Bruce vs. Bruce
The following is a conversation between Bruce Schneier–a renowned security expert and founder and CTO of Counterpane Internet Security, Inc. whose newest book, Beyond Fear: Thinking Sensibly About Security in an Uncertain World, explains how security really works–and Bruce Sterling, whose new techno-thriller, The Zenith Angle, is about computer security and Washington politics. Sterling also wrote The Hacker Crackdown: Law and Disorder on the Electronic Frontier, a nonfiction book about computer hackers and cyber-police. The two Bruces, long-time admirers of each other’s work, got together to discuss the nexus of security, technology, and the real world.
Schneier: We both write about security and technology. I see technology continually changing the balance between attacker and defender. For example, it's technically feasible for the NSA to eavesdrop on millions of telephone calls simultaneously. But ten terrorists today can kill far more people and do more damage than ten terrorists fifty years ago; they have more "leverage."
Sterling: Terrorists with leverage are scary, but I'm much more scared of nutty, cocksure attempts to build
"technology" that supposedly keeps us safe. Terrorists get tired, give up, or shoot each other over the spoils, but once the hardware's installed, a lousy technology is harder to kill off than a cockroach.
Schneier: When it comes to security countermeasures, people always ask me: "Is this effective?" That's the wrong question; the right question would be "Is this worth it?" When it comes to most anti-terrorist security installed since
9/11, the answer is clearly NO. The "security" we're getting just isn't worth the cost: in money, liberties, or convenience. Security is always a balance of trade-offs. And as security consumers, too often we're getting a raw deal.
Sterling: I like this term you use in Beyond Fear: "security theater." I see a lot of that in airports: every time I buy an airline ticket, I get a front row seat for an elaborate, brazen charade. What's the point here: rationally achieving safety in air travel, or buffaloing Joe Citizen into imagining that something good is being done?
Schneier: A lot of what we're seeing at airports is just that: security theater designed to reassure the public that it's safe to fly. It's important to the airlines because it's good business, but it's not good security. People worry about the wrong threats. Spectacular but rare events, like terrorist attacks, get all the press attention, but more mundane risks are downplayed. Pigs kill more people annually than sharks. Riding in a car is vastly riskier than flying commercially, terrorists or no terrorists.
Sterling: Where's the historical perspective? When I was born 50 years ago, Stalin, a mass murderer, was making hydrogen bombs galore. Am I supposed to shake and shiver all over because some gang or small government might get a Bomb? That's bad, but it's far less terrifying than a dire situation I already survived.
Schneier: There are differences. Giving these smaller groups more leverage makes the world dangerous in ways it wasn't during the Cold War. But more dangerous than the rare and spectacular are the commonplace threats. In the cause of anti-terror, we're dismantling legal constraints on politicians and police, forgetting the dangerous abuses that made those constraints necessary in the first place. Do you ever worry about writing thriller novels like The Zenith Angle involving giant, farfetched superweapons? Is your book supposed to improve the reader's take on security reality?
Sterling: Okay, I write science fiction -- but I can't help but get indignant when I see hucksters baldly selling
"security fiction." Think of all the suckers who've been drinking "Dasani" bottled water because they imagine it's safer than tap water. The stuff IS tap water. We novelists lie for a living, but fear mongers prey cruelly on people's weakness and credulity. Nowadays, we should think long and hard about genuine security, and rid ourselves of the hand-wringing folklore.
Schneier: And I'm getting really tired of companies that make great promises about this or that technology, as if security were just a matter of installing the right set of whiz-bang widgets. Face it, no matter how much technology you use, real security is based on people. I don't know whether to fret over this, or take comfort in it.
Sterling: As a futurist, I like spotting "trends" against "certainties." People being sloppy, phony, and careless about security: that's about as close to an eternal human verity as one can get.
Schneier: Con artists have taken advantage of people's gullibility for millennia. You can see rackets mentioned in ancient Egyptian papyruses that are still used today. And now malicious computer viruses can do this automatically. You can receive an e-mail purporting to be from someone you know, with an enticing subject line and a plausible message body. It's all fake, of course, and if you click on the attachment, your computer is infected.
Sterling: I never blame the user for succumbing to these vicious things. The darkside-hackers who build these wicked chunks of code should be treated like arsonists. We'll never have a universally street-smart population using computers. The real world is full of children, the elderly, foreigners, first time users, the mentally retarded, drunks, injured people in pain, panicked people in a dreadful hurry. If you can't build a system that respects these people and their human qualities, then get out of the mass market and let someone in who can.
Schneier: I agree that people will always be people, but there's a lot more we can do to educate users about security. Viruses and spam have progressed from bad to worse, even though the trend was obvious, and useful steps could have been taken to stop that. The stuff that intrigues me most now is an increasingly dangerous overlap between cyberspace and the real world.
Sterling: Do you mean jazzy, red-hot trends like "ubiquitous computation" and "pervasive computing"?
Schneier: No, it's much simpler than that. Just search Google for the words "send catalog name address city state zip." You'll find hundreds of thousands of catalog request forms. Fill in someone's name, and you'll bury him in physical junk mail. Do that enough times, and you'll destroy the catalog sales business.
Sterling: I wish I hadn't learned that fact. "Ubiquitous computing," thousands of chips penetrating the physical world everywhere we go, that sounds fantastic, mind-boggling. But I feel quite sure they'll develop "ubicomp" in just the same pell-mell, frenzied way that left us so vulnerable to viruses and spam. It's a host of newfangled hazards yet undreamt of.
