CLICK HERE for informal photo==>
CLICK HERE for a more formal photo==>
This Web page (www.csl.sri.com/neumann) can also be reached from the primary CSL Web site (www.csl.sri.com) by clicking on "CSL Staff" and then "Neumann". (It differs from the default CSL page.) The following sections are included here, and can be moused directly if you do not want to read linearly.
The work for my two doctoral theses (Tony Oettinger was my Harvard advisor, and Alwin Walther my Darmstadt advisor) and various subsequent papers involved variable-length Huffman-like codes and later was extended to Huffman-style information-lossless sequential coding schemes with surprisingly strong self-resynchronization properties despite arbitrary fault modes and denial-of-service attacks, even in the presence of very low or minimum redundancy as in Huffman codes. These schemes provided the possibility of highly survivable communication systems in the presence of arbitrary temporary interference. Earlier, my undergraduate thesis in mathematics (1954) involved identifying five nomographic classes of motions based on elliptic integrals, establishing canonical transformations for each of those classes, and generating tables for them (using the Harvard Mark IV).
I had two reverse sabbaticals as Visiting Mackay Lecturer, during the spring quarter of 1964 at Stanford University in Electrical Engineering, and the academic year 1970-71 at U.C. Berkeley (teaching courses in hardware, operating systems, and coding theory, and co-leading two seminar courses). I also taught a course on survivable systems and networks at the University of Maryland in the fall of 1999, half in person, half by video teleconference; the course notes are indicated below.
My first computer job was in the summer of 1953, as a programmer on the IBM Card-Programmed Calculator, for the U.S. Naval Ordnance Lab in White Oak MD, a punched-card machine with four registers and ZERO memory. (The cards provided auxiliary memory!) Among other things, I wrote a nifty recursive complex matrix-inversion routine. The three-address instruction interpretation was done in the plugboard, which represented an early assembler! My boss was Cal Elgot, who later became director of the IBM mathematics group at IBM in its very early days at the Lamb Estate, before the research effort moved to the Watson Lab in Yorktown Heights, NY.
I had ten exciting years in the Computer Science Lab at Bell Labs in Murray Hill, New Jersey (1960-70) -- including extensive involvement in Multics from 1965 to 1969. Beginning in 1965, Bob Daley (then at Project MAC at MIT) and I did the Multics file system design, which included directory hierarchies, access-control lists (ACLs), dynamic linking of symbolic names to cacheable descriptor-based addresses, and dynamically paged segments within a novel hardware-supported virtual memory concept. (It is nice to find dynamic linking again being ``rediscovered'' in Webware! Multics also had multiprogramming, multiprocessing, multiple protection domains, and other forms of multiplexing.) I had a minor role in the Multics input-output design, heavily influenced by Ken Thompson, Joe Ossanna, and Stan Dunten, with symbolic stream names (which Ken later transmogrified into Unix pipes) and device-independent I/O. After Vic Vyssotsky moved over to Whippany, I found myself the Bell Labs member of the Multics Triumvirate, coordinating with Fernando Corbató (Corby) at MIT and Charlie Clingen at Honeywell, and flying to MIT for a meeting almost every other week. There was some really beautiful innovation in Multics, and many wonderful people. For those of you who are young folks with little idea of Multics' contributions to computer history, check out Tom Van Vleck's Multicians website at www.multicians.org/, which (as of 19 Feb 2007) listed 1880 names of people who were associated with Multics! Particularly notable among those not already mentioned is Jerry Saltzer, although many others were important contributors as well.
Click here for a few selected bibliographic references and other items. A list of CSL-related .bib entries is available at the bottom of the official CSL Web site page for me .
A profile of me written by John Markoff was included in The New York Times Science Tuesday section on 30 October 2012, and is online, along with a short video clip. John also did an audio interview, but that is probably buried somewhere in the archives of The Times.
Note: John's article attributes to me the naming of Ken Thompson and Dennis Ritchie's system as `Unics' -- as a pun, an emasculated successor of Multics -- perhaps based on a sentence in Peter Salus's 1994 book, A Quarter Century of UNIX. On the other hand, Brian Kernighan recalls that he had suggested the name Unics. However, when the switch from Unics to Unix took place remained unclear to Peter Salus in 1994, and remained so to both Brian Kernighan and Doug McIlroy when I asked them in 2012. My guess is that some AT&T lawyers eventually decided that the punned name (Unics) did not reflect well on the corporate image, and insisted that it be changed it to Unix. But that's only a guess. It came a pun a midnight clear, as I started writing this paragraph around 5am on 3 Jan 2012.
