship. We will both deeply miss him and his friendship over the years.
-- Robert Watson
I first met Ross as an undergraduate -- he was lecturing computer security. His lectures were a real inspiration: I adored the connections from cryptography to application and the many ways in which devious behaviour could cause untold trouble. As a PhD student, I bought a copy of his (then new, first edition) textbook and took pleasure in sending him a few corrections. I will also not forget him as my internal PhD examiner -- a wonderful couple of hours of discussion. I remember how proud I was that someone this important had taken the time to read my dissertation in such detail. Ross and I have continued to collaborate, in recent times as part of the Cambridge Cybercrime Centre, on a new protocol to protect whistleblowers and journalists, and co-supervising Jenny Blessing. He's been wonderful to work with: insightful, knowledgeable, and fun to chat with. He really cares about students and staff alike. We will all miss him immensely.
-- Alastair Beresford
Ross Anderson left us far too soon. I grieve for him and send my love to his family.
Ross was an intellectual giant and an absolute legend in computer and information security, and like any true giant, he was incredibly down-to-earth and friendly.
I first met Ross at the very beginning of my career, when I was a very junior faculty. Having been told of his famously low tolerance for idiocy, and being completely star stuck, I remember being very anxious the first time I was introduced to him. As it turns out, he was absolutely lovely and kind. Perhaps that's because the French and the Scots famously get along (by correctly blaming the English for everything that is wrong in this world), but I was impressed by his congeniality.
You can tell a lot about somebody's character just from the way they talk to higher-ups and people in lower positions. Ross' sharp and acerbic wit was solely reserved to people in position of power that, truly, shouldn't have been there. For those of us that were not -- junior faculty, students -- he was an indefatigable advocate, wonderful and kind mentor, and always had time for us.
I remember in late 2010 seeing a call for a very large grant from DHS. It was a very long shot, but I wanted to apply, and I thought that some of Ross' work was a good fit for some of what the funding agency was looking for. So, I invited him to team up. He accepted, and I wanted to get him to be front and center on the grant given his notoriety. He said that he wouldn't mind if we thought it'd help, but that I (and Tyler Moore, at the time another junior faculty on the grant) should be running the show, not him. Often with senior faculty, that's code for "put my name on this thing, I'll take the money, but don't ask me to do anything." In Ross' case, that meant tirelessly writing entire sections and editing the whole proposal, giving us a lot of advice, and then, stepping back from the limelight. We wrote a lot of that proposal at Financial Crypto in Saint Lucia, in between cocktails and beach time.
We got the grant. It completely changed my career. Later, I heard through the grapevine that Ross was one of my biggest supporters when asked to write evaluation letters. It was incredibly helpful to have such a legend in my corner.
So, I owe Ross a lot, and I am sad that I never will be able to repay him even a fraction of everything he did for me. But, now that I am becoming slightly more senior, I will try to honor his memory by using him as a model in my interactions with junior colleagues.
Thank you, Ross.
-- Nicolas Christin
Dear Ross,
When I learned of your death, the first thing that came to mind was the death of a massive star: they burn very brightly but only for a few million years. It was not surprising that a ball of energy that shone as bright as you did would not last very long. I missed you painfully the day I learned you had died and I will continue to miss you. I am grateful for the many things you gave us intellectually, organisationally, and in fun times together but particularly for the special gift of getting to know your wife Shireen.
Sleep well.
-- Whit
Ross was a pragmatic visionary. He critically observed situations, identified how the situation should be, determined what would be needed to get there, and made it happen. He not only applied this strategy very successfully to his own career, but to the careers of many of us, changing our lives for the better. Incidentally, this is also how we met. I met Ross at a psychology conference (SARMAC) in Rotterdam (The Netherlands) back in 2013. He had just received a large grant on deterring deception and attended this conference to scout talent. We were both in the audience when Ross asked the speaker a question about the use of machine learning to tackle her research problem. The speaker completely blanked - it was probably the first time someone mentioned machine learning at that conference – but I got excited. So after the talk, I introduced myself to the person who asked this question, Ross. We started chatting and did not stop. We went for dinner that evening and he invited me to come to Cambridge, meet some people in the lab. This turned out to be a job interview, which I unfortunately only realised when I was already halfway through my visit. All's well that ends well, I got the job even though I hadn't consciously applied and it changed my life for good.
Ross was truly great at getting bright young minds together who shared his vision and were eager to facilitate change. He was a serial community builder. He founded multiple entire new disciplines and academic communities, including (but not limited to) WEIS on the economics of cyber security, SHB on security and human behaviour, and Decepticon on deceptive and dishonest behaviour.. The latter, Ross and I set up together and is still an active and vibrant research community today. Ross would attend all conferences and religiously take notes for lightbluetouchpaper.org, building an unparalleled open-access security resource.
Ross taught me to not only think strategically, but also to think big. How do we get the key researchers in our scientific committee? How do we get this line of research on the front page of the New York Times? Or even, how can this work lead to a Nobel Prize? He encouraged his students to do cutting-edge and meaningful research and to share these new insights with the wider public.
Ross believed in cross-disciplinary synergy, that one plus one could be so much more than two, especially when the two are complementary. He hired grad students and postdocs with a wide variety of backgrounds, including computer scientists, criminologists, economists, lawyers, and psychologists like me. This led to vibrant Friday lab meetings where security related topics were discussed from a variety of angles, sometimes leading to unexpected insights.
Ross was idealistic. He would only record a MOOC (online course) if it would be made freely accessible to everyone. Same for the papers and books he wrote. He strongly believed that academic information should be open. Private information on the other hand, must be protected. He demonstrated the fallibility of anonymizing sensitive data such as electronic health records and that photos and documents can often be retrieved from a wiped smartphone. Ross dedicated his career to protecting people's privacy.
Ross was famous for advocating his strong opinions. I believe one of his quotes ended up on a wall at GCHQ and he famously send a reference letter comprising one single line: "You'd be a fool not to hire her". But one of the things I liked most about him, is that he always listened with an open mind. He was endlessly curious, read more and about a wider range of topics than any one person could comprehend. But if you disagreed with him and posed a solid argument, he would use this input to update and, when relevant, change his opinion. Ross always gave me the feeling that what I said, mattered.
Ross was a great mentor and friend. He was one of the most generous and welcoming people I have ever met. Ross had a strong influence on the careers and lives of many, mine included. For example, he generously invited me to his home where I not only admired his taste in art, but he also invited me to "shop" furniture in his garage. I had just moved to Cambridge and my apartment was still a bit empty. Ross lent me a beautiful closet that had belonged to a friend of theirs and even brought it to my home. Helped me move it up the stairs. He wanted to make sure Cambridge would feel like home. And the extraordinary thing is that this wasn't an exception. He cared this deeply for many people.
Importantly, Ross did not do this alone. I have seldom seen such a complementary match as Ross and Shireen. When Ross organized a conference at the lab, Shireen would be there to host it. To chat to everyone, make sure they felt seen and welcome. When Ross joined Churchill, Shireen set up new committees and organised events for the partners of fellows. When I felt torn between staying in the UK or moving back to the Netherlands, Shireen would take me to the pub to listen to my worries. And the next morning, Ross would come into my office to pose a solution. "Run an experiment at a Dutch university so you can spend some time at home". Problem solved.
In 2015, at the end of the grant, I left Cambridge to move back to the Netherlands. Ross through me a goodbye party at the computer lab, serving pink prosecco. I loved it. Since then, Ross and I have visited many conferences together and each time we did, we had such a wonderful time. In addition to hearing the ins and outs in the field, we would go for walks and visit art museums. Walking with Ross through the Smithsonian's National Air and Space Museum was remarkable. He knew everything about everything and talked about it with so much passion that I started to regret studying psychology instead of aerospace engineering. Ross would be the one I turned to when in need of some serious life advice, for example when dealing with my parents who turned ill or when having trouble finding suitable education for my daughter. Ross always inspired me to solve the problem and think big if needed. "If there's no suitable school, start one". Because problems are there to be solved.
The last contact we had was the day before Ross passed away. We were planning to meet up during his next visit to the Netherlands. I was already looking up art exhibitions, wondering which one he would like best. With Ross' passing, academia lost a great mind, society lost an advocate for human rights, and we all lost a truly great friend who will be missed dearly.
-- Sophie van der Zee
Inviting me to help found WEIS changed my career in such a fundamental way. He created this pathway and ways forward that changed my trajectory. And now I am reading that he was did that to so many people, where a single interaction with him was a life inflection point.
I suppose he told you his bagpipe social engineering story: he discovered as a student on the continent that if you were in a given range of people in Germany they would drop some coins in your case. So he would march around playing of his many bagpipes in the train station, walking just close enough to people to engage the social contract - with a bagpipe - , and have enough to student the day away. He told this story to me and my younger child, who played brass in band, at FC by the ocean.
I posted this when I heard, "Ross Anderson cared deeply about the human outcomes of security & policy. He did not focus his brilliance on amassing tech wealth but instead on the hardest challenges, using nuanced technical insights in fighting to protect the vulnerable."
He was one of kind. And now I suppose I will never understand the differences between the Scottish and British enlightenments.
-- Jean Camp
It is hard to see the security group, the Computer Lab, and Cambridge without Ross. In late 2018 I had sent an email (without much hope) to Alastair and Ross inquiring about a PhD position. Somewhere in that email I linked my Master's Thesis. Ross replied soon after with detailed comments, questions, and encouragement -- apparently he had read the entire thing! I was impressed by so much generosity, kindness, and interest. That moment sealed the deal for me and I left the industry for the CL. I am very thankful for this important moment and the many that followed.
-- Daniel Hugenroth
Shireen, sending all my love to you and your family at this very sad time. Ross's sense of mischief, heart, warmth, and wit has been a big part of my life over the past five years which I will keep with me forever. I will always remember the first time we properly worked together (having mostly bonded over being fellow Scots in Cambridge and teasing each other about politics in the lunch queue). Due to his Visa being denied, he was unable to travel to the USA for a conference, so concocted a scheme to let me travel to Boston in his stead. This involved me not only registering as Ross, but becoming (in his words) a remotely piloted Ross robot, wearing an elaborate device made out of an ancient iPad and a neck-mounted truss, so that I could walk around with him on a Skype call and he could catch up (with truly terrible time delay) with his old friends there. This introduction to Ross's unique sense of humour and fun has always stayed with me -- he has been an incredible friend and support over the time I've known him. I've truly never met anyone like him. I so valued the time I got to spend getting to know him over many lunches at the lab, drinks at conferences, and dinners up in Edinburgh, and will miss him terribly. Keeping you in our thoughts, and again with all our love.
-- Ben Collier
Ross was an inspiration. He did great things and he showed us how. He fought injustice and knew how to win. He created communities and drew people together who would never otherwise have talked. He cared about people and mentored so many, he knew us as individuals. He made us laugh. I will miss him.
-- Daniel Thomas
Ross Anderson died March 28. There is no one I learned more from in security than him. On every team I have run, when people new to infosec joined we would give them a copy of his epic work, "Security Engineering." His clear thinking and writing were and are the most useful guide anyone could have to understanding this field which is so filled with abstractions, jargon, and counter-intuitive protocols. Ross' writing showed how all the pieces fit and the increasingly important effect of information security on real world things.
My favorite part, and unique among many security and engineering works, is that each section typically discusses a threat model and then a set of security protocol attempts that have been made over the years to address this with more or less effectiveness. Just his ability to chart a multi-decade attempt of chipping away at some hard problem was impressive enough. But then, he would end the section with why and how this fails. Meaning still a lot more work to do. This industry is a far poorer place without him. We have lost someone important.
When I read the first edition of "Security Engineering", I had never seen someone link together the roles and interlocking dependencies of policies, mechanisms, and assurance in such a clear way. But Ross also added a fourth consideration- incentives. At the time, I was a young tech-first engineer, and I thought, hey this guy is being too academic, he had written such a good piece on security policies, mechanisms, and assurance, but then went too far into cute, academic abstractions with incentives. Of course, after a few years in practice, I realized, if anything, he had underweighted the importance of incentives. I told him later how I came to this eventual understanding, and Ross laughed that before he had been academic he spent his 20s and 30s as a contractor in banks, what he learned there on incentives was worth "more than a shelf-foot of books on game theory."
Ross' work is so useful, because he never stops at looking at security protocols in the abstract, he always shows - this is how this adapts well (or not) to a consumer mobile phone or a badge at a nuclear facility or satellite TV. Security is never just one thing, it is how it is used in the real world. Ross recognized that he was fortunate to spend time in industry before academia and the special blend, "gives you a gut feel for what goes wrong – not just with the mathematics, but with the metal, and with the managers too."
Last week, I went back and re-read Ross' work "Why Cryptosystems Fail" it is on ATM fraud mainly, and written in 1993. It could have been written today. System designers "have suffered from a lack of information about how their products fail in practice, as opposed to how they might fail in theory." Ross Anderson, rest in peace.
