Schneier on Security

Bruce Schneier, a security commentator and author who The Register calls, “The closest the security industry has to a rock star,” took time to correspond via e-mail with Government Technology about the latest security threats to public-sector IT.

He publishes a popular blog and newsletter on Schneier.com. His most recent book, Schneier on Security, is a collection of previously published essays on security-related topics, such as identification cards, cyber-crime, election security and the psychology of security.

A few CIOs in government are touting “user-generated government”—i.e., mash-up applications and open source built by citizens. Though this appears to be an economical move, do you think turning to everyday citizens like this opens government to security threats?…

You call “identity theft” a misnomer, saying that the fight against fraud might be more effective if we thought of it as impersonation rather than ID theft. Could you elaborate on why?

“Identity theft” doesn’t make sense as a term. Your identity is the only thing about you that cannot be stolen. The real crime is fraud due to impersonation. Even worse, by calling it “identity theft,” we naturally focus on the wrong solution: making personal information harder to steal.

We need to make personal information less valuable, harder to use. By calling the crime what it really is, it’s more obvious where the solutions lie…