Schneier: Steps to Combat File-Sharing Are Misguided
By Tom Espiner
Leading security expert Bruce Schneier was in London this week on a whirlwind lecture tour. ZDNet UK caught up with the ex-NSA man, who is now BT's chief security technology officer, at lectures in parliament and at University College London.
Schneier talked to ZDNet UK about his views on behavioural advertising, the efforts of various governments to tackle unlawful file-sharing, cyber-warfare and vendor lock-in.
Q: The UK government is currently trying to pass the Digital Economy Bill, which includes provisions to penalise unlawful file-sharing. Is this technically feasible?
No, I don't think this is technically feasible. The ones they don't care about, the average user, are the ones they are going to stop, and the detection mechanisms are sloppy. There are so many examples of the industry getting it wrong.
If you look at the economics, file-sharing is good for music companies. They've got it wrong. Records were originally sold to promote live performances. When they realised people wanted to buy the records, they changed their business model. They are going to have to change it back. Or Steve Jobs will.
The bill does not require a court order to disconnect people from the internet. Is that reasonable?
What is your view of copyright?
That means the industry has to invent anti-capitalist cheats, like patents and copyright, that are effectively legally guaranteed monopolies in distributing the thing. These are all ways to try to recover fixed costs.
A lot of computing devices we buy have that strategy, combined with switching costs -- the cost to switch from a product to a competitor. Sometimes those costs are high.
Are you thinking of any devices or software in particular?
You can get companies stuck in a product because switching costs are so high. They have a system with six years worth of data bound up in it. Throughout IT, companies try to keep up switching costs. With iTunes, you might have £500 worth of music, which you will lose if you switch.
It's the same with proprietary formats. Microsoft doesn't want other people using its formats, because that will keep the switching costs high. It makes the effort to use different document formats high. How is the security industry changing?
IT is becoming part of the infrastructure -- it's just there. IT is becoming a utility, something you just expect in a job, like a desk or a stapler.
A car comes with security features fitted in. You don't buy a car and they say to you, 'Oh, by the way, we really recommend you stop off at a third-party supplier and get some brakes'. I don't buy bottled water and expect it to kill me. Security will stop being a separate thing and become part of the thing.
There are numerous organisations using deep packet inspection at the moment, for reasons ranging from law enforcement to behavioural advertising. Do you think using deep packet inspection for behavioural advertising is necessary?
In the US, we have separate carriers and content. The carrier is not supposed to touch the content. In the US DPI is an extremely bad can of worms.
A lot of countries have come out in the past couple of years and said they are developing or have developed cyber-offensive capabilities, including the UK and the US. Is this necessary?
Do you think the internet itself, or internet provision for a particular country, could be brought down?
There are only 14 critical nodes in the switching network, and we see outages caused by physical accidents like undersea cables being cut.
The weird thing is, we are talking about emerging properties. You don't know when a worm is released what the extent of the damage will be. There was a blackout in the north-east quadrant of the US when Blaster was released, that was probably caused by Blaster. We're dealing with emerging properties, in tightly coupled non-linear systems. The way to figure out what will happen is to try it.
Schneier.com is a personal website. Opinions expressed are not necessarily those of BT.