Entries Tagged "Schneier news"
Page 4 of 41
It’s the EFF’s 30th birthday, and the organization is having a celebratory livestream today from 3:00 to 10:00 pm PDT.
There are a lot of interesting discussions and things. I am having a fireside chat at 4:10 pm PDT to talk about the Crypto Wars and more.
Stop by. And thank you for supporting EFF.
EDITED TO ADD: This event is over, but you can watch a recorded version on YouTube.
For years, Humble Bundle has been selling great books at a “pay what you can afford” model. This month, they’re featuring as many as nineteen cybersecurity books for as little as $1, including four of mine. These are digital copies, all DRM-free. Part of the money goes to support the EFF or Let’s Encrypt. (The default is 15%, and you can change that.) As an EFF board member, I know that we’ve received a substantial amount from this program in previous years.
For decades, I have been talking about the importance of individual privacy. For almost as long, I have been using the metaphor of digital feudalism to describe how large companies have become central control points for our data. And for maybe half a decade, I have been talking about the world-sized robot that is the Internet of Things, and how digital security is now a matter of public safety. And most recently, I have been writing and speaking about how technologists need to get involved with public policy.
All of this is a long-winded way of saying that I have joined a company called Inrupt that is working to bring Tim Berners-Lee’s distributed data ownership model that is Solid into the mainstream. (I think of Inrupt basically as the Red Hat of Solid.) I joined the Inrupt team last summer as its Chief of Security Architecture, and have been in stealth mode until now.
The idea behind Solid is both simple and extraordinarily powerful. Your data lives in a pod that is controlled by you. Data generated by your things—your computer, your phone, your IoT whatever—is written to your pod. You authorize granular access to that pod to whoever you want for whatever reason you want. Your data is no longer in a bazillion places on the Internet, controlled by you-have-no-idea-who. It’s yours. If you want your insurance company to have access to your fitness data, you grant it through your pod. If you want your friends to have access to your vacation photos, you grant it through your pod. If you want your thermostat to share data with your air conditioner, you give both of them access through your pod.
The ideal would be for this to be completely distributed. Everyone’s pod would be on a computer they own, running on their network. But that’s not how it’s likely to be in real life. Just as you can theoretically run your own email server but in reality you outsource it to Google or whoever, you are likely to outsource your pod to those same sets of companies. But maybe pods will come standard issue in home routers. Even if you do hand your pod over to some company, it’ll be like letting them host your domain name or manage your cell phone number. If you don’t like what they’re doing, you can always move your pod—just like you can take your cell phone number and move to a different carrier. This will give users a lot more power.
I believe this will fundamentally alter the balance of power in a world where everything is a computer, and everything is producing data about you. Either IoT companies are going to enter into individual data sharing agreements, or they’ll all use the same language and protocols. Solid has a very good chance of being that protocol. And security is critical to making all of this work. Just trying to grasp what sort of granular permissions are required, and how the authentication flows might work, is mind-altering. We’re stretching pretty much every Internet security protocol to its limits and beyond just setting this up.
Building a secure technical infrastructure is largely about policy, but there’s also a wave of technology that can shift things in one direction or the other. Solid is one of those technologies. It moves the Internet away from overly-centralized power of big corporations and governments and towards more rational distributions of power; greater liberty, better privacy, and more freedom for everyone.
I’ve worked with Inrupt’s CEO, John Bruce, at both of my previous companies: Counterpane and Resilient. It’s a little weird working for a start-up that is not a security company. (While security is essential to making Solid work, the technology is fundamentally about the functionality.) It’s also a little surreal working on a project conceived and spearheaded by Tim Berners-Lee. But at this point, I feel that I should only work on things that matter to society. So here I am.
Whatever happens next, it’s going to be a really fun ride.
This is a current list of where and when I am scheduled to speak:
- I’m speaking on “Securing a World of Physically Capable Computers” at the Indian Institute of Science in Bangalore, India on December 12, 2019.
The list is maintained on this page.
Last month, I gave a 15-minute talk in London titled: “Why technologists need to get involved in public policy.”
In it, I try to make the case for public-interest technologists. (I also maintain a public-interest tech resources page, which has pretty much everything I can find in this space. If I’m missing something, please let me know.)
Boing Boing post.
EDITED TO ADD (10/29): Twitter summary.
There is nothing in this book is that is not available for free on my website; but if you’d like these essays in an easy-to-carry paperback book format, you can order a signed copy here. External vendor links, including for ebook versions, here.
I am in search of a strategic thought partner: a person who can work closely with me over the next 9 to 12 months in assessing what’s needed to advance the practice, integration, and adoption of public-interest technology.
All of the details are in the RFP. The selected strategist will work closely with me on a number of clear deliverables. This is a contract position that could possibly become a salaried position in a subsequent phase, and under a different agreement.
I’m working with the team at Yancey Consulting, who will follow up with all proposers and manage the process. Please email Lisa Yancey at firstname.lastname@example.org.
Sidebar photo of Bruce Schneier by Joe MacInnis.