The Changelog The Changelog #490

Schneier on security for tomorrow’s software

This week we’re talking with Bruce Schneier — cryptographer, computer security professional, privacy specialist, and writer (of many books). He calls himself a “public-interest technologist”, a term he coined himself, and works at the intersection of security, technology, and people.

Bruce has been writing about security issues on his blog since 2004, his monthly newsletter has been going since 1998, he’s a fellow and lecturer at Harvard’s Kennedy School, a board member of the EFF, and the Chief of Security Architecture at Inrupt. Long story short, Bruce has credentials to back up his opinions and on today’s show we dig into the state of cyber-security, security and privacy best practices, his thoughts on Bitcoin (and other crypto-currencies), Tim Berners-Lee’s Solid project, and of course we asked Bruce to share his advice for today’s developers building the software systems of tomorrow.


Discussion

Sign in or Join to comment or subscribe

2022-05-25T21:53:15Z ago

This is by far the most disturbing guest I’ve heard to date.
Schneier’s ideas about libertarian motivations (e.g. they want deregulation so they can poison the water supply) if not disingenuous are absolutely bizarre and baseless.

The idea that safety improvements only come from regulation is demonstrably false; and there are incalculable examples where policy makes products less safe, or makes the public less secure by limiting the availability of safe products.

Truly a scary individual.

Jerod Santo

Jerod Santo

Omaha, Nebraska

Jerod co-hosts The Changelog, crashes JS Party, and takes out the trash (his old code) once in awhile.

2022-06-01T14:31:19Z ago

The people who want you to mistrust government are the people who wanna poison your water supply, and don’t want anybody to stop them from doing it.

After listening back, I agree that this particular statement is incredibly cynical and untrue for large swaths of the population. I disagree with Bruce on this. Had I picked up on it in real-time I would’ve responded as such, but he’s a fast talker and I’m sometimes a slow processor. 😆

(It’s worth noting that he’s referring to “people who want you to mistrust government” not “people who mistrust government”, which is a much larger group for which it’s even more difficult to ascribe intent.)

When, where, and how to apply regulation is a thorny issue and it’s rare that we all agree on it. Bruce’s stance seems to be, “bad regulation is better than no regulation, but good regulation would be great.”

I understand why you think that is disturbing/scary.

My stance is more like, “no regulation is better than bad regulation, but good regulation would be great.”

2022-06-02T06:09:02Z ago

What a horrible take on bitcoin coming from such a privileged perspective. Of course Venmo works well for you. Venmo works great if you have a bank account and don’t have an oppressive government. What about the millions of people in the US without a bank account? What about refugees who have their life’s savings stolen by their government at the border? Sure would be nice if they could memorize their private key and keep their life’s savings. Saying anything has “absolutely no value” is almost always false. I’m not a bitcoiner, and I can recognize that it has problems, but come on.

2022-06-09T09:16:01Z ago

Regarding “You have to trust your government, you have no choice”.

That’s a pretty grim advice for people living in russia or China or any other authoritarian regime. So no wonder people there are interested in ways to save their money or hide it from the government.

2022-10-09T10:19:00Z ago

I just registered to balance the reactions that I read in these comments. What Bruce Schneier highlights is the fact that when you create unregulated zones in the economy (no one checks the validity of the system for you), it attracts criminals.
If you are rich, educated and fully informed, I see no problem for you investing in cryptos.
But he’s a public service guy (from why I understand), he doesn’t think about rich and educated people, he thinks about vulnerable people.
Part of the Crypto ecosystem is a kind of libertarian utopia in which every participant is supposed to protect themselves. But who is able to identify whether a cryptographic scheme is legit or a scam? Who is even able to understand how the blockchain algorithm of a named currency is working.
Certainly not the thousands of teenagers or poor people invited to invest in quazi-ponzi schemes by youtube or tiktok influencers.

If you’re middle or working class and want to protect your paycheck, a highly regulated old bank account isn’t a bad choice. Either way, you usually don’t have enough money to “invest”. His comment about a lot of Crypto transactions not leveraging the blockchain is…unfortunately true. All of these Bahamas-hosted platforms play with their investors’ money, not so differently than some banks, I agree, but safe from any serious regulators. And I am not talking about derivatives trading but about basic transactions.

So in conclusion I think that developing the use of blockchain as a means of protecting the citizen against falsification (not only in banking but also in many others) is a pretty good idea. But doing so while systematically opposing this approach to government regulation is problematic. And that’s what I think Bruce was telling us in this podcast.

  0:00 / 0:00