Latest Essays

Credential Stealing as Attack Vector

  • Bruce Schneier
  • Xconomy
  • April 20, 2016

Portuguese translation

Traditional computer security concerns itself with vulnerabilities. We employ antivirus software to detect malware that exploits vulnerabilities. We have automatic patching systems to fix vulnerabilities. We debate whether the FBI should be permitted to introduce vulnerabilities in our software so it can get access to systems with a warrant.

Read More →

The Value of Encryption

  • Bruce Schneier
  • The Ripon Forum
  • April 2016

In today's world of ubiquitous computers and networks, it's hard to overstate the value of encryption. Quite simply, encryption keeps you safe. Encryption protects your financial details and passwords when you bank online. It protects your cell phone conversations from eavesdroppers.

Read More →

Can You Trust IRS to Keep Your Tax Data Secure?

  • Bruce Schneier
  • CNN
  • April 13, 2016

Monday is Tax Day. Many of us are thinking about our taxes. Are they too high or too low? What's our money being spent on? Do we have a government worth paying for?

Read More →

Your iPhone Just Got Less Secure. Blame the FBI.

When Johns Hopkins discovered a different security flaw, it notified Apple so the problem could be fixed. The FBI is keeping its newly found breach a secret from everyone.

  • Bruce Schneier
  • The Washington Post
  • March 29, 2016

The FBI's legal battle with Apple is over, but the way it ended may not be good news for anyone.

Federal agents had been seeking to compel Apple to break the security of an iPhone 5c that had been used by one of the San Bernardino, Calif., terrorists. Apple had been fighting a court order to cooperate with the FBI, arguing that the authorities' request was illegal and that creating a tool to break into the phone was itself harmful to the security of every iPhone user worldwide.

Last week, the FBI told the court it had learned of a possible way to break into the phone using a third party's solution, without Apple's help.

Read More →

Cryptography Is Harder Than It Looks

  • Bruce Schneier
  • IEEE Security & Privacy
  • January/February 2016

Writing a magazine column is always an exercise in time travel. I'm writing these words in early December. You're reading them in February. This means anything that's news as I write this will be old hat in two months, and anything that's news to you hasn't happened yet as I'm writing.

Read More →

Data Is a Toxic Asset, So Why Not Throw It Out?

  • Bruce Schneier
  • CNN
  • March 1, 2016

Thefts of personal information aren't unusual. Every week, thieves break into networks and steal data about people, often tens of millions at a time. Most of the time it's information that's needed to commit fraud, as happened in 2015 to Experian and the IRS.

Sometimes it's stolen for purposes of embarrassment or coercion, as in the 2015 cases of Ashley Madison and the U.S.

Read More →

A ‘Key’ for Encryption, Even for Good Reasons, Weakens Security

  • Bruce Schneier
  • The New York Times Room for Debate
  • February 23, 2016

This essay is part of a debate with Denise Zheng of the Center for Strategic and International Studies.

Encryption keeps you safe. Encryption protects your financial details and passwords when you bank online. It protects your cell phone conversations from eavesdroppers. If you encrypt your laptop—and I hope you do—it protects your data if your computer is stolen.

Read More →

Why You Should Side With Apple, Not the FBI, in the San Bernardino iPhone Case

Either everyone gets security, or no one does.

  • Bruce Schneier
  • The Washington Post
  • February 18, 2016

Earlier this week, a federal magistrate ordered Apple to assist the FBI in hacking into the iPhone used by one of the San Bernardino shooters. Apple will fight this order in court.

The policy implications are complicated. The FBI wants to set a precedent that tech companies will assist law enforcement in breaking their users' security, and the technology community is afraid that the precedent will limit what sorts of security features it can offer customers.

Read More →

Candidates Won't Hesitate to Use Manipulative Advertising to Score Votes

Advertising in the 2016 election is going to be highly personalized, targeting voters’ personal information to sway their decisions

  • Bruce Schneier
  • The Guardian
  • February 4, 2016

This presidential election, prepare to be manipulated.

In politics, as in the marketplace, you are the consumer. But you only have one vote to "spend" per election, and in November you'll almost always only have two possible candidates on which to spend it.

In every election, both of those candidates are going to pull every trick in the surveillance-driven, highly personalized internet advertising world to get you to vote for them.

Read More →

The Internet of Things Will Be the World's Biggest Robot

  • Bruce Schneier
  • Forbes
  • February 2, 2016

Hebrew translation

The Internet of Things is the name given to the computerization of everything in our lives. Already you can buy Internet-enabled thermostats, light bulbs, refrigerators, and cars. Soon everything will be on the Internet: the things we own, the things we interact with in public, autonomous things that interact with each other.

These "things" will have two separate parts.

Read More →

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of Resilient, an IBM Company.