Essays: 2018 Archives

Banning Chinese Phones Won't Fix Security Problems with Our Electronic Supply Chain

The real issue is overall trust.

  • Bruce Schneier
  • The Washington Post
  • May 8, 2018

Earlier this month, the Pentagon stopped selling phones made by the Chinese companies ZTE and Huawei on military bases because they might be used to spy on their users.

It's a legitimate fear, and perhaps a prudent action. But it's just one instance of the much larger issue of securing our supply chains.

All of our computerized systems are deeply international, and we have no choice but to trust the companies and governments that touch those systems.

Read More →

American Elections Are Too Easy to Hack. We Must Take Action Now

  • Bruce Schneier
  • The Guardian
  • April 18, 2018

Elections serve two purposes. The first, and obvious, purpose is to accurately choose the winner. But the second is equally important: to convince the loser. To the extent that an election system is not transparently and auditably accurate, it fails in that second purpose.

Read More →

It's Not Just Facebook. Thousands of Companies are Spying on You

  • Bruce Schneier
  • CNN
  • March 26, 2018

French translation

In the wake of the Cambridge Analytica scandal, news articles and commentators have focused on what Facebook knows about us. A lot, it turns out. It collects data from our posts, our likes, our photos, things we type and delete without posting, and things we do while not on Facebook and even when we're offline. It buys data about us from others.

Read More →

Artificial Intelligence and the Attack/Defense Balance

  • Bruce Schneier
  • IEEE Security & Privacy
  • March/April 2018

Artificial intelligence technologies have the potential to upend the longstanding advantage that attack has over defense on the Internet. This has to do with the relative strengths and weaknesses of people and computers, how those all interplay in Internet security, and where AI technologies might change things.

You can divide Internet security tasks into two sets: what humans do well and what computers do well. Traditionally, computers excel at speed, scale, and scope.

Read More →

Can Consumers' Online Data Be Protected?

  • Bruce Schneier
  • CQ Researcher
  • February 9, 2018

This essay appeared as half of a point/counterpoint with Priscilla Regan, in a CQ Researcher report on Privacy and the Internet.

Con

Everything online is hackable. This is true for Equifax's data and the federal Office of Personal Management's data, which was hacked in 2015. If information is on a computer connected to the internet, it is vulnerable.

But just because everything is hackable doesn't mean everything will be hacked.

Read More →

How to Fight Mass Surveillance Even Though Congress Just Reauthorized It

What the battle looks like after Section 702's reauthorization

  • Bruce Schneier
  • The Washington Post
  • January 25, 2018

For over a decade, civil libertarians have been fighting government mass surveillance of innocent Americans over the Internet. We've just lost an important battle. On Jan. 18, when President Trump signed the renewal of Section 702, domestic mass surveillance became effectively a permanent part of U.S. law.

Read More →

The New Way Your Computer Can Be Attacked

Unprecedented computer-chip vulnerabilities exposed this month paint a grim picture of the future of cybersecurity.

  • Bruce Schneier
  • The Atlantic
  • January 22, 2018

Portuguese translation

On January 3, the world learned about a series of major security vulnerabilities in modern microprocessors. Called Spectre and Meltdown, these vulnerabilities were discovered by several different researchers last summer, disclosed to the microprocessors' manufacturers, and patched—at least to the extent possible.

This news isn't really any different from the usual endless stream of security vulnerabilities and patches, but it's also a harbinger of the sorts of security problems we're going to be seeing in the coming years. These are vulnerabilities in computer hardware, not software.

Read More →

The Security of Pretty Much Every Computer on the Planet Has Just Gotten a Lot Worse

  • Bruce Schneier
  • CNN
  • January 5, 2018

The security of pretty much every computer on the planet has just gotten a lot worse, and the only real solution—which,of course, is not a solution—is to throw them all away and buy new ones that may be available in a few years.

On Wednesday, researchers announced a series of major security vulnerabilities in the microprocessors at the heart of the world's computers for the past 15 to 20 years. They've been named Spectre and Meltdown, and they operate by manipulating different ways processors optimize performance by rearranging the order of instructions or performing different instructions in parallel. An attacker who controls one process on a system can use the vulnerabilities to steal secrets from elsewhere on the computer.

Read More →

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.