Schneier and Zittrain on Digital Security and the Power of Metaphors
Bruce Schneier is one of the world's leading cryptographers and theorists of security. Jonathan Zittrain is a celebrated law professor, theorist of digital technology and wonderfully performative lecturer. The two share a stage at Harvard Law School's Langdell Hall. JZ introduces Bruce as the inventor of the phrase 'security theatre', author of a leading textbook on cryptography and subject of a wonderful internet meme.
The last time the two met on stage, they were arguing different sides of an issue -- threats of cyberwar are grossly exaggerated -- in an Oxford-style debate. Schneier was baffled that, after the debate, his side lost. He found it hard to believe that more people thought that cyberwar was a real threat than an exaggeration, and realized that there is a definitional problem that makes discussing cyberwar challenging.
Schneier continues, 'It used to be, in the real world, you judged the weaponry. If you saw a tank driving at you, you know it was a real war because only a government could buy a tank.' In cyberwar, everyone uses the same tools and tactics -- DDoS, exploits. It's hard to tell if attackers are governments, criminals or individuals. You could call almost anyone to defend you -- the police, the government, the lawyers. You never know who you're fighting against, which makes it extremely hard to know what to defend. 'And that's why I lost', Schneier explains -- if you use a very narrow definition of cyberwar, as Schneier did, cyberwar threats are almost always exaggerated.