Bruce Schneier: “Click Here to Kill Everybody” | Talks at Google
I found this video to be a very good watch. Both entertaining and informative.
If you don’t know, Bruce Schneier is a reknowned security expert, you can read more of his material here
5 Likes
I like Bruce, but for the life of me, I don’t know where he is going to find all of these virtuous politicians, who have no interest in personal gain (political power, or financial support), to develop these standards and guidelines. And, if you think that your average bureaucrat isn’t both politically active and susceptible to political pressures, I’d like a toke of whatever you’re smoking. Haven’t we seem the IRS, just to name one example, operating on purely political motives to attack people and groups on the opposite side of the political divide? Keep in mind that the alphabet agencies (NSA, CIA, FBI, etc.), as well as the military all have a vested interest in everyone using vulnerable devices, so that they can monitor (and in the case of the military - kill) persons of interest, as do their counterpart agencies all over the world.
I think the Underwriters Laboratories/Consumer Reports type of approach makes more sense, so long as this group and their testing methodology is completely transparent. If this enterprise were manned by security researchers like Bruce Schneier, Brian Krebbs, Moxie Marlinspike, etc., I think that we would all feel good about purchasing equipment that bares their seal of approval. The only thing outstanding, would be a media campaign informing retailers and customers alike, why this seal of approval was critical to their personal security.
The other leg of this stool is education. While the average person may have heard that purchasing a cheap Chinese security camera is a bad idea, they have no idea why this is the case, because they don’t understand basic rudimentary security practices. We could honestly use a little less political indoctrination and a little more cyber survival skills in both our primary and secondary education curriculum.
1 Like
Bruce basically said as much. He doesnt think the US will do it unless something bad happens first. He thinks perhaps after the EU is done on privacy they may turn to security.
Autonomous cars has to become a big issue. Do we have to wait for an anonymous hack that drives a truck / taxi into a crowd to happen first ?
1 Like
Bruce is a huge proponent of government intervention, regulation and control. He merely wants to get in on the ground floor, so that the eventual regulation that he wishes for will not be some knee-jerk reactionary nonsense. I don’t blame him for trying to avoid the train wreck, but my point is that everything that the government touches turns to crap, so we should seek an alternative mechanism for testing, certification and best practices.
1 Like
I see Schneier’s work as a framework for understanding what we (as technologists and engineers) need to do. His sense of urgency serves as edification for action; the termed internet + is getting more powerful and data integrity and availability attacks are even more dangerous than mere confidentiality ones. He posits that every technology before has gained regulatory bodies recursively, although later on down the line. This is fine, but the problem with this technology specifically is it has proven to be even more hypergeographical and fast paced for regulatory bodies to form that lack the technological expertise to understand it. These premises are the diagnostic leading to his deliberation: the 3 failures must be met with competent regulation.
This is where he applies his panacea;
Claim: Technicians need to get involved in policy making.
Evidence: Look at how the government handled the facebook hearings.
Warrant: If technicians get involved in policy making, regulation will have a stronger technical grounding.
Based on my analysis, this is sound reasoning. My only area of contention is the line item of governmental incentives or deterrence, which did not have good results with the manufacturing industries. I could see data loss or breaches as a very strong motivator, since half of the companies that have a breach fail. Plus we are going to have an influx of programmers flooding the market in the coming years because corporations want to spend less on programming costs. (Elementary schools are pumping out programmers).
1 Like
Not sure what Clash Royale has to do with this but ok.