-- Gunnar Peterson
Ross,
Thank you for everything you taught me over the years. You are a unique and wonderful person who changed the way I think about security and its place within the world.
I think my funniest memory of you is when I heard the sound of bagpipes echoing through the lab once Friday afternoon, and said to the person I was with "£10 says that's Ross". Of course, it was -- who else would keep a set of bagpipes in his office in case they were needed!
Thank you for everything
Rosie Baish--
I was deeply saddened to learn about Prof. Anderson's passing. I wanted to reach out and express my deepest condolences to you, all his colleagues at the computer lab, and, most of all, his family.
I feel privileged to have had him as a professor, and I fondly remember the first time I spoke to him when he interviewed me for the master's program. While I was extremely nervous, he effortlessly made me feel at ease, and from there on, the interview just felt like a fun and engaging conversation about our shared research interests. One of my most cherished memories from my time as a student at Cambridge was when I wrote an essay on cryptographic protocols, and he particularly liked my blurb on the Burrows-Abadi-Needham logic. His appreciation of my minor contributions made me feel special and more confident as an aspiring researcher. He was indeed an extraordinary individual who touched many lives, including mine. His intellect, warmth, and kindness will be missed as he continues to inspire us.
I sincerely hope that Prof. Anderson's family, friends, and colleagues find comfort and strength in the memories they shared with him and in the support of one another during this time of grief.
With deepest sympathy.
-- Varun Gandhi (he/him)
A beautiful mind has left us. I lost an esteemed colleague, dear friend, and mentor. Ross's influence stretched far beyond his role as a Professor at the University of Cambridge; he was a world-renowned figure whose brilliance and impact resonated throughout information and computer security research, spanning generations of researchers and scholars.
His intellect was unique, his research groundbreaking, and his dedication unbreakable. Ross was able to fuse profound knowledge with an incredible moral compass. He fearlessly championed privacy and information access rights, raising his voice against the misuse of technology and governmental overreach, always advocating for justice and integrity. And his impact is enormous. Beyond his academic fame, Ross was a living repository of wisdom, his mind a vast library of historical knowledge. His influence reaches beyond our immediate community, shaping the broader technology and policy landscape.
I had the privilege of knowing Ross and calling him a friend, and I was deeply touched by his genuine kindness and willingness to lend a helping hand. He embodied the true essence of compassion and generosity, leaving a legacy that will endure eternally.
To Ross's family, I extend my deepest condolences. May you find comfort in knowing that his legacy will continue to inspire countless individuals.
Ross, though you are no longer with us, your spirit will forever reside in the hearts and minds of all touched by your brilliance and kindness. Lastly, I borrowed a snippet from the known poem "Do Not Stand at My Grave and Weep" that I thought fits you well:
"I do not stand at your grave and weep.
You are a thousand winds that blow,
You are the diamond glints on snow,
You are the sunlight on ripened grain,
You are the gentle autumn rain.
....."
-- Ahmad-Reza Sadeghi
I just want to note here just how important Ross Anderson was, not just within the UK digital community, but globally. He was the model of a politically and socially involved computer scientist -- when I first heard of him in the 90s, he was doggedly trying to point out that the then security protections against ATM (cashpoint) fraud were too weak, and that the banks were blaming customers for leaking their PIN codes when in fact, those codes were eminently crackable.
After that, he was /the/ key figure in fighting restrictions on cryptography in the UK, putting together a coalition of CS experts in founding the Foundation for Information Policy Research, and then becoming one of the key (informal) advisors to the Labour party. As a gruff, Scottish socialist, Ross was tailormade to act as a counterbalance to the United States' heavy lobbying of the Blair administration to tow the line on making usable crypto illegal outside of the United States.
That had a global effect: opposition in the UK, at the time the US's strongest ally in many policies, limited the ability for the crypto restriction regime to spread. (After many years, it's notable that the main countries passing crypto restrictions during this period were those /furthest/ away from US support, rather than closest -- France, Russia, etc.).
FIPR and its successes spawned a strong, and experienced digital rights community in the UK early on. It was Ross and Caspar Bowden (who also sadly passed away far too early) who were crucial in encouraging this group to work with others in Europe to form EDRi, which remains the core of digital rights advocacy in Brussels. If you've ever wondered why the EU occasionally comes up with good cyberlegislation, it's because of the influence of EDRi -- and that coordination came from Ross and Caspar recognising that the real decisions were being made not in the UK or the US, but in the growing work of the European Union.
But at the same time as doing this political work, Ross was also building the foundations of a serious cybersecurity approach. He applied political, economic and social aspects to computer security models: his early writing on /where/ to put the liability for computer security flaws are still influencing approaches to legal liability now. He drew deeply from the actual use of technology: my favourite memory of him is him explaining how the Irish Republican Army actually passed around secrets under the nose of the British Army to a somewhat amazed BBC journalist.
Ross' high reputation allowed Cambridge University to lure Microsoft funding for their infosec department. The results of that collaboration indirectly led to CHERI, a capability-based security system designed by some of the brightest minds in the UK and beyond, and still for many of us the great hope for truly robust digital security.
Recently, Ross was still working on the cutting edge: the other week, Cory Doctorow pointed me to a paper he co-authored recently on how ML models might collapse in the face of ingested ML-generated content. When I devoted a chunk of a lightning talk to him at EthDenver, a prominent Filecoin ecosystem participant came up to me afterwards to thank me for highlighting Ross' work, as he had been instrumental in supporting her early career. Ross was grumpy, unforgiving, a blistering writer of flaming emails, and sometimes oblivious of the effect his disapproval could have on others. But he pursued and achieved singularly useful advances in the field of information security, and in the wider, messier world of digital rights and global politics. He was mad at Cambridge for forcing him to retire at 67, and he was right -- not just from a political point of view, but from the truth that he still had so much to give. He died too soon.
-- Danny O'Brien
When I started my PhD in Germany in 2003, I did not know anything about security, but was determined to learn. So I put the 2nd Edition of Security Engineering on my night table, and systematically read through it for several weeks every night. Some years ago I realized that everything I know about security originates from his book.
I met Ross personally much later, in 2017 on the Security and Human Behavior Workshop, und he was incredibly and unexpectedly kind to me. It was a tough time in my professional life, and I felt protected when he was around. Just so. He was also, to my great surprise, interested in my research and helped with advice and connections.
I liked most his unique humour, and especially his smile. It illuminated his face and surroundings like sunshine. Thank you, Ross.
-- Zinaida Benenson
Ross was a force of nature: full of ideas and thoughts on how to implement them, combined with inexhaustible energy. Ross could be a cyclone when you disagreed with him -- full-force winds in your face at upwards of 90 miles an hour -- but also willing to listen once he realized you had a point. Ross's mastery of cryptography, security, and the underlying policy issues that impeded implementing good security showed a command, at a deep level, of multiple fields and a rare capability to work within them. His ability to weave this knowledge into narratives that were both compelling and comprehensible to the lay person was a remarkable skill; it will be sorely missed by the security community. So, too, will Ross's energy and his boundless intellectual curiosity.
-- Susan Landau
Ross transformed my life.
He saw the pressure of the job I was under, the limitless gas of excuses, the heat of the logic that was hidden from me. He taught me to turn heat into light, to articulate, to shine, and to write. Let others react to my work, instead of rolling around in the mud with jobsworths.
I want his family to know this, because I have no doubt his writing and his teaching took him away from them often.
More than anything he taught me that a real hero shouldn't have a nemesis. To really be human one must transcend petty embodiments and target the abstract and reactionary injustices of the world wherever and in whomever they are found.
He showed me that I wasn't alone, and that crucially my new allies were people all over the world of different lived experiences. They might be young or old, of a dizzying array of genders, or skin tones, and that we would change things by what we write: be it code or legal precedents. I will miss his irascible nature, his childish jokes, and his mature discussions. I have his books, and his writing, and a community brought together by him (even now).
I am very sorry you have lost him so suddenly, but I am grateful you lent him to the rest of us from time to time. It didn't just change my life, it changed me as a person. I know I'm not the only one, and this book will help you see what he did when he wasn't with you.
-- Eireann Leverett
Ross was an icon for me even before coming to Cambridge. His incredible wisdom made it all the way to the middle of nowhere in Cornwall, and it was an honour to get to meet him once I arrived. He was incredibly humble, endlessly interesting entertaining, and an inspiration to all. I still remember his insightful chats from many years ago, leading me towards the world of security research. I found it surreal to be supervised by such an incredible mind and caring soul for my master and I am eternally grateful to him for inspiring my PhD research, which is going to define my whole career. I am sure the immense impact he had on my life is a tiny faction of the change he has made in the world, and we are all better off having had Ross in our lives.
I will always remember our spontaneous chats, his canning persona, and the endless kindness he had for all. May he rest in peace.
-- Ivy Turk
Very early on in my academic life, I heard that doing interdisciplinary research is fascinating, but being an interdisciplinary researcher is very hard. Experts from different fields can often work together, but you rarely meet a single researcher who is knowledgeable in many. Ross was one of those pioneers who invented the field of economics of security out of his own curiosity and passion. He was a role model, a brilliant academic, a humble human, and someone whose example I aspire to follow.
-- Konstantinos Ioannidis
Ross and I knew each other for over thirty years, both professionally and socially. We had numerous productive (and amusing!) collaborations and conversations during that time. For instance, we each played our roles in the first Crypto Wars, fighting for privacy and authentication through public key cryptography and resisting, rather successfully it seemed, the imposition of government-imposed backdoors. The news of Ross's death came as a great shock to me, not least because he was only a few months older than I. My sympathies go out to all who knew him and, most of all, to Shireen.
-- Paul Leyland
Dear Shireen, please accept my sincere condolences on your loss. The best thing that ever happened to me was being a student of Ross from 2004 to 2007. Besides being a supervisor, Ross had also been my mentor and a dear friend for the past 20 years. I am forever grateful for his teaching and guidance, which I'll cherish and pass on to my students so his memory will live on.
We all miss him dearly. May his soul rest in peace. My thoughts are with you at this time of sorrow.
-- Feng Hao
Dear Shireen,
Please accept my sincere condolences on your loss. Ross was a great research collaborator & friend, who I will miss enormously but will remember fondly.
-- Simon Moore
Ross was one of the people that I had heard of before coming to Cambridge. I found him quite intimidating at first -- after all he had decades of experience in the field and I was a young master's student still trying to find my way. His feedback could be brutally honest and he wouldn't sugarcoat how he felt about things he disagreed with. However, as I got to know him more I realised how committed he was to helping out his students and was always willing to answer questions and share his endless knowledge. I am really glad that I was able to take his course and later on work in the same group and talk to him over lunch or just spontaneously in the corridor. He always found a way to fill any moment of silence with the most unexpected stories and entertaining tales on topics he was passionate about -- sometimes all you need was a single well-chosen keyword to get him to talk for ages. It is hard to imagine the security group without him. We will all miss him very much.
-- Anna Talas
Dear Shireen,
I am very sorry for the recent loss of your dear husband. He was a great tutor for me and behaved with me almost like a father. He helped me from the first day I came in contact with him and then continuously afterwards, contributing fundamentally to my staying in Cambridge to pursue my PhD. I also remember the great picnic at your very nice house and garden (around 2013-2014), which both myself and my wife enjoyed very much.
We keep Ross in our prayers and wish you peace and comfort in these difficult days. If I may help in any way, please let me know. Ross helped me in more ways than I can describe.
Yours with much love and gratitude,
-- Marios
Ross is the main reason I wound up at Cambridge. He was authentic and one of a kind. I expect I'll never meet anyone else like him and I'm so grateful for the time we had together. What I will remember most about Ross is the amazing amount of empathy he had for people, especially those who have been overlooked or underserved. Amongst his many qualities, this one left an indelible impression that I will always keep with me.
-- Bill Marino (first year PhD, supervised by Ross)
One of the many times that Ross fascinated us with his comprehensive knowledge about cultures and countries, he mentioned the word 'Kateb' (scribe, professional copyist) and its history. It has been an absolute honour to have known him as my academic grandfather (PhD supervisor of my supervisor). He and Shireen always said that I am too old to be their grandchild :) My heart and thoughts are with his family and friends. Best.
-- Maryam Mehrnezhad
Ross was one of the most important members of faculty who inspired me during my four years at Cambridge. I have continued to follow his work with deep interest in the years since I moved into industry, and regularly invoke arguments and ideas discussed in seminars with him a decade ago. His dry wit and humour were endearing, and often belied his deep academic curiosity, his profound understanding of the human condition, and his ability to make unexpected connections between disciplines where others have not. I admire his courage and tenacity shown through his uncompromising ability to challenge vested interests that found his work - and his student's - inconvenient to them. He built communities, stimulated conversations and stood up for what he felt was morally correct.
When Ross spoke, I listened, and on those occasions that he complimented my work, I did not take that for granted. He has had a profound impact on my academic and professional career, and I regret that l was not able to pursue his offer of a PhD at the time. The world lost a great champion and defender far too soon. Please accept my sincere thoughts and condolences for your loss.
