Essays: 2020 Archives
The US Has Suffered a Massive Cyberbreach. It’s Hard to Overstate How Bad It Is
This is a security failure of enormous proportions – and a wake-up call. The US must rethink its cybersecurity protocols
Recent news articles have all been talking about the massive Russian cyber-attack against the United States, but that’s wrong on two accounts. It wasn’t a cyber-attack in international relations terms, it was espionage. And the victim wasn’t just the US, it was the entire world. But it was massive, and it is dangerous.
Espionage is internationally allowed in peacetime. The problem is that both espionage and cyber-attacks require the same computer and network intrusions, and the difference is only a few keystrokes. And since this Russian operation isn’t at all targeted, the entire world is at risk—and not just from Russia. Many countries carry out these sorts of operations, none more extensively than the US. The solution is to prioritize security and defense over espionage and attack…
The Peril of Persuasion in the Big Tech Age
Persuasion is essential to society and democracy, but we need new rules governing how companies can harness it.
Persuasion is as old as our species. Both democracy and the market economy depend on it. Politicians persuade citizens to vote for them, or to support different policy positions. Businesses persuade consumers to buy their products or services. We all persuade our friends to accept our choice of restaurant, movie, and so on. It’s essential to society; we couldn’t get large groups of people to work together without it. But as with many things, technology is fundamentally changing the nature of persuasion. And society needs to adapt its rules of persuasion or suffer the consequences…
What Makes Trump’s Subversion Efforts So Alarming? His Collaborators
The president has been trying to dismantle our shared beliefs about democracy. And now, his fellow Republicans are helping him.
Last Thursday, Rudy Giuliani, a Trump campaign lawyer, alleged a widespread voting conspiracy involving Venezuela, Cuba and China. Another lawyer, Sidney Powell, argued that Mr. Trump won in a landslide, the entire election in swing states should be overturned and the legislatures should make sure that the electors are selected for the president.
The Republican National Committee swung in to support her false claim that Mr. Trump won in a landslide, while Michigan election officials have tried to stop the certification of the vote.
It is wildly unlikely that their efforts can block Joe Biden from becoming president. But they may still do lasting damage to American democracy for a shocking reason: The moves have come from trusted insiders…
The Unrelenting Horizonlessness of the Covid World
Six months into the pandemic with no end in sight, many of us have been feeling a sense of unease that goes beyond anxiety or distress. It’s a nameless feeling that somehow makes it hard to go on with even the nice things we regularly do.
What’s blocking our everyday routines is not the anxiety of lockdown adjustments, or the worries about ourselves and our loved ones—real though those worries are. It isn’t even the sense that, if we’re really honest with ourselves, much of what we do is pretty self-indulgent when held up against the urgency of a global pandemic…
Hacking the Tax Code
View or Download in PDF Format
The tax code isn’t software. It doesn’t run on a computer. But it’s still code. It’s a series of algorithms that takes an input—financial information for the year—and produces an output: the amount of tax owed. It’s incredibly complex code; there are a bazillion details and exceptions and special cases. It consists of government laws, rulings from the tax authorities, judicial decisions, and legal opinions.
Like computer code, the tax code has bugs. They might be mistakes in how the tax laws were written. They might be mistakes in how the tax code is interpreted, oversights in how parts of the law were conceived, or unintended omissions of some sort or another. They might arise from the exponentially huge number of ways different parts of the tax code interact…
The Twitter Hacks Have to Stop
Czech translation
Spanish translation
Twitter was hacked this week. Not a few people’s Twitter accounts, but all of Twitter. Someone compromised the entire Twitter network, probably by stealing the log-in credentials of one of Twitter’s system administrators. Those are the people trusted to ensure that Twitter functions smoothly.
The hacker used that access to send tweets from a variety of popular and trusted accounts, including those of Joe Biden, Bill Gates, and Elon Musk, as part of a mundane scam—stealing bitcoin—but it’s easy to envision more nefarious scenarios. Imagine a government using this sort of attack against another government, coordinating a series of fake tweets from hundreds of politicians and other public figures the day before a major election, to affect the outcome. Or to escalate an …
Bruce Schneier says we need to embrace inefficiency to save our economy
It took a global pandemic and stay-at-home orders for 1.5 billion people worldwide, but something is finally occurring to us: The future we thought we expected may not be the one we get.
We know that things will change; how they’ll change is a mystery. To envision a future altered by coronavirus, Quartz asked dozens of experts for their best predictions on how the world will be different in five years.
Below is an answer from Bruce Schneier, a security expert focused on technology. He is a fellow at the Berkman Klein Center for Internet & Society at Harvard University and a lecturer in public policy at the Harvard Kennedy School. He is also the author of more than a dozen books—his latest, …
The Public Good Requires Private Data
This essay appeared as part of a round table on “How the Coronavirus Pandemic Will Permanently Expand Government Powers.”
