Essays and Op Eds

Bruce Schneier has written for many major publications, including The New York Times, The Wall Street Journal, The Guardian, Forbes, Wired, Nature, The Bulletin of the Atomic Scientists, The Sydney Morning Herald, The Boston Globe, The Los Angeles Times, The San Francisco Chronicle, and The Washington Post.

2009

June 24, 2009 • NYDailyNews.com
Clear Common Sense for Takeoff: How the TSA Can Make Airport Security Work for Passengers Again

June 24, 2009 • The Guardian and Gulf Times
Raising the Cost of Paperwork Errors Will Improve Accuracy

June 18, 2009 • Wired News
How Science Fiction Writers Can Help, or Hurt, Homeland Security

June 4, 2009 • The Guardian
Be Careful When You Come to Put Your Trust in the Clouds

May 29, 2009 • NYTimes.com
Coordinate, But Distribute Responsibility

May 14, 2009 • The Guardian
We Shouldn't Poison Our Minds with Fear of Bioterrorism

May 2009 • Information Security
Should We Have an Expectation of Online Privacy?

April 23, 2009 • The Guardian and Gulf Times
How the Great Conficker Panic Hacked into Human Credulity

April 2, 2009 • The Guardian
An Enterprising Criminal Has Spotted a Gap in the Market

March 31, 2009 • The Wall Street Journal
Who Should Be in Charge of Cybersecurity?

March 26, 2009 • Wired News
It's Time to Drop the "Expectation of Privacy" Test

March 12, 2009 • The Guardian
Blaming The User Is Easy – But It's Better to Bypass Them Altogether

March 12, 2009 • The Wall Street Journal
The Kindness of Strangers

February 26, 2009 • BBC News
Privacy in the Age of Persistence

February 26, 2009 • Wired News
How Perverse Incentives Drive Bad Security Decisions

February 16, 2009 • The Wall Street Journal
Thwarting an Internal Hacker

January 29, 2009 • The Guardian, The Hindu, Brisbane Times, The Sydney Morning Herald
Terrorists May Use Google Earth, But Fear Is No Reason to Ban It

January 27, 2009 • The Wall Street Journal
How to Ensure Police Database Accuracy

Jan/Feb 2009 • IEEE Security & Privacy
Architecture of Privacy

Jan 2009 • Information Security
State Data Breach Notification Laws: Have They Helped?

January 9, 2009 • The Wall Street Journal
Why Technology Won't Prevent Identity Theft

January 8, 2009 • The Guardian
Tigers Use Scent, Birds Use Calls -- Biometrics Are Just Animal Instinct

2008

December 9, 2008 • The Wall Street Journal
How to Prevent Digital Snooping

December 4, 2008 • The Guardian and The Hindu
When You Lose a Piece of Kit, the Real Loss Is The Data It Contains

November 21, 2008 • The Wall Street Journal
Why Obama Should Keep His BlackBerry -- But Won't

November 19, 2008 • Wired News
America's Next Top Hash Function Begins

November 13, 2008 • The Guardian and The Hindu
Passwords Are Not Broken, but How We Choose them Sure Is

October 23, 2008 • The Guardian
Time to Show Bottle and Tackle the Real Issues

October 16, 2008 • Wired News
Quantum Cryptography: As Awesome As It Is Pointless

October 2, 2008 • The Guardian
Why Society Should Pay the True Costs of Security

October 1, 2008 • Wired News
The Seven Habits of Highly Ineffective Terrorists

October 2008 • Information Security Magazine
Does Risk Management Make Sense?

September 18, 2008 • Wired News
Airport Pasta-Sauce Interdiction Considered Harmful

September 4, 2008 • The Guardian
A Fetishistic Approach to Security Is a Perverse Way to Keep Us Safe

September 4, 2008 • Wired News
How to Create the Perfect Fake Identity

September 2, 2008 • CSO Magazine
Security ROI: Fact or Fiction?

September 2008 • IEEE Spectrum
Here Comes Here Comes Everybody

August 28, 2008 • Los Angeles Times
The TSA's Useless Photo ID Rules

August 21, 2008 • Wired News
Boston Court's Meddling With "Full Disclosure" Is Unwelcome

August 10, 2008 • Security Watch
The Problem Is Information Insecurity

August 7, 2008 • Wired News
Memo to Next President: How to Get Cybersecurity Right

August 7, 2008 • The Guardian
Why Being Open about Security Makes Us All Safer in the Long Run

Jul/Aug 2008 • IEEE Security and Privacy
How the Human Brain Buys Security

July 23, 2008 • Wired News
Lesson From the DNS Bug: Patching Isn't Enough

July 17, 2008 • The Guardian
Software Makers Should Take Responsibility

July 10, 2008 • Wired News
How a Classic Man-in-the-Middle Attack Saved Colombian Hostages

July 2008 • Information Security Magazine
Chinese Cyberattacks: Myth or Menace?

