Tag Archives: schneiernews

Why Technologists Need to Get Involved in Public Policy

Post Syndicated from Bruce Schneier original https://www.schneier.com/blog/archives/2019/10/why_technologis.html

Last month, I gave a 15-minute talk in London titled: “Why technologists need to get involved in public policy.”

In it, I try to make the case for public-interest technologists. (I also maintain a public-interest tech resources page, which has pretty much everything I can find in this space. If I’m missing something, please let me know.)

Boing Boing post.

I Have a New Book: We Have Root

Post Syndicated from Bruce Schneier original https://www.schneier.com/blog/archives/2019/10/i_have_a_new_bo.html

I just published my third collection of essays: We Have Root. This book covers essays from 2013 to 2017. (The first two are Schneier on Security and Carry On.)

There is nothing in this book is that is not available for free on my website; but if you’d like these essays in an easy-to-carry paperback book format, you can order a signed copy here. External vendor links, including for ebook versions, here.

I’m Looking to Hire a Strategist to Help Figure Out Public-Interest Tech

Post Syndicated from Bruce Schneier original https://www.schneier.com/blog/archives/2019/09/im_looking_to_h.html

I am in search of a strategic thought partner: a person who can work closely with me over the next 9 to 12 months in assessing what’s needed to advance the practice, integration, and adoption of public-interest technology.

All of the details are in the RFP. The selected strategist will work closely with me on a number of clear deliverables. This is a contract position that could possibly become a salaried position in a subsequent phase, and under a different agreement.

I’m working with the team at Yancey Consulting, who will follow up with all proposers and manage the process. Please email Lisa Yancey at [email protected]

Upcoming Speaking Engagements

Post Syndicated from Bruce Schneier original https://www.schneier.com/blog/archives/2019/09/upcoming_speaki_8.html

This is a current list of where and when I am scheduled to speak:

The list is maintained on this page.

Upcoming Speaking Engagements

Post Syndicated from Bruce Schneier original https://www.schneier.com/blog/archives/2019/07/upcoming_speaki_7.html

This is a current list of where and when I am scheduled to speak:

  • I’m speaking at Black Hat USA 2019 in Las Vegas on Wednesday, August 7 and Thurdsay, August 8, 2019.
  • I’m speaking on “Information Security in the Public Interest” at DefCon 27 in Las Vegas on Saturday, August 10, 2019.

The list is maintained on this page.

I’m Leaving IBM

Post Syndicated from Bruce Schneier original https://www.schneier.com/blog/archives/2019/06/im_leaving_ibm.html

Today is my last day at IBM.

If you’ve been following along, IBM bought my startup Resilient Systems in Spring 2016. Since then, I have been with IBM, holding the nicely ambiguous title of “Special Advisor.” As of the end of the month, I will be back on my own.

I will continue to write and speak, and do the occasional consulting job. I will continue to teach at the Harvard Kennedy School. I will continue to serve on boards for organizations I believe in: EFF, Access Now, Tor, EPIC, Verified Voting. And I will increasingly be an advocate for public-interest technology.

Security and Human Behavior (SHB) 2019

Post Syndicated from Bruce Schneier original https://www.schneier.com/blog/archives/2019/06/security_and_hu_8.html

Today is the second day of the twelfth Workshop on Security and Human Behavior, which I am hosting at Harvard University.

SHB is a small, annual, invitational workshop of people studying various aspects of the human side of security, organized each year by Alessandro Acquisti, Ross Anderson, and myself. The 50 or so people in the room include psychologists, economists, computer security researchers, sociologists, political scientists, criminologists, neuroscientists, designers, lawyers, philosophers, anthropologists, business school professors, and a smattering of others. It’s not just an interdisciplinary event; most of the people here are individually interdisciplinary.

The goal is to maximize discussion and interaction. We do that by putting everyone on panels, and limiting talks to 7-10 minutes. The rest of the time is left to open discussion. Four hour-and-a-half panels per day over two days equals eight panels; six people per panel means that 48 people get to speak. We also have lunches, dinners, and receptions — all designed so people from different disciplines talk to each other.

