News: 2016 Archives

Audio: Reflecting on 2016: The Year in Cybersecurity

  • Radio Boston
  • December 27, 2016

On Tuesday, President-elect Donald Trump named cyber expert Tom Bossert as his homeland security adviser.

Bossert is currently a fellow at the Atlantic Council and was a former national security aide to President George W. Bush.

He says cybersecurity will be one a top priority in his new job.

And if the events of 2016 say anything, Bossert will likely have a lot on his plate.

Joining the show to remember some of the top cybersecurity issues in the news this year, including the Democratic National Committee Hack, the “Internet Of Things” malware attack and more, is Harvard Berkman fellow and security expert Bruce Schneier…

Video: Cybersecurity Expert Bruce Schneier: American Elections Will Be Hacked

  • Democracy Now
  • November 30, 2016

“American Elections Will Be Hacked.” That’s the title of a recent article in The New York Times by our next guest, the leading cybersecurity and privacy researcher Bruce Schneier. Schneier warns, “Our newly computerized voting systems are vulnerable to attack by both individual hackers and government-sponsored cyberwarriors. It is only a matter of time before such an attack happens.”

Watch the Video on

What Bruce Schneier Teaches Us about IoT and Cybersecurity

  • Ben Dickson
  • Tech Talks
  • November 29, 2016

As if I haven’t said it a million times, IoT security is critical.

But just when I thought I had it all figured out, somebody comes along and sheds new light on this very important topic in a different way.

At a November 16 hearing held by the Congress Committee on Energy and Commerce in light of the devastating October 21 Dyn DDoS attack, famous cryptologist and computer security expert Bruce Schneier offered a new perspective on IoT security, which makes it easier for everyone to understand the criticality of the issue.

After watching it at least three times, I decided to share the main concepts with the readers of TechTalks. Here are the key takeaways, which I’ve taken the pain to elaborate on…

Security Experts Call For Regulation On IoT Cybersecurity

During a House Committee hearing today, Bruce Schneier also asks for the establishment of a new government agency devoted to cybersecurity.

  • Sara Peters
  • Dark Reading
  • November 17, 2016

Security experts asked lawmakers for more action, today, during a Congressional hearing on IoT security. On their wishlist: consequences to manufacturers for delivering insecure products, a federally funded independent lab for pre-market cybersecurity testing, and an entirely new federal agency devoted to cybersecurity.

The hearing, “Understanding the Role of Connected Devices in Recent Attacks,” was held by the US House Committee on Energy and Commerce, with expert witnesses Dale Drew, senior vice president and chief security officer of Level 3 Communications; Dr. Kevin Fu, CEO of Virta Labs and associated professor of electrical engineering and computer science at the University of Michigan; and Bruce Schneier, fellow of the Berkman Klein Center at Harvard University…

Not a Matter of ‘If’ on IoT Cybersecurity Rules, Experts Say

  • Brendan Bordelon
  • Morning Consult
  • November 16, 2016

Computer security experts on Wednesday pressed for comprehensive federal regulations mandating strong security protocols for the Internet of Things, saying it’s not a matter of if but when rules are issued for connected devices.

“The Internet of Things affects the world in a directly physical manner—cars, appliances, thermostat, airplanes,” said Bruce Schneier, a computer security expert at Harvard University, during testimony at a hearing held by two House Energy and Commerce subcommittees. “There’s real risk to life and property. There’s real, catastrophic risks.”…

Audio: Can the American Election Be Hacked?

  • The Economist
  • October 26, 2016

In the second episode of Economist Radio specials running up to the presidential election, security expert Bruce Schneier examines vulnerabilities in electoral voting systems.

Listen to the Audio on

Hacking: What Journalists Need to Know. A Conversation with Bruce Schneier

  • David Trilling
  • Journalist's Resource
  • October 24, 2016

The hacking of Democratic Party organizations has made internet security germane to the 2016 presidential election campaign. America’s intelligence community has accused high-level Russian officials of backing these cyberattacks in an attempt to influence the election result. Such allegations have helped thrust relations between Washington and Moscow to their lowest point in decades.