Incidentally, my recollection of the first two days of what ultimately became Unics and then Unix was this: After Bell Labs bailed on Multics in 1969, Ken Thompson acquired a PDP7 that Max Mathews was no longer using. Ken came in one day for lunch having worked much of the previous night to create a roughly thousand-line one-user operating system kernel. I suggested that Ken might want to use some of the concepts we developed in Multics to extend his kernel into a multi-user system. The next morning Ken came in with another thousand lines, and had indeed done so. The rest is history. Ken has always been amazingly productive.
A 45-minute segment from the Minnesota Public Radio Daily Circuit on 27 Dec 2012, in discussion with Matt Honan (EFF) and me, considers the subject of the limitations of passwords and computer security, and is online (click on `LISTEN').
My coauthors Matt Bishop, Sean Peisert, Marv Schaefer, and I wrote a paper, Reflections on the 30th Anniversary of the IEEE Symposium on Security and Privacy, for the May 2010 proceedings of the 31st annual meeting. We regret inadvertently omitting recognition of Sushil Jajodia for the most accepted papers (in Section VII), and Gerry Popek [d] (in Section IX). The paper is of course subject to IEEE copyright, but you have my permission to use it for educational and noncommerical purposes.
I gave a keynote talk, Identity and Trust in Context, for IDtrust 2009 at NIST on 15 April 2009. The slides are online at the conference website and on my website. This talk included discussion of the importance of holistic system considerations rather than trying to deal with identity and authorization in isolation, with applications to health care, and summarized the work of Brent Waters (Attribute-Based Encryption), Carl Gunter (Attribute-Based Messaging), and Chris Peikert (Lattice-Based Cryptography).
In the early 2000s, DARPA funded thirteen projects under its Composable High-Assurance Trustworthy Systems (CHATS) program, created by Douglas Maughan. I led one of those projects (CHATS project website), in the SRI Computer Science Laboratory. The emphasis in the CHATS program was on composable trustworthy open-source operating systems. The final report, Principled Assuredly Trustworthy Composable Architectures, was completed on 28 December 2004, and is available in three forms: html, pdf, and ps. An earlier paper summarizing the project as of early 2003 appeared in the DISCEX03 proceedings: Achieving Principled Assuredly Trustworthy Composable Systems and Networks.
Incidentally, a significant effort is underway in Peter Denning's Great Principles project, which considers the importance of principles more broadly --- as common elements across system designs. I believe PJD is still in the process of writing a book on that effort.
The Provably Secure Operating System (PSOS) project began in 1973 and continued until 1983. The 1980 PSOS final report (noted in my partial reference list) has been scanned in and is online in PostScript form (over 300 pages). The report includes the system architecture and many of the basic hardware and operating system layers, plus some illustrative applications (all formal specified in the SPECIAL language of HDM, the Hierarchical Development Methodology). The Feiertag/Neumann paper summarizing the architecture as of 1979 is available in a retyped, more or less correct, hand-edited pdf form. A 2003 paper, PSOS Revisited by me and Rich Feiertag, was presented at ACSAC 2003 in Las Vegas in December 2003, as part of the Classic Papers track (which was initiated at ACSAC 2002 for the Karger-Schell paper on the Multics multilevel secure evaluation). Please read it if you are interested in capability architectures. The PSOS project continued from 1980 to 1983, supporting the Goguen-Meseguer papers and the Extended HDM effort that led to SRI's PVS system.
A 1996 report, Architectures and Formal Representations for Secure Systems, considers what formal methods can do for system security, and vice versa. It is available in PostScript form. and contains various references to earlier work, e.g., to our 1970s work on the formally specified capability-based object-oriented hierarchically-layered Provably Secure Operating System (PSOS), and the role of system structure and abstraction -- which has been a long-standing interest. A 1992 paper by Norm Proctor and me, Architectural Implications of Covert Channels from the 1992 Computer Security Conference, is available in html form. That paper develops the concept of multilevel-secure systems in which there are no end-user multilevel-secure workstations, and consequently no user-oriented covert channels. This paper is really a paper on how to build multilevel-secure systems and networks out of non-MLS end-user components and a few high-assurance trustworthy servers. It further pursues an approach begun by Rushby and Randell in their 1983 paper. The concept is also applicable to architectures of (single-level) networked systems in which trusworthiness is localized in certain critical servers. The Oracle thin-client network computer is ideally suited to such an architecture.
