Skip to content


Bruce Schneier

  • Why the NSA Makes Us More Vulnerable to Cyberattacks

    May 30, 2017

    An op-ed by Bruce Schneier. There is plenty of blame to go around for the WannaCry ransomware that spread throughout the Internet earlier this month, disrupting work at hospitals, factories, businesses, and universities. First, there are the writers of the malicious software, which blocks victims’ access to their computers until they pay a fee. Then there are the users who didn’t install the Windows security patch that would have prevented an attack. A small portion of the blame falls on Microsoft, which wrote the insecure code in the first place. One could certainly condemn the Shadow Brokers, a group of hackers with links to Russia who stole and published the National Security Agency attack tools that included the exploit code used in the ransomware. But before all of this, there was the NSA, which found the vulnerability years ago and decided to exploit it rather than disclose it.

  • What Happens When Your Car Gets Hacked?

    May 22, 2017

    An op-ed by Bruce Schneier. As devastating as the latest widespread ransomware attacks have been, it’s a problem with a solution. If your copy of Windows is relatively current and you’ve kept it updated, your laptop is immune. It’s only older unpatched systems on your computer that are vulnerable...But it is a system that’s going to fail in the “internet of things”: everyday devices like smart speakers, household appliances, toys, lighting systems, even cars, that are connected to the web. Many of the embedded networked systems in these devices that will pervade our lives don’t have engineering teams on hand to write patches and may well last far longer than the companies that are supposed to keep the software safe from criminals. Some of them don’t even have the ability to be patched.

  • The next ransomware attack will be worse than WannaCry

    May 16, 2017

    An op-ed by Bruce Schneier. Ransomware isn’t new, but it’s increasingly popular and profitable...The ransomware that has affected systems in more than 150 countries recently, WannaCry, made press headlines last week, but it doesn’t seem to be more virulent or more expensive than other ransomware...The lessons for users are obvious: Keep your system patches up to date and regularly backup your data. This isn’t just good advice to defend against ransomware, but good advice in general. But it’s becoming obsolete.

  • Why extending laptop ban makes no sense

    May 16, 2017

    An op-ed by Bruce Schneier. The Department of Homeland Security is rumored to be considering extending the current travel ban on large electronics for Middle Eastern flights to European ones as well. The likely reaction of airlines will be to implement new traveler programs, effectively allowing wealthier and more frequent fliers to bring their computers with them. This will only exacerbate the divide between the haves and the have-nots -- all without making us any safer.

  • How The CIA WikiLeaks Disclosure Diverts Attention From Big Picture

    May 15, 2017

    The WikiLeaks publication of hacking tools and malware the CIA has allegedly used continues to stir the ire and fear of those concerned about the possible risk of the US government’s backdoor access to private data. But WikiLeaks’ publication of alleged CIA-created malware instructions, which the CIA has not confirmed as authentic, diverts attention away from how numerous other state-sponsored agents are aggressively seeking to steal intellectual property and other data, security experts say...Tools developed by governmental agencies also often eventually trickle down for use by hackers once they are leaked. The hacking tools revealed in the Vault 7 data, have been “around for a while” because of the dates on the files, Bruce Schneier, the chief technology officer of IBM Resilient and a fellow at Harvard’s Berkman Center, told Intellectual Property Watch. “Today’s top-secret NSA programs become tomorrow’s PhD theses and tomorrow’s hacker tools,” Schneier said. “These capabilities goes downhill.”

  • Is There a Russian Mole Inside the NSA? The CIA? Both?

    April 20, 2017

    A message from Vladimir Putin can take many forms. It can be as heavy-handed as a pair of Russian bombers buzzing the Alaska coast, or as lethal as the public assassination of a defector on the streets of Kiev. Now Putin may be sending a message to the American government through a more subtle channel: an escalating series of U.S. intelligence leaks that last week exposed an NSA operation in the Middle East and the identity of an agency official who participated...“I think there’s something going on between the U.S. and Russia that we’re just seeing pieces of,” said security technologist Bruce Schneier, chief technology officer at IBM Resilient. “What happens when the deep states goes to war with each other and doesn’t tell the rest of us?”