Meanwhile, the integrity of America’s internet infrastructure was tested on Oct. 21, 2016 with a distributed denial of service (DDoS) attack.

Journalist’s Resource spoke with security expert Bruce Schneier about the attacks and what journalists need to know. The interview, conducted by email while Schneier was traveling, has been edited for length…

Video: Can You Hack an Election? Can You Stop Terrorism by Spying?

  • David Pakman Show
  • October 15, 2016

Bruce Schneier joined David Pakman to discuss computer security in relation to politics and election mechanics.

Watch the video on

Bruce Schneier—Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World

  • Aurelio Cianciotta
  • Neural
  • September 21, 2016

One of the most striking paradoxes of our time resides in our smartphones. Our everyday use of these iconic and progressively factotum apparatuses records at various levels every activity we do in space and time, with the unbelievable outcome that, on a mass scale, we’re happy about that and willfully give up our intimate privacy to be allowed to continue using them. It’s nothing new, but we’re still turning our head to what is behind. There are battles going on to conquer the most strategic parts of the big data we produce, in the huge business called “DaaS” (data as a service). Data and Goliath is a book about these battles, written by an acknowledged security expert, who has not given up on opposing the total surveillance paradigm. He thoughtfully couples a lucid analysis deducted from plenty of facts and sources with suggestions. Schneier’s privacy advocacy clarifies the overwhelming confusion in the current post-Snowden revelation period, sorting out the wrong approach to national securities and the inflated scale of control. His passionate approach doesn’t prevent him from imagining alternative scenarios, where new types of business models replace the current privacy in exchange for free services model. On the other side, an important part of the book is dedicated to advice, from breaking up the NSA into more specialized agencies, to teaching users why they need to stop sharing so much personal and intimate details and how. Being encouraged by a major expert in the field is the best argument for privacy one can ask for…

« Quelqu’un Apprend à Détruire Internet », Selon Bruce Schneier

  • David
  • SciencePost
  • September 15, 2016

Pour l’écrivain et expert en cybersécurité et en cryptographie Bruce Schneier, « quelqu’un est en train d’apprendre à détruire Internet », comme il le titre dans son dernier article de blog. L’actuel directeur de la technologie de Resilient, une société d’IBM, affirme que des attaques particulières visent des acteurs majeurs du web depuis déjà deux ans.

Bruce Schneier est une sommité en ce qui concerne la sécurité informatique. L’auteur du mythique livre « Applied Cryptograhy » tient depuis 2004 un blog très fréquenté dans lequel, ce mardi 13 septembre, il a publié …

Espionage Insiders: Welcome to the Post-Forgetting World

  • Gary Legum
  • Salon
  • September 13, 2016

"I can’t think of any other issue that moved people so quickly." By security expert Bruce Schneier’s estimation, more than 700 million people worldwide changed their behavior on the Internet as a direct result of what Edward Snowden’s NSA leak revealed about government surveillance. Even more amazing: they all did it within one year.

What motivated so many private citizens to take action? "They did that because of secrets. The biggest enemy to society, the thing that is most corrosive, is secrecy," says Schneier. "Edward Snowden started the dialogue."…

Book Review: Data and Goliath

This is one of Bruce Schneier’s latest books, but my first read from him. The title caught my attention, and I’m glad it did.

  • Gonçalo Tomás
  • August 12, 2016
This is one of Bruce Schneier’s latest books, but my first read from him. The title caught my attention, and I’m glad it did. Just in case you don’t know, Bruce Schneier is a big celebrity in the information security area. Cryptography, operating systems, encryption, computer and network security; you name it and this guy has a book on it. Not only that—they all have great reviews.Don’t ask me how I did it, but I got Diogo Monica (the security lead at Docker) to answer a direct message on Twitter about books he thought were important for those wanting to get into the infosec world. He told me to read, among other titles, Cryptography Engineering, co-written by Schneier. I went and bought it along with this one, and it seemed like an interesting enough title to pick up and read straight through.Now I know what you’re thinking. You’re thinking that this book might be too technical for you. You’d have to look up all the jargon like encapsulating buffers with quantum encryption and whatnot. Rest assured that the writing is very accessible. After all, no technical book would ever be a New York Times bestseller. Yep, that happened…

Audio: After The DNC Hack, What's Stopping Russian Hackers From Accessing Voting Machines?

