Cipher Issue 148, March 20, 2019, Editor's Letter

Dear Readers,

The 40th Symposium on Security and Privacy will be held May 20-22 at the San Francisco Hyatt. Registration is open, and the schedule should be available Real Soon. The website lists a chair for the 40th celebration, and we suspect that the Tuesday evening reception will have some kind of festivities. There are also co-located workshops starting on Thursday of that week.

The 40th Symposium follows 9 years after the 30th Anniversay celebration of the Symposium, when it was still held in Oakland. Anniversaries use 1-based counting, meeting numbers use 0-based counting, and the difference between the two systems causes computer scientists as much angst as Daylight Savings Time.

The decade boundaries cause people to think about the history of the fields of security and privacy and to wonder about the lasting contributions. I have been mulling over a somewhat contrarian view of things: "Cybersecurity is not very important" by Andrew Odlyzko. The paper has attracted a good deal of commentary in the short time that it has been available. Perhaps cybersecurity is less a matter of science and more a matter of practicality. Maybe we should not expect research to have widespread impacts, maybe incremental progress is the best we can do. It's complicated.

"On a clear disk,
You can seek forever." P. J. Denning
In a clear text,
You can seek out Facebook,
And see all the user passwords
Outshining every star.
In a clear text,
You can read sooner or later,
All accounts and user data,
Forever and ever and ever more.

(Lerner and Lane, sorry about this)


      Hilarie Orman