  • An Algorithm That Hides Your Online Tracks With Random Footsteps

    April 11, 2017

    Last week, President Donald Trump signed a controversial new law, allowing internet providers to continue gathering sensitive information on their users and selling that data to advertisers. News sites erupted with recommendations for keeping browsing history private—but because all the data people send and receive online goes through their service providers, that’s easier said than done...Bruce Schneier, a fellow at Harvard’s Berkman Center and the author of Schneier on Security, warned against underestimating internet providers’ ability—and drive—to see through data-obfuscation tactics. “The question is, after 100 years of coding theory, how good are those algorithms at finding the signal in the noise?” he asked.

  • Infrastructure vulnerabilities make surveillance easy

    April 10, 2017

    An op-ed by Bruce Schneier. Governments want to spy on their citizens for all sorts of reasons. Some countries do it to help solve crimes or to try to find "terrorists" before they act. Others do it to find and arrest reporters or dissidents. Some only target individuals, others attempt to spy on everyone all the time. Many countries spy on the citizens of other countries: for reasons of national security, for advantages in trade negotiations, or to steal intellectual property. None of this is new. What is new, however, is how easy it has all become. Computers naturally produce data about their activities, which means they're constantly producing surveillance data about us as we interact with them.

  • India’s National ID Program May Be Turning The Country Into A Surveillance State

    April 4, 2017

    In February 2017, Microsoft announced Skype Lite, a brand-new edition of Skype just for India. A more spartan version of Microsoft’s marquee messaging service, Skype Lite is designed to run well on cheap Android phones and to handle calls over flaky 2G data networks — the trappings of an app made by a large, wealthy corporation for a large and largely poor emerging market. But that’s not all it does. Skype Lite also taps into a giant government-owned database filled with the demographic and biometric records — names, dates of birth, addresses, phone numbers, photographs, iris and fingerprint scans — of more than a billion Indian citizens...Cryptographer and cybersecurity expert Bruce Schneier echoed Hunt’s assessment. “When this database is hacked — and it will be — it will be because someone breaches the computer security that protects the computers actually using the data,” he said. “They will go around the encryption.”

  • Do You Know How Much Private Information You Give Away Every Day?

    March 29, 2017

    You’ve probably heard the warnings. Yet there you are: Scrolling frantically through an app's Terms of Service's pages for a glaring reason to not share your email or birth date — or, perhaps more likely, skipping right past it all and clicking “Agree.” The app makers know better than to bold anything or make anything clear — especially about how your actions will morph into marketing metadata, sprinkling a trail of "cookies" behind you...Security technologist and cryptographer Bruce Schneier compares walking around with a smartphone to carrying a tracking device 24/7.

  • Will the air travel laptop ban stop terrorists?

    March 27, 2017

    f you travel by air from certain countries – which happen to be Muslim-majority – to the US or UK, you will no longer be allowed to take your laptop or tablet in your hand baggage. You will probably have lots of questions, such as: why has the US banned them from flights operated by airlines based in those countries, but not on US carriers?...“It makes so little sense,” says Bruce Schneier, a security expert and author of Beyond Fear: Thinking Sensibly About Security in an Uncertain World.

  • Puzzling out TSA’s laptop travel ban

    March 23, 2017

    An op-ed by Bruce Schneier. On Monday, the TSA announced a peculiar new security measure to take effect within 96 hours. Passengers flying into the US on foreign airlines from eight Muslim countries would be prohibited from carrying aboard any electronics larger than a smartphone. They would have to be checked and put into the cargo hold. And now the UK is following suit. It's difficult to make sense of this as a security measure, particularly at a time when many people question the veracity of government orders, but other explanations are either unsatisfying or damning.

  • Experts criticize US electronic devices ban on some flights from Middle East

    March 21, 2017

    The US government’s unexpected ban on laptops, iPads and other electronics “larger than a cellphone” on flights from 10 airports in the Middle East has sparked criticism from technology experts, who say the new rules appear to be at odds with basic computer science...Bruce Schneier, a security technologist, called the new rules an “onerous travel restriction”. “From a technological perspective, nothing has changed between the last dozen years and today. That is, there are no new technological breakthroughs that make this threat any more serious today,” he said in an email. “And there is certainly nothing technological that would limit this newfound threat to a handful of Middle Eastern airlines.”

