News: 2013 Archives
Renowned security expert Bruce Schneier talks with Eben Moglen about what we can learn from the Snowden documents, the NSA's efforts to weaken global cryptography, and how we can keep our own free software tools from being subverted.
Since Edward Snowden's disclosures about widespread NSA surveillance, Americans and people everywhere have been presented with a digital variation on an old analog threat: the erosion of freedoms and privacy in exchange, presumably, for safety and security.
Bruce Schneier knows the debate well. He's an expert in cryptography and he wrote the book on computer security; Applied Cryptography is one of the field's basic resources, "the book the NSA never wanted to be published," raved Wired in 1994. He knows the evidence well too: lately he's been helping the Guardian and the journalist Glenn Greenwald review the documents they have gathered from Snowden, in order to help explain some of the agency's top secret and highly complex spying programs.
Becoming a fellow isn't your first interaction with the Berkman Center—you spoke here in April about "IT, Security, and Power" with Jonathan Zittrain. In light of that talk and the research you intend to conduct exploring the intersection of security, technology, and people, can you tell us more about the direction your research is going in, any challenges you currently face, and what you will be focusing on as a Berkman fellow?
I've been thinking about several things, all centered around power in the information age. I summarized them here before my Spring Berkman visit, and perhaps it's better to send readers there than to rewrite what I wrote then. Since then, of course, I have been thinking and writing about the Snowden documents and ubiquitous Internet surveillance.
There needs to be wider debate on the value of privacy on the internet — and in society as a whole, a leading computer security and privacy specialist said at the Summit on the Global Agenda in Abu Dhabi. Cryptographer Bruce Schneier says classified documents leaked by former US National Security Agency contractor Edward Snowden could ultimately make all internet users more secure.
The documents leaked by the American whistleblower show how easy it is for parties to indiscriminately capture the personal data on a global scale, said Schneier, who is participating in the summit as a member of the Global Agenda Council on the Future of the Internet. The future of surveillance has been identified as an urgent emerging issue by Global Agenda Council Members in the World Economic Forum's 2014 Outlook report.
More than 150 years after Bull Run—the long, bloody battle that foretold of a long, bloody Civil War—a new Bull Run is the symbol of a very different, bloodless fight.
"Bull Run" is code for a National Security Agency program that asks U.S. Internet security providers to poke holes in their systems (also known as "back doors")—and to keep those requests—and weaknesses—a secret. "The conceit here is that only the NSA can exploit this vulnerability," and gain access to encrypted Internet traffic, explained computer security and privacy specialist Bruce Schneier at a recent NSA surveillance briefing convened by the Open Technology Institute on Capitol Hill.
And techies can only fix it if government stays out of the way.
WASHINGTON, DC—To say that there are a lot of people who are angry with the National Security Agency (NSA) right now would be an understatement. But the things that are getting the most political attention right now—such as the invasion of the privacy of American citizens and spying on the leaders of American allies—are just a fraction of the problem, according to cryptographer and Harvard University Berkman Center for Internet and Society Fellow Bruce Schneier.
At a presentation in a conference room inside the US Capitol on Friday, Schneier—who has been helping The Guardian review the trove of documents provided by Snowden—said that in its haste to "weaponize" the Internet, the NSA has broken its mechanisms of security. And those breaks—including the backdoors that the NSA convinced or coerced software developers to put into the implementations of their encryption and other security products, are so severe that it is now just a matter of time before others with less-noble causes than fighting terrorism will be able to exploit the holes the NSA has created.
"The NSA has turned the internet into a giant surveillance platform." Security guru Bruce Schneier (pictured) did not pull his punches when he addressed the 1,200 engineers gathered for the meeting of Internet Engineering Task Force (IETF) in Vancouver last week. But when it came to the question of what should be done about it, he and the other participants in a panel discussion had less to offer.
Mr Schneier, a fellow at Harvard's Berkman Centre on Internet and Society, is one of the few people who had seen most if not all the NSA documents downloaded by Edward Snowden. Only a few have been made public so far, with the most recent revelation being the stealth tapping of Google's internal networks.