An extensive collection of information on our current efforts (EMERALD) and past work (IDES, NIDES) on analyzing systems and networks for the purposes of anomaly and misuse detection is available on our Website at www.csl.sri.com/intrusion.html, thanks to the efforts of my colleague Phil Porras. EMERALD significantly extends our earlier work, addressing not just host systems but also networks, servers, and hierarchically layered analysis. A 1997 paper is available in html form for browsing or in PostScript form for ftp-ing . A 1999 paper on Experience with EMERALD, jointly authored with Phil Porras, is available in PostScript and in html for the USENIX Workshop on Intrusion Detection and Network Management, 11-12 April 1999. (It won the best-paper award for the workshop!)
I helped organize a workshop on preventing, detecting, and responding to insider misuse, held in Santa Monica in August 1999. The final report and the slide materials for long and short briefings are available on our Web site at www2.csl.sri.com/insider-misuse/. My position paper for that workshop is also available online. A second workshop was held in Honolulu in July 2000.
I have updated and extended the 1999 paper in a new position paper that I prepared for the Dagstuhl Workshop on Insider Threats, 20-25 July 2008: Combatting Insider Misuse, with Relevance to Integrity and Accountability in Elections and Other Applications click here. Although I was unable to attend, Matt Bishop most graciously presented it for me. Matt's slides are online. [Incidentally, see my screed on Combatting Combating,
Just for kicks, let me mention my 1969 paper, The Role of Motherhood in the Pop Art of System Programming, from the 2nd Symposium on Operating Systems Principles, which has now been put on the Web courtesy of Olin Sibert and posted on Tom Van Vleck's Multicians website.
I taught a course ENPM 808s as an Adjunct Professor at the University of Maryland in the Fall of 1999 on material related to the Army Research Lab survivability study: www.csl.sri.com/neumann/umd808s.html. All of my UMd lecture materials (except for my RISKS book) are online as source-available open-course documents. (It is wonderful to see MIT's announcement of its OpenCourseWare in April 2001. That is a marvelous development.) My final set of Maryland lecture notes is also available in a 6-up PostScript form, that is, six slides to a printed page. Please let me know if you find the course materials interesting and/or useful. Similar courses were also taught at the University of Pennsylvania by Tony Barnes (I gave one of Tony's lectures), and at the University of Tennessee by Doug Birdwell (birdwell@hickory.engr.utk.edu) and Dave Icove (djicove@tva.gov) -- Electrical & Computer Engineering 599 -- using some of my lectures and lecture materials, and some of their own. Georgia Tech (Blaine Burnham) gave such a course in Winter 2000, and the Naval Postgraduate School (Cynthia Irvine) was contemplating such a course in the spring of 2000, according to an earlier discussion with Cynthia. Other universities have also expressed interest in piggypacking on the course materials.
My two-page position paper for a panel on open-box software (e.g., open-source and free software, where you can actually get inside the box and change something, as opposed to black-box software where you cannot even see inside the box) at the IEEE Symposium on Security and Privacy at Oakland CA, May 2000, is titled ``Robust Nonproprietary Software'' and is clickable (subject to IEEE copyright) in PostScript and pdf form.
A set of 28 slides for my keynote talk on the same general subject, titled
``The Potentials of Open-Box Source Code in Developing Robust Systems'' for
an April 2000 NATO conference, on The Ruthless Pursuit of COTS is also
available, in a variety of forms:
PostScript, 1 per page, 4 per page, 6 per page,
and
pdf, 1 per page, 4 per page, 6 per page.
(I
also handed out to the NATO
audience a preprint of the IEEE-copyrighted position paper noted above:
PostScript and pdf
form.)
A 2001 set of slides on the pros and cons of open-box software, from a talk on 27 February 2001 is available in PostScript and pdf formats.
Open-box software is not a panacea -- it does not solve all the problems. It still requires all of the discipline in development and operation that we would like to see in proprietary closed-box software. But it has enormous potential, and needs to be pursued as a serious contender.
If you have an active interest in the development of robust nonproprietary open-box software, please contact me by e-mail about participating actively in a small newsgroup dedicated specifically to the challenges of robustifying open-box software.
