Bruce Schneier has been advocating for personal privacy for many years. He\u2019s a well known cryptographer and writer, and even has a \u201claw\u201d named after him: Schneier's law, which was coined by Cory Doctorow, states \u201cAny person can invent a security system so clever that he or she can't imagine a way of breaking it\u201d.Schneier recently spoke at the AISA Conference in Sydney. We chatted shortly before he gave the conference\u2019s closing address.I started by asking him what he saw as the big challenges around infosec today.\u201cThe challenges are not much technical, there more social. It\u2019s about making security work in context. I worry a lot about organisations and security practices. I worry about catastrophic risk in the Internet of Things. There\u2019s a fundamental difference between crashing your spreadsheet and losing your data and crashing your car and losing your life. Those are so extraordinarily different, yet it\u2019s the same software\u201d.I was somewhat prescient that just a few days after Schneier\u2019s comments that a massive DDoS attack, involving IoT devices was perpetrated and took out a massive number websites in the US.As the risks become focussed on life and property, rather than just data, Schneier says this will change everything.He says the proliferation of computers and things that affect the world in a direct physical manner, that are much lower cost, and designed with less security in mind, that are unpatchable and not prefaced very often will open us to extreme vulnerabilities.\u201cIt\u2019s all the vulnerabilities of computers without any of the fences we\u2019ve built for the past 20 years\u201d.When it comes to privacy, I asked Schneier whether he thought the privacy genie could ever be put back into the bottle.\u201cI think, fundamentally, yes,\u201d he says. \u201cIt\u2019s not the case that our species has lost privacy till the end of time. That\u2019s just ridiculous\u201d.Schneier says all technology can be controlled through non-technical means such as laws. However, he says countries and companies are currently \u201cpunch drunk\u201d on our data.\u201cSurveillance capitalism is the thing that is driving our economy. Governments are glomming on getting themselves a copy of everything. That\u2019s going to have to change. I think it will. It\u2019s a very long term thing. Privacy is too central to human dignity to say it\u2019s over\u201d.The challenges, says Schneier, are around policy. The big challenges aren\u2019t the illegal use of data but the legal ones in his view. And he sees the leadership in privacy coming from Europe. For example, new laws passed there have deemed internet addresses to be Personally Identifiable Information.Although it sometimes seems people give up data voluntarily, Schneier says, it\u2019s his view, they give up data either because they are coerced or because they don\u2019t understand what they are giving up.In order to get people to understand what they are doing there\u2019s no need to delve into a technical explanation of how privacy systems work. He likens this to the effects of pharmaceuticals. We don\u2019t necessarily have to understand their mechanism. But we do understand they improve our health when our body is compromised.\u201dWe need governments to take charge and regulate companies that want to make a profit at all costs and people being harmed\u201d.As it may be difficult for people to correlate the use of their data with personal injury, we need governments to step up with regulation he says. Data use is already regulated in many cases such as stock exchanges and insurance. But those needs to go further.\u201cThe whole point of society is that you don't have to be an expert in everything. Society takes care. I don't have to know anything about building construction but I know, without any doubt, that the ceiling will not fall on my head. There\u2019s some building code somewhere that someone adhered to when they built this building\u201d.Such a system means people don\u2019t need to know everything to trust systems. But as information security and privacy are so new, we've not yet reached that level of maturity.\u201cAs we mature as an industry, you start to realise we need those controls in place\u201d.Another significant issue is that technology is moving faster than the law. Schneier says this is a relatively new phenomenon. The adoption cycles of radio and the telephone were so low enough that laws could be made in a timely way. But the rapid pace of change in technology means the law is often years behind and getting worse.