  • Tori Bedford
  • Boston Public Radio
  • August 4, 2016

Just before the start of the Democratic National Convention, top-secret emails from the Democratic National Committee were published on whistleblower website Wikileaks, in a major operation the FBI attributed to Russian hackers.

Some U.S. officials have raised subsequent questions: Were the hackers deliberately attempting to influence the election in favor of Donald Trump? Did Trump have any influence? And most importantly—if Russian hackers can breach the DNC internal network, what’s to stop them from hacking voting machines?

In a recent Washington Post …

Ask Me Anything

  • Reddit
  • August 2, 2016

Bruce Schneier did an AMA (“Ask Me Anything”) on Reddit. Topics covered included Tor, voting systems, open source hardware, the Solitaire cipher, risk insurance, industrial control systems, and the game Dungeons and Dragons.

Read the Thread on

Video: RSA Conference Asia Pacific & Japan 2016 Interview

  • RSA Conference
  • August 1, 2016

Linda Gray, General Manager of the RSA Conference, speaks with Bruce Schneier on the topic of his keynote, “Security in the World-Sized Web,” at RSA Conference 2016 Singapore.

Watch the Video on

Schneier: Next President May Face IoT Cyberattack That Causes People to Die

  • Darlene Storm
  • Computerworld
  • July 25, 2016

Some people may think the upcoming US presidential election is a Kobayashi Maru, a lose-lose scenario no matter who wins, but which candidate would best deal with a cyberattack that caused people to die?

In an article about how hacking the Internet of Things will result in real world disasters, security guru Bruce Schneier—who is not known for spreading FUD (fear, uncertainty, doubt)—was not talking about hacks against banks or the smart grid that would cause general chaos; oh no, he was describing hacks against devices connected to the internet which would actually result in people dying…

Audio: Securing the World-Sized Web

Bruce Schneier on How IoT Changes Everything in Security

  • Geetha Nandikotkur
  • InfoRisk Today
  • July 22, 2016

Bruce Schneier, CTO at the security firm Resilient Systems, is busy examining how IoT – the name given to the computerization of everything in our lives – is changing the security world.

From sensors that collect data about our environment to databases in the cloud to analytics that help us make use of data, the Internet of Things is capable of changing our physical world.

“We’re building an internet that senses, thinks and acts, but doesn’t have a body, and that is the textbook definition of a robot,” Schneier says. “What I want to propose is that we’re building a world-sized robot, and we don’t even realize it. While this change has its merits in bringing about enormous changes in social, economic and political environments, this is only going to increase security vulnerabilities,” he says…

Audio: Adam Ruins Everything: Security and Big Data with Bruce Schneier

  • Adam Ruins Everything
  • July 5, 2016

Adam is joined by Bruce Schneier to talk about current problems facing the TSA, gun control, and how data and security intersect.

One of the topics that resonated deeply with last season’s Adam Ruins Everything viewers was Bruce Schneier’s take on security and “security theater”. So we had to bring Bruce on the podcast. Bruce is a brilliant cryptographer and security expert, who’s written countless articles and academic papers and published 13 books, including Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World. …

Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World (Review)

  • Institute for Cybersecurity & Digital Trust
  • Undated

Executive Summary

Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World is Bruce Schneier’s manifesto on what should be done about the amount, and controls around data being collected on us.  If, like me, you have been focused on Information Security this book is a great exposure to the privacy issues our profession is facing. The book is more focused on policy than practical application, but worth the read for the background and ideas presented.

