Ryan Ellis is an Assistant Professor of Communication Studies at Northeastern. Ryan’s research and teaching focuses on topics related to communication law and policy, infrastructure politics, and cybersecurity. Prior to joining the department, Ryan held fellowships at the Harvard Kennedy School’s Belfer Center for Science and International Affairs and at Stanford University’s Center for International Security and Cooperation (CISAC). He received a PhD in Communication from the University of California, San Diego.
Can you tell us a bit about your Harvard-MIT project sponsored by Facebook?
I am currently working on a Facebook-sponsored research project with colleagues at Harvard and MIT. The interdisciplinary project focuses on the growing trade in previously unknown software vulnerabilities—what are known as “zero-days” (or “0-days”). Zero-days are precious commodities. The 0-days are key elements of sophisticated attacks and exploits that take advantage of these vulnerabilities; they are difficult to detect and hard to stop.
A range of different institutions buy 0-days, including software companies, criminals, computer security companies, defense contractors, and governments, just to name a few. Often, these different groups buy them for very different reasons. Companies, for example, buy them in order to fix these flaws and improve the security of their products and services. Militaries and criminals, however, buy 0-days and use them for clever attacks and exploits.
The project examines many interesting questions, including: Who exactly is selling 0-days? What motivates their work? Who is buying? How large is the market? And, most importantly: What are the larger implications of the commodification of vulnerabilities? Ultimately, the project charts the interlaced economic, political, and ethical questions raised by the market for 0-days. It is an interesting and odd market; we hope to better understand it through our work.
What have you found most intriguing while conducting research for your book Letters, Power Lines, and Other Dangerous Things: The Politics of Infrastructure Security?
Letters, Power Lines, and Other Dangerous Things: The Politics of Infrastructure Security, critically examines the post-9/11 creation, deployment, and implications of new forms of infrastructure security. Infrastructure security now occupies a central place in U.S. domestic policy. The federal government now spends a staggering sum—over $22 billion during a recent year alone—on infrastructure security. The topic, however, remains relatively underexplored.
I was intrigued to see the different ways in which information and communication technologies are being leveraged. Infrastructures are increasingly embroidered with information and communication technologies that are explicitly designed to enhance security: from the new detection and tracking systems that catalogue millions of letters as they whirl through the U.S. postal network each day, to the sophisticated filtering and monitoring technologies created by the National Security Agency and the Department of Homeland Security to scan electronic communication flowing through private Internet Service Providers (ISPs), novel security practices are remaking the basic terms on which infrastructures operate.
It is vital that we pay close attention to the ways in which new forms of security are transforming the ways in which infrastructures operate. The book tries to place these changes in a broader context, illustrating how contemporary forms of security are ensnared within a larger economic, political, and cultural history.
“I can’t wait to begin to explore [these questions] in the classroom with students at Northeastern.”
What research projects will you be working on while at Northeastern?
In the short-term, I will be working on finishing two book projects: a book on cybersecurity and public policy titled Rewired: The Past, Present, and Future of Cybersecurity (co-authored with my former Harvard Kennedy School colleague Vivek Mohan); and Letters, Power Lines, and Other Dangerous Things: The Politics of Infrastructure Security.
Additionally, I hope to continue to explore topics that sit at the intersection of national security and communication technologies. The campus has become a hub for interdisciplinary research focusing on security. I hope to offer a strong contribution that can make plain the key role that communication scholars can play in this ongoing, and important, conversation.
What courses will you be teaching at Northeastern and what are you most looking forward to?
I am very much looking forward to teaching ‘Freedom of Speech in Cyberspace’ this fall. The course examines the intersection of law, policy, and new information and communication technologies, and explores pressing issues related to free speech, privacy, and intellectual property. The class will look at a number of interesting questions: Should hate speech online be protected? What defines a “threat” in the world of social media? How can we ensure that the Internet is and remains a space for civic engagement, creativity, and innovation? What limits should be placed on the collection of personal information by both governments and corporations? How these and other questions are answered will have enormous consequences for our future. I can’t wait to begin to explore them in the classroom with students at Northeastern.