Schneier on Security

It seems like a good deal: the sign says that if the cashier fails to give a receipt you get your purchase free. Who knows? Maybe you track your expenses or you need the receipt for a reimbursement. Plus, it never hurts to have a shot at something free.

Actually, Bruce Schneier writes, the offer is a clever security maneuver. The store’s owner wants to make sure the cashier rings up sales, and generating a receipt for the customer also creates an internal register receipt. The offer enlists the customer as a security agent—not receiving a receipt means the customer will ask for reimbursement and the manager or owner will be notified that the cashier did not ring up the sale…

The subtitle, “Thinking about security in an uncertain world”, describes this book accurately. Schneier is a security consultant, offering a five-step approach to assess the merits of measures proposed to meet a perceived threat.

His main theme is the threat from terrorism, exemplified by the attacks in the USA on September 11th, 2001, but he also discusses (for example) how householders can protect against intruders, travelers can best guard their possessions or users defend against credit card fraud…

When one becomes more than an expert in an area, he or she generally begins to take a philosophical and abstract view of the subject and gains an ability to explain the essence of the subject in simplistic layman terms. That, in short, would describe Bruce Schneier’s book Beyond Fear.

It’s a question many of us need to ask ourselves. Are we really at risk? Or are we just afraid? Schneier provides us with hundreds of small examples repeatedly emphasizing the need to take another look at our reactions to the recent global security threats. Coming from an expert in security, and cryptologist, the book attempts to wash away the possibility of taking a standard approach to managing security. He dispels the notion that security is only for experts and convincingly proves that anyone can understand security…

Security is a tax on the honest. Schneier, in his book’s last chapter, fittingly titled Security Demystified, explains that in a world of honorable and law abiding citizens our lives would be a lot simpler. Unfortunately, this is not the case: during our life we are constantly facing dangers and risks and often have to evaluate complex tradeoffs that involve the safety of ourselves and the people we love.

For thousands of years the planning of security was conducted by specialists working on isolated domains like defense, banking, or civil aviation. Security decisions, good or (often) bad, were not publicized and the general public was kept in the dark regarding important security tradeoffs and weaknesses. Advances in information and networking technology have resulted in immensely increased requirements for secure applications and associated algorithms and protocols to conduct e-commerce, store private data, and communicate on the open internet. As a result, a new generation of security researchers started working in an open environment of scientific discourse and exchange, publishing their results in the open literature and communicating across previously isolated domain boundaries. These efforts have made information security an important element of computer science with a systematized body of knowledge and accepted practices. Bruce Schneier, a respected member of the information security community, in his book …