Quotes from Bruce Schneier

There's a strong physiological basis for privacy. Biologist Peter Watts makes the point that a desire for privacy is innate: mammals in particular don't respond well to surveillance. We consider it a physical threat, because animals in the natural world are surveilled by predators. Surveillance makes us feel like prey, just as it makes the surveillors act like predators.

Free" is a special price, and there has been all sorts of psychological research showing that people don't act rationally around it. We overestimate the value of free. We consume more of something than we should when it's free. We pressure others to consume it. Free warps our normal sense of cost vs. benefit, and people end up trading their personal data for less than its worth.

Three: computers fail all at once or not at all.

Government involvement, whether in the form of regulation, liabilities, or direct funding, isn't a panacea, but neither is its absence.

The 2016 Worldwide Threat Assessment describes the threat this way: Future cyber operations will almost certainly

Psychologists, sociologists, philosophers, novelists, and technologists have all written about the effects of constant surveillance. Studies show that we are less healthy, both physically and emotionally. We have feelings of low self-esteem, depression, and anxiety. Surveillance strips us of our dignity. It threatens our very selves as individuals. It's a dehumanizing tactic employed in prisons and detention camps around the world.

Our privacy is under assault from constant surveillance. Understanding how this occurs is critical to understanding what's at stake.

Because we all use the same products, technologies, protocols, and standards, we either make it easier for everyone to spy on everyone, or harder for anyone to spy on anyone.

Anyone who tries to create his or her own cryptographic primitive is either a genius or a fool. Givent the geius/fool ratio of our species, the odds aren't very good.

Anyone who tries to create his or her own cryptographic primitive is either a genius or a fool. Givent the genius/fool ratio of our species, the odds aren't very good.

Even Congressman Jim Sensenbrenner, the person who wrote the USA PATRIOT Act, was surprised when he learned that the NSA used it as a legal justification for collecting mass-surveillance data on Americans. "It's like scooping up the entire ocean to guarantee you catch a fish," he said.

For starters, websites should be required to disclose what third parties are tracking their visitors, and smartphone apps should disclose what information they are recording about their users. There are too many places where surveillance is hidden; we need to make it salient as well.

Keeping the fear stoked is big business. Those in the intelligence community know it's the basis of their influence and power. And government contractors know it's where the money for their contracts comes from. Writer

Verizon, for example, reports that it received 320,000 "law enforcement demands" for data in 2013. We know that every three months Verizon is served with a single National Security Letter that requires it to turn over the metadata of all 290 million of its customers, so what does that 320,000.

Windows NT is much worse. The operating system is an example of completely ignoring security lessons from history. Things that are in the kernel are defined as secure, so smart engineering says to make the kernel as small as possible, and make sure everything in it is secure.

Windows NT is much worse. The operating system is an example of completely ignoring security lessons from history. Things that are in the kernel are defined as secure, so smart engineering says to make the kernel as small as possible, and make sure everything in it is secure. Windows seems to take the position that since things in the kernel are defined as secure, than you should put everything in the kernel.

when the Russians stole it from that agency.

There is strength in numbers, and if the public outcry grows, governments and corporations will be forced to respond. We are trying to prevent an authoritarian government like the one portrayed in Orwell's Nineteen Eighty-Four, and a corporate-ruled state like the ones portrayed in countless dystopian cyberpunk science fiction novels. We are nowhere near either of those endpoints, but the train is moving in both those directions, and we need to apply the brakes.

Even after the aliens from Andromeda land with their massive spaceships and undreamed-of computing power, they will not be able to read the Soviet spy messages encrypted with one-time pads (unless they can also go back in time and get the one-time pads).

More members of Congress must commit to meaningful NSA reform. We need comprehensive strategic oversight by independent government agencies, based on full transparency. We need meaningful rules for minimizing data gathered and stored about Americans, rules that require NSA to delete data to which it should not have access.

In the 1970s, the Church Committee investigated intelligence gathering by the NSA, CIA, and FBI. It was able to reform these agencies only after extensive research and discovery. We need a similar committee now. We need to convince President Obama to adopt the recommendations of his own NSA review group. And we need to give the Privacy and Civil Liberties Oversight Board real investigative powers.

Something that looks like a protocol but does not accomplish a task is not a protocol—it's a waste of time.

Governments almost never admit to hacking each other's computers. Researchers generally infer the country of origin from the target list.

Security is hard; while you can show that a particular algorithm is weak, you can't show that one algorithm you don't know how to break is more secure than another.