Ted July 8, 2016 4:18 PM

What always surprises me about safety and security are the interconnected relationships they share with people.

The ECQ’s of the newly-created Federal CISO position seems to reflect that same thought process.

“The following Fundamental Competencies are cross-cutting and should be addressed over the course of your ECQ narrative. It is not necessary to address them directly as long as the narrative, in its totality, shows mastery of the competencies on the whole. The competencies are: Interpersonal Skills; Oral Communications; Continual Learning; Written Communication; Integrity/Honesty; and Public Service Motivation.”

Slime Mold with Mustard July 8, 2016 6:19 PM

@ Parker
I don’t have to compromise the settings on my dedicated unsecure machine to get Honey-Boo-Boo. I know I will regret this.

tyr July 9, 2016 1:59 AM

It was a great listen.

There are a few things that can’t be covered in
the podcast format because of complications.
The level of trust is one of them, for corporations
and governments to be trusted they have to act in
the interests of those who they want trust from.
The current dilemmas are because they have been
consistently violating that trust and exposures
continue to erode what they want from the citizen
or userbase.

The recent attempt to couple the no fly list to
gun control is a perfect example. To state the
base objection by example, do you really want the
government to be able to place a citizen class on
a secret list with no recourse or access, say the
people who register as Democrats ? Assuming this
will not happen is called naivety since things of
that nature have occurred in the past with alarming

US gun control has been a failure every time it has
been tried because most who advocate it haven’t any
clue about the problem and consistently advocate
theatrics for solutions.

I was informed early that if someone shot another
person they would be hanged for it. Modern schools
tell their students, guns are to kill people with.
The results are plain when a young dummy gets a
gun he knows what it is for because teacher told
him so.

England was proud of having police that did not carry
guns. They also had a law that said if you commit a
crime using the “threat of a firearm” you got the
death penalty automatically. British criminals would
not even pretend to have a gun out of survival instinct.
They repealed the law and you see armed British police
all over their country now.

New York placed a full ban on guns which applied to the
honest people, but ‘Dutch Shultz’ was issued a permit by
NYPD because he used a gun in his business. The business
was called Murder Inc..

Politics is about theatrics and appearances, but we all have
to live with the consequences of badly written misguided
laws that harm a lot more than they fix. To write decent
gun laws there is an organization called NRA-ILA which
will help anyone in politics who asks for help to make a
decent law.

The ILA is Institute for Legislative Action and I was a
member for years. They are very interested in safety and
keeping weapons out of the hands of the incompetent but
not in burdening law abiding citizens with more crap.

One other statistic that gets very little mention is the
impairment by alcohol or drugs involved in most shootings.
It turns out that sober people rarely shoot others or
themselves but no one bothers to examine that datapoint.

Bruce has noted time and again that what we need are laws
that work, we can get theatrics from the infotainment
world and advice from those with expertise. Asking those
who have never held a shovel for ditch digging advice is

As far as corporations go the best position to be in is to
be below the radar, once you get called out in public for
data mining you never get the level of trust back. You
can’t buy a reputation you have to earn it by consistent
practices that guarantee your future survival. Facebook
will never recover from its own CEOs public face and no
one will notice it if it goes under as a result.

Eben Moglen is the go to guy on data law and what he says
makes sense when crafting data laws, because if you take
a shirt to a dry cleaner and it is stolen, the responsible
party is the dry cleaner. Those kind of laws are not new
and cyber is not an automatic shiny new exemption which
has to have new laws added on.

I don’t know of any cases of piracy of 70 MM films even
though it might be possible to copy them, Hollywood wants
the new technology but thinks that they should have a
new level of control over your machinery to save them
from their own incompetences. This is like a buggy whip
holder on every car which kills the ignition if you
remove it, that saves the buggy whip manufacturer but
interferes with your use of your own property. We need
to stop propping up failed business models with bad
laws that put us all at risk.

One thing Bruce forgot to mention, aircraft are quite
deadly if some looney uses them as a weapon. Once you
have secured them so that won’t happen the security
theatre of wanding grandmas and 14 year old girls in
tube tops I observed on my last flight will no longer
be necessary.

Curious July 9, 2016 5:46 AM

I think listening to podcasts as concise and to the point like this is nice to listen to.

I always look at the length of any podcast before playing them, and I usually bookmark them if I don’t feel like immediately setting a side half an hour or an hour for that to start listning. In this case this podcast episode was so nice that the time flew by.

John Doe July 9, 2016 2:42 PM

@ Bruce Schneier

I have a couple of questions to you with regard to the podcast.

You suggest that I as an individual can’t do very much against surveillance.

I should continue to use my Facebook and e-mail account, using my cell phone and paying with my credit card in order to be a “fully functioning” member of society? I should just trust providers (and authorities) because I have to trust at least “some” of those to live a normal life?

Is that really all you can recommend? I should wait for change while continuing to feed the surveillance machine?

Honestly, I’m a bit disappointed about your recommendations.

In my opinion, it makes a difference without losing much convenience, when I use DuckDuckGo and not Google, the Blackphone and not the iPhone, pay at least some items with cash and not with credit card or when use encrypted messenger and not unencrypted e-mails.

I expected that you would talk about some small things everyone can change in their daily life without becoming a “disfunctioning” member of society while reconquering a bit of one’s privacy.

John Doe July 11, 2016 12:34 PM

Dear Mr. Schneier,

I’m sorry for asking you my questions on July 9. Even though I know you’re a busy man, I didn’t know that you usually don’t answer questions in your blog.

x2bike4u July 11, 2016 2:09 PM

Overall, I thought you were doing a great job explaining privacy to non-security types. I stopped the podcast about halfway though as I got real tired of hearing the host cackle and squawk after most of the comments you made.

Leave a comment


Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via

Sidebar photo of Bruce Schneier by Joe MacInnis.