Audio: Bruce Schneier on How Insecure Electronic Voting Could Break the United States—and Surveillance Without Tyranny
Nobody is in favor of the power going down. Nobody is in favor of all cell phones not working. But an election? There are sides.
Forget the fact that this esteemed security expert is also a cryptographer and author of seminal cybersecurity books including Data and Goliath and Liars and Outliers…does Click Here to Kill Everybody live up to its own hype or is is just all theatrics?
Although I’ve never met Bruce Schneier, I can gather from his personality and the way my colleagues speak of him that he is the security expert’s expert. Up until June of this year, Bruce was the CTO for Resilient Systems, a private company that offered incident response solutions. Basically, IBM saw that they were doing good work cleaning up corporate security messes all over the infosec world and entered into an agreement with them not too long before acquiring them back in 2016. Schneier, their CTO had already made a name for himself as a fellow at the Berkman Center for Internet and Society at Harvard Law School and also as a burgeoning writer of many technical publications on cryptography and books on cybersecurity.
But those credentials don’t necessarily translate into great reading of 300+ pages of a cybersecurity tome so how does Click Here To Kill Everybody: Security and Survival in a Hyper-connect World fare?
When trying to bring government services into the digital age, we are always trying to build the right thing and build the thing right. But when time is of the essence and budgets are constrained, security can sometimes fall to the second tier of priorities as a nice-to-have, but not essential, element. How do we make security a priority while delivering on services that people urgently need? At Code for America Summit we turned to Bruce Schneier: public interest technologist, Special Advisor to IBM Security, fellow and lecturer at Harvard's Kennedy School, and one of our foremost experts on cybersecurity in government.
LAS VEGAS. Technologists are the missing voice in cyber policy debates on issues ranging from encryption to supply-chain security, says Bruce Schneier of Harvard Law’s Berkman Klein Center for Internet and Society, who made several presentations here calling for development of a robust “public- interest technologist” community to help shape laws and rules for this technology century.
As an example, he pointed to a “25-year debate on ‘going dark,’” or whether government should be able to access encrypted communications, and said, “It’s a scare term. We’ll never get the policy right if the policy makers get the technology wrong.”
“Here’s the issue,” Schneier said, “none of the policy makers have the technology chops to discuss it.” The separate worlds of technology and policy “was okay in 1959,” but now “technology makes de facto policy – and the policy is always catching up.”
“What I’m calling for is public-interest technologists” who can help policy makers reach informed decisions at the beginning and throughout the policy-making process, he said.
We drill all the way down to the CPU level in this follow-on discussion of autonomous vehicle security. This encore episode with cyber-guru, Bruce Schneier, is in response to the requests we received on Reddit, LinkedIn, and email for a deeper dive after our recent conversation with him.
We start with a simple question, “Who is the threat actor we need to protect our vehicles from?” Bruce’s answer has lessons in it for everyone from a user to a government regulator. We also talk about principles teams can incorporate into their design process.
In this interview, we speak with cybersecurity expert Bruce Schneier. Bruce is internationally renowned with multiple books, including Click Here to Kill Everybody.
Bruce shares his perspective on the broad security issues that need to be addressed in our autonomous future.
A crucial question to answer is, "Who will dictate policy?" Many of these technologies transcend federal governments, leaving some policymakers scratching their heads.
"¿Alarmista? ¡Qué va! Es un gran título, estoy orgulloso de él. Recuerda: los títulos están para vender libros".
Bruce Schneier announced in a blog post that his three-year stint at IBM is officially over:
"Today is my last day at IBM.
If you've been following along, IBM bought my startup Resilient Systems in Spring 2016. Since then, I have been with IBM, holding the nicely ambiguous title of 'Special Advisor.' As of the end of the month, I will be back on my own.
I will continue to write and speak, and do the occasional consulting job.
Bruce Schneier announced in a brief blog post, "I'm leaving IBM." His three-year stint with what he calls "the nicely ambiguous title of 'Special Advisor'" ended at the end of June 2019. He gives no specific future plans beyond saying that he will continue to write, speak, teach and occasionally consult.
Schneier has been a cybersecurity luminary since his book Applied Cryptography was published in 1994. Since then he has developed several ciphers, including Blowfish, Twofish, Threefish, and MacGuffin.
Infosec veteran Bruce Schneier has said he'll step down as a "special advisor" to IBM's security business to, in part, focus his time on teaching the next generation of security pros.
Schneier said he also wanted to focus on work with nonprofit projects including Tor and the Electronic Frontier Foundation (EFF), where he is a board member.
The cryptographer, formerly BT's chief security technology officer, has been writing about security since 1998 and has produced more than a dozen books, as well as hundreds of articles, essays and academic papers.
Sidebar photo of Bruce Schneier by Joe MacInnis.