Tales from the Cryptographer
Security guru Bruce Schneier busts the myths of post-9/11 safety measures
Bruce Schneier has little patience for pointless security measures. As an internationally acclaimed cryptographer and security expert who travels extensively for work, he encounters them every day. Most airline passengers probably have wondered whether taking off their shoes for airport screeners accomplishes anything. Schneier not only understands why it doesn’t, he can explain why it actually make us less secure. As he puts it, “If we’re relying on airport screeners to prevent terrorism, it’s already too late. After all, we can’t keep weapons out of prisons. How can we ever hope to keep them out of airports?”
Schneier, 43, has the same assessment of the National Security Agency’s controversial program of eavesdropping on American citizens. While advocates of so-called “data-mining” projects claim they can help foil future terrorist plots, Schneier contends that they’re not just costly, time-consuming and an invasion of privacy; they’re also ineffective at catching terrorists. He argues that when it comes to defending homeland security, the real choice we need to make isn’t between security and privacy. It’s between liberty and a police state.
Schneier should know. As founder and chief technology officer of Counterpane Internet Security, a global Internet security firm, he is considered an authority on emerging security threats. Schneier has appeared in such media outlets as The New York Times, The Wall Street Journal, Newsweek, USA Today, Wired and The Economist. He’s been interviewed on National Public Radio and CNN, and publishes a free monthly newsletter called “Crypto-Gram,” which has more than 100,000 subscribers. He has also testified before Congress on national security issues. Schneier’s book, Applied Cryptography, is considered such a seminal work in the field of secret codes that author Dan Brown used him as a “realistic background detail” in The DaVinci Code.
Schneier’s latest book, Beyond Fear: Thinking Sensibly About Security in an Uncertain World, explains to the non-expert many of the overarching principles of security, from securing ATM machines to safeguarding nuclear secrets. Next week, he is a featured speaker at a daylong seminar in Montpelier, entitled “Privacy: How Much Is Left?” It is sponsored by the ACLU-Vermont.
Seven Days interviewed Schneier by phone during a recent layover at O’Hare International Airport in Chicago.
SEVEN DAYS: You began your career as a cryptographer. How did you become an expert on security in general?
BRUCE SCHNEIER: A lot of the methodology and formal ways of thinking we develop for computer security have a lot of applicability to real-world security — to airplanes, ID cards. Everything involves a computer these days.
SD: It seems as though understanding security is less about understanding the technology than the human psychology it’s predicated on.
BS: I think the human factors are much more important. Knowing what technology can and can’t do is vital, but too often people believe that technology can solve the human problem. It can’t. Burglaries are a great example. Burglaries have been a problem for 5000 years. We use technology to control it, but we don’t solve the problem.
SD: You’re in an airport right now. Of all the security measures implemented since 9/11, what’s the most absurd?
BS: The ID checks. There have been exactly two things that have improved airport security since 9/11: reinforcing the cockpit door and teaching passengers that they have to fight back. This whole ID check everywhere is ridiculous. Everybody has an ID. So what? Osama bin Laden has an ID. All the 9/11 hijackers had IDs. You can fly under a fake name and a fake ID really easily. It’s pure security theater.
SD: What’s the focus of your presentation in Vermont?
BS: I’m going to try to paint a picture of the future of privacy. In the modern technological world, what are the logical extensions of today’s technology that we’re likely to see? How many years will it be before a “life recorder” is a reasonable thing to carry? That’s something that you’ll wear on your lapel that’ll audio-record everything that happens to you. That’s probably only five or six years away. Nobody will mug you because you have your life recorder as evidence. Surveillance technologies come about because more of our transactions are being done by computers, and computers make records. Instead of putting a quarter into a tollbooth, we use an EZ Pass. Instead of paying cash, we pay with credit cards. Records are generated, and as the storage [cost] drops to free, and the processing [cost] drops to free, more records are saved.
SD: What’s wrong with this enormous aggregation of data?
BS: It’s very troubling because it goes to the heart of liberty and individuality. The right to do things while not being watched is very fundamental to humanity, whether we sing in the shower or have private conversations with friends. If we are constantly under gaze, we can’t experiment as human beings. When we know we’re being watched, our lives are altered, even if we’re doing nothing wrong . . . Amazon can collect my data — actually, I like it when they present me with books I might want to buy — and we gladly trade data for convenience. What we don’t like is when we lose control over it, when it goes into the hands of data brokers and is used for things we’re not aware of.