-- Matthew Huxtable (MEng. St John's College. 2011)
This is sad news. I met Ross for the first time at Cambridge in 2008. His magnum opus "Security Engineering" had been published a few months earlier. I knew some of his articles.
But what really impressed me when we met was his energy and his desire to make a difference in the world. Security was not a purely academic topic for him. It was his tool to make the world a safer place.
He stood up for the victims of cybercrime, fought against injustice and feared no opponent, whether from government or industry.
The WEIS conference series, which he co-founded, was for me the most influential series of events ever. It is the place for people who wanted to understand why security works or doesn't work in the real world.
The last time I met him was at WEIS 2023 in Geneva. He was making plans for his retirement and still had so much to do. Things that can no longer be done by him. But we should not forget that he educated and inspired a whole generation of security engineers who are now working in research, academia and industry. He was the giant.
To Ross's family, I extend my deepest condolences. We will miss Ross very much.
-- Boris Hemkemeier
Ross always looked out for the little person and championed the marginalised. He taught me how important it is to be kind and inclusive in the practice of computer science. I'll miss him.
-- Anil Madhavapeddy
Thanks for being a great colleague, you will be missed.
-- Andreas Vlachos
Fondly remembered; sorely missed.
-- Tom and Dorothy Berson. Palo Alto, CA
Professor Anderson was a giant of the field. Yet he often took the time to drop me a note of appreciation when he liked something I published. It meant a lot to me, especially as a junior scholar. I corresponded with him just last week. This is a complete shock. RIP Ross
-- Arvind Narayanan
Incredibly talented, I learnt the most from Ross important facts for my craft in security.
-- Haroon
Ross was an incredibly generous mentor who alloyed clear insights with kindness and civic sense. He was a formidable force and will be fondly remembered by many.
-- Nik Sultana
Ross was definitive. Security research wasn't something he did, it was something he was. I can't imagine working in a world without Ross in it. I'm so terribly sorry for how you must be feeling right now. Grace & peace.
-- Helen Oliver
I only got to know Ross since I started my PhD in October 2023, but he was such a charming person. He was passionate in what he does and he always believed in his students. In casual chats and meetings, when the topic turns into something he is interested in, his face would just light up, eyes beaming. Those were some of my favourite moments with him.
-- Raymond Wang
It was a true pleasure, unbelievable experience and great fun to be the first postdoc working with Ross from 1996. And a great bond ever since... I shall remain extremely thankful all my life!
-- Vashek Matyas
Ross was such a special person, he always had time for a chat, telling stories of his travels and generally putting the world to rights. Ross will be sorely missed, and my condolences to you and your family whom I know he was so proud of.
-- Carol x Finance.
Dear Shireen, I want to express my deepest condolences. I came to Cambridge largely because of Ross and since then, have benefited from his wisdom and invaluable advice. Words cannot express how much I appreciate this privilege of meeting him, and how incredibly saddened to hear his passing. He will truly be missed.
-- Jessica Man
Ross had a genuine concern for the poor and the marginalized. I have known him since 2002 and have always received his generous support. He kindly agreed to participate in the Capability Approach manifesto, and as recent as February 2024, agreed to kindly support on another work. Like many around the world, I owe him a large part of my learning. Ross will remain to information security what Amartya Sen is to economics. He influenced the field in many ways to make security work for everyone. Will miss his wit, humour, formidable intellect and guidance always. May his soul rest in peace. God give Shireen and his children the strength to bear with this void.
-- Partha Das Chowdhury. University of Bristol
I first met Ross probably in 2003. Even though we didn't have much interacting opportunities, I got known his personality through writing a short proposal to Gates. He is a really unique and pleasant person. I will remember him in my heart for a long time...
-- Eiko Yoneki
Ross was fantastic in coupling expertise, sincerity and generosity. I was always super happy to see him around.
-- Pietro Liò
When great trees fall, rocks on distant hills shudder, lions hunker down in tall grasses, and even elephants lumber after safety. Although I had a brief period with Ross, which were mostly interesting discussions on the lunch table, I was simply fascinated by his curiosity and could forever listen to his thoughts. Ross has been an inspiration for me and many more in the security research community.
Thank you for everything Ross and for awakening the child in me. You will be remembered forever.
-- Shreyas Srinivasa
Dear Ross.
I was really lucky to have had the opportunity of doing my PhD under your supervision. It was the most exciting four years as you guided me through the vast field of computer security, for which I'll be forever grateful. It's a great loss to this world that we no longer have a kind mentor and respected scholar, but your legacy will live on to inspire future generations of security researchers. Rest in Peace.
-- Rubin
I was lucky enough to work with Ross when I first arrived in Cambridge and again over the past few years as our research interactable again. He always brought new perspectives, energy, and enthusiasm to our meetings and of course, had a great sense of humour too. He was inspiring and a big part of what makes the Lab the Lab. My sincerest condolences,
-- Robert Mullins
Ross has been such a stimulating colleague throughout the 25 years I have been in this department, inviting me to join his team from the week I arrived. He has shaped the discipline in a way that very few have done. Beyond his huge contributions to research and teaching, the good cases he championed so energetically, have changed the world. We have lost someone unique and irreplaceable.
-- Alan Blackwell
Our thoughts are with you,
-- Dieter & Jutta
From making me welcome in his group, parties Shireen regularly organised, wit and ability to identify the core of any problem, to understanding that the future is in applying security to other fields of science and fusing it with economics, psychology, law, etc, and his steady fight for protecting our privacy... neither should one forget his "Scottish" views on life and occasional grumpiness -- all that part of him being a huge character. I will always remember.
-- Dan Cvrcek
Ross was always willing to take the time to listen to new ideas ... and offer advice ... "you should talk to.." He was a great storyteller and I will fondly remember tales of music making and security one day while we tried to convince the government of a point. I'll miss him. My deepest condolences to Shireen, his family & friends.
-- Zygmunt Lozinski
Dear Shireen,
I am deeply saddened by Ross's passing. To me, he was a great mentor, a caring elder, and a close friend.
Being admitted as his student was the most fortunate event for me. In the months before I arrived in the UK, from visa processing to accommodation and other life matters. Ross actively offered me help and advice. Upon my arrival, he cared about my living and study situation all the time; we together explored and decided on research plans. Although we knew each other for a shorter time compared to his other students and colleagues, Ross was the closest person to me in the UK.
I am deeply grateful for his belief in my potential and his willingness to guide me. His erudition and rich experience were key factors in my decision to pursue a PhD here. I will always remember our first dinner at the High Table in Churchill College.
His visits to Edinburgh were not frequent, but we corresponded by email almost daily, and we met during the online meetings on Mondays, Wednesdays, and Fridays. At the University of Edinburgh, Ross was one of the most respected professors, benefiting both faculty and students from the interactions with him. His guidance, wisdom, and kindness have profoundly impacted my life and the lives of many others.
Please accept my heartfelt condolences during this difficult time. I am grateful for the opportunity to have been a part of his academic journey. I will always miss him.
With deepest sympathy.
-- Lawrence Piao
Shireen, Ross, thank you very much for your friendship. We spent such a wonderful time in your garden outside on Windsor Street. Far from home, this place felt like an island of calm. We will cherish these memories in our hearts. Thank you for your support in difficult times, for your kindness and warmth.
Ross, thank you for the opportunity, humour, and patience. For walking around Cambridge, for talking about everything from handmade bagpipes to robo-noses. For honesty and openness to everything - from people from other cultures to creepy pike caviar. We will miss you, looking forward to our next time in the garden.
With love,-- Dasha and Ilia
Ross will be terribly missed. Not just for his research contributions, extraordinary though those are, but because he really cared about what was going on in the Department, the University and the wider world.
-- Ann Copestake
Ross was an inspiration, and he will be sorely missed. He opened our eyes and changed the way we think, not just about computer security, but about the ways that people relate to each other and what it means to achieve things that have lasting meaning in this field, a meaning that goes beyond code, grants, and citation counts. I aspire to inspire students in my classrooms half as much as he did for me.
-- Jonathan Anderson
Ross was brilliant; this is a well-known fact. But to me, more than anything else, he was a model of bravery and integrity. Even when I couldn't see eye to eye with him, I looked up to him. He will always be a guiding influence and an example that I can only hope to emulate. Thank you, Ross.
-- Mansoor Ahmed-Rengers
I expect Ross is already offering advice to St Paul on how to secure the key of the Kingdom. Rest in peace. Rise in glory.
-- Andy Pitts
We overlapped as undergraduates at Trinity, back in the day. There are tales to tell! So many great conversations that actually led somewhere!
-- Jon Crowcroft
Dear Shireen,
I was deeply saddened to hear of your loss. Please accept my heartfelt condolences on the passing of your loved one. Ross was not just a colleague, but a beacon of inspiration for all of us who had the privilege of knowing him. His wisdom and guidance left a mark on our lives, enriching us in ways we can never fully express.
Ross had a remarkable ability to touch the lives of those around him, offering invaluable advice and unwavering support. His impact reached far beyond the confines of our workplace, extending into the hearts and minds of everyone he encountered. His legacy of kindness, generosity, and compassion will forever be cherished by all who were fortunate enough to know him.
I feel honoured and blessed to have had the opportunity to call Ross a mentor. He will always hold a special place in my heart. His legacy will continue to inspire us all.
During this difficult time, please know that my thoughts and prayers are with you and your family.
With deepest sympathy,
-- Maria Bada
Dear Shireen,
I am so sorry for your loss.
I first met Ross at a dinner at Trinity in the early 90s. He kindly listened to my waffle and explained his fascinating research in terms a layman could understand.
I then had the great pleasure of working with him in my capacity as administrator for over 24 years. Ross was always fair and wise, and full of understated wit. We will all miss him terribly.
Kind regards to you and to your family of whom Ross spoke with great pride.
-- Lise Gough
I will always remember Ross as he poked his head into the visitor's office where I have frequently sat while at the Computer Lab. He'd pop by with an interesting idea, or better yet, a hard question. Ross was someone who both had strong opinions, who could listen and appreciate the opinions of others, and my conversations with him were one of the high points of my visits to the Computer Lab. I will feel his loss most keenly when I look out the open door of the office and realize that that flow of ideas and questions are now at an end.
The loss of Ross Anderson is the definition of one we lost too soon. I will miss our casual chats at the Cambridge Computer Lab, which were always a highlight of my visits. Rest in Peace.
-- George Neville-Neil
When I first met Ross, I was very much afraid to approach him. His immense depth of knowledge and candidness left me starstruck. But over time, I learnt of his other side. He was passionate about righting the wrongs, a wonderful storyteller, and up for occasional mischief. He will be greatly missed, but his legacy will live on.
-- Tina Marjanov
I am devastated beyond words. Ross has been a substantial part of my life. From years before I came to Cambridge, I was spellbound by his work in the late 90s. I still use his work to show the best examples of 'how it is done' to students and colleagues. Ross passed young, but his writings will live with us forever. He was a prolific writer, taking after his supervisor. Even in 2023, he wrote 23 papers, a very active researcher indeed. Indeed it is a huge loss to the field and the end of an era. I am so sorry for your loss Shireen, coming as it does within a few years of your mother's passing. It is also our collective loss and a huge personal loss to me. Coming to terms with it will be challenging for us all. The best way for me is to reflect his academic values in supervising the next generation of PhD and post-doctoral colleagues.
-- Shishir Nagaraja
Ross leaves a lasting legacy, having led a life of service to privacy and security which will be celebrated. But, he will be sorely missed and the Cybercrime Centre will not be the same; not having his insights and tenacity will leave us, and the academic community, the poorer for it.
-- Yanna Papadodimitraki
Ross was a wonderful colleague and a visionary researcher, but I remember him most for his fights for justice for 'little people' caught up in cybercrime and similar fights with authority. Rest in peace. Ross.
-- Alan Mycroft
I first met Ross during my MPhil interview -- at first I was very nervous to talk with someone that was important in the field, but he was friendly and was willing to listen. Ross was a great colleague and mentor, providing new insights and striving to push research in new directions. From the interview to throughout my PhD, he loved to discuss and debate ideas, and I admired both his breadth and depth of knowledge across the field, which made for fascinating discussions. He was always welcoming regardless of academic status, would kindly host potluck dinners for his lab group to create a friendly community, and would always take time to listen and learn from others. He will be greatly missed.
-- Jack Hughes
This morning, I felt so sad when I received the profoundly saddening news of the passing of Prof. Ross Anderson. Ross was a visionary leader in the security and privacy community. Ross and I have known each other for over 25 years. Whenever I had new ideas, Ross was always the one I liked to first share with. He always came back to me with some insightful opinions and suggestions. To me, Ross was more than a friend, a colleague, and (virtually) a mentor. I have used his book for my class at Iowa State University since 2003.