The ongoing revelations of governmental electronic spying point to a problem larger than National Security Agency malfeasance, or even of security weaknesses. Rather the controversy arising from Edward Snowden's leaked documents suggest we face unresolved issues around data ownership, argued security expert Bruce Schneier.
"Fundamentally, this is a debate about data sharing, about surveillance as a business model, about the dichotomy of the societal benefits of big data versus the individual risks of personal data," Schneier told attendees of the Usenix LISA (Large Installation System Administration Conference), being held in Washington this week.
"We might not buy [it], but the basic NSA argument is 'You must give us your data because it is keeping you safe.'"
Schneier has been an outspoken critic of the NSA since Snowden, a former NSA contractor, first leaked documents showing the many ways in which the intelligence agency had tapped into the Internet and data centers to collect data en masse about people's activities.
Lessons from NSA revelations hit at heart of the "fundamental issue of the information age," says Bruce Schneier
As custodians of the Internet mull over the lessons that revelations about National Security Agency (NSA) surveillance offer about the insecurity of the Internet's infrastructure, architects must find ways to make wholesale spying more expensive. So said noted cryptographer and security evangelist Bruce Schneier in a talk today about Internet hardening at the Internet Engineering Task Force (IETF) plenary session.
"There are a lot of technical things we can do. The goal is to make eavesdropping expensive," Schneier said.
Over the years, at times, I've seen people criticize Bruce Schneier for perhaps getting more publicity than other security researchers, but it's rare to see people question his knowledge. The complaints often appear to stem more out of jealousy than anything else. But, I've never seen anything quite as ridiculous as this "CNN iReport" by Richard Marshall and Andre Brisson, which appears to be a blatant hatchet job attack on Schneier that is at times incomprehensible, at times factually incorrect and bizarre throughout. Marshall is a former NSA and DHS "cybersecurity" expert, but he's now the CEO of "Whitenoise Labs," (something not mentioned in the article).
Following the row over claims German chancellor Angela Merkel's phone was hacked by the US, Channel 4 News speaks to security expert Bruce Schneier and asks if the NSA has gone too far.
National Security Agency Director Gen. Keith Alexander this week defended the private sector's cooperation with the agency's electronic surveillance programs, telling Congress the companies involved are being punished in the media for meeting legal obligations under U.S. law and helping to save lives.
'We have compelled industry to help us…by court order,' said Alexander, during testimony Oct. 29 before the House Permanent Select Committee on Intelligence. 'And what they're doing is saving lives' in the U.S.
Rumours of the NSA hacking Angela Merkel’s encrypted phone have got the world wondering how it would even be possible.
Becky Anderson talks to security technologist Bruce Schneier about protecting phones from infiltration by third parties and how the German Chancellor's phone may have been vulnerable.
Maria Xynou interviewed Bruce Schneier on privacy and surveillance. View this interview and gain an insight on why we should all "have something to hide"!
The Centre for Internet and Society (CIS) interviewed Bruce Schneier on the following questions:
Do you think India needs privacy legislation? Why/ Why not?
The majority of India's population lives below the line of poverty and barely has any Internet access. Is surveillance an elitist issue or should it concern the entire population in the country?
During a podcast on Occupy Radio, the host and a renowned security expert Bruce Schneier get to discuss the NSA practices in terms of treating citizen privacy and other related issues.
- Bruce Schneier is an internationally recognized expert on cryptography and data security. He was dubbed a 'Security Guru' by the Economist magazine. His most recent book is 'Liars and Outliers: Enabling the Trust that Society Needs to Thrive'. Bruce's newsletter, Cryptogram, and his blog Schneier on Security are read by over a quarter of a million people.
Scott and Peter speak with special guest cryptographer and security expert Bruce Schneier about Touch ID, biometrics, and general mobile phone security and privacy issues. Bruce is an outstanding speaker on these topics – you don’t want to miss this.
Trust is an invisible yet essential force in our lives, the great stabilizer of human relations. How do we create it? How do we lose it? Bruce Schneier, author of Liars & Outliers: Enabling the Trust that Society Needs to Thrive, joins Steve Paikin to discuss the essential role of trust in society and the threat the "surveillance state" may pose to it.
