My Priorities for the Next Four Years

Like many, I was surprised and shocked by the election of Donald Trump as president. I believe his ideas, temperament, and inexperience represent a grave threat to our country and world. Suddenly, all the things I had planned to work on seemed trivial in comparison. Although Internet security and privacy are not the most important policy areas at risk, I believe he -- and, more importantly, his cabinet, administration, and Congress -- will have devastating effects in that area, both in the US and around the world.

The election was so close that I've come to see the result as a bad roll of the dice. A few minor tweaks here and there -- a more enthusiastic Sanders endorsement, one fewer of Comey's announcements, slightly less Russian involvement -- and the country would be preparing for a Clinton presidency and discussing a very different social narrative. That alternative narrative would stress business as usual, and continue to obscure the deep social problems in our society. Those problems won't go away on their own, and in this alternative future they would continue to fester under the surface, getting steadily worse. This election exposed those problems for everyone to see.

I spent the last month both coming to terms with this reality, and thinking about the future. Here is my new agenda for the next four years:

One, fight the fights. There will be more government surveillance and more corporate surveillance. I expect legislative and judicial battles along several lines: a renewed call from the FBI for backdoors into encryption, more leeway for government hacking without a warrant, no controls on corporate surveillance, and more secret government demands for that corporate data. I expect other countries to follow our lead. (The UK is already more extreme than us.) And if there's a major terrorist attack under Trump's watch, it'll be open season on our liberties. We may lose a lot of these battles, but we need to lose as few as possible and as little of our existing liberties as possible.

Two, prepare for those fights. Much of the next four years will be reactive, but we can prepare somewhat. The more we can convince corporate America to delete their saved archives of surveillance data and to store only what they need for as long as they need it, the safer we'll all be. We need to convince Internet giants like Google and Facebook to change their business models away from surveillance capitalism. It's a hard sell, but maybe we can nibble around the edges. Similarly, we need to keep pushing the truism that privacy and security are not antagonistic, but rather are essential for each other.

Three, lay the groundwork for a better future. No matter how bad the next four years get, I don't believe that a Trump administration will permanently end privacy, freedom, and liberty in the US. I don't believe that it portends a radical change in our democracy. (Or if it does, we have bigger problems than a free and secure Internet.) It's true that some of Trump's institutional changes might take decades to undo. Even so, I am confident -- optimistic even -- that the US will eventually come around; and when that time comes, we need good ideas in place for people to come around to. This means proposals for non-surveillance-based Internet business models, research into effective law enforcement that preserves privacy, intelligent limits on how corporations can collect and exploit our data, and so on.

And four, continue to solve the actual problems. The serious security issues around cybercrime, cyber-espionage, cyberwar, the Internet of Things, algorithmic decision making, foreign interference in our elections, and so on aren't going to disappear for four years while we're busy fighting the excesses of Trump. We need to continue to work towards a more secure digital future. And to the extent that cybersecurity for our military networks and critical infrastructure allies with cybersecurity for everyone, we'll probably have an ally in Trump.

Those are my four areas. Under a Clinton administration, my list would have looked much the same. Trump's election just means the threats will be much greater, and the battles a lot harder to win. It's more than I can possibly do on my own, and I am therefore substantially increasing my annual philanthropy to support organizations like EPIC, EFF, ACLU, and Access Now in continuing their work in these areas.

My agenda is necessarily focused entirely on my particular areas of concern. The risks of a Trump presidency are far more pernicious, but this is where I have expertise and influence.

Right now, we have a defeated majority. Many are scared, and many are motivated -- and few of those are applying their motivation constructively. We need to harness that fear and energy to start fixing our society now, instead of waiting four or even eight years, at which point the problems would be worse and the solutions more extreme. I am choosing to proceed as if this were cowpox, not smallpox: fighting the more benign disease today will be much easier than subjecting ourselves to its more virulent form in the future. It's going to be hard keeping the intensity up for the next four years, but we need to get to work. Let's use Trump's victory as the wake-up call and opportunity that it is.

Posted on December 15, 2016 at 3:50 AM • 187 Comments

Comments

13th Arrondissement MobbingDecember 15, 2016 4:08 AM

> We need to convince Internet giants like Google and Facebook to change their business models away from surveillance capitalism.

Easier said than done. It practically requires dismantling them (which is a tempting idea, ffs).

ThothDecember 15, 2016 4:20 AM

@Bruce Schneier

"One, fight the fights. There will be more government surveillance and more corporate surveillance. I expect legislative and judicial battles along several lines: a renewed call from the FBI for backdoors into encryption, more leeway for government hacking without a warrant, no controls on corporate surveillance, and more secret government demands for that corporate data. I expect other countries to follow our lead. (The UK is already more extreme than us.) And if there's a major terrorist attack under Trump's watch, it'll be open season on our liberties. We may lose a lot of these battles, but we need to lose as few as possible and as little of our existing liberties as possible."

I think political nice talks are pretty much over with Trump at the helm. He wouldn't tolerate lobbying or anything against his agenda. See it as a charging bull on fire. There is very little room for talking and we need to get down to actually start putting something solid on the table. Proper, high assurance, security for the masses with ease of use.

"Two, prepare for those fights. Much of the next four years will be reactive, but we can prepare somewhat. The more we can convince corporate America to delete their saved archives of surveillance data and to store only what they need for as long as they need it, the safer we'll all be. We need to convince Internet giants like Google and Facebook to change their business models away from surveillance capitalism. It's a hard sell, but maybe we can nibble around the edges. Similarly, we need to keep pushing the truism that privacy and security are not antagonistic, but rather are essential for each other."

The industry has already rotten to a degree it is beyond salvaging. You work in the security industry and so do I and many of us on this forums who have served the interest of the industry, Governments and public. I cannot speak of your or other's experience while in the Industry but from my perspective and experience, I have given up most hope that the Industry has any chances of changing itself.

The proverbial saying that a tiger's stripes on it's skin is almost impossible to change is very true.

"Under a Clinton administration, my list would have looked much the same. Trump's election just means the threats will be much greater, and the battles a lot harder to win. It's more than I can possibly do on my own, and I am therefore substantially increasing my annual philanthropy to support organizations like EPIC, EFF, ACLU, and Access Now in continuing their work in these areas."

There is very little difference between Clinton and Trump. They would both push for NOBUS capabilities and so on as usual. The only difference is that Trump is more direct to the point on what he wants and possibly more forceful on the surface.

"It's going to be hard keeping the intensity up for the next four years, but we need to get to work. "

We have great people with great ideas and huge motivations here. Have you ever thought of talking to @Markus Ottela, @Figureitout, @Clive Robinson, @Nick P as they have a lot of ideas and @Markus Ottela and @Figureitout have a bunch of Open Source projects which you could either fund them or help them in some way to continue their efforts in Open Source security and technology ? These people already have stuff that are close to reality and provide higher security than most solutions, it would be nice if you can talk to these people and help them to help others.

Freedom of the Press Foundation have recently asked for help implementing digital media encryption on cameras to protect footages from searches. You could take a look at it too.

Links:
- http://www.theregister.co.uk/2016/12/14/photojournalists_say_cameras_need_encryption/
- https://www.documentcloud.org/documents/3238288-Camera-Encryption-Letter.html

WinterDecember 15, 2016 4:38 AM

"No matter how bad the next four years get, I don't believe that a Trump administration will permanently end privacy, freedom, and liberty in the US."

I think of my family who lived through the Nazi occupation of our country. That was as dark as it get, and in other places, it was darker than can be imagined. But even that came to an end, eventually. And their compatriots did work for the world after the war. The EU was one result of that effort and brought Europe 70 years of peace and prosperity.

Sadly, in Europe too there are people who are fed up with peace and prosperity.

keinerDecember 15, 2016 4:41 AM

"And if there's a major terrorist attack under Trump's watch"

...guess we won't have to wait too long for that, the secret service has to show who is boss in the ring. So prepare for the worst. France is now in "state of emergency" until at least 2017. This won't go away. It' to good a crisis to waste.

Before the military/secret service is removed as "deep state" in the western world we won't have peace.

SMDecember 15, 2016 4:53 AM

Interesting perspective, thanks.

Only critical comment: your intro appears to suggest that the election result had nothing to do with Clinton's many weaknesses. Not sure if this is intentional, but it seems to reflect the inability of the Democrat establishment to critically introspect, which is concerning. You even imply that Sanders is more responsible than Clinton! But whatever one thinks of the leaking of the emails, the conduct of her team was clearly harmful to the campaign even when concealed and then even more harmful once revealed. I don't think much serious progress will be made without some honest, critical introspection on Clinton's weakness as essentially an establishment shill.

The Twitter TruthDecember 15, 2016 5:18 AM

Google and Microsoft are in a race against AT&T who has been collecting everything on customers since the 1980s. He who has the most data gets the lucrative surveillance contract.

As everyone saw at the tech meeting yesterday Peter Thiel was grasping hands with President-elect Trump to make a statement to the tech giants present to fall-in-line. Expect Palantir to be accessing their user data in real-time.

As American high tech is being spurned throughout the World, they are making popular American Internet sites financially dependent upon themselves through advertising networks. Here is an recent example of Drudge spinning news with Goggle:

The original FT headline:
Google faces EU curbs on how it tracks users to drive adverts

The ironic and sensational Drudge/Google headline:
ONLINE ADVERTISERS WARN EU PRIVACY CRACKDOWN THREATENS ‘ENTIRE INTERNET’…

End of the ‘Entire Internet’. Really? Chicken Little doomsday?
Note that 99.99% of Drudge readers cannot verify Google/Drudge’s takeoff on the article because it’s paywall blocked.

The unsuspecting reader is instead surreptitiously redirected to Google instead of the FT publisher with this nasty looking personalized link:
https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&cad=rja&uact=8&ved=0ahUKEwinrai4yfLQAhUW12MKHehxCVQQGggaMAA&url=https%3A%2F%2Fwww.ft.com%2Fcontent%2F87c91c06-c147-11e3-9bca-2b93a6856354&usg=AFQjCNFNu-viSXK1DO-1n-NFez5X9mK2hQ&bvm=bv.141320030,d.cGc

So why the ruse?
This Google ‘wet-dream’ headline puts public pressure on EU privacy regulators to back-off!
The other explanation is to identify and track Drudge readers then sell off their data.

Mark Thompson, President & CEO of The New York Times:
“As for the digital giants, I believe they need to think hard about transparency and accountability. Their ad tech and ad networks help make fake news so lucrative..”

Google’s Internet dragnet is still growing but at a cost of using extreme measures. From their perspective, they have no choice no longer being able to write legislation at the White House.

Hopefully this example shows how original copyrighted news is biased and sensationalized to fit an agenda. Fake news had its birth in Drudge now assisted by Google/Facebook advertising networks.
The next stage is The Twitter Truth!

https://en.m.wikipedia.org/wiki/Criticism_of_Google

Bubba MustafaDecember 15, 2016 5:32 AM

With Trump it will be a harder battle?
Yeah, ok, maybe by 1%. Clinton despises and has as much contempt for the slaves too.

Peter HellmondsDecember 15, 2016 5:46 AM

Bruce,

the thought that came to my mind when reading your agenda for the coming years was this: what if *they* first come for those like you who are determined to fight for privacy, against surveillance, for security, and for our liberties. Would not you be at risk, as one of the outspoken experts?

And so I was thinking: do you have a canary set up so we can check whether he is still alright?

Keep up the good work!

HermanDecember 15, 2016 5:50 AM

"I expect other countries to follow our lead. (The UK is already more extreme than us.)" -- Follow me! I'm right behind you!

tripdownmemorylanesDecember 15, 2016 6:02 AM

It's amazing what 20 years make you forget. Weren't you the one fighting the first crypto war against Clinton administration? How does electing his wife into office make things better?

Pavan DevathaDecember 15, 2016 6:09 AM

I am very optimistic that the Trump administration will not support and abeit Islamic Dictators and their anti-human sharia laws such as Male Guardianship of Women, Slavery, Stoning of Women, Forced Conversations and Blasphemy laws. The security of the world depends on dismantling and destroying countries that have based their national laws on anti-human racist and anti women laws.

Keith GlassDecember 15, 2016 6:15 AM

Bruce. . . .

I'm going to differ with you on several issues.

First, the "defeated majority". The mechanics of Presidential Elections are long-established and well-described. The majority you speak of is primarily due to one state of the 50: California. Clinton's (and her team's. . .) failure to win the election was fairly straight-forward: they "ate their own dog food", despite numerous indicators from the field saying that the message wasn't resonating and turnout was going to be far lower than necessary.

http://www.politico.com/story/2016/12/michigan-hillary-clinton-trump-232547

In fact, their lack of flexibility and top-down management model was their actual downfall. Add to that their apparent mis-allocation and wastage of funds. In the final analysis, it appears that Team Clinton ran their campaign like a Government Program, and Team Trump ran theirs like a business:

http://www.usatoday.com/story/news/politics/elections/2016/2016/11/09/another-way-trumps-bid-changed-politics/93565370/

Second, I actually don't expect much difference on a lot of issues relating to security. I do see a greatly increased likelihood of long-needed efficiencies and cost-benefit analysis being applied to Federal Programs and employment.

Thirdly, thinking that Trump's institutional changes will take decades to undo: that's a feature, not a bug, for FedGov and the Bureaucracy. Institutional momentum from EVERY President's changes echo on for decades. Heck, even if the Republicans rip Obamacare up, root and branch, it's long-term effects will endure. . .

smitty1eDecember 15, 2016 6:22 AM

Props to commenter SM above for putting it about 1000 times more diplomatically than I.
Absolutely, Tribble-head is a big unknown, and those who'd prefer reform & meritocracy need to be as critical of one New York oligarch as they would have the other.

JEDecember 15, 2016 6:35 AM

Not You Too

Bruce you can't seriously think privacy and security would have been better under Clinton. The first part of your position is weak at best and amounts to whining that Clinton lost. Then you go on to say if Clinton had won your agenda would be much the same. Please study why she truly lost. She was not a good candidate. Plain and simple.

Leonardo HerreraDecember 15, 2016 6:38 AM

I find strange that smart people are so scared by campaign tactics. Trump will announce something on public to get the upper hand, then he will _negotiate_ what makes more sense according to his advisors' data and his personal preference. He is not an extreme nut, he is a business man. He's not classy, but he's also not stupid, people. Consider Obamacare: he said he would rip it off, but not a day after being elected he changed his speech. That was intentional.

Dan HDecember 15, 2016 6:48 AM

"Slightly less Russian involvement."

Really?

There is no doubt Yahoo was hacked, and they have never been able to pinpoint who hacked them.

Yet there is absolute certainty on behalf of the left that Russians were involved in hacking the DNC???

Whoever hacked the DNC and Clinton campaign, the information released was never refuted. It was all truthful and showed the lies, corruption and scandal of Hillaryous Clinton and the DNC.

Dave JonesDecember 15, 2016 6:55 AM

Dear Bruce,

You've lost your marbles. You're now clearly suffering from old age brain fog and all this political nonsense has suffocated the few brain cells you had left.


Blog less. You'll look like less of a fool.

Best,
Dave

Dan HDecember 15, 2016 6:59 AM

"Right now, we have a defeated majority"

If you are speaking of Hillary Clinton having more total votes than any one candidate, that is true.

However, as much as the MSM likes to say she won the popular vote, she most certainly did not, because she - and no other - received greater than 50% of the vote.

If you add Trump + Stein + Johnson, more people voted against Hillary Clinton than voted for her.

The last point on vote count is that of her votes in excess of Trump: 1.5 million came from NYC and the remainder from California. Those two places don't speak for the whole country.

Also, in Detroit, 37% of the precincts had more votes than people. And they were almost all to a ballot for Hillary (speaking of irregularities in voting). Russians weren't involved in this, Podesta.

Old SmokeyDecember 15, 2016 7:08 AM

Good plan Bruce, Except:

I am pretty sure all is lost in Washington. Elected officials and the bureaucracy have been irretrievably compromised. Trump is simply a new clown on the stage.

The fight should go local. One programmer, one IT admin, one small office at a time. Build from the bottom up. The top is lost. Completely.

We need a whole new mountain of cyber security.

Frank Ch. EiglerDecember 15, 2016 7:15 AM

"@Winter Sadly, in Europe too there are people who are fed up with peace and prosperity."

There are also numerous people who perceive a loss of "peace and prosperity" due to pernicious policies of the EU. If you're unaware of how that could possibly be, no wonder Trump's election came as a shock.

removed_from_start_pageDecember 15, 2016 7:34 AM

Please stick to what you know best and stay away from politics. I thought you were quite a bit more intelligent than this article reveals. The Russia link is getting old, we saw it during the campaign and again now. If you are at all interested in which candidate had more exposure to Russia please read about Uranium One.

wiredogDecember 15, 2016 7:48 AM

Well, I see "Dan H" and the other Russian apologists are here already.