June 30, 2008 • Wired News
I've Seen the Future, and It Has a Kill Switch

June 26, 2008 • The Guardian
CCTV Doesn't Keep Us Safe, Yet the Cameras Are Everywhere

June 19, 2008 • Discovery Technology
The Truth About Chinese Hackers

June 12, 2008 • Wired News
The Pros and Cons of Lifelock

June 4, 2008 • The Guardian
Are Photographers Really a Threat?

May 29, 2008 • Wired News
Why Do We Accept Signatures by Fax?

May 26, 2008 • CIO
How to Sell Security

May 15, 2008 • Wired News
Our Data, Ourselves

May 15, 2008 • The Guardian
Crossing Borders with Laptops and PDAs

May 1, 2008 • Wired News
America's Dilemma: Close Security Holes, or Exploit Them Ourselves

May 2008 • Information Security Magazine
The Ethics of Vulnerability Research

April 17, 2008 • Wired News
Prediction: RSA Conference Will Shrink Like a Punctured Balloon

April 4, 2008 • ComputerWeekly
Secret Questions Blow a Hole in Security

April 3, 2008 • Wired News
The Difference Between Feeling and Reality in Security

March 20, 2008 • Wired News
Inside the Twisted Mind of the Security Professional

March 13, 2008 • Nature
Census of Cyberspace Censoring

March 6, 2008 • Wired News
The Myth of the "Transparent Society"

March 2008 • Information Security Magazine
Consolidation: Plague or Progress

February 23, 2008 • Minneapolis Star Tribune
Security at What Cost?

February 21, 2008 • Wired News
When the Internet Is My Hard Drive, Should I Trust Third Parties?

February 7, 2008 • Detroit Free Press
Driver's Licenses for Immigrants: Denying Licenses Makes Us Less Safe

February 7, 2008 • Wired News
With iPhone, "Security" Is Code for "Control"

January 24, 2008 • Wired News
What Our Top Spy Doesn't Get: Security and Privacy Aren't Opposites

January 10, 2008 • Wired News
Steal This Wi-Fi

2007

December 13, 2007 • Wired News
Why "Anonymous" Data Sometimes Isn't

December 2007 • Information Security Magazine
Caution: Turbulence Ahead

Nov/Dec 2007 • IEEE Security and Privacy
The Death of the Security Industry

November 29, 2007 • Wired News
How Does Bruce Schneier Protect His Laptop Data? With His Fists — and PGP

November 15, 2007 • Wired News
Did NSA Put a Secret Backdoor in New Encryption Standard?

November 2007 • Information Security Magazine
Cyberwar: Myth or Reality?

November 1, 2007 • Wired News
How We Won the War on Thai Chili Sauce

October 18, 2007 • Wired News
Economics, Not Apathy, Exposes Chemical Plants To Danger

October 5, 2007 • OutlookBusiness
Paying the Cost of Insecure Software [PDF]

October 4, 2007 • Wired News
Gathering "Storm" Superworm Poses Grave Threat to PC Nets

September 20, 2007 • Wired News
Lesson From Tor Hack: Anonymity and Privacy Aren't the Same

September 6, 2007 • Wired News
NBA Ref Scandal Warns of Single Points of Failure

September 2007 • Information Security Magazine
Home Users: A Public Health Problem?

August 23, 2007 • Wired News
Time to Close Gaps in Emergency Communications

August 3, 2007
Interview with Kip Hawley

July 26, 2007 • Wired News
Disaster Planning Is Critical, but Pick a Reasonable Disaster

July 12, 2007 • Wired News
The Evolutionary Brain Glitch That Makes Terrorism Fail

June 28, 2007 • Wired News
Strong Laws, Smart Tech Can Stop Abusive "Data Reuse"

June 14, 2007 • Wired News
Portrait of the Modern Terrorist as an Idiot

May 31, 2007 • Wired News
Don't Look a Leopard in the Eye, and Other Security Advice

May 17, 2007 • Wired News
Virginia Tech Lesson: Rare Risks Breed Irrational Responses

May 8, 2007 • Testimony before the Senate Judiciary Committee
Will REAL ID Actually Make Us Safer?