Data and Goliath is a call to action around two topics: first, the cultural acceptance of not owning our personal data or understanding how it is being used; and second, the difference between nation-state espionage and mass surveillance. Trying to reduce the themes of the book to just a couple of points is a gross oversimplification. This book belongs in the Canon due to the foundational and timeless issues it addresses for our industry. Finally, don’t let the 400-page length intimidate you, as the text of the book is only 238 pages with the rest being reference notes…

Video: Going Dark or Getting Personal? The Battle Between Data, Privacy & Intrusion

  • The Legal Edition
  • June 25, 2016

Bruce Schneier and attorney David O’Brien discuss the new report issued by the Berkman Center for Internet & Society at Harvard University on the issue of “Going Dark,” and the role of law enforcement and privacy rights under scrutiny, revelations of government spying, and analysis of the Apple iPhone Encryption litigation and its progeny unfolding in the Federal Courts.

Watch the Video on

Bruce Schneier at Infosecurity Europe 2016

  • Angus Macrae
  • Tripwire
  • June 20, 2016

This year’s Infosecurity Europe conference had so many great places to be and things to do that it was often hard to choose how best to spend one’s limited time and harder still for many to identify a single highlight. For myself personally, however, it had to be the opportunity to hear one of my favourite writers for many years speaking on the keynote stage.

Whilst terms like “security guru” or even “thought leader” are often bandied around and diluted to the point of being meaningless, few of us mere security mortals can reasonably dispute the influence, credibility and respect that Bruce Scheiner holds as a writer, technologist, cryptographer and entrepreneur. You know that when he speaks at an event like this, it is not an opportunity you’re going to get every day…

IoT Security: Lack of Expertise Will Hurt, Says Bruce Schneier

  • Warwick Ashford
  • Computer Weekly
  • June 10, 2016

The lack of relevant technical expertise by governments is going to hurt when it comes to securing the internet of things (IoT), according to security technologist Bruce Schneier.

Governments have a crucial role to play in tackling what he sees as the next big security challenge, he told Infosecurity Europe 2016 in London.

One of the biggest challenges, according to Schneier, is that there is no good regulatory structure for IoT which connects finance, health, energy and transport information.

“We don’t know how to do this, so we are going to need government solutions that are holistic that will deal with IoT devices no matter what they are doing,” he said…

Government Regulation Will Clip Coders' Wings, Says Bruce Schneier

Systems "too critical to allow programmers to do as they want"

  • John Leyden
  • The Register
  • June 10, 2016

Government regulation of the Internet of Things will become inevitable as connected kit in arenas as varied as healthcare and power distribution becomes more commonplace, according to security guru Bruce Schneier.

“Governments are going to get involved regardless because the risks are too great. When people start dying and property starts getting destroyed, governments are going to have to do something,” Schneier said during a keynote speech at the Infosecurity Europe trade show in London.

The choice is between smart (well-informed) or stupid government regulations with the possibility of non-interference getting taken off the table…

#Infosec16: Securing the IoT is the Next Big Challenge, Says Bruce Schneier

  • Michael Hill
  • Infosecurity
  • June 9, 2016

“The Internet of Things (IoT) is our next big security challenge and I think it’s the way we are going to be colliding with the real world in interesting ways.”

Speaking at Infosecurity Europe 2016 Bruce Schneier said that securing the IoT is a lot about what we already know, and some of what we don’t know.

“It’s one big inter-connected system of systems with threats, attackers, effects; the IoT is everything we’ve seen now, just turned up to 11 and in a way we can’t turn it off.”

As the IoT becomes more connected it also becomes more physical, invading our lives on an unprecedented scale with more real-world consequences when a breach occurs, and it’s something that we can’t afford to fail to secure, Schneier explained…

InfoSec 2016: Two Worlds Are Colliding, and I Don’t Have the Answer, Says Bruce Schneier

Schneier also sees more government meddling in IoT security as ‘inevitable’

  • Ben Sullivan
  • TechWeek Europe
  • June 9, 2016

Two drastically different paradigms are colliding together when it comes to the Internet of Things, and it doesn’t bode well for our security, claims security specialist Bruce Schneier.

Schneier explained how IoT-connected devices such as medical devices, which are almost impossible to keep up to date with the latest security defenses, will go at odds against attackers who are continually improving their attack methods, with “catastrophic” consequences.