Having had some relatives turned into air pollution in Europe a few generations back, I'm changing up my investments to protect my physical security as well as my digital security.

hermanDecember 15, 2016 7:50 AM

It is too funny how all the biggest cock-ups are blamed on Russia - the indomitable boogeyman. There is no need to claim conspiracy when stupidity or simple malice provides an adequate answer. Therefore, if I apply Occam's Razor, then the most likely simple explanation is that the DNC and Yahoo hacking events were inside jobs by disgruntled employees.

BTW, Trump won. Get over it. He can't be any worse than Billary.

CallMeLateForSupperDecember 15, 2016 8:02 AM

@The Twitter Truth
"[...] this nasty looking personalized link:[...]"

What a beauty!! I have added it to my collection, which I show to youngsters -- and folks who have compromised immune systems -- as examples of links they should... not... click.

The TLD on this specimen is familiar to pretty much everyone -- not obfuscated -- so any potential clicker who is allergic to said TLD is forewarned: do not touch. On the other hand, since *this* particular TLD is ubiquitous, many people would probably ignore the nasty bits of the URL and click it because they trust the TLD. Think about that.

The rest of the link fairly screams "obfuscated!", which should immediately cause one to wonder "What is it hiding, and why?". I can't imagine a case where an obfuscated URL is good for both the obfuscater and the clicker; I can think of many reasons to obfuscate that are good for the obfuscater because they are BAD for the clicker (To be clear, that is you).

David JohnsonDecember 15, 2016 8:12 AM

As a Bernie voter in the primaries, watching him win my home state of Michigan, I don't know how Sanders could have been 'more enthusiastic.' I agree very much with your four points and your resolution, but that felt like a jab.

The PessimistDecember 15, 2016 8:16 AM

I agree completely that things will eventually swing back, but the sad part is all the lives that will be destroyed in the process.

In any event, the internet is dead. It is just not feasible that there will ever be 100% privacy in any form of communication. We need to accept that.

Anonymous CowardDecember 15, 2016 8:16 AM

Bruce,
There are so MANY unsupported assumptions and accusations in this piece; it causes me to doubt your ability to logically and without emotion evaluate the security topics that are your specialty. You have damaged your credibility.

As a small example: Now the FBI and the Director of National Intelligence – who oversees the US spy agencies – have refused to back the CIA.
http://www.dailystar.co.uk/news/latest-news/569818/cia-russia-hackers-donald-trump-election-fbi-director-national-intelligence-james-clapper

Bruce you need to give up on your love of big government and understand that the current system is NOT working for us out in fly-over country. Trump is a non-violent sledgehammer thrown into the gears of FEDGOV. We are going to increase the volume until our concerns are heard and addressed.....

Even this morning the MSM (legacy media) is blasting out a story that Putin himself was personally involved in hacking the DNC. You got to admit that it is unlikely that Putin is a hacker.

Bruce, you do understand that the MSM is propaganda right???
I hope you will open your eyes and do some introspection.

Russ WhiteDecember 15, 2016 8:18 AM

Bruce -- I hate to say it, but you've lost the thread on this one. Clinton, who has mishandled classified information, actually resulting in the deaths of real people, would not have -- could not have -- been any better. Essentially, the American people were handed the choice between two candidates who both believe bigger government is better. The only argument was over who could make better promises and "get the bigger government on the side of the people," whatever that actually means. The choice was really more about who is going to get government favors rather than whether or not those government favors exist in the first place.

Now -- how this all relates to security... One key point in the entire privacy debate is controlling the size and scope of the government. And yet almost every security folk I'm reading right now is saying "Trump won, it's TERRIBLE," without for one second realizing they've all been supporting bigger government for many years in the form of a strong progressive political movement -- which is, itself, trying to control everyone, all the time, "for their own good." 90%+ of the entire tech world, being wrapped in a culture bubble they can't even see, has been working against privacy and security for the last 20+ years.

If you want privacy, the real solution is to get the government _out_, rather than managing the government's intrusions more effectively. If you want security, _people_ need to do something, rather than insisting the government to do something. Everyone whines about security and privacy, but I can't seem to get _anyone_ to actually encrypt their email, or to stop relying on G to manage their entire lives. Even in the security world. Strange, that.

Trump versus Clinton made not one whit of difference in the real world. Security folk need to stop whining about this, get out of the culture bubble all techies seem to live in (physically and mentally), and start trying to have an impact in the real world.

Dan HDecember 15, 2016 8:24 AM

@wiredog

Yahoo has never been able to pinpoint who hacked them. Yet it is a "certainty" that Russia hacked the DNC and Clinton campaign officials? How do you reconcile that?

China is suspected in the OPM hack, but there is no certainty. Yet it is a "certainty" that Russia hacked the DNC and Clinton campaign? How do you reconcile that?

North Korea is suspected of the Sony hack, but there is no certainty. Yet it is a "certainty" that Russia hacked the DNC and Clinton campaign? How do you reconcile that?

I also didn't notice any Russian mobsters at my polling place, or hear of any nationwide, forcing citizens to vote for Trump.

And Hillary used an unsecured email server than contained beyond top secret data and she was never concerned. Even during the Commander-in-Chief forum she declared that even if she was hacked, it didn't matter because the White House and State have been hacked (great logic!). Now she and her campaign are concerned about hacking?

Hillary used an off-the-shelf Blackberry instead of using a State-issued device. That Blackberry was likely hacked by China on her first Asian trip and she received a scathing letter from State Diplomatic Security about it, which she said "I get it" and then continued to compromise security. Yet now she and her campaign care about hacking and security?

wiredogDecember 15, 2016 8:25 AM

@Russ White
"Clinton, who has mishandled classified information, actually resulting in the deaths of real people"
You do realize that's a lie, right?

RobDecember 15, 2016 8:25 AM

Dave Jones :

I've found your key to your locker. Did you lock yourself inside, again?

Rob

rob swartzDecember 15, 2016 8:39 AM

So tired of 60 intellectuals attempting to drive the (fear) narrative. Like so many others great in one field thinking can think for all elsewhere. You're smart but not wise. Accept the loss. Did you ever play sports?

GCDecember 15, 2016 8:47 AM

I am not sure how a Clinton presidency would have been any better than a Trump presidency as to cyber-security initiatives. Everything will just continue the way it is, with no difference.

Upset that there will be more government and corporate surveillance? Uh, that is only been going on since the Cold War started and as technology has increased, so will more surveillance. Nobody is going to do anything about it, so live with it. You want technology and your toys, this is the ramification of having so.

"A defeated majority?"

Please.......it's getting old.....

Matt from CTDecember 15, 2016 8:49 AM

>Right now, we have a defeated majority.

No -- at best you have a defeated plurality.

Even with a lead in the popular vote, Clinton has not crossed the 50% + 1 threshold.

Writing that "we have a defeated majority" shows you're writing from a perspective inside a bubble.

-- 32 States with Republicans in charge of all houses of the Legislature
-- 5 States with Republicans in charge of one house of the Legislature.
-- 31 Republican Governors
-- When you read those numbers above...remember you need 34 States to force a Constitutional Convention, and 38 States to pass any proposals that come out of it. While we are most likely at a high water mark of Republican control for this generation, none the less we are dangerously close to having one party with sufficient power to force through amendments on their own.
-- Despite Clinton racking up more popular votes, that resulted in a barely any changes in Congress -- six House seats, two Senate seats (and some of those were extremely close elections.)

Although the gap may be starting to close, there are many more seats that consistently vote 75%+ Democratic than there are similar Republican strongholds, while most Republicans win in seats voting more like 55% Republican, 45% Democrat.

That's not an affect of gerrymandering. If you went to computer-controlled assignment of Congressional seats by making the most compact districts practical given our current demographics it would make the Democrats performance worse. Gerrymandering protects political friends; it doesn't on the balance effect which party wins.

That doesn't mean the majority of Americans do not care or understand about information security among other topics, or at least wouldn't be amenable to it.

For example, the NRA has been the single most persistently successful civil rights organization in the U.S. not only by focusing on one area, but also playing a very long game. While the ACLU is having to file suit over the misuse of Government and private databases, the NRA back in the 1970s fought to make sure the ATF could not computerize many records.

It doesn't stop an investigation -- look at how within a day or two of a major shooting the firearms are traced from the manufacturer to the either the shooter or to whom they were stolen from. But it means the Government can't go on fishing expeditions without spending real resources in time and money to check paper records and visit dealers to exam their paper records.

But I suspect many of those shocked at a Trump victory (I didn't support him, but I was at best bemused rather than surprised he won) live in bubbles that declare the NRA some evil organization that can't possibly find common ground with.

TedDecember 15, 2016 8:51 AM

We need to continue to work towards a more secure digital future. And to the extent that cybersecurity for our military networks and critical infrastructure allies with cybersecurity for everyone, we'll probably have an ally in Trump.

What level of information sharing and standardization will promote a safer, more equitable, and more balanced ecosystem?

The ISAO SO held an online public forum on November 18 to discuss information sharing, the legal issues GC’s may think about, and what might make it harder or easier for companies to engage in cybersecurity info sharing. David Turetsky hosted the presentation. David is a Partner and Co-leader of the Cybersecurity, Privacy, and Data Protection Practice at Akin Gump and the Co-leader of the ISAO SO Working Group 4, Privacy and Security.

You can watch his 54:05 presentation and review his presentation slides here:
https://www.isao.org/past-events/online-public-forum-november-18-2016/

The vision he advocates for is “a more secure and resilient nation that is connected, informed, and empowered.” He has worked in the industry for more than 30 years, having joined his recent position after serving as chief of the FCC's Public Safety and Homeland Security Bureau.

He says that inform sharing can help provide necessary security in a digital world, and although it is not a silver bullet, it might be necessary to meet commercial requirements, or to demonstrate reasonable care. He reviews what information sharing is (the government has many resources the private sector does not; think NSA, CIA, FBI, etc), some of the challenges that are associated (such as the risks and costs seeming more real than the benefits), and legislation that could help encourage information sharing (such as the adoption of liability protections).

The next online public forum is today from 1-2pm. Here are more ISAC, ISAO, and Other Information Sharing groups:

https://www.isao.org/information-sharing-groups/

Some of these groups include the Aviation ISAC, Electricity ISAC, Supply Chain ISAC, Advanced Cyber Security Center, Health Information Trust Alliance (HITRUST), Legal Services ISAO, Medical Device ISAO, InfraGard, etc.

dittybopperDecember 15, 2016 8:54 AM

I think you are wrong about the election being essentially a roll of the dice. It surprised me too, because the conventional wisdom was that Hillary was going to win, based on past performance of their polling methods.

He won by flipping the normally blue Rust Belt states of PA, OH, MI, and WI into the red column, using pretty much the same argument that Ross Perot was making back in 1992 and especially 1996: The giant sucking sound of jobs going overseas. We can argue whether it's actually true or not, but the reality is that manufacturing jobs in those states have been lost, so that kind of rhetoric fits what the voters in those states have experienced.

This was largely invisible to the media who tend to be part of the urban elite. They don't see entire plants moving to Mexico because of NAFTA (which happened to my first employer). They don't see manufacturers closing their doors forever because for regulatory reasons (minimum wage) they couldn't compete price-wise with cheap imports (happened to my second employer). Right there that's eight hundred people who I know lost their decent paying jobs because of trade issues since 1996.

This wasn't a random variation. Trump won because he was the only candidate in the last 20 years, and the only major party candidate I'm aware of ever, who was talking about leveling the playing field on foreign trade. I'm pretty sure that wasn't an accident but an intentional strategy on his part.

Whether he can deliver on that remains to be seen, but that's irrelevant to the election itself.

VestasDecember 15, 2016 9:24 AM

I'm surprised you buy the "Russian" involvement Bruce as both Craig Murray and Julian Assange state the source as being both American and "Democrat".

ParabarbarianDecember 15, 2016 9:28 AM

Lighten up a little, people. Bruce is an expert on encryption and security. That is why I read him. When branching off into politics he, more often than not, exemplifies the "ignorance of experts". He has been this way for as long as I've been reading his stuff.

Uncle Joe StalinDecember 15, 2016 9:51 AM

Yes, Bruce is right. It was the Russians and Sanders that elected Trump not the $2 Billion for speeches and donations from banks and sheiks, "Never ever single payer","Bring them to heel", etc. Lets support EFF and work to put Wikileaks fake news behind bars. Clinton was a goddess candidate and now the unbelievers have doomed us through devilish tricks. Woe is us.

Great satirical article Bruce, it lays out the blind stupidity of the Democratic Party.

hawkDecember 15, 2016 9:54 AM

I can tell you with absolute certainty that, anytime someone says they have a good idea for some software something, but they can't do it until they get funding it's junk.

Nick PDecember 15, 2016 9:58 AM

@ Matt

As a pro-gun person, I still think critically about the NRA since they're not about civil rights: they're a lobbyist group for gun companies aiming at keeping their product flowing. They'll do anything necessary, even lies, to do that. Stumbled on a nice presentation of their history and current tactics from Cracked of all people.

It was also not the NRA getting landmark rulings in courts on use of 2nd Amendment in self-defense. The last big one I saw came from a tiny nonprofit backing an individual in key case. NRA was just rolling in their money with no help at all. Given gun acquisition is all they're about, they should get a much, much smaller percentage of donations on 2nd Amendment issues. Of course, they're getting donations because people sending money are reading their propaganda in a bubble just like these liberals surprised at Trump's victory.

This bubble effect is a common problem. We call them echo chambers. Modern media, esp Facebook and Twitter, are designed to maximize the effect. Greatest threat to effective democracy in existence after apathy. Trump way lower on the list.

Follow the moneyDecember 15, 2016 10:00 AM

Bruce,

With all do respect, you have believed too much of the propaganda those on your side threw at Trump during the election. I don't remember the last time I felt so optimistic about the future of the United States.

When the Bill Ayers/Jeremiah Wright/Khalidi pal- who threatened to get out of Iraq and thus cause chaos in the Middle East- won, I felt very uneasy. When my fears were realized -look at the rise of ISIS, the refugee crisis in Europe, the empowerment of Russia- I didn't blame it on the voters who put Obama in power.

I think that if you want to have a productive next 4 years, you should get out of your own bubble of like minded people. What you call "deep social problems in our society" were obvious for everybody with a little bit of curiosity to see. I was talking the other day to somebody in the Bay Area that they didn't need to go Michigan to see them. A 2 hour drive to the Central Valley would be enough to see what we are talking about.

I find this comment "right now, we have a defeated majority" to be 100% baloney for the sole reason that in states that are swing states there are people who don't vote (from either side) because they know their vote doesn't count. To suggest that the national popular vote result in an election that is resulted by the Electoral College is representative of what the system would have produced had the election been decided via a national popular vote is fallacious and unworthy of somebody who presents himself as smart.

I am done reading anything you have to say. I will have to find a different expert I can trust on computer security matters. It is very clear to me that your judgement right now is too clouded by the defeat to take you seriously.

Follow the moneyDecember 15, 2016 10:06 AM

Correction,

..for the sole reason that in states that are NOT swing states...

To reiterate, this post shows the very reason we have universal suffrage: we don't let people like Bruce Schneier impose their petty politics on society at large.

And this election shows why the Electoral College is such a great idea: we don't let crazy California impose its crazy politics on the other 49 states.

Follow the moneyDecember 15, 2016 10:12 AM

A concluding thought. This post is the official announcement that Schneier on Security has decided to become a source of "Fake News"

AnuraDecember 15, 2016 10:14 AM

The entire Republican strategy has been disinformation, propaganda, and abuse of legal authorities.

1) Voter suppression efforts, primarily targeting minorities in swing states
2) A 4 year investigation started for purely political reasons, with no absolutely suspicion of wrong doing
3) A massive propaganda campaign, which has really gone on for decades

What do we know about Hillary? We have learned that the accusations of massive corruption were completely baseless. What do we know about Trump? He is deathly afraid to tell the truth or release information, and has absolutely no concern for anyone except for himself.

Think about all the other baseless charges Republicans have made. Look at all the conspiracy theories they have been promoting. The scariest thing is that Republicans have decided that anything that contradicts their world-view is actually part of a massive conspiracy to impose liberalism on the country.