The security researcher Bruce Schneier, who is now helping the Guardian newspaper review Snowden documents, suggests that more revelations are on the way.
Bruce Schneier, a cryptographer and author on security topics, last month took on a side gig: helping the Guardian newspaper pore through documents purloined from the U.S. National Security Agency by contractor Edward Snowden, lately of Moscow.
In recent months that newspaper and other media have issued a steady stream of revelations, including the vast scale at which the NSA accesses major cloud platforms, taps calls and text messages of wireless carriers, and tries to subvert encryption.
This year Schneier is also a fellow at Harvard's Berkman Center for Internet and Society.
Bruce Schneier discusses the latest NSA revelations including the NSA working with tech companies to insert weaknesses into their code.
You signed up for government surveillance when you signed up for your email address. Not knowingly perhaps, (although who actually reads the user agreement?) but NSA spying is only possible with the help of the same private companies you trust with your data in the first place. The individual/government/corporate relationship has never been so exposed and so (hopefully) up for debate. Security technologist Bruce Schneier should be one of the voices you listen to in that debate.
Dennis Fisher talks with cryptographer Bruce Schneier about the revelations of the NSA’s capabilities to subvert and weaken cryptographic algorithms, security products and standards, and what it will take to help defeat these capabilities.
On today's show, we have encryption specialist and author Bruce Schneier here to discuss the latest NSA revelations including the NSA working with tech companies to insert weaknesses into their code.
Privacy PC published the following transcript of the interview.
- All right, joining me now here on the Matthew Filipowicz show is Bruce Schneier. Bruce is a security technologist and encryption specialist. He's written for the Guardian, the Economist, Wired and more.
En entrevista para Grupo Imagen Multimedia con Rodrigo Pacheco, Bruce Schneier, criptógrafo y experto en seguridad, dijo desconocer cuál es la implicación de las empresas en el escándalo de espionaje en Estados Unidos.
Lo cierto, indicó, “es que la industria está coludida a todos los niveles y entonces podríamos ver que ésta pelea porque hay mucha indignación en torno al tema”.
Acerca de los perjuicios que esta situación pudiera generar en los negocios que hacen esas empresas con otros países, manifestó que además de ellos las personas pudieran verse perjudicados, pero además indicó que no hay manera de protegerse por lo que habrá que confiar en los sistemas de protección de información porque “no hay ningún tipo de confianza”.
Agregó que los chinos tienen buenos hackers, pero Estados Unidos y Gran Bretaña tienen un sitio privilegiado porque buena parte del tráfico pasa por esos lugares.
In an effort to undermine cryptographic systems worldwide, the National Security Agency has manipulated global encryption standards, utilized supercomputers to crack encrypted communications, and has persuaded—sometimes coerced—Internet service providers to give it access to protected data. Is there any way to confidentially communicate online? We speak with security technologist and encryption specialist Bruce Schneier, who is a fellow at Harvard's Berkman Center for Internet and Society. He has been working with The Guardian on its recent NSA stories and has read hundreds of top-secret NSA documents provided by Edward Snowden.
Five More Questions: Privacy Expert Bruce Schneier Sees Outdated Data Laws Benefiting Feds, Businesses
Editor's note: Five More Questions is an occasional series by Brian Lambert that follows up on people who recently made news.
Bruce Schneier has carved out an interesting niche for himself.
The southwest Minneapolis resident has become one, if not the best-known, of credible voices on the topics of privacy and security, personal and otherwise. His thinking on matters from Edward Snowden and the NSA to the nexus of government and corporate data-mining has made him a regular presence on The Atlantic, Forbes, Foreign Policy, Bloomberg and Guardian websites.
It also earned him a nod in the current issue of Wired magazine as one of the 101 essential "signals" (as opposed to "noise") to follow on the Internet.
In America today, we find ourselves increasingly living in a new kind of country: where constant surveillance and paramilitary policing are normalized. Bruce Schneier is among the most insightful and important voices speaking out against unchecked government surveillance and the alarming lack of transparency among our democratic institutions.
