"We've Made Bad Security Tradeoffs"
Bruce Schneier is a rare creature in the computer-security world. Although he made his name as an alpha geek in cryptography and later, as chief technology officer of Net-security outfit Counterpane, Schneier can also speak to laypeople about the general security matters that increasingly touch all of our lives.
In the post September 11 era, he has emerged as one of the more cogent and quotable thinkers on the topic. In particular, he has asked hard questions about the effectiveness of some of the security measures passed after the terrorists' massacre. Schneier's latest book, Beyond Fear (Copernicus Books, 2003), is a highly readable compendium of his thoughts on the various aspects of real-world security. Designed for a general audience, it's a great introduction to a complicated and confusing topic. I interviewed Schneier via e-mail over the week of Aug. 25. Here are edited excerpts of our exchange:
Q: Beyond Fear is about taking a sensible approach to security. What compelled you to write it? And why do we need a book like this right now?
A: I wrote this book to try to inject some sense into the security debate. So much of the dialog of security centers around fear and uncertainty. I wanted both to explain how security really works and to show how we all can make ourselves safer by thinking of security not in absolutes but in terms of tradeoffs.
There's so much stupid security out there—in airports, in office buildings, in the government. I wanted to give people the ability to see why some things are stupid and—to the extent possible—how to fix them. There are many dangers in the world, both real and perceived, and it's my hope that the book gives people a realistic sense of how to deal with risks and threats.
Q: You have been critical of efforts to better secure the U.S. and the world in the wake of September 11. What do you think are the biggest mistakes we've made in those efforts?
A: I think the biggest mistake is that we've made policy decisions while scared. We've passed laws that are expensive, both in terms of money and fundamental liberties, without giving us a corresponding increase in actual security. In other words, we've made bad security tradeoffs.
Q: You argue that people and not technology are what will make us more secure. What are some ways we could use people more effectively?
A: People have an innate sense of risk. It's a product of millions of years of evolution. The best things the U.S. has done to combat terrorism have involved people—investigating terrorist activities, interdicting terrorist funding, prohibiting terrorist movement, and arresting terrorist leaders. These actions have done more to increase our security than any "improvements" in airline security. We need to invest in these sorts of people initiatives if we're going to make a difference.
Q: What are some of the ways we're misusing technology in hopes of providing better security?
A: We're relying too much on it. There's a widespread belief that technology can somehow solve our security problems. Federal initiatives like TIA [Total Information Awareness] and CAPPS-2 [Computer Assisted Passenger Profiling System] have promised to pick terrorists out of a sea of nonterrorists. I spend a lot of time in my book explaining why it just isn't true.
And slowly, we're learning. A couple of years ago, Tampa became the first city to install cameras and face-recognition technology, with the idea of picking criminals out of crowds. Last month, the city scrapped the system, after spending millions and arresting nobody. It was a complete waste of money.
Q: There's a dialogue going on right now about the Patriot Act. You have often stated that you think parts of this act are misguided or not terribly effective. Which parts and why?
A: One of the problems with making security tradeoffs is that there are many overlapping security concerns. The Patriot Act has given the government and police unprecedented powers. Many of these powers are Draconian and fly directly in the face of a free society.
Of course, if you assume that the government and the police are 100% benevolent and good, there's no reason not to give them ultimate power. But history shows, in this country and abroad, both that power corrupts and that even an honest organization invariably includes a dishonest few.
It's the very freedom and openness and rule of law that has made the U.S. such a safe place to live, and it's a bad tradeoff to give some of that up for a tiny bit of increased security. If the Patriot Act made us considerably more secure, it might be a good tradeoff. But we're giving up a lot—and not getting very much in return.
I spend a lot of time on this concept in my book: It's not only whether a security countermeasure is effective, it's whether it's worth it. It makes no sense to buy a $10 lock to protect a $1 rock, even if that $10 lock provides effective security.
Q: You underscore in your book that there's always a tradeoff between security and other desirable things, such as freedom of unfettered movement, freedom from hassles, etc. Where do you think we will ultimately land in that tradeoff as we shift our idea of how open our society should or can be?
A: The process never ends. Freedoms, liberties, security—these are constantly in flux. Our ideas of how open our society should be have been constantly shifting, and they will continue to shift.
Unfortunately, I think we're entering an era of decreased freedoms, liberties, and openness. There's no way to predict how long this will be, but I'm guessing a decade or more. There's a common myth that security and liberty are opposites, that increased surveillance is necessary for increased security. This is wrong. Of all the measures instituted to improve airline security, only two have had any positive effect: Reinforcing the cockpit door and teaching the passengers to fight back. Everything else is window dressing—"security theater," as I call it in my book. Notice that neither of those two things have any effect on personal liberties.
Q: What do you hope the layperson reading your book will learn about security?
A: My goal is to teach people how to think about security. Security and safety are vitally important today. They're going to be a big part of the next Presidential election. I think people need to learn how security works, how it fails, and how to make sensible security tradeoffs. The debate is too important to leave to others.
Q: How do you try to live up to these security principles in your own life? I remember reading that due to flaws in computer security you carry around pass codes on strips of paper.
A: That's not because of computer-security flaws, it's because I can't remember all the passwords I need to have. My wallet is already a secure container; it has valuable things in it, and I have a lifetime of experience keeping it safe. Adding a piece of paper with my passwords seems like a natural thing to do.
I try to make my security tradeoffs consciously and willingly, as much as possible. I don't worry about locking the back door of my house much of the time because I know the risk of burglary is slight. I never locked my car door until I got one of those remote electronic locks. Before, the tradeoff wasn't worth it, but now it is. I don't give a second thought to terrorism when I travel. I'm generally trusting of people. And I remember that the bad things I hear about in the news are rare and hardly worth worrying about. I'd rather accept the slight risk of attack than constantly live in fear. It's much more pleasant.