Their only goal is to keep power while controlling the country, not to respond to the needs of the country. They have decided that since democracy no longer personally benefits them, they are against it and need to make sure that the voters should not be allowed enough information to make decisions, as they know that given all the facts, most will vote against them. They can't change because the Republican base won't let them, and so they have decided that the only option is to misinform the voters; and misinformed they were.

Given that information, and given that someone like Trump whose only obvious motive is to seek power, whose been doing absolutely nothing but pushing conspiracy theories, the future is I think a lot scarier than people are realizing.

There is absolutely nothing bad about Hillary you can't say about every other politician in Washington. Trump is by far the worst candidate in recent history; the most ignorant, the most willing to lie, the least transparent, and won who won purely off of making people angry. With Republicans having full control of government, and them benefiting, our country is not far from completely throwing away democracy, throwing away all civil rights, and using legal authority to crack down on any groups or journalists that won't support them.

Tell me one example in the last 8 years where Republicans used restraint in trying to gain power. Tell me there is a line that even Republicans won't cross. I just don't see it. Tell me if there was a massive wave of child porn charges against journalists and civil rights activists that Republicans won't accept it without question. Because nothing I have seen indicates any willingness to use restraint on the part of the Republicans. Basically, the neocons are angry that a foreign power interfered, but have absolutely no problem lying and manipulating the public to keep power.

Dr. I. Needtob AtheDecember 15, 2016 10:15 AM

Isn't is odd how "Follow the money" places such importance in the artificial concept of the will of the states over the very real concept of the will of the people?

PaulDecember 15, 2016 10:16 AM

Bruce,

You left out electoral college, glass ceiling, and #fakenews. You might have also mentioned Clinton's campaign airing more TV ads in Omaha, chasing after a single electoral vote, than they did in MI and WI combined in the final weeks. Or, maybe, one more fundraiser in Malibu or the Hamptons would have done the trick.

You're not an expert on politics the way you are security, and we're not here for the former. Until today I didn't know the political ideology of any of the readers here. I think most of us would like to keep it that way.

PvD

The Ministry of InformationDecember 15, 2016 10:19 AM

@Venril:

I didn't know www.dailymail.co.uk resolved to the Guardian's website :P

That said, it is pretty appalling to see how some "journalists" try to incriminate Putin personally by almost suggesting he was the one behind the keyboard during the various hacks, completely ignoring that the whole current focus on the Sovie...Russians is mostly based on hearsay from anonymous (or perhaps non-existent...) diplomats and rehashed news from the last few months.

I also find it quite scaring that many inhabitants of a major nuclear power go into blind panic mode when a TLA creates a new Red Scare based on flimsy evidence. Worse, the same people who are extremely critical of Trump and alt-right fake news seem to be most easily convinced by the latest manipulated news...

tzDecember 15, 2016 10:27 AM

http://esr.ibiblio.org/?p=7268

https://www.washingtonpost.com/news/volokh-conspiracy/wp/2016/12/07/the-supreme-court-oral-argument-that-cost-democrats-the-presidency/?utm_term=.a82245e0cba3

Here in Wyoming we take security personally - most own guns and know how to use them so I can leave my door unlocked.

You want to disarm us. You fear us. But we aren't killing anyone. You can't think outside your blue bubble.

Also we are mostly Christian. You hate us and wish to destroy us. Like Brendan Eich or Sweet Cakes or Memories Pizza. We would just like to be left alone, but you and your friends kicked the hornet's nest once too often. We are fighting back. Instead of slow cultural convincing, your Hillary government thugs must shove political correctness down our throats. Trump is the response.

Gab and Infogalactic are the response on the tech side.

Get out of your blue bubble or work for #CalExit. You have hated and hurt us here in flyover country while fawning over illegal immigrants and Muslim refugees. Either you don't see it or you don't care, or worse, enjoy our suffering.

If you continue the blindness or the war on white straight cis male christians, you will lose. The best hope is a libertarian truce. California can be California and Wyoming (70% for Trump) can be Wyoming. If you instead continue to try to turn every state into California, Trump and his successors will push back and CA will be like the defeated South during reconstruction.

steveDecember 15, 2016 10:27 AM

It's not often you see two sentences like this right next to each other like @ds just did -

> Your political fear mongering is repulsive. The democrats are the statist movement and are the Nazi party.

I didn't even have to clip out anything between them, it's verbatim.


Well, bye to everyone who thinks that Trump is, like, a smart guy, and doesn't read intelligence briefings, and thinks that global warming is a Chinese hoax, and goes on record mocking disabled reporters, yet will be able to secure the Internet of Things.

ADecember 15, 2016 10:29 AM

I'm a Trump supporter and find it highly obnoxious you believe in group think among your readership. I fought him on his surveillance stance in the primaries and hope he will be far better than the current high surveillance administration you don't seem so concerned about. I'll find my security news elsewhere if you have to politicize yourself so greatly based on believing the lies of the propaganda media. If you don't know what I mean by that, read your news more closely and far more skeptically.

MikeDecember 15, 2016 10:29 AM

Bruce, I with you. You need to lead and leadership means a vision, a plan, and directing execution. That means you are going to have to give us orders.

Dr. I. Needtob AtheDecember 15, 2016 10:30 AM

What a dramatic change Bruce Schneier has gone through over the years since the late '90s! He's finally coming out with the position that I've always expected such an intelligent and clear-thinking person to be harboring inside. Now he's finally ready to face the fact that the combination of increasing technology and decreasing sanity has brought the situation to a point that's too serious for him to continue trying to appear neutral. Go Bruce!

If you Trump supporters didn't see this coming it's no surprise, considering that you're totally blind to what sort of person Donald Trump really is.

Sesame Street News FlashDecember 15, 2016 10:35 AM

The election was so close that I've come to see the result as a bad roll of the dice. A few minor tweaks here and there -- a more enthusiastic Sanders endorsement, one fewer of Comey's announcements, slightly less Russian involvement -- and the country would [have] be[en] preparing for a Clinton presidency and discussing a very different social narrative. That alternative narrative would [have] stress[ed] business as usual, and continue[d] to obscure the deep social problems in our society. Those problems won't go away on their own, and in this alternative future they would [have] continue[d] to fester under the surface, getting steadily worse. This election exposed those problems for everyone to see.

(My edits in square brackets to the passage immediately above are meant only to clarify the intended meaning, which I found oddly obscure (on first reading) due to the curious avoidance of counterfactual syntax.)

This is an interesting passage. The first half asserts, "Just a few more dabs of lipstick on the pig, and Clinton would have won." The second half acknowledges that had Clinton won the presidency, she would have continued her career of papering over deep structural problems in American society that demand solutions.

The second half is hardly controversial.

But those three dabs of lipstick in the first half, though. Of all the developments that might have been different, why reiterate those in particular? Why continue to flog the "if not for Sanders/Comey/Russians" memes? All three excuses have been invented practically out of whole cloth, and amplified by the Wurlitzer, to dilute bandwidth that might otherwise be spent discussing that herd of elephants stomping around the room.

For each dab of lipstick, there are elephants.

1. Regarding that hypothetical "more enthusiastic" Sanders endorsement:

Elephant: "What if the Democratic primaries had not been hacked, every which way, by Democratic party elites in favor of Clinton?" Why fret over minutiae like whether the post-primary Sanders could have been even more obsequious, instead of questioning why the Democratic elites decided to hold a coronation in lieu of holding a truly competitive primary election in the first place?

2. Regarding "Comey's announcements", and their supposed effect:

Marcy Wheeler:

https://www.emptywheel.net/2016/11/11/blame-comey-movement/
https://www.emptywheel.net/2016/11/13/role-obamacare-premium-hikes-trumps-win/
https://www.emptywheel.net/2016/12/11/obamacare-not-comey-effect/

Also, and orthogonal to Wheeler's insights, another Elephant: It seems to me that the whole Comey thing has been invented/staged, conveniently, so that elite pundits can pretend to address "emails" without even mentioning Wikileaks, where verifiable documents are available to the public.

3. Regarding alleged "Russian involvement":

Ah yes, the CIA's brand new pulp fantasy series called The New Red Scare, a convenient invention meant to dilute the bandwidth spent discussing the content available at Wikileaks, where real documentation of real crimes can be read by the global public.

Craig Murray has a story quite different from the CIA's:

https://www.craigmurray.org.uk/archives/2016/12/obama-loses-war-whistleblowers/

If you set up the super surveillance state, hoovering up all the internet traffic of pretty well everybody, that is not just going to affect the ordinary people whom the elite despise. There is also going to be an awful lot of traffic intercepted from sleazy members of the elite connected to even the most senior politicians, revealing all their corruption and idiosyncracies. From people like John Podesta, to take an entirely random example. And once the super surveillance state has intercepted and stored all that highly incriminating material, you never know if some decent human being, some genuine patriot, from within the security services is going to feel compelled to turn whistleblower.

Then they might turn for help to, to take another entirely random example, Julian Assange.

Obama/Clinton have perished politically as an example of the ultimate in political hubris. Downed by their own surveillance super state. Obama/Clinton’s War on Whistleblowers resulted in the most humiliating of defeats, and now they are political history. This is karma for their persecution of some of the best people in their nation. Good riddance.

All nothing to do with any Russians.

Also pertinent:

https://www.craigmurray.org.uk/archives/2016/12/cias-absence-conviction/

In other words, "Leaks, not Hacks." Sounds compelling to me. Encouraging, even. But some people, it seems, would prefer to wet their pants.

OldFishDecember 15, 2016 10:50 AM

I read somewhere(sorry, don't recall where) that some large number of absentee ballots in CA are not counted unless there is a possibility that they could change the outcome. The writer said that these absentee ballots are largely from military personnel and tend to be about 2/3 Republican. It sounds odd that this could be the case and I am not sure how to check the accuracy of this assertion, but if true it might somewhat alter the popular vote picture.

Clive RobinsonDecember 15, 2016 10:51 AM

@ Anonymous Coward,

You are linking to http://www.dailystar.co.uk as a credible news source?

Do you know what it's more often called in the UK?

"T!ts & B*ms Unlimited"

It even puts the likes of the Rupert "the bare faced lier" Murdoch of NI Scum to shame, and that's difficult to do.

John ThurstonDecember 15, 2016 11:04 AM

I am astounded at the tone of the comments today, Bruce. I don't read all the comments on all of your postings, but what I have read over the years are usually more reasoned and cogent. This reads more like a transcript from a middle-school playground taunting than commentary on an essay.

Thank you for your writing and willingness to share your plans; even while being spat on and called names.

MicheleDecember 15, 2016 11:09 AM

Thanks for the entertaining column and comments section. I, like others, would have simply preferred your plan, without the angst.

Nick PDecember 15, 2016 11:11 AM

@ Bruce Schneier

Good write-up and recommendations. I'd comment on it more but...

"Right now, we have a defeated majority. Many are scared, and many are motivated -- and few of those are applying their motivation constructively. "

...I'd just be doing more of that problem. Plan to attempt some action in near future that might get somewhere. Having to revise my plans given he recruited some of same people I was going for in Silicon Valley. Good news is they're only peripherally connected to innovation side & might even have our back against incumbents with patent suits, lock-in, etc. Maybe...

@ all confused about high support of Trump (including in these comments)

I keep reposting this article by David Wong that explains much of it in rural and anti-government regions. Same stuff I heard talking to people in Red states for decades. Some of the comments here support it, too. Trump's win didn't surprise me at all given huge chunks of the population were entirely ignored by Democrat campaigns. Censored online, too. You can't do that with high hopes of winning or even knowing what opponents are doing. So, read the article for a start on what you missed. Important for formulating a strategy for next election that appeals to Trump supporters.

Note that this article doesn't cover all of Trump supporters by any means. It's a diverse crowd with many motivations. It does cover most of them I've seen in person, online comments, right-leaning media, etc. More than enough to have stopped him in this election had anyone on Left actually given a shit about these people. Their echo chambers and/or snobbery cost them a lot this time. ;)

VestedDecember 15, 2016 11:16 AM

Canary?

Do you know what happens to most birds when a raucous teenager with a gun strolls along?

VetchDecember 15, 2016 11:18 AM

Guys, give Bruce a break. He's spent the last year and a half in echo chambers being told Clinton would win. I think we'd all be upset when having go face reality in that scenario, too.

leftouscrusaderDecember 15, 2016 11:19 AM

@Bruce

The situation may not be as dire as you think. Having read the WikiLeaks with a particular focus on the reliability of the press I have been forced to acknowledge that my political opinions have been heavily influenced by propagandists and so I have reluctantly flushed the pipe.

I'm in Glenn Greenwald's camp on the Russian interference story. If you have had access to the source material behind the CIA story then please say so: I would trust your analysis of the source material, but I simply cannot trust any of the sources pushing this story anymore. Bear in mind that Assange has repeatedly, directly and emphatically denied that the claim is true.

2018 is our next chance to change the facts on the ground politically, but that's going to be all but impossible if the left-establishment continues trying to bury the WikiLeaks while the right-establishment shouts them from the roof tops.

Roll an alt and come speak your mind candidly at r/TheOpenSingularity. It's the best approximation of the public square that I could cobble together on reddit.

Here's the inaugural post:

https://www.reddit.com/r/TheOpenSingularity/comments/5cwejs/the_inaugural_post/

The people who made you famousDecember 15, 2016 11:28 AM

Bruce,

You got where you are because people care about your opinion on security, not politics. We get to hear the stuff you've just regurgitated on just about every other major blog on the Internet.

If 52% of the country didn't vote for Clinton, you can expect a similar proportion to unsubscribe from your blog updates, should the extraneous noise continue. Just a friendly reminder!

If you need an outlet for your frustration, Blogger makes it really easy to create "Schneier on Politics".

честьDecember 15, 2016 11:33 AM

Hey, cheer up.

Remember when Bush got installed and Cheney went to DEFCON 3 to replace the constitution with COG, and things got worse and worse? And then people voted for Obama and Hope & Change but then NSA put the horse head in his bed and he caved on carrier immunity for illegal surveillance, then CIA put the horse head in his bed and he caved on impunity for torture, and then CIA taught him to play bugsplat and watch censored death-squad cam recordings and he got to like it, and things got worse and worse? So of course things are going to get worse and worse - or else Marine One is gonna throw a rotor and crash in flames and we'll name lots of schools and hospitals for Trump.

That leads to one niggle with an essay of great integrity. 'Problems in our society,' that's residual elite indoctrination. Latin Americans, who know a thing or two about things getting worse, have a saying: Fue el estado. It's the state. The induced tendency to personify repression in a political opponent incites the kind of synthetic partisan conflict we see here, and it gets CIA off the hook.

As a paramilitary command structure with impunity, CIA runs America. That's your adversary. Thanks to cascading state failure plus a very encouraging mutiny of elements in NSA and FBI, Billy Fox wound up beating the Raging Bull even though the fix was in, and you got Trump as a figurehead instead. So what? The course of action is exactly the same.

You go over the government's head to the international community, which has laws and institutions to protect your rights. You enlist international civil society for solidarity to loosen the CIA's grip on the domestic public. If the US doesn't come around, knock it over, break it up, Who needs it? Molting and shedding the USSR did wonders for Russia.

AnuraDecember 15, 2016 11:37 AM

@Nick P

More than enough to have stopped him in this election had anyone on Left actually given a shit about these people. Their echo chambers and/or snobbery cost them a lot this time. ;)

This is just wrong. For the last 30 years, Republicans have been cutting off all media if it disagrees with them. Hell, the big response by Trump supporters to this post has been "I will never read anything you write again". They have refused to acknowledge any problems faced by the left, and have been flat-out accusing them of stealing elections for years. To suggest that it's the left's fault for not being paragons of rational and objective debate, in the face of being told they hate freedom and lack morality is just ridiculous. The right has refused to engage in any rational debate, preferring to push false equivalencies and based accusations - there's a reason for that, it's because that is what right-wing media has been pushing.

The only thing that really changed this election in regards to turnout is that some Democratic youth voters stayed home - nothing to do with any of what you are suggesting, everything to do with the disinformation campaign the Republicans are running. The problem was that the mainstream media has been ignoring the problem for years; they haven't spoken out against it, because attacking an entire party would cost them ratings. So instead, they have been coddling the Republicans, letting them spout whatever nonsense they want because they believe being neutral means treating one side's speculation as equally valid as the others' facts.

VetchDecember 15, 2016 11:43 AM

"The right has refused to engage in any rational debate, preferring to push false equivalencies and based accusations"
Rational debate.. Like paying people to go to other peoples' rallies and start fights with people!

keithDecember 15, 2016 11:46 AM

If you think Sanders could've been more supportive but don't mention Clinton campaigning in the wrong states, you might be a little biased. It's not relevant to this blog but no need to alienate the Democrats who had more prescience.

