Steven M. Bellovin


454 Computer Science
Mail Code 0401

Tel(212) 853-8427
Fax(212) 666-0140

Steven M. Bellovin works on security, privacy, and related legal and public policy issues.  He has focused on the role of buggy code as a leading driver of insecurity, and on ways to use cryptography to protect personal data as well as ordinary network communications.  These fields interact with governmental concerns, so he has worked with members of the executive, legislative, and judicial branches, and with the legal academy, to ensure that sound policies are adopted.

Research Interests

Usable security, secure system architecture, privacy and the law, cryptology
Of particular interest to Bellovin are solutions that are useful in the real world.  In the 1990s, he worked on firewalls as the only scalable solution to widespread buggy code.  He has worked on efficient encrypted search techniques, where the database operator can understand neither the contents of the database nor the queries, but can return the correct records.  In the legal realm, he has used technical analyses to inform the debate over things like location-tracking and how the third party doctrine can or cannot be applied to the Internet.
Bellovin received a BA from Columbia University in 1972, and an MS (1977) and PhD (1982) in computer science from the University of North Carolina at Chapel Hill.  He is a member of the National Academy of Engineering and of the National Academies’ Computer Science and Telecommunications Board.


  • Percy K. and Vida L.W. Hudson Professor of Computer Science, Columbia University, 2014-
  • Affiliate Faculty at Columbia Law School, 2018 -
  • Technology Scholar, Privacy and Civil Liberties Oversight Board, 2016
  • Chief Technologist, Federal Trade Commission, 2012-2013
  • Professor of Computer Science, Columbia University, 2005-2014
  • Adjunct Professor of Computer Science, University of Pennsylvania, 2002-2004
  • AT&T Fellow, AT&T Labs—Research, 1998-2004
  • Distinguished Member of the Technical Staff, AT&T Bell Laboratories and AT&T Labs—Research, 1987-1998
  • Member of the Technical Staff, AT&T Bell Laboratories, 1982-1987
  • Instructor, Dept. of Computer Science, University of North Carolina at Chapel Hill, 1977-1978



  • Association for Computing Machinery


  • 2016 ESORICS Outstanding Research Award
  • 2016 EFF Pioneer Award (co-winner with the other authors of the “Keys Under Doormats” paper)
  • 2015 J.D. Falk Award (co-winner with the other authors of the “Keys Under Doormats” paper)
  • 2014 Elected to the Cybersecurity Hall of Fame
  • 2006 Received the 2007 NIST/NSA National Computer Systems Security Award
  • 2001 Elected to the National Academy of Engineering
  • 1998 AT&T Fellow
  • 1995 Usenix Lifetime Achievement Award (“The Flame”), along with Tom Truscott and Jim Ellis, for our role in creating Usenet


  • Steven M. Bellovin. Thinking Security: Stopping Next Year’s Hackers. Addison-Wesley, Boston, 2016
  • Steven M. Bellovin, Matt Blaze, Susan Landau, and Stephanie Pell. It’s too complicated: How the Internet upends Katz, Smith, and electronic surveillance law. Harvard Journal of Law and Technology, 30(1):1–101, Fall 2016 

  • Harold Abelson, Ross Anderson, Steven M. Bellovin, Josh Benaloh, Matt Blaze, Whitfield Diffie, John Gilmore, Matthew Green, Susan Landau, Peter G. Neumann, Ronald L. Rivest, Jeffrey I. Schiller, Bruce Schneier, Michael A. Specter, and Daniel J. Weitzner. Keys under doormats: Mandating insecurity by requiring government access to all data and communications. Journal of Cybersecurity, 1(1), September 2015 

  • Ben A. Fisch, Binh Vo, Fernando Krell, Abishek Kumarasubramanian, Vlad Kolesnikov, Tal Malkin, and Steven M. Bellovin. Malicious-client security in Blind Seer: A scalable private DBMS. In IEEE Symposium on Security and Privacy, May 2015 

  • Steven M. Bellovin, Matt Blaze, Sandy Clark, and Susan Landau. Lawful hacking: Using existing vulnerabilities for wiretapping on the Internet. Northwestern Journal of Technology & Intellectual Property, 12(1), 2014 

  • Sebastian Zimmeck and Steven M. Bellovin. Privee: An architecture for automatically analyzing web privacy policies. In 23rd USENIX Security Symposium (USENIX Security 14), pages 1–16, San Diego, CA, August 2014. USENIX Association 

  • Vasilis Pappas, Fernando Krell, Binh Vo, Vlad Kolesnikov, Tal Malkin, Seung Geol Choi, Wesley George, Angelos Keromytis, and Steven M. Bellovin. Blind Seer: A scalable private DBMS. In IEEE Symposium on Security and Privacy, May 2014 

  • Michelle Madejski, Maritza Johnson, and Steven M. Bellovin. A study of privacy setting errors in an online social network. In Proceedings of SESOC 2012, 2012 
 William R. Cheswick and Steven M. Bellovin. Firewalls and Internet Security: Repelling the Wily Hacker. Addison-Wesley, Reading, MA, first edition, 1994 

  • Steven M. Bellovin and Michael Merritt. Encrypted key exchange: Password-based protocols secure against dictionary attacks, August 1991 

  • Steven M. Bellovin. Security problems in the TCP/IP protocol suite. Computer Communication Review, 19(2):32–48, April 1989