In the world of cybersecurity, Bruce Schneier is an unusually accessible voice for those of us who feel we don’t quite understand what’s going on. The author of 12 books, and a prolific blogger and speaker, Schneier helped the Guardian go through the top-secret documents from the U.S. National Security Agency leaked by Edward Snowden last year.
So he knows what he’s talking about when discussing the import of Snowden’s revelations, which he did Wednesday at the Real World Cryptography Workshop, held in the gothic Great Hall at City University of New York in upper Manhattan.
“Honestly, my favorite thing about these documents is the code names,” he said, to laughter from the mostly male, relatively young crowd. He rattled them off: FoxAcid, Ferret Cannon, United Rake, Blackheart, Blarney, Quantum. His vote for the stupidest: EgotisticalGiraffe, an exploit aimed at the Firefox browser.
Schneier quickly turned serious. We’re faced with a government agency on a “quixotic mission” to collect everything, from chats in online gaming worlds like Second Life, to data passed from air to ground when you use a laptop on a plane, he said. And while the NSA may have turned the Internet into “a giant surveillance platform,” this is just what every nation state is doing.
“We actually don’t know what’s broken,” he said. “I get asked all the time, can I trust this, can I trust that? The truth is we don’t know, and we have to move forward.”
There is some good news in the Snowden documents, Schneier said, and that’s that encryption still works. The NSA has often been able to get around it because other parts of the equation, like software or hardware, are insecure. Still, most current cryptography gives the NSA some trouble, and a lot of the data that the NSA snags isn’t encrypted. That means we’re making it too easy for the NSA to pursue its “collect everything” mania. Schneier’s solution: encrypt everything we can, from the cloud to cell phones.
Schneier’s not advocating stopping the NSA from targeted spying—there’d be no debate right now if Snowden’s documents had shown the NSA spying on North Korea and the Taliban. He just wants to make it “cheaper for the NSA to target the bad guys than for them to target everybody and get the bad guys incidentally.”
Above all, we have to shift the terms of the debate, he said. Defenders of the NSA cast us in an arms race—if we don’t do it, others will. “That’s absolutely the wrong argument,” he said. “It’s not us vs. them, it’s security vs. insecurity. Either we build an Internet that is secure for all users, or an Internet that is vulnerable to all attackers.”