Bruce Schneier

An op-ed by Bruce Schneier. Governments want to spy on their citizens for all sorts of reasons. Some countries do it to help solve crimes or to try to find "terrorists" before they act. Others do it to find and arrest reporters or dissidents. Some only target individuals, others attempt to spy on everyone all the time. Many countries spy on the citizens of other countries: for reasons of national security, for advantages in trade negotiations, or to steal intellectual property. None of this is new. What is new, however, is how easy it has all become. Computers naturally produce data about their activities, which means they're constantly producing surveillance data about us as we interact with them.

In February 2017, Microsoft announced Skype Lite, a brand-new edition of Skype just for India. A more spartan version of Microsoft’s marquee messaging service, Skype Lite is designed to run well on cheap Android phones and to handle calls over flaky 2G data networks — the trappings of an app made by a large, wealthy corporation for a large and largely poor emerging market. But that’s not all it does. Skype Lite also taps into a giant government-owned database filled with the demographic and biometric records — names, dates of birth, addresses, phone numbers, photographs, iris and fingerprint scans — of more than a billion Indian citizens...Cryptographer and cybersecurity expert Bruce Schneier echoed Hunt’s assessment. “When this database is hacked — and it will be — it will be because someone breaches the computer security that protects the computers actually using the data,” he said. “They will go around the encryption.”

You’ve probably heard the warnings. Yet there you are: Scrolling frantically through an app's Terms of Service's pages for a glaring reason to not share your email or birth date — or, perhaps more likely, skipping right past it all and clicking “Agree.” The app makers know better than to bold anything or make anything clear — especially about how your actions will morph into marketing metadata, sprinkling a trail of "cookies" behind you...Security technologist and cryptographer Bruce Schneier compares walking around with a smartphone to carrying a tracking device 24/7.

f you travel by air from certain countries – which happen to be Muslim-majority – to the US or UK, you will no longer be allowed to take your laptop or tablet in your hand baggage. You will probably have lots of questions, such as: why has the US banned them from flights operated by airlines based in those countries, but not on US carriers?...“It makes so little sense,” says Bruce Schneier, a security expert and author of Beyond Fear: Thinking Sensibly About Security in an Uncertain World.

An op-ed by Bruce Schneier. On Monday, the TSA announced a peculiar new security measure to take effect within 96 hours. Passengers flying into the US on foreign airlines from eight Muslim countries would be prohibited from carrying aboard any electronics larger than a smartphone. They would have to be checked and put into the cargo hold. And now the UK is following suit. It's difficult to make sense of this as a security measure, particularly at a time when many people question the veracity of government orders, but other explanations are either unsatisfying or damning.

The US government’s unexpected ban on laptops, iPads and other electronics “larger than a cellphone” on flights from 10 airports in the Middle East has sparked criticism from technology experts, who say the new rules appear to be at odds with basic computer science...Bruce Schneier, a security technologist, called the new rules an “onerous travel restriction”. “From a technological perspective, nothing has changed between the last dozen years and today. That is, there are no new technological breakthroughs that make this threat any more serious today,” he said in an email. “And there is certainly nothing technological that would limit this newfound threat to a handful of Middle Eastern airlines.”

WikiLeaks’ publication of hacking tools purportedly used by the Central Intelligence Agency highlight the stakes in a debate about the merits of basing cybersecurity on offense vs. defense., experts said Tuesday. A focus on the tools of attack can create certain kinds of risks because such tools may be difficult, if not impossible, to keep secure. “Eventually, this will all make us safer because finding and publishing (vulnerabilities) is always a good thing,” cryptographer and security expert Bruce Schneier said. The latest WikiLeaks publication showed that the federal agency was hoarding previously unknown cyber vulnerabilities, known as zero days. Mr. Schneier said that the sharing of such information could be beneficial.

