Bruce Schneier Wants You to Make Software Better

Bruce Schneier
Photo: An Rong Xu/Redux

By: Daniel Dern

Security technologist Bruce Schneier has a warning ““What you code affects the world now. Gone are the days when programmers could ignore the social context of what they code, when we could say, ‘The users will just figure it all out.’ Today, programs, apps, and algorithms affect society. Facebook’s choices influence democracy. How driverless cars will choose to avoid accidents will affect human lives.”

Schneier should know, because synthesizing and explaining the impact of technology is what he does. “I work at the intersection of security, technology, and people, mostly thinking about security and privacy policy…. I don’t have a single job,” says Schneier. “Instead, I do a portfolio of related things.”

This includes writing books (14 so far); essays and op-eds; his monthly-since-1998 newsletter and his daily-since-2004 blog; teaching cybersecurity policy at the Harvard Kennedy School; being a fellow at the Berkman Klein Center for Internet and Society at Harvard University; being chief of security architecture at Inrupt; speaking at conferences and events (unsurprisingly, he has done a TED talk); and now and then some security consulting.

“My latest book, Click Here to Kill Everybody [2018], is about the security of cyberphysical systems. Everything is turning into a computer—cars, appliances, toys, streetlamps, power plants—and these computers can affect the world in a direct physical manner. Computer security is now about life and property.”

Schneier started out in cryptography in the mid-1990s, becoming a public expert after he was laid off from a tech job at AT&T. “I started writing for computer magazines. I wrote cryptography articles for Dr. Dobb’s Journal. Then I sold my first book to Wiley—Applied Cryptography [1993]—which became a bestseller. The book became a 600-page business card, and I started doing cryptography consulting. From there, I generalized to computer security, then network security, then general security technology...and then to the economics and psychology, sociology, and now, public policy of security.”

Schneier does not want to be alone in this work, and encourages others to join him. “We need people who can assess the technologies in social context, how they could impact the real world—and what public policies should address this. To do that, you need to be able to synthesize across technology and policy, and explain this to both technologists and policymakers.” And this greater context needs to be factored in at all stages of the software life cycle, “We need social scientists on our software-development teams.”

Does this sound appealing? “Where you start out almost doesn’t matter. But look outside your silo, look at adjacent or complementary disciplines.” As an example, Schneier points to security economics. “I devote a class session on the economics of security. And another on the psychology of security. If you’re a security engineer and you don’t understand the economic considerations of the problem you’re trying to solve, you are going to get the incentives all wrong. And what you create might never get used.”

Becoming a good communicator is essential, stresses Schneier. “Explaining technology across interdisciplinary boundaries requires being able to write, speak, to animate a topic, to analogize and synthesize, to summarize and generalize. These are all critical skills. They’re not specific skills, but they are vitally important.”

This article appears in the May 2021 print issue as “Bruce Schneier.”

This article originally appeared in IEEE Spectrum on 28 April 2021.