Security expert expounds on heroism, Obama, and liberty versus control
Bruce Almighty is some other guy, but with Bruce Schneier's cult-like following on Facebook and elsewhere, one might easily mistake the names. Here's a preview of what you'll hear when Bruce Schneier takes the stage at the Privacy Summit.
IAPP: You have a cult following on Facebook. One group is called Bruce Schneier for president (30 members); another calls itself Bruce Schneier is my hero (165 members). What is the most heroic thing you've ever done?
Schneier: I've never considered myself particularly heroic. What I think people are responding to is my ability to think clearly about, and explain, security systems—and to speak the truth as I see it, regardless of who it might piss off. Valuable, yes; but not heroism.
IAPP: Should Obama give up his BlackBerry?
Schneier: I have no idea. Security decisions always balance one thing against another. There are two major risks to President Obama keeping his BlackBerry. The first is illegal access: hackers, criminals, international intelligence agencies, and so on breaking into the BlackBerry network and gaining access to his communications. The second is legal access: subpoena, the Presidential Records Act, or the pressure of public opinion forcing him to make his communications public. Both are real risks. But Obama also receives benefits from having a BlackBerry—from having access to that type of communication. Only he can balance those benefits against the risks, and make a decision.
IAPP: Could too much privacy inhibit what we want to do with security?
Schneier: It's a common misconception that security and privacy are opposites: that you have to give up one in order to get the other. That's just not true. Only identity-based security has any affect on privacy, and there are limitations to that approach. Let me give you an example. Since 9/11, approximately two things have improved airplane security: reinforcing the cockpit door, convincing passengers they need to fight back, and—maybe—sky marshals. Note that those three things have absolutely no effect on privacy. And many other forms of security have no effect on privacy: door locks, burglar alarms, tall fences. ID checks, databases, watch lists: those have a huge privacy impact, and they do almost nothing to improve security. The real opposites are liberty versus control.
IAPP: Is privacy the new environmentalism?
Schneier: Yes, and data is the pollution problem of the Information Age. Think about it. All computer-mediated processes produce data. Unless dealt with, it stays around. And its after-effects can be pretty toxic. And, just as 100 years ago we ignored pollution in our rush to build the industrial age, today we're ignoring data in our rush to build the Information Age. And, I believe, 100 years from now our great-grandchildren will look back at the decisions we made and wonder how we could have been so ignorant and short-sighted.
IAPP: What gives you hope for the future of the information economy?
Schneier: I have a lot of faith in our species' ability to get this right eventually. Yes, we're getting it badly wrong now, and will continue to get it badly wrong in the short term. But as Martin Luther King Jr. said: "The arc of history is long, but bends towards justice." Twenty years from now I believe we will have more liberty, more privacy, and more security than ever before.
IAPP: Can you give us a preview of your address for the IAPP Privacy Summit?
Schneier: I just did. I will be talking about the technological threats to privacy, the economic motivations that exacerbate these threats, and what's likely to happen to privacy in the near future.