• Categories

  • Archives

    « Home

    Bruce Schneier and Marcus Ranum Face-Off: Should We Have an Expectation of Online Privacy? has point-counterpoint essays about online privacy by two experts. Marcus Ranum is the CSO of Tenable Network Security and is a well-known security technology innovator, teacher and speaker. Bruce Schneier is chief security technology officer of BT Global Services and the author of Schneier on Security. 

    Excerpt from Ranum: 

    From the beginning, online privacy was probably more of a goal than a reality — a goal that was near and dear to a few technologically sophisticated users: the Cypherpunks, and the Electronic Frontier Foundation. Everyone else either assumed their actions were private, or didn’t really care. Indeed, most people’s lives really aren’t worth looking at, unless you’re somehow involved with them personally, so “so what?” is probably a pretty decent strategy for most people.

    What we’ve seen is that governments are consistently willing to ignore their own wiretapping rules — so much so, in fact, that a cynic might say that the rules exist only to encourage a false sense of confidence in the targets. It makes you wonder, doesn’t it?

    The big surprise, to me, is that anyone falls for it.

    Excerpt from Schneier:

    If your data is online, it is not private. Oh, maybe it seems private. Certainly, only you have access to your e-mail. Well, you and your ISP. And the sender’s ISP. And any backbone provider who happens to route that mail from the sender to you. And, if you read your personal mail from work, your company. And, if they have taps at the correct points, the NSA and any other sufficiently well-funded government intelligence organization–domestic and international. […]

    The general problem is that, for the most part, your online data is not under your control.

    Cloud computing and software as a service exacerbate this problem even more. Your webmail is less under your control than it would be if you downloaded your mail to your computer. If you use, you’re relying on that company to keep your data private. If you use Google Docs, you’re relying on Google.

    4 Responses to “Bruce Schneier and Marcus Ranum Face-Off: Should We Have an Expectation of Online Privacy?”

    1. Says:

      I’m not sure the registration process at searchsecurity is worth it just to read this article. This site wants too much information, and it really wants to push all these email subscriptions at you. You can read Schneier’s half here:

      If that’s not enough, you might need to “register” using a email address, like I did.

    2. Says:

      Event better, here’s a direct link to the article without the registration:,296905,sid14_gci1354832,00.html

    3. Privacy Lives Says:

      Thanks for sending the no-registration links!

    4. Sminil Says:

      I always used to think the sceurity industry existed to make people scared and then sell them something to protect them from what they were afraid of. But now I think it exists because of what people are prepared to buy, he said, adding that investment in sceurity products tends to be reactive to a problem a company has already suffered, making sceurity a fire extinguisher industry. Your iPod analogy is wrong because the third-party add-on industry that has developed around the iPod has to do with _extending_ functionality of the product. Not revert it to something it should have been in the first place.The sceurity industry feeds the manufacturers who feed the sceurity indtustry, etc. The manufacturers don’t have to make products secure because an entire industry sits at the ready to pounce on the new products and do it for them.There is not sufficient incentive to make secure applications or products.I liken it more to Microsoft’s recent statements about the Vista release, boasting about how many jobs and how many billions of revenue the new OS will create. Or rather, will _need_ to create just to keep it functional.By the same token if I throw garbage on the street you could argue that I’m creating jobs for more garbage collectors, but what Schneier says is that enough is enough.I actually agree with your basic premise, but it is a matter of degree. Right now the balance is _too_ skewed between what is a good, open model that will provide incentives for third-party spin-off sceurity industries, and what is just blatant rape of capitalism people making money for no other reason than manufacturers being unwilling to provide a quality product.And quoting H2G2 might earn you geek points, but your article is still wrong

    Leave a Reply