Pluralistic: Bruce Schneier's "A Hacker's Mind" (06 Feb 2023)


Today's links



The WW Norton cover for Bruce Schneier's 'A Hacker's Mind.'

Bruce Schneier's "A Hacker's Mind" (permalink)

A Hacker's Mind is security expert Bruce Schneier's latest book, released today. For long-time readers of Schneier, the subject matter will be familiar, but this iteration of Schneier's core security literacy curriculum has an important new gloss: power.

https://wwnorton.com/books/9780393866667

Schneier started out as a cryptographer, author of 1994's Applied Cryptography, one of the standard texts on the subject. He created and co-created several important ciphers, and started two successful security startups that were sold onto larger firms. Many readers outside of cryptography circles became familiar with Schneier through his contribution to Neal Stephenson's Cryptonomicon, and he is well-known in science fiction circles (he even received a Hugo nomination for editing the restaurant guide for MiniCon 34 in 1999).

https://www.schneier.com/wp-content/uploads/2016/02/restaurants-san-jose.pdf

But Schneier's biggest claim in fame is as a science communicator, specifically in the domain of security. In the wake of the 9/11 bombings and the creation of a suite of hasty, ill-considered "security" measures, Schneier coined the term "security theater" to describe a certain kind of wasteful, harmful, pointless exercise, like forcing travelers to take off their shoes to board an airplane.

Schneier led the charge for a kind of sensible, reasonable thinking about security, using a mix of tactics to shift the discourse on the subject: debating TSA boss Kip Hawley, traveling with reporters through airport checkpoints while narrating countermeasures to defeat every single post-9/11 measure, and holding annual "movie-plot threat" competitions:

https://www.schneier.com/tag/movie-plot-threat-contests/

Most importantly, though, Schneier wrote long-form books that set out the case for sound security reasoning, railing against security theater and calling for policies that would actually make our physical and digital world more secure – abolishing DRM, clearing legal barriers to vulnerability research and disclosure, and debunking security snake-oil, from "unbreakable proprietary ciphers" to "behavioral detection training" for TSA officers.

Schneier inspired much of my own interest in cryptography, and he went on to design my wedding rings, which are cipher wheels:

https://www.schneier.com/blog/archives/2008/09/contest_cory_do.html

And then he judged a public cipher-design contest, which Chris Smith won with "The Fidget Protocol":

http://craphound.com/FidgetProtocol.zip

Schneier's books – starting with 2000's Secrets and Lies – follow a familiar, winning formula. Each one advances a long-form argument for better security reasoning, leavened with a series of utterly delightful examples of successful and hacks and counterhacks, in which clever people engage in duels of wits over the best way to protect some precious resource – or bypass that protection. There is an endless supply of these, and they are addictive, impossible to read without laughing and sharing them on. There's something innately satisfying about reading about hacks and counterhacks – as authors have understood since Poe wrote "The Purloined Letter" in 1844.

A Hacker's Mind picks up on this familiar formula, with a fresh set of winning security anaecdotes, both new and historical, and restates Schneier's hypothesis about how we should think about security – but, as noted, Hacker's Mind brings a new twist to the subject: power.

In this book, Schneier broadens his frame to consider all of society's rules – its norms, laws and regulations – as a security system, and then considers all the efforts to change those rules through a security lens, framing everything from street protests to tax-cheating as "hacks."

This is a great analytical tool, one that evolved out of Schneier's work on security policy at the Harvard Kennedy School. By thinking of (say) tax law as a security system, we can analyze its vulnerabilities just as we would analyze the risks to, say, your Gmail account. The tax system can be hacked by lobbying for tax-code loopholes, or by discovering and exploiting accidental loopholes. It can be hacked by suborning IRS inspectors, or by suborning Congress to cut the budget for IRS inspectors. It can be hacked by winning court cases defending exotic interpretations of the tax code, or by lobbying Congress to retroactively legalize those interpretations before a judge can toss them out.

This analysis has a problem, though: the hacker in popular imagination is a trickster figure, an analog for Coyote or Anansi, outsmarting the powerful with wits and stealth and bravado. The delight we take in these stories comes from the way that hacking can upend power differentials, hoisting elites on their own petard. An Anansi story in which a billionaire hires a trickster god to evade consequences for maiming workers in his factory is a hell of a lot less satisfying than the traditional canon.

Schneier resolves this conundrum by parsing hacking through another dimension: power. A hack by the powerful against society – tax evasion, regulatory arbitrage, fraud, political corruption – is a hack, sure, but it's a different kind of hack from the hacks we've delighted in since "The Purloined Letter."

This leaves us with two categories: hacks by the powerful to increase their power; and hacks by everyone else to take power away from the powerful. These two categories have become modern motifs in other domains – think of comedians' talk of "punching up vs punching down" or the critique of the idea of "anti-white racism."