Last summer, when I visited Cambridge, Ross gave me his 3rd edition book as a gift and signed his name on the book. Please help me extend my sincerest condolences to Ross' family and friends. Let us keep Ross and his family in our thoughts and prayers during these difficult times.
May Ross' soul find eternal peace.
-- Yong Guan
Dear Shireen.
We're terribly sorry for your loss. Ross was an exceptional person and mentor, whose remarkable character touched us profoundly. Michael and I will miss him dearly. We just want to say we are here for you, whether you need someone to talk to, or anything else. Please accept our condolences.
With sympathy,
-- Michael and Gilberto
I am so sorry for your loss, Shireen. Both you and Ross had been so welcoming whenever I was invited over. That really made a difference during my time at Cambridge. Honestly, if it wasn't for Ross and Alice, I would not have been at my current career path. Ross always had the best ideas and talked about any topic.
He will be greatly missed.
-- Yi Ting Chua
In reflecting on the memories I have of Ross, it's the seemingly small gestures that stand out for me. While they may appear insignificant to some, especially in the context of his career, these moments were deeply meaningful for me and left a mark.
One memory that resonates with me is the day Ross welcomed me into his office for a catch-up, showed me how to play the wooden Go game in his office, and gifted me a book. Ross also always accepted a spontaneous high-five from me in the corridors of the Computer Lab -- a simple gesture that bridged the gap between our respective positions. His inclusive nature extended beyond formal settings, as evidenced by his generous invitations to both professional and personal gatherings long after I left academia, where his warmth and camaraderie were ever-present.
Memories such as these may seem like small things in the context of the great things he has achieved, but to me, they are the essence of Ross's inclusive spirit and generosity of heart. They serve as a reminder of the profound impact one individual can have through individual acts of kindness.
-- Jeunese Payne
I had just been talking to Ross Anderson a few days before I got the shocking news from a friend in Cambridge about him passing away unexpectedly. I could hardly believe it. Ross and I had been discussing a guest lecture I gave for his computer security course at the University of Edinburgh. He was his usual ebullient self, full of life, energy and passion. He spent a lot of time over email and Zoom to help me prepare and properly pitch the lecture. I am sure it would have been a lot less effort for him to just give the lecture himself, but he cared deeply about giving the students the best possible education, so for him a lecture about silicon level security from someone in industry was an important part of the students' education. He told me he was especially keen to impress upon the students the guest lecturer was a fellow Scotsman. Ross and I both come from Glasgow.
This level of passion, drive and "giving a damn" typified how Ross approached the many things he cared about in life, including playing the bagpipes. I took the photograph above on 14 March 2009 and I recall just how good the bagpipes sounded when played masterfully with great skill. Few of the songs that night were traditional Scottish tunes, most were pop songs amazingly transliterated to the bagpipes and they sounded wonderful.
I first came across the intellectual juggernaut Ross Anderson in a professional capacity, along with Saar Drimer, in Cambridge to discuss the security flaws in the chip and pin credit card system (Chip and PIN is Broken). However, we quickly bonded and became friends, due to a mutual interest in food, drink, music, technology and a similar "Glasweigan" perspective on the world.
I was surprised he would give the likes of me the time of day to talk deeply about silicon technology, security, banking, and the social aspects of security at a high bit-rate that I could hardly keep up with. I quickly realized that he was not a man of airs and graces, and treated everyone he encountered as equals. I very much admire and respect that quality. He could be fiery and intense, brutally direct and blunt, and loud and emphatic. He was that way because he cared.
As a broadly educated man he had the capability to intersect technology with economics and how people behave to understand the weak points and failings of technology. A phenomenally important role he played was holding to account the world of finance when it wrongly accused customers of giving away their PIN numbers, when they were actually stolen with "man in the middle" attacks from handheld chip and pin readers. The fact that he had worked in banking before he moved to academia no doubt greatly strengthened his hand.
The UK Post Office IT scandal reminds us how the big and powerful continue to cover up their failings by wrongly blaming innocent individuals. Big corporations entirely control the development and deployment of machine learning technology which will increasingly make inscrutable judgments about our lives, and us. Politics and government is attempting to make some inroads to try regulate AI. However, the world needs many more Ross Andersons in academic positions where they have the platform to speak truth to power, and fight for the ordinary person, to stamp out injustice, and fight for what is right and decent.
This is a picture of the last time I saw Ross in person, in January 2024 at Fin Boys restaurant in Cambridge, here shown with our mutual friend Sanjay. Anyone that knew Ross understood the depth of love and commitment he had to his family. Beyond that, he was a galus friend.
-- Satnam Singh (see more)
Dear Shireen,
Ross has long been a source of deep personal inspiration for me. He taught innumerable lessons in research, publishing, and technical skills, but more importantly, he taught through example how to set and achieve lofty goals, how to ask the important questions, and how to redefine any system -- technical or human -- to make it better. Ross was honest; he did not sugarcoat feedback, and for that his students are stronger and better prepared for the "real" world. Underneath this, though, it was always abundantly clear how much Ross cared about his students, their interests, and helping them to achieve their dreams.
Ross was one-of-a-kind. He was able to balance so many different activities with grace and seemed to know something significant about everything. Ross could talk with anyone. Ross made and published significant discoveries, and taught a non-trivial portion of the population either directly or through the knowledge in his books.
For my part, I'm nearly to the end of a PhD enabled by Ross, and I wish that I could thank him for everything that he's done for me. I offer my condolences and wish the best for you and your family in this painful time. This has been such a deep loss personally, professionally, and scientifically for so many people, and I believe that I can safely say that myself and all of Ross's former students are here if you need anything.
-- Nicholas Boucher
I may be the most junior person here to speak about Ross. As one of the last students advised by him, I may not have known him for as long as some of you have. Our connection began over four years ago when he, along with two other professors, interviewed me for a research assistant position at Cambridge. When I started my PhD on cybercrime with Alice in early 2022, I was fortunate to have him as my advisor, and since then, we have worked closely together.
Ross was the first person to take me for a walk around the building and outside on a sunny day when I arrived in Cambridge. We discussed various topics, and my initial impression was that he knew everything while I knew nothing. Indeed, he knows things very well. We had around six months together before COVID-19 disrupted our social contact, after which I had to return to my home country for over 1.5 years.
I was forced to return to the UK in late September 2020 to renew my visa. At that time, I was staying in a room far from the lab, and restrictions prevented me from going outside. Ross kindly came to help me collect and scan all necessary documents, not just once, but twice. When I expressed concern about the risk of infection and suggested waiting until after my self-quarantine to renew my visa, he reassured me: "Don't risk the visa, though. I can handle hazardous materials. Look, I pick up dog poo every time I take the dogs for a walk. I can't imagine that your passport is more hazardous!". I deeply appreciate his care for me, and I'm certain he cared deeply for others too.
The next time I met him in person was in late 2022 when I returned to Cambridge as restrictions were lifted. I started my PhD soon after, and since then, as we worked closer together, I could much better feel his endless energy. I admire him not only for his vast contributions to science in many ways, his enthusiasm, and his inspiration - as others have mentioned - but also for how he treated students and colleagues. For me personally, he always found opportunities to push me forward and introduced me to those he thought could help. He encouraged me to attend SHB this year and connected me with his former student in Singapore for an invited talk. He intended to connect me with some others too, but sadly never got the chance.
Ross also cared about my family as much as he cared about me. In mid-2023, my uncle was diagnosed with craniopharyngioma, and once Ross learnt about it, he tried everything he could to connect me with the best surgeons in Cambridge and India. Unfortunately, my uncle didn't get to travel, but Ross's help meant so much to me and my family. He was very generous, always spending his time and patience correcting my mistakes, not only in research but also in my English. He often told me, "Your English is broken," but the good thing was that he also explained why it was wrong and how it should be corrected. He gave me compliments when I did good work, even just small ones, and that encouraged me very much. I really felt reassured having him by my side.
The last major thing we did together was moving his bookshelf to the new office as Cambridge forced him to retire. He of course did not like that. When I saw him carrying things around, I offered my help, and he accepted. It took us a few weekends to sort everything out. He told me he had been in the old office for almost 30 years and would miss it. He hoped he could stay in the new office for another 20 years. I wished the same. He showed me a card his mom and dad gave him long ago when he was a kid, and with his great smile, I knew he cherished it very much. I always wanted to have a picture with him when I graduated, and I promised to give him a copy of my PhD thesis later this year. Sadly, I will never have that chance.
Our last interaction was just before he passed away. I looked inside his office and saw him editing his webpage to make all the chapters of his book available for free. He had always wanted to do it, but copyright restrictions had prevented him until now. He also mentioned he might write a new edition when he had time, which I was eagerly anticipating. Later, he knocked on my door - as he always did to say goodbye before heading back home when we were both working late in the lab - and told me he would be in Edinburgh for a few days and would see me after Easter. Sadly, it was the last time I saw his smile.
I know nature is cruel, and that death is a part of life's beauty, but it has been incredibly heartbreaking to lose him so early and so suddenly. He passed away close to Good Friday, and I believe he has now risen to heaven with God. His life was very well-lived, and his vast contributions will never be forgotten by many generations of students, colleagues, and friends.
And yes, he had a strong passion for folk music. Here are some (rare) videos of him playing the bagpipe, recorded by me around one year before his passing. I miss that.
-- Anh V. Vu
Ross Anderson died unexpectedly in his sleep last Thursday, leaving a large group of us devastated. He was one of those unforgettable people - fabulously erudite, generous with his knowledge and friendship, fiercely independent, and fearless. He had a kind of flinty integrity that was wholly admirable, which meant that he was often a thorn in the side of university, governmental and academic establishments, who discovered that he was no pushover.
He was a Fellow of the Royal Society and a recipient of the British Computer Society's Ada Lovelace Medal. He was a world authority on computer security, cybercrime and cryptography. He was Professor of Security Engineering at Cambridge, and leaves behind a remarkable cohort of PhD students who were lucky enough to have him as a supervisor.
Many people found him formidable and indeed sometimes forbidding. He didn't do small talk. And yet when you were lucky enough to get to know him (as I was) he was great company. He and I used to walk round the '800' Wood near Cambridge with his two lovely dogs, deep in conversation about the sordid ingenuity of cyber-criminals, the short-sightedness of academic administrators, the intrusiveness of national security agencies, as well as about Celtic folk music of which he knew a lot. (He was a piper and shared my interest in Uileann piping.)
I learned such a lot from those conversations. Ross changed the way I looked at computing, and alerted me to the political economy of the technology which has shaped my thinking ever since. He always spoke his mind - which is why when an email from him would arrive at 8am on Sunday mornings I knew that he had read my Observer column and had something to say about it, and accordingly braced myself before reading further.
The last time I saw him was a few weeks ago, when we both snuck into a talk given by Matt Clifford (who has become Rishi Sunak's go-to man on "AI Safety"). He had been invited by a student group, and Ross and I were the only two grizzled veterans in the room. Before Clifford embarked on his boosterish talk, I got out my pen to take notes, and then noticed that Ross had opened his MacBook. So I put my pen away. He always took the most detailed and accurate notes of any event he attended, and I knew that if I needed to check something later about Clifford's performance, Ross's record would provide the evidence I needed.
Ross was furious about Cambridge University's remorseless determination to force academics to retire at 67, and he had been mounting a campaign against the policy. At 5pm on the day he died, he had an email conversation with one of his colleagues, Jon Crowcroft, about the possibility of harnessing generative AI to add spice to the campaign. Ross sent Jon a link to a song he had just prompted suno.ai to create.
As Jon observed afterwards, it could almost serve as an obituary.
Ross's death marks the passing of the last of the five computer scientists who made Cambridge such a pioneering centre of research in the field - Maurice Wilkes, Roger Needham, David Wheeler, Karen Sparck Jones and Ross.
May he rest in peace. We were lucky to have known him.
Frank Stajano, one of Ross's colleagues in the Computer Lab, has written a lovely tribute to him in the blog that Ross and his colleagues have been running since 2006.
-- John Naughton (see more)
RIP Ross J. Anderson, who died on March 28, at 67 and leaves behind a smoking giant crater in the fields of security engineering and digital rights activism. For the former, he was a professor of security engineering at Cambridge University and Edinburgh University, a Fellow of the Royal Society, and a recipient of the BCS Lovelace medal. His giant textbook Security Engineering is a classic. In digital rights activism, he founded the Foundation for Information Policy Research (see also tenth anniversary and 15th anniversary) and the UK Crypto mailing list, and, understanding that the important technology laws were being made at the EU level, he pushed for the formation of European Digital Rights to act as an umbrella organization for the national digital rights organizations springing up in many countries. He also was one of the pioneers in security economics, and founded the annual Workshop on the Economics of Information Security, convening on April 8 for the 23rd time.
One reason Anderson was so effective in the area of digital rights is that he had the ability to look forward and see the next challenge while it was still forming. Even more important, he had an extraordinary ability to explain complex concepts in an understandable manner. You can experience this for yourself at the YouTube channel where he posted a series of lectures on security engineering or by reading any of the massive list of papers available at his home page.