The people who made you famousDecember 15, 2016 11:47 AM

@Anura

> For the last 30 years, Republicans have been cutting off all media if it disagrees with them

Erm... What country have *you* been living in? If by "cutting off" you mean that they quit reading and listening to it after a while, then yeah. But it hasn't stopped anything.

If I go to Engadget, for example, I can read exactly the same garbage as what Schneier has posted here.

It happens to be annoying, party affiliation aside for a moment. If I want to read political commentary, I'll go to CNN, MSNBC, Breitbart, Fox News, etc. I dont need to get bombarded with political crap when I read a tech blog.

Zero Sum GameDecember 15, 2016 11:48 AM

Bruce,

Long-time fan of your writing here. I haven't lost respect for you over this post because I understand that anyone can become a victim of histrionics and unwarranted panic.

Your focus should not be upon who wields the power. It should be on the power itself. We've had eight years of a compliant, slumbering media ignoring the growth of power of the executive branch and the waning of our system of checks and balances. The loss of the Presidency to another party should be irritating at worst. The rhetoric that has persisted in an attempt to undermine the legitimate winner of the election shows that the office he campaigned for itself is too powerful.

We still have many checks and balances left, despite it all. What has been lost over the last sixteen years can be regained. But we need calm, level-headed voices guiding the calls for that. You have always been such, and you should consider this post a misstep in that established history. You do not appeal to reason by repeating a narrative about shady Russian hackers misleading the public. The e-mails are real. The DKIMs verify. It doesn't at all matter whether they were leaked or hacked. There is nothing misleading in shining light on the truth, even if that truth is painful to hear.

Take a step back. Breathe. Comport yourself. The fight is not with a man or a political party. It is with the size and scope of a government that has grown too powerful for its citizens' needs. When we can return to reading that the other guy got in and grumble a bit and then direct our attention to more important issues in our daily lives, we'll know we've cut back far enough.

keinerDecember 15, 2016 11:55 AM

@честь

Can you elaborate what are the differences between Russia and the USA? Both have populistic oligarchic regimes, state is in fact run by big money (look at the funny cabinet Tronald Dumb picked as his mates. Ab-so-lutely cool!) made from oil or other shady businesses.

So. Finally there!

AndrewDecember 15, 2016 11:56 AM

I am afraid I won't agree with most points of view here, including Bruce's. I am living in a East European country and I can tell you that, for months, the world is set here for the WWIII. I haven't seen trains of M4A1 or other armored vehicles since I was a child, back in Cold War era (well, there were T72 back then). Thousands of American troops are coming, new jet fighters are bought, new war ships are built, army recruits thousands. Everything is set in place to start the World War at the slightest provocation. You can't know this because of media screening that won't let you know too much past the American borders. You're in a movie where the last things you'll see may be the russians mushrooms without knowing what happened.

I really feel that Trump's election postponed the end of the world. Of course, russians got involved and did everything they could, they did this because they know they can't sustain a conventional war and things will get to nukes pretty fast. They will launch everything they have the very second their first nuclear base is threatened, it's a simple existential matter. And there is still nothing that can be done against submarine missiles...

You see Trump thinking that his children will live in a bunker for next several years? I don't. Would you let a woman cheated all her life with the finger on the nuclear button? I wouldn't. Trump maybe will make all possible stupid thing in the world, still he wont destroy it. This man made billions, some losers call him stupid?? C'mon...

You need to understand that world is not lead by politicians anymore, now more than ever. The old fat bastards lived their lives, few more years in a bunker is nothing for them. Trump is kind of like them, they can't control him, that's why they put the whole media against him.

We will see.... I just hope I was right. Plus nothing more can be done now.

AnuraDecember 15, 2016 12:00 PM

@The people who made you famous

Seriously? The Republican base has almost completely cut-off all mainstream media, getting their news purely from right-wing propaganda sites. I haven't seen a strong Trump supporter who doesn't actively attack any organization that doesn't give Trump favorable coverage; not the article, but the entire organization gets attacked.

Politics has always been part of Bruce's blog. It's just before, people on the right could pretend that all of the stuff Bruce was against comes purely from Democrats so they didn't object.

cdmillerDecember 15, 2016 12:01 PM

It is disingenuous to conflate federal government overreach on privacy and encryption with any particular political party or presidential candidate.

Recent history:
Pre-Clinton (Johnson - Reagan): encryption as a munition, ECHELON, Cyberpunk laws
B. Clinton: Clipper chip, crypto wars
W. Bush: 9/11, warrantless wiretapping, DHS, TSA
Obama: MAINWAY, PRISM, Assassination via Drone, War on Whistleblowers
H. Clinton / Trump: ?

Oh, and Happy Bill of Rights Day.

Dirk du PlooyDecember 15, 2016 12:04 PM

Having been in IT for almost 30 years, this blog entry confirms so much to me, when you start to play the game of politics on a blog that says Schneier on Security, you seriously have your games screwed up. I would not trust you to look after my systems even if I was a Democrat. Simply because you can not keep your games separate and clearly cannot play the games apart of each other without emotions in the one game influencing the other. The fallacies in argument and logic are so obvious when you take the emotions out of it in this article and it is scary to see such a meltdown in a person that is supposed to advise companies and governments on security. The worst is that you do not even understand your countries electoral systems. The so-called majorities make up is the following an Estimate of 137.74 million votes cast and 251.11 million people of voting age. This represents an increase in total votes cast from the 2012 election (130,292,355 votes cast and 241 million people of voting age) but even percentage of voter turnout 54.9% of the voters. That means Trump won, 50% of votes of 50% of people who could have voted that did not even take part in the process. So ACTUALLY, the majority that "won" is half of a half with other words a 1/4 of people who could have voted in your country. The worst of all is, no Democrat screamed about the Electoral System when their candidates won the one election after the other, during the election it was actually said if Republicans should lose, they will loose there heads and start a civil war. Oops what is happening here now, in effect, you are sore losers, who played a game like American Football and lost and then blamed how the rules of the game are setup after the fact. And as in this article, who is now talking about 4 years of war etc. etc.

As for me, if I ever have to take up security advice, I know now where not to get it, and where not to waste my energy reading biased and mixed stuff on security and encryption. You fell into a double bind, mentally, the moment you wrote this article and showed you are unprofessional to the extreme. I am unsubscribed and I hope many others will follow, you do not play the game of technology and security nicely by mixing politics into it and I for one do not like to play the game of American Football on a Tennis Court.

Jon MillettDecember 15, 2016 12:14 PM

To Bruce, thank you for sharing and for leaving the comments in place.

To those considering leaving please also consider that you are re-enforcing your own bubble. The way forward is to work together and focus on what we agree on.

To those responding with insults, please reconsider your approach if you want to be taken seriously.

Follow the moneyDecember 15, 2016 12:17 PM

@Dr. I. Needtob Athe

Actually, I place high importance in the US Constitution. I am a student of history. Unlike many naturalized citizens who take their citizenship exam as a checkbox, I actually spent quite a bit of time understanding the history that led to the creation of the United States and the values embedded in the constitution.

Here are a few facts for you:

- The founding fathers' only concern was to create a society where each of them -and their respective ideologies- could co-exists with the others. Thomas Jefferson hated Alexander Hamilton as much as the other way around. However, both of them hated the Europe of absolute rulers even more.

- If you read the federalist papers, you will see that they saw democracy as a way to channel the differences of opinion among the different factions without being destructive (I recommend you read federalist paper #10 for a great introduction to the topic http://avalon.law.yale.edu/18th_century/fed10.asp). At the same time, they didn't trust direct democracy because, unlike the current unlearned liberal elite, they were students of history themselves and they knew that direct democracy sooner or later results in "mob rule".

- Thus they came up with several mechanisms to ensure that while democracy -ie, vote- was the way to channel political opinion, it was done in a way that it would be difficult to end up being "mob rule". First, the states are recognized as sovereign entities. Independently of how this sovereignty is more nominal than real today, that's what the United States is: a federation of sovereign states that have agreed to create a union for their common good. Second there is separation of powers which is more strict in the US than in any other Western county you can name. Third, each of the three powers name their chiefs independently: the legislature in fact has two branches, each of which can veto the other and that is elected differently; the judicial appointees are for life; and finally, the president is elected via the electoral college not a straight popular vote. The reason for the electoral college existence is to have a weighted average that gives smaller states a bigger say than what would follow from a strict proportional assignment of electors via population. And the original reason this existed is so that the large states in 1791 that happen to be "free states", couldn't impose their anti-slavery agenda on Southern states. As sad an unacceptable this is for a XXIst century audience to accept, for almost 100 years the United States had states with slavery and without slavery. The notion that today the only way forward, according to people like you or Bruce, is to make every state look like California is preposterous on its face, particularly when if you take away California from the equation of the 2016 election, Trump won both the electoral college and the popular vote (by an almost 2 million margin) on the other 49 states +DC combined.

I echo the sentiments of others: effective today, this blog has become less about technical issues that affect computer security and more about an ideologue providing a source of "Fake News" to practitioners of computer security. I am done taking anything Bruce says seriously that is based on his "expert opinion".

tzDecember 15, 2016 12:25 PM

Also, you on the left hate democracy. Proposition 8 in California - the contribution that Brendan Eich got purged over years later because it was unforgivable passed! By a larger percentage than Hillary beat Trump. In deep blue California. But HORRORS! THE PEOPLE VOTED THE WRONG WAY! So a gay judge overturned that election.

Personally, I'm a libertarian and think Government should have nothing to do with Marriage - it is a religious institution, but since everyone else seems to think Government should be right in the middle of it, it becomes something to fight over. Same thing with personal security like guns or crypto, or privacy like medical treatments (the Feds must know my most intimate secrets).

When you lose a democratic election you turn to unelected judges to get your way. When judges rule against you - and Trump will appoint 2-5 young Scalias - you complain about the democratic will of the majority being ignored.

You want your pet tyranny however you can get it - Bigger Government is always tyrannical but oops, Trump is now riding Leviathan, not Hillary (as conservatives who liked they tyranny when Bush was in office but not Obama).

But you don't want to shrink government, get it out of all of our lives, go Ron Paul constitutional libertarian. This I don't understand. You want to micromanage my life, but resent it when I try to micromanage yours.

I hope you reconsider, but in the interim, I want Trump to make things so horrible for you and the left that instead of demanding the next Democratic candidate take over the government, that they instead also want to burn it down and shrink it. I want to make you a social and economic libertarian instead of a micromanaging socialist - that Government is always abusive, even when at the moment it isn't abusing you or you are one of the abusers.

Maybe at some point we can agree to tolerate each other and not force our views, or purge people for "bad-think". There are democrat "Ron Paul" types, albeit few because people like you wanted the Stalin types.

If you start finding democrats that will get the Government out of my life - including my bedroom where I have my gun safe - I will vote for them over Trump. If you find another Democrat that wants Australian style gun confiscation (like Gov. Brown in CA), and wants to repeat the lies about Obamacare keeping my plan, doctor, and it would be affordable, and that I have to allow big hairy men into the rest-room where little girls are doing their business, you will lose, and by a larger margin.

Martin WalshDecember 15, 2016 12:27 PM

@Dirk du Plooy

Is there something about certain people? They're like little girls playing in a fantasy world in their bedrooms. No matter what their profession they can't keep their mouth shut and it's so important that everyone knows what they think about everything. And then they run and hide behind their profession as if ALL teachers or ALL engineers are just like them. It's stupid and embarrassing.

AnuraDecember 15, 2016 12:36 PM

Is there something about certain people? They're like little girls playing in a fantasy world in their bedrooms. No matter what their profession they can't keep their mouth shut and it's so important that everyone knows what they think about everything. And then they run and hide behind their profession as if ALL teachers or ALL engineers are just like them. It's stupid and embarrassing.

Yes, unless you are independently wealthy and don't have a job, shut your mouth.

In the future, please confer with the Republican party to determine if it's okay to state your beliefs.

Clive RobinsonDecember 15, 2016 12:58 PM

@ Anonymous Coward,

I was not arguing for or against your argument, just that your source has in the past made the sort of "Elvis found on the moon, along with the 85 bus to Putney Bridge" type stories, made more famous by certain US outlets. Thus the Daily Star is not realy taken credibly in the UK...

As for the actual point you were making, I think you've read enough of my comments to know that it does not surprise me in the slightest.

After all how often have I banged on about the lack of evidence and how easy a false flag operation would be?

Thus when I see,

    "ODNI is not arguing that the agency [CIA] is wrong, only that they can't prove intent" --One of three U.S. officials [spoken to].

My only real thought is "prove intent" should be the stronger "can not find credible proof"...

Jon MillettDecember 15, 2016 1:05 PM

@Martin Walsh

They're like little girls playing in a fantasy world...

Is your objection to girls, children, or fantasy worlds? Personally, I think all three are great and make life worth living ;).

mastmakerDecember 15, 2016 1:13 PM

Wow! I didn't know SOOOOOOOOOO many trumpian [profanity deleted by moderator] hang out here. Some of the gloating and bullying and defending is amazing to read. Hope you guys won't come to regret your support of the biggest con man to ever to enter politics in these here states.

"California is one state out of 50": That happen to have 39 million people. How come Wisconsin's 5 million and Michigan's 10 million became more important than California's 39 or New York's 20? Because their voters have been conditioned with your dog whistles? It is high time electoral college is abolished. It has already given us TWO disastrous presidents of this century, within first two decades itself.

Another cowardDecember 15, 2016 1:14 PM

@tz - Last I checked, Schneier lived in MN. I'm pretty sure they have flyovers and guns there too.

rDecember 15, 2016 1:17 PM

@mastmaker,

And protected us from how many others?

I think we should have a permanent freeze on the structure, that includes redistricting.

There's no way to move forward otherwise without increasing skepticism at this point.

Another cowardDecember 15, 2016 1:20 PM

@tz - Perhaps you should move to one of the small goverment, libertarian utopias like Somalia or Syria. You'd get to use your guns on a regular basis, and that alone should make you happy.

Dirk du PlooyDecember 15, 2016 1:21 PM

@Martin Walsh, I do not mind people having opinions about stuff and playing various games of society, professions, politics, religion etc. What I do despise is when they take their "right way", let call it the white pawn game (The good game) and make it out as the only game and that the black pawn game should not exist. As an outsider to this American election I stand in awe, facts is the Democrats have a similar "bad" wrap sheet as the Republicans, KKK, Eugenics, Slavery and oppression of the Native Americans(Hamilton), both supports and supported resource wars in the Middle East in which countless lives are taken for the so-called good of all Americans, and with the "justified narrative" of a moral high ground. Both did nothing to rectify the atrocities committed against the Native Americans. Both did "good", the Republicans outvoted and fought a war against slavery (Lincoln), they voted against segregation laws. The Democrats did bring many other social changes for the better. Worst of all is, when you look at the bigger picture, all of them are American, that is the bigger game and the destiny game is they are part of humanity. Both point out to there differences in how their system will make things better, the Democrats have a more goo philosophy and the Republicans a more prickly in their philosophy but both are in essence prickly-goo. What I would have liked to have seen, is that each will speak to the "bad others" and create a gooey-prickly society, recognizing the bad and the good in each system and create a higher evolutionary consciousness society. The idea of country, culture, politics, religions and nationality as games of society is for me personally, no issue as long as you do not kill or subvert/hurt each other in deed or word, or make it as if your way/truth is the only truth and everything else should be destroyed. You know, I will love everybody, as long as everybody is lovable in my way. Taking it a bit further I get to Animal Farm of George Orwell, All animals are equal, but some animals are more equal than others.

Then I believe, if you do certain jobs, that serves society as a whole, policing, cyber security, the army, the fire brigade, you take the damn politics out of it, because what will you do when the patient or the person that needs to be helped is one of those "bad" X's.

And that is what I see in this article and in the behavior of so many of the Democrats at the moment, I love everybody and will serve everybody, but that everybody does not include those animals, because we Democrat animals are more equal, and we will kill them in one or another way for it, either by economics or by making them deplorables because we are so much better.

The moment we see that I have some of your good and some of your bad in me, and that mostly the things I judge you about are parts of me that I do not like about myself, we as a world can start to move forward.

Facts are, we are 7 billion people on this rock called earth, with various ideas, but we are now so interconnected, that not much can be put into safe spaces and if you want to create those safe spaces by nuking the other not so safe idea, it will kill us all. Last time I interacted with most people, the wanted to be loving, look after their families and will not want anything other for the others, up until somebody creates a narrative about that difference in the others are a reason to kill them.

The world as a bubble of a country or idea is dead, and the sooner we realize that and let each other take a breathe and use the best of all ideas to make it a better place for all, the better.