May 6, 2007 • IEEE Computers and Security
Nonsecurity Considerations in Security Decisions

May 3, 2007 • Wired News
Do We Really Need a Security Industry?

May 2007 • Communications of the ACM
Psychology of Security

May 2007 • Information Security Magazine
Is Big Brother a Big Deal?

April 19, 2007 • Wired News
How Security Companies Sucker Us With Lemons

April 5, 2007 • Wired News
Vigilantism Is a Poor Response to Cyberattack

March 26, 2007 • Forbes
How to Not Catch Terrorists

March 22, 2007 • Wired News
Why the Human Brain Is a Poor Judge of Risk

March 8, 2007 • Wired News
The Problem With Copycat Cops

March 4, 2007 • The Bulletin of the Atomic Scientists
Real-ID: Costs and Benefits

March 2007 • Information Security Magazine
Is Penetration Testing Worth It?

February 27, 2007 • Minneapolis Star Tribune
Privatizing the Police Puts Us at Greater Risk

February 22, 2007 • Wired News
Why Smart Cops Do Dumb Things

February 12, 2007 • Forbes
Why Vista's DRM Is Bad For You

February 8, 2007 • Wired News
An American Idol for Crypto Geeks

February 7, 2007
The Psychology of Security

January 25, 2007 • Wired News
In Praise of Security Theater

January 22, 2007 • Forbes
Solving Identity Theft

January 21, 2007 • New York Times, Mercury News
Life in the Fast Lane

January 19, 2007 • New York Daily News
Camera Phones vs. Crime: Now We're Talking

January 15, 2007 • Wired News
Secure Passwords Keep You Safer

January 11, 2007 • SF Chronicle, Arizona Daily Star
On Police Security Cameras: Wholesale Surveillance

January 8, 2007 • Forbes
They're Watching

January 2007 • Information Security
Does Secrecy Help Protect Personal Information?

January 2007 • ENISA Quarterly
Information Security and Externalities

January 2007 • CSO Online
Schneier: Full Disclosure of Security Vulnerabilities a 'Damned Good Idea'

2006

December 14, 2006 • Wired News
MySpace Passwords Aren't So Dumb

December 12, 2006 • Forbes
Why Spam Won't Go Away

November 30, 2006 • Wired News
My Data, Your Machine

November 16, 2006 • Wired News
Vote Early, Vote Often

November 13, 2006 • Forbes
Did Your Vote Get Counted?

November 2, 2006 • Wired News
The Boarding Pass Brouhaha

November 2006 • Information Security Magazine
Do Federal Security Regulations Help?

October 19, 2006 • Wired News
The Architecture of Security

October 18, 2006 • Forbes
Casual Conversation, R.I.P.

October 5, 2006 • Wired News
Why Everyone Must Be Screened

September 21, 2006 • Wired News
Lessons From the Facebook Riots

September 16, 2006 • Washington Post
The ID Chip You Don't Want in Your Passport

September 7, 2006 • Wired News
Quickest Patch Ever

September 2006 • Information Security Magazine
Is There Strategic Software?

August 24, 2006 • Wired News
Refuse to be Terrorized

August 13, 2006 • Minneapolis Star Tribune
Focus on Terrorists, Not Tactics

August 10, 2006 • Wired News
Drugs: Sports' Prisoner's Dilemma

July 27, 2006 • Wired News
How Bot Those Nets?

July 13, 2006 • Wired News
Google's Click-Fraud Crackdown

July 2006 • Information Security Magazine
Are Security Certifications Valuable?

June 29, 2006 • Wired News
It's the Economy, Stupid

June 15, 2006 • Wired News
The Scariest Terror Threat of All

June 1, 2006 • Wired News
Make Vendors Liable for Bugs

May 31, 2006 • Minneapolis Star Tribune
We're Giving Up Privacy and Getting Little in Return

May 18, 2006 • Wired News
The Eternal Value of Privacy

May 4, 2006 • Wired News
Everyone Wants to "Own" Your PC

April 20, 2006 • Wired News
The Anti-ID-Theft Bill That Isn't

April 6, 2006 • Wired News
Why VOIP Needs Crypto

April 2006 • Information Security Magazine
Is User Education Working?

