One of the biggest names in security responds to government snooping plans.
Bruce Schneier is one of the best known experts on security and encryption issues. He has written many books on security and cryptography over the last two decades, and maintains a well-followed blog at www.schneier.com. He coined the term ‘security theatre’ to describe the ludicrous hoops we have to jump through at airports that don’t actually make us safer, but are instead aimed at making us feel safer, and he’s the first person we google when we want to find out the real truth behind the latest ‘think of the children’ security scare. So we were delighted to get the chance to meet him at the FIC 2015 cybersecurity conference in late January (see page 18), to ask about Edward Snowden, privacy and recent government plans to spy even further into our communications.
You’ve no doubt heard that Prime Minister David Cameron in the UK and now President Obama have said that they want access to all encrypted communication on the internet. What was your reaction when you read that?
Bruce Schneier: It’s completely idiotic! We’ve heard about this idea since the mid 90s – it’s not new at all.
Is it workable in any way?
BS: Of course not. Only someone who is not a technologist would say such a thing. The problem is, I can’t build a back door that only works for people of certain morals. I just technically can’t do that – I can’t design a filter that filters for morality. So if the US government can break in, anyone else can break in.
Or someone from the government leaves a laptop on a train, containing the encryption keys. It’s happened before…
BS: Right. So it’s unworkable and impossible, but we heard FBI director James Comey talk about this in November. But this is like former FBI director Louis Freeh in the 90s, this is like the Crypto Wars*, and it’s back again. Not only will it make us all insecure, it won’t even do what the government wants.
But politicians will always use arguments like “think of the children”, and people will keep voting for them…
BS: Indeed they will, because fear sells. In the 90s I talked about the “four horsemen of the internet apocalypse” and they were: terrorists, drug dealers, child pornographers and kidnappers. All this fear. So we have to win this. We can’t say that we will all be insecure forever on the internet. That’s just crazy.
You would expect, after the Snowden revelations, that everyone would be fighting more for privacy on the net.
BS: You know, some people are – the IETF [Internet Engineering Task Force] is. Certainly Google is and Microsoft is. What Google is doing about the US data in Ireland – they are encrypting more of their stuff. I think the Snowden leaks caused the company to step back and say “we shouldn’t cooperate here”.
You don’t think it’s just bluster from companies trying to keep hold of their customers?
BS: I think it’s half bluster and half real. But there is progress there – we are seeing that companies are fighting.
You worked with Glenn Greenwald going through the Snowden documents. What surprised you the most?
BS: The thing that was most surprising was: there were no surprises. The amazing thing about the NSA is that they’re not made of magic. You’d think, with their budget and the amount of personnel they have working for them, they’d have some magic in there. But they kind of don’t. We learnt that they don’t have quantum computers doing amazing things – they’re just better funded than the typical hacker.
Like: wow, they’ve broken some encryption system that looked almost impossible to break?
BS: Right. There was no “oh my god, they can do that?” Their stuff is just souped-up hacker tools. I thought there’d be something big, like a break on AES [Advanced Encryption Standard].
Do you think much has changed in the meantime? There’s a drive towards HTTPS everywhere, for instance.
BS: I think there has been. It’s around the edges, but there have been changes. WhatsApp is encrypted for instance – that’s 700 million people encrypting. That’s amazing.
Some services like Google Mail rely on being able to see content, to sell advertising…
BS: I think Google could say: “You know, there’s not a lot of money in email advertising, so let’s just encrypt it”. They could do different sorts of advertising – just not content-based.
Anyway, there’s a lot we can all do to make things better. Every time you use encryption with nothing to hide, someone else who needs encryption to stay alive benefits, because he’s hiding in a bigger pool of encrypted data. Just like every time you use Tor, you make it better for someone else who needs to use Tor. There’s safety in numbers.
* LV note: Louis Freeh was Director of the FBI from 1993 to 2001, and described encryption “one of the most difficult problems for law enforcement as the next century approaches”. Crypto Wars refers to the US government’s attempts to limit general access to encryption technologies that it couldn’t break itself.