  • WikiLeaks CIA Revelations Highlight Stakes in Debate About Cyber Offense Vs. Defense

    March 8, 2017

    WikiLeaks’ publication of hacking tools purportedly used by the Central Intelligence Agency highlight the stakes in a debate about the merits of basing cybersecurity on offense vs. defense., experts said Tuesday. A focus on the tools of attack can create certain kinds of risks because such tools may be difficult, if not impossible, to keep secure. “Eventually, this will all make us safer because finding and publishing (vulnerabilities) is always a good thing,” cryptographer and security expert Bruce Schneier said. The latest WikiLeaks publication showed that the federal agency was hoarding previously unknown cyber vulnerabilities, known as zero days. Mr. Schneier said that the sharing of such information could be beneficial.

  • Top security expert: Trump’s unsecured Android phone could be used to spy on the president

    January 27, 2017

    President Donald Trump is still using an unsecured Android phone to send his tweets, according to The New York Times. One security analyst laid out the worst-case hacking scenario that Trump's unsecured likely Samsung Galaxy S3 could cause. "There are security risks here, but they are not the obvious ones," Bruce Schneier wrote on his website on Thursday. Schneier is a widely respected cryptography expert. He's a fellow at Harvard Law School, and he's written several books on information security.He says the "bigger risk" stemming from Trump's unsecured Android phone isn't that the data on it could be stolen, but that a hacker could compromise the device and turn it into a presidential spying machine.

  • The Watchers

    December 19, 2016

    Do people behave differently when they think they are being watched?...Jon Penney was nearing the end of a fellowship at Harvard Law School’s Berkman Klein Center for Internet & Society in 2013, and he realized that Snowden’s disclosures presented an opportunity to study their effect on Americans’ online behavior...“The fact that you won’t do things, that you will self-censor, are the worst effects of pervasive surveillance,” reiterates security expert Bruce Schneier, a fellow at the Berkman...Bemis professor of international law and of computer science Jonathan Zittrain, faculty chair of the Berkman Klein Center, worries that the ubiquity of privacy threats has led to apathy. When a hacker released former Secretary of State Colin Powell’s private assessments of the two leading presidential candidates prior to the recent election, “I was surprised at how little sympathy there was for his situation, how it was treated as any other document dump,” Zittrain explains.

  • Making airport PreCheck free could save TSA millions: report

    December 5, 2016

    A study by the University of Illinois at Urbana-Champaign offers a way to get more people to sign up for expedited security screening and save the government money: make PreCheck free for frequent fliers...Security expert Bruce Schneier has long criticized the enhanced post-9/11 security screenings as "security theater" that do not make anyone safer."I want PreCheck-style screenings for everyone," said Schneier, a fellow at Harvard University's Berkman Klein Center. He worries that giving PreCheck only to frequent travelers or those who pay creates a class divide — the poor get invasive screenings, while the wealthy are in the faster lines.

  • Should the government regulate your talking refrigerator?

    November 17, 2016

    On the morning of Oct. 21, Netflix and Twitter were kicked offline by hackers – annoying binge-watchers and prolific tweeters for several hours. But the hacking of popular websites is a harbinger of what’s to come for consumers using devices connected to the internet, and Congress faces a tough question of how to protect consumers and businesses without over-regulating the tech industry...“Everything is a computer. Your phone is a computer that makes calls, your refrigerator’s is a computer that keeps things cold,” testified Bruce Schneier, a special adviser to IBM security and a lecturer at Harvard University. “Attack is easier than defense, complexity is the worst enemy of security, and the internet is most complex thing ever built.” Schneier argued that the federal government must regulate and set standards for devices connected to the internet like it does for the safety of cars. He wants to create a new government agency and argued that Republicans swiftly created the Department of Homeland Security after 9/11 in response to safety threats.

  • U.S. urges stronger security for internet-enabled devices

    November 16, 2016

    The Obama administration urged companies on Tuesday to make millions of devices safe from hacking, underscoring the risks posed by an increasingly bewildering array of internet-connected products permeating daily life, covering everything from fitness trackers to computers in automobiles. In a report obtained by The Associated Press, the Homeland Security Department described runaway security problems with devices that have been made internet-capable in recent years...To prevent more attacks, the government must increase security regulations for “what are now critical and life-threatening technologies,” according to Bruce Schneier, a fellow at the Berkman Center for Internet and Society at Harvard Law School and a well-known cybersecurity expert. “It’s no longer a question of if, it’s a question of when,” Schneier said in prepared remarks for the hearing.