He had a passionate and deep-seated sense of injustice. In the 1980s and 1990s, when customers complained about phantom ATM withdrawals and the banks tried to claim their software was infallible, he not only conducted a detailed study but adopted fraud in payment systems as an ongoing research interest.
He was a crucial figure in the fight over encryption policy, opposing key escrow in the 1990s and "lawful access" in the 2020s, for the same reasons: the laws of mathematics say that there is no such thing as a hole only good guys can exploit. His name is on many key research papers in this area.
In the days since his death, numerous former students and activists have come forward with stories of his generosity and wit, his eternal curiosity to learn new things, and the breadth and depth of his knowledge. And also: the forthright manner that made him cantankerous.
I think I first encountered Ross at the 1990s Scrambling for Safety events organized by Privacy International. He was slow to trust journalists, shall we say, and it was ten years before I felt he'd accepted me. The turning point was a conference where we both arrived at the lunch counter at the same time. I happened to be out of cash, and he bought me a sandwich.
Privately, in those early days I sometimes referred to him as the "mad cryptographer" because interviews with him often led to what seemed like off-the-wall digressions. One such led to an improbable story about the US Embassy in Moscow being targeted with microwaves in an attempt at espionage. This, I found later, was true. Still, I felt best not to quote it in the interests of getting people to listen to what he was saying about crypto policy.
My favorite Ross memory, though, is this: one night shortly before Christmas maybe ten years ago - by this time we were friends - when I interviewed him over Skype for yet another piece. It was late in Britain, and I'm not sure he was fully sober. Before he would talk about security, knowing of my interest in folk music, he insisted on playing several tunes on the Scottish chamber pipes. He played well. Pipe music was another of his consuming interests, and he brought to it as much intensity and scholarship as he did to all his other passions.
Ross J. Anderson, b. September 15, 1956, d. March 28, 2024.
-- Wendy M. Grossman (see more)
Devastating to hear this. Ross corresponded regularly and was tremendously encouraging. He made me feel like there was somebody else out there who understood the gravity of the work we do.
Ross has been one of the precious few who understood my thoughts about civic cybersecurity and how true national security is an ordinary daily attitude. That every grandmother and schoolchild deserves basic digital security, privacy and autonomy in their online life. That it is all our responsibilities to step up to the task that Apple, Google, Microsoft and our governments cannot handle alone unless we lead the way.
My cybersecurity courses and indeed my own security thinking have been profoundly shaped by his work. The idea of "Security Engineering" as a serious, measurable, reproducible discipline lay in his hands.
Ross was never anything but generous with his time and honest with his opinions.
His open publishing stance (to have complete copies of his older texts online, which he skilfully negotiated with Wiley. is an example to all academics.
His work leading the Cambridge team in doing interesting, socially relevant security work in a world of so many dry, inaccessible papers on cryptography and protocols was a refreshing beacon of light.
We planned to meet in Edinburgh one day and share some good single malts. I feel lost at this news. Sincere wishes to all Ross's family.
-- Dr. Andy Farnell
As a close personal friend of Ross and a fellow Computer person, I know he would like everything you have said about himself and his huge contribution to Computer Science. Both the positive and negative comments would make him smile, He knew and we often discussed late in to the night over a glass of red wine or two, his and others work, always interesting and always on point. He was especially pleased if something he had written or commented on made someone else react. His view was 'well there talking about it now!' My favourite moments were when he'd ask me over to stay and we'd sit late into the night discussing anything and everything. I miss you already old friend.
I spent the afternoon yesterday (Wednesday) with Shireen and the whole family, joining us was Robert Brady another life long friend. Shireen and their daughter Bavani obviously upset were the epitome of grace and calmness as one would expect from such a wonderful family. Ross would have been very proud of them!
My love and thoughts tonight are with his wife Shireen, his daughter Bavani and his grandchildren.
-- Mark Foster
I saw the sad news yesterday, via Alec Muffett that Ross Anderson had passed, which is an enormous loss the the IT security community (and the industry more widely).
I didn't know Ross very well, so the obituary from his friend and colleague Prof Bill Buchanan OBE provides a much better summary of his work and impact. What follows are just a few personal reflections.
Ross did a great deal to shape my work and my career path, and I'm thankful that I got to meet him a few times along the way. I've previously described 'Security Engineering' as "the bible of infosec", and through that work Ross was impacting the world I worked in before I ever heard his name.
I got to meet Ross for the first time at one of his Workshops on the Economics of Information Security (WEIS). That series of workshops came about from Ross's prodigious talent for picking up different lenses to look at the world of security through – in this case the lens of economics, leading to his seminal paper 'Why Information Security is Hard – An Economic Perspective'. My first encounter with Ross was a little prickly, as he had a huge distrust of banks, and by extension the people who worked for them; but I kept going back to WEIS, and over time our conversations became more collegiate*. My favourite memory of him was after WEIS 2010 in Cambridge MA where he invited anybody hanging around to join him for dinner, bringing together a wonderful slice of the community to talk shop over giant sushi boats. I wish I had a photo, as the happy relaxed Ross that evening was Ross at his best.
Through WEIS I got to know folk like Allan Friedman and Tyler Moore who are leading efforts to make us all more secure.
A few years back I found myself meeting a CISO for the first time and spotting a copy of Security Engineering on his bookshelf. I knew we'd get along just fine.
I'd hoped to see Ross again, and maybe chat to him about the Horizon scandal. I'd have also wanted him by my side as an expert witness if I ever got entangled in any legal trouble to do with computers. He'll be sorely missed; though it's a sign of the quality of his leadership that there are so many people that will continue his great work.
RIP Ross.
* After a conversation with Ross and Hal Varian about side channel attacks I recall thinking of an attack against pre-emptive execution in CPUs (like Meltdown or Spectre) which I dismissed at the time thinking the geniuses at Intel and Arm would have everything under control. Never assume – verify.
-- Chris Swan
WHEN A CRYPTOGRAPHER PASSED AWAY
When a cryptographer passes away, one feels an inscrutable sense of disorientation, a loss that only the memory of him might soothe; yet, you realize that nothing in his absence can decipher that state of the soul which, we mortals, call nostalgia.
When a cryptographer dies, you reflect on our diminished capacity to solve existential riddles, puzzles that only a mathematician as an artist could have dared to desire to unravel.
Upon the death of a cryptographer, it becomes apparent that the world has lost a piece of the broader mosaic in which each one of us strives to fit, and you understand that he, perhaps, was on the verge of grasping how the mosaic and the piece are equivalent.
But, at the metaphor's end, we all now know that if the cryptographer dies, it is for three days, and then he rises again, ready to solve the secret paths that lead to enlightenment.
In memory of Ross John Anderson, who passed away on March 28, 2024.
-- Roberto Garavaglia
I'm not sure he knew it, but Professor Ross Anderson was a huge inspiration and source of knowledge when starting Volemic.
I still can't believe that he died suddenly on 28 March at his home in Cambridge.
Ross Anderson was a brilliant teacher of generations of computer scientists at Cambridge University, the author of the standard textbook on security engineering and a fierce intellect and advocate for security and privacy.
As Rory Cellan-Jones tweeted over the Easter weekend: "Ross Anderson was a mischievous, brilliant giant in the field of cybersecurity and privacy - until I met him I'd assumed he was in his 30s. Such a loss.."
In the words of another journalist and friend, Wendy M Grossman:
"Ross J. Anderson…leaves behind a smoking giant crater in the fields of security engineering and digital rights activism. For the former, he was a professor of security engineering at Cambridge University and Edinburgh University, a Fellow of the Royal Society, and a recipient of the BCS Lovelace medal. His giant textbook Security Engineering is a classic. In digital rights activism, he founded the Foundation for Information Policy Research and the UK Crypto mailing list, and, understanding that the important technology laws were being made at the EU level, he pushed for the formation of European Digital Rights to act as an umbrella organization for the national digital rights organizations springing up in many countries. He also was one of the pioneers in security economics, and founded the annual Workshop on the Economics of Information Security..."
His loss leaves a void for his family and friends and for everyone who cares about privacy and security.
-- Angus James Allen
Ross Anderson left us
My friend and colleague Louis Labelle just told me the news: Anderson died on March 28th.
The first time I heard about him was when I started working on a financial chip card project (to this day, the best project and the best team I contributed to...). Anderson was the annoying gadfly that kept finding security holes in the security protocols. As all goads, he kept us moving forward by pointing improvement possibilities.
I remembered him while doing my PhD thesis, and his publications became my rabbit holes. People who've done advanced studies will know what I mean: you find authors that open doors to new areas, you get fascinated and get distracted from your original goal. You have to focus back to your plan, but these authors are so driven, they can't be put aside.
Anderson was one of those authors.
He will be sorely missed.
-- Yvan Beaulieu
It was very sad to hear of Ross Anderson's death. Many of us lost not only a colleague but also a friend. Ross was not someone you'd immediately connect with, but once you got to know him, you'd discover he was a man with a big heart. I will always remember you at those parties you were organizing at home inviting all the students of the Security Group at the Computer Lab. Thank you for all the things you taught us. My deepest condolences to his family.
-- Bruno Crispo
I'm sad to hear that Ross Anderson has passed away. In 2005-2006, I had the privilege, as a grad student, to visit Cambridge and work with Ross and members of his lab.
Ross was always deeply insightful and no BS. In the last email he and I exchanged, he was encouraging me to pick my battles, and said with his characteristic wit: "If I were to kick every asshole I meet I'd have died in jail long ago."
RIP Ross, and my deepest condolences to his friends and family.
-- Ben Adida
That is sad news for the security community. I have only just read that Ross Anderson, an inspiring author and security expert, has passed away. I read his book, Security Engineering, many years ago and often referred to it. I found it to be an excellent resource when starting out in Security Engineering. It's no surprise that I still say it's a must-read book for anyone interested in the field.
We lost a prominent community member, but his legacy will live on. Prof Bill Buchanan has expressed our loss beautifully in a fitting blog post. You can read his tribute to Ross Anderson here.
Rest in peace, Ross Anderson.
-- Steven L.
This is incredibly sad news. Prof Ross Anderson had a formidable brain & fierce integrity.
He could sometimes give us in the security services a difficult time, but that's because he cared, & really knew his stuff. And he knew how to disagree well.
A life very well lived
-- Ciaran Martin
Very sorry to hear that Professor Ross Anderson passed away last night. Aside from his (numerous) contributions to Information Security, he was a mentor to and advocate for many researchers in the field. He will be sadly missed but leaves behind a strong legacy.
-- Steven Murdoch
I am deeply saddened by Ross's passing. To me, he was a great mentor, a caring elder, and a close friend.
Being admitted as his student was the most fortunate event for me. In the months before I arrived in the UK, from visa processing to accommodation and other life matters, Ross actively offered me help and advice. Upon my arrival, he cared my living and study situation all the time, we together explored and decided on research plans. Although we knew each other for a shorter time compared to his other students and colleagues, Ross was the closest person to me in the UK.
I am deeply grateful for his belief in my potential and his willingness to guide me. His erudition and rich experience were key factors in my decision to pursue a PhD here. I will always remember our first dinner at the High Table in Churchill College.
His visits to Edinburgh were not frequent, but we corresponded by email almost daily, and we met during the online meetings on Mondays, Wednesdays, and Fridays. At the University of Edinburgh, Ross was one of the most respected professors, benefiting both faculty and students from the interactions with him. His guidance, wisdom, and kindness have profoundly impacted my life and the lives of many others.
Please accept my heartfelt condolences during this difficult time. I am grateful for the opportunity to have been a part of his academic journey. I will always miss him. With deepest sympathy,
-- Lawrence Piao
Ross was far more. He had a pivotal role in preserving the unique position of Cambridge as "The Devils Flamethrower", where falsehood is exposed and academic freedom and intellectual property rights are preserved and not brought to heel by the University "authorities".
"The Devils Flamethrower" was the title of a small piece he wrote for the TES on what made Cambridge unique as a University. It is now, ironically, behind a pay wall.
Luckily his longer "Alternative History of Cambridge" is not.
I will include links to both in comments below. I will also look up my review/reply when I could not resist listing some of the spies and spymasters produced by Cambridge as similar seekers after truth and exposers of falsehood.
Our last exchanges were during Covid. He helped me with the introductions produce an authoritative (with references) private political brief on why the plans to use blue tooth (via well known ranges of smart phone) to aid track and trace would produce so many erroneous contacts as to be worse than useless.
Whatever our "public differences" he was always very helpful in private when it came to teasing out the best way forward when the lobbyists on neither side knew what they were talking about and those briefing them had no wish for the realities to be discussed in public.
-- Philip Virgo
I was so sad to hear the news about Ross. Having worked with him to complete research grant applications he was a joy to work with and made the process very easy. Please accept my condolences to you and the whole family.
