Freakonomics Q&A With Bruce Schneier

Samrobb writes "In grand Slashdot tradition, the Freakonomics blog solicited reader questions for a Q&A session with Bruce Schneier. The blog host writes that Mr. Schneier's answers '...are extraordinarily interesting, providing mandatory reading for anyone who uses a computer. He also plainly thinks like an economist: search below for "crime pays" to see his sober assessment of why it's better to earn a living as a security expert than as a computer criminal.'" The interview covers pretty much the whole range of issues Schneier has written about, and he provides links to more detailed writings on many of the questions.

His comments on terror and cameras were

[WillAffleckUW]

I found his comments on terrorism - A. Refuse to be terrorized - and cameras to be fairly well thought out.

We choose how we live.

We can live in fear and magnify risks that are, in reality, very minimal, or we can realize they're minimal and stop worrying about them.

I'd rather live free from fear.

And the answers about passwords were fairly good. When I was a regional security officer, I came up with similar concepts, based on the real threats that actually existed. When on a public site, with low real risk (e.g. public web, no linked account) it's better to have a common (but hard) password, and save more secure passwords for sites where you have real financial risk instead.

Re:His comments on terror and cameras were

[rindeee]

I couldn't agree with you more. The idea that the correct reaction is overreaction is not only foolish, it's counterproductive and in many cases quite dangerous. This approach has so permeated our society that it has become a part of our psyche and now has made inroads into the military. It is my opinion that 'risk management' and 'force protection' (in their current forms) are ruining the effectiveness of our fighting forces (of which I am one...no arm-chair fighting here). Having recently returned from serving forward in the middle east and working in a mixed environment of special warfare combat forces, the idiocy of that was forced upon us in the name of 'force protection' was nothing short of crippling. Why was it needed? Because, "if you don't abide by force protection rules, someone could be injured or killed". Let me get this straight; We carry guns, explosives, etc. We're trained to use them at night, in the day, in close quarters, over long distances, etc. We signed a piece of paper when we enlisted stating that we understand we might get killed in executing our orders. In light of all of that, there is some 'other' threat, apparently outside of the obvious primary threat during war-time (people shooting at you, IEDs, etc.) that is so much greater than the primary threats that it nullifies our need to counter the primary threats efficiently and effectively. Someone has written a book on this subject from a military prospective. Sadly I cannot recall the name of the book, or the author, as I just happened to pick it up one day at an acquaintances house and peruse it a bit. If anyone knows of the book of which I speak (primary topic being that force protection insanity is ruining the military), please speak up. I'd be forever indebted. Anyway, I digress. The bottom line, fear is counterproductive save for times of fight-or-flight.

Re:His comments on terror and cameras were

[WillAffleckUW]

Well, as a former Army Sergeant, I have to agree with you.

The concept of force protection arose from the objective of battle - the imposition of chaos on the enemy and the reduction of chaos on our own military and economic supply train. But there is no cost effectiveness analysis used, sadly.

Sometimes we need to realize that overreaction, and overprotection, are the wrong responses.

Is it truly worth the time delays and economic disincentives we impose on air travel to screen everyone? Is it worth the disruption to the system from a few networks that don't screen roaming IP wireless users properly to include them? Should we not instead choose more limited and more effective measures instead? For example, let's look at rogue wireless spammers. Why not just ban them until they fix their own routers - or only permit them to receive IP traffic but not send it? We could even screen the outbound IP traffic based on the origin, or insist they use try IPv6 secure traffic, so that we can impose more strict restrictions on just those networks that cause 80 percent of the problem.

But living in fear never works.

Re:His comments on terror and cameras were

[WillAffleckUW]

What they want to prevent is the long string of flag-draped coffins streaming home that is sure to undermine public support for the broader mission.

Well, naval burials at sea make sea battles a bit more palatable.

However, even though Canadian popular support for the War in Afghanistan has gone down as a result of the flag-draped coffins which are more prominently shown on Canadian TV, it's still a lot higher than support here in the US where we basically ban national coverage of dead bodies or flag-draped coffins beyond the local news.

Basically, even though we choose to live in fear, it doesn't increase popular support. And, since you're in a country where people basically feel safe and are not used to living in fear, one could easily argue that that basic attitude probably has a lot to do with why there is more popular support, given the Canadian military being the bulk of the forces in Afghanistan, while most US forces are in Iraq.

Regardless, more interesting are the original article's commentary of Bruce Schneier's answers on privacy and the Net, especially public cameras and password security, IMHO.

The more things change...

[linuxwrangler]

"...In 1957, fifty years ago, there were fewer than 2,000 computers total, and they were essentially used to crunch numbers. They were huge, expensive, and unreliable; sometimes, they caught on fire..."

Well, now they are small, inexpensive, and relatively reliable. But at least they still sometimes catch on fire.