March 23, 2006 • Wired News
Let Computers Screen Air Baggage

March 9, 2006 • Wired News
Why Data Mining Won't Stop Terror

March 5, 2006 • Minneapolis Star Tribune
Your Vanishing Privacy

February 23, 2006 • Wired News
U.S. Ports Raise Proxy Problem

February 15, 2006 • Network World
Security in the Cloud (Feb 06)

February 9, 2006 • Wired News
Fighting Fat-Wallet Syndrome

January 26, 2006 • Wired News
Big Risks Come in Small Packages

January 12, 2006 • Wired News
Anonymity Won't Kill the Internet

2005

December 20, 2005 • Minneapolis Star Tribune
Unchecked Presidential Power

December 20, 2005 • Salon
Uncle Sam is Listening

December 15, 2005 • Wired News
Hold the Photons!

December 13, 2005 • Utility Automation & Engineering T&D
The Hackers are Coming!

December 1, 2005 • Wired News
Airline Security a Waste of Cash

Nov/Dec 2005 • IEEE Security and Privacy
The Zotob Storm

November 21, 2005 • Minneapolis Star Tribune
The Erosion of Freedom

November 17, 2005 • Wired News
Real Story of the Rogue Rootkit

November 3, 2005 • Wired News
Fatal Flaw Weakens RFID Passports

October 20, 2005 • Wired News
Sue Companies, Not Coders

October 6, 2005 • Wired News
A Real Remedy for Phishers

Sep/Oct 2005 • IEEE Security and Privacy
University Networks and Data Security

September 22, 2005 • Wired News
A Sci-Fi Future Awaits the Court

September 11, 2005 • Minneapolis Star Tribune
Toward a Truly Safer Nation

September 8, 2005 • Wired News
Terrorists Don't Do Movie Plots

June 23, 2005 • New York Daily News
Make Businesses Pay in Credit Card Scam

June 2, 2005 • Queue
Attack Trends: 2004 and 2005

May 2005 • Communications of the ACM
Risks of Third-Party Data

April 2005 • Communications of the ACM
Two-Factor Authentication: Too Little, Too Late

February 14, 2005 • eWeek
Digital Information Rights Need Tech-Savvy Courts

February 9, 2005 • Computerworld
The curse of the secret question

Jan/Feb 2005 • IEEE Security and Privacy
Authentication and Expiration

2004

December 9, 2004 • CNET News.com
Who says safe computing must remain a pipe dream?

November 30, 2004 • Sydney Morning Herald
Airport Security and Metal Knives

November 29, 2004 • eWeek
Desktop Google Finds Holes

November 24, 2004 • Boston Globe
Profile: "hinky"

November 24, 2004 • OpenDemocracy
Why is it so hard to run an honest election?

October 31, 2004 • San Francisco Chronicle
Getting Out the Vote

October 28, 2004 • Computerworld
Information security: How liable should vendors be?

October 26, 2004 • Sydney Morning Herald
The Security of Checks and Balances

October 22, 2004 • UPI
Outside View: Security at the World Series

October 4, 2004 • The Baltimore Sun
Bigger Brother

October 4, 2004 • International Herald Tribune
Does Big Brother want to watch?

October 2004 • The Rake
Do Terror Alerts Work?

October 2004 • Communications of the ACM
The Non-Security of Secrecy

Sep/Oct 2004 • IEEE Security and Privacy
SIMS: Solution, or Part of the Problem?

September 27, 2004 • CNET News.com
Saluting the data encryption legacy

September 20, 2004 • Mercury News
Academics locked out by tight visa controls

September 19, 2004 • New Haven Register
City Cops' Plate Scanner is a License to Snoop

August 30, 2004 • eWeek
We Owe Much to DES

August 27, 2004 • Minneapolis Star Tribune
How Long Can the Country Stay Scared?

August 26, 2004 • Sydney Morning Herald
Olympic Security

August 25, 2004 • Newsday
U.S. "No-Fly" List Curtails Liberties

August 24, 2004 • Boston Globe
An Easy Path for Terrorists

August 19, 2004 • Computerworld
Cryptanalysis of MD5 and SHA: Time for a New Standard

August 2, 2004 • Sydney Morning Herald
BOB on Board

Jul/Aug 2004 • IEEE Security and Privacy
Customers, Passwords, and Web Sites

July 30, 2004 • Sydney Morning Herald
Security, Houston-Style

July 6, 2004 • eWeek
US-VISIT Is No Bargain

July 2004 • Communications of the ACM
Insider Risks in Elections

June 24, 2004 • Minneapolis Star Tribune
Unchecked Police And Military Power Is A Security Threat

June 16, 2004 • News.com
CLEARly Muddying the Fight Against Terror

June 2, 2004 • Computerworld
The Witty Worm: A New Chapter in Malware

May/Jun 2004 • IEEE Security and Privacy
Security and Compliance

May 31, 2004 • Network World
Microsoft's Actions Speak Louder Than Words

May 10, 2004 • Newsday
Curb electronic surveillance abuses

May 4, 2004 • CNET News.com
We Are All Security Customers

April 27, 2004 • Counterpunch
Terrorist Threats and Political Gains

April 2004 • IEEE Computer
Hacking the Business Climate for Network Security

April 1, 2004 • Minneapolis Star Tribune
A National ID Card Wouldn't Make Us Safer

April 2004 • Communications of the ACM
Cyber Underwriters Lab?