Ars asks a tech and legal all-star team how to fix America's security state.
For the last two months, we've all watched the news about the National Security Agency and its friends over at the Foreign Intelligence Surveillance Court (FISC), which approves secret orders on behalf of the NSA and other spy agencies. But more often than not, a lot of these articles take the same basic structure: documents provided by NSA leaker Edward Snowden show X, and then privacy advocates and civil libertarians decry X for Y reason.
That now raises the question, what would these privacy advocates do if they were put in charge of the NSA and the FISC? Or more specifically, what changes would they immediately enact at those two opaque institutions?
Technology expert Bruce Schneier has been blogging about security since 2004. If the subject was ever a niche, those days are long gone. His work touches on vital issues of safety and privacy at home, out in the world and, of course, on computers and other gadgets. Many of his posts simply point you towards items elsewhere — and he’s so important a figure in his field that the mere fact that Bruce Schneier found an article to be worthwhile is a significant endorsement.
Revelations of the NSA’s data surveillance efforts have raised serious questions about the ethics and necessity of violating privacy that have been bubbling under the surface for some time. Efforts to monitor communication are nothing new, but electronically mediated communication has increased the amount of information being shared, and the possibilities for eavesdropping are endless. But there's a trade off. People tolerate incursions into privacy for greater security or even convenience: health care, transportation, public safety, or any number of web utilities we use on a daily basis.
As Edward Snowden is linked to one country after the next, the media has its eye fixed on where he will next request asylum. (Today, it's Russia.) Meanwhile, back at US headquarters, as NSA officials speak in a House Judiciary Committee hearing, the agency is still doing what it's doing. To get more information on exactly what that means, the TED Blog wrote to two security experts, Bruce Schneier (watch his talk) and Mikko Hypponen (see his talk), to ask them about what it is we should be worried about. Turns out, pretty much everything.
The Berkman Center for Internet & Society at Harvard University today announced the fellows, faculty associates, and affiliates who will join the community in the 2013-2014 academic year, continuing a tradition of providing a home for some of the most incisive minds in law, technology, and social science, alongside path-breaking entrepreneurs and activists.
"Our incoming community is brimming with vision, talent, and a commitment to understand and drive change across the world, both online and off," Urs Gasser, Berkman's Executive Director, said. "With curiosity, rigor, and friendship, this network will explore and transform our collective knowledge, use, and governance of the Internet and digital technologies. We are privileged to bring these incredible people together at Berkman in the coming year."
The diverse class of fellows will work primarily in Cambridge, MA alongside Berkman Directors and staff, and will serve as key instigators within the vibrant research community.
More than 10 years ago, NSA officials went to Silicon Valley to learn how to build a better data operation. Chris Hayes talks to Bruce Schneier, security expert, and Colleen Taylor, reporter for TechCrunch and TechCrunch TV.
Bruce Schneier, author and security guru, talks with EconTalk host Russ Roberts about power and the internet. Schneier argues that the internet enhances the power of the powerless but it also enhances the power of the powerful. He argues that we should be worried about both corporate and government uses of the internet to enhance their power. Recorded before news of the PRISM system and the use of Verizon's customer information by the NSA (National Security Agency), Schneier presciently worries about government surveillance that we are not aware of and explains how governments--democratic and totalitarian--can use the internet to oppress their citizens.
This is a feature cast, an episode of The Command Line Podcast.
The feature this week is an interview with Bruce Schneier. The catalyst for this conversation is a post on his blog that frames out some of the themes he has been considering for his next book. Among other things, we refer to Rebecca Mackinnon’s book and Kevin Kelly’s most recent book in the course of the conversation.
If you're looking for more evidence that politicians don't get technology, look no further than the FBI's proposal to make Internet communications easier to wiretap. Specifically, the FBI wants to force companies to design their email, IM, VoIP, and other Internet-based communication products such that law-enforcement agents can eavesdrop on conversations—naturally, in the name of collecting evidence against evil-doers.