But while this tool is familiar, it takes on a new utility when used to understand the security dimensions of policy, law and norms. Schneier uses it to propose several concrete proposals for making our policy "more secure" – that is, less vulnerable to corruption that further entrenches the powerful.

That said, the book does more to explain the source of problems than to lay out a program for addressing them – a common problem with analytical books. That's okay, of course – we can't begin to improve our society until we agree on what's wrong with it – but there is definitely more work to be done in converting these systemic analyses into systemic policies.



A Wayback Machine banner.

This day in history (permalink)

#20yrsago Macromedia CTO resigns by blog https://web.archive.org/web/20030202031646/http://radio.weblogs.com/0113297/

#10yrsago Ontario Teachers’ Pension Plan invests in Internet surveillance company that backstops notorious dictatorships https://www.thestar.com/opinion/editorialopinion/2013/02/06/teachers_pension_plan_invests_in_internet_surveillance_firm.html

#10yrsago Website copies articles documenting scandal of disgraced cancer researcher, then uses DMCA to get the originals censored https://arstechnica.com/science/2013/02/site-plagiarizes-blog-posts-then-files-dmca-takedown-on-originals/

#10yrsago Games Workshop trademark bullying goes thermonuclear: now they say you can’t use “space marine” in science fiction https://web.archive.org/web/20130207002144/http://mcahogarth.org/?p=10593

#10yrsago Canadian businesses lobby for the right to infect peoples’ computers with viruses and rootkits https://web.archive.org/web/20130206170244/http://www.michaelgeist.ca/content/view/6777/125/

#5yrsago Charlie Stross on the sorry state of science fictional worldbuilding https://www.antipope.org/charlie/blog-static/2018/02/why-i-barely-read-sf-these-day.html

#5yrsago Cloudflare terminate Sci-Hub domains, declining to challenge court order https://torrentfreak.com/cloudflare-terminates-service-to-sci-hub-domain-names-180205/

#1yrago Woody Guthrie, Songs and Art * Words and Wisdom https://pluralistic.net/2022/02/06/this-land-is-your-land/#this-machine-kills-fascists

#1yrago Explaining UK Fair Dealing with Simpsons clips https://pluralistic.net/2022/02/06/this-land-is-your-land/#know-your-rights



Colophon (permalink)

Today's top sources:

Currently writing:

  • Picks and Shovels, a Martin Hench noir thriller about the heroic era of the PC. Friday's progress: 520 words (102259 words total)

  • The Bezzle, a Martin Hench noir thriller novel about the prison-tech industry. FIRST DRAFT COMPLETE, WAITING FOR EDITORIAL REVIEW

  • A Little Brother short story about DIY insulin PLANNING

  • Vigilant, Little Brother short story about remote invigilation. ON SUBMISSION

  • Moral Hazard, a short story for MIT Tech Review's 12 Tomorrows. FIRST DRAFT COMPLETE, ACCEPTED FOR PUBLICATION

  • Spill, a Little Brother short story about pipeline protests. ON SUBMISSION

Currently reading: Analogia by George Dyson.

Latest podcast: Social Quitting https://craphound.com/news/2023/01/22/social-quitting/

Upcoming appearances:

Recent appearances:

Latest books:

Upcoming books:

  • Red Team Blues: "A grabby, compulsive thriller that will leave you knowing more about how the world works than you did before." Tor Books, April 2023

  • The Internet Con: A nonfiction book about interoperability and Big Tech, Verso, September 2023

  • The Lost Cause: a post-Green New Deal eco-topian novel about truth and reconciliation with white nationalist militias, Tor Books, November 2023


This work licensed under a Creative Commons Attribution 4.0 license. That means you can use it any way you like, including commercially, provided that you attribute it to me, Cory Doctorow, and include a link to pluralistic.net.

https://creativecommons.org/licenses/by/4.0/

Quotations and images are not included in this license; they are included either under a limitation or exception to copyright, or on the basis of a separate license. Please exercise caution.


How to get Pluralistic:

Blog (no ads, tracking, or data-collection):

Pluralistic.net

Newsletter (no ads, tracking, or data-collection):

https://pluralistic.net/plura-list

Mastodon (no ads, tracking, or data-collection):

https://mamot.fr/@pluralistic

Medium (no ads, paywalled):

https://doctorow.medium.com/

(Latest Medium column: "Small Government: The ref has to be more powerful than the players" https://pluralistic.net/2023/02/05/small-government/)

Twitter (mass-scale, unrestricted, third-party surveillance and advertising):

https://twitter.com/doctorow

Tumblr (mass-scale, unrestricted, third-party surveillance and advertising):

https://mostlysignssomeportents.tumblr.com/tagged/pluralistic

"When life gives you SARS, you make sarsaparilla" -Joey "Accordion Guy" DeVilla