-- Tanya Hall - Finance Office at CST
Ross was one of a kind, a larger-than-life character who will be greatly missed in the lab and the wider academic community. Never afraid to speak the truth and hold those in authority to account. Sincere condolences to his family, friends, and colleagues.
-- Ian Wassell
I met Ross back in 2011, and ever since then, we had a relationship of what I might call robust exchange -- which I've always valued very highly. He's given me so much space to talk about my research, a true believer in interdisciplinary work. I'm very grateful for all the discussions over the years, as I'm sure many, many others are. What a loss.
-- Lydia Wilson
Ross taught me since my first year in Cambridge, back when I matriculated in 2018. Since his first lecture on SSE he has been one of the most inspirational people in my life. Ross and his PhD student Ilia set my life path via their invaluable help with my first academic paper in my 3rd year of undergrad. I was fortunate to be then supervised by Ross for the first 5 terms of my PhD. In any conversations with people, I have had nothing but the highest praise for Ross as both an academic and as a person. His legacy will continue to live on through his contributions to the fields he was involved in and through the dozens of students he supervised and the hundreds he taught. I consider myself very fortunate to count as one of them.
-- David Khachaturov
Thank you for helping me grow and for providing the best and nurturing environment in which to learn. I will always be grateful for your continuous support and encouragement. You are a true inspiration.
-- Hridoy Sankar Dutta
I wasn't lucky enough to have more than occasional dealings with Ross. But each left me smarter -- and, perhaps more important, wiser. UKCrypto was indeed a marvel, and Ross (along with Casper, Ian and so many others) made the world appreciably better than how he found it. RIP, pal. You were a star.
-- Jeremy Scott-Joynt
We miss him deeply, yet he will remain an inspiration to countless individuals. He exemplified an admirable set of values and principles treating others with respect, dignity and as his equal. As a FIPR volunteer I felt apprehensive at approaching him at first, but Ross's humility put me at ease. He prioritised collective progress over personal ego, focusing on what's important and ahead of us.
-- @Des
Ross, thanks for being such a great teacher, one of the rare ones who taught so many of us how to think and be constructively critical, while achieving scientific and technical excellence. But above all, thanks for your friendship and support through all those years! You'll be dearly remembered.
-- Jean-Alain (only friends close to my family call me by my second first name. which says a lot) Fournier.
In 2002, he invited me (with all expenses paid and a nice stipend) to deliver a lecture, "The Electronic Voting Enigma -- Hard Problems in Computer Science" at the University of Cambridge. This was back when explaining the many ways that electronic voting systems could (and still can) be rigged to alter election outcomes, did not automatically identify one as a conspiracy theorist. (Instead, the word "Luddite" was often used.) During my visit, Ross arranged for a private meeting in London where we spoke with members of the U.K. Cabinet. We also had a special tour of the Houses of Parliament, which I will never forget. As a long-time Professor of Security Engineering, he was well-ahead of most in raising the red flag on a broad range of technology issues that continue to be problematic. His voice and tireless advocacy on these subjects will indeed be missed.
-- Rebecca Mercuri
I could not believe my eyes when I saw the sad news that Ross Anderson had passed away yesterday. This is a great loss of the cyber security community. I believe many will agree with me that Ross is one of the greatest cyber security researchers, educators and influncers in the UK and worldwide.
I exchanged emails with him in mid Jan regarding using some of his reports for my updated teaching materials on Online Safety Act 2023 and planned to contact him again in the next weeks for something else. I still remember his invited talk for ICICS 2022 very well, when he planned to come to Kent but had to switch to an online talk. Like many of his other talks, the ICICS 2022 talk was very insightful and well received.
May his soul rest in peace!
-- Shujun Li
Very sad that Ross Anderson has died unexpectedly in his sleep. He is a hero of cybersecurity and technology policy. I am in absolute awe of how much he got done not only as an academic but as an organiser and a true, unpaid (beyond his professorial salary) servant of the public, answering every relevant call for expertise. He is deservedly the most cited person on Google Scholar for Technology Policy.
I'm sure others who know more about his work and him more personally will write better posts. But I just want to say how much I admire him and his work and to share a picture I took the one time I visited him in his office at Cambridge, in 2018.
-- Joanna Bryson
He had a huge influence on me and my thinking as a grad student, and was one of the creators of the security economics field. I'll also remember him for, after a few drinks, working hard to convince impressionable young scholars about the importance of the Scottish enlightenment, and the superiority of Cambridge to Oxford.
-- Allan Friedman
He attended one of our seminars at Oxford of the research group I was part of. I was too dumbstruck to say anything, being in the presence of such intelligence and wit. No, he did not convince me that Cambridge was better, though. May he rest in peace!
-- Debora Weber-Wulff
Dear Shireen. Deepest condolences on the passing of Ross. He was an inspiration -- not just for his students and colleagues but the many people who had the chance to chat with him. Personally, I will remember Ross of course for the papers and the lectures, but also for the birthday parties, bagpipes, banking stories, conferences and his service to the communities -- security, privacy, and security economics amongst others. But most importantly it was the sober and principled analysis of the topic in question whatever it might be and the unwavering sharp and to the point verdict. He will be very much missed.
-- Andrei Serjantov (Computer Lab 1996-1999 and 2000-2004)
When I didn't know what I was doing or what box I fit into, Ross showed me how to use a new way of thinking to do something useful, interesting, and worthwhile. The way so many of his students, colleagues, and passers-long approach the world was shaped by his example and encouragement. I will be forever grateful.
-- Jovan Powar
A huge loss to his family, his friends, students, and colleagues, and to the community. I've known Ross since before he finished his PhD (under Rodger Needham, who was also taken from us too soon).
I'm just stunned. I'm still having trouble processing that he's gone.
-- Matt Blaze
I always loved hanging with Ross at Cambridge (in all of the various campus instantiations). Probably the most fun was being unruly in the Fellows lunchroom. He had a very fun spritely streak that I am glad to have experienced.
-- Gary McGraw
We mourn the loss of security researcher Ross Anderson. His contribution to information security and digital privacy was significant. His book Security Engineering is a cornerstone for everyone diving into the complex world of digital security. Ross taught at the University of Cambridge and Edinburgh University. He was a very prolific writer and published insights into the technological aspects of information security. He will be missed.
-- René Pfeiffer
Very sad to read this. A man of great wisdom. My thoughts are with his family and friends.
-- Mark Knight
Very sorry to hear the sad news and loss of Ross Anderson. Met Ross many times to discuss the security shortcomings of design decisions of the past, the challenges of today and emerging concepts in security we need to address in the future. He was a pioneer in security and a titan amongst peers with a dedication and wit to match.
-- Gilbert Verdian
Ross and I were good friends for many years. We had many fascinating interactions, both professional and light-hearted. E.g., we were once both reduced to giggles when presenting our designs for a swimming pool where the water surface was at 45º to the horizontal.
-- Paul Leyland
Ross was a significant, if understated influence on our encryption advocacy work over recent years. His defence of secure systems that protect confidentiality was factual and balanced. I will remember him as intellectually rigorous, principled, and above all, humane.
-- Robin Wilton
Ross Anderson coauthored my 1st publication on work that eventually evolved into my PhD thesis (on secure routing in decentralized networks). I was a theorist, he brought pragmatism to the subject from deep experience.
Still influences my worldview 20 years later. Rest in peace.
-- Chris Lesniewski
No!!! Can't believe it! So sudden! Deeply sad! He was a gem, learned tons of things from him. His legacy will stay with us! Rest in peace and light!
-- Derya Karli
Ross was a legend. The academic and hacker communities have suffered a tremendous loss here. His name will carry on into eternity.
-- Meredith L. Patterson
Oh no, I hope he rests in peace. I read many of his ideas which led me to choose a career at the intersection of cryptography and economics. Thank you for everything.
-- Abhimanyu Nag
I have met Ross for the first time at FSE 1999 (in Rome). And a few other times over the years. Ross had a deep understanding of security - not just the technological aspects of it, but also the societal aspects of it, which back then was not a common approach.
-- Orr Dunkelman
A sad loss. Security Engineering is one of the best and most readable technical books I've ever encountered, and was very formative in my understanding of computers. Pick up a copy and read it in his memory.
-- Tiarnán de Burca
So sad hearing this. Ross was an incredibly useful source because he would tell you fiercely and immediately when you were wrong. He was the person who helped me understand the DeepMind/Royal Free story, by walking me through the Information Sharing Agreement
-- Hal Hodson
That's a tragedy. A really exceptional man and we lived on the same staircase as undergraduates in Cambridge and then my office in the Computer Lab was 3 doors from his.
-- Stephen Allott
Very sad to read of the passing of Ross, who I had come to know recently through Churchill college, where he had been a very active SCR member. A very distinguished academic at the cutting edge of data security, he is succeded by the countless numbers that he educated.
-- Will Watson
This is such sad news. RIP Ross. We didn't always agree but I hugely respected your intellect and what you did for the community. Gone but never forgotten. Your work will be your legacy
-- Wendy Hall
I'm so sad that we've lost Ross. He was so supportive and helpful when I co-founded the Open Rights Group, and never minded when I asked him stupid questions. He was a titan in the digital rights and security world, and he will be hugely missed.
-- Suw Charman-Anderson
We will miss you - your tireless pursuit of a better digital world with privacy and security, your critical voice, your sound contributions. You were a great teacher and role model for students throughout the world! Thank you for taking your time to teach us.
-- Janni
This is a shock! Ross's influence is very far reaching, certainly on my career for one. He will be very sadly missed.
-- Craig Heath
A life dedicated to his passion. He will be sorely missed. Rest in peace Professor Anderson.
-- Fabio Cerullo
It's hard to think of the right words to say because I feel I was still getting to know Ross, but like so many others I felt it was a great privilege to have him as a colleague. He was so generous with his time with me, and his ideas are so important for the future of machine learning and Al. It's a massive loss as a colleague but also as a community. He leaves an extraordinary legacy. I'd like to thank Shireen for sharing him so generously with us.
-- Neil Lawrence
Thank you for all the memories. You made the security group a welcoming place, and there was always something new and fascinating we could hear from you, whether about technology, policy, history, or just life in general. You made sure we understood that not all problems are technical, a lesson that changed how I think about the world. May you rest in peace.
-- Dimitrije Erdeljan
Sad to hear of the passing of Ross Anderson. For a lowly undergrad attending his security courses, the first few lectures seemed almost deliberately obtuse. Those that stuck around though were treated to stories of international espionage, incredible hardware hacks such as reading CRT displays through brick walls, and a cutting disdain for the overconfidence of governments and corporations in their technology twenty years ahead of its time.
RIP Professor, keep fighting the good fight.
-- Dan Borthwick
I was absolutely shocked yesterday to find out that Prof Ross Anderson died on Thursday.
He was a brilliant man, a pioneer in cybersecurity and had a strong sense of justice. And from personal experience, he had a lot of patience when explaining complex technical jargon.
RIP
-- Oliver Price
Very sad to hear of Ross Anderson's passing yesterday. The industry only moves forward when pushed, and few pushed harder than Ross.
I had the honour of being a reviewer on the third edition of his book, and to have the benefit of his professional input for over twenty years. If you ever thought you knew anything, Ross could definitely make you reconsider.
Despite the longer daylight hours the world is a little darker today. We are only lucky that Ross has left such a lasting impression that his legacy will endure.
-- Jon Geater
I was a student at the computer laboratory from 2015-2016 and had the pleasure of studying under Ross during my time there. I found him to be a brilliant and inspiring figure, and was deeply saddened when I read he passed away at the end of last month.
-- Kieran Dower
It's in large part because of Ross's advocacy and research that the security community now takes for granted that systems designers should think about the human outcomes of security. He changed the way people thought about security to the point where young researchers today (like myself) see it as almost obvious that we should remember usability, economic factors, etc. He gave so much and asked for very little, and he will be much missed personally and professionally.
-- Jenny Blessing
I remember Ross as a pillar of the department. While I have not had a chance to interact with him much, he was always kind and supportive while at the same time showing how to challenge the status quo and established ideas. He will be greatly missed!
-- Cecilia Mascolo
Dear Shireen, I am shocked and saddened by this terrible news. Ross was a truly wonderful human being. He was very principled and treated everybody the same. I cannot imagine what you and your family are going through. Sending you my deepest condolences.
-- Jo de Bono
Although my contact with Dr. Anderson was only limited to the classroom, his passion for teaching and diligence to accountability was clear. I feel immensely pleased to have been taught by him. I appreciated how his eyes lit up when he realised you understood a point in class. He is dearly missed and I know his legacy and impact is highly cherished. Kind regards,
-- Quincy Taylor
The time I spent under your guidance was not just about academic learning: it also shaped my perspective on life itself. I owe so much of my growth to you and will always be indebted for your support and mentorship. Rest in peace. Regards,
-- Shailendra Fuloria
Ross was always a colourful presence in our conversations in the lab; he will be missed.
