Practical privacy and simple cybersecurity.
TheNewOil.org

Book Review: Click Here to Kill Everybody by Bruce Schneier

I’ve been pumping out a lot of book reviews lately. I guess I’ve just had more time to read them finally.

About the Author & the Book

Bruce Schneier is an internationally renowned cybersecurity expert. He has written over a dozen books on the topic, as well as “hundreds of articles, essays, and academic papers.” Schneier has testified before Congress, served on several government committees, made numerous appearances on TV and radio, and sits on numerous boards of various non-profits and educational societies. He has also been heavily involved in the creation of several cryptographic algorithms, the most notable being Blowfish and Twofish.

In his latest book, Schneier explores modern cybersecurity (or lack thereof). He explains why Internet of Things (IoT, or “smart devices”) security is a serious matter, the reasons that led us to where we are today (aka why modern cybersecurity blows), and offers some ideas on moving forward and changing the path.

The Good

This book is incredibly accessible. Without skimping on accuracy or details, Schneier shies away from in-depth technical analysis, instead offering a bird’s eye view of the current cybersecurity landscape. His goal is not to explain to how asymmetric keys work, but rather explain why we don’t use them to secure our fridges and toasters. This makes the book a great read for even those with the most limited technical knowledge. If you’re smart enough to understand “try turning it off and on again” – even if you don’t know why that works – you’re smart enough for this book.

I’m also a fan of people who offer solutions. I don’t believe that offering solutions is mandatory. You don’t have to know how to fix a toilet to know that it’s not working right. But I personally find it refreshing, constructive, and thought provoking to say “the toilet’s broken, here’s a few things that might fix it.” I also appreciate Schneier’s occasional reminders that he’s not trying to claim he has the answers. While his book his chock full of ideas and suggestions, he regularly reminds readers that his ideas may or may not work, and probably aren’t the only solution. He says at the beginning and periodically reiterates that his goal is to start a discussion, because we as a digitally-connected world desperately need to have one before our toasters kill everyone.

I think perhaps the best praise I can give this book is that it almost never discusses privacy. Some of my more privacy-centric readers know that getting people to care about privacy is a lot like getting a pig to care about the nutritional content of the slop you’re feeding it: people just don’t care. But cybersecurity, that’s something people care about. People are deeply concerned about identity theft, stolen bank numbers, and stalkers. This book is almost completely about that stuff (at least, on a high level), and as such it should be of interest to nearly anyone reading this.

The Bad

For one, I think Schneier relies a bit too much on government and regulation in his proposed solutions. Let me be clear: Schneier changed my views. Without being too political, I consider myself Libertarian. I consider small government with massive margins of individual freedom to be the best route, at least here in the US. But Schneier presents evidence in his book that I’m wrong, and while it’s hard to admit when you’re wrong I’m not too proud to do it. Schneier argues that government regulation on things like business, industry, and consumer protection have resulted in a lot of good that corporations would otherwise be too selfish and greedy to implement out of concern for their consumers in the past. Sorry, that was sort of wordy. In plain English: sometimes you need the government to force companies to do the right thing. Schneier has examples of this and proved me wrong, I accept that.

The reason I brought that up is this: while Schneier obviously has evidence to back up his claims and he did win me over to his line of thinking, I also think that the law is not bulletproof. Lawbreakers, by definition, do not obey the law. Whether that’s breaking into a house and stealing all the valuables, or storing customer data improperly and abusing it. While I think regulations and fines would go a long way towards fixing the current state of things, I’m a little disappointed that Schneier’s almost universal proposals are “we need a government regulation.” I think that people should take personal responsibility for their data whenever possible and that we should force these companies into compliance with things like end-to-end encryption, metadata obfuscation, and other plugins and tools I discuss on my website.

To be fair, Schneier is on board with these things. He does explicitly talk about E2EE and he does admit more than a few times that there will always be companies who break the regulations, but I still personally would’ve like to see at least a chapter or even a section about taking matters into your own hands.

Final Verdict

I whole-heartedly recommend this book. Schneier has an exhaustive list of sources in the back, but he writes in a very easy-to-grasp way. This is not a research paper for the hardcore privacy nerd, this is an introduction for everyone. Schneier says over and over in his book that his goal is to start a discussion. He repeatedly states that his ideas may not the best ideas, his goal is simply to get us all talking about ideas. This is a discussion we desperately need to have. As I sit here writing this, I have a smart phone next to me. I have a smart TV in the living room, and two PlayStation systems (3 and 4) behind me that are both network-connected. My girlfriend’s computer across the room is network connected, as is her phone. And we’re on the low end of the technologically connected. Many others I know also have home assistants, smart thermostats, and Ring doorbells. This stuff, as I’ve been saying on this site for a while now, is incredibly insecure and yet we trust it so much. This is a discussion we need to have badly, and Schneier’s book is a great introduction to get those who don’t know as much about it up to speed.

More on the Book

Click here to kill everybody, or to purchase the book. That site will also link you to Schneier’s site and blog, which I follow daily via RSS feed, and any of his other social media accounts or other works.

Tech changes fast, so be sure to check TheNewOil.org for the latest recommendations on tools, services, settings, and more. You can find our other content across the web here or support our work in a variety of ways here. You can also leave a comment on this post here: Discuss...