The ever-growing document, Illustrative Risks to the Public in the Use of Computer Systems and Related Technology, summarizes as one-liners many of the most interesting cases over the past decades. (Unfortunately, in recent years I have not been able to keep it up-to-date (except for some of the election integrity issues).) class="www.csl.sri.com/neumann/illustrative.html">browsed. It is also available in more printer-friendly formats in pdf form and PostScript from ftp.sri.com or from csl.sri.com .
In 2006, I was once again asked to do a Classic Paper for ACSAC, this time revisiting the RISKS experience. The paper Risks of Untrustworthiness and the slides for the talk are online.
Various folks have taught and/or are teaching courses related to the RISKS material -- for example, Jerry Saltzer and others at MIT, Roy Maxion at CMU -- and Rebecca Mercuri when she was at Bryn Mawr.
In a related effort that is supported in part by the ACM Committee on Computers and Public Policy, Lauren Weinstein moderates the Privacy Forum Digest and Network Neutrality Squad. He is providing a superb service for those of you who are deeply concerned about privacy issues. You may subscribe or request information via privacy-request@vortex.com . Check out the Privacy Forum and Network Neutrality Squad>.
I am a regular contributor to the ACM SIGSOFT Software Engineering Notes (which I founded in 1976; I was Editor for its first 18 years before turning it over to Will Tracz, who has now persisted for an even longer editorship!). Will has put most of the content of all the back issues online. Selected edited excerpts from RISKS continue appear in each regular issue of ACM Software Engineering Notes.
For 18 years beginning in 1980, I was a Contributing Editor to the Communications of the ACM (CACM). I either wrote or shepherded a column under the Inside Risks rubric. From July 1990 until June 2008, this was a monthly column that appeared inside the back cover of CACM. After 216 consecutive one-page monthly appearances, longer articles are now scheduled to appear three times a year. Most columns (except for some of the earliest ones) are accessible online at www.csl.sri.com/neumann/insiderisks.html; reuse for commercial purposes is subject to CACM and author copyright policy.
I am very grateful to the members of the ACM CCPP, who have kept me and RISKS-related efforts on the straight and narrow over the past many years. CCPP includes Steve Bellovin, Peter Denning, Virgil Gligor, Nancy Leveson, Dave Parnas, Jerry Saltzer, and Lauren Weinstein. (Jim Horning [d, 18 Jan 2013] was one of my original members -- see the lead item in RISKS-27.14. Sy Goodman, Rob Kling [d], and Barbara Simons were earlier long-time members.) They have all contributed nobly -- among other things, in guiding the authors of the monthly Inside Risks columns and acting as a review board when sensitive issues come up regarding RISKS submissions, and in some cases writing columns themselves.
One of the thornier issues relating to the lack of good software-engineering practice, particularly in the development of systems with critical requirements, is that of whether certification of programmers would help. A panel statement I wrote for the 2000 IEEE International Conference on Requirements Engineering is accessible in PostScript and pdf forms. I have deep concerns relating to certification and licensing. You should not read that position statement as an endorsement, but rather as a skeptical set of concerns. My keynote address slides are also available, PostScript.
The book has also been translated into Japanese and published by Addison-Wesley in 2000. ISBN 4-89471-141-9.
``Not everything that can be counted counts, and not everything that counts can be counted.'' (attributed to Albert Einstein; thanks to Will Tracz for sending me this delightful quote, serendipitously relevant to problems with elections!)
Dan Thomsen, Jeremy Epstein, and I were guest editors of the special issue, Lost Treasures, IEEE Security and Privacy (Building Dependability, Reliability, and Trust), November-December 2012, pp. 17--50, and authors of its introduction (pp. 17--19), which also includes a one-page sidebar by I wrote, titled Lost Lessons: Election Systems, Lost Lessons: Election Systems, on page 18.
I was SRI's PI for the NSF ACCURATE effort: A Center for Correct, Usable, Reliable, Auditable and Transparent Elections, NSF Grant number 0524111. ACCURATE was initially led by Avi Rubin at Johns Hopkins, and then by Dan Wallach at Rice. Other PIs are Mike Byrne at Rice, David Dill and Dan Boneh at Stanford, Dave Wagner at U.C. Berkeley, Doug Jones at the University of Iowa, and more recently Jeremy Epstein and Natarajan Shankar at SRI. See the ACCURATE website. That grant has now ended, although the work will never be complete!
