Schneier on Security

Clive Robinson • June 14, 2025 12:19 AM

@ Andy,

With regards,

“At some point the problem is with Apple and Google and not the attacker. Why can’t they deliver secure software?!”

Because “software” is not the problem “the user is”.

Users want,

1.1, Convenience
1.2, Ease of use
1.3, Low cost
1.4, Not to think just act
1.5, Not carry any responsibility

And a few more things along those lines.

The first three on the list are what drives the design of the products.

The next two are people going to the wrong end of the,

“Personal Rights v. Social Responsibility”

Spectrum.

If you want security you have to accept two basic concepts,

2.1, Segregation
2.2, Least connectivity

And they have to apply from the bottom most layers of the computing stack all the way to the top.

Traditionally we do not present the stack in anything like a complete way, just some “bits in the middle” as seen in the 7layer ISO-OSI and 4layer DOD-IP stacks.

As an apparantly “unbreakable blinkered view” people do not venture into the “Physical layers” at the bottom, nor do they venture into the “Social layers” at the top.

But also few understand that Data/Code are actually indistinguishable from each other, they are just a “bag of bits”(BoB), that has no meaning without mata-data. Meta-data is what code is all about, and in turn meta-data has no meaning without meta-meta-data that is where humans tend to actually act/exist (yes there are other “meta” layers just as there are many if not endless semantic layers in language).

It is at the human layers that Data/Code becomes useful thus “information”.

More than a human lifetime of experience with computing tells mankind you can not separate code/data they have to exist not side by side but together. One without the other is not just useless but “meaningless”.

There are three basic things you can do with information,

3.1, Store it
3.2, Communicate it
3.3, Process it.

Less well realised is that “information in isolation” not just has no utility, it is actually meaningless… Because it can not be used to do “work”.

So to “be secure” means the “information” can not be used usefully to do “work”…

You might have heard the old,

“Information wants to be free.”

The reality is information has to be free to do work and so be of any use hence the expression “closed book” in it’s many forms.

But also remember the sage advice of Benjamin Franklin –restating advice given in “Romeo and Juliet”– of,

“Three may keep a secret, if two of them are dead”

Applies to “information” and it’s security…

If you only “store information” i.e. “Data at rest”, then you can keep it secret, but communicating and processing information by their very nature are insecure.

Like “work” in the more general sense communications and processing are “inefficient” and thus there is “waste” that escapes into the environment. The waste is “always modulated” by the “work” and the “work” is always correlated by it’s use.

In information security we call the waste “side channels” and just as with the use of energy if it does not get dispersed into the larger environment then work can not be done.

It’s what Claude Shannon was stumbling around back in or before WWII and why his thoughts gave rise to the same basic truths about information as entropy relates to energy (because the processes are effectively the same).

He realised that communications was not possible without “waste” in the form of “redundancy”.

Some years later Gus Simmons showed that “where there is redundancy, side channels must exist”… And through those information leaks.

So all you can really do is,

4.1, Constrain the environment
4.2, Reduce channel bandwidth
4.3, Remove/obscure statistics

But even then given sufficient time and analysis information will leak out into the greater environment as “work is done” with information.

But all of these constraints are in conflict with what users mostly want (see first three items in list 1).