Bruce Schneier: The Evolution of a Cryptographer

Bruce Schneier, who literally wrote the book on cryptography, talks with Senior Editor Scott Berinato about his holistic view of security, both physical and technical.

While I believe that certain individual members of Congress have a good understanding of the problems and technologies of computer security, I still think they believe that if all the affected parties go into a room, they can negotiate a solution. The last time I testified, I told them that it wouldn't work and why. They all nodded politely, but I don't know if it stuck.Why do people have such a difficult time thinking in terms of risk rather than binarily? I think the real question is Why are people so lousy at estimating, evaluating and accepting risk? That's a complicated question, and I spend most of Chapter 2 of Beyond Fear trying to answer it. Evaluating risk is one of the most basic functions of a brain and something hard-wired into every species possessing one. Our own notions of risk are based on experience, but also on emotion and intuition. The problem is that the risk analysis ability that has served our species so well over the millennia is being overtaxed by modern society. Modern science and technology create things that cannot be explained to the average person; hence, the average person cannot evaluate the risks associated with them. Modern mass communication perturbs the natural experiential process, magnifying spectacular but rare risks and minimizing common but uninteresting risks. This kind of thing isn't newgovernment agencies like the FDA were established precisely because the average person cannot intelligently evaluate the risks of food additives and drugsbut it does have profound effects on people's security decisions. They make bad ones.Do the privacy implications of some of the new security measures resulting from 9/11widespread surveillance, Terrorism Information Awareness (TIA)concern you?Definitely. Terrorism is rare, while crime is common. Security systems that require massive databases in order to functionTIA, CAPPS 2will make crime easier. They'll make identity theft easier. They'll make illegal government surveillance easier. They'll make it more likely that rogue employees of the governments and corporations that maintain the systems will use the data for their own purposes. In the United States, there isn't a government database that hasn't been misused by the very people entrusted with keeping its information safe. IRS employees have perused the tax records of celebrities and friends. State employees have sold driving records to private investigators. This kind of thing happens all the time.

If these systems would actually help reduce the risk of terrorism, I might be willing to make trade-offs. But they don't work. Even worse, they cause more security problems than they purport to solve.What is going unreported, or underreported, in the realm of security?The most surprising thing about security is how little it has to do with security. All security involves trade-offs, and the nonsecurity aspects of those trade-offs are generally far more important than the security considerations. For example, a bank would never implement a security system that would alienate all of its customersno matter how secure it would make the bank. Airport security will confiscate the smallest knives but will allow matches and lighterscombustible materialsthrough because the tobacco lobby pressured the government. Businesses regularly have insecure networks because they find it easier to get things done that way.