My position paper for the CSTB workshop on Voter Registration Databases, December 29-30 2007, is online.
As noted above, the Illustrative Risks section on problems in past elections (click on Election Problems) is particularly timely in light of the the aftermath of the November 2000 Presidential election (fuzzy math? fuzzy aftermath?). I brought the section up to date on 23 Feb 2009 with respect to items in RISKS. The legend for the descriptors is at the beginning of the file.
Various columns relating to
the use of computers in the voting process are included
in the Inside Risks series in the Communications of the ACM:
U.S. Election After-Math, Peter G. Neumann, February 2009
Risks of E-Voting, Matt Bishop and David Wagner, November 2007
COTS and Other Electronic Voting Backdoors,
Rebecca T. Mercuri, Vincent J. Lipsio, and Beth Feehan, November 2006
Evaluation of Voting Systems,
Poorvi L. Vora, Benjamin Adida, Ren Bucholz, David Chaum, David L. Dill,
David Jefferson, Douglas W. Jones, William Lattin, Aviel D. Rubin,
Michael I. Shamos, and Moti Yung, November 2005
Security by Insecurity, Rebecca Mercuri and PGN, November 2003
Florida 2002: Sluggish Systems, Vanishing Votes, Rebecca Mercuri,
November 2002
Uncommon Criteria, Rebecca Mercuri, January 2002
Vote Early, Vote Often, Rebecca Mercuri, November 2000
Corrupted Polling, Rebecca Mercuri, Nov 1993
Voting-Machine Risks, Rebecca Mercuri, Nov 1992
Risks in Computerized Elections, PGN, Nov 1990
and are particularly timely in light of the the aftermath of the November 2000
Presidential election (fuzzy math? fuzzy aftermath?) and various
2002 and 2004 problems.
In addition, a paper I wrote in 1993, Security Criteria for Electronic Voting, is also available. This paper was adapted for inclusion in Computer-Related Risks. Evidently, I have been a psephologist as well as a psephotechnologist -- for well over two decades. (Thanks to Doug Jones for pointing this out!)
A National Public Radio piece (just under 7 minutes) by Dan Charles featuring Rebecca Mercuri and me ran on 10 February 2003, and is available as audio from the NPR archives. An old LinkTV program excerpt (courtesy of Lauren Weinstein's editing) on voting is available online as an mp4 file. It is somewhat dated and chatty, but still generally relevant. (Many things don't seem to change!)
Ronnie Dugger's November 1988 article in The New Yorker is on my Web site. His long article in The Nation (August 16/23 2004) is also online (unfortunately, requiring nine downloads).
For the convenience of folks trying to uncover some of the earlier history prior to the year 2000 election problems, I have also placed some of the material on electronic voting in Computer-Related Risks, although that material is under Addison-Wesley copyright.
Finally, if this topic is of serious interest to you, check out Rebecca Mercuri's doctoral thesis on the subject; info at www.notablesoftware.com/evote.html. This is a remarkable thesis, and should be considered seriously by everyone involved in developing, evaluating, or using voting systems in future elections.
Furthermore, check out David Dill's Web site, verify.stanford.edu/evote.html, which has become a very valuable contribution to the cause of election integrity. Read his petition, and join hundreds of computer scientists and many other people as well in signing it. He has also summarized the proceedings currently ongoing in Santa Clara County, where he and I and (remotely) Rebecca Mercuri were involved in trying to get the county to include a voter-verified paper audit trail as a part of their efforts to rush into all-electronic voting machines. The county has been partially responsive, and has contracted for an upgrade path to that end. Subseqently, then California Secretary of State Shelley has mandated a VVPAT for all-electronic voting machines by 2006. Much more has happened since then, as evidenced by the current California Secretary of State Debra Bowen's Top-To-Bottom Review in 2007.
Also of topical interest are the first two items in Risks Forum issue vol 21 no 13, and also an article in the San Francisco Chronicle by Henry Norr on 4 December 2000, on the risks of touch-screen balloting (in PostScript form). Remarking on our efforts in February 2003 to get Santa Clara County to use voter-verified hardcopy ballot images in their ongoing procurement of touch-screen systems (for example, see David Dill's Web site noted above), a highly supportive article in the San Francisco Chronicle by Henry Norr on 3 March 2003. I greatly admire Henry's willingness to publicly change his mind when he discovered his earlier views were short-sighted -- as he has done in these two articles.
