Bruce Schneier



Bruce Schneier (born January 15, 1963) is an American cryptographer, computer security specialist, and writer.

Cryptography

 * Anyone, from the most clueless amateur to the best cryptographer, can create an algorithm that he himself can't break.
 * (aka Schneier's Law)


 * There are two kinds of cryptography in this world: cryptography that will stop your kid sister from reading your files, and cryptography that will stop major governments from reading your files.


 * Attacks always get better, they never get worse.


 * The lesson here is that it is insufficient to protect ourselves with laws; we need to protect ourselves with mathematics. Encryption is too important to be left solely to governments.


 * A few years ago I heard a quotation, and I am going to modify it here: If you think technology can solve your security problems, then you don't understand the problems and you don't understand the technology.
 * preface to 2015 edition of Secrets and Lies


 * It's certainly easier to implement bad security and make it illegal for anyone to notice than it is to implement good security.
 * Secrets and Lies: Digital Security in a Networked World - Bruce Schneier

Digital Rights Management

 * Digital files cannot be made uncopyable, any more than water can be made not wet.


 * Every time I write about the impossibility of effectively protecting digital files on a general-purpose computer, I get responses from people decrying the death of copyright. "How will authors and artists get paid for their work?" they ask me. Truth be told, I don't know. I feel rather like the physicist who just explained to a group of would-be interstellar travelers, only to be asked: "How do you expect us to get to the stars, then?" I'm sorry, but I don't know that, either.


 * Against the average user, anything works; there's no need for complex security software. Against the skilled attacker, on the other hand, nothing works.

Elections

 * Elections serve two purposes. The first, and obvious, purpose is to accurately choose the winner. But the second is equally important: to convince the loser.

Politics and societal issues of the digital age

 * It is poor civic hygiene to install technologies that could someday facilitate a police state.
 * Secrets and Lies (2000), p. 53


 * I mean, the computer industry promises nothing. Did you ever read a shrink-wrapped license agreement? You should read one. It basically says, if this product deliberately kills your children, and we knew it would, and we decided not to tell you because it might harm sales, we're not liable.  I mean, it says stuff like that.  They're absurd documents.  You have no rights.


 * Beware the Four Horsemen of the Information Apocalypse: terrorists, drug dealers, kidnappers, and child pornographers. Seems like you can scare any public into allowing the government to do anything with those four.


 * Chaos is hard to create, even on the Internet. Here's an example. Go to Amazon.com. Buy a book without using SSL. Watch the total lack of chaos.


 * When my mother gets a prompt 'Do you want to download this?' she's going to say yes. It's disingenuous for Microsoft to give you all of these tools [in Internet Explorer] with which to hang yourself, and when you do, then say it's your fault.

Human perception of reality, risk and terrorism

 * More people are killed every year by pigs than by sharks, which shows you how good we are at evaluating risk.
 * The very definition of news is something that hardly ever happens. If an incident is in the news, we shouldn't worry about it. It's when something is so common that its no longer news – car crashes, domestic violence – that we should worry.
 * The very definition of news is something that hardly ever happens. If an incident is in the news, we shouldn't worry about it. It's when something is so common that its no longer news – car crashes, domestic violence – that we should worry.


 * … if anyone thinks they can get an accurate picture of anyplace on the planet by reading news reports, they're sadly mistaken.


 * We can't keep weapons out of prisons; we can't possibly expect to keep them out of airports.


 * The point of terrorism is to cause terror, sometimes to further a political goal and sometimes out of sheer hatred. The people terrorists kill are not the targets; they are collateral damage. And blowing up planes, trains, markets or buses is not the goal; those are just tactics. The real targets of terrorism are the rest of us: the billions of us who are not killed but are terrorized because of the killing. The real point of terrorism is not the act itself, but our reaction to the act. And we're doing exactly what the terrorists want.


 * Well-designed security systems fail gracefully.

Sourced

 * Not being angels is expensive
 * Liars & Outliers, Bruce Schneier, ISBN 978-1-118-14330-8, p. 43


 * Technical problems can be remediated. A dishonest corporate culture is much harder to fix.


 * Only amateurs attack machines; professionals target people.


 * In China, programs have to be certified by the government in order to be used on computers there, which sounds an awful lot like the Apple store.