I invariably find this to be the most intellectually stimulating two days of my professional year. It influences my thinking in many different, and sometimes surprising, ways.

This year’s program is here. This page lists the participants and includes links to some of their work. As he does every year, Ross Anderson is liveblogging the talks — remotely, because he was denied a visa earlier this year.

Here are my posts on the first, second, third, fourth, fifth, sixth, seventh, eighth, ninth, tenth, and eleventh SHB workshops. Follow those links to find summaries, papers, and occasionally audio recordings of the various workshops. Ross also maintains a good webpage of psychology and security resources.

I Was Cited in a Court Decision

Post Syndicated from Bruce Schneier original https://www.schneier.com/blog/archives/2019/03/i_was_cited_in_.html

An article I co-wrote — my first law journal article — was cited by the Massachusetts Supreme Judicial Court — the state supreme court — in a case on compelled decryption.

Here’s the first, in footnote 1:

We understand the word “password” to be synonymous with other terms that cell phone users may be familiar with, such as Personal Identification Number or “passcode.” Each term refers to the personalized combination of letters or digits that, when manually entered by the user, “unlocks” a cell phone. For simplicity, we use “password” throughout. See generally, Kerr & Schneier, Encryption Workarounds, 106 Geo. L.J. 989, 990, 994, 998 (2018).

And here’s the second, in footnote 5:

We recognize that ordinary cell phone users are likely unfamiliar with the complexities of encryption technology. For instance, although entering a password “unlocks” a cell phone, the password itself is not the “encryption key” that decrypts the cell phone’s contents. See Kerr & Schneier, supra at 995. Rather, “entering the [password] decrypts the [encryption] key, enabling the key to be processed and unlocking the phone. This two-stage process is invisible to the casual user.” Id. Because the technical details of encryption technology do not play a role in our analysis, they are not worth belaboring. Accordingly, we treat the entry of a password as effectively decrypting the contents of a cell phone. For a more detailed discussion of encryption technology, see generally Kerr & Schneier, supra.

Videos and Links from the Public-Interest Technology Track at the RSA Conference

Post Syndicated from Bruce Schneier original https://www.schneier.com/blog/archives/2019/03/videos_and_link.html

Yesterday at the RSA Conference, I gave a keynote talk about the role of public-interest technologists in cybersecurity. (Video here).

I also hosted a one-day mini-track on the topic. We had six panels, and they were all great. If you missed it live, we have videos:

  • How Public Interest Technologists are Changing the World: Matt Mitchell, Tactical Tech; Bruce Schneier, Fellow and Lecturer, Harvard Kennedy School; and J. Bob Alotta, Astraea Foundation (Moderator). (Video here.)
  • Public Interest Tech in Silicon Valley: Mitchell Baker, Chairwoman, Mozilla Corporation; Cindy Cohn, EFF; and Lucy Vasserman, Software Engineer, Google. (Video here.)

  • Working in Civil Society: Sarah Aoun, Digital Security Technologist; Peter Eckersley, Partnership on AI; Harlo Holmes, Director of Newsroom Digital Security, Freedom of the Press Foundation; and John Scott-Railton, Senior Researcher, Citizen Lab. (Video here.)

  • Government Needs You: Travis Moore, TechCongress; Hashim Mteuzi, Senior Manager, Network Talent Initiative, Code for America; Gigi Sohn, Distinguished Fellow, Georgetown Law Institute for Technology, Law and Policy; and Ashkan Soltani, Independent Consultant. (Video here.)

  • Changing Academia: Latanya Sweeney, Harvard; Dierdre Mulligan, UC Berkeley; and Danny Weitzner, MIT CSAIL. (Video here.)

  • The Future of Public Interest Tech: Bruce Schneier, Fellow and Lecturer, Harvard Kennedy School; Ben Wizner, ACLU; and Jenny Toomey, Director, Internet Freedom, Ford Foundation (Moderator). (Video here.)

