I just want to note here just how important Ross Anderson was, not just within the UK digital community, but globally. He was the model of a politically and socially involved computer scientist -- when I first heard of him in the 90s, he was doggedly trying to point out that the then security protections against ATM (cashpoint) fraud were too weak, and that the banks were blaming customers for leaking their PIN codes when in fact, those codes were eminently crackable.<p>After that, he was /the/ key figure in fighting restrictions on cryptography in the UK, putting together a coalition of CS experts in founding the Foundation for Information Policy Research, and then becoming one of the key (informal) advisors to the Labour party. As a gruff, Scottish socialist, Ross was tailormade to act as a counterbalance to the United States' heavy lobbying of the Blair administration to tow the line on making usable crypto illegal outside of the United States.<p>That had a global effect: opposition in the UK, at the time the US's strongest ally in many policies, limited the ability for the crypto restriction regime to spread. (After many years, it's notable that the main countries passing crypto restrictions during this period were those /furthest/ away from US support, rather than closest -- France, Russia, etc.).<p>FIPR and its successes spawned a strong, and experienced digital rights community in the UK early on. It was Ross and Caspar Bowden (who also sadly passed away far too early) who were crucial in encouraging this group to work with others in Europe to form EDRi, which remains the core of digital rights advocacy in Brussels. If you've ever wondered why the EU occasionally comes up with good cyberlegislation, it's because of the influence of EDRi -- and that coordination came from Ross and Caspar recognising that the real decisions were being made not in the UK or the US, but in the growing work of the European Union.<p>But at the same time as doing this political work, Ross was also building the foundations of a serious cybersecurity approach. He applied political, economic and social aspects to computer security models: his early writing on /where/ to put the liability for computer security flaws are still influencing approaches to legal liability now. He drew deeply from the actual use of technology: my favourite memory of him is him explaining how the Irish Republican Army actually passed around secrets under the nose of the British Army to a somewhat amazed BBC journalist.<p>Ross' high reputation allowed Cambridge University to lure Microsoft funding for their infosec department. The results of that collaboration indirectly led to CHERI, a capability-based security system designed by some of the brightest minds in the UK and beyond, and still for many of us the great hope for truly robust digital security.<p>Recently, Ross was still working on the cutting edge: the other week, Cory Doctorow pointed me to a paper he co-authored recently on how ML models might collapse in the face of ingested ML-generated content. When I devoted a chunk of a lightning talk to him at EthDenver, a prominent Filecoin ecosystem participant came up to me afterwards to thank me for highlighting Ross' work, as he had been instrumental in supporting her early career.<p>Ross was grumpy, unforgiving, a blistering writer of flaming emails, and sometimes oblivious of the effect his disapproval could have on others. But he pursued and achieved singularly useful advances in the field of information security, and in the wider, messier world of digital rights and global politics. He was mad at Cambridge for forcing him to retire at 67, and he was right -- not just from a political point of view, but from the truth that he still had so much to give. He died too soon.