In his latest book, Click Here to Kill Everybody, Schneier, in his characteristic under-stated manner, points out that there is absolutely no need for anyone to create panic about encryption for three simple reasons.
For one, metadata cannot be encrypted – and that very metadata tells an investigator much more about a message than the actual content; when third parties are used for data storage and processing, that data cannot be encrypted; and since every device is becoming a little computer and therefore a surveillance device, law enforcement has a myriad more new data streams that will not be encrypted to look for evidence of this or that.
But this incidental, valuable material is not the centrepoint of his book; rather Schneier's focus is the growing world of Internet-connected devices — he calls the network with all its new connected little computers the Internet+ — the problems that they pose, and how the dangers they create can be nullified.
Click Here was written in a hurry. But then it had to be, because if it had been published six months later, it would have probably been out of date, so fast is the growth of the Internet of Things, which is giving both individuals and nation-states the means to craft attacks that increasingly threaten the status quo.
Schneier points out that the update process, which is meant to keep software safe, cannot work because of inherent limitations. Neither government nor industry is overly bothered about this, as the insecure environment serves the interests of both. And, he explains, despite all the apparent advances in technology, it is still very hard to secure computing devices.
He outlines the common perception about technology and the reality, before proposing some answers in the second section of the book. Avoiding any hype about so-called cyber war, Schneier nevertheless does warn that things are ramping up to the point where incidents in the online world will have very real impacts on essential services.
In the end, it would have to be government that provides the answer, argues Schneier. And, he says, the threshold for government regulation will be when online attacks result in deaths. We haven't yet seen incidents of that magnitude.
Schneier does not indulge in rosy predictions; apart from detailing what should happen, he also hypothesises what will actually take place. There is hope, he assures his readers, but not before much ground is traversed.
The book contains one error. Schneier claims that a Windows exploit known as ETERNALBLUE, created by the NSA, was stolen by the Russians and then leaked on the Web. This is incorrect; a group known as the Shadow Brokers released the exploit and to this day there is no indication of who/what/where the group hails from.
Another shortcoming is the constant references to material from previous chapters – this would work with an online text using hyperlinks, but with hard copy it is often an irritant.
The book can be read and understood by anyone who has a decent command of English; it is meant for the average reader who is curious about the implications of having a refrigerator (or any other common device) that now is suddenly connected to the Internet. There are nearly 80 pages of notes, which makes referencing more detail easy.
The book is on sale for US$27.95 and should be available at all major online booksellers.