Schneier: Voice-over-IP, too. Here we have a technology that will drive the price of a phone call to zero. What happens when spammers get hold of that? Why would anyone accept phone calls if 80% of them were prerecorded digital junk?
Sterling: The deeper you dig, the darker that subject gets. User-friendly means abuser-friendly. I've seen serious people tearing their hair over the vulnerability of little SCADA chips. These remote-control knickknacks control a wide variety of industrial processes: "Supervisory Control And Data Acquisition," that's SCADA. There's yet to be a major black-hat effort to take over "supervisory control" of, say, natural gas pipelines, but considering those concentrated, deliberate attacks on pipelines in Iraq, one has to wonder.
Schneier: I think those risks are largely overblown. Sure, SCADA systems have lousy security, but they're not well-defined targets. And strangely enough, the complexity and obscurity of the systems turn out to be a defense. The bad guys are far more likely to drive a truck into a power plant than try to navigate the SCADA control system.
Sterling: I fret plenty about the oil business: it's old, frail, and obscure, and it never got the harsh, comprehensive attacks that the Internet got. Hackers might Google us to death with spam catalogs, but in October 2001 one lousy rifle bullet shut down the Alaska pipeline.
Schneier: Low-tech attacks are always more worrisome than high-tech. There's been a lot of froth written about biological terrorist attacks. Remember the Aum Shinri Kyo Japanese cult? They built a secret laboratory, spent $30 million dollars and several years, and built a chemical death weapon called sarin. The net result: 12 people dead in the Japanese subway. A kid with an automatic weapon could have done more damage.
Sterling: Don't forget the 5000 injured. Cults do go for cornball apocalyptic glamour. But even Al Qaeda's fantastic acts of self-immolation are getting cheapened with overuse. Like these bomb-toting cranks in Turkey who blew up a lodge with some Masons. Masons?! What's next: the Kiwanis? The Woodsmen of the World? There's a very thin line between diabolical mastermind and goofy, self-marginalizing loon.
Schneier: And we're really good at defending against yesterday's threats. After 9/11, we really beefed up airport security. In the weeks after Madrid, I've heard more and more calls to increase security on trains. That just makes no sense. You can't possibly secure every place where more than 100 people gather: theaters, sports stadiums, shopping malls, my neighborhood bar last St. Patrick's Day. It's back to trade-offs; we're wasting money trying to defend against terrorism by securing every possible target.
Sterling: I'm really interested in RFID chips: "Radio-Frequency Identification." They're like tiny, cheap, programmable barcode IDs attached to real-world objects. The idea is that these "smart objects" will be able to interact with us and each other. Well, then what?
Schneier: They're being touted as a security enhancement. Objects could automatically alert the authorities if they're stolen, for example. But people ignore the potential for abuse there. Can a criminal query your home to see if you own anything worth stealing? Can a marketer find out who owns a particular product, or how often they use it? The darker implications of RFID are scary.
Sterling: With online groups like "StopRFID.com," I'm seeing web-savvy people rallying online to become early technology un-adopters. Putting invisible, ultra cheap computer ID tags in common household possessions: there must zillions of possible abuses for these zillions of "spy chips."
Schneier: This is a common trend with new technologies. We fixate on the benefits of a technology, and fail to study the abuse potential. Computerized voting machines are typical. The manufacturers tout their fancy new features, but have ignored security and reliability. And they fight simple, common-sense measures like a paper printout--a backup ballot in case of problems.
Sterling: I take some comfort in watching Taiwan go nuts over ballot-box fraud, by the way. At least it's not just us Americans! An honest election that no one can trust is as bad as a rotten election.
Schneier: I talk about this a lot in Beyond Fear; it's the notion of resilient security. Paper ballots provide a backup in case of malice or intentional error. It's just plain stupid to deploy balloting technologies that have the potential for one person to change the outcome of an election. That's just too much leverage.
Sterling: I see a distressing tendency to fixate on gizmos and ignore systemic decay. The ugly chaos on the Internet today isn't about this hole or that hole, or this patch or that patch, it's about massive failures of governance. Look at your e-mail today: that flood of theft and abuse and malware. We can't call that a civilization. Law and order has broken down. We should feel ashamed about this, not sit on our hands like born victims till some techie finds some magic wand.
Schneier: You have to admit that the Internet does work. It just barely works, but that's true of all civilization. Fixating on technological solutions to human problems is a common theme in security, even though it rarely works. It's comforting to think that technology can somehow save us. Politicians on both sides of the aisle like large technological security systems. They're expensive and they're visible. They encroach on the public, and impress the voters for the next election. This is why you see massive, impractical programs for fingerprinting foreigners at the border, or profiling everyone flying in an airplane, when less visible human security measures like hiring another thousand FBI agents and teaching them Arabic would be far more effective and would make us all much safer.
Sterling: If there's a cheery lesson here, it's that history rolls right along. It took ages to work out the security for coin-operated payphones. Those things were tough and rugged, as highly evolved as a cactus. Now payphones are vanishing like the mighty buffalo: they disappeared into people's pockets as cell phones, and now they have cameras attached! The risks for abuse there are just fantastic -- of course.
Schneier: Again, technology changes the balance between attacker and defender: those who want to protect their privacy, and those who want to invade it with cell phone-mounted cameras.
Sterling: Technological change is a mighty spectacle, a vast, ever-changing parade of light and darkness. I feel privileged to bear witness: I couldn't do that subject justice if I had ten lifetimes.