“As we move to the Internet of Things, where things are less patchable and less high-end, we’re going to have problems,” said Schneier, addressing a keynote audience at …

Bruce Schneier: Governments Have a 'Stark' Lack of Expertise in IoT Security

But government involvement in IoT policies is inevitable, says security expert

  • Roland Moore-Colyer
  • V3
  • June 9, 2016

Governments lack the expertise to define security policy when it comes to the rapidly growing Internet of Things (IoT), according to Bruce Schneier, security technologist and a member of the Infosecurity Europe Hall of Fame.

Schneier explained that that governments approach topics such as the IoT and cyber security without the technical knowledge to understand the challenges.

“It’s surprising how stark the lack of expertise in tech is in these debates,” he said at Infosecurity Europe in London.

“Expertise in large correlation data bases, algorithmic decision making, IoT, cloud storage and computing, robotics, autonomous agents; these are all things that the government is going to run headlong into and needs to make decisions about…

Video: Internet of Things Security: Ask Bruce, Episode Nine

  • ResilienTV
  • May 9, 2016

The Internet of Things (IoT) is ushering in a new age of hyperconnectivity – and new cyber security challenges.

In this video, Resilient CTO Bruce Schneier explains how the Internet of Things raises the stakes in cyber security, and explores how organizations will need to battle these new challenges.

Watch the Video on

Video: Bruce Schneier: Building Cryptographic Systems

Security expert Bruce Schneier discusses security from the perspectives of both the National Security Agency and the National Institution of Standards and Technology.

  • Charles Severance
  • Computer
  • April 2016

Since the 1930s at Bletchley Park, there has been a continuous arms race to both improve and break cryptography. The files leaked by National Security Agency (NSA) contractor Edward Snowden made it clear that governments regularly gather data on average citizens, which makes us wonder if privacy is even possible. Do our carefully designed cryptographic systems protect our information as we expect them to, or are they just thin veils that can easily be pierced by the government? I posed these questions to leading security expert Bruce Schneier…

Video: Bruce Schneier on the FBI/Apple Outcome

  • TWiT Netcast Network
  • April 5, 2016

Steve Gibson and Leo Laporte talk about Bruce Schneier’s take on the FBI vs. Apple legal battle and what it means when the FBI does not disclose the method used to break into an iPhone.

Watch the Video on

Video: Bruce Schneier on the Integration of Privacy and Security

  • Chris Brook
  • Threatpost
  • March 23, 2016

Threatpost Editor in Chief Mike Mimoso talks to crypto pioneer and security expert Bruce Schneier of Resilient Systems about the early days of the RSA Conference, the integration of privacy and security, and the current FBI-Apple debate over encryption and surveillance.

Watch the Video on

Rise of the Machines: The Threat Posed by Growing Connectivity

An IT security expert has some dire warnings about our brave new world

  • Karlin Lillington
  • Irish Times
  • March 17, 2016

Either we start to disconnect our increasingly networked world or we risk daunting social, safety, security and privacy consequences, a leading computer security expert and author has warned.

In an expansive talk directly challenging widely held assumptions about the benefits of computing, networks and the internet, Bruce Schneier told a large audience at this year’s RSA Security Conference in San Francisco that we were moving towards a networked world so complex that we would be unable to safely manage it or adequately grapple with inevitable disasters…

Video: Reacting Fast is Not Enough (RSA 2016)

  • David Spark
  • CloudPassage
  • March 17, 2016

“Companies go to the cloud not because the security person tells them to. They go to the cloud because the business person tells them to. Because the economics of doing it is so compelling and the security person has to manage,” said Bruce Schneier (@schneierblog), CTO, Resilient Systems, in our conversation at the RSA 2016 Conference in San Francisco.

Computing is embedded in everything we do, such as cars and planes, said Schneier. It’s not just business operations. It’s affecting the real world.

“Reacting fast is not enough. The real world is getting it right the first time,” warned Schneier. “I’m not sure how we’re going to do it because on the one hand there are going to be all these requirements by the physical world on the other hand there’s going to be our ‘IT way’ of doing things.”…

Video: RSA 2016 Interview with Bruce Schneier

  • ITProTV
  • March 15, 2016

At RSA 2016, ITProTV asked Bruce Schneier about his views on the security risks of the Internet of Things.