President Donald Trump is still using an unsecured Android phone to send his tweets, according to The New York Times. One security analyst laid out the worst-case hacking scenario that Trump's unsecured likely Samsung Galaxy S3 could cause. "There are security risks here, but they are not the obvious ones," Bruce Schneier wrote on his website on Thursday. Schneier is a widely respected cryptography expert. He's a fellow at Harvard Law School, and he's written several books on information security.He says the "bigger risk" stemming from Trump's unsecured Android phone isn't that the data on it could be stolen, but that a hacker could compromise the device and turn it into a presidential spying machine.

Do people behave differently when they think they are being watched?...Jon Penney was nearing the end of a fellowship at Harvard Law School’s Berkman Klein Center for Internet & Society in 2013, and he realized that Snowden’s disclosures presented an opportunity to study their effect on Americans’ online behavior...“The fact that you won’t do things, that you will self-censor, are the worst effects of pervasive surveillance,” reiterates security expert Bruce Schneier, a fellow at the Berkman...Bemis professor of international law and of computer science Jonathan Zittrain, faculty chair of the Berkman Klein Center, worries that the ubiquity of privacy threats has led to apathy. When a hacker released former Secretary of State Colin Powell’s private assessments of the two leading presidential candidates prior to the recent election, “I was surprised at how little sympathy there was for his situation, how it was treated as any other document dump,” Zittrain explains.

A study by the University of Illinois at Urbana-Champaign offers a way to get more people to sign up for expedited security screening and save the government money: make PreCheck free for frequent fliers...Security expert Bruce Schneier has long criticized the enhanced post-9/11 security screenings as "security theater" that do not make anyone safer."I want PreCheck-style screenings for everyone," said Schneier, a fellow at Harvard University's Berkman Klein Center. He worries that giving PreCheck only to frequent travelers or those who pay creates a class divide — the poor get invasive screenings, while the wealthy are in the faster lines.

On the morning of Oct. 21, Netflix and Twitter were kicked offline by hackers – annoying binge-watchers and prolific tweeters for several hours. But the hacking of popular websites is a harbinger of what’s to come for consumers using devices connected to the internet, and Congress faces a tough question of how to protect consumers and businesses without over-regulating the tech industry...“Everything is a computer. Your phone is a computer that makes calls, your refrigerator’s is a computer that keeps things cold,” testified Bruce Schneier, a special adviser to IBM security and a lecturer at Harvard University. “Attack is easier than defense, complexity is the worst enemy of security, and the internet is most complex thing ever built.” Schneier argued that the federal government must regulate and set standards for devices connected to the internet like it does for the safety of cars. He wants to create a new government agency and argued that Republicans swiftly created the Department of Homeland Security after 9/11 in response to safety threats.

The Obama administration urged companies on Tuesday to make millions of devices safe from hacking, underscoring the risks posed by an increasingly bewildering array of internet-connected products permeating daily life, covering everything from fitness trackers to computers in automobiles. In a report obtained by The Associated Press, the Homeland Security Department described runaway security problems with devices that have been made internet-capable in recent years...To prevent more attacks, the government must increase security regulations for “what are now critical and life-threatening technologies,” according to Bruce Schneier, a fellow at the Berkman Center for Internet and Society at Harvard Law School and a well-known cybersecurity expert. “It’s no longer a question of if, it’s a question of when,” Schneier said in prepared remarks for the hearing.

Who’s up for government regulation of the Internet? Yes, my skin is crawling at the thought, just like yours. Still, some kind of government action seems inevitable. Online vandals, thieves, and spies are running wild on the global network. Tougher, smarter laws may offer our only hope of fending them off...Bruce Schneier, a fellow at Harvard’s Berkman Klein Center for Internet and Society, said that only a similar response by the government will bring the Internet under control. “The market can’t do this,” Schneier said. “What we have here is a market failure.” Schneier wants mandatory security standards for all IoT devices sold in the United States. For instance, a manufacturer could not sell an Internet router that didn’t require the user to set up a strong password. It’s hardly a foolproof cure. Passwords can still be beaten. But today, many devices don’t require passwords at all, making them open gateways for criminals.

