IMO, they should have provided an audio version, since the video isn't necessary.
The talk was in the form of a Q&A covering various topics in brief. Here are a few notes and paraphrases. Any mistakes are undoubtedly mine.
- Bruce did an interview with TSA Administrator Kip Hawley which was being published around the time of this talk: http://www.schneier.com/interview-hawley.html
- security is a negotion: what are you going to give vs. what are you going to get?
- Even the TSA employees seem to know that they are cogs in a broken machine. And maybe that frustration is why some of them have a bad attitude.
- Bruce flew to the conference without an ID. The airlines and TSA have a procedure for that (which seems insecure).
- Also, it's really hard to be a TSA worker. It's an extremely boring job that requires constant attention, which is why they rotate through the positions so quickly. That's probably why some studies show 90% of guns getting through undetected.
This the most important thing I'll talk about today: now is the time we get to decide what kind of society we're going to live in.
- data is like the pollution byproduct of the information age. It stays around. How we use it, store it, etc. determines how we live in the information age.
Orwell got it wrong - it's not about intentional surveillance by big brother. Everything you do now leaves an incidental trail that is saved.
We tend to like the primary uses of that data (Amazon book recommendations), it's the secondary uses we're not so crazy about (third-party datamines sold to anyone for anything).
And this does have effects on us. How many times have you had a phone conversation where someone says "ha ha, I hope the FBI isn't listening". And even though it's a joke, you realize that you do feel constrained in what you say.
And the 4th Amendment doesn't work to protect our privacy (secure our person and papers) when our papers are not in our desks, they're in our SMS messages, ISPs and Google, etc.
Right now the approach that seems to be winning is the libertarian "let the market sort it out" deal. But you all whom the data is about, have no say in this market.
But we have the opportunity right now to say what the future of privacy looks like, instead of waiting until it's too late and then wondering why we didn't handle it. Europe has some decent privacy laws (but they don't cover everything).
Most likely, we'll deal with privacy the way we're dealing with industrial pollution. Nothing serious will be done until things get really really bad. We'll do some things around the fringes.
Favorite voting system - optical scan, by far.
What you want in a voting system is:
accurate, fast, anonymous, auditable.
The scanner tells the voter instantly whether there was an undervote or overvote. The paper is kept securely. So you have fast tally and automatic auditing.
CRYPTOGRAPHY VS CPU POWER
Is the strength of cryptography under threat from the increasing speed of CPUs?
In computer security, the math favors the attacker. Everything can be perfect except for one flaw, and the attacker can find and exploit that. But cryptography is the exception. The math favors the defender.
No, crytpograhy isn't under threat. Breaking cryptography isn't how we get through. Does the FBI crack PGP? No, they just install a key logger. It's easier to go around the cryptography than to break it.
And there are things that will trip you up. Your OS may save the key in cache somewhere, etc. Some company decrypts stuff on hard disks by scanning the whole drive for text strings and using them as a key. It works in a great proportion of cases.
Bruce uses PGP disk. He divides the hard drive between long-term and short-term storage. Stuff that's needed seldom is encrypted with one key. The rest is handled by PGP disk.
But the best security for a laptop is to NOT PUT YOUR FILES ON IT. [Best quote of the talk!]
CAN YOU TRUST ANTI-VIRUS COMPANIES [when they may have a conflict of interest]?
No. They dutifully ignored the Sony anti-virus, e.g. You wonder if they would tell you if the FBI installed something on your computer...