As for the game of Profession in society, I think as with the example of the fire brigade to stick with that game and for the benefit of society keep your nose out of the game of politics, it is an energy thing, and it is the decent thing to do. If you want to make a difference in politics, be a politician or vote in your favorite politician which in any case is not going to do half of the stuff that he/she said, in order to stir up emotions and use them to change the system of politics to change it to your "good". But when you start to say, I do not serve X because he/she is X,Y or Z, you are not better than the Nazi's in WWII especially when you are in "public service".

In certain parts of the world where free speech and ideas are not so readily allowed because of the systems in place there, this type of talk would simply be seen treason and your head will roll.

Personally I am fed-up with the game of politics, there is no fail-safe or perfect system, you can take the best of many and try to make it the best you can, the face of politics and society will soon in any case change as our worldwide economic IOU system based on ideas of what value is crumble. That is the bigger opportunity and problem.

I did not subscribe to this newsletter to be influenced to be either American, Russian, Democrat, Capitalist or Socialist, I subscribe to it to see how security can be bettered as per normal, reactively, because I know that anything that can be engineered can be reversed engineered.

So opening up yet another e-mail with Trump is worse than Clinton, Clinton is worse than Trump and I will "war" for it to change because the world is going to end when I wanted to read about IT Security and how it mostly fail, was simply enough.

It is not a fun way to play the profession of IT Cryptography and Security at all. Yes I think all these IT and other professionals that have a hissy fit about politics and their moral high ground should become politicians rather, it will be safer, for the profession of IT and other professions at least, or they can start and listen to "the others" and maybe do something nice or loving for that "bad" Democrat, Republican, Gay, Russian,Native American or whatever X colleague and make the change from the ground up, because simply that is where real change happen.

AnoonDecember 15, 2016 1:29 PM

Use Tor. Use Signal. Use Tails/Qubes/Subgraph. Kill your phone. That should be enough I guess for my part :)

AnuraDecember 15, 2016 1:34 PM

@Anoon

Until encryption that the government can't break is made a crime, then just trying to conceal your identity online will get you arrested.

Michael BaldwinDecember 15, 2016 1:34 PM

I just love how so many new friends discover this nondescript little security blog every time Bruce makes mention of Russia or Trump. Bruce ought to just start serving ads and make every post an alternating pattern of "Russia Trump Russia Trump Trump Trump Russia".

Dan HDecember 15, 2016 1:40 PM

@Anura

"There is absolutely nothing bad about Hillary"

ROFLMAO ROFLMAO ROFLMAO ROFLMAO ROFLMAO ROFLMAO ROFLMAO ROFLMAO ROFLMAO ROFLMAO ROFLMAO ROFLMAO ROFLMAO ROFLMAO ROFLMAO ROFLMAO ROFLMAO ROFLMAO ROFLMAO ROFLMAO ROFLMAO ROFLMAO ROFLMAO ROFLMAO ROFLMAO ROFLMAO ROFLMAO ROFLMAO ROFLMAO ROFLMAO ROFLMAO ROFLMAO ROFLMAO ROFLMAO ROFLMAO ROFLMAO ROFLMAO ROFLMAO ROFLMAO ROFLMAO

1) Put beyond top secret data on an unsecured email server that was hacked.
2) Used an off-the-shelf Blackberry likely hacked by China according to State Diplomatic Security.
3) Sold uranium to the Russians to line her pockets.
4) A few bucks of the millions given to the Haitians actually benefited them.
5) Said half of the people she wanted to rule over were deplorable.
6) Whitewater
7) Travelgate
8) Futures trading where she didn't have the money to even place the trade, yet made $100,000 (by reading the WSJ).

Americans rebelled against the nobles in England because we didn't and don't want a Queen.

Bruce SchneierDecember 15, 2016 1:44 PM

"Only critical comment: your intro appears to suggest that the election result had nothing to do with Clinton's many weaknesses."

I didn't mean to; she was such a flawed candidate.

Clive RobinsonDecember 15, 2016 1:45 PM

Can people stop hay stack tossing political personalities and study their own history a little?

For instance, since WWII how often has a party had three successive presedential terms?

What does that actually tell you about which party was most likely to win?

It's a little like generals, they win a war and don't learn anything from it. The generals who lose however ensure those that follow them learn from their mistakes. In the next war the previous lossers tend to have better tactics thus are more likely to win, provided they don't become over confident and over extend.

That is in general a wining game plan usually only works the once against the same opposition, unless you can realy solidify your gains and up your game to overcome your opponents change in tactics. One party was very obviously playing an out of date game and did not respond to a change in tactics.

As I've said befor people were looking at the pollsters who have no skin in the game, the bookmakers however do have skin in the game and they were at quite some variance with the pollsters, why do you think that was?

Getting onto "personalities" who realy thinks Trump is "a real dyed in the wool republican"? I don't he gamed them for his own agenda.

To understand why you need to know how to manipulate a "two party first past the post vote" without cheating. It's actually quite simple and well known, you become a third entrant and emulate the policy of the likely winner (and also use newer tactics). This emulation fairly obviously splits the vote of the likely winner such that it in effects halves their potential vote take, making it much more likely they and the third party will be beaten by the original second party.

However as the third party you then play the "mine are steel yours are brass" game and convince the party (not candidate) that would win that you are going to go one and will not stop, but you are not just like their candidate but better... Their only sensible choice in a rational --not emotive-- game is to dump their candidate and adopt the third party person as their own...

And we've just seen how that trick plays out. It's just one of the reasons I keep saying "first past the post" elections on a two party system are not a democratic process.

But don't mind me you lot keep tossing those haystacks, and I'll keep eating the popcorn in the lazyboy chair and watching the show...

Bruce SchneierDecember 15, 2016 1:45 PM

"It's amazing what 20 years make you forget. Weren't you the one fighting the first crypto war against Clinton administration? How does electing his wife into office make things better?"

I agree that it would have been a battle in either case. I tried to make that clear in the essay.

AnuraDecember 15, 2016 1:49 PM

@Dan H

If you require out of context quotes and baseless accusations to support your position, that's usually a sign that you yourself know that you don't have an actual argument, so why even comment?

Bruce SchneierDecember 15, 2016 1:49 PM

"I'm surprised you buy the 'Russian' involvement Bruce as both Craig Murray and Julian Assange state the source as being both American and 'Democrat.'"

Assange personally blames Clinton for his house arrest. And as far as I can figure out, he has a legitimate beef. For him this was personal, not political.

Bruce SchneierDecember 15, 2016 1:51 PM

"Yet there is absolute certainty on behalf of the left that Russians were involved in hacking the DNC???"

There's not absolute certainty, and I think that the FBI/NSA needs to publish their evidence. But there's at least much certainty as North Korea and Sony, or China and OPM.

But you're right that the evidence needs to be made public. This is too important to keep under wraps.

Bruce SchneierDecember 15, 2016 1:54 PM

"With all do respect, you have believed too much of the propaganda those on your side threw at Trump during the election. I don't remember the last time I felt so optimistic about the future of the United States."

I very much hope you're right and I'm wrong.

Jon MarcusDecember 15, 2016 1:59 PM

The people who think they're making an effective statement by publicly flouncing away from this free non-ad supported blog are...kinda cute, actually. At least they're better than the people demanding that the blog only touch on topics which meet with their approval.

But the third group denying Trump's involvement with Russia is just scary. It's not like Trump's connections to Russia have been hard to see. From Manafort to Flynn to Larry King & Russia Today to the Republican platform, Russian influence has been clearly visible.

The best demonstration was when Sputnik put up a quickly debunked story about Clinton. It was embarrassingly inaccurate, came down quickly, and never spread...except that Trump somehow found out about it *and* got a copy of their faked "documentation" to wave at a rally. http://www.newsweek.com/vladimir-putin-sidney-blumenthal-hillary-clinton-donald-trump-benghazi-sputnik-508635

They didn't even bother trying to hide their tracks, knowing the useful idiots on the alt-right would spray out enough garbage to cover for them.

AnuraDecember 15, 2016 2:00 PM

@Clive Robinson

You are smart enough to know past performance isn't an indicator of future results. Given that Clinton lost by less than a fraction of a percent in each state she lost, given that the Democrats have either come close or won, but haven't lost to a landslide victory since Reagan, and given that the changing demographics benefit democrats, I'd say that the odds were on their side from the beginning. It's very likely that you change one of any number of things, then Demcorats would have won. Whether it was nominating Sanders, not having Comey's announcement, not having the DNC leaks, or simply having complete leaks and not cherry picked timed releases designed solely to manipulate voters, or journalism being driven by facts and objectivity, not page views/ratings... There are a ton of things that would have changed the results, all of them boil down to "More informed voters."

Republicans got very very very lucky, and that's my concern. If they realize this, I see no reason to believe they won't do everything in their power to suppress political opponents rather than watch their party die. The current iteration Republican party was in its death throws, but without anyone to counter them

ab praeceptisDecember 15, 2016 2:01 PM

Bruce Schneier

First - and importantly: Kudos. It is very respectable that you tolerate Trump Fans here and that you let them speak freely. I consider that very important also because of the great many confrontations in your country that were guided by pure hatred.

In the end, no matter whether pro/anti clinton or pro/anti Trump, all of you us-americans are foremost one thing, us-americans. It think it is of very high social importance to keep that in mind and to discuss with each other or at least to tolerate each other rather than spewing hatred. You have set a good and valuable example.

As for your blog post, I have to confess that I just flew over it after the first part (thinking "Strange that such a smart man would have such strange perceptions").

I won't comment any further on the political part. The most important thing (in my minds eye) I said already above. Thanks again.

As for the more pragmatic issues: I agree - but - I posit that the (privacy, security, etc.) fight is quite independent of who became president. That whole 3 and 4 letters agencies zoo has gotten out of control and has developed its own agenda and dynamics.

In other words: Fight we must any way, no matter Trump or clinton. I'd strongly suggest, though, to concentrate on *for* whom and what we fight (the people, freedom, privacy, ...) rather than on being guided by fighting *against* this or that person.

The recent events seem to confirm my position. Your letter agencies grossly refused to inform your congress. It's *obviously them* who are the enemy, not Trump or clinton.

Follow the moneyDecember 15, 2016 2:04 PM

@mastmaker

California does have 39 million people. But the rest of the union combined -where Trump won both the popular vote and the Electoral College vote- has close to 280 million people.

The beauty of the Electoral College is that it takes more than one or two populous states to impose its will on the rest of states which are the ones, under our constitution, that elect the President.

All I am saying is that if you are going to make nonsensical arguments like Bruce's "right now, we have a defeated majority" just because you don't like the result under the rules that all candidates -nor only Trump and Clinton, but also Johnson and Stein that had not chance of winning- agreed to compete, I can make the argument that California's crazy politics is the main reason the winner of the electoral college and the winner of the popular vote don't match.

As Dirk du Plooy pointed out, it seems that the losers do not understand the way the United States' electoral system works. It is not straight forward to extrapolate from the result that "we have a defeated majority". What we have is the losers lamenting that they lost. Period.

AlanSDecember 15, 2016 2:08 PM

@Bruce

...and the country would be preparing for a Clinton presidency and discussing a very different social narrative. That alternative narrative would stress business as usual, and continue to obscure the deep social problems in our society. Those problems won't go away on their own, and in this alternative future they would continue to fester under the surface, getting steadily worse.
Agreed. The difference between Clinton and Trump will only be the speed at which a crisis point will be reached. For the last 4 decades 'Chicago Economics' has been steadily concentrating wealth and remaking all of social and political life subject to economic calculation and competition (for discussion see PDF). Both Clinton and Trump offered more of the same to different degrees. Neither offered a path to solving the crumbling legitimacy of the current economic regime. We are left to work for some sort of reform in the hope of avoiding the extremes of either revolution or the security state. It is ironic that the totalitarian fears of Hayek, Friedman and company and their being very wise in their own conceits are bringing about the very thing they claimed they sought to avoid.

ab praeceptisDecember 15, 2016 2:11 PM

Anura

At least now (after the current blog post) we know why Bruce Schneier allowed you tp mercilessly spam everything with your political rants and to strangle and suffocate the discussions for which most of us are here.

I'll say it open now. Looking at your spam my thought was "Et voilà that's what the clintonistas have to offer. Destruction, oppression, hatred, and lies".

(Note: Feel free to spit hatred towards me but there will not be a discussion because I will not be drawn down to your clintonesque swamp of hatred and anger)

DanbyDecember 15, 2016 2:14 PM

Under a Clinton administration, we would be preparing to impose a "no-fly zone" over Syria, serious NATO involvement in Ukraine, and possible nuclear war.

I'll take Trump, thank you.

Another cowardDecember 15, 2016 2:21 PM

@ab praeceptis -

"(Note: Feel free to spit hatred towards me but there will not be a discussion because I will not be drawn down to your clintonesque swamp of hatred and anger)"

It's a bit cowardly to make drive-by comments and then decline further discussion. It's almost as if you're afraid of the lack of depth of your arguments.

AnuraDecember 15, 2016 2:25 PM

@ab praeceptis

Wow. The delusion is so strong with you that you think that Bruce only allows me to comment because I agree with him, when other people he disagrees with have been posting a hell of a lot more than me.

If I am wrong, tell me where I am wrong. But that you ignore every point that I make, that you ignore the commenters posting their baseless accusations against Clinton, throwing insults at the left, tells me that you really are just uncomfortable being outside of your echo chamber.

YosoyDecember 15, 2016 2:40 PM

I have serious doubts about who really rules the USA, the president and Congress or the CIA.

Why the CIA didn't investigate who leaked Trump's tape about women?

I hope Trump shoot down the CIA.

Nick PDecember 15, 2016 3:18 PM

@ Anura

I couldnt be more right. That the right-leaning people censor doesnt change anything. The left wanted to defeat them by swaying people against Trump and/or for Hillary. They therefore needed to understand the people they wanted to sway. Then target those desires in the campaign strategy.

Instead, they just dismissed them acting like only idiots, racists, and rapists would support Trump. Their candidate was also shown to be highly corrupt and ineffective. Many of this segment would be shown no targeting at all along with a weak, corrupt candidate. Trump was af least trying to appeal to them. He wins their vote by default.

So, if left wants to win and often, they'll have to step out of the echo chambers to understand these people. The ones they have a chance of swaying at least. Even they others they can appeal to with a better Republican candidate for the event the Democrat fails. There's no way they can outfox the opponents if not knowing anything about the demographic they need.

I stay on social media of most demographics just to watch reactions & understand. Most of the liberals are still mocking Trump supporters with stuff like I describe above while thinking any win for Trump must be hacking or a sea of pure dumbasses having more votes. As if Hillary "Sabotage Sanders" Clinton wasnt doing subterfuge or just making shit up whole campaign to get elected. Lol...

anonymousDecember 15, 2016 3:20 PM

Bruce,

I don't have a problem with you having an opinion.
I think its positive that you have a plan of action. This is in strong contrast to most people I have spoken to that feel trump should not have been president elect. I don't understand the commenters who seem to think that one cant hold any political opinion they want.

Good day,
Anonymous.

Sesame Street News FlashDecember 15, 2016 3:26 PM

@Bruce writes:

There's not absolute certainty [that some Russians were involved in hacking the DNC], and I think that the FBI/NSA needs to publish their evidence. But there's at least much certainty as North Korea and Sony, or China and OPM.

Did I miss out on some publicly available information connecting the North Korean government to the Sony Pictures Entertainment hack? How strong is that evidence? (Pointers appreciated.)

But you're right that the evidence needs to be made public. This is too important to keep under wraps.

Indeed. It is time to either put up the evidence, or issue some very public retractions. Sceptics will be reminded of the Iraq WMD propaganda. The very public airing being given to these suspicions of anonymous CIA officials is itself suspicious, when even James Clapper, for instance, seems unconvinced of the conclusions being asserted. These are bold claims to make, when the Director of National Intelligence refuses to credit them. This suggests to me that one power-faction is trying, quite irresponsibly, to spark up some atavistic xenophobia via anonymous leaks, and leverage the resulting public indignation to apply domestic political pressure to some other power-faction.

If I had the time to do so, I think it might be revealing to make a catalogue of which US public figures do, and which do not, continue to amplify these anonymous claims absent compelling evidence.

And even if it were (let us suppose) demonstrated that some Russian group hacked the DNC, and even if said Russians were also demonstrated to be acting on behalf of the Russian state, this particular bit would show only access to information. It does not demonstrate an attempt to influence the election.

