I’ve just finished reading Bruce Schneier’s Beyond Fear, which I recommend to anyone who’s interested in security issues after 9/11. Schneier’s a famous cryptographer – if you’ve read Cryptonomicon, you’ll be familiar with his Solitaire code – but over the last few years he’s become more and more interested in the human side of security systems. And this is where Beyond Fear excels – it describes in clear, everyday language how we should think about security in the modern world and why even the most sophisticated (especially the most sophisticated) security systems are likely sometimes to fail.
Unsurprisingly, Beyond Fear talks at length about the security choices made after 9/11. It’s far from complimentary about most of them, but it doesn’t just provide a list of entertaining stupid security award style gotchas. Schneier talks about the political and technical processes that produce manifestly bone-headed policies – political bargains struck by actors with their own agendas; the perceived need for “security theater” to reassure people that something is being done to protect their safety; the manifest impossibility of foolproofing any reasonably complex system. He stresses that security involves trade-offs rather than perfect solutions. Not only that; he provides some useful ways to think about when these trade-offs do, and do not, make sense. Schneier’s take is interesting to those, like me, who usually think about new security measures in terms of how they hurt privacy; if he’s right (and he has some good arguments and evidence to back him up), many of these measures don’t even make sense in their own terms.
The book is aimed at non-professionals, which means that sometimes the tone is a little too folksy and straight-talking for my liking. Schneier uses a couple too many quasi-topical instaquotes from famous people in order to try and sweeten the pill of his (deadly serious) argument and prescriptions. But Beyond Fear still has a lot to commend it, even to those who already know something about the issues that Schneier is writing about. He has a very nice discussion of how complexity theory and emergent phenomena afflict security systems, laying out the main ideas without lapsing into jargon. His discussion of the relationship between detection and prevention strategies is worth the price of the book on its own. It lays out in a simple yet devastating way the reasons why Diebold style electronic voting machines are a bad idea.
After the 2000 U.S. presidential election, various pundits made comments like: “If we can protect multibillion-dollar e-commerce transactions on the Internet, we can certainly protect elections.” This statement is emphatically wrong – we don’t protect commerce by preventing fraud, we protect commerce by auditing it. The secrecy of the vote makes auditing impossible.
Exactly right – and a lovely insight to boot. If you’re at all interested in these topics, you need to read this book.