Bruce Schneier
{{Infobox scientist | image = Bruce Schneier at CoPS2013-IMG 9174.jpg | name = Bruce Schneier | caption = Bruce Schneier at the Congress on Privacy & Surveillance (2013) of the . | birth_date ) is an American , professional, privacy specialist and writer. He is the author of several books on general security topics, and cryptography.
Schneier is a fellow at the at , a program fellow at the ‘s . He has been working for IBM since they acquired where Schneier was CTO. He is also a contributing writer for news organization.
Contents
Early life
Bruce Schneier is the son of Martin Schneier, a Brooklyn Supreme Court judge. He grew up in , attending P.S. 139 and . After receiving a physics bachelor’s degree from the in 1984, he went to in and got his master’s degree in computer science in 1988. He was awarded an honorary Ph.D from the University of Westminster in London, England in November 2011. The award was made by the Department of Electronics and Computer Science in recognition of Schneier’s ‘hard work and contribution to industry and public life’.
Schneier was a founder and chief technology officer of , formerly Counterpane Internet Security, Inc.
Writings on computer security and general security
In 1994, Schneier published Applied Cryptography, which details the design, use, and implementation of cryptographic algorithms. In 2010 he published Cryptography Engineering, which is focused more on how to use cryptography in real systems and less on its internal design. He has also written books on security for a broader audience. In 2000, Schneier published Secrets and Lies: Digital Security in a Networked World; in 2003, ; in 2012, ; and in 2015, Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World.
Schneier writes a freely available monthly Internet newsletter on computer and other security issues, Crypto-Gram, as well as a security , Schneier on Security. The blog focuses on the latest threats, and his own thoughts. The weblog started out as a way to publish essays before they appeared in Crypto-Gram, making it possible for others to comment on them while the stories were still current, but over time the newsletter became a monthly email version of the blog, re-edited and re-organize <!– a blog does not count as an independent reliable third party source, especially when it’s just an interview with the person in question making claims about himself… please see our reliable sources policy at –> Schneier is frequently quoted in the press on computer and other security issues, pointing out flaws in security and cryptographic implementations ranging from to after the .
Schneier revealed on his blog that in the December 2004 issue of the Bulletin, three academics, Khawaja Amer Hayat, Umar Waqar Anis, and S. Tauseef-ur-Rehman, from the in , , an article written by Schneier and got it published. The same academics subsequently plagiarized another article by Ville Hallivuori on “Real-time Transport Protocol (RTP) security” as well. The editor of the SIGCSE Bulletin removed the paper from their website and demanded official letters of admission and apology. Schneier noted on his blog that International Islamic University personnel had requested him “to close comments in this blog entry”; Schneier refused to close comments on the blog, but he did delete posts which he deemed “incoherent or hostile”. Mathematical cryptography is usually not the weakest link in a security chain; effective security requires that cryptography be combined with other things.
The term Schneier’s law was coined by in a 2004 speech. The law is phrased as:
He attributes this to Bruce Schneier, who wrote in 1998: “Anyone, from the most clueless amateur to the best cryptographer, can create an algorithm that he himself can’t break. It’s not even hard. What is hard is creating an algorithm that no one else can break, even after years of analysis.”
Similar sentiments had been expressed by others before. In , states: “Few false ideas have more firmly gripped the minds of so many intelligent men than the one that, if they just tried, they could invent a cipher that no one could break”, and in “A Few Words On Secret Writing”, in July 1841, had stated: “Few persons can be made to believe that it is not quite an easy thing to invent a method of secret writing which shall baffle investigation. Yet it may be roundly asserted that human ingenuity cannot concoct a cipher which human ingenuity cannot resolve.”
Digital rights management
Schneier is critical of (DRM) and has said that it allows a vendor to increase . Proper implementation of control-based security for the user via is very difficult, and security is not the same thing as control. Defending against the broad threat of terrorism is generally better than focusing on specific potential terrorist plots. Human intelligence has advantages over automated and computerized analysis, and increasing the amount of intelligence data that is gathered does not help to improve the analysis process.
Regarding —the explosive that has become terrorists’ weapon of choice—Schneier has written that only swabs and dogs can detect it. He also believes that changes to airport security since 11 September 2001 have done more harm than good and he defeated , former head of the Transportation Security Administration, in an online debate by 87% to 13% regarding the issue. He is widely credited with coining the term “” to describe some such changes.
As a of Berkman Center for Internet & Society at , Schneier is exploring the intersection of security, technology, and people, with an emphasis on power.
Movie plot threat
“Movie-plot threat” is a term Schneier coined that refers to very specific and dramatic attack scenarios, reminiscent of the behavior of terrorists in movies, rather than what terrorists actually do in the real world.
Security measures created to protect against movie plot threats do not provide a higher level of real security, because such preparation only pays off if terrorists choose that one particular avenue of attack, which may not even be feasible. Real-world terrorists would also be likely to notice the highly specific security measures, and simply attack in some other way.
The specificity of movie plot threats gives them power in the public imagination, however, so even extremely unrealistic “” countermeasures may receive strong support from the public and legislators.
Among many other examples of movie plot threats, Schneier described banning from , for fear that they may contain explosives.
Starting in April 2006, Schneier has had an annual contest to create the most fantastic movie-plot threat.
System design
Schneier has criticized security approaches that try to prevent any malicious incursion, instead arguing that designing systems to is more important. The designer of a system should not underestimate the capabilities of an attacker, as technology may make it possible in the future to do things that are not possible at the present.
Full disclosure
Schneier is a proponent of , i.e. making security issues public.
Other writing
Schneier and Karen Cooper were nominated in 2000 for the , in the category of , for their Minicon 34 Restaurant Guide, a work originally published for the Minneapolis science fiction convention which gained a readership internationally in for its wit and good humor.
Cryptographic algorithms
Schneier has been involved in the creation of many cryptographic algorithms.
Publications
- Schneier, Bruce. Applied Cryptography, John Wiley & Sons, 1994
- Schneier, Bruce. Protect Your Macintosh, Peachpit Press, 1994
- Schneier, Bruce. E-Mail Security, John Wiley & Sons, 1995
- Schneier, Bruce. Applied Cryptography, Second Edition, John Wiley & Sons, 1996
- Schneier, Bruce; Kelsey, John; Whiting, Doug; Wagner, David; Hall, Chris; Ferguson, Niels. The Encryption Algorithm, John Wiley & Sons, 1996
- Schneier, Bruce; Banisar, David. The Electronic Privacy Papers, John Wiley & Sons, 1997
- Schneier, Bruce. Secrets and Lies: Digital Security in a Networked World, John Wiley & Sons, 2000
- Schneier, Bruce. , Copernicus Books, 2003
- Ferguson, Niels; Schneier, Bruce. , John Wiley & Sons, 2003
- Schneier, Bruce. Secrets and Lies: Digital Security in a Networked World, John Wiley & Sons, 2004
- Schneier, Bruce. Schneier on Security, John Wiley & Sons, 2008
- Ferguson, Niels; Schneier, Bruce; Kohno, Tadayoshi. Cryptography Engineering, John Wiley & Sons, 2010
- Schneier, Bruce. : Enabling the Trust that Society Needs to Thrive, John Wiley & Sons, 2012
- Schneier, Bruce. Carry On: Sound Advice from Schneier on Security, John Wiley & Sons, 2013
- Schneier, Bruce. Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World, , 2015
Activism
Bruce Schneier is a board member of the .