  • Is it time to lay down the law about cybersecurity?

    November 3, 2016

    Who’s up for government regulation of the Internet? Yes, my skin is crawling at the thought, just like yours. Still, some kind of government action seems inevitable. Online vandals, thieves, and spies are running wild on the global network. Tougher, smarter laws may offer our only hope of fending them off...Bruce Schneier, a fellow at Harvard’s Berkman Klein Center for Internet and Society, said that only a similar response by the government will bring the Internet under control. “The market can’t do this,” Schneier said. “What we have here is a market failure.” Schneier wants mandatory security standards for all IoT devices sold in the United States. For instance, a manufacturer could not sell an Internet router that didn’t require the user to set up a strong password. It’s hardly a foolproof cure. Passwords can still be beaten. But today, many devices don’t require passwords at all, making them open gateways for criminals.

  • Yahoo hack is one of the largest security breaches of the Internet age

    September 23, 2016

    Yahoo Inc. said Thursday that hackers backed by an unnamed foreign government had stolen personal information from more than 500 million of its users’ accounts, one of the largest security breaches of the Internet age...Bruce Schneier, a fellow at the Berkman Klein Center for Internet & Society at Harvard University, said the Yahoo breach was very serious because so many Internet users routinely store sensitive data on Internet-based systems — not on the hard drives in their desktop PCs, for example. “We no longer keep our stuff on our computers,” he said. “We keep our stuff on their computers.”

  • Cities Consider Privatizing TSA To Speed Up Checkpoints, But Would It?

    May 27, 2016

    The excruciating wait times at Chicago's O'Hare and Midway airports the past couple of weeks have travelers fuming and some city officials looking for other options. Chicago Alderman Ed Burke is calling on the city to do airport security the way it's done in Kansas City, San Francisco and several smaller airports around the country. He wants to hire a private company to staff the screening checkpoints..."Privatization doesn't actually solve any of the problems we have," says Bruce Schneier, a security expert with Harvard University's Berkman Center. "The problem with the TSA right now is there aren't enough people for the demand and that's a function of budget. It is not a function of who signs the paychecks of agents — it's how many agents there are."

  • Long airport TSA lines cause pain, but privatization may not be cure

    May 23, 2016

    Staggeringly long lines at the nation's airports this spring have led officials in Chicago, New York City, Atlanta and Seattle to discuss turning security over to private contractors, instead of employees of the Transportation Security Administration..."There's this weird belief that if a corporation does something, it's good, but if the government does something it's bad," said security expert Bruce Schneier, a fellow at Harvard University's Berkman Center. "There's a lot of things the TSA could do differently, but putting it in private hands will not solve any of the problems." The problems, private or public, include inadequate funding and a tricky mission — trying to stop something horrible but unlikely, said Schneier, who comments frequently on airport security and terrorism. "The thing they're preventing almost never happens, so you're stuck in a world where everything is a false alarm," Schneier said.

  • FBI wants Apple to unlock iPhone in Boston gang case

    March 15, 2016

    Apple Inc. is objecting to a request from federal prosecutors in Boston that it help unlock the iPhone of an alleged member of one of the city’s most notorious gangs, according to court records — a case that echoes the government’s high-profile fight with Apple in the San Bernardino terrorism case...Bruce Schneier, a security technologist at Harvard University’s Berkman Center for Internet and Society and a critic of the government’s request, said the Apple case raises a keen national question: “Do we want security or surveillance?” “The danger is not whether the FBI submits one request or a thousand, it’s forcing Apple to create the tool,” Schneier said. “Once the tool exists, they’ll use it a million times, and we’ll all be vulnerable.”

  • Preeminent Harvard cybersecurity expert takes Apple’s side in FBI fight

    March 3, 2016

    Bruce Schneier, a preeminent cybersecurity expert and the chief technology officer at a Cambridge-based tech firm that was just acquired by IBM, has come out in support of Apple Inc. in its crusade against the FBI. Schneier signed an amicus brief with the U.S. District Court in support of Apple Inc.'s motion to vacate an order compelling the firm to assist FBI agents in searching an Apple iPhone seized from the car belonging to the perpetrators of the San Bernardino shootings.