My position statement for a hearing of the California Assembly Committee on Elections Reapportionment and Constitutional Amendments on 17 Jan 2001 pdf and PostScript gives a one-page summary on the integrity of the election process plus two one-page items (the Inside Risks piece from January 2001 with Rebecca Mercuri, and an article in RISKS-21.14 by PGN, Rebecca Mercuri, and Lauren Weinstein). A statement for a subsequent hearing for the same committee on 15 Jun 2004 is also available: in pdf form. Testimony for the California Senate Elections Committee on 8 Feb 2006 is also available in pdf form, on The Relative Merits of Openness in Voting Systems, written for Debra Bowen when she was in the California Senate.
A remarkably forthright detailed analysis of the lack of trustworthiness and usability of voting machines used in California in 2007 was conducted over the summer of 2007 under the auspices of California Secretary of State Debra Bowen. in the Top-To-Bottom Review. That effort seems to have inspired several subsequent analyses, all of which have greatly increased the general awareness of the breadth and depth of problems with electronic voting systems.
I am one of the 11 authors of the June 1997 report (along with Hal Abelson, Ross Anderson, Steve Bellovin, Matt Blaze, Whit Diffie, John Gilmore, Ron Rivest, Jeff Schiller, and Bruce Schneier), The Risks of Key Recovery, Key Escrow, and Trusted Third-Party Encryption,. This report was reissued in June 1998, with a new preface that notes that little has improved in the intervening year. The report is available for web browsing, and from CDT. It is also available for direct ftp-ing from Matt Blaze in PostScript or ASCII.
My July 1997 written testimony on that report for the Senate Judiciary Committee, originally scheduled for a crypto key-recovery hearing for 25 June 1997, was delivered on 9 July 1997. It is available online: Security Risks in Key Recovery. As a follow-up to that hearing, Senator Hatch asked each panelist to respond to specific questions from Senators Thurmond, Grassley, Leahy, and Feinstein. My responses to those questions are also available online. The proceedings of the entire set of hearings are available as Security in Cyberspace, S. Hrg. 104-701, 1996, pp. 350-363. ISBN 0-16-053913-7, 1996.
Incidentally, I note that the surveillance issue is perennially before us, for example, with respect to the Internet rather than telephony. The FBI's Carnivore monitoring system has been subjected to a review, and the draft IITRI Carnivore report is online on the DoJ site. At the request of the Department of Justice, I participated in a review of the IITRI report, with Matt Blaze, Steve Bellovin, Dave Farber, and Eugene Spafford. Our Carnivore review comments as submitted to DoJ are available here in html form. (As a result of widespread criticism relating to the choice of its seemingly predatory name, Carnivore has been renamed DCS1000, the Digital Collection System.)
A more recent article on risks of surveillance was written by Steven M. Bellovin, Matt Blaze, Whitfield Diffie, Susan Landau, PGN, and Jennifer Rexford, Risking Communications Security: Potential Hazards of the ``Protect America Act'', IEEE Security and Privacy, 6, 1, January-February 2008, pp. 18--27.
My 25 June 1996 written testimony for the Senate Permanent Subcommittee on Investigations of the Senate Governmental Affairs Committee is online: Security Risks in the Computer-Communication Infrastructure. The written testimony is included in Security in Cyberspace, Hearings, S. Hrg. 104-701, ISBN 0-16-053913-7, 1996, pp. 350-363; my oral testimony is transcribed on pages 106-111 of that volume.
My May 1998 follow-up written testimony for the Senate Permanent Subcommittee on Investigations of the Senate Governmental Affairs Committee is online: Computer-Related Infrastructure Risks for Federal Agencies.
My 6 November 1997 written testimony for a hearing of the U.S. House Science Committee Subcommittee on Technology is also online: Computer-Related Risks and the National Infrastructures. (My responses to subsequent questions appear in the proceedings of the hearing, ISBN 0-16-056151-5.) On 15 April 1999, I was again testified for the House Science Committee subcommittee on technology, this time for a hearing on the Melissa Microsoft Outlook Word Macro propagating e-mail Trojan horse/virus; I did a differential analysis on my November 1997 testimony, and argue that Melissa is merely the tip of a very large iceberg. On 10 May 2000, I was asked to testify for the same House committee on the ILOVEYOU Microsoft Outlook propagating Trojan e-mail h