Although the plan reportedly has support from the Obama Administration, it doesn't have the backing of a guy who knows a thing or two about security: Bruce Schneier. By the renowned security pro's reckoning—clearly laid out at Foreign Policy—requiring companies to make their products "eavesdroppable" would render them vulnerable to anyone with a little tech savvy.
Audio: M-Unition Podcast Series: Bruce Schneier Discusses the Advanced Persistent Threat, Cyberwar and Feudalism
With news outlets flooded with talk of advanced targeted threats and Mandiant's recently released APT1 report, we wanted to know what industry experts thought of the security industry today.
We sat down and spoke with Bruce Schneier about his thoughts on where the security industry is going and to get insight into his new book he is working on. "Cyberwar is based on fear and rhetoric", according to Schneier, "and it is damaging for us to push war rhetoric because it makes us feel helpless." He goes on to say that if we feel a sense of helplessness we naturally can't do anything to protect our systems. It requires a shift in how we view the situation.
From online companies tracking users' digital footprints to the trend for more and more data to be stored on cloud servers, Internet privacy seems like a thing of the past -- if it ever existed at all. RFE/RL correspondent Deana Kjuka recently spoke about these issues with online security analyst Bruce Schneier, author of the book "Liars and Outliers: Enabling the Trust Society Needs to Survive."
RFE/RL: It is no secret that online companies like Google, Facebook, and Twitter are tracking users' digital footprints. How accurate are these online profiles? What are they used for, other than advertising?
Bruce Schneier: We don't know how accurate it is.
Bruce Schneier is one of the world's leading cryptographers and theorists of security. Jonathan Zittrain is a celebrated law professor, theorist of digital technology and wonderfully performative lecturer. The two share a stage at Harvard Law School's Langdell Hall. JZ introduces Bruce as the inventor of the phrase 'security theatre', author of a leading textbook on cryptography and subject of a wonderful internet meme.
The last time the two met on stage, they were arguing different sides of an issue -- threats of cyberwar are grossly exaggerated -- in an Oxford-style debate.
Bruce Schneier & Jonathan Zittrain in Conversation
From Bruce Schneier:
What I've Been Thinking About
I have been thinking about the Internet and power: how the Internet affects power, and how power affects the Internet. Increasingly, those in power are using information technology to increase their power. This has many facets, including the following:
1. Ubiquitous surveillance for both government and corporate purposes -- aided by cloud computing, social networking, and Internet-enabled everything -- resulting in a world without any real privacy.
Big data is a phrase that means a lot of things to a variety of people. For marketers, it means being able to target ads at certain segments of the population more accurately than ever before; for security pros, it means detecting and responding to incidents more quickly; and for every user connected to the Internet, big data means personal privacy on the Internet is gone.
In this video interview, recorded at the 2013 RSA Conference, security industry luminary and author Bruce Schneier uses three high-profile examples to explain why there is currently no privacy on the Internet. Among those examples is the Mandiant APT1 report, which he uses to show how easily even the most disciplined of Internet users can slip up and expose their identities to the world.
"We live in a world where we're ceding a lot of our power to other companies," said Bruce Schneier (@schneierblog), security blogger and author of "Liars and Outliers" in our conversation at the 2013 RSA Conference in San Francisco.
Schneier was referring to companies such as Google and Facebook that control our data as well as companies that control our devices, such as Apple.
"These companies are in charge of our security and we have no choice but to trust them and in many cases their interests don't align with ours," said Schneier. "It's not that these companies are evil.
We live today in a "feudal security world", says internationally renowned security technologist Bruce Schneier."
We pledge our allegiance to the service providers -- the likes of Google, Facebook - and expect them to provide us with security in return -- akin to serfs and peasants paying tribute to their lords in the form of personal data, says Schneier, the author of Liars and Outliers: Enabling the Trust Society Needs to Survive, and chief security technology officer at BT.
"What I am seeing is a shift in power on the internet, that we generally have less control over our IT infrastructure, our products, our user devices, our services. "We basically have to trust our vendors," he says. "We just don't have the ability to control security or configuration the way we did when we owned and controlled the platforms.