-- Jon Woodruff
Ross was one of the first to welcome me to Cambridge, sitting opposite me for matriculation back in 2015! Since then, he has been wonderful company at many a Churchill formal and seemed an immutable fact of Cambridge. He will be sorely missed.
-- Peter Rugg
Dear Shireen, please accept my sincere condolences on the passing of my esteemed colleague. Ross was not only world-renowned for his exceptional contributions but also a font of knowledge on anything and everything. We will dearly miss him. I am grateful for the positive impact he had on all our lives.
-- S. Keshav
I only knew of Ross through his publications, but greatly appreciated the work he did to bring the topic of Computer Security into the public domain. His wider activity as a fearless expert in the field shone a bright light on concerns which many would have preferred not to be known about - and were again of great interest to the likes of me trying to maintain an awareness of the issues that affect important aspects of our lives.
I have seen several accolades written by those who knew him personally, and this adds to the sense of loss. He leaves a great legacy, and I hope others will be inspired by his life and work.
My condolences to his family, friends, and colleagues.
-- SCP
Ross also provided a lot of his work for free. Which is incredibly generous, as his work is excellent. It's through the distribution and sharing of ideas that we learn, and this only happens due to the hard work of champions of academic freedom. There are few among us.
There is no freedom without knowledge. It is the essential tool with which we overcome fear and misunderstanding. With understanding we learn to avoid repeating catastrophic mistakes.
Cambridge Computer Laboratory and the people who have worked at Cambridge have contributed an enormous amount to many subjects, efforts which have often been crucial for important issues. Freedom of communication, government overreach, chat control and backdoors…
Without people like Ross Anderson such knowledge remains locked up and inaccessible.
-- ResearcherZero
As a professional with only tangential conections to the security world (20 odd years ago), his work and unexpected insights pulled me closer and closer. It started to be more like a philosophic aproach to the enderstanding of various incredibly complex systems and I enjoyed it tremendously (still do).
R.I.P Mr. Andersson.
-- Anonymous
I was in the room when Ross was summoned outside and served civil papers that halted in the nick of time his presentation regarding the Millenium Digital Copyrights Act. Let us not forget his self assured sense of independence and liberty and his brilliant, side splitting sense of humor. For example, as demonstrated in his short speech when he returned to the podium still holding his latest book displayed full frontal in front of his heart, as he had just done while the press shot pictures of him being served the papers and asked him questions after.
What a guy. I still use to great effect a few quips he made during our brief conversations during a riverboat ride at that conference.
-- Steve Russelle
So sad to hear this. I had just ordered the latest edition of his Security Engineering book. Read lots of his security rated papers and I was once a student of his Security Economics program on EDx. We lost a great mind way too soon. May his soul rest in peace.
-- Amakiri
I met Ross once, some 30 years ago, at a business meeting for editors of a set of journals, so I can't claim to have known him well. But I still remember that his presence in the room was electric, and the breadth of his knowledge and his natural authority were striking. One of those people whose presence stays with you for a long time.
Condolences to his family, friends and colleagues.
-- Robin
This is so sad. We should remember one other thing about which Ross was passionate: playing the bagpipes. He told me that he played pipes in pubs to make money in college, and the nice thing about being a piper is that there were no other members of the band with whom you had to split the money. I remember sitting in his yard listening to him play a small set of pipes at the end of the day. As with anything else, he was very scholarly about piping–he corrected the music historian at the BL about the attribution of one piece because the tune contained a note too low for the pipes played by that piper to sound. He was a man of many talents. We will miss him greatly.
-- David Clark
Hearing it was a shock, in part because Ross was only a little older than many on this blog.
In part because Ross was an individual who was dynamically alive. Not just curious about all around but determined to find out not just why, but where things were destined, and where appropriate warn.
He will be missed not just by the people that knew him, and knew of him through his work and influence, but also by those that he would in his gentle way have helped.
As always it's difficult to describe in a few words what a person ment not just to yourself, but others. In Ross's case this is made all the harder because of his nature, his kindness and his desire to lift others up.
There is a belief in some Native American and other belief systems that you live on in others thoughts and memories.
So, Ross, may your spirit carry on to invigorate and teach others both in knowledge, capabilities and honesty of behaviour and purpose. And may others come to know you long into the future.
-- Clive Robinson
Our paths occasionally crossed, mostly by "electronic means" as has been the way society has turned these past three decades.
Ross had a passion for the well being of people against those that would seek to do them harm. Thus had a very real interest in their privacy and security in the changing face of society and economics the technology brought.
From memory our first direct contact was back in the early 1990's over the use of RF to force free running logic circuits to become synchronised (injection locking). Thus opening a doorway to other attacks on the likes of Smart Cards.
As part of it I pointed out that the use of RF was a two way street, not only injecting signals in but also for pulling them out (which I'd demo'd on pocket gambling machines and electronic wallets). Back then the general assumption was "TEMPEST" was sufficient and if it did not radiate then it was secure. As PC's were mainly steel boxes with few cables entering or leaving thus approximated faraday shields many thought they were secure.
This was not true as I'd found by independent research that by "illuminating a current carrying conductor" you could get it's waveform to be carried away by an RF carrier a considerable distance.
As I mentioned to Ross back then the keyboard cable was the easiest cable to attack with RF. It also had the advantage of being at "the users fingertips" input interface. Thus was an especially useful attack vector as it would reveal passwords and other secrets (a fact not lost on later developers of hardware "key-loggers").
Ross was kind enough to put me in contact with another researcher in Belgium who was investigating injecting pulses of energy into chips via "pico-probe" coils.
Ross had a reputation amongst some of possessing "a sharp tongue" and both a wry and dry sense of humour. The latter I saw pop out from time to time but the sharpness of tongue only on those really deserving of rather more due to the injustices they inflicted on others.
Like many others I always found Ross to be approachable and gentlemanly in a way seldom seen these days, and he would often go out of his way to not just help but inspire people a rare quality the world could do with a lot more of.
Less well known is Ross had an interest in music and actively researched it. So for Ross, Highland Cathedral played by "The Phantom Piper". In memoriam Ross, rest in peace.
-- Clive Robinson
Sound the pibroch loud and high. We lost Ross Anderson yesterday. He was many things: security researcher, teacher, cryptographer, blogger, Cambridge professor, consultant, conference organiser, FRS, FREng, campaigner and piper.
If you want to understand cybersecurity, there is no better way to start than by reading Ross' book: "Security Engineering". Typically for Ross, chapters are freely available on Ross' home page at the Cambridge Computer Lab. Or by watching the Security Engineering lecturers he recorded with Sam Ainsworth (Edinburgh University) and uploaded to YouTube.
Ross showed us the importance of thinking clearly about security. Not the hype, but the engineering.
He was always willing to listen to new ideas, consider them fairly and to share his insights. When I started thinking about the implications of Post Quantum Cryptography it was Ross that told me to think about compliance, audit and cyber-insurance in large enterprises.
Ross' legacy is in the students he taught, the PhDs he supervised and the people he inspired. I will miss him.
-- Zygmunt Lozinski
Ross Anderson did so much for awareness and understanding of practical security challenges, and ways to respond to them. I learned so much from Security Engineering, and have greatest respect for his insights. One of the Best. His death has left a void.
-- Ouch
A great loss.
But he was inspirational for many, and I hope that inspiration kindles more enthusiastic, brilliant, opinionated, articulate, (curmudgeonly), and kind people who can stand on the shoulders of this giant and make the (security) world a better place.
He set an example that is difficult to exceed. I wish every good fortune to those who can, and will.
While his academic work speaks for itself, I hope others will take up the cause of the ‘little people' being steamrollered by large organisations. His work as an expert witness for people suffering financial loss due to the poor processes of financial institutions affected many lives in a positive way. He was very angry at people's mistreatment.
His family can be proud of what he achieved.
-- Cassandra
I'm deeply sorry to hear this. Anderson was a major force for good in our world.
-- John Beattie
As well as being a "security person", Ross was a secure person. By that I mean, regardless his status, he had time for others. For minor professors from backwater universities and their students. Sometimes I sent students his way with something I didn't quite get, and they'd come excitedly into the next lecture saying "Hey, Ross replied me!", and we'd go through it together.
If I felt intrusive, as if wasting his bandwidth with my ideas, he'd reply in depth, warmly and humorously, validating, suggesting further research, encouraging.
We enjoyed talking about clear communication and writing, about the least words to say something, about publishers, and about the failings of academia as a place for security research.
Only later did Ross twig who I was in previous life in sound physics and we were able to briefly touch on a love of music.
It's said that the definition of a gentleman is someone who knows how to play the bagpipes but chooses not to. Ross Anderson disproved that, as a piper and a gentleman.
-- The Cyber|Show
My deepest condolences to you and everyone whose life he touched. He not only possessed a brilliant mind, but the even rarer ability to clearly explain his insights.
-- William
I met Ross when I was the security reporter for a computer trade weekly. He was unfailing in his patience with me, always ready with a quotable comment, and most importantly, respectful of my deadlines. He was rare indeed. The world seems a little darker without him in it. To his family, I am sorry for your loss. He is irreplaceable.
-- Ian Grant
That's tragic news and hard to believe, as I received a typical "what's going on in…" email from him just a few days before, asking about the ongoing smart metering fiasco.
Ross was such an inspiration and this is a great loss. I hope that his pioneering spirit has been passed on to the generations of students he taught. I think everyone who met him learnt something. We need to honour his memory by applying those principles.
-- Nick Hunn
Professor Ross Was one of my teachers at the Computer Lab. I had frequent emails with him even years after I left the lab. His strong desire for security really put it even more into me.
Once in class we were discussing vulnerabilities in vehicles, this was about 4 years ago. He asked "whats the worst attack one could do", he got super annoyed that we didnt have a good answer, banged his hand on the table, full-red faced shouted "No, the worst attack is to remote compromise the cars, lock all the doors, increase the heat, put them drive and kill everyone". Well, he was right, that was the worst attack. You could see from his face he was dissappointed his students did not realise, maybe he felt bad of his teaching, but his teaching was phenomenal.
It is really a sad day, the world has lost one of the worlds best security professors ever. He will be dearly missed.
He taught me the tricks he used to get people in power to listen, advice id never forget.
-- Anonymous
Ross gave a 80-minute interview to Elisabetta Mori of Archives of IT on March 12, 2024, two weeks before Ross passed away. He talked about his childhood, becoming interested in math and later security, his consulting career, and later how he decided to seek a PhD.
Ross was very generous and welcoming to me and my research. It didn't matter that he was a one of the most accomplished people in security—he was open to new people and ideas in security. And he was a gracious host for the Security and Human Behavior workshop. I'll always remember punting with Ross on the River Cam.
-- Tony Vance
Prof Ross had a truly brilliant mind and a big heart. My exchanges with Prof Ross ranged from having picked up a small discrepancy in his masterpiece Security Engineering (I was later chuffed to learn that I was the first of two people that had), to incorporating his amazing lectures in some of my own course design and delivery, to chats about the Crypto Wars, among some other topics. All too brief now. Prof Ross was a giant of the security world, who leaves it a better place. My thoughts are with Prof Ross' family. Truly one-of-a-kind.
-- Ben
Today I was reviewing the articles either authored or co-authored by Ross related to AI, LLMs and ML. Following that I was just reviewing the comments that Ross had made about being forced to retire from Cambridge, aged 67, in 2023.
Then I decided to visit the Schneier on Security site to gather more insight about the AI hype that seems to be gripping everyone. I am gob-smacked to learn that one of my all time favorite security gurus has passed.
Hard to fathom such a loss for this old Phart of 88 years. I guess there is truth to that old saying "the good die young". A devastating loss indeed.
Mere words cannot convey the sorrow to learn of this loss and then to try to offer condolences to his family, close friends and colleagues. R.I.P. and the heavens have inherited a very fine mind.
-- John Glover
While I usually don't like praising the deceased as if they would have been flawless saints, Anderson was among the greatest, the security and crypto scene has ever had. His textbook "Security Engineering" is a pure stroke of genius, simple but still deeply profound. This is a giant loss for all of civilized mankind, a loss that can't be mourned enough. Very, very, very sad.
-- John Doe
I am very sad to hear this. I implemented the Tiger hash in .NET almost 20 years ago. Brought it up to date two years ago: https://github.com/jslicer/Aesop.Tiger . We had a great conversation about it in 2005. My condolences for the loss of your close friend and colleague.
-- Jesse Slicer
I feel for the loss and the solidarity and the resonance.
-- Still Not ForgettING
Even amidst the high standards at Cambridge, Ross stood out as a towering intellect. Sharp mind. Blunt speech. Great bagpiper. If you were with Ross, you knew there'd be a story.
Our thoughts are with you, Shireen.
-- Matthew Agarwala
Very shocked and saddened by this news. Perhaps not everyone knows that Ross had a very keen interest in psychology too. We talked frequently about the application of inoculation to information security. Such a brilliant interdisciplinary colleague. He will be deeply missed.
