Bruce Schneier: Channeling common sense

Have you ever had one of those moments where something you knew to be certain was turned upside down and you learned you had been wrong … for years? A lot of Bruce Schneier’s writing gives me moments like that.

Bruce Schneier, CTO of Counterpane, is one of the world’s foremost experts on computer security. From a hard-core technical aspect (his first book, Applied Cryptography, is a long-time best seller for people wishing to understand cryptography in detail) as well as a philosophical viewpoint (his other books, such as Secrets and Lies or Beyond Fear, and his monthly Crypto-Gram newsletter), he continues to promote innovative commonsense security.

Bruce will come at an issue with what seems like an unpopular viewpoint, and turn your initial, gut reaction on its head. Say black, and Bruce is likely to say white. Say we need better security at large sports arenas and Bruce will argue the opposite. Say we need to create national ID cards to separate the terrorists from the law-abiding citizens and Bruce will say "baloney!" Want to spend billions making our skies safe from bomb-toting madmen? Forget about it!

What’s amazing is that he is usually right, flying in the face of overwhelming popular odds in the opposite direction.

Often, you’ll want to fight his initial response, but Bruce will win you over by convincing you that what you believed before was based upon false assumptions, popular myths, and illogical thinking. He’ll argue against himself, both pro and con, so that by the time he gets to his conclusion, he’s already out-argued what you could have thrown up against him. In this way, he reminds me of one of my other heroes, Albert Einstein.

I don’t agree with everything Bruce says. Nobody is right about everything. But day in and day out, Bruce Schneier is fighting the good fight, and is usually years ahead of everyone else.

Bruce has written tirelessly for more than two decades; search the Internet and you’ll find a quote from him on just about everything. Search his Web site for a good compendium of his articles and information.

Bruce is especially good at crafting one-sentence responses to make you realize how wrong you are about an entire spectrum. For example, when the world was talking about a particular network security protocol with a newly found vulnerability, Bruce said, “If this is your company’s biggest threat, then you’re doing better than most other companies.” It was his way of reminding us that all our security risks have to be ranked by criticality and that the biggest threat to most environments are our end-users, not some obscure, hard-to-manipulate security protocol.

Bruce is quick to reiterate that open source code review doesn’t mean open source software will be more secure than closed source software. He rallies to remind us that the number of bugs a particular program has says nothing about its trustworthiness.