The many unspoken assumptions behind this argument, even if one accepts the truth of its explicit premise, ought to disturb any critical mind: "US TLAs know such-and-such Russian TLA hacked the DNC, so there you go! Election-interference case closed! Slam dunk!" Whether there is evidence of hacking, or not, that alone is not sufficient to prove the charge of interference in the POTUS election.

By contrast, Marcy Wheeler breaks down how make a valid case relatively well: https://www.emptywheel.net/2016/12/10/evidence-prove-russian-hack/

As I see it, intelligence on all the following are necessary to substantiate some of the claims about Russia tampering in this year’s election.
  1. FSB-related hackers hacked the DNC
  2. GRU-related hackers hacked the DNC
  3. Russian state actors hacked John Podesta’s emails
  4. Russian state actors hacked related targets, including Colin Powell and some Republican sites
  5. Russian state actors hacked the RNC
  6. Russian state actors released information from DNC and DCCC via Guccifer 2
  7. Russian state actors released information via DC Leaks
  8. Russian state actors or someone acting on its behest passed information to Wikileaks
  9. The motive explaining why Wikileaks released the DNC and Podesta emails
  10. Russian state actors probed voter registration databases
  11. Russian state actors used bots and fake stories to make information more damaging and magnify its effects
  12. The level at which all Russian state actors’ actions were directed and approved
  13. The motive behind the actions of Russian state actors
  14. The degree to which Russia’s efforts were successful and/or primary in leading to Hillary’s defeat
I explain all of these in more detail below. For what it’s worth, I think there was strong publicly available information to prove 3, 4, 7, 11. I think there is weaker though still substantial information to support 2. It has always been the case that the evidence is weakest at point 6 and 8.

That Russian state actors might seek information by hacking political targets in the US (Wheeler's points 1--5) are par for the course; if, say, some French intelligence agency did not try to do the same, it would surprise me. It is hardly cause for alarm.

To make the case being claimed, points 6 through 8 are critical. They are points unsupported by anything I've seen so far. Wheeler seems to think there is public information supporting point 7. She must either have seen something regarding point 7 that I haven't seen yet (very possible), or find something I have seen more convincing than I do.

David SmithDecember 15, 2016 3:27 PM

Bruce, gotta say that I'm disappointed, but what the heck. I'll keep connected anyway. There is a reality out there somewhere, and it will intrude and we'll start talking about it again Real Soon Now.

David

AnonymouseDecember 15, 2016 3:42 PM

Trump is not even in power yet, only president-elect, and already caused world panic. As bad as he may be for the US, for us non-US's he's the better of the both worst cases. Hillary would have gone into full escalation against Russia with Syria and Ukraine, that's for sure. The declaration of a no-fly-zone by the US would have escalated into WW3.

It is not over yet. Look at the current full scale propaganda by our mass media, now that Aleppo has been freed from the terrorists. Although your current government call them moderate rebels. Among many others, Al Qaida. Yes, the same people that allegedly destroyed your WTC, anyone remember? They are now supported as moderate rebels by the US.

The time window for the old New World Order is closing quickly, and they try to rescue as much as they can. It is still possible they decide for a burned earth strategy.

Call it conspiracy theory, but things are currently in full speed, becoming faster and faster. We will see in one to two months if Trump is still living and POTAS. Or if there is a civil war in the US. Or a full World War.

MatthiasDecember 15, 2016 3:58 PM

Unbelievable ... For some time now, I watch how the comments sections in my favorite Swiss newspaper get flooded with lots of - often very repeating - pro-Putin/Trump and anti-Clinton statements in response to every article about the Russian involvement in the DNC and Podesta hacks. (Even though - given the publicly known details about these attacks - this involvement is quite obvious to anyone knowing a little bit about IT security.) Most of these statements blatantly ignore and deny any facts and seem to he written by people who completely lost all connections to the physical reality.

Now, as the same is happening here in Bruces Blog, it starts to get really annoying.

AnuraDecember 15, 2016 3:59 PM

@Nick P

The fact is if Comey released his informationless "bombshell" two weeks earlier or two weeks later, voters would have had time to swing back in Clinton's favor.

So yes, there were a lot of voters the left ignored, but that wasn't the change. This election wasn't won purely because of rural voters, or even really shifts in political opinions among moderates; the difference between 2012 and 2016 was primarily Democratic turnout, not Republican turnout or change in party lines. If Democrats wanted to win, Hillary should have focused more on winning over Sander's supporters, but even then that risks support of the moderates. Abandoning the people she did vote for to try and sway Republicans would have just made the people who did vote for her less enthusiastic. Hell, the Sanders supporters were already accusing her of being the same as Republicans.

Elections in the US are won primarily by turnout, not by getting voters to change their views. People's views are mostly set in stone, but Democrats traditionally have turnout problems, and Republicans were able to exploit that by attacking Clinton to get Democrats to stay home, and that was only as effective as it was because it built on decades worth of messaging. Run any candidate other than Clinton; change anything about the election, and Clinton wins. The big difference was that Clinton owned her mistakes, Trump denied them, and because he denied them his supporters were able to deny them. Clinton could have spent the last four years ranting about how the whole Benghazi thing was a conspiracy, hinting how it might have been a false-flag operation, and she probably would have won.

Yes, the Democrats do need to have better messaging, they should not let Republicans control the messaging to red states; they should counter, but they shouldn't abandon their ideals to do so. This is something that would take a major campaign over a long period, not something Clinton had enough time for, especially since coverage of her campaign was so heavily focused on emails and generally ignored most of her platform.

Pete PrunskunasDecember 15, 2016 4:29 PM

"a bad roll of the dice. A few minor tweaks here and there"

Or maybe if HRC had not sold favors to foreign entities for hundreds of thousands, sometime millions, of dollars via the Clinton Foundation.

Or maybe if Democrats had not been so intent on crowning their queen, they would have realized that Jim Webb would have beaten Trump easily.

"We need to convince Internet giants like Google and Facebook to change their business models away from surveillance capitalism"

I'm with you there, brother, but given that those entities are libertarian which seems to be the Republican flavor these days, and that both political parties are as corrupt as the day is long, there isn't much chance of it happening. Did you know that over 250 Google employees used the Obama administration's revolving door? In that respect, Trump may be an improvement.

The biggest problem, DDoS attacks via the IoT, will become dangerous during the next four years, but I'm not convinced that HRC would have done anything different. By the way, you might find my non-technical explanation of DDoS amusing (see my blog).

RoryDecember 15, 2016 4:41 PM

Well things are certainly going to get harder for the media, activists and other sorts of people who fall on the wrong side of the Trump administration and effect (such as the far right growth in Europe). Security, both digital and physical will be a big part of that no doubt, especially if we see more terrorist issues - one can only imagine the sorts of overblown counter-terrorism laws and operations that will be given the green light. For what it's worth, we have tried to make things a bit easier for people managing their digital and physical security by building some open source tools to make this easier. One of them is called Umbrella and available here https://play.google.com/store/apps/details?id=org.secfirst.umbrella and also on F-Droid (https://www.secfirst.org). We also been looking (along with many others in this space) to try to find more ways to get basic information to journalists and other people who suddenly feel much more at risk, by making our content available in places other than our app and Github. For example:

“How journalists and activists can identify and counter physical surveillance”
https://medium.com/@roryireland/how-journalists-and-activists-can-identify-and-counter-physical-surveillance-1ad19b6a8981#.jdztsk9z6

"How journalists and activists can have a safer physical meeting with a source"
https://medium.com/@roryireland/how-journalists-and-activists-can-arrange-a-safer-physical-meeting-with-a-source-cb2a11421f93#.y07h7o11v

Hope it might be off use to people here!

ChrisDecember 15, 2016 4:53 PM

I'm saddened but no longer shocked when the comment section looks more like an ideological war zone than commentary or reasoned response.

I wish the world was a simpler place where evidence could always be made public, and the good/bad guys always wore different-colored cowboy hats. The world is complex and messy, and any list of 'n' reasons why something happened or didn't is sure to miss someone's favorite. We are where we are. Trump is our President-elect.

We each have a duty to speak our mind and follow our code regardless of who wins any particular election. I'm not cutting myself off from good information and critical thought. I'll keep reading here, and I'll keep working for a better world as I see it.

Kudos to you for doing the same.

Thomas_HDecember 15, 2016 4:57 PM

@Anura:

May I suggest you have a look at the reasons why populists are so popular in Europe right now, and why they have been becoming more popular over the last 20 years, instead of putting your foot further and further into your mouth?

You will likely find many of the same mechanisms at work that have enabled Donald Trump to win the US elections, namely a large chunk of voters who are extremely unhappy with the traditional political establishment. Some of these voters are indeed racist white pigs, but others have been severely disappointed in the way traditional politicians keep promising stuff and then completely fail to deliver, often even doing the opposite thing (of course, in reality populists are not better...), resulting in the rich getting richer and the poor getting in worse and worse situations. Nick_P knows what he is talking about, really.

Hillary Clinton's worst errors were calling Trump's electorate names, showing a complete lack of understanding and empathy towards their problems, and then failing to reach out towards the part of the electorate that could have helped her but that chose not to vote or to vote Trump because she alienated them with her behaviour. By doing so she demonstrated that she was completely disconnected from the reality in which a large part of the US electorate lives. All of the other issues do not really matter.

Finally, I find it rather grating that Democrat supporters who during the Trump campaign and after his election complained about the climate of hatred that was created and warned of violence if Trump would lose now engage in precisely the kind of intolerant bullshit that led to that climate in the first place. What the Democrats should have done is to perform some introspective analysis as to why this happened (pretty easy to do, others have already done it for them), not come up with a petty conspiracy theory that makes the rest of the world wonder WTF is wrong with America.


Unfortunately it seems the madness has reached the White House. Still no evidence being shown, and some of the statements made by White House spokesmen raise some nasty questions regarding illegal US international actions that have been negatively in the news the last few years, as the POTUS is supposed to be informed about important government operations too... It's also almost hilarious how all of the statements involving Putin and vendettas in that article can be turned around and shown to also apply to the Democrats. I write "almost hilarious" because of the risk of very serious escalation that isn't funny at all. :(

ab praeceptisDecember 15, 2016 5:04 PM

Rory

a) Do you have any evidence that clearly shows that a Trump government would be oppressive against science, security researchers, or freedom of expression?

b) There *is* evidence showing that the clinton camp ignores the law as well as the basics of democracy and that they do try to oppress their political opponents. One clear case, to offer an example, is what is disguised as actions against "hate speech".

Well noted, I'm *not* saying that the Trump government will be nice and lawful. What I'm saying is that we do not yet know and that so far we have no evidence of their intention to oppress.

(And please, so't serve the "climate change/epa director" argument because it's a non argument in that it does (at least not yet) demonstrate oppression. It merely demonstrates a (somewhat radically) different view on certain issues).

From what we actually know (e.g. detroit), it was the clintonistas who played election tricks and Trump has won fair and square, period. So I suggest to not pre-condemn Trump and his government but at least to wait until they actually do oppress or maime science or dissent.

Sancho_PDecember 15, 2016 5:10 PM

(@Bruce)
This was a very sad and serious outing, just to conclude that both options were bad.
Hu?

But after reading that linked “Russian involvement” I’m now afraid that even the Donald can not make America great again.

The Russians do better, no doubt.

Probably the Russians will secure IT / Internet / privacy,
while American Democrats are still committing suicide.

It wasn’t Trump who won, but insensitive Democrats who lost.
But don’t realize why. Sanders would have won. It’s the heart, not the brain.

Plus:
It’s much to late ”to start fixing our society” (@Bruce), time is running out .
To much of everything, people, food, energy waste, technics, rubbish, business, debt, …
- and still mandatory growth.

Hopefully it’s more than a four year period to the end, so let’s enjoy now.

Stephen P KingDecember 15, 2016 5:20 PM

What is the evidence that makes you think that a Trump administration would erode privacy, freedom, and liberty in the US? What is the basis for this belief? I have trying very hard to follow the facts. I have actually read a lot of the never refuted leaked emails making be deeply suspicious of Hillary and her people's motives. I have been following politics since 1980 and do not forget a thing. Trump has been a known quantity for a long time but suddenly is a monster? Help me understand.

TsardineDecember 15, 2016 5:21 PM

a) Do you have any evidence that clearly shows that a Trump government would be oppressive against science, security researchers, or freedom of expression?

Well noted, I'm *not* saying that the Trump government will be nice and lawful. What I'm saying is that we do not yet know and that so far we have no evidence of their intention to oppress.

A blockquote for a blochead, a) yes we do.

In our country, we can ape the guy in charge. Happened to Obama constantly, Buzh too. Trump's white wolf gets aped? I'm sure the putin grabbers out there will understand when I say that for lingual harassment to be harassment it usually needs to happen more than once. And demanding an apology for someone else who's obviously a big enough man to accept the input from the people not fanning him is kind've strange don't you think?

Or do I owe you an apology now?

So just stop it, stop it I say.

We have the right to show and be concerned, you do too as an outsider we don't know what the future will bring either way all we can do is try to protect what we view as human rights interests. From either side of the isle.

ObserverDecember 15, 2016 5:21 PM

@Bruce

As soon as I read the first few sentences of your post, I thought "Oh boy! Here we go" and I wasn't wrong. The recent American Presidential election has been interesting watching from afar (UK) as a non-participant.

My personal take is that the DNC blew it by fielding a candidate who was unelectable if evaluated dispassionately but the mainstream media seemed to have it in for Trump. This isn't a political blog and aside from the technical aspects of who allegedly hacked who and a certain email server, there isn't much meat for your blog but from an information warfare/propaganda perspective, it's fascinating.

A battle of perceptions was raging through the campaigns and the boorish, alpha-male winner might not have been quite as stupid as some think. I'll offer some reading for those with time to spend (my guess is you are too busy for anything but mainstream media.)

http://blog.dilbert.com/post/149983115751/why-trump-doesnt-scare-me (before the result)
http://blog.dilbert.com/post/151981022076/is-twitter-shadowbanning-me (before the result)
https://mishtalk.com/2016/12/11/cia-statements-on-russia-believable-at-all/
http://www.oftwominds.com/blogdec16/WaPo-list12-16.html
http://blog.dilbert.com/post/154289405111/the-time-that-reality-forked-right-in-front-of-you

@Everybody

Please don't bother attacking me - it's not worth your while. I don't care.

JonDecember 15, 2016 5:31 PM

Well said.

The false equality between the two candidates is tiresome and the overblown importance of emails, DNC not fully supporting Sanders, etc. are weak justification for a lack respect for speaking honorably. I'd rather deal a crook who is covert than one that is overt.

The strategy of the incoming cabinet is not all about privacy/security but the co-variance is significant and I think, causal.

AnuraDecember 15, 2016 5:48 PM

@

You will likely find many of the same mechanisms at work that have enabled Donald Trump to win the US elections, namely a large chunk of voters who are extremely unhappy with the traditional political establishment. Some of these voters are indeed racist white pigs, but others have been severely disappointed in the way traditional politicians keep promising stuff and then completely fail to deliver, often even doing the opposite thing (of course, in reality populists are not better...), resulting in the rich getting richer and the poor getting in worse and worse situations. Nick_P knows what he is talking about, really.

Since when does the right ever mention inequality? Decline of the middle class, sure, but this becomes more about the fact that as the country has been more equal, the bottom 80% of the population has mostly shifted wealth around, while the rest went to the top - instead of blaming the top, they are blaming the people at bottom. This is driven entirely by messaging from the wealthy, as there is no way to significantly reduce poverty or improve middle class incomes without hurting the wealthy.

But again, that didn't change this election. Americans didn't embrace right-wing populism, they do not support massive tax cuts for the wealthy and benefit cuts for the poor. Most voters, rural and urban, were perfectly happy to embrace minimum wage increases, tax increases for the wealthy, immigration, foreign trade, etc. There is only a minority of Republicans that are against them. I'm not sure what messaging you think the Democrats could have applied that would have included them without pissing off the people who were being helped by Democratic policies, and giving them absolutely no reason to vote Democrat.

The point is that Trump won by a nose hair, and there is no reason to believe that he would have won if the candidate had been anyone but Clinton, or if Clinton would have embraced populism. Clinton did not lose because of policy, she lost because she was Clinton.

Now, if you want to talk about the long term failures on economic messaging from the left, I'm all with you there. It's just not something that is new to this election.

Ease of Use FanDecember 15, 2016 6:06 PM

@SM: Well said.

@Bruce: Would you really rather have a president who couldn't even remember getting classified information handling briefings/training while holding a TS/SCI clearance for several years???

I also held/hold a TS/SCI and have never inadvertently released classified information.

There are lots of government forms that have to be filled out by SCI clearance holders, including annual training acknowledgements and unclassified document reviews by Classifiers to try to ensure that classified information isn't accidentally released.