Watch the Video on

Video: Overcoming the Cyber Security Skills Gap: Ask Bruce, Episode Eight

  • ResilienTV
  • March 11, 2016

A shortage of skilled cyber security employees is one of the most significant challenges organizations face today.

In this video, Resilient CTO Bruce Schneier explains the cyber security skills gap, and outlines steps to help organizations overcome it.

Watch the Video on

Q&A: Bruce Schneier on Joining IBM, IoT Woes, and Apple v. the FBI

It's going to get worse before it gets better

  • Iain Thomson
  • The Register
  • March 4, 2016

Security guru Bruce Schneier is a regular at shows like RSA and his talks are usually standing-room-only affairs.

Schneier has written some of the definitive texts for modern cryptography teaching and his current book, Data and Goliath, examines the perils and solutions to government and corporate surveillance of internet users. The Register sat down with him to talk over the news of the day, and to get an idea of where the security industry is going.

Q: First things first—you’re the CTO of Resilient Systems, which IBM is in the process of buying…

Bruce Schneier: We're Sleepwalking towards Digital Disaster and Are Too Dumb to Stop

Coders and tech bros playing chance with the future

  • Iain Thomson
  • The Register
  • March 2, 2016

Security guru Bruce Schneier has issued a stark warning to the RSA 2016 conference—get smart or face a whole world of trouble.

The level of interconnectedness of the world’s technology is increasing daily, he said, and is becoming a world-sized web—which he acknowledged was a horrible term—made up of sensors, distributed computers, cloud systems, mobile, and autonomous data processing units. And no one is quite sure where it is all heading.

“The world-sized web will change everything,” he said. “It will cause more real-world consequences, has fewer off switches, and gives more power to the powerful. It’s less being designed than created and it’s coming with no forethought or planning. And most people are unaware that it’s coming.”…

Bruce Schneier on IBM Grabbing Him Up with Resilient Systems

Bruce Schneier chats with SearchSecurity during lunch at RSAC about IBM's plans to acquire Resilient Systems to complete their security offering.

  • Peter Loshin
  • SearchSecurity
  • March 2, 2016

RSA Conference is a place to meet and greet anyone involved in security these days, proved by a chance encounter with Bruce Schneier during lunch on Tuesday in the press room. And few individuals had news as big as Schneier, with the announcement yesterday that IBM would acquire Resilient Systems, the company where he serves as CTO.

“For the company, it’s fantastic; they have this whole big security strategy and you can see a big hole where we belong, and they see that,” Schneier told SearchSecurity while we waited for lunch to be rolled out…

Video: Building a Security Culture: Ask Bruce, Episode Seven

  • ResilienTV
  • February 25, 2016

Business leaders and IT security professionals don’t always see eye to eye—and that creates risk.

In this video, Resilient Systems CTO Bruce Schneier outlines ways for business and security leaders to build trust and create a security-focused organizational culture.

Watch the Video on

Video: How to Prevent the Normalization of Deviance: Ask Bruce, Episode Six

  • ResilienTV
  • February 18, 2016

Without proper controls, minor—yet insecure—behaviors can become accepted habits at organizations. And that can lead to major security risks.

In this video, Resilient CTO Bruce Schneier explains how security leaders can spot insecure practices, and stop them from taking hold at their organization.

Watch the Video on

Study Finds That Anti-Crypto Laws Won't Work on an International Stage

A new report shows that anti-crypto laws wouldn't change a thing, as criminals would simply look globally

  • Maria Korolov
  • CSO
  • February 12, 2016

In response to attempts to put restrictions on encryption technology, a new report surveys 546 encryption products in 54 countries outside the United States, out of 865 hardware and software products total.

