Encryption Expert Teaches Security

"Airport security only works against the sloppy and the stupid," he contends. "We can't keep weapons out of prisons; we can't hope to keep them out of airports or subways."

Taken to its logical end, Schneier's alternative security recipe of better policing could seem to be a call for stronger surveillance or data mining. But Schneier _ a member of the American Civil Liberties Union _ says he opposes many such tactics not so much on privacy grounds but because they're bad security.

Bruce Schneier poses in the living room of his south Minneapolis home, Thursday, Sept. 14, 2006, where he says he works from his sofa. Schneier, a computer encryption expert turned all-purpose security guru, describes his life as surreal. (AP Photo/Ann Heisenfelt) (Ann Heisenfelt - AP) QUIZ What percent of U.S. tweens own a mobile phone? A. 15 percent B. 25 percent C. 35 percent D. 55 percent • Test Your Knowledge -- More Questions washingtonpost.com Video Mash-Up Readers have the opportunity to create their own interview clips opposite Post political reporter Dana Milbank. We provide the questions, you provide the answers! Create Your Own Mash-Up   Partnership Resources for anyone who runs a small business or wants to start one, featuring advice and solutions. • It's Not Too Late to Market Your Business for the Holidays • Beyond Computers: Technology for Your Office • 8 Collateral Marketing Items Every Small Business Needs • Starting a Business • Small Business on the Net • Home-Based Businesses » RESOURCE CENTER Save & Share Tag This Article  Saving options 1. Save to description:  Headline (required)  Byline 2. Save to notes (255 character max):  Blurb 3. Tag This Article

How so? Because snooping through vast storehouses of personal records in search of clues to terrorist activity invariably turns up too many wrong leads to be cost-effective, he argues. These methods can sniff out the predictable crime of credit card fraud, for example, but terrorism is much rarer, he notes.

This being Bruce Schneier, he's quick to illustrate this lesson. Having lunch in a hip bistro, Schneier points out that the restaurant serves food even before the patrons pay. It would seem to be bad security _ people might walk out on the bill. Yet the practice makes social sense.

"People are inherently good," Schneier says. "Otherwise, society would fall apart."

To some ears, Schneier's analyses are too simplistic.

"I regard his views, frankly, as dangerous," says Clark Kent Ervin, a former Department of Homeland Security inspector general who argues that incompetence at the agency has left gaping security holes.

He says Schneier erroneously claims "the threat is exaggerated and we're overreacting."

"Some people (including policymakers) take this view seriously and, therefore, are deluded into thinking that we're safer than we are," says Ervin, director of the homeland security program at the Aspen Institute. "His writings can be used as an excuse by DHS and its supporters for DHS' not having done more."

Although his career began at the Department of Defense _ he won't say what he did there _ Schneier is used to challenging prevailing ideas in government. In the 1990s, he objected to Clinton administration attempts to stifle the spread of encryption, the science of obscuring data to keep it secret. Schneier stressed then that computer cryptography was of huge economic value because of the security it gave companies and people against intruders.

But Schneier soon saw that those claims were overstated.

While encryption has its place _ it is what secures Web-based banking and shopping _ Schneier realized that too often it was deployed in silly ways. For example, some companies let employees unlock encrypted files with simple passwords, which often ended up being easy to steal or guess.