  • Pay a ransom, get your data back

    February 19, 2016

    A Los Angeles hospital has become the latest high-profile victim of a ransomware attack. Hollywood Presbyterian Medical Center announced that it had paid $17,000 to hackers to regain control of its computer system. The hospital had been operating without it for 10 days. ... "Ransomware is basically an encryption program," said Bruce Schneier, a cybersecurity expert at Harvard's Berkman Center. "It breaks into your computer. It encrypts your files. And then it doesn't let you at them."

  • U.S. and Apple Dig In for Court Fight Over Encryption

    February 17, 2016

    Washington and Silicon Valley geared up Wednesday for a high-stakes legal battle over a phone used by one of the San Bernardino, Calif., terrorists, a contest each side views as a must-win in their long fight over security versus privacy....“It’s not really a question of security versus privacy. It’s security versus security,’’ said Bruce Schneier, a fellow at Harvard University’s Berkman Center for Internet and Society. “Saying that all of these devices must be insecure so the FBI can have access would be a security disaster for us as a society.”

  • Reconciling perspectives: New report reframes encryption debate

    February 3, 2016

    A new report by The Berklett Cybersecurity Project of the Berkman Center for Internet & Society at Harvard University,“Don’t Panic: Making Progress on the ‘Going Dark’ Debate,” examines the high-profile debate around government access to encryption, and offers a new perspective.

  • Is it OK to shame late-paying customers on Facebook?

    December 7, 2015

    It's probably an understatement to say the cable industry hasn't done a good job winning the hearts and minds of consumers. Now, it may be falling even lower. A cable company in Canada this week started posting the names of delinquent customers to Facebook, including its own Facebook page as well as community pages on the social media service. The list included customers' names as well as their overdue payments, which went as high as $1,406.80, according to the CBC..."This is a huge deal," said Bruce Schneier, a security technologist and a fellow at Harvard's Berkman Center for Internet and Security. "You are dealing with this immense power. When someone searches for you, it shows up. How do we deal with that?" He added, "The issue isn't whether people are deadbeats and should pay. The issue is whether the punishment fits the crime." For instance, a potential employer could search for one of those cable customers singled out by the cable company, and decide not to hire the candidate because of the posting. "Now you'll lose your career and your life because you didn't pay your cable bill," Schneier said.

  • Proposed cyberlaw gives feds too much access to our data

    October 29, 2015

    So much for congressional gridlock. On Tuesday, the US Senate voted on the Cybersecurity Information Sharing Act (CISA), a bill to help protect our digital data. It passed 74 to 21 — not even close....But security maven Bruce Schneier, a fellow at the Berkman Center for Internet & Society at Harvard University, said data sharing could pay off in the long run. “It might help prevent the next attack,” Schneier said. “It’s all about learning from the present to protect the future.”

  • Data privacy, one of these days

    October 8, 2015

    For some odd reason, data privacy maven Bruce Schneier is an optimist. It’s odd because, according to Schneier, there’s practically no such thing as data privacy. Just about everything we do these days is under some form of electronic surveillance, with governments and corporations eager to record and analyze our every action. But when Schneier holds forth on Friday at Harvard University, as part of the ongoing HUBweek festivities, he’ll reassure his listeners that the cause is not lost, that our online privacy will someday be ensured. Just give it a decade or two. “It is possible to write laws to prohibit behavior we find immoral,” Schneier said. “We do it all the time.” So it’s just a matter of persuading businesses, governments, and voters that the current level of comprehensive digital surveillance crosses an ethical line. Technology isn’t the issue. “It will take an act of moral will,” he said.

  • Xi Jinping said he wants to stop Chinese hacking. Should we believe him?

    September 25, 2015

    ..How should U.S. officials interpret and respond to Xi’s promise? Can he be taken at his word? We asked five experts to weigh in. Here is what they said...Bruce Schneier, fellow at Harvard Law School’s Berkman Center for Internet and Society and author of “Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World”. I think it’s posturing. It’s basically the same thing that the U.S. says, and the U.S. hacks foreign government and corporate networks all the time. The problem is that there aren’t any laws that protect foreign networks, and there aren’t any relevant international treaties that limit commercial espionage. So I wouldn’t expect China to be any less aggressive on the Internet than the U.S. is.