Yahoo Inc. said Thursday that hackers backed by an unnamed foreign government had stolen personal information from more than 500 million of its users’ accounts, one of the largest security breaches of the Internet age...Bruce Schneier, a fellow at the Berkman Klein Center for Internet & Society at Harvard University, said the Yahoo breach was very serious because so many Internet users routinely store sensitive data on Internet-based systems — not on the hard drives in their desktop PCs, for example. “We no longer keep our stuff on our computers,” he said. “We keep our stuff on their computers.”

The excruciating wait times at Chicago's O'Hare and Midway airports the past couple of weeks have travelers fuming and some city officials looking for other options. Chicago Alderman Ed Burke is calling on the city to do airport security the way it's done in Kansas City, San Francisco and several smaller airports around the country. He wants to hire a private company to staff the screening checkpoints..."Privatization doesn't actually solve any of the problems we have," says Bruce Schneier, a security expert with Harvard University's Berkman Center. "The problem with the TSA right now is there aren't enough people for the demand and that's a function of budget. It is not a function of who signs the paychecks of agents — it's how many agents there are."

Staggeringly long lines at the nation's airports this spring have led officials in Chicago, New York City, Atlanta and Seattle to discuss turning security over to private contractors, instead of employees of the Transportation Security Administration..."There's this weird belief that if a corporation does something, it's good, but if the government does something it's bad," said security expert Bruce Schneier, a fellow at Harvard University's Berkman Center. "There's a lot of things the TSA could do differently, but putting it in private hands will not solve any of the problems." The problems, private or public, include inadequate funding and a tricky mission — trying to stop something horrible but unlikely, said Schneier, who comments frequently on airport security and terrorism. "The thing they're preventing almost never happens, so you're stuck in a world where everything is a false alarm," Schneier said.

Apple Inc. is objecting to a request from federal prosecutors in Boston that it help unlock the iPhone of an alleged member of one of the city’s most notorious gangs, according to court records — a case that echoes the government’s high-profile fight with Apple in the San Bernardino terrorism case...Bruce Schneier, a security technologist at Harvard University’s Berkman Center for Internet and Society and a critic of the government’s request, said the Apple case raises a keen national question: “Do we want security or surveillance?” “The danger is not whether the FBI submits one request or a thousand, it’s forcing Apple to create the tool,” Schneier said. “Once the tool exists, they’ll use it a million times, and we’ll all be vulnerable.”

Bruce Schneier, a preeminent cybersecurity expert and the chief technology officer at a Cambridge-based tech firm that was just acquired by IBM, has come out in support of Apple Inc. in its crusade against the FBI. Schneier signed an amicus brief with the U.S. District Court in support of Apple Inc.'s motion to vacate an order compelling the firm to assist FBI agents in searching an Apple iPhone seized from the car belonging to the perpetrators of the San Bernardino shootings.

A Los Angeles hospital has become the latest high-profile victim of a ransomware attack. Hollywood Presbyterian Medical Center announced that it had paid $17,000 to hackers to regain control of its computer system. The hospital had been operating without it for 10 days. ... "Ransomware is basically an encryption program," said Bruce Schneier, a cybersecurity expert at Harvard's Berkman Center. "It breaks into your computer. It encrypts your files. And then it doesn't let you at them."

Washington and Silicon Valley geared up Wednesday for a high-stakes legal battle over a phone used by one of the San Bernardino, Calif., terrorists, a contest each side views as a must-win in their long fight over security versus privacy....“It’s not really a question of security versus privacy. It’s security versus security,’’ said Bruce Schneier, a fellow at Harvard University’s Berkman Center for Internet and Society. “Saying that all of these devices must be insecure so the FBI can have access would be a security disaster for us as a society.”

A new report by The Berklett Cybersecurity Project of the Berkman Center for Internet & Society at Harvard University,“Don’t Panic: Making Progress on the ‘Going Dark’ Debate,” examines the high-profile debate around government access to encryption, and offers a new perspective.