The report demonstrates that encryption technology is very international in nature and that it is impossible for local regulations to have any effect on it, said Bruce Schneier, a fellow at the Berkman Center for Internet and Society at Harvard University,

“The cat is out of the bag,” he said. “It is an international world. All the research is international and has been for decades. All the conferences are international and have been for decades.”…

Review: Data and Goliath

  • Bruce Bowser
  • From the Desk of Bruce Bowser
  • February 12, 2016

Hi everyone,

Political views aside, it is important to be aware of the fact that what we post online has a footprint. This is something I always tell my daughters and the younger generations. After reading “Data and Goliath” by Bruce Schneier, it is clear why corporate and government surveillance is on the rise—but more importantly the book is a good resource for learning how to protect your privacy online, if you so choose.

One story that this book reminded me of is from a few years back. The premise of the story being that targeted advertising from this teen girl’s online behavior figured out that she was pregnant before her dad did. Here’s an excerpt of the New York Times article:…

Most Encryption Products Far beyond Reach of US Law Enforcement

Anyone seeking to keep their data hidden could use hundreds of encryption services offered by companies outside the US if Washington compels tech companies to decrypt communications.

  • Malena Carollo
  • Christian Science Monitor
  • February 11, 2016

If Washington forces American tech companies to give law enforcement access to encrypted communication, it might not provide the advantage investigators want when tracking terrorists or criminals.

Companies outside the US are responsible for nearly two-thirds of tech products that offer some form of encryption, according to a study released Thursday from renowned cryptographer Bruce Schneier. Because those firms are beyond the reach of US laws, he said, anyone who wants to avoid American intelligence agencies or police eavesdropping could simply switch to another secure platform…

Backdoor Laws Can't Contain Global Encryption, Says New Report

  • Russell Brandom
  • The Verge
  • February 11, 2016

In recent months, the FBI has been pushing for stronger US restrictions on encryption—but a new report from Harvard’s Berkman Center suggests such laws reach only a small portion of the relevant products. Taking a census of 865 different encryption products from around the world, the report finds that roughly two-thirds are produced and distributed overseas, outside the jurisdiction of US law. Germany was the biggest source of non-US crypto, with 112 separate products either for sale or available free. Just over a third of the foreign products make their code available as open source…

Strong Crypto Is Widely Available Outside The US, So Restrictions Are Unlikely To Thwart Terrorism

  • Yael Grauer
  • Forbes
  • February 11, 2016

Just today, security technologist and author Bruce Schneier, along with Kathleen Seidel and Saranya Vijayakumar, unveiled a new international survey of encryption products compiled as part of his fellowship at the Berkman Center for Internet and Society at Harvard University. The survey found a total of 865 hardware or software products incorporating encryption from 55 different countries, 546 (around two-thirds) of which were from outside the US. The products included voice encryption, file encryption, email encryption, and text message encryption products, as well was 61 VPNs…

Global Crypto Survey Proves Govt Backdoors Completely Pointless

Like playing a frustrating game of whack-a-mole

  • Iain Thomson
  • Iain Thomson
  • February 11, 2016

In 1999, when a fierce crypto war was raging between governments and developers, researchers undertook a global survey of available encryption products.

Now security guru Bruce Schneier and other experts have repeated the exercise, and it spells bad news for those demanding backdoors in today’s cryptography.

The latest study analyzed 865 hardware and software products incorporating encryption from 55 countries, with a third of them coming from the US. That’s up from 805 in 35 countries in 1999.

The goal of the survey is to catalogue available products and applications, rather than score or rate them. The team did not have the time to evaluate each system in depth. One thing the list does demonstrate, though, is the wide availability of software with builtin encryption, distributed from all corners of the globe…

New Survey Suggests US Encryption Ban Would Just Send Market Overseas

  • Jenna McLaughlin
  • The Intercept
  • February 11, 2016

If the US government tries to strong-arm American companies into ending the sale of products or applications with unbreakable encryption, the technology won’t disappear, a group of researchers conclude in a new report. It would still be widely available elsewhere.

Some US law enforcement officials argue that unbreakable encryption is interfering with legal surveillance of suspected criminals and terrorists. And some members of Congress are pushing for a nationwide requirement that encryption allow for law-enforcement access.

