Latest Essays

We’re Banning Facial Recognition. We’re Missing the Point.

The whole point of modern surveillance is to treat people differently, and facial recognition technologies are only a small part of that.

  • Bruce Schneier
  • The New York Times
  • January 20, 2020

Communities across the United States are starting to ban facial recognition technologies. In May of last year, San Francisco banned facial recognition; the neighboring city of Oakland soon followed, as did Somerville and Brookline in Massachusetts (a statewide ban may follow). In December, San Diego suspended a facial recognition program in advance of a new statewide law, which declared it illegal, coming into effect. Forty major music festivals pledged not to use the technology, and activists are calling for a nationwide ban.

Read More →

China Isn’t the Only Problem With 5G

The network has plenty of other security weaknesses, including ones the United States doesn’t want to fix since they help its own surveillance efforts.

  • Bruce Schneier
  • Foreign Policy
  • January 10, 2020

The security risks inherent in Chinese-made 5G networking equipment are easy to understand. Because the companies that make the equipment are subservient to the Chinese government, they could be forced to include backdoors in the hardware or software to give Beijing remote access. Eavesdropping is also a risk, although efforts to listen in would almost certainly be detectable. More insidious is the possibility that Beijing could use its access to degrade or disrupt communications services in the event of a larger geopolitical conflict.

Read More →

Bots Are Destroying Political Discourse As We Know It

They’re mouthpieces for foreign actors, domestic political groups, even the candidates themselves. And soon you won’t be able to tell they’re bots.

  • Bruce Schneier
  • The Atlantic
  • January 7, 2020

Presidential-campaign season is officially, officially, upon us now, which means it's time to confront the weird and insidious ways in which technology is warping politics. One of the biggest threats on the horizon: Artificial personas are coming, and they're poised to take over political debate. The risk arises from two separate threads coming together: artificial-intelligence-driven text generation and social-media chatbots. These computer-generated "people" will drown out actual human discussions on the internet.

Read More →

We Must Bridge the Gap Between Technology and Policymaking. Our Future Depends on It

  • Bruce Schneier
  • World Economic Forum
  • November 12, 2019

This essay also appeared in The OECD Forum Network.

Technologists and policymakers largely inhabit two separate worlds. It's an old problem, one that the British scientist CP Snow identified in a 1959 essay entitled The Two Cultures. He called them sciences and humanities, and pointed to the split as a major hindrance to solving the world's problems. The essay was influential - but 60 years later, nothing has changed.

Read More →

Every Part of the Supply Chain Can Be Attacked

When it comes to 5G technology, we have to build a trustworthy system out of untrustworthy parts.

  • Bruce Schneier
  • The New York Times
  • September 25, 2019

The United States government's continuing disagreement with the Chinese company Huawei underscores a much larger problem with computer technologies in general: We have no choice but to trust them completely, and it's impossible to verify that they're trustworthy. Solving this problem — which is increasingly a national security issue — will require us to both make major policy changes and invent new technologies.

The Huawei problem is simple to explain. The company is based in China and subject to the rules and dictates of the Chinese government.

Read More →

The Real Threat from China Isn't "Spy Trains"

  • Bruce Schneier
  • CNN
  • September 21, 2019

The trade war with China has reached a new industry: subway cars. Congress is considering legislation that would prevent the world's largest train maker, the Chinese-owned CRRC Corporation, from competing on new contracts in the United States.

Part of the reasoning behind this legislation is economic, and stems from worries about Chinese industries undercutting the competition and dominating key global industries. But another part involves fears about national security.

Read More →

What Digital Nerds and Bio Geeks Have to Worry About

  • Bruce Schneier and Larisa Rudenko
  • CNN
  • September 13, 2019

All of life is based on the coordinated action of genetic parts (genes and their controlling sequences) found in the genomes (the complete DNA sequence) of organisms.

Genes and genomes are based on code-- just like the digital language of computers. But instead of zeros and ones, four DNA letters --- A, C, T, G—encode all of life. (Life is messy, and there are actually all sorts of edge cases, but ignore that for now.) If you have the sequence that encodes an organism, in theory, you could recreate it.

Read More →

The Myth of Consumer Security

  • Bruce Schneier
  • Lawfare
  • August 26, 2019

The Department of Justice wants access to encrypted consumer devices but promises not to infiltrate business products or affect critical infrastructure. Yet that's not possible, because there is no longer any difference between those categories of devices. Consumer devices are critical infrastructure. They affect national security.

Read More →

8 Ways to Stay Ahead of Influence Operations

With election meddling inevitable in 2020, the United States needs a powerful kill chain.

  • Bruce Schneier
  • Foreign Policy
  • August 12, 2019

Influence operations are elusive to define. The Rand Corp.’s definition is as good as any: “the collection of tactical information about an adversary as well as the dissemination of propaganda in pursuit of a competitive advantage over an opponent.” Basically, we know it when we see it, from bots controlled by the Russian Internet Research Agency to Saudi attempts to plant fake stories and manipulate political debate. These operations have been run by Iran against the United States, Russia against Ukraine, China against Taiwan, and probably lots more besides.

Since the 2016 U.S.

Read More →

Attorney General William Barr on Encryption Policy

  • Bruce Schneier
  • Lawfare
  • July 23, 2019

This morning, Attorney General William Barr gave a major speech on encryption policy—what is commonly known as "going dark." Speaking at Fordham University in New York, he admitted that adding backdoors decreases security but that it is worth it.

Some hold this view dogmatically, claiming that it is technologically impossible to provide lawful access without weakening security against unlawful access. But, in the world of cybersecurity, we do not deal in absolute guarantees but in relative risks. All systems fall short of optimality and have some residual risk of vulnerability—a point which the tech community acknowledges when they propose that law enforcement can satisfy its requirements by exploiting vulnerabilities in their products.

Read More →

Sidebar photo of Bruce Schneier by Joe MacInnis.