Latest Essays

Should Some Secrets Be Exposed?

  • Bruce Schneier
  • CNN
  • July 7, 2015

Recently, WikiLeaks began publishing over half a million previously secret cables and other documents from the Foreign Ministry of Saudi Arabia. It's a huge trove, and already reporters are writing stories about the highly secretive government.

What Saudi Arabia is experiencing isn't common but part of a growing trend.

Just last week, unknown hackers broke into the network of the cyber-weapons arms manufacturer Hacking Team and published 400 gigabytes of internal data, describing, among other things, its sale of Internet surveillance software to totalitarian regimes around the world.

Read More →

Why We Encrypt

  • Bruce Schneier
  • Foreword to Privacy International's Securing Safe Spaces Online
  • June 2015

Russian translation

Encryption protects our data. It protects our data when it’s sitting on our computers and in data centres, and it protects it when it's being transmitted around the Internet. It protects our conversations, whether video, voice, or text. It protects our privacy.

Read More →

China and Russia Almost Definitely Have the Snowden Docs

  • Bruce Schneier
  • Wired
  • June 16, 2015

Last weekend, the Sunday Times published a front-page story (full text here), citing anonymous British sources claiming that both China and Russia have copies of the Snowden documents. It's a terrible article, filled with factual inaccuracies and unsubstantiated claims about both Snowden's actions and the damage caused by his disclosure, and others have thoroughly refuted the story. I want to focus on the actual question: Do countries like China and Russia have copies of the Snowden documents?

I believe the answer is certainly yes, but that it's almost certainly not Snowden's fault.

Read More →

Why are We Spending $7 Billion on TSA?

  • Bruce Schneier
  • CNN
  • June 5, 2015

News that the Transportation Security Administration missed a whopping 95% of guns and bombs in recent airport security "red team" tests was justifiably shocking. It's clear that we're not getting value for the $7 billion we're paying the TSA annually.

But there's another conclusion, inescapable and disturbing to many, but good news all around: We don't need $7 billion worth of airport security. These results demonstrate that there isn't much risk of airplane terrorism, and we should ratchet security down to pre-9/11 levels.

Read More →

Debate: Should Companies Do Most of Their Computing in the Cloud?

  • Bruce Schneier
  • The Economist
  • June 5, 2015

From May 26th to June 5th, 2015, The Economist hosted a debate on cloud computing, with Ludwig Siegele as moderator, Simon Crosby taking the Yes position, and Bruce Schneier as No. For the full debate, see The Economist's site. Bruce's entries are reprinted below.

Opening Remarks

Yes. No. Yes. Maybe. Yes. Okay, it’s complicated.

The economics of cloud computing are compelling.

Read More →

How We Sold Our Souls—and More—to the Internet Giants

From TVs that listen in on us to a doll that records your child’s questions, data collection has become both dangerously intrusive and highly profitable. Is it time for governments to act to curb online surveillance?

  • Bruce Schneier
  • The Guardian
  • May 17, 2015

Last year, when my refrigerator broke, the repair man replaced the computer that controls it. I realised that I had been thinking about the refrigerator backwards: it's not a refrigerator with a computer, it's a computer that keeps food cold. Just like that, everything is turning into a computer.

Read More →

Could Your Plane Be Hacked?

  • Bruce Schneier
  • CNN
  • April 16, 2015

Imagine this: A terrorist hacks into a commercial airplane from the ground, takes over the controls from the pilots and flies the plane into the ground. It sounds like the plot of some "Die Hard" reboot, but it's actually one of the possible scenarios outlined in a new Government Accountability Office report on security vulnerabilities in modern airplanes.

It's certainly possible, but in the scheme of Internet risks I worry about, it's not very high. I'm more worried about the more pedestrian attacks against more common Internet-connected devices.

Read More →

Baseball’s New Metal Detectors Won’t Keep You Safe. They’ll Just Make You Miss a Few Innings

Security theater meets America's pastime.

  • Bruce Schneier
  • The Washington Post
  • April 14, 2015

Fans attending Major League Baseball games are being greeted in a new way this year: with metal detectors at the ballparks. Touted as a counterterrorism measure, they're nothing of the sort. They're pure security theater: They look good without doing anything to make us safer. We're stuck with them because of a combination of buck passing, CYA thinking and fear.

Read More →

The Big Idea: Bruce Schneier

  • Bruce Schneier
  • Whatever
  • March 4, 2015

What's your electronic data worth to you? What is it worth to others? And what's the dividing line between your privacy and your convenience? These are questions Bruce Schneier thinks a lot about, and as he shows in Data and Goliath, they are questions which have an impact on where society and technology are going next.

BRUCE SCHNEIER:

Data and Goliath is a book about surveillance, both government and corporate. It's an exploration in three parts: what's happening, why it matters, and what to do about it.

Read More →

Hacker or Spy? In Today's Cyberattacks, Finding the Culprit Is a Troubling Puzzle

  • Bruce Schneier
  • The Christian Science Monitor
  • March 4, 2015

The Sony hack revealed the challenges of identifying perpetrators of cyberattacks, especially as hackers can masquerade as government soldiers and spies, and vice versa. It's a dangerous new dynamic for foreign relations, especially as what governments know about hackers – and how they know it – remains secret.

The vigorous debate after the Sony Pictures breach pitted the Obama administration against many of us in the cybersecurity community who didn't buy Washington's claim that North Korea was the culprit.

What's both amazing—and perhaps a bit frightening—about that dispute over who hacked Sony is that it happened in the first place.

But what it highlights is the fact that we're living in a world where we can't easily tell the difference between a couple of guys in a basement apartment and the North Korean government with an estimated $10 billion military budget.

Read More →

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of Resilient Systems, Inc.