Re:The more things change...

[spun]

Well, now they are small, inexpensive, and relatively reliable. But at least they still sometimes catch on fire. That's exactly what I tell my computers when they act up, "Computers still sometimes catch on fire, you know." I keep a charred motherboard hanging on the wall in the server room, just to remind them. Helps keep the buggers running right.

Re:The more things change...

[tm2b]

"The Aperture Science Center would like to remind you that Android Hell is a real place, and you will be sent there at the first sign of disobedience."

Freakonomics Q&A with Jonathan Coulton

[FleaPlus]

I don't think this was mentioned on slashdot, but since this is quasi-related I thought I'd mention that a couple weeks ago Freakonomics also had a Q&A with Jonathan Coulton, a really awesome (IMHO) singer-songwriter who releases many of his songs under a Creative Commons license and whose music often has a rather geeky tilt. He also got quite a bit of attention recently for writing the song "Still Alive" which plays at the end of Portal. Here's a few neat quotes from the interview:

Q: Do you think having music available for free will make releasing some of it on a traditional album more difficult? Also, why aren't more of your songs available on Yahoo Music Engine or iTunes?

A: It's always hard to figure out the actual numbers on this, but I definitely get the feeling that having a more open attitude with MP3s has contributed to my ability to actually make a living. More and more, people don't like to buy things that they haven't heard first, which makes perfect sense when you think about it. This is why they have listening stations in record stores (er, I mean, when they used to have record stores). And because I depend so heavily on word of mouth marketing, it's extremely important that it's as easy as possible to hear my stuff. Again, it comes down to the extremely low cost that comes with digital content -- it's okay if only a small percentage of listeners buy, as long as the number of listeners is very high. That can only happen if you let people listen. ...

Q: When you wrote "Still Alive" for Portal did you have any idea how well the synergy would be with the game? I don't think that there has every been ending credits in any media that has matched the love that people have for the end of Portal. Have you been asked to work on any other video game music since the release of Portal?

A: One of the reasons I agreed to do it was that I understood the character so well -- it was one of those things where I looked at what they had created and it made absolute sense to me. We didn't know all the details of how we were going to finish the game, but I really could sort of feel how it was supposed to end up. Of course I'm thrilled with the reception, and it's been much larger and more positive than I could have imagined. There's nothing else in the works at the moment, but I'm definitely open to doing more things like that if it's the right project. ...

Q: When will Valve release a video game that is also a full musical comedy?

A: Yes please. That would be a great deal of fun to do, whether or not it was any fun to play. I'll put you in touch with Gabe and you can insist that he make it happen.

But first, make sure you have the Bruce facts

[sien]

To get the most out of this interview, make sure you have the facts on Bruce Schneier. The man is not what he seems.

Re:But first, make sure you have the Bruce facts

[calebt3]

Chuck Norris

Re:But first, make sure you have the Bruce facts

[JK_the_Slacker]

I'm not sure, but I do know that Jason Bourne would limp away.

Oh, and don't forget about the explosion that almost (ALMOST) kills John McClane.

FTA: several websites

[mseidl]

There are several Web sites where I pay for access, and I have the same password for all of them.

And these sites have content, content which gets stored under /.pr0n

Best Answer

[Odin_Tiger]

Q: I recently had an experience on eBay in which a hacker copied and pasted an exact copy of my selling page with the intention of routing payments to himself. Afterwards, people informed me that such mischief is not uncommon. How can I ensure that it doesn't happen again?

A: You can't. The attack had nothing to do with you. Anyone with a browser can copy your HTML code -- if they couldn't, they couldn't see your page -- and repost it at another URL. Welcome to the Internet.

Poor Bruce must get awful tired of answering questions from people who don't understand how computers, etc. actually work.

A billion times...

[Spy+der+Mann]

FTA:

Moore's Law predicts that in fifty years, computers will be a billion times more powerful than they are today. I don't think anyone has any idea of the fantastic emergent properties you get from a billion-times increase in computing power.

I do have an idea. For starters, Holovideo. Computers a billion times more powerful than today's will be able to calculate the interference equations required to display true color live holograms on flat screens - or glasses.

Just think about it, put on your glasses and everything seems normal. Turn on your (wearable?) computer and you'll be able to interact (let's assume the glasses got tiny cameras on them, thanks to transparent electronics) with holographic objects - which may include virtual displays which you can move with your hand, a-la minority report (or a-la Nadesico if you're an anime fan ^^). Who says you'll need to use physical keyboards? Probably they'll be virtual, too! No more Repetitive Strain. And that's just for starters - imagine playing with rubik cubes or analyzing/debugging code (for programmers) in 3D.

However, I wonder if software will be advanced enough by then to have AI agents assisting you like most sci-fi flicks. Usually software is the barrier in computing. Programmers are slow.

