News: 2005 Archives
The seemingly constant industry buzz surrounding Schneier is well-deserved. With a trail of bestselling books in his wake and two encryption algorithms, Blowfish and Twofish, to his credit, Schneier is well-placed to discuss/argue various IT security-related issues in his free monthly newsletter Crypto-Gram. Most recently, he questioned reported comments made by Howard Schmidt that noted Schmidt's support for holding programmers personally accountable for insecure code. These published accounts, which sometimes seem to allude to personal liability, are inaccurate, Schmidt says. He notes that his comments were made "in the context of how [programmers'] ability to write secure code should be a part of performance reviews." Schneier says, however, "It is the software manufacturers that should be held liable" for insecure code.
IsacaRoma: Who are you? Your biography says you are an author, technologist and a "security guru." What is your cultural background? How did you arrive at cryptography and security as a profession?
Bruce Schneier: Security is a mindset, and the best security experts come by the profession naturally.
Mountain View (CA) - Throughout the past two decades, Bruce Schneier has provided one of the most well-reasoned, clear, and unbiased perspectives regarding the broad and complex topic of implementing security and trust in computer systems and networks. Schneier co-developed the widely used Twofish encryption algorithm, authored 1995's ground-breaking Applied Cryptography - which defined how crypto could be used reliably for authentication and communication - and founded network security provider Counterpane, where he currently serves as CTO. But his life's mission of late has been to cast a skeptical eye upon any and every measure that purports to solve the overall problem of security, even from a personal vantage point.
So when Schneier proclaims there's something he actually fears, alarm bells should sound.
You call "identity theft" a misnomer, saying that the fight against fraud might be more effective if we thought of it as impersonation rather than ID theft. Could you elaborate on why?
"Identity theft" doesn't make sense as a term. Your identity is the only thing about you that cannot be stolen. The real crime is fraud due to impersonation.
Bruce Schneier, founder and chief technical officer of Counterpane Internet Security Inc., has spent much of his career educating people about digital security.
His book, "Secrets and Lies: Digital Security in a Networked World," serves as a non-technical introduction to the full, messy complexity of digital security.
Most recently, Mr. Schneier wrote, "Beyond Fear: Thinking Sensibly About Security in an Uncertain World." This book about security technology—computer and otherwise, is geared toward the intelligent layman: anyone from a security engineer to a concerned citizen.
As CTO and founder of Counterpane Internet Security, Bruce Schneier invented outsourced security-monitoring services. Following methodology similar to that used by the Centers for Disease Control, Counterpane has created a worldwide early-warning system that responds quickly to attacks on corporate infrastructures. But that’s only one of Schneier’s full-time jobs. Inventor of the Blowfish encryption algorithm and author of eight books on cryptography and security, Schneier consults with organizations as diverse as the Department of Homeland Security and the American Civil Liberties Union.
Founder of Internet Security Firm Inspires Reaction: 'We Trust Bruce'
Bruce Schneier, founder and chief technical officer of Counterpane Internet Security, might be as close as the computer security industry gets to its own celebrity.
Although not as well known as Larry Ellison at Oracle or Bill Gates at Microsoft, Schneier is still the public face of his company, recognized by industry insiders as one of their gurus. Businesses hire Counterpane to guard their networks from hackers and viruses in the same way a nervous homeowner would pay a home-security provider like ADT to watch for fires or burglars.
But unlike most entrepreneurs, Schneier admits that he spends much of his time not focused on his creation.
Photo of Bruce Schneier by Per Ervland.
Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.