I also conducted eight short video interviews with different people involved in public-interest technology: independent security technologist Sarah Aoun, TechCongress’s Travis Moore, Ford Foundation’s Jenny Toomey, CitizenLab’s John-Scott Railton, Dierdre Mulligan from UC Berkeley, ACLU’s Jon Callas, Matt Mitchell of TacticalTech, and Kelley Misata from Sightline Security.

Here is my blog post about the event. Here’s Ford Foundation’s blog post on why they helped me organize the event.

We got some good press coverage about the event. (Hey MeriTalk: you spelled my name wrong.)

Related: Here’s my longer essay on the need for public-interest technologists in Internet security, and my public-interest technology resources page.

And just so we have all the URLs in one place, here is a page from the RSA Conference website with links to all of the videos.

If you liked this mini-track, please rate it highly on your RSA Conference evaluation form. I’d like to do it again next year.

I Am Not Associated with Swift Recovery Ltd.

Post Syndicated from Bruce Schneier original https://www.schneier.com/blog/archives/2019/02/i_am_not_associ.html

It seems that someone from a company called Swift Recovery Ltd. is impersonating me — at least on Telegram. The person is using a photo of me, and is using details of my life available on Wikipedia to convince people that they are me.

They are not.

If anyone has any more information — stories, screen shots of chats, etc. — please forward them to me.

Click Here to Kill Everybody Available as an Audiobook

Post Syndicated from Bruce Schneier original https://www.schneier.com/blog/archives/2018/12/click_here_to_k_2.html

Click Here to Kill Everybody is finally available on Audible.com. I have ten download codes. Not having anything better to do with them, here they are:

  1. HADQSSFC98WCQ
  2. LDLMC6AJLBDJY
  3. YWSY8CXYMQNJ6
  4. JWM7SGNUXX7DB
  5. UPKAJ6MHB2LEF
  6. M85YN36UR926H
  7. 9ULE4NFAH2SLF
  8. GU7A79GSDCXAT
  9. 9K8Q4RX6DKL84
  10. M92GB246XY7JN

Congratulations to the first ten people to try to use them.

EDITED TO ADD (12/30): All the codes are long gone.

Click Here to Kill Everybody News

Post Syndicated from Bruce Schneier original https://www.schneier.com/blog/archives/2018/11/click_here_to_k_1.html

My latest book is doing well. And I’ve been giving lots of talks and interviews about it. (I can recommend three interviews: the Cyberlaw podcast with Stewart Baker, the Lawfare podcast with Ben Wittes, and Le Show with Henry Shearer.) My book talk at Google is also available.

The Audible version was delayed for reasons that were never adequately explained to me, but it’s finally out.

I still have signed copies available. Be aware that this is both slower and more expensive than online bookstores.

Upcoming Speaking Engagements

Post Syndicated from Bruce Schneier original https://www.schneier.com/blog/archives/2018/11/upcoming_speaki_2.html

This is a current list of where and when I am scheduled to speak:

The list is maintained on this page.

Upcoming Speaking Engagements

Post Syndicated from Bruce Schneier original https://www.schneier.com/blog/archives/2018/10/upcoming_speaki_1.html

This is a current list of where and when I am scheduled to speak:

The list is maintained on this page.

Click Here to Kill Everybody Reviews and Press Mentions

Post Syndicated from Bruce Schneier original https://www.schneier.com/blog/archives/2018/09/click_here_to_k.html

It’s impossible to know all the details, but my latest book seems to be selling well. Initial reviews have been really positive: Boing Boing, Financial Times, Harris Online, Kirkus Reviews, Nature, Politico, and Virus Bulletin.

I’ve also done a bunch of interviews — either written or radio/podcast — including the Washington Post, a Reddit AMA, “The 1A ” on NPR, Security Ledger, MIT Technology Review, CBC Radio, and WNYC Radio.

There have been others — like the Lawfare, Cyberlaw, and Hidden Forces podcasts — but they haven’t been published yet. I also did a book talk at Google that should appear on YouTube soon.

If you’ve bought and read the book, thank you. Please consider leaving a review on Amazon.