*A Hacker's Mind* is security expert Bruce Schneier's latest book, out today. For long-time Schneier readers, the subject matter will be familiar, but this iteration of Schneier's core security literacy curriculum has an important new gloss: *power*.
wwnorton.com/books/97803938… 1/
wwnorton.com/books/97803938… 1/
If you'd like an essay-formatted version of this thread to read or share, here's a link to it on pluralistic.net, my surveillance-free, ad-free, tracker-free blog:
pluralistic.net/2023/02/07/tri… 2/
pluralistic.net/2023/02/07/tri… 2/
Schneier started out as a cryptographer, author of 1994's *Applied Cryptography*, one of the standard texts on the subject. He created and co-created several important ciphers, and started two successful security startups that were sold onto larger firms. 3/
Many readers outside of cryptography circles became familiar with Schneier through his contribution to @NealStephenson's *Cryptonomicon*, and he is well-known in sf circles (he even got a Hugo nom for editing the restaurant guide for 2000's WorldCon).
schneier.com/wp-content/upl… 4/
schneier.com/wp-content/upl… 4/
But Schneier's biggest claim in fame is as a science communicator, specifically in the domain of security. 5/
In the wake of the 9/11 attacks and the creation of a suite of hasty, ill-considered "security" measures, Schneier coined #SecurityTheater to describe a certain kind of wasteful, harmful, pointless exercise, like forcing travelers to take off their shoes to board a plane. 6/
Schneier led the charge for a kind of sensible, reasonable thinking about security, using a mix of tactics to shift the discourse on the subject: debating TSA boss Kip Hawley, traveling with reporters through airport checkpoints while narrating countermeasures to defeat… 7/
…every single post-9/11 measure, and holding annual "movie-plot threat" competitions:
schneier.com/tag/movie-plot… 8/
schneier.com/tag/movie-plot… 8/
Most importantly, though, Schneier wrote long-form books that set out the case for sound security reasoning, railing against security theater and calling for policies that would actually make our physical and digital world more secure. 9/
Things like abolishing DRM, clearing legal barriers to vulnerability research and disclosure, and debunking security snake-oil, from "unbreakable proprietary ciphers" to "behavioral detection training" for TSA officers. 10/
Schneier inspired much of my own interest in cryptography, and he went on to design my wedding rings, which are cipher wheels:
schneier.com/blog/archives/… 11/
schneier.com/blog/archives/… 11/
And then he judged a public cipher-design contest, which Chris Smith won with "The Fidget Protocol":
craphound.com/FidgetProtocol…
Schneier's books - starting with 2000's *Secrets and Lies* - follow a familiar, winning formula. 12/
craphound.com/FidgetProtocol…
Schneier's books - starting with 2000's *Secrets and Lies* - follow a familiar, winning formula. 12/
Each one advances a long-form argument for better security reasoning, leavened with *utterly delightful* examples of successful and hacks and counterhacks, in which clever people engage in duels of wits over the best way to protect some resource - or bypass that protection. 13/
There is an endless supply of these, and they are addictive, impossible to read without laughing and sharing them on. There's something innately satisfying about reading about hacks and counterhacks - as authors have understood since Poe wrote "The Purloined Letter" in 1844. 14/
*A Hacker's Mind* picks up on this familiar formula, with a fresh set of winning security anaecdotes, both new and historical, and restates Schneier's hypothesis about how we should think about security - but again, *Hacker's Mind* brings a new twist to the subject: power. 15/
In this book, Schneier broadens his frame to consider all of society's rules - its norms, laws and regulations - as a security system, and then considers all the efforts to change rules through a security lens, framing everything from protests to tax-cheating as "hacks." 16/
This is a great analytical tool, one that evolved out of Schneier's work on security policy at the Harvard Kennedy School. By thinking of (say) tax law as a security system, we can analyze its vulnerabilities just as we would analyze the risks to, say, your Gmail account. 17/
The tax system can be hacked by lobbying for tax-code loopholes, or by discovering and exploiting accidental loopholes. It can be hacked by suborning IRS inspectors, or by suborning Congress to cut the budget for IRS inspectors. 18/
It can be hacked by winning court cases defending exotic interpretations of the tax code, or by lobbying Congress to retroactively legalize those interpretations before a judge can toss them out. 19/
This analysis has a problem, though: the hacker in popular imagination is a trickster figure, an analog for Coyote or Anansi, outsmarting the powerful with wits and stealth and bravado. 20/
The delight we take in these stories comes from the way that hacking can upend power differentials, hoisting elites on their own petard. 21/
An Anansi story in which a billionaire hires a trickster god to evade consequences for maiming workers in his factory is a hell of a lot less satisfying than the traditional canon.
Schneier resolves this conundrum by parsing hacking through another dimension: *power*. 22/
Schneier resolves this conundrum by parsing hacking through another dimension: *power*. 22/
A hack by the powerful against society - tax evasion, regulatory arbitrage, fraud, political corruption - is a hack, sure, but it's a *different* kind of hack from the hacks we've delighted in since "The Purloined Letter." 23/
This leaves us with two categories: hacks by the powerful to increase their power; and hacks by everyone else to take power away from the powerful. 24/
These two categories have become modern motifs in other domains - think of comedians' talk of "punching up vs punching down" or the critique of the idea of "anti-white racism." 25/
But while this tool is familiar, it takes on a new utility when used to understand the security dimensions of policy, law and norms. 26/
Schneier uses it to propose several concrete proposals for making our policy "more secure" - that is, less vulnerable to corruption that further entrenches the powerful. 27/
That said, the book does more to explain the source of problems than to lay out a program for addressing them - a common problem with analytical books. 28/
That's okay, of course - we can't begin to improve our society until we agree on what's wrong with it - but there is definitely more work to be done in converting these systemic analyses into systemic *policies*. 29/
• • •
Missing some Tweet in this thread? You can try to
force a refresh
