Schneier on Security

Bruce Schneier is best known for his influential 1994 work Applied Cryptography, but these days he describes himself as a general 'security technologist'. Schneier on Security is a collection of short essays on topics ranging from firewalls to illegal immigration, written since 2003 for publications including Wired magazine and his own Crypto-Gram newsletter.

Each article stands alone, and most can be digested in under five minutes, so it's an easy read. Unfortunately, this format doesn't give Schneier the space to really dig into complex issues, so his arguments can seem rather trivial.

On the subject of airport security, for example, he concludes that 'we need to spend our resources on things that actually make us safer'. Well duh.

There's also a certain degree of repetition between essays - understandable in a collection of this nature but wearing nevertheless.

Phrases such as 'join the dots', 'police state' and 'control of our data' echo through the text, creating an uneasy sense of déjà-vu. The effect is reinforced by the half-decade span of articles: Schneier's repeated references to the September 2001 terrorist attacks may have been timely when first written, but today they make him seem stuck in the past.

It's a shame, because at its best Schneier on Security is genuinely thought-provoking. Several essays show, with clear logic and concrete example, how instinct can lead us to make nonsensical choices in the name of security.

Others give excellent warnings about the open-ended nature of our relationships with online services. And Schneier isn't afraid to point fingers, rightly excoriating the likes of McAfee and Symantec for their pusillanimity when Sony started distributing malware in 2005.

For a non-expert, Schneier on Security could make a highly accessible introduction to 'security thinking'. Its tone is invitingly informal, and though its discussions are biased toward US-centric issues, the underlying principles have universal application.

Schneier's high-level, populist approach, however, means little in this book will be of practical use to professionals.

Author: Darien Graham-Smith