Essays in the Category “Trust”

The Only Way to Restore Trust in the NSA

  • Bruce Schneier
  • The Atlantic
  • September 4, 2013

I've recently seen two articles speculating on the NSA's capability, and practice, of spying on members of Congress and other elected officials. The evidence is all circumstantial and smacks of conspiracy thinking—and I have no idea whether any of it is true or not—but it's a good illustration of what happens when trust in a public institution fails.

The NSA has repeatedly lied about the extent of its spying program. James R. Clapper, the director of national intelligence, has lied about it to Congress.

Read More →

Trust in Man/Machine Security Systems

  • Bruce Schneier
  • IEEE Security & Privacy
  • September/October 2013

I jacked a visitor's badge from the Eisenhower Executive Office Building in Washington, DC, last month. The badges are electronic; they're enabled when you check in at building security. You're supposed to wear it on a chain around your neck at all times and drop it through a slot when you leave.

I kept the badge.

Read More →

How Companies Can Protect Against Leakers

  • Bruce Schneier
  • Bloomberg.com
  • August 21, 2013

Ever since Edward Snowden walked out of a National Security Agency facility in May with electronic copies of thousands of classified documents, the finger-pointing has concentrated on government's security failures. Yet the debacle illustrates the challenge with trusting people in any organization.

The problem is easy to describe. Organizations require trusted people, but they don't necessarily know whether those people are trustworthy.

Read More →

NSA Secrets Kill Our Trust

  • Bruce Schneier
  • CNN
  • July 31, 2013

In July 2012, responding to allegations that the video-chat service Skype—owned by Microsoft—was changing its protocols to make it possible for the government to eavesdrop on users, Corporate Vice President Mark Gillett took to the company's blog to deny it.

Turns out that wasn't quite true.

Or at least he—or the company's lawyers—carefully crafted a statement that could be defended as true while completely deceiving the reader. You see, Skype wasn't changing its protocols to make it possible for the government to eavesdrop on users, because the government was already able to eavesdrop on users.

At a Senate hearing in March, Director of National Intelligence James Clapper assured the committee that his agency didn't collect data on hundreds of millions of Americans.

Read More →

Trust and Society

  • Bruce Schneier
  • The Montréal Review
  • February 2013

This morning, I flew from Boston to New York. Before that, I woke up in a hotel, trusting everyone on the staff who has a master key. I took a Boston taxi to the airport, trusting not just the taxi driver, but everyone else on the road. At Boston's Logan Airport, I had to trust everyone who worked for the airline, everyone who worked at the airport, and the thousands of other passengers. I also had to trust everyone who came in contact with the food I bought and ate before boarding my plane.

Read More →

Our New Regimes of Trust

  • Bruce Schneier
  • The SciTech Lawyer
  • Winter/Spring 2013

Society runs on trust. Over the millennia, we've developed a variety of mechanisms to induce trustworthy behavior in society. These range from a sense of guilt when we cheat, to societal disapproval when we lie, to laws that arrest fraudsters, to door locks and burglar alarms that keep thieves out of our homes. They're complicated and interrelated, but they tend to keep society humming along.

Read More →

When It Comes to Security, We're Back to Feudalism

  • Bruce Schneier
  • Wired
  • November 26, 2012

Some of us have pledged our allegiance to Google: We have Gmail accounts, we use Google Calendar and Google Docs, and we have Android phones. Others have pledged allegiance to Apple: We have Macintosh laptops, iPhones, and iPads; and we let iCloud automatically synchronize and back up everything. Still others of us let Microsoft do it all. Or we buy our music and e-books from Amazon, which keeps records of what we own and allows downloading to a Kindle, computer, or phone.

Read More →

High-Tech Cheats in a World of Trust

  • Bruce Schneier
  • New Scientist
  • February 27, 2012

I CAN put my cash card into an ATM anywhere in the world and take out a fistful of local currency, while the corresponding amount is debited from my bank account at home. I don't even think twice: regardless of the country, I trust that the system will work.

