Schneier on Digital Feudalism, Cyberterrorism and Zombie SOPA

By Adam Popescu
ReadWrite
December 24, 2012

Bruce Schneier is a bestselling author, TED speaker, and the founder and chief technology officer of BT Managed Security Solutions. ReadWrite got the chance to speak with the candid technologist about digital feudalism, widely considered one of the foremost voices in the world of security and privacy, government regulations and the reality of cyber warfare. 

Online Lord & Vassal

ReadWrite: I read your blog post the other day about Facebook having a "feudal lord" relationship with its users. Tell me what feudal security is.

Bruce Schneier: The notion that as computers and computing becomes more of a utility, we as users, we have to trust vendors. And we have no ability to know how they work -- for security. I couldn't even tell you what operating systems they use, let alone what type of firewalls. We have to blindly trust that they will maintain our security. 

RW: Is that lack of transparency between companies and users one of the bigger issues within security today?

BS: I think it's very important... This is how the world works. When you turn on the tap, you know nothing about why that water is safe -- you know nothing about the process that makes that water safe. You know nothing, and yet you trust it. This isn't rare, this is normal. But in the case of water, for example, there's a lot of government regulation that goes into making that water safe. There's a whole lot behind that that we just don't have with computers. You don't have the government regulations, you don't have the intervention that forces companies to take your security seriously. That's the fundamental problem.

RW: How about digital rights management? That's part of it too, right?

BS: It's all part of it. Basically, we are losing control as we give all of our data into the cloud. There's a whole lot of good reasons to lose control, because other people can do it better than we can. But there are also risks to that. The benefits of the cloud are enormous -- in terms of quality, in terms of reliability. Your pictures are much safer on Flickr, but you have to trust their security. 

Government Security

RW: With regulation on the way, are we as users, as consumer, are we moving closer to improved privacy, or are we moving away from it?

BS: Unfortunately the United States has such a dysfunctional government right now, I can't imagine any serious legislation. I just can't imagine us doing it. I'd love to see it, I think legislation is important. We're the United States, you can't have serious legislation -- you can't have a serious policy debate... I think they're going to start recognizing it, but I think it's going to take a generation.

RW: What about Obama's new online sharing strategy? The White House is saying they're committed to more transparency with the way the Internet works and having less government regulations. Do you believe that?

BS: I think less government regulations will make this worse. And I do believe it. You do need laws to set a playing field, to set boundaries -- and we're not getting that. Unfortunately, I do believe that less regulation, that would not be a good thing. I think lack of regulations has gotten us in this mess in the first place... There's no reason for companies to take security crimes to seriously. As long as they have them in operation as is, there's no market reason, even without them operating. As long as the market decides not to compete on it, it's not going to be something that consumers can choose. You have no choice, really, but to choose a feudal lord. You don't have the ability to opt out. This is the 21st Century, you can't opt out of the Internet. 

RW: So do you yourself use Facebook and some of these feudal lords as well?

BS: I personally don't use Facebook, but I certainly use others.

RW: What do you think about the recent ITU conference and the U.S. pulling out of talks? Ambassador Terry Kramer called it a victory for the U.S. in terms of raising awareness. 

BS: That's complicated... There we're seeing governments trying to seize control back. They're not the U.S. The U.S. is very anti-regulation. But countries like China, Russia, there's a lot of danger there. The U.S., of course, could take advantage of it for surveillance purposes...

RW: Do you think this year we're going to have a reinvention of SOPA?

BS: Oh sure. They'll never give up. You'll see it come again and again.

RW: Are you scared of it? Do you think it's going to kill the Web, or is it going to just keep being drawn out and rehashed?

BS: It won't kill the Web, but it will do a lot of damage. Here's where you have an industry that is willing to essentially slash-and-burn anything to protect, really, an outdated business model. It's potentially very, very bad.

Cyber Threats -- Real & Perceived

RW: We touched on companies not being realistic about security and the threat of attacks. Would you say cyber war is coming or is it already here?

BS: Cyber war is basically a media invention. It is neither coming, nor is it here. It is only here in the minds of reporters and government contractors.

RW: So you're saying it's a buzzword?

BS: We'll know when cyber war is here. When you start seeing body counts, then the cyber war is here. Cyber war is a subset of war. In order for the cyber war to exist, war must exist. Not hackers, not terrorists, not criminals -- war. The enemy armies with tanks in your neighborhood. 

RW: I'm thinking more major corporations, Fortune 500 companies and government agencies being hit. The average person has no clue about that, so what can we do to enhance awareness? Are people going to just bury their heads in the sand until something happens to them?

BS: That's the way policy works. That is the way we do things. Do nothing until something happens, then we overreact... I really dislike a lot of hype on cyber threats. There are a lot of serious threats, we spend a lot of time on the ones that sound sexy: Cyber war, cyber terror. 

RW: So what's the biggest threat out there online then?

BS: The biggest threats are crime... Regular crime. Like a guy robbing your house. Regular crime, not large scale, not spectacular -- normal stuff. Just like school shootings almost never happen. And thousands of kids die a year from child abuse. It's the regular stuff, not the spectacular stuff. More people die in car crashes every month than died in 9/11. It's the regular stuff, the stuff that doesn't make news, that's the stuff to worry about. 

earlier story: Complexity the Worst Enemy of Security
later story: Interview: Critical Infrastructure Security Perspectives From Bruce Schneier
back to News and Interviews

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc..