*A Hacker's Mind* is security expert Bruce Schneier's latest book, out today. For long-time Schneier readers, the subject matter will be familiar, but this iteration of Schneier's core security literacy curriculum has an important new gloss: *power*.

wwnorton.com/books/97803938… 1/ The WW Norton cover for Bruce Schneier's 'A Hacker's Mind.'
If you'd like an essay-formatted version of this thread to read or share, here's a link to it on pluralistic.net, my surveillance-free, ad-free, tracker-free blog:

pluralistic.net/2023/02/07/tri… 2/
Schneier started out as a cryptographer, author of 1994's *Applied Cryptography*, one of the standard texts on the subject. He created and co-created several important ciphers, and started two successful security startups that were sold onto larger firms. 3/
Many readers outside of cryptography circles became familiar with Schneier through his contribution to @NealStephenson's *Cryptonomicon*, and he is well-known in sf circles (he even got a Hugo nom for editing the restaurant guide for 2000's WorldCon).

schneier.com/wp-content/upl… 4/
But Schneier's biggest claim in fame is as a science communicator, specifically in the domain of security. 5/
In the wake of the 9/11 attacks and the creation of a suite of hasty, ill-considered "security" measures, Schneier coined #SecurityTheater to describe a certain kind of wasteful, harmful, pointless exercise, like forcing travelers to take off their shoes to board a plane. 6/
Schneier led the charge for a kind of sensible, reasonable thinking about security, using a mix of tactics to shift the discourse on the subject: debating TSA boss Kip Hawley, traveling with reporters through airport checkpoints while narrating countermeasures to defeat… 7/
…every single post-9/11 measure, and holding annual "movie-plot threat" competitions:

schneier.com/tag/movie-plot… 8/
Most importantly, though, Schneier wrote long-form books that set out the case for sound security reasoning, railing against security theater and calling for policies that would actually make our physical and digital world more secure. 9/
Things like abolishing DRM, clearing legal barriers to vulnerability research and disclosure, and debunking security snake-oil, from "unbreakable proprietary ciphers" to "behavioral detection training" for TSA officers. 10/
Schneier inspired much of my own interest in cryptography, and he went on to design my wedding rings, which are cipher wheels:

schneier.com/blog/archives/… 11/
And then he judged a public cipher-design contest, which Chris Smith won with "The Fidget Protocol":

craphound.com/FidgetProtocol…

Schneier's books - starting with 2000's *Secrets and Lies* - follow a familiar, winning formula. 12/
Each one advances a long-form argument for better security reasoning, leavened with *utterly delightful* examples of successful and hacks and counterhacks, in which clever people engage in duels of wits over the best way to protect some resource - or bypass that protection. 13/
There is an endless supply of these, and they are addictive, impossible to read without laughing and sharing them on. There's something innately satisfying about reading about hacks and counterhacks - as authors have understood since Poe wrote "The Purloined Letter" in 1844. 14/
*A Hacker's Mind* picks up on this familiar formula, with a fresh set of winning security anaecdotes, both new and historical, and restates Schneier's hypothesis about how we should think about security - but again, *Hacker's Mind* brings a new twist to the subject: power. 15/
In this book, Schneier broadens his frame to consider all of society's rules - its norms, laws and regulations - as a security system, and then considers all the efforts to change rules through a security lens, framing everything from protests to tax-cheating as "hacks." 16/
This is a great analytical tool, one that evolved out of Schneier's work on security policy at the Harvard Kennedy School. By thinking of (say) tax law as a security system, we can analyze its vulnerabilities just as we would analyze the risks to, say, your Gmail account. 17/
The tax system can be hacked by lobbying for tax-code loopholes, or by discovering and exploiting accidental loopholes. It can be hacked by suborning IRS inspectors, or by suborning Congress to cut the budget for IRS inspectors. 18/
It can be hacked by winning court cases defending exotic interpretations of the tax code, or by lobbying Congress to retroactively legalize those interpretations before a judge can toss them out. 19/
This analysis has a problem, though: the hacker in popular imagination is a trickster figure, an analog for Coyote or Anansi, outsmarting the powerful with wits and stealth and bravado. 20/
The delight we take in these stories comes from the way that hacking can upend power differentials, hoisting elites on their own petard. 21/
An Anansi story in which a billionaire hires a trickster god to evade consequences for maiming workers in his factory is a hell of a lot less satisfying than the traditional canon.

Schneier resolves this conundrum by parsing hacking through another dimension: *power*. 22/
A hack by the powerful against society - tax evasion, regulatory arbitrage, fraud, political corruption - is a hack, sure, but it's a *different* kind of hack from the hacks we've delighted in since "The Purloined Letter." 23/
This leaves us with two categories: hacks by the powerful to increase their power; and hacks by everyone else to take power away from the powerful. 24/
These two categories have become modern motifs in other domains - think of comedians' talk of "punching up vs punching down" or the critique of the idea of "anti-white racism." 25/
But while this tool is familiar, it takes on a new utility when used to understand the security dimensions of policy, law and norms. 26/
Schneier uses it to propose several concrete proposals for making our policy "more secure" - that is, less vulnerable to corruption that further entrenches the powerful. 27/
That said, the book does more to explain the source of problems than to lay out a program for addressing them - a common problem with analytical books. 28/
That's okay, of course - we can't begin to improve our society until we agree on what's wrong with it - but there is definitely more work to be done in converting these systemic analyses into systemic *policies*. 29/

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Cory Doctorow (@pluralistic@mamot.fr)

Cory Doctorow (@pluralistic@mamot.fr) Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @doctorow

Feb 7
Today's Twitter threads (a Twitter thread).

Inside: The Collective Intelligence Institute; and more!

Archived at: pluralistic.net/2023/02/07/ful…

#Pluralistic 1/ Image
This week (Feb 8-17), I'll be in #Australia, touring my book #ChokepointCapitalism* with my co-author, @rgibli. We'll be in #Brisbane today (Feb 8 - in Australia!), and then a remote event for #NZ on Feb 13. Next: #Melbourne, #Sydney & #Canberra.

chokepointcapitalism.com 2/ Image
The Collective Intelligence Institute: Asking more than 'what technology does' and demanding to know who it does it FOR and who it does it TO.

3/ Image
Read 23 tweets
Feb 7
History is written by the winners, which is why #Luddite is a slur meaning "technophobe" and not a badge of honor meaning, "Person who goes beyond asking what technology does, to asking who it does it *for* and who it does it *to*."

locusmag.com/2022/01/cory-d… 1/ Image
If you'd like an essay-formatted version of this thread to read or share, here's a link to it on pluralistic.net, my surveillance-free, ad-free, tracker-free blog:

pluralistic.net/2023/02/07/ful… 2/
Luddites weren't anti-machine activists, they were pro-#worker advocates, who believed that the spoils of automation shouldn't automatically be allocated to the bosses who skimmed the profits from their #labor and spent them on machines that put them out of a job. 3/
Read 34 tweets
Feb 7
Hey, @mattearoach, there were some weird things going on with the crime statistics on this week's Backbench. We were told that violent crime was up and then told that housebreaking is a violent crime? I don't think that's how most people understand 'violent.'
Then, we were told that there were 2 million crimes reported to police and that this was up by 25,000 - which is 1/80th of 2 million. But then we were told that violent crime is up 5%. Is this an artifact of classing breaking and entering as violent?
I mean it seems to me like we could say crime in Canada went up by about 1% and a small fraction of that ~1% was violent crime. That to me does not sound like a significant increase in threats to public safety.
Read 4 tweets
Feb 7
Painfully awkward band photos that can’t be unseen. wilwheaton.tumblr.com/post/708568922… ImageImageImageImage
Painfully awkward band photos that can’t be unseen. wilwheaton.tumblr.com/post/708568922… ImageImageImage
Women Who Prowl for Men by Robert Emil Schulz gameraboy2.tumblr.com/post/708567567… Image
Read 4 tweets

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us on Twitter!

:(