During the podcast, Schneier looks back at his "monitor first" advice from 2001 and discusses its impact today, "We are learning from the recent attacks in the news," said Schneier. "The lesson hasn't changed." On the cusp of an early cyber arms race, Schneier digs into the Mandiant report and shares his concerns on the future of cybersecurity.
Type 'security expert' into Google and the third result is Schneier on Security, a blog written by Bruce Schneier, the author of several books and chief security technology officer at BT.
The blog is also the top Google result for 'security blogger' and No. 7 for 'computer security expert,' despite the fact that Schneier doesn't describe himself as an expert. (Qualifier: Google customizes results to the user, so your mileage may vary.)
It gets more interesting when you look at references to Bruce Schneier in media outlets: 175 mentions in The New York Times, 146 in The Wall Street Journal and almost 400 each in Computerworld and InformationWeek. All this in a market that is one of the most information-saturated in the technology sphere.
Schneier estimates that his blog and newsletter reach a combined audience of 250,000 people each month.
Like the rest of the world, the day-to-day function of the Internet relies on trust, according to author and security luminary Bruce Schneier. However, that trust is being frequently and seriously violated by many of companies that dominate the Internet.
In this video interview, Schneier, chief technology security officer with BT Counterpane, discusses the ways in which trust -- and, in turn, data privacy -- is threatened on the Internet, and explains how Google, Apple and others have adopted a feudal model of security, in which their customers have little, if any, recourse to ever reclaim data that rightfully belongs to them.
In the days of feudalism, serfs and minor lords pledged allegiance to the king and received protection in return. As long as the king held up his end of the bargain, the system worked. If he didn't, the system would crumble, as it eventually did in Europe around the 15th century.
Bruce Schneier, CTO of BT Managed Security Solutions, sees the feudalism dynamic happening today on the Web, where users of social networking and other online services must blindly trust that the companies providing those services are paying enough attention to security.
Burger King and Jeep both saw their Twitter accounts get hacked this week.
How and why does this happen?
Bruce Schneier is a revered computer security expert, prominent for his thoughts on the intersection of technology, security, and trust.
He was kind enough to fill us in on the details surrounding how hacks like these are possible.
The digital technologies that so delight us also have a dark side. On this Episode of Inventing the Future with Robert Tercek, the topic of discussion is the future of surveillance technologies. Whether it be the government, big business, organized crime, or even your next door neighbor, chances are you're being tracked and analyzed.
Joining Robert Tercek in asking whether or not privacy is dead are BT Managed Security Solutions' Chief Security Technology Officer, Bruce Schneier and Research Fellow at The Cato Institute, Julian Sanchez.
A couple weeks ago we asked Bruce Schneier if he would be kind enough to respond to a few questions about security related to critical infrastructures such as the power grid. We are delighted and honored that Mr. Schneier would take the time from his busy schedule to answer our request! Below is a perspective that we are certain you will find interesting and useful in your quests to build and support practical security solutions at your organization.
Q1: There seems to be a great deal of fear and hyperbole about potentially catastrophic cyberattacks against critical infrastructure such as the power grid. How do we clear away the hype and determine what threats realistically exist and what should the industry consider doing about them?
Bruce: With expertise.
Coverage of this interview also appeared in International Business Times.
As well as being a renowned cryptographer, influential security expert and outspoken conference favourite, Bruce Schneier has had his share of coverage in recent months as the Prism story unfolded. He chose to leave his position as BT's security futurologist at the end of last month and has now turned his hand to incident response.
Schneier recently left BT, who acquired his company Counterpane in 2006, to join Co3 Systems as chief technology officer this month. I began by asking him what attracted him to a relatively unknown company.
9. Bruce Schneier, BT Managed Security Solutions
"Bruce Schneier instantly knows the amount of Jelly Beans in a jar" — this is one of many "facts" about the security technologist and author from the website schneierfacts.com, an Internet meme dedicated to him.
And there's a reason his fans attach his face to the body of Chuck Norris: He is killing it in the world of online security.
He founded the company that became BT Managed Security Solutions of which he remains chief security technology officer.
Photo of Bruce Schneier by Per Ervland.
Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.