SD: What’s the biggest threat to our privacy?
BS: The confluence of corporate and government interests. Right now, data that is illegal for the government to collect they buy from corporations. And, data that corporations can’t possibly get they buy from the government. So there’s this confluence. And it’s not because someone is being malicious. It’s because that’s where technology is leading us. Corporations are not public charities. They will do whatever will make them the most profit that’s legal.
SD: Have we already fallen too far down the rabbit hole?
BS: We’re living in a very unique time. The cameras are everywhere, yet you can still see them. ID checks are ubiquitous and you know they’re going on. Ten years from now, you won’t see the cameras. All the ID checks will be RFID [radio frequency identification] or face recognition, and will happen without your knowledge. Surveillance will just fade into the background of society.
SD: Is data mining useful?
BS: It depends. Data mining’s great success story is credit-card fraud. Data mining systems comb through all of our transactions looking for patterns of credit-card thieves. And they catch them. Why does that work? A bunch of reasons. First, there’s a reasonable percentage of credit cards stolen each year, so the number of bad guys you’re looking for is high. Second, credit-card thieves follow pretty regular patterns you can look for. They have standard profiles. Third, the cost of a false negative isn’t that great. If you catch 25 percent of the credit-card thieves with this system, that’s fantastic. If you miss 75 percent, so what? The business is still profitable. Four, the cost of a false positive is very low. You get a call from a credit-card company saying, “Did you buy a big-screen television in Omaha today?” You say yes, and life goes on.
SD: Why doesn’t this work for national security?
BS: When you apply this to terrorism, you get completely different answers. First, terrorists are extremely rare. Two, terrorists don’t have defining patterns you can search for . . . How many of us change jobs each year? Change friends? Changing your baseline is normal. Terrorists are like any other group of people planning an operation, whether it be a surprise birthday party or a bank robbery. The only difference is that their operation is illegal.
SD: What else?
BS: The cost of false negatives is very high. Security is a tradeoff, and if you build a system that misses 75 to 90 percent, it’s ineffective. Lastly, the cost of false positives is very high. It’s a two-week FBI investigation. We saw this in the first NSA eavesdropping scandal. The New York Times reported that there were about 1000 people that this system had the FBI investigate. Every one of them was a false alarm. That’s completely wasted time and effort.
SD: Is there a fundamental security flaw the government is missing?
BS: It’s not a flaw. If you look at what they’re doing, it makes sense [to them]. If you were a government official, you want to err on the side of more visible security . . . There’s a propensity for things that are visible, so spending money on Arabic translators is not as good as fingerprinting foreigners. It looks like you’re doing something.
SD: So, we ask people to take their shoes off in the airport because there was one shoe bomber.
BS: You just have to be thankful he wasn’t an underwear bomber.
SD: Is profiling the answer?
BS: We all profile. The difference is smart profiling versus dumb profiling. If you see a guy running at you with a bloody knife, you profile. Maybe he’s a butcher chasing a woman who forgot her change. Maybe he’s not. But you have to profile the right things. Racial and sexual profiling don’t work because you’re inviting the bad guys to not meet the profile. When you fall back on stereotypes, that’s when you fall blind to the real threats.
SD: Is it possible for people to cover their digital footprints?
BS: Probably not . . . Think about trying to live your life without getting into a computer. Buying things with cash is suspicious. You can’t rent a car, you can’t get on an airplane. Throughout our day we leave digital footprints. If you’re the bad guy, you take solace in the fact that everybody does. If you’re watching everybody, you’re watching nobody.
SD: What can we do?
BS: I don’t have any tips. We’re screwed. The data about us is not controlled by us. The only tip is to get involved politically. It isn’t something you solve with “10 easy tips to keeping your privacy.” We need legislation, because technology is working against us.
SD: What keeps you awake at night?
BS: The biggest thing to worry about is the alliance of industry and government because it’s making things possible that weren’t before. There’s a great quote from [George] Orwell from the 1940s, which says that basically, police states have been kept in check because they’re so inefficient. They’re not inefficient anymore. The dream of a dossier on everybody in the country was realized already. ChoicePoint [the credit verification company] has a dossier on everybody in the country because it’s their business. A massive police state — knowing who talks to whom, especially as more of our communication goes on the Internet — becomes easy. And you don’t have to be malicious to do it. You just need to be providing good customer service.