Latest Essays

Evaluating the GCHQ Exceptional Access Proposal

  • Bruce Schneier
  • Lawfare
  • January 17, 2019

The so-called Crypto Wars have been going on for 25 years now. Basically, the FBI—and some of their peer agencies in the U.K., Australia, and elsewhere—argue that the pervasive use of civilian encryption is hampering their ability to solve crimes and that they need the tech companies to make their systems susceptible to government eavesdroping. Sometimes their complaint is about communications systems, like voice or messaging apps. Sometimes it's about end-user devices.

Read More →

Machine Learning Will Transform How We Detect Software Vulnerabilities

  • Bruce Schneier
  • SecurityIntelligence
  • December 18, 2018

No one doubts that artificial intelligence (AI) and machine learning will transform cybersecurity. We just don't know how, or when. While the literature generally focuses on the different uses of AI by attackers and defenders — and the resultant arms race between the two — I want to talk about software vulnerabilities.

All software contains bugs.

Read More →

The Most Damaging Election Disinformation Campaign Came From Donald Trump, Not Russia

  • Bruce Schneier and Henry Farrell
  • Motherboard
  • November 19, 2018

On November 4, 2016, the hacker "Guccifer 2.0," a front for Russia's military intelligence service, claimed in a blogpost that the Democrats were likely to use vulnerabilities to hack the presidential elections. On November 9, 2018, President Donald Trump started tweeting about the senatorial elections in Florida and Arizona. Without any evidence whatsoever, he said that Democrats were trying to steal the election through "FRAUD."

Cybersecurity experts would say that posts like Guccifer 2.0's are intended to undermine public confidence in voting: a cyber-attack against the US democratic system. Yet Donald Trump's actions are doing far more damage to democracy.

Read More →

Surveillance Kills Freedom By Killing Experimentation

  • Bruce Schneier
  • Wired
  • November 16, 2018

Excerpted from the upcoming issue of McSweeney's, "The End of Trust," a collection featuring more than 30 writers investigating surveillance, technology, and privacy.

In my book Data and Goliath, I write about the value of privacy. I talk about how it is essential for political liberty and justice, and for commercial fairness and equality. I talk about how it increases personal freedom and individual autonomy, and how the lack of it makes us all less secure. But this is probably the most important argument as to why society as a whole must protect privacy: it allows society to progress.

Read More →

Information Attacks on Democracies

  • Henry Farrell and Bruce Schneier
  • Lawfare
  • November 15, 2018

Democracy is an information system.

That's the starting place of our new paper: "Common-Knowledge Attacks on Democracy." In it, we look at democracy through the lens of information security, trying to understand the current waves of Internet disinformation attacks. Specifically, we wanted to explain why the same disinformation campaigns that act as a stabilizing influence in Russia are destabilizing in the United States.

The answer revolves around the different ways autocracies and democracies work as information systems.

Read More →

We Need Stronger Cybersecurity Laws for the Internet of Things

  • Bruce Schneier
  • CNN
  • November 9, 2018

Due to ever-evolving technological advances, manufacturers are connecting consumer goods—from toys to lightbulbs to major appliances—to the internet at breakneck speeds. This is the Internet of Things, and it's a security nightmare.

The Internet of Things fuses products with communications technology to make daily life more effortless. Think Amazon's Alexa, which not only answers questions and plays music but allows you to control your home's lights and thermostat.

Read More →

Nobody’s Cellphone Is Really That Secure

But most of us aren’t the president of the United States.

  • Bruce Schneier
  • The Atlantic
  • October 26, 2018

Earlier this week, The New York Times reported that the Russians and the Chinese were eavesdropping on President Donald Trump's personal cellphone and using the information gleaned to better influence his behavior. This should surprise no one. Security experts have been talking about the potential security vulnerabilities in Trump's cellphone use since he became president. And President Barack Obama bristled at—but acquiesced to—the security rules prohibiting him from using a "regular" cellphone throughout his presidency.

Read More →

Internet Hacking Is About to Get Much Worse

We can no longer leave online security to the market.

  • Bruce Schneier
  • The New York Times
  • October 11, 2018

It's no secret that computers are insecure. Stories like the recent Facebook hack, the Equifax hack and the hacking of government agencies are remarkable for how unremarkable they really are. They might make headlines for a few days, but they're just the newsworthy tip of a very large iceberg.

The risks are about to get worse, because computers are being embedded into physical devices and will affect lives, not just our data.

Read More →

Cryptography after the Aliens Land

  • Bruce Schneier
  • IEEE Security & Privacy
  • September/October 2018

Quantum computing is a new way of computing—one that could allow humankind to perform computations that are simply impossible using today's computing technologies. It allows for very fast searching, something that would break some of the encryption algorithms we use today. And it allows us to easily factor large numbers, something that would break the RSA cryptosystem for any key length.

This is why cryptographers are hard at work designing and analyzing "quantum-resistant" public-key algorithms.

Read More →

Don't Fear the TSA Cutting Airport Security. Be Glad That They’re Talking about It.

  • Bruce Schneier
  • The Washington Post
  • August 7, 2018

Last week, CNN reported that the Transportation Security Administration is considering eliminating security at U.S. airports that fly only smaller planes — 60 seats or fewer. Passengers connecting to larger planes would clear security at their destinations.

To be clear, the TSA has put forth no concrete proposal.

Read More →

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.