Why haven't any of Hillary's forms (which themselves are unclassified) been mentioned or released? Maybe because she never did any of them? (being above the law as she is)...

I would have voted for any mass murderer over Hillary because of her apparently deliberate repeated mishandling of classified information.

ab praeceptisDecember 15, 2016 6:06 PM

"Tsardine"or should I say "guy with 100 names"?

"(me) a) Do you have any evidence that clearly shows that a Trump government would be oppressive against science, security researchers, or freedom of expression?

(you) A blockquote for a blochead, a) yes we do."

Put it on the table.

rDecember 15, 2016 6:08 PM

Alpha male?

Alpha why?

Alpha how?

Alpha since when? Since he runs an empire?

Alpha since he walks out on bills?

Face it, the guy's a twit. Did you see his son falling asleep while his blowhard of a father made punta signs like he was giving a handjob to an international audience?

After hearing him and Billy Buzh I don't even want to know about his activity behind the zines.

Listen to him sometime when he talks about the internet.

I demand an apology lol.

Snivvle Snivvle
QQ

He needs his advisors, he needs each and everyone of them or so help us God. He needs us too, maybe with enough panning he'll stop crying about unfair coverage when he realizes he's getting coverage en mass for free - biased or not he is EVERYWHERE.

Derision is a valid form of input, it might not be too constructive but if it makes you pull up your pants then it's a good thing.

If he and his family weren't ready to be panned en the light of the public medium then he shouldn't have opened his mouth about running, what did he think would happen when it was him en the light and not Obama?

Careful what you wish for when you run a seedy front.

You wouldn't catch me doing a drop of business with a man who pisses on contractors like that. I'm a little guy, you pull that shit with me and I'll have your hide - starting from the leg hairs that start at your boot cuff. I would flay you right up to the stint in your leg. If you can't pay your contracts there's something seriously wrong with either your business model or the people in charge - that's the whole reason people were upset about the bank bailout - the government gave juice to crony crapitalists.

His business has grown because he has been able to **slowly** navigate the slow-to-get-patched-and-vulnerable-financial-system over 40~ years. Nothing too impressive there.

I'm more impressed by the founders of apple microsoft google facebook aol and myspace than someone given a familial handout - and full reign to terrorize the little guys in court.

If you don't believe me about how useful bankruptcy has been to empire 'building' ask yourself why the rules for it have been tightened up so much over the last 20 years.

Don't kid yourself, he's not some startup - he's a plant.

I'm quite certain the whole Teflon Don image he's trying to project is exactly the same Rodney Dangerfield shit he pulls in front of the courts. It's not funny, it's a reflection of an impious egotism likely the same problem we oft see with money and racists.

I don't like it, but I don't have to and TO WIT: I'm entitled TO THAT.

I don't think anyone who voted for Trump or Bernie was looking for anything less than innovation, when the Dems sacked Bernie they sacked a large percentage of the people who wanted change. Those people still went to the polls and voted.

Do you really think that the pro-Bernie socialists believed a damn thing he said once he gave lip service to HRC? Not a chance, that's not what their support of Bernie was about.


Something curious, would we vote for Linus if he ran as the abrasion candidate?

Is Linus less offensive or more capable?

Zero Sum GameDecember 15, 2016 6:10 PM

@Bruce,

"I very much hope you're right and I'm wrong."

I didn't vote for either big party contenders. Neither choice was a good one.

I must ask, which would you rather have?:

Four to eight more years of someone who will be at least as bad as the last guy (and probably worse) on all the issues of security that you regularly write about, but that the media pays little attention to and mostly nods in approval.

- or -

Four to eight years of a Presidency that the media hates and will be looking for every opportunity to call out about abuses.

You're probably going to get more people listening to you this Presidency than you have in all the time you've been writing on these issues. Maybe in two years we can oust those in Congress who have been rubber-stamping all of this stuff. The executive branch is definitely not the only place that attacks on our liberty are coming from.

No DoubtDecember 15, 2016 6:19 PM

@Anura

Since when does the right ever mention inequality? Decline of the middle class, sure, but this becomes more about the fact that as the country has been more equal, the bottom 80% of the population has mostly shifted wealth around, while the rest went to the top - instead of blaming the top, they are blaming the people at bottom. This is driven entirely by messaging from the wealthy, as there is no way to significantly reduce poverty or improve middle class incomes without hurting the wealthy.

Absolutely! But actions speak louder than words. While the wealthy left gives plenty of lip service to the problems caused by inequality, it certainly doesn't help their case that the most laudable legacy of their last president effectively amounts to a Poor Tax (especially for most of the right-leaning states). Who could have predicted what would result from that?

AnuraDecember 15, 2016 6:44 PM

@No Doubt

Yeah, the ACA needed the public option. Honestly, the public option would have probably been enough on its own to solve most of the problems. The problem was that the Democrats *barely* had the supermajority necessary to pass it, so they needed every last Democrat, and it was impossible to get anything better.

Health care has been something Democrats really failed on with the messaging, I think. I didn't even know that the US had significantly more government spending on Health Care than the UK or Canada on a per capita basis until years after the ACA passed (it was a problem since long before the ACA). Why wasn't this the number one concern? Hell, use this as an example of why inequality is bad. If doctors' pay goes up, and nearly everyone else's remains the same, then it means health care becomes less affordable to nearly everyone.

AnonDecember 15, 2016 7:11 PM

Bruce,

The feelings you are experiencing are normal for when "your team" loses. The Republican's have had the same feelings for the last 8 years. The fact that Trump is going to appoint some people you don't like, and even pass some policies that you think are bad (often correctly), happens.

The fact that you're worried about the "dark days" ahead though is telling. No administration or government should have the power to make you feel that way. If they do, it's a tell-tale sign that the government has too much power and influence over your life. This problem is not solved by a bigger more powerful government doing what you want it to to undo the previous administration's damage (for there will always be a next administration which will use those powers to do the opposite), but rather a limited federal government, return to respecting states rights, and generally following the constitution.

Fact of the matter is it's not all doom and gloom. You are a trusted voice in Security and computers don't change much based on party affiliation. Mass surveillance programs have, to date, sadly been a bipartisan effort, but that may change if the Republicans start pushing for it. If the democrats oppose it, there should be enough principled Republicans to make passage of any terrible legislation difficult (Rand Paul, Ted Cruz, Justin Amash, etc).

There is nothing in the field of computer security that is hyper-partisan right now, so that this change in leadership should affect you less than most (e.g. you are not a researcher on climate change). Rest assured though, terrible security/privacy legislation in the tech world is recognized for what it is regardless of what political side of the spectrum people are on. If something truly bad comes out, we will support you just like we have up to date. Until then, keep in mind that I did not know (nor care) that you are/were a Democrat. Your opinions on tech issues just made sense, which is why I follow you. So please don't turn this into a political blog - it's not why we're here and respect your opinion.

jtgdDecember 15, 2016 7:11 PM

I'm surprised that all the hacks have not led to calls for more ubiquitous encryption. A secured email server would have saved Hillary from all that email drama and they could have stuck to harping on Benghazi. Can we not armor ourselves against Russian hacking? Why are the victims of lack of encryption and secure servers not calling for the obvious cure?

BlablubbDecember 15, 2016 7:19 PM

Excellent analysis. Clinton would have been really bad long-term, but Trump is a catastrophe. Lets just hope that there will be no need for all the Trump supporters now spewing concentrated stupid to trot out the tired old, invalid and dishonorable excuse of "How could we have known?". That one was a favorite of quite a few Germans after a regime that started out not so differently was finally removed.

AnuraDecember 15, 2016 7:40 PM

@Anon

How much would you have to strip down government to prevent someone from using law enforcement to go after their opponents with planted evidence? What prevents states from making their own laws? If every state had different requirements for surveillance, then software would become a mess. It will be a mess worldwide, but the more entities you have making rules, the more problems you have. As to the constitution, it's subject to change and interpretation. In order for those to protect you, you need to make sure that your elected officials always support those policies. How can you ensure that? The problem with the law is the more vague it is the easier it is for law enforcement, prosecutors, and judges to mold it to fit their views, and the constitution is an extremely vague document. The more strict it is, the less you allow for specifics to be taken into account.

It's not the absolute size of government, or the powers you give them; as long as support is there, they can and will change. What you are proposing is massive, and it doesn't actually go after the root cause. When all is said and done, the problem is primarily that the public is misinformed; they see threats as much greater than they are, and the defense industry, prison industries, etc. benefit form these.

You need equal representation, and you need influence to be proportional to the size of the group, not the amount of wealth. This is not likely to happen within a capitalist system. As long as your society allows a few individuals to gain massive amounts of wealth, the government is going to cater to their interests.

You want rules and laws to affect people as evenly as possible, and this means that you want people to be as equal as possible. As long as that occurs, then there is very little risk of corruption, but no matter what it requires diligence on the part of the population, and if wealth/income inequality grow large enough then the wealthy will be able to control the debates, control the media, and control the government, and they will be able to skate around every inch of the law to suppress other voices, and they can implement an authoritarian dictatorship without a single change in the law, just by using selective application of the law to target opponents and the right level of propaganda.

AnuraDecember 15, 2016 7:46 PM

"The more strict it is, the less you allow for specifics to be taken into account."

That was poorly written, should say: "The more strict law is, the less room you allow for the specifics of a situation to be taken into account."

rDecember 15, 2016 8:03 PM

I don't know why I didn't see it before, we just elected the Illuminati.

Six Six Six is A-Okay.

It must've been plain sight because every last one of the Anti-Illuminati crazies I know voted for Trump.

Politics makes for strange bedfellows I guess.

soothsayerDecember 15, 2016 8:09 PM

we had a defeated majority many times .. 1960 to be one for example where more than one reason exists of fraud .. without the russians.

Bruce you are a smart man -- so I thought -- but this irrational love of a thieving royalty in democratic party should be abhorred with passion by reasonable people. Trump has his warts but Clinton's are THIEVES .. when you worry about russians .. just remember the last president of the family lost his law license for lying and is the only president to be impeached in house.
THIS, I HOPE, WILL NEVER BE BESTED.

Douglas McClendonDecember 15, 2016 8:41 PM

Two, prepare for those fights. Much of the next four years will be reactive, but we can prepare somewhat. The more we can convince corporate America to delete their saved archives of surveillance data and to store only what they need for as long as they need it, the safer we'll all be.

I think it's time for people to realize that the most effective solutions involve cutting out the corporate america middleman from this equation. The government/NSA will probably hoover everything in transit up. So encrypt it all, IPSec, SSH, GPG, Whatever (Tor uses), Etc. No plaintext visible to any corporate or government middlemen. Just you and your audience. The free webmail services over home email servers pendulum needs to swing the other way IMO. Not that Obama's FCC's "Network Neutrality" did anything other than thwart that swinging, nor will Trump's open opposition to Network Neutrality help. At this point I'm open to the bizarre hypocrisy of calling your email server a 'thing' and calling the communication technique 'peer to peer' instead of 'client/server' to get around the fucked up orwellian unspeak.

Good Luck Folks. Let's Get To Work. HashTag FreeSpeech Matters.

Hypocrisy December 15, 2016 9:45 PM

It's funny that Bruce wants the Bigger Government but not the Big Surveillance. The more you empower the government the more it will tap into your everyday life.

KelvinDecember 15, 2016 9:49 PM

@ Anon,
"The feelings you are experiencing are normal for when "your team" loses."

Obama isn't the A-team either. Our liberty had eroded more than ever under Obama Administration than ever before. Clintons will make it far worse, that's why the people voted against her despite DJT's political incorrectness.

HueDecember 15, 2016 9:57 PM

There are many ways to do this...

UNIONIZE THE INTERNET

We are not going to change the privacy policies of the big data corps via osmosis. They make mills off our free data creation and data entry.

The only thing we can do is use encryption to hold our data close, then send our info over these public utilities (FB, Goog, Tw, Ing, etc) with the mandate: "Pay me for my data, or eat my encryption"

Imagine a fb post full of blowfish Emoji's! Only your best friends could decrypt.

Hit me up to chat more: huemanatee@riseup.net.

jea

AnuraDecember 15, 2016 10:02 PM

@Kelvin

Forgetting the patriot act already? It was bipartisan.

And no, nobody voted for Trump because they thought he would improve civil rights and reduce surveillance; he campaigned as a "law and order" candidate FFS; his record has been to call for a ban every group that might possibly be a threat and sue everyone who says something bad about him. No, I don't see anyone voting for Trump because of concerns about authoritarianism, especially since they all voted for Republican congressmen, and while surveillance has been bipartisan, there's no doubt one party has a higher share of votes in Congress for surveillance, and it's not the Democrats:

http://clerk.house.gov/evs/2015/roll224.xml
http://clerk.house.gov/evs/2001/roll398.xml

rDecember 15, 2016 10:17 PM

CAREFUL GUYS, as much as I'm thrilled that it's starting to coalesce...

Remember, phishing exploits oft cater to beliefs - careful clicking on things - especially when these topics are afoot.

People get popped in Indonesia and the UAE for less.

AnuraDecember 15, 2016 10:27 PM

Crap, the software filtered out the other joke, the HTML was this:

<a href="http://clerk.house.gov/evs/2015/roll224.xml">https://en.wikipedia.org/wiki/USA_Freedom_Act</a>
<a href="http://clerk.house.gov/evs/2001/roll398.xml">https://en.wikipedia.org/wiki/Patriot_Act</a>

rDecember 15, 2016 10:33 PM

@Anura,

My concerns are more geared towards new security recommendation sites, we could miss out on important sources and ideas but we could get seriously phish hooked too.

I don't trust what's going on, but I've always been 'cray' by my peers.

I don't know if it's Russian CIA FBI Illuminati or my imagination but I've been feeling the whole 'tor human rights' gearing thing for the last month and it's a hard nut to crack. Authenticity and forthrightedness by not using it? Or is the situation dire enough to warrant a full presence?

I definately believe that there's a heightened reason for encryption moving forward, despite Trump being president the weaponization of information is starting to come to a head.

rDecember 15, 2016 10:44 PM

There are bait and switch servers out there serving exploits of every last God loving type, there's a huge block of NSA sourced exploits still available on the darkweb that we know absolutely nothing about. There are seeds of doubt and contempt to and from and about every law enforcement and intelligence agency out there right now including foreign ones. We actively have protests for multiple different reasons right now.

Disinformation is everywhere, we have various governments employing both electronic and manned people poachers. Deep Learning AI and Data Mining are really starting to ramp up. Miniaturization is getting pretty bad too when it comes to sensors and chip/process verification.

Somebody might be getting exterminated, en mass.

Our media can't agree on a single FACT.

Banks are being robbed of BILLIONS.

Welcome to the 21st century, we're just getting started.

Slime Mold with MustardDecember 15, 2016 10:48 PM

I believe surveillance will be about 10% worse under Trump than it would have been under Clinton (which would have been worse than under Obama). Still, there is a ray of hope. If Trump comes to realize how much US cash and Allies' goodwill is being squandered, he may take a different view. His recent tweet regarding the (sometimes) flying disaster known as the F-35 Joint Strike Fighter show he is not willing to shovel money at anything called "security".

@ Clive Robinson nb B /N?

It was the Daily Mail a 10% improvement. That Craig Murray claimed the DNC as the source is not disputed (understanding that "DNC insider" and "Russian agent" are not mutually exclusive).

@ Anura
"We have learned that the accusations of massive corruption were completely baseless"

I have not learned that.

After deleting half (30k emails) of the contents (Yoga related) she did twist herself up like a pretzel.

Secretary Secret Server:
- Explained that she didn't want to carry two devices - having been video taped doing just that.
-Explained that there was no classified information on the server, until there was.
-Explained that there was no information marked as classified until:
a)There was
b)An email was found instructing underlings to strip the classification markings from a FAX and send it over normal channels when the classified system was having problems
- Explained that she thought the notations (c)(s) were an attempt to alphabetize the information. Anura, can you help me with - what letter comes after TS//SCI//ORCON//NOFORN ???

The classified information issue is a sideline. The real story is the Clinton Foundation. As referenced above, the Uranium One - Rosatom story is the type to look at. A company with Tony Rodham on the board got the second ever foreign gold mining concession in Haiti in 50 years. After a promise of aid from "Clinton, Inc.". Please search - Teneo Holdings, Clinton Foundation.

Ms. Clinton deleted 30,000 emails - 21.5 emails 'personal' emails per day 7/365 for her four year term.

