Security expert expounds on heroism, Obama, and liberty versus control

Bruce Almighty is some other guy, but with Bruce Schneier's cult-like following on Facebook and elsewhere, one might easily mistake the names. Here's a preview of what you'll hear when Bruce Schneier takes the stage at the Privacy Summit.

You have a cult following on Facebook. One group is called Bruce Schneier for president (30 members); another calls itself Bruce Schneier is my hero (165 members). What is the most heroic thing you've ever done?
Schneier: I've never considered myself particularly heroic. What I think people are responding to is my ability to think clearly about, and explain, security systems—and to speak the truth as I see it, regardless of who it might piss off. Valuable, yes; but not heroism.

Should Obama give up his BlackBerry?

Schneier: I have no idea. Security decisions always balance one thing against another. There are two major risks to President Obama keeping his BlackBerry. The first is illegal access: hackers, criminals, international intelligence agencies, and so on breaking into the BlackBerry network and gaining access to his communications. The second is legal access: subpoena, the Presidential Records Act, or the pressure of public opinion forcing him to make his communications public. Both are real risks. But Obama also receives benefits from having a BlackBerry—from having access to that type of communication. Only he can balance those benefits against the risks, and make a decision.

Could too much privacy inhibit what we want to do with security?

Schneier: It's a common misconception that security and privacy are opposites: that you have to give up one in order to get the other. That's just not true. Only identity-based security has any affect on privacy, and there are limitations to that approach. Let me give you an example. Since 9/11, approximately two things have improved airplane security: reinforcing the cockpit door, convincing passengers they need to fight back, and—maybe—sky marshals. Note that those three things have absolutely no effect on privacy. And many other forms of security have no effect on privacy: door locks, burglar alarms, tall fences. ID checks, databases, watch lists: those have a huge privacy impact, and they do almost nothing to improve security. The real opposites are liberty versus control.

Is privacy the new environmentalism?

Schneier: Yes, and data is the pollution problem of the Information Age. Think about it. All computer-mediated processes produce data. Unless dealt with, it stays around. And its after-effects can be pretty toxic. And, just as 100 years ago we ignored pollution in our rush to build the industrial age, today we're ignoring data in our rush to build the Information Age. And, I believe, 100 years from now our great-grandchildren will look back at the decisions we made and wonder how we could have been so ignorant and short-sighted.

IAPP: What gives you hope for the future of the information economy?

Schneier: I have a lot of faith in our species' ability to get this right eventually. Yes, we're getting it badly wrong now, and will continue to get it badly wrong in the short term. But as Martin Luther King Jr. said: "The arc of history is long, but bends towards justice." Twenty years from now I believe we will have more liberty, more privacy, and more security than ever before.

Can you give us a preview of your address for the IAPP Privacy Summit?

I just did. I will be talking about the technological threats to privacy, the economic motivations that exacerbate these threats, and what's likely to happen to privacy in the near future.


If you want to comment on this post, you need to login.


Board of Directors

See the esteemed group of leaders shaping the future of the IAPP.

Contact Us

Need someone to talk to? We’re here for you.

IAPP Staff

Looking for someone specific? Visit the staff directory.

Learn more about the IAPP»

Daily Dashboard

The day’s top stories from around the world

Privacy Perspectives

Where the real conversations in privacy happen

The Privacy Advisor

Original reporting and feature articles on the latest privacy developments

Privacy Tracker

Alerts and legal analysis of legislative trends

Privacy Tech

Exploring the technology of privacy

Canada Dashboard Digest

A roundup of the top Canadian privacy news

Europe Data Protection Digest

A roundup of the top European data protection news

Asia-Pacific Dashboard Digest

A roundup of the top privacy news from the Asia-Pacific region

IAPP Westin Research Center

Original works. Groundbreaking research. Emerging scholars.

Advertise in IAPP Publications

Find out how to get your message in front the people you want to reach. Download a media kit now.

Get more News »

Find a KnowledgeNet Chapter Near You

Network and talk privacy at IAPP KnowledgeNet meetings, taking place worldwide.

Women Leading Privacy

Events, volunteer opportunities and more designed to help you give and get career support and expand your network.

IAPP Job Board

Looking for a new challenge, or need to hire your next privacy pro? The IAPP Job Board is the answer.

Join the Privacy List

Have ideas? Need advice? Subscribe to the Privacy List. It’s crowdsourcing, with an exceptional crowd.

Find more ways to Connect »

Find a Privacy Training Class

Two-day privacy training classes are held around the world. See the complete schedule now.

Online Privacy Training

Build your knowledge. The privacy know-how you need is just a click away.

The Training Post—Can’t-Miss Training Updates

Subscribe now to get the latest alerts on training opportunities around the world.

New Web Conferences Added!

See our list of upcoming web conferences. Just log on, listen in and learn!

Train Your Staff

Get your team up to speed on privacy by bringing IAPP training to your organization.

Learn more »

CIPP Certification

The global standard for the go-to person for privacy laws, regulations and frameworks

CIPM Certification

The first and only privacy certification for professionals who manage day-to-day operations

CIPT Certification

The industry benchmark for IT professionals worldwide to validate their knowledge of privacy requirements

Certify Your Staff

Find out how you can bring the world’s only globally recognized privacy certification to a group in your organization.

Learn more about IAPP certification »

Get Close-up

Looking for tools and info on a hot topic? Our close-up pages organize it for you in one easy-to-find place.

Where's Your DPA?

Our interactive DPA locator helps you find data protection authorities and summary of law by country.

IAPP Westin Research Center

See the latest original research from the IAPP Westin fellows.

Looking for Certification Study Resources?

Find out what you need to prepare for your exams

More Resources »

GDPR Comprehensive: Registration Open

New! Intensive two-day GDPR training led by the sharpest minds in the field. It's a can't-miss event.

The Congress Is Cancelled

The IAPP Europe Data Protection Congress 2015 is cancelled. Click through to learn more.

Sponsor an Event

Increase visibility for your organization—check out sponsorship opportunities today.

Exhibit at an Event

Put your brand in front of the largest gatherings of privacy pros in the world. Learn more.

More Conferences »

Become a Member

Start taking advantage of the many IAPP member benefits today

Corporate Members

See our list of high-profile corporate members—and find out why you should become one, too

Renew Your Membership

Don’t miss out for a minute—continue accessing your benefits

Join the IAPP»