Latest Essays

Page 3

We’re Banning Facial Recognition. We’re Missing the Point.

The whole point of modern surveillance is to treat people differently, and facial recognition technologies are only a small part of that.

  • Bruce Schneier
  • The New York Times
  • January 20, 2020

Spanish translation

Communities across the United States are starting to ban facial recognition technologies. In May of last year, San Francisco banned facial recognition; the neighboring city of Oakland soon followed, as did Somerville and Brookline in Massachusetts (a statewide ban may follow). In December, San Diego suspended a facial recognition program in advance of a new statewide law, which declared it illegal, coming into effect. Forty major music festivals pledged not to use the technology, and activists are calling for a nationwide ban. Many Democratic presidential candidates …

China Isn’t the Only Problem With 5G

The network has plenty of other security weaknesses, including ones the United States doesn’t want to fix since they help its own surveillance efforts.

  • Bruce Schneier
  • Foreign Policy
  • January 10, 2020

Portuguese translation
Spanish translation

The security risks inherent in Chinese-made 5G networking equipment are easy to understand. Because the companies that make the equipment are subservient to the Chinese government, they could be forced to include backdoors in the hardware or software to give Beijing remote access. Eavesdropping is also a risk, although efforts to listen in would almost certainly be detectable. More insidious is the possibility that Beijing could use its access to degrade or disrupt communications services in the event of a larger geopolitical conflict. Since the internet, especially the “internet of things,” is expected to rely heavily on 5G infrastructure, potential Chinese infiltration is a serious national security threat…

Bots Are Destroying Political Discourse As We Know It

They’re mouthpieces for foreign actors, domestic political groups, even the candidates themselves. And soon you won’t be able to tell they’re bots.

  • Bruce Schneier
  • The Atlantic
  • January 7, 2020

Spanish translation

Presidential-campaign season is officially, officially, upon us now, which means it’s time to confront the weird and insidious ways in which technology is warping politics. One of the biggest threats on the horizon: Artificial personas are coming, and they’re poised to take over political debate. The risk arises from two separate threads coming together: artificial-intelligence-driven text generation and social-media chatbots. These computer-generated “people” will drown out actual human discussions on the internet.

Text-generation software is already good enough to fool most people most of the time. It’s writing news stories, particularly in …

We Must Bridge the Gap Between Technology and Policymaking. Our Future Depends on It

  • Bruce Schneier
  • World Economic Forum
  • November 12, 2019

This essay also appeared in The OECD Forum Network.

Technologists and policymakers largely inhabit two separate worlds. It’s an old problem, one that the British scientist CP Snow identified in a 1959 essay entitled The Two Cultures. He called them sciences and humanities, and pointed to the split as a major hindrance to solving the world’s problems. The essay was influential – but 60 years later, nothing has changed.

When Snow was writing, the two cultures theory was largely an interesting societal observation. Today, it’s a crisis. Technology is now deeply intertwined with policy. We’re building complex socio-technical systems at all levels of our society. Software constrains behaviour with an efficiency that no law can match. It’s all changing fast; technology is literally creating the world we all live in, and policymakers can’t keep up. Getting it wrong has become increasingly catastrophic. Surviving the future depends in bringing technologists and policymakers together…

Every Part of the Supply Chain Can Be Attacked

When it comes to 5G technology, we have to build a trustworthy system out of untrustworthy parts.

  • Bruce Schneier
  • The New York Times
  • September 25, 2019

The United States government’s continuing disagreement with the Chinese company Huawei underscores a much larger problem with computer technologies in general: We have no choice but to trust them completely, and it’s impossible to verify that they’re trustworthy. Solving this problem — which is increasingly a national security issue — will require us to both make major policy changes and invent new technologies.

The Huawei problem is simple to explain. The company is based in China and subject to the rules and dictates of the Chinese government. The government could require Huawei to install back doors into the 5G routers it sells abroad, allowing the government to eavesdrop on communications or — even worse — take control of the routers during wartime. Since the United States will rely on those routers for all of its communications, we become vulnerable by building our 5G backbone on Huawei equipment…

The Real Threat from China Isn't "Spy Trains"

  • Bruce Schneier
  • CNN
  • September 21, 2019

The trade war with China has reached a new industry: subway cars. Congress is considering legislation that would prevent the world’s largest train maker, the Chinese-owned CRRC Corporation, from competing on new contracts in the United States.

Part of the reasoning behind this legislation is economic, and stems from worries about Chinese industries undercutting the competition and dominating key global industries. But another part involves fears about national security. News articles talk about “spy trains,” and the possibility that the train cars might surreptitiously monitor their passengers’ faces, movements, conversations or phone calls…

What Digital Nerds and Bio Geeks Have to Worry About

  • Bruce Schneier and Larisa Rudenko
  • CNN
  • September 13, 2019

All of life is based on the coordinated action of genetic parts (genes and their controlling sequences) found in the genomes (the complete DNA sequence) of organisms.

Genes and genomes are based on code– just like the digital language of computers. But instead of zeros and ones, four DNA letters — A, C, T, G—encode all of life. (Life is messy, and there are actually all sorts of edge cases, but ignore that for now.) If you have the sequence that encodes an organism, in theory, you could recreate it. If you can write new working code, you can alter an existing organism or create a novel one…

The Myth of Consumer Security

  • Bruce Schneier
  • Lawfare
  • August 26, 2019

The Department of Justice wants access to encrypted consumer devices but promises not to infiltrate business products or affect critical infrastructure. Yet that’s not possible, because there is no longer any difference between those categories of devices. Consumer devices are critical infrastructure. They affect national security. And it would be foolish to weaken them, even at the request of law enforcement.

In his keynote address at the International Conference on Cybersecurity, Attorney General William Barr argued that companies should weaken encryption systems to gain access to consumer devices for criminal investigations. Barr repeated a common fallacy about a difference between military-grade encryption and consumer encryption: “After all, we are not talking about protecting the nation’s nuclear launch codes. Nor are we necessarily talking about the customized encryption used by large business enterprises to protect their operations. We are talking about consumer products and services such as messaging, smart phones, e-mail, and voice and data applications.”…

8 Ways to Stay Ahead of Influence Operations

With election meddling inevitable in 2020, the United States needs a powerful kill chain.

  • Bruce Schneier
  • Foreign Policy
  • August 12, 2019

Influence operations are elusive to define. The Rand Corp.’s definition is as good as any: “the collection of tactical information about an adversary as well as the dissemination of propaganda in pursuit of a competitive advantage over an opponent.” Basically, we know it when we see it, from bots controlled by the Russian Internet Research Agency to Saudi attempts to plant fake stories and manipulate political debate. These operations have been run by Iran against the United States, Russia against Ukraine, China against Taiwan, and probably lots more besides…

Attorney General William Barr on Encryption Policy

  • Bruce Schneier
  • Lawfare
  • July 23, 2019

This morning, Attorney General William Barr gave a major speech on encryption policy—what is commonly known as “going dark.” Speaking at Fordham University in New York, he admitted that adding backdoors decreases security but that it is worth it.

Some hold this view dogmatically, claiming that it is technologically impossible to provide lawful access without weakening security against unlawful access. But, in the world of cybersecurity, we do not deal in absolute guarantees but in relative risks. All systems fall short of optimality and have some residual risk of vulnerability—a point which the tech community acknowledges when they propose that law enforcement can satisfy its requirements by exploiting vulnerabilities in their products. The real question is whether the residual risk of vulnerability resulting from incorporating a lawful access mechanism is materially greater than those already in the unmodified product. The Department does not believe this can be demonstrated…

Sidebar photo of Bruce Schneier by Joe MacInnis.