Oh, I forgot, Secretary Clinton mentioned Chelsea's wedding. The Podesta dump included emails related to her daughter's wedding...."using (Clinton) Foundation resources" for those nuptials. The Foundation used 70% of its funds for salary and travel. Charity Watch and Charity Navigator recommend a maximum of 25 %.

Secretary Clinton monetized her position. I know that Republicans since Lincoln have done the same - "the only thing he wouldn't steal is a hot stove" (Re: Scanton). The scale is unprecedented, certainly un-presidental.

Finally, Ms. Clinton recalled "decorating" in relation to her missing emails. I believe that. She was trying to put lipstick on a pig.

Please understand that I don't care for Trump. I Spent thirty years of my life making people like the Secretary unemployed, and begging their employers to prosecute. I've recently been shoved into a corner (office), and have little time for blogs anymore.

Love,

Slime


rDecember 15, 2016 11:00 PM

@Slime Mold with Mustard,

I'm not going to argue with you, I'm concerned about the emails too but did you see the see about his nominee installing an unapproved insecure internet connection inside and alongside his existing connection and EMSEC tent?

https://www.schneier.com/blog/archives/2016/12/auditing_electi.html#c6739906

I don't know what to think of that, but I think it was Charlie Rose last night that I saw an interview on where the guy was explained as only being highly effective and unconventional - which I am not necessarily averse to just concerned about the newyorker post.

AnuraDecember 15, 2016 11:04 PM

@Slime Mold with Mustard

I think you and I have different definitions of "massive corruption".

Slime Mold with MustardDecember 16, 2016 12:38 AM

@ r

See: War As I Knew It - G.S. Patton, 1945 (Final chapter) Paraphrase - 'If it confuses you more than the enemy - fuck it.'

@ Anura

Perhaps we do have different definitions.

I know a lot of people think the US invaded Iraq in 2003 for oil. Anyone in business or history knows the most costly way to get something is to send an army to fetch it. Real operators know it is; 1) cheaper 2) easier 3) less complicated to pay people off. Hence - "The Untouchables".

When we look at the FIRST Gufficer hack of Sidney Blumenthal's emails to Secretary Hillary, we find a strange mention of "friends' opportunities in Libya" Another explanation is hardly more palatable. It was . She was opposed by the Pentagon.

I've got a lot more. I did not list anything like a percentage of why I believe HRC is the most corrupt politico in US history. I do need to sleep and my employees will not be impressed by "I was arguing on the inter-nut all night".

Love,

Slime

AnuraDecember 16, 2016 1:15 AM

@Slime Mold with Mustard

Even if your evidence wasn't weak as hell, that's not evidence of massive corruption, some self-dealing, but it's pretty much all run of the mill shit you expect from most politicians. This is my problem; the Clintons have been more thoroughly investigated than any other politician in the US today, and at most we can say is that she helped her friends. We don't have any evidence she received any money from the foundation, nor that there is anything seriously wrong with the foundation.

We just have accusations and cherry picked leaks. Start leaking emails from any organization, and you can find stuff that "proves" they are completely corrupt and fraudulent. It's like finding a strong partial DNA match; it's a lot different to have someone suspected of a specific crime, have their DNA tested, and then use that against them than it is to have someone you think might be a murderer, so you run their DNA, come back with a one in a million partial match, and then convict them. By fishing, you find clear evidence of a crime that they didn't commit. It's just the Texas sharpshooter.

You have emails saying that Chelsea was investigating something about money from the Clinton Global Initiative to the Foundation, but it seems it all the discussion has to do with PR; you can interpret it in a way that makes it sound like corruption, but you really have to stretch. Personally, I think the only clear interpretation of the conversation is this:

"Chelsea is telling people she's doing an investigation; this isn't smart."
"'Not Smart' is an understatement."
"She of all people should know that investigations are bad publicity."

Everything else you really have to stretch for, because the language just doesn't fit.

AndréDecember 16, 2016 4:21 AM

Comments providing alternative opinions on the riskiness of the Trump win (even if backed up with arguments/credible sources) seem to be deleted right away. Why would that be?

Thomas_HDecember 16, 2016 4:58 AM

@Anura:

Firstly, let me point out that populists do not "belong" to a particular party even if they're affiliated with them, they're in it for themselves - so please don't use any Partisan arguments...it's important to do this kind of analysis without being bothered by such prejudices.

Voters should not be dismissed just because they happen to have chosen for a populist. The problem with populists is that they appeal to the social problems of disenfranchised voters while also broadcasting an intolerant message blaming all those problems on external influences (immigration, other religions, minorities, "the establishment"), but at the same time they have no actual solutions. They just brag. However, assuming that voters should be ignored just because they happen to vote for someone who is racist, not because he is racist, but because he claims he'll do something about the voters' personal social problems, is displaying exactly the kind of arrogant, haughty behaviour that alienated those voters from established parties in the first place.

However, you seem to have drawn the conclusion that by suggesting to reach out to those people I think Clinton should have given in to populism. This is a wrong assumption, and also would be the wrong choice. European populist parties on the left generally remain rather marginal, often to the point of being insignificant (think US Greens here). Somehow, populism works for right wing politicians, but not very well for left wing politicians. It has something to do with the wording of the specific combination of social issues and (the easy escape of) blaming others that right wing populists use, which appears to appeal more to the feelings of injustice their voters have. Left wing populists tend to focus more on the social issues, without the provocative and insulting modus operandi of the right wing populist. And unfortunately the left-wing parties that do focus on blaming others tend to be openly violent - this scares off more people than you'd think. Furthermore, the other incorrect assumption you seem to make is that voters vote for populists because they think the populists are better than the other political parties (an obvious lie - they have no solutions). This is not the case; the voters who choose a populist often vote for them because they think the other parties are worse. This is quite akin to how certain forms of suicide are more like a final cry for attention than a death wish - these voters are in a situation that has severe problems and traditional parties gloss over those problems. The populists, however, pay them the attention they crave.

The solution to the rise of populism is not left-wing populism; it is sincerely reaching out to voters, showing you care, showing you understand their issues, showing you can change their life for the better. This can all be done without being insulting, racist, violent, dismissive of the problems of specific groups, bragging like a mad(wo)man, and all of the other bullshit both populists and some traditional politicians indulge in. I bolded "showing" because that is important, only "telling" people something will be dismissed as further lies. Unfortunately this all requires some insights into what went wrong in the past, the ability to critically look at yourselves, and the ability to choose the right person to serve as a figurehead (hint: Bernie Sanders would have been a good one).

Fortunately, in Europe some left-wing political parties are finally starting to understand that. And by the looks of it, some people in the US Democratic Party also understand that, even if the gross of it continues to flail around in denial and digging itself deeper and deeper into a cesspit. So there is some hope that the Democrats can limit Trump's term to a single one (if Obama doesn't manage to start WW3 between now and New Year...).


Mic FlexDecember 16, 2016 4:59 AM

As I read Bruce's post, I thought "Oh no, he's writing about politics with nuance. This isn't going to end well. The comments section will have shit all over the carpet and up the walls."
As I read the comments I thought "did so few people read past the …… Oh my god, it's under the sofa."

Kurt EibellDecember 16, 2016 5:02 AM

Bruce,

I really like your article. I think a lot of people need to hear this kind of message because the media and the far left are painting this doomsday picture for them.

However, I have a question regarding the increased threats you mentioned. Are you saying that the threat is increasing do to natural progression, or are you saying Trump creates an increased security risk? I ask because we are talking apple and oranges here. While I do not argue that Trump personally should not use IT, his Tweets say it all, I wonder if the level of threats and incidents has increased only because of the lack of transparency in the White House. We all know about Hillary's email and the DNC hack, but only recently did it come out that the White House, Joint Chiefs, the State Department (no surprise) and other agencies were successfully hacked this year.

I agree that there will be an increase in dangerous hacks, and I agree that Trump and IT don't mix. However, I am not sure I can correlate in increase in attacks with a Trump presidency based on this information.

Kurt.

KelvinDecember 16, 2016 5:50 AM

@ ab praeceptis,

Bruce Schneier

First - and importantly: Kudos. It is very respectable that you tolerate Trump Fans here and that you let them speak freely. I consider that very important also because of the great many confrontations in your country that were guided by pure hatred.

He didn't express endorsement for Sanders during election, but I had expected him to imploded after she lost. Bruce kinda stayed in the backseat while many techies in the open media community came out banging the Clintons drum.

Russians allegedly exposed the hypocrisy of clintonistas and I fully expect to hear all about it throughout Trump's presidency. It'll be built up towards the next election cycle and, god forbid, we could possibly be in for more of those types of exposures from both sides, though I seriously hope there's a stop to it because all the wikileaky exposures aren't exactly healthy to our democracy (right, dems?).

Clive RobinsonDecember 16, 2016 7:13 AM

@ jtgd,

Why are the victims of lack of encryption and secure servers not calling for the obvious cure?

Because, the "obvious" is not the cure and the actual "cure" is fraught with many complex issues.

For a server you have the initial "always on" and "always connected" issue. With the likes of an EMail server this also means "always a path to/from a hostile network", but worse still in many cases you have the issue of "always accept untrusted connections and untrusted data". With new flaws in server software, protocols and standards being found with regular monotony and workaround/patch times up in the multiple month periods, it's not unreasonable to surmise that all servers have vunerabilities only some of which are known and only some fraction of those you can mitigate. As an Email Server admin you have signed up for a "Red Queen's Race" which is endless and thus you will always lose at some point. Thus the only questions of interest are when?, how much damage is done?, how long it lasts?, do I still have a job?, and how do I prepare for the next attack?.. (wash, rinse, repeate).

This cycle is less than laughingly called 'The admin "Hamster wheel of pain"' in much the same way various medieval instruments of tourture had jolly names like "The Iron Maiden", "The Press" and of course the joy of "Breaking on the wheel".

The question the admin should be asking is "How do I get off/out the treadmill/wheel?". The traditional perimiter techniques, white lists etc are not going to work with a sophisticated attacker (who you can assume has 100% control of the next critical node upstream of the server). Even the likes of data diodes will not work on their own due to the ways the protocols work.

You need to think your way out very carefully. For instance, using PKI, means you need to use the private key for every inbound connection at some point. Unless you take care to protect it it will be vulnerable to theft etc, which is not what you want. Likewise many other issues, thus you start to realise you have to setup a quite long chain of protected compartments each seperated by some guard mechanism.

So you could have a front end that accepts all connections and accepts all payloads (within simple rules). It then forwards those through a data diode via UDP etc, so the payload is never stored on the front end. BUT... whilst this will work it breaks higher level protocols and standards, which may or may not be important in strange ways at a latet date. You then work your, to the next stage...

But you often hear people burbling on about "using encryption" that is a little like saying "use electricity" whilst true it's not exactly helpfull. The payload is "information" there are only three things you can do with it, 1, Communicate it; 2, Store it; 3, Process it; nothing else. Of the three encryption definatly helps with the first, both helps and hinders with the second and definitely hinders with the third. But... encryption has it's own very special world of pain called "KeyMat" and the pain is "KeyMan". Those who happily burble on about encryption have in my modest experience, not ever had the joy --or lack there of-- of doing KeyMan for more than just themselves, certainly never on a significant organisational or enterprise level. Oh and likewise few encryption "experts" on the make/break side have either. As our host noted quite a few years ago, it's something that nobody want's to research, because it's often thought to be in effect an unsolvable problem. To see why think about just what is involved with "Secure Key Distribution", PKI just "moves the problem" and introduces a whole new level of issues. Even the great hope of "Quantum Key Distribution" has it's own problems, such as it realy is a "point to point" system of limited range from the physics upwards currently, and is unlikely to be "switchable" any time soon which results in all sorts of issues including significant "trust" ones.

But, that's just the start of it as storage and processing add aditional layers of frustration, pain and hurt. For instance as a general rule of thumb "you can not process an encrypted payload" just it's meta data. Likewise Full disk encryption, does not work when the disk is in use as you need to process the file meta data. Thus you need to make both the encryption and the meta data multi level, multi user/process/container/file and even records within the payload need to be multilayer each with their own individual unique KeyMat.

And there is that weasle word "unique" as a rule of thumb "no keymat reuse" is the only way to go, but how do you go about ensuring "unique" whilst still maintaining security...

So having lightly touched just a fraction of the issues, I offer your question of "obvious cure" back to you, with a simple question of "What is the obvious cure?"...

Clive RobinsonDecember 16, 2016 7:37 AM

@ Anura,

"The more strict law is, the less room you allow for the specifics of a situation to be taken into account."

The "elephant in the room" of this is something I've teased @Wael with a couple of times. Which is,

    Every rule has an exception (including this rule).

There is no way to reason your way out of it with logic.

Thus you have to accept an unhappy state of "All rules have no exceptions" or "No rule can be relied upon". Trying to sort out what exceptions are acceptable or not, gives rise to the notion of "case law", by an independent judiciary. I think it can be fairly said that as large parts of the US system rely on elections or political apointments then independence of the US judiciary is in human terms more likely to be an exception rather than a given...

After all we know money controls the press and marketing, thus it controls a political campaign by extension. By further extension the politicians are controled by money, thus their choice of appointees is likewise controled by money. Which in turn means that by extension the judiciary are controled by money etc.

As has often been said "He who pays the piper calls the tune", thus the band, the dance the dancers, and what they do.

WinterDecember 16, 2016 7:38 AM

@Frank Ch. Eigler
"There are also numerous people who perceive a loss of "peace and prosperity" due to pernicious policies of the EU. "

Name them. The people complaining loudest have profited most.

Dan HDecember 16, 2016 7:53 AM

@Anura

You look at Hillaryous Clinton through rose-colored glasses, for whatever reason, and because of that you don't or can't see her serious flaws that have been evident for 30 years.

She is the first candidate for president that was under active criminal investigation by the FBI. That isn't a good thing. Now I realize because of those rose-colored glasses you will come up with some UFO-like conspiracy theory, but seriously... beyond top secret information being stored on an unsecured Windows email server connected to the Internet with Remote Desktop installed and active?

Speaking of her unsecured email server, which she and all Democrats think was never hacked... why do you think that? Besides the long list of State, White House, Jimmy Johns, Target, Sony, Yahoo, OPM and countless others being hacked, along with the DNC, and the Clinton Foundation, and John Podesta, all hacked, yet one of the most powerful people in the world didn't have her unsecured email server with top secret info hacked??? Preposterous to say the least.

IanashA_TitocIhDecember 16, 2016 8:07 AM

fwiw I move that Bruce help keep this thread going, possibly with or without sub-threads for thread length (if feasible), for a long time for Trump/Clinton/Intelligence/Media type issues, at least pertaining to the election. Then other threads, including weekly Friday Squids, perhaps could stay less political and more focused on Security issues.

Clive RobinsonDecember 16, 2016 8:16 AM

@ Hypocrisy,

It's funny that Bruce wants the Bigger Government but not the Big Surveillance. The more you empower the government the more it will tap into your everyday life.

Your thinking is based on problematic assumptions, therefore your conclusion is unsound.

For instance one way to limit "Big Surveillance" is to strongly restrict it by compartmentalization with strongly mandated interfaces to stop or limit transferance of information. To achive compartmentalisation requires duplication of roles, which would increase manpower. Likewise to have strongly mandated interfaces would require new posts etc. Thus you would get bigger government.

You should know this if you are thirty years or older. The big argument of "Why did 9/11 not get picked up?" was "given" as surveillance was to compartmentalized and the agencies involved were not alowed to transfer information due to certain requirments (the actuality was in fact lazyness, poor systems and turf wars). The result was the forming of the Department of Homeland Security and a whole bunch of usless boondoggles like the Transport Security Agency and Fusion Centers" to name but a fraction.

But another assumption is that Government "can be reduced", experience tells us that every time we try we end up employing more people dirrectly or indirectly by over paid consultants from accountancy firms, who have developed "endless hours billable" into a fine art. Which provides a trickle of cash back into campaign and party funds, so you can take a guess as to why government just gets bigger and bigger...

ModeratorDecember 16, 2016 9:00 AM

@IanashA_TitocIh @all : Thanks for the suggestion, but no, this is not going to happen. This is a security blog, where civil discussion of security issues is encouraged. This post is exceptional, and has attracted exceptional traffic, nearly 200 comments within 24 hours -- many of them by first- and likely only-time posters who have had nothing to say about security. Some write only to lob personal insults and "cancel their subscription," or to gripe about supposed censorship; others have bemoaned the apparent free-for-all that has unfolded here. This blog is moderated, retroactively, and we've tolerated much more heat than usual here, but it's time for the drama to end. Comments on this post are now closed. Discussion of security issues is welcome elsewhere on this blog; discussions primarily focused on politics can happen elsewhere.

Comments on this entry have been closed.

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.