Schneier and Zittrain on Digital Security and the Power of Metaphors
Excerpt
Bruce Schneier is one of the world’s leading cryptographers and theorists of security. Jonathan Zittrain is a celebrated law professor, theorist of digital technology and wonderfully performative lecturer. The two share a stage at Harvard Law School’s Langdell Hall. JZ introduces Bruce as the inventor of the phrase ‘security theatre’, author of a leading textbook on cryptography and subject of a wonderful internet meme.
The last time the two met on stage, they were arguing different sides of an issue—threats of cyberwar are grossly exaggerated—in an Oxford-style debate. Schneier was baffled that, after the debate, his side lost. He found it hard to believe that more people thought that cyberwar was a real threat than an exaggeration, and realized that there is a definitional problem that makes discussing cyberwar challenging.
Schneier continues, ‘It used to be, in the real world, you judged the weaponry. If you saw a tank driving at you, you know it was a real war because only a government could buy a tank.’ In cyberwar, everyone uses the same tools and tactics—DDoS, exploits. It’s hard to tell if attackers are governments, criminals or individuals. You could call almost anyone to defend you—the police, the government, the lawyers. You never know who you’re fighting against, which makes it extremely hard to know what to defend. ‘And that’s why I lost’, Schneier explains—if you use a very narrow definition of cyberwar, as Schneier did, cyberwar threats are almost always exaggerated.