But the three researchers—Bruce Schneier, a cryptologist and fellow at the Berkman Center for Internet & Society, Kathleen Seidel, an independent researcher, and Saranya Vijayakumar of Harvard—compiled a list of at least 865 hardware and software encryption products available in 55 different countries. More than 500 of them come from outside of the United States…

New Report Contends Mandatory Crypto Backdoors Would Be Futile

  • Dan Goodin
  • Ars Technica
  • February 11, 2016

An estimated 63 percent of the encryption products available today are developed outside US borders, according to a new report that takes a firm stance against the kinds of mandated backdoors some federal officials have contended are crucial to ensuring national security.

The report, prepared by researchers Bruce Schneier, Kathleen Seidel, and Saranya Vijayakumar, identified 865 hardware or software products from 55 countries that incorporate encryption. Of them, 546 originated from outside the US. The most common non-US country was Germany, a country that has publicly disavowed the kinds of backdoors …

Press Release: International Encryption Product Survey Finds 546 Non-US Products from 54 Countries

Findings point to negative impact on US Companies and Internet users

  • Press Release
  • February 11, 2016

A newly completed international survey of encryption products found 546 different products from 54 different countries outside the US. This survey was headed by Bruce Schneier, as part of his Fellowship at the Berkman Center for Internet and Society at Harvard University.

The findings of this survey identified 619 entities that sell encryption products. Of those 412, or two-thirds, are outside the U.S.-calling into question the efficacy of any US mandates forcing backdoors for law-enforcement access. It also showed that anyone who wants to avoid US surveillance has over 567 competing products to choose from. These foreign products offer a wide variety of secure applications—voice encryption, text message encryption, file encryption, network-traffic encryption, anonymous currency—providing the same levels of security as US products do today…

Video: Incident Response Orchestration: Ask Bruce, Episode Five

  • ResilienTV
  • February 3, 2016

Organizations are overwhelmed with security alerts—far more than they can reasonably manage. Incident response orchestration and automation can go a long way in helping teams resolve security events faster and more effectively.

Watch the Video on

Bruce Schneier: The Security Mindset

  • Charles Severance
  • Computer
  • February 2016

Networked technology increasingly touches all aspects of our lives. When essential systems are connected to a networked environment, it becomes important to make sure that they’re protected from attack. We continue improving the mathematics and algorithms used to secure these systems, but attackers tend to exploit weaknesses in how the math-ematics and technologies are used.

As effective security becomes more vital, many computer science students are becoming interested in making security part of their education. I talked to Bruce Schneier, a leading cybersecurity thinker, and asked him how students might prepare themselves for a career in this field. See the entire interview at …

Video: The Security Mindset

  • Computer
  • February 3, 2016

Security guru Bruce Schneier talks with Charles Severance about what it takes to think like a security expert.

Watch the Video on

Audio: On the Wire Podcast: Bruce Schneier

  • Dennis Fisher
  • On the Wire
  • February 1, 2016

Bruce Schneier, the well-known cryptographer, author, and security expert, is today’s guest on the On the Wire podcast. Dennis Fisher talks with Schneier about the pervasiveness of commercial and government surveillance and tracking, the emerging problem of IoT security, and what can be done to address the technical and policy issues all of this entails. They also discuss the ideas in Schneier’s latest book, Data and Goliath, and what might be the theme for Schneier’s next one.

Listen to the Audio on

Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World (Review)

  • Elizabeth Kelley
  • The Federal Lawyer
  • January/February 2016

Data and Goliath—the very title invites you to read and have fun. But make no mistake—this is not a whimsical book. Rather,

Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World, by Bruce Schneier, is sobering and frightening. When Schneier, whom Wired magazine called “one of the world’s foremost security experts,” writes, “[w]e are living in the golden age of surveillance,” he does not mean it approvingly.

Schneier points out that this golden age of surveillance did not happen by accident. Indeed, we Americans have chosen convenience and safety over privacy. For the convenience of cell phones, the Internet, the Cloud, and other technologies, we have given corporations the right to know virtually everything about us at every moment of every day. And, for safety from all things dangerous, such as child abductors, drug dealers, and certainly terrorists, we have relinquished our privacy, along with our civil liberties…

Sidebar photo of Bruce Schneier by Joe MacInnis.