  • Living in Code Yellow

    September 22, 2015

    An op-ed by Bruce Schneier. In 1989, handgun expert Jeff Cooper invented something called the Color Code to describe what he called the “combat mind-set"...Cooper talked about remaining in Code Yellow over time, but he didn’t write about its psychological toll. It’s significant. Our brains can’t be on that alert level constantly. We need downtime. We need to relax. This is why we have friends around whom we can let our guard down and homes where we can close our doors to outsiders. We only want to visit Yellowland occasionally. Since 9/11, the US has increasingly become Yellowland, a place where we assume danger is imminent. It’s damaging to us individually and as a society.

  • One of the biggest features we’re expecting to see in the new Apple TV is really troubling for privacy, experts say

    September 8, 2015

    Next week, Apple is expected to make a long-awaited update to its Apple TV set-top box, which hasn't been refreshed since 2012...Security experts, however, believe this could cause trouble. There are a lot of unanswered questions around these "always listening" devices that have yet to be answered, such as how they can use the data, who they can share it with, and whether or not they're using the data for alternative purposes. "[The license agreements] have an extraordinarily wide latitude," Bruce Schneier, a fellow at the Berkman Center for Internet and Society at Harvard Law, said to Business Insider. "And that's a huge worry."

  • Bruce Schneier: David Cameron’s proposed encryption ban would ‘destroy the internet’

    July 6, 2015

    ...Business Insider reached out to Bruce Schneier to discuss the feasibility of Cameron' proposed ban on "safe spaces" online. Schneier is a widely respected crypography and security expert and fellow at the Berkman Center for Internet and Society at Harvard Law School, serves on the board of digital liberties pressure group the Electronic Frontier Foundation, and writes frequently on encryption and security. He didn't hold back..."My immediate reaction was disbelief, followed by confusion and despair. When I first read about Cameron's remarks, I was convinced he had no idea what he was really proposing. The idea is so preposterous that it was hard to imagine it being seriously suggested."

  • How Will The Next President Protect Our Digital Lives? (audio)

    May 27, 2015

    When President Obama took office back in 2009, "cybersecurity" was not a word that everyday people used. It wasn't debated. Then, mega-breaches against consumers, businesses, and the federal government changed that...Now, the 45th president will have to come into office with a game plan for how to protect us online...Cybersecurity expert Bruce Schneier, a fellow at Harvard's Berkman Center, says another way to protect consumers is corporate accountability. "What government can do about data breaches is increase the penalties," he says. "Right now your data is not very well protected because the cost of losing it isn't very high to the companies that have it." Schneier wants to see the next president take on privacy too — what should police be able to access without a warrant, and what should companies be allowed to store. So far, we've just kind of assumed the answer is ... everything.

  • Hidden Talent

    May 4, 2015

    Craig Gentry has developed ways to to keep data secure and accessible that may broaden the use of cloud computing.

  • Two books look at how modern technology ruins privacy

    March 24, 2015

    ‘Even the East Germans couldn’t follow everybody all the time,” Bruce Schneier writes. “Now it’s easy.” This may sound hyperbolic, but Schneier’s lucid and compelling “Data and Goliath” is free of the hysteria that often accompanies discussions about surveillance. Yes, our current location, purchases, reading history, driving speed and Internet use are being tracked and recorded. But Schneier’s book, which focuses mainly on the United States, is not a rant against the usual bad guys such as the U.S. government or Facebook. Schneier describes how our data is tracked by both corporate and government entities, often working together. And in many cases, the American people allow them to do it...The theme of dangerous little brothers is central to Benjamin Wittes and Gabriella Blum’s “The Future of Violence,” a lively and often terrifying exploration of the dark side of our technological age. Technology is increasingly cheap and widely available, a trend that can help empower the masses and weaken central governments. Sounds great, right? We tend to celebrate this phenomenon when individual dissidents use social media to provoke authoritarian regimes. But what happens when these tools of mass empowerment fall into the wrong hands?