-- Sander van der Linden
Security Engineering was - I think - my second ever purchase from a still burgeoning online book store named after a famous big forest. July 2001. One of those rare items you get disproportionately excited about receiving. Like a kid lusting after a toy for months finally waking up on Xmas day. Over the next few weeks poring over it, studying ever page and following numerous references, a kid hacker turned into an adult proud to now call a contentious hobby an 'engineering profession' and with a much, much broader perspective on the subject.
He's left a huge legacy. I'm sure I'll be stumbling upon his papers and enjoying them for decades to come. My condolences to his family, and all who knew him personally.
-- Blazde
Ross was really special - he gave no quarter to politicians or PR journos whose arguments and defences were filled with "special pleadings". All of us in the security community are going to miss him and his generosity with ideas. He could truly inspire great insights. One of his greatest gifts was in how he negotiated with Wiley, his publishers, so that his book Security Engineering is not locked away in a copyright ghetto. Instead earlier editions are available to freely download and the current edition has a limited life as a premium publication. His lectures contained infectious humour. I commend to everyone his fifteen lecture series which he made available during lockdown to everyone who was interested in these topics via the web.
-- Alistair Kelman
Had the pleasure of chatting with him over coffee at a security conference several years ago. Very knowledgeable and we hit it off, especially discussing security surrounding medical records and issues therein. A real gentleman.
-- Terrence Bayrock
I first noted his work when he first talked about Palladium/Next-Generation Secure Computing Base, which is not-so-slowly finding it's way into mainstream computing devices. He predicted what we are seeing now with locked boot loaders and the ability of manufacturers to prevent 'unauthorized' software running on a system years before it actually started happening. Considering he was only a few years older than I am now, it makes me think both of how little I've achieved in comparison, and of my own mortality.
-- Peter Gathercole
RIP Prof Ross Anderson, my dear academic grandfather. For your brilliant work on citizens' security and privacy, thank you! What a legacy left behind by a true legend! We will miss you.
-- Maryam Mehrnezhad
I cannot believe this. Rest in peace Ross. I'll always remember the advice and the kindness support that he gave to me and my family in Cambridge. My most sincere condolences to all family and friends.
-- Sergio Pastrana
Prof. Ross Anderson was a great mentor to me. He was more than a giant in s&p. His deep passion and curiosity about humanity and human history deeply encouraged me. "We felt so ethereal as if we were ascending into heaven and becoming winged immortal." Ross will be remembered.
-- Jingjie Li
I have just seen this very sad news. I had only a handful of - always memorable - interactions with Ross, at Churchill College events. He was quick, witty & kind. A great defender of academic freedoms. He will be missed in Cambridge & beyond. My condolences to his family and friends.
-- Paul DW Kirk
Very sad to read of the passing of Ross, who I had come to know recently through Churchill college, where he had been a very active SCR member. A very distinguished academic at the cutting edge of data security, he is succeded by the countless numbers that he educated.
-- Will Watson
This is very sad news. One of the giants of our industry and on his shoulders many stand. His books on Security Engineering are always my go to guides. May he rest in peace and my condolences to his family, friends, and colleagues
-- Brian Honan
RIP Ross Anderson - a pioneer in security and privacy research, and pretty much the first to not only recognise the importance of both economics and human behaviour in security, but to then do something about it. He will be sadly missed.
-- Adam Joinson
Such an important figure in UK and EU debates on encryption and surveillance for decades; and a very supportive teacher and colleague to so many, including me. RIP Ross
-- Ian Brown
Huge loss. Wonderful man
-- Pamela Samuelson
So sad. I can recall discussions about security back when we were both undergrads at Cambridge. He will be missed.
-- Philip Gladstone
Ross was a giant in his field and a truly kind man. Huge loss.
-- J. Alex Halderman
An absolute inspiration. Foundational. Deeply, deeply missed.
-- Joss Wright
As a student of both economics and technology, I found Ross Anderson to be one of the true thought leaders. I'm saddened to hear about his passing.
-- Rob Wiest
I've known Ross since the 1980s when we did an encrypted email project called Ciphernet. I've spent many happy hours being inspired by lectures and conferences he organised. He will be sorely missed.
-- Keith Lockstone
I met Ross in 1995 at an OMG meeting in Cambridge. I was immediately impressed by the clarity of this thinking and the elegance of this writing.
We have lost one of the best.
-- Tom Van Vleck
It's a shock and a huge loss. Ross opened so many eyes through his research and writing, and was a tireless and kind mentor. My deepest condolences to his family and friends. May his memory be a blessing.
-- Peter Honeyman
Ross was the best kind of squeaky wheel. There was logic and principle behind every squeak. Also, kind, modest, and very civilized. (I really wanted to hear his bagpipe playing but never did.)
I'll miss him greatly.
-- Mark Seiden
Gosh, that's a shock! He was my age near enough. I have known Ross Anderson (though not well) since he was a contemporary of mine as a Cambridge undergraduate. This is a huge loss to the cyber-security community.
-- Kim Spence-Jones
Sad news. We corresponded decades ago on a potential project and he was kind to a naive boy with an idea and potential funding.
-- Alex Melichar
Total shock! Ross was a wonderful Churchill colleague and the best kind of lunch and coffee companion. Fullest commiserations to Shireen and family at this terrible shock.
-- Dr Christopher Catherwood
I am still trying to take it in. Ross telling me that he thought I was a good writer, is one of the best compliments I have ever received
-- alecm
A big loss -- when Ross spoke, I always took time to listen.
-- John E Dunn
Very sad devastating news… his books are a treasure. Surely a big loss . Heartfelt condolences to his family and our fraternity.
-- Seema
I'm so sorry to hear Ross has died. He was always so expert, so reliable, so willing to tell you what you needed to hear or know, and such a tremendous knowledge on encryption. A real loss.
-- Renate Samson
Incredibly sad news, I'm sorry for your loss. I had the first edition of his book in uni and have been recommending the subsequent editions to colleagues since, and they've always appreciated it.
-- Sigvat
Sad loss. I managed to engage with Ross on a few topics, including his review "the Database State", and met him a couple of times various conferences. Always clear and helpful. His work on Security Economics is, I think, really useful and a helpful counterpoint to the 'set it in concrete' approach.
-- Tim Coote
A terrible, terrible loss.
-- gabe
Sad news indeed. The world is poorer today.
-- Kim SJ
Awful, awful news. A true pioneer in security.
-- Herb Lin
Ross as a great researcher/enginner and a great guy. My respects to the family.
-- Ira Moskowitz
Dear Ross - so many quirky, lovely and downright funny memories of you.
-- Terri
I will miss the conversations about piping and the latest developments in computing on the way home from the London Northumbrian piping sessions.
-- Edric Ellis
With fond memories of many very enjoyable sessions playing our Northumbrian small pipes - such a sad loss.
-- David Somerville
A great loss, our thoughts are with his loved ones.
-- Beverley and Kendal
A great character (and Scotsman) who proudly wore his heart on his sleeve. How we will m miss his wisdom and passion.
-- Anonymous
To the memory of a great man. We miss you.
-- Anonymous
He taught me so much about so many different things and will be much missed for a long time.
-- Anonymous
Burns seems fitting. "The friend of man, the friend of truth; The friend of age, and guide of youth. Few hearts like his, with virtue warm'd; Few heads with knowledge so inform'd." Much missed.
-- Anonymous
In memory of a spirit that was perhaps best known as security conscious but who on occasion could throw security to the winds as when piping while walking up a steep stair!
-- Anonymous
A great man with a legacy that will forever span cyberspace. Grateful to have the chance to learn from, and be inspired by, him.
-- Nick P
A huge loss to so many people on so many levels, but a huge privilege to have counted Ross as a wonderful friend.
-- Liz
We sadly never met you and are sorry to have been denied that privilege.
-- Clint & Pippa Shepherd
Ross's far-reaching influence will be felt for a long time to come.
-- Craig Heath
Ross was an inspiration, and a motivation for us to both educate and fight. Trees are a wise choice for remembrance.
-- Laura
RIP Ross. You will be greatly missed.
-- Pat Walshe
A towering figure in computer security.
-- Alan Bundy
I feel fortunate to have had the opportunity to meet and work with Ross. His contributions and presence at the School are greatly missed. My deepest condolences to his loved ones.
-- Marc
Ross will be greatly missed by everyone in ICSA and well beyond. My thoughts are with his family in these difficult times.
-- Paul Patras
22+ odd years ago I emailed Ross out of the blue. At the time I was working at a small startup attempting to build mobile banking infrastructure for rural poor in South Africa and elsewhere. I was after a copy of a paper he had mentioned in a talk and Ross replied with a blunt to the point email about how hard he thought the problem domain we were trying to tackle was (along with a pointer to the paper I had asked about). I remember being slightly annoyed by the initial tone of his response, but it got me thinking - then thinking a lot more. There were some very well thought out reasons behind his arguments. I replied a few days later with a detailed list of how we were addressing his concerns along with some others he hadn't mentioned but also acknowledging the areas we needed to dig into further. I didn't really expect an answer, after all, I didn't know him, but he had got me to think hard on key problems and I wanted to acknowledge that.
We got a lot more than a simple reply. We got his focused feedback, constructive criticisms, pointers to other work he thought was relevant, general support, some key follow up conversations on the phone, followed by introductions to folks he knew in industry who he thought could help (who would have never entertained us at that stage otherwise). While the startup eventually didn't make it, many of the ideas we worked on did. Of the folks that we met through that whole adventure, Ross was one of the standouts. Yup, he was very good people indeed and will be sadly missed!
-- ptrott2017 (on Hacker News)
Ross Anderson embodied a lot of positive principles in the security community. His book on Security Engineering (2nd edition is the biggest book on my bookshelf) patiently laid out principles of good security design, and tied it to examples in the real world for designs and bugs. Releasing old editions for free was the cherry on top for making his knowledge available to others.
-- er4hn (on Hacker News)
Very sad to hear this. I remember emailing him about a newbie question I had about a topic in his Security Engineering book, and he responded very kindly with a detailed explanation that corrected my misunderstanding. Which was really lovely of him. A genius and a gentleman. Rest in peace, my condolences to all who knew and loved him.
-- criptoe (on Hacker News)
Very sad to learn of his passing. I came across his work after Bruce Schneier posted a link to a pre print of Ross's Security Engineering tome. His clarity of thought and effortless navigation through this complex landscape has been inspiring. Also discovered subsequently his fondness for traditional pipe music and that he busked in his younger years.
A great person - may others bear the light that he brought.
-- leavenotracks (on Hacker News)
Ross Anderson was indeed a giant, not just in computer science, but also in his work on the politics and ethics of the influence of computing in our lives. The world is lessened by his passing, but his work lives on in those he has inspired.
-- lambdaone (on Hacker News)
This was really sad news; his Security Engineering probably did more than any other single textbook to influence my career and making me a better engineer in the process. All the examples of bright people having made systems which turned out to be more brittle than the designers assumed really drove home the point that even 'simple' tasks are HARD.
-- lb1lf (on Hacker News)
Just met him vicariously and watched his first "Security Engineering Lecture 1" and I miss him already. He seems like a genuine soul.
-- eYrKEC2 (on Hacker News)
A huge loss, especially in the public arena, where the combination of vast expertise, academic authority, and the courage to speak truth to power is too rare. He was also a gifted communicator - both his lectures and books were not just filled with insight, but compelling to watch or read, in stark contrast to much academic work.
-- ajb (on Hacker News)
Ross Anderson embodied a lot of positive principles in the security community. His book on Security Engineering (2nd edition is the biggest book on my bookshelf) patiently laid out principles of good security design, and tied it to examples in the real world for designs and bugs. Releasing old editions for free was the cherry on top for making his knowledge available to others.
-- er4hn (on Hacker News)
I still remember an undergrad group project at Cambridge where we were in the Computing Lab discussing how we were going to build an online voting system - I said "We can worry about security later...." only to hear a deep Glaswegian brogue behind us "Oh Really?! Tell me more...." as we all turned around in horror.
-- srb24 (on Hacker News)
Very sad to learn of his passing. I came across his work after Bruce Schneier posted a link to a pre print of Ross's Security Engineering tome. His clarity of thought and effortless navigation through this complex landscape has been inspiring. Also discovered subsequently his fondness for traditional pipe music and that he busked in his younger years.
A great person - may others bear the light that he brought.
-- leavenotracks (on Hacker News)
This is very sad news and a huge loss for the computer security community. RIP.
-- rvz (on Hacker News)
Ross Anderson was a legend and his work heavily influenced my professional career. He will be missed. May he rest in peace.
-- bunnie (on Hacker News)
He was a pioneer in computer security and was essential in kickstarting the important field of security economics. So sad to hear about this.
-- als0 (on Hacker News)
The lecturer I remember most, and most fondly. Very sad news.
-- Anonymous
... and a lot more that I may have missed ...