Latest Essays

How We Sold Our Souls—and More—to the Internet Giants

From TVs that listen in on us to a doll that records your child’s questions, data collection has become both dangerously intrusive and highly profitable. Is it time for governments to act to curb online surveillance?

  • Bruce Schneier
  • The Guardian
  • May 17, 2015

Last year, when my refrigerator broke, the repair man replaced the computer that controls it. I realised that I had been thinking about the refrigerator backwards: it's not a refrigerator with a computer, it's a computer that keeps food cold. Just like that, everything is turning into a computer.

Read More →

Could Your Plane Be Hacked?

  • Bruce Schneier
  • CNN
  • April 16, 2015

Imagine this: A terrorist hacks into a commercial airplane from the ground, takes over the controls from the pilots and flies the plane into the ground. It sounds like the plot of some "Die Hard" reboot, but it's actually one of the possible scenarios outlined in a new Government Accountability Office report on security vulnerabilities in modern airplanes.

It's certainly possible, but in the scheme of Internet risks I worry about, it's not very high. I'm more worried about the more pedestrian attacks against more common Internet-connected devices.

Read More →

Baseball’s New Metal Detectors Won’t Keep You Safe. They’ll Just Make You Miss a Few Innings

Security theater meets America's pastime.

  • Bruce Schneier
  • The Washington Post
  • April 14, 2015

Fans attending Major League Baseball games are being greeted in a new way this year: with metal detectors at the ballparks. Touted as a counterterrorism measure, they're nothing of the sort. They're pure security theater: They look good without doing anything to make us safer. We're stuck with them because of a combination of buck passing, CYA thinking and fear.

Read More →

The Big Idea: Bruce Schneier

  • Bruce Schneier
  • Whatever
  • March 4, 2015

What's your electronic data worth to you? What is it worth to others? And what's the dividing line between your privacy and your convenience? These are questions Bruce Schneier thinks a lot about, and as he shows in Data and Goliath, they are questions which have an impact on where society and technology are going next.

BRUCE SCHNEIER:

Data and Goliath is a book about surveillance, both government and corporate. It's an exploration in three parts: what's happening, why it matters, and what to do about it.

Read More →

Hacker or Spy? In Today's Cyberattacks, Finding the Culprit Is a Troubling Puzzle

  • Bruce Schneier
  • The Christian Science Monitor
  • March 4, 2015

The Sony hack revealed the challenges of identifying perpetrators of cyberattacks, especially as hackers can masquerade as government soldiers and spies, and vice versa. It's a dangerous new dynamic for foreign relations, especially as what governments know about hackers – and how they know it – remains secret.

The vigorous debate after the Sony Pictures breach pitted the Obama administration against many of us in the cybersecurity community who didn't buy Washington's claim that North Korea was the culprit.

What's both amazing—and perhaps a bit frightening—about that dispute over who hacked Sony is that it happened in the first place.

But what it highlights is the fact that we're living in a world where we can't easily tell the difference between a couple of guys in a basement apartment and the North Korean government with an estimated $10 billion military budget.

Read More →

The World's Most Sophisticated Hacks: Governments?

  • Bruce Schneier
  • Fortune
  • March 3, 2015

Last month, Moscow-based security software maker Kaspersky Labs published detailed information on what it calls the Equation Group and how the U.S. National Security Agency and their U.K. counterpart, GCHQ, have figure how to embed spyware deep inside computers, gaining almost total control of those computers to eavesdrop on most of the world's computers, even in the face of reboots, operating system reinstalls, and commercial anti-virus products. The details are impressive, and I urge anyone interested in tech to read the Kaspersky documents, or these very detailed articles.

Read More →

Cyberweapons Have No Allegiance

  • Bruce Schneier
  • Motherboard
  • February 25, 2015

The thing about infrastructure is that everyone uses it. If it's secure, it's secure for everyone. And if it's insecure, it's insecure for everyone. This forces some hard policy choices.

Read More →

Everyone Wants You To Have Security, But Not From Them

  • Bruce Schneier
  • Forbes
  • February 23, 2015

French translation

In December Google's Executive Chairman Eric Schmidt was interviewed at the CATO Institute Surveillance Conference. One of the things he said, after talking about some of the security measures his company has put in place post-Snowden, was: "If you have important information, the safest place to keep it is in Google. And I can assure you that the safest place to not keep it is anywhere else."

The surprised me, because Google collects all of your information to show you more targeted advertising. Surveillance is the business model of the Internet, and Google is one of the most successful companies at that. To claim that Google protects your privacy better than anyone else is to profoundly misunderstand why Google stores your data for free in the first place.

Read More →

Your TV May Be Watching You

  • Bruce Schneier
  • CNN
  • February 11, 2015

German translation by Damian Weber

Earlier this week, we learned that Samsung televisions are eavesdropping on their owners. If you have one of their Internet-connected smart TVs, you can turn on a voice command feature that saves you the trouble of finding the remote, pushing buttons and scrolling through menus. But making that feature work requires the television to listen to everything you say. And what you say isn't just processed by the television; it may be forwarded over the Internet for remote processing.

Read More →

When Thinking Machines Break The Law

  • Bruce Schneier
  • Edge
  • January 28, 2015

Last year, two Swiss artists programmed a Random Botnot Shopper, which every week would spend $100 in bitcoin to buy a random item from an anonymous Internet black market...all for an art project on display in Switzerland. It was a clever concept, except there was a problem. Most of the stuff the bot purchased was benign—fake Diesel jeans, a baseball cap with a hidden camera, a stash can, a pair of Nike trainers—but it also purchased ten ecstasy tablets and a fake Hungarian passport.

What do we do when a machine breaks the law?

Read More →

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of Resilient Systems, Inc.