Death and the NSA: A Q&A With Bruce Schneier

Daniel_Stuckey writes "Since Edward Snowden's disclosures about widespread NSA surveillance, Americans and people everywhere have been presented with a digital variation on an old analog threat: the erosion of freedoms and privacy in exchange, presumably, for safety and security. Bruce Schneier knows the debate well. He's an expert in cryptography and he wrote the book on computer security; Applied Cryptography is one of the field's basic resources, 'the book the NSA never wanted to be published,' raved Wired in 1994. He knows the evidence well too: lately he's been helping the Guardian and the journalist Glenn Greenwald review the documents they have gathered from Snowden, in order to help explain some of the agency's top secret and highly complex spying programs. To do that, Schneier has taken his careful digital privacy regime to a new level, relying on a laptop with an encrypted hard drive that he never connects to the internet. That couldn't prevent a pilfered laptop during, say, a 'black bag operation,' of course. 'I know that if some government really wanted to get my data, there'd be little I could do to stop them,' he says."

Manning?

[Runaway1956]

WTF does Manning have to do with Snowden? Seriously, WTF?

Manning released top secret intel to "get even" with his peers and supervisors. Manning is an immature little bitch, who isn't even sure what gender it is, or where it's loyalties lie, if it even HAS any loyalties.

Snowden, on the other hand, was outraged at obviously illegal activities, and exposed those activities to the world at large.

Jesus H. Christ - the world is a sad, sad place, when honorable men are confused with childish bitches.

Or, would it be more accurate to say that some of you people simply hate the United States, so you create heroes of anyone and everyone who opposes the government for any reason?

Pathetic . . .

Re:I thought

[VortexCortex]

What sits between keyboard and chair is the lower bound.

How quaint. Your statement panders to those who are easily fooled by the preconceived bias you share. Your answer "education" is so pitiable that I would laugh in ridicule if it weren't so sad that this is what you actually believe.

You're not seriously implying that expending the energy to trick each person into disclosing their private data is easier than purchasing a zero day exploit on the black market -- that's ready and set to attach a payload -- and deploying it against the entire world in an afternoon, are you? If you are, then you're wrong. You're not seriously implying that the most security aware individuals on the planet are any better off than a mentally disabled tweenager when it comes to security online? If you are, then you failed to comprehend the TFS, and are the one who needs an education.

The operating system and application software places the bound on security so low that these are all that matter, speaking of anything else is a waste of time. With such insecure systems in use by everyone encryption doesn't even enter into the equation -- not one single bit. XOR with a single bit value is as meaningful comparatively to the most advanced cryptosystems when you step back and look at how insecure operating systems and applications are. An infinitely ignorance user is on the other end of the spectrum, but is equally as insignificant when compared to the insecurity of mainstream operating system and application software. It's not even a bell curve, there is a single spike in the exploitability graph so high that nothing else is significant statistically.

There is no mainstream OS on this planet that's not compromisable for a few hundred bucks. Indeed, the NSA turns morons into "cyberwarriors" by leveraging this fact. Unlike physical realms, the digital realm is composed of regions having finite state. It is inherently securable, this is a mathematic fact. I have done so personally on small embedded systems -- Every input to every system and subsystem and function can be verified to operate without any error. It's far from impossible, just expensive due to the economics of demand. If we are to be realistic and not uselessly proclaim nonsense such as "well, programmers also sit in chairs", it's quite easy to see that lack of security in the operating systems is so great a factor that all else are dwarfed -- dismissive as insignificant noise in the graph.

Fear does the same in 6 months what education does in 50 years. How do you make people fear for their loss of privacy enough that they will lash out against it?

You see, here you go again. The most privacy conscious have no option to act on their concern. What are they supposed to do? Not use computers? Your sentiment would be virtuous if it wasn't so daft.