Re:A billion times...

[AuntieWillow]

FTA:

However, I wonder if software will be advanced enough by then to have AI agents assisting you like most sci-fi flicks. Usually software is the barrier in computing. Programmers are slow.

Programmers are slow because, like me, they're probably surfing /. :-)

Re:Too many to answer -- I'm not impressed however

[jjohnson]

This person needs to learn more about security

You think Bruce Schneier needs to learn more about security?

strange answer on wireless

[SEAL]

Q: Is there any benefit to password protecting your home Wifi network? I have IT friends that say the only real benefit is that multiple users can slow down the connection, but they state that there is no security reason. Is this correct?

A: I run an open wireless network at home. There's no password, and there's no encryption. Honestly, I think it's just polite. Why should I care if someone on the block steals wireless access from me? When my wireless router broke last month, I used a neighbor's access until I replaced it. That answer is so bad it almost sounds like sarcasm. Given how easy it is to sniff sensitive data from an unencrypted wireless network, I can't imagine Bruce would allow it unless he segments his network or wires up his own PC.

Re:strange answer on wireless

[someone300]

I personally use an open wireless network. I trust my open wireless network as much as I trust my ISP and unsecure wired network, and all sensitive data that I throw around internally is securely encrypted or otherwise done through a secure tunnel. If I need to put a password I care about into a HTTP site, and I want to minimize risk, I just use my proxy, which is directly and securely* wired into the switch. Generally, if you have a large wired network, you need to make the assumption that any piece of cable not in a secure room could be spliced and packets logged.

Of course, considering a large amount of web traffic is HTTP when it should be HTTPS, and certain operating systems expose services onto the network which they probably shouldnt, it's probably a bit irresponsible to suggest that home users leave their stuff unencrypted. Personally, the reason I run an open AP is because open APs have helped me in the past. There's a form of QoS to stop people abusing and give priority to certain computers on my network.

* Considering it's a house, 'secure' means it's in a locked cupboard ;)

Re:strange answer on wireless

[Kidbro]

Given how easy it is to sniff sensitive data from an unencrypted wireless network, I can't imagine Bruce would allow it unless he segments his network or wires up his own PC.

Any data that goes unencrypted between your computer and your wifi base station will also go unencrypted between the wifi base station and the target destination. On top of this, any data that's only encrypted by your wifi network will also go unencrypted between the wifi base station and its target destination.
Maybe Bruce is just wise enough to encrypt any sensitive data he transfers properly, and not rely on the encryption in his $30 hardware that will only protect against attackers within 50 meters?

Re:strange answer on wireless

[Umuri]

I think what he means is that if you are depending on your wireless connection for security, you're already doing something wrong.

One is because most secure practices can be implemented well separate of wireless, if you are concerned with security. And in fact relying on wireless encryption as your "only" form of security is something that even most non-savvy computer users can be taught not to do, so the experienced ones should have no excuse.

The other is that most "security" for wireless has already been broken and can be repeated in a near trivial amount of time, so if someone was dead set on sniffing your data, chances are they'd be able to do it.

In my defense, I run an open wireless network that is sectioned off, that instead of encryption relies on MAC addresses to allow into the normal section of the network. Everyone not on the list just gets to use the internet.

Allows friends to come over and connect happily to the web without messing with stuff, and if they need the network access adding their computer is a 10 second job.

Re:strange answer on wireless

[flaming+error]

It only seems risky until you learn that Bruce Schneier types in TwoFish.

Re:strange answer on wireless

[Cal+Paterson]

This is excellent logic, but I think much of the reasoning behind wifi encryption is that people who do connect to your wifi are essentially getting to fire a load of packets around the internet with your name on them.

Which could be worrying or not, depending on their interests. The number of people connecting to open access points to use kazaa to download the latest movie blockbuster would worry me if I was in an apartment building or something.

Re:strange answer on wireless

[maraist]

That someone reads sensitive data from his unprotected wireless network, or that he is killed in a complete random traffic accident?

Or C) that an industrious/bored male techno-teenager lives within his wifi range

Re:strange answer on wireless

[trawg]

That answer is so bad it almost sounds like sarcasm. Given how easy it is to sniff sensitive data from an unencrypted wireless network, I can't imagine Bruce would allow it unless he segments his network or wires up his own PC. As others have already pointed out, as long as he's encrypting probably everywhere else it won't make any real difference. If you're on an open wifi network and everything you do is via an SSH tunnel or VPN or something, you're probably doing quite a bit better than using WEP anyway.

I think the really interesting part of this answer is that it doesn't really address the legal issues of someone misusing and abusing your connection for their own evil deeds. I don't know if this has been tested in court but it seems laws about this sort of thing most likely are of the form "you are responsible for what happens with your Internet connection".

