Bruce Schneier is an internationally renowned security technologist, called a "security guru" by The Economist. He is the author of over one dozen books as well as hundreds of articles, essays, and academic papers. His influential newsletter "Crypto-Gram" and his blog "Schneier on Security" are read by over 250,000 people. He has testified before Congress, is a frequent guest on television and radio, has served on several government committees, and is regularly quoted in the press. Schneier is a fellow at the Berkman Klein Center for Internet & Society at Harvard University; a Lecturer in Public Policy at the Harvard Kennedy School; a board member of the Electronic Frontier Foundation, AccessNow, and the Tor Project; an Advisory Board Member of the Electronic Privacy Information Center and [...]; and a special advisor to IBM Security.

Introduction xi

1 Crime, Terrorism, Spying, and War 1

Cyberconflicts and National Security 1

Counterterrorism Mission Creep 4

Syrian Electronic Army Cyberattacks 7

The Limitations of Intelligence 8

Computer Network Exploitation vs Computer Network Attack 11

iPhone Encryption and the Return of the Crypto Wars 13

Attack Attribution and Cyber Conflict 16

Metal Detectors at Sports Stadiums 19

The Future of Ransomware 21

2 Travel and Security 25

Hacking Airplanes 25

Reassessing Airport Security 28

3 Internet of Things 31

Hacking Consumer Devices 31

Security Risks of Embedded Systems 32

Samsung Television Spies on Viewers 36

Volkswagen and Cheating Software 38

DMCA and the Internet of Things 41

Real-World Security and the Internet of Things 43

Lessons from the Dyn DDoS Attack 47

Regulation of the Internet of Things 50

Security and the Internet of Things 53

Botnets 69

IoT Cybersecurity: What's Plan B? 70

4 Security and Technology 73

The NSA's Cryptographic Capabilities 73

iPhone Fingerprint Authentication 76

The Future of Incident Response 78

Drone Self-Defense and the Law 81

Replacing Judgment with Algorithms 83

Class Breaks 87

5 Elections and Voting 89

Candidates Won't Hesitate to Use Manipulative Advertising to Score Votes 89

The Security of Our Election Systems 91

Election Security 93

Hacking and the 2016 Presidential Election 96

6 Privacy and Surveillance 99

Restoring Trust in Government and the Internet 99

The NSA is Commandeering the Internet 102

Conspiracy Theories and the NSA 104

How to Remain Secure against the NSA 106

Air Gaps 110

Why the NSA's Defense of Mass Data Collection Makes No Sense 114

Defending Against Crypto Backdoors 117

A Fraying of the Public/Private Surveillance Partnership 121

Surveillance as a Business Model 123

Finding People's Locations Based on Their Activities in Cyberspace 125

Surveillance by Algorithm 128

Metadata = Surveillance 132

Everyone Wants You to Have Security, But Not from Them 133

Why We Encrypt 136

Automatic Face Recognition and Surveillance 137

The Internet of Things that Talk about You behind Your Back 141

Security vs Surveillance 143

The Value of Encryption 145

Congress Removes FCC Privacy Protections on Your Internet Usage 148

Infrastructure Vulnerabilities Make Surveillance Easy 150

7 Business and Economics of Security 155

More on Feudal Security 155

The Public/Private Surveillance Partnership 158

Should Companies Do Most of Their Computing in the Cloud? 160

Security Economics of the Internet of Things 165

8 Human Aspects of Security 169

Human-Machine Trust Failures 169

Government Secrecy and the Generation Gap 171

Choosing Secure Passwords 173

The Human Side of Heartbleed 177

The Security of Data Deletion 179

Living in a Code Yellow World 180

Security Design: Stop Trying to Fix the User 182

Security Orchestration and Incident Response 184

9 Leaking, Hacking, Doxing, and Whistleblowing 189

Government Secrets and the Need for Whistleblowers 189

Protecting Against Leakers 193

Why the Government Should Help Leakers 195

Lessons from the Sony Hack 197

Reacting to the Sony Hack 200

Attack Attribution in Cyberspace 203

Organizational Doxing 205

The Security Risks of Third-Party Data 207

The Rise of Political Doxing 210

Data is a Toxic Asset 211

Credential Stealing as an Attack Vector 215

Someone is Learning How to Take Down the Internet 216

Who is Publishing NSA and CIA Secrets, and Why? 218

Who are the Shadow Brokers? 222

On the Equifax Data Breach 226

10 Security, Policy, Liberty, and Law 229

Our Newfound Fear of Risk 229

Take Back the Internet 232

The Battle for Power on the Internet 234

How the NSA Threatens National Security 241

Who Should Store NSA Surveillance Data? 244

Ephemeral Apps 247

Disclosing vs Hoarding Vulnerabilities 249

The Limits of Police Subterfuge 254

When Thinking Machines Break the Law 256

The Democratization of Cyberattack 258

Using Law against Technology 260

Decrypting an iPhone for the FBI 263

Lawful Hacking and Continuing Vulnerabilities 265

The NSA is Hoarding Vulnerabilities 267

WannaCry and Vulnerabilities 271

NSA Document Outlining Russian Attempts to Hack Voter Rolls 275

Warrant Protections against Police Searches of Our Data 277

References 281