There’s been a fundamental battle in Western societies about the use of personal data, one that pits the individual’s right to privacy against the value of that data to all of us collectively. Until now, most of that discussion has focused on surveillance capitalism. For example, Google Maps shows us real-time traffic, but it does so by collecting location data from everyone using the service.
COVID-19 adds a new urgency to the debate and brings in new actors such as public health authorities and the medical sector. It’s not just about smartphone apps tracing contacts with infected people that are currently being rolled out by corporations and governments around the world. The medical community will seize the pandemic to boost its case for accessing detailed health data to perform all sorts of research studies. Public health authorities will push for more surveillance in order to get early warning of future pandemics. It’s the same trade-off. Individually, the data is very intimate. But collectively, it has enormous value to us all…
Attacking Machine Learning Systems
The field of machine learning security is progressing rapidly, and new risks have been detected. Machine learning technologies and solutions are expected to become prominent features in the information security landscape.
View or Download in PDF Format
The field of machine learning (ML) security—and corresponding adversarial ML—is rapidly advancing as researchers develop sophisticated techniques to perturb, disrupt, or steal the ML model or data. It’s a heady time; because we know so little about the security of these systems, there are many opportunities for new researchers to publish in this field. In many ways, this circumstance reminds me of the cryptanalysis field in the 1990. And there is a lesson in that similarity: the complex mathematical attacks make for good academic papers, but we mustn’t lose sight of the fact that insecure software will be the likely attack vector for most ML systems…
How Hackers and Spies Could Sabotage the Coronavirus Fight
Intelligence services have a long history of manipulating information on health issues, and an epidemic is especially tempting for interference. Why aren’t we better prepared?
The world is racing to contain the new coronavirus that is spreading around the globe with alarming speed. Right now, pandemic disease experts at the World Health Organization (WHO), the U.S. Centers for Disease Control and Prevention (CDC), and other public-health agencies are gathering information to learn how and where the virus is spreading. To do so, they are using a variety of digital communications and surveillance systems. Like much of the medical infrastructure, these systems are highly vulnerable to hacking and interference…
Technologists vs. Policy Makers
View or Download in PDF Format
Sometime around 1993 or 1994, during the first Crypto Wars, I was part of a group of cryptography experts that went to Washington to advocate for strong encryption. Matt Blaze and Ron Rivest were with me; I don’t remember who else. We met with then Massachusetts Representative Ed Markey. (He didn’t become a senator until 2013.) Back then, he and Vermont Senator Patrick Leahy were the most knowledgeable on this issue and our biggest supporters against government backdoors. They still are…
We’re Banning Facial Recognition. We’re Missing the Point.
The whole point of modern surveillance is to treat people differently, and facial recognition technologies are only a small part of that.
Communities across the United States are starting to ban facial recognition technologies. In May of last year, San Francisco banned facial recognition; the neighboring city of Oakland soon followed, as did Somerville and Brookline in Massachusetts (a statewide ban may follow). In December, San Diego suspended a facial recognition program in advance of a new statewide law, which declared it illegal, coming into effect. Forty major music festivals pledged not to use the technology, and activists are calling for a nationwide ban. Many Democratic presidential candidates …
China Isn’t the Only Problem With 5G
The network has plenty of other security weaknesses, including ones the United States doesn’t want to fix since they help its own surveillance efforts.
Portuguese translation
Spanish translation
The security risks inherent in Chinese-made 5G networking equipment are easy to understand. Because the companies that make the equipment are subservient to the Chinese government, they could be forced to include backdoors in the hardware or software to give Beijing remote access. Eavesdropping is also a risk, although efforts to listen in would almost certainly be detectable. More insidious is the possibility that Beijing could use its access to degrade or disrupt communications services in the event of a larger geopolitical conflict. Since the internet, especially the “internet of things,” is expected to rely heavily on 5G infrastructure, potential Chinese infiltration is a serious national security threat…
Bots Are Destroying Political Discourse As We Know It
They’re mouthpieces for foreign actors, domestic political groups, even the candidates themselves. And soon you won’t be able to tell they’re bots.
Presidential-campaign season is officially, officially, upon us now, which means it’s time to confront the weird and insidious ways in which technology is warping politics. One of the biggest threats on the horizon: Artificial personas are coming, and they’re poised to take over political debate. The risk arises from two separate threads coming together: artificial-intelligence-driven text generation and social-media chatbots. These computer-generated “people” will drown out actual human discussions on the internet.
Text-generation software is already good enough to fool most people most of the time. It’s writing news stories, particularly in …
Sidebar photo of Bruce Schneier by Joe MacInnis.