I would love to run an open wifi AP for my neighbours and everyone else walking past, but I'm worried about them using it for nefarious deeds when the IP address associated with those deeds is traceable back to me.

Re:strange answer on wireless

[alexborges]

My friend. The point is that is almost as easy to get data from a suposedly "encrypted" (weak ass encryption) wifi connection, as to do it from an unencrypted one.

And I mean... what is this, Mr. SEAL, although you have an enviable 5 digit slashdot ID, im gonna HAVE to go with bruce on this one.... hell, id go with bruce on all the rest-of-them as well.

Re:strange answer on wireless

[Brickwall]

It only seems risky until you learn that Bruce Schneier types in TwoFish.

Gee, what happened to OneFish, and the RedFish and BlueFish?

Re:strange answer on wireless

[Mark+Trade]

AFAIK, MAC addresses can be sniffed while you use the WLAN and replayed when you don't to get access. So this is not a good way to authorize a client.

Re:Too many to answer -- I'm not impressed however

[tm2b]

This person needs to learn more about security and a different way to go about handling their passwords.

This is much like thinking that Donald Knuth needs to learn more about algorithms.

Consider that a point is being made that you're not getting, because "this person" is not a moron, and generally talks about security as it is actually practiced instead of how it would be practiced if everybody were an expert and made good security a priority. Since people in general will not make security a priority, you have to talk about how people actually behave and how to craft security that will take actual behavior into account.

His Password Comment

[OldSoldier]

I choose the same password for all low-security applications. There are [also?] several Web sites where I pay for access, and I have the same password for all of them. Has there been any survey of how various systems store passwords? Schneier's policy above is very similar to mine, and I was surprised recently when my Sprint password, which I thought was "secure" was plainly visible to the customer service clerk at my local Sprint store!

Specifically I do not care how my low-security passwords are stored. But for my high security passwords, I would like them all to be stored in a unix-like way, namely only cyphertext is stored and it's impossible for anyone to know what that password is. Sure they may be able to change it on my behalf, but can they tell what it is? No!

I've had this concern for quite a while now and I'm surprised that I haven't found a security certified label that addresses this concern. Sure there are other labels like http://www.truste.org/ or "Verisign Secured", but where's there one that tells me my user-password is stored in a "unix-like" manner?

Re:His Password Comment

[RAMMS+EIN]

I can't answer which sites will actually store your passwords and which ones will only store a one-way hash of it, but I can tell you that some customers I've developed sites for insisted that the passwords be stored in cleartext. So "many sites store your password in cleartext" is my best guess.

Also, even if the site doesn't store your password in cleartext, it will still be sent to them as cleartext. Even if it goes over SSL, the site itself will be able to decrypt it. So, one way or another, They have your password.

I would like to suggest a feature that could be added to browsers. An idea to think about; not a request for implementation just yet. But here's the idea. Let the browser perform the one-way hashing. You enter your password, the browser hashes it, and the hashed value is sent to the site. You can use a different hash for every site, and thus use the same password on your side, but send different values to different sites. That way, no site can pick up your password and use it with another site. You are still open to replay attacks on the same site if the site doesn't protect against that (e.g. by using SSL), but it's a lot better than things are now. You never send out your actual password, so nobody ever gets to know it.

Writing down your password

[Beryllium+Sphere(tm)]

Same point as Bruce, but put in terms of a threat analysis translated into everyday terms:
Why you should write down your password

Says the military brat:

[UncleTogie]

What they want to prevent is the long string of flag-draped coffins streaming home that is sure to undermine public support for the broader mission.

Correction: Actually, they're keeping us from seeing the long string of flag-draped coffins streaming home...

I'll third that.

[Xenographic]

I'm not a soldier, but I arrived at essentially the same conclusions on my own, right down to writing passwords on a card in your wallet. In fact, I used to teach people that in a local basic computer security awareness class a local library held.

One important thing to note is that you have to be careful about password reuse. Oh, and email, no matter what, should NOT be considered "low security" no matter how boring your private life is because it can often be used as leverage to get more sensitive data. Look at this leak if you want to see the harm losing a simple Gmail account via password reuse can do.

As for the military issues, you have my sympathy. I sincerely wish we had leaders who would tell us "the only thing you have to fear is fear itself" and who would try to calm the public instead of using fear mongering tactics to consolidate political power. Unfortunately, from the responses we've seen over in Boston, I think that the public has been so irrationally terrified at this point that they won't listen any more. Not that I've heard many voices of reason speaking out to begin with, at least on TV.

What really sickens me is that this unrealistic threat evaluation is likely to get nice guys like you killed. I don't envy you :/

Re:ehh, not a great interview

[bhima]

In his defense, had he completely restated the whole of his previously published work he references his responses would be tediously long.

I saw it as more of a "here is a more in depth answer to this question, if you are interested"