The whole world runs on trust. We trust that people on the street won't rob us, that the bank we deposited money in last month returns it this month, that the justice system punishes the guilty and exonerates the innocent.

Read More →

The Big Idea: Bruce Schneier

  • Bruce Schneier
  • Whatever
  • February 16, 2012

My big idea is a big question. Every cooperative system contains parasites. How do we ensure that society's parasites don't destroy society's systems?

It's all about trust, really.

Read More →

The Meaning of Trust

Security technologist and author Bruce Schneier looks at the age-old problem of insider threat

  • Bruce Schneier
  • The Guardian
  • April 16, 2010

Rajendrasinh Makwana was a UNIX contractor for Fannie Mae. On October 24, he was fired. Before he left, he slipped a logic bomb into the organisation's network. The bomb would have "detonated" on January 31. It was programmed to disable access to the server on which it was running, block any network monitoring software, systematically and irretrievably erase everything, and then replicate itself on all 4,000 Fannie Mae servers.

Read More →

Be Careful When You Come to Put Your Trust in the Clouds

Cloud computing may represent the future of computing but users still need to be careful about who is looking after their data

  • Bruce Schneier
  • The Guardian
  • June 4, 2009

This year's overhyped IT concept is cloud computing. Also called software as a service (Saas), cloud computing is when you run software over the internet and access it via a browser. The salesforce.com customer management software is an example of this. So is Google Docs. If you believe the hype, cloud computing is the future.

Read More →

Thwarting an Internal Hacker

  • Bruce Schneier
  • The Wall Street Journal
  • February 16, 2009

Rajendrasinh Makwana was a UNIX contractor for Fannie Mae. On October 24, he was fired. Before he left, he slipped a logic bomb into the organization's network. The bomb would have "detonated" on January 31. It was programmed to disable access to the server on which it was running, block any network monitoring software, systematically and irretrievably erase everything -- and then replicate itself on all 4,000 Fannie Mae servers.

Read More →

NBA Ref Scandal Warns of Single Points of Failure

  • Bruce Schneier
  • Wired
  • September 06, 2007

Sports referees are supposed to be fair and impartial. They're not supposed to favor one team over another. And they're most certainly not supposed to have a financial interest in the outcome of a game.

Tim Donaghy, referee for the National Basketball Association, has been accused of both betting on basketball games and fixing games for the mob.

Read More →

An Easy Path for Terrorists

  • Bruce Schneier
  • Boston Globe
  • August 24, 2004

If you fly out of Logan Airport and don't want to take off your shoes for the security screeners and get your bags opened up, pay attention. The US government is testing its "Trusted Traveler" program, and Logan is the fourth test airport. Currently, only American Airlines frequent fliers are eligible, but if all goes well the program will be opened up to more people and more airports.

Participants provide their name, address, phone number, and birth date, a set of fingerprints, and a retinal scan.

Read More →

The Fallacy of Trusted Client Software

  • Bruce Schneier
  • Information Security
  • August 2000

The Fallacy of Trusted Client Software Controlling what a user can do with a piece of data assumes a trust paradigm that doesn't exist in the real world. Software copy protection, intellectual property theft, digital watermarking-different companies claim to solve different parts of this growing problem. Some companies market e-mail security solutions in which the e-mail cannot be read after a certain date, effectively "deleting" it. Other companies sell rights-management software: audio and video files that can't be copied or redistributed, data that can be read but not printed and software that can't be copied.

Read More →

Security Pitfalls in Cryptography

  • Bruce Schneier
  • Information Management & Computer Security
  • 1998

French translation

Magazine articles like to describe cryptography products in terms of algorithms and key length. Algorithms make good sound bites: they can be explained in a few words and they're easy to compare with one another. "128-bit keys mean good security." "Triple-DES means good security." "40-bit keys mean weak security." "2048-bit RSA is better than 1024-bit RSA."

But reality isn't that simple. Longer keys don't always mean more security.

Read More →

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of Resilient Systems, Inc.