March 2004 • Wired Magazine
America's Flimsy Fortress

February 3, 2004 • San Francisco Chronicle
IDs and the illusion of security

February 2004 • Communications of the ACM
Risks of PKI: Electronic Commerce

Jan/Feb 2004 • IEEE Security and Privacy
Voting Security

January 30, 2004 • CNET News.com
Slouching Towards Big Brother

January 19, 2004 • Salon.com
Homeland Insecurity

January 14, 2004 • Newsday
Fingerprinting Visitors Won't Offer Security

January 2004 • Communications of the ACM
Risks of PKI: Secure E-Mail

2003

December 21, 2003 • Minneapolis Star Tribune
Better Get Used to Routine Loss of Personal Privacy

December 19, 2003 • Mercury News
Are You Sophisticated Enough to Recognize an Internet Scam?

December 16, 2003 • Salon.com
Blaster and the Great Blackout

December 9, 2003 • CNET News.com
Internet Worms and Critical Infrastructure

Nov/Dec 2003 • IEEE Security and Privacy
Airplane Hackers

November 11, 2003 • Financial Times Deutschland
Festung Amerika

November 2003 • Heise Security
Liability Changes Everything

October 21, 2003 • Newsday
Terror Profiles by Computers Are Ineffective

October 14, 2003 • UPI
Fixing intelligence

August 2003 • Communications of the ACM
Voting and Technology: Who Gets to Count Your Vote?

Jul/Aug 2003 • IEEE Security and Privacy
The Speed of Security

June 2003 • Wired Magazine
Walls Don't Work in Cyberspace

May/Jun 2003 • IEEE Security and Privacy
Guilty Until Proven Innocent?

Mar/Apr 2003 • IEEE Security and Privacy
Locks and Full Disclosure

March 7, 2003 • Mercury News
American Cyberspace: Can We Fend Off Attackers?

March 2, 2003 • SF Chronicle
Secrecy and Security

Jan/Feb 2003 • IEEE Security and Privacy
We Are All Security Consumers

2002

January 18, 2002 • CNET News.com
Trust, but Verify, Microsoft's Pledge

2002 • IEEE Computer Magazine
The Case for Outsourcing Security

2001

May 2001 • Security Engineering by Ross Anderson
Foreword

March 2001 • Communications of the ACM
Insurance and the Computer Industry

February 2001 • Information Security Magazine
The Insurance Takeover

2000

August 2000 • Information Security Magazine
The Fallacy of Trusted Client Software

April 2000 • Information Security Magazine
The Process of Security

1999

December 1999 • Information Security Magazine
1999 Crypto Year-in-Review

November 1999 • ZDNet
DVD Encryption Broken

November 1999 • Computerworld
Why Computers are Insecure

November 1999 • Information Security Magazine
A Plea for Simplicity

October 1999 • Communications of the ACM
Risks of Relying on Cryptography

September 1999 • Communications of the ACM
The Trojan Horse Race

September 1999 • Information Security Magazine
International Cryptography

August 1999 • ZDNet
Web-Based Encrypted E-Mail

August 1999 • ZDNet
NIST AES News

August 1999 • Communications of the ACM
Biometrics: Uses and Abuses

March 1999 • IEEE Security and Privacy
Cryptography: The Importance of Not Being Different

March 1999 • Information Security Magazine
Why the Worst Cryptography is in the Systems that Pass Initial Analysis

January 26, 1999 • ZDNet
Intel's Processor ID

1999 • Computer Security Journal
How to Evaluate Security Technology

1998

December 1998 • Information Security Magazine
1998 Crypto Year-in-Review

October 1998 • Information Security Magazine
Key Recovery

1998
Security Pitfalls in Cryptography

1998
Click here to bring down the Internet

1997

January 1997 • Communications of the ACM
Cryptography, Security, and the Future

1997
Why Cryptography is Harder than it Looks

Schneier.com is a personal website. Opinions expressed are not necessarily those of BT.