Thinking Sensibly About Security in an Uncertain World
This isn't a book about computer security; it's a book about security
in general. In it I cover the entire spectrum of security, from the
personal issues we face at home and in the office to the broad public
policies implemented as part of the worldwide war on terrorism. With
examples and anecdotes from history, sports, natural science, movies,
and the evening news, I explain how security really works, how it
fails, and how to make it effective.
If I can name one overarching goal of the book, it's to explain how we
all can make ourselves safer by thinking of security not in absolutes,
but in terms of trade-offs -- the inevitable expenses, inconveniences,
and diminished freedoms we accept (or have forced on us) in the name
of enhanced security. Only after we accept the inevitability of
trade-offs and learn to negotiate accordingly will we have a truly
realistic sense of how to deal with risks and threats.
This is a book for everyone. I believe that security, as a topic, is
something we all can understand. And even more importantly, I believe
that the subject is just too critical, too integral a part of our
everyday lives, to be left exclusively in the hands of experts. By
demystifying security, I hope to encourage all of us to think more
sensibly about the topic, to contribute to what should be an open and
informed public discussion of security, and to participate vocally in
ongoing security negotiations in our civic, professional, and personal
I am very pleased with this book. I started writing it in June 2002,
and continued writing it through Spring 2003. It has been a lot of
work, and I think it's paid off. It's a good book.
Beyond Fear home page (with reviews and comments):
>In September I published a new book on security:
> Beyond Fear
> Thinking Sensibly About Security in an Uncertain World
"Beyond Fear" was reviewed in "The Economist":
A tax on the honest
Oct 16th 2003
From The Economist print edition
HOW useful are ID checks in large office buildings? Is it safe to use a
credit card online? Can face-scanning systems make airports safer? Not
very, yes, and no, says Bruce Schneier in "Beyond Fear", the latest of
several books on security to have appeared since September 11th 2001.
Mr Schneier, however, comes at these questions from an unusual and
informative perspective. He is one of the world's leading experts on
computer security, and arguably the most articulate. For years, he has
explained the ins and outs of his field by drawing analogies with real-
world security. In his new book, he turns this approach on its head, using
his analytical skills, honed in the field of computer security, to
evaluate the other security measures that are now so common.
Mr Schneier boils down his knowledge into a five- step process for
determining whether the benefits of a particular security measure outweigh
the drawbacks. He then applies this process to a range of examples,
starting with the mundane--whether you should wear a money- belt while on
holiday, or install a burglar alarm in your home--and eventually
culminating with an analysis of the security measures introduced in the
name of fighting terrorism. Security, he observes, is a tax on the honest.
With America's security budget estimated at $34 billion this year, he
notes, "we're being asked to pay a lot for security, and not just in
dollars. I'd like to see us get our money's worth."
Many of the measures introduced and proposed in the past two years fail Mr
Schneier's tests. Checking IDs in large office buildings means little,
because fake IDs can easily be obtained by under-aged drinkers, let alone
by evil-doers. Moreover, the need to check IDs may prevent security guards
from noticing other activities, and the whole process may lead to a false
sense of security, thus making things worse, not better. National ID cards
would cost a lot and provide only minimal benefit. Face-recognition
systems in airports are hopeless for spotting suspects, for even if they
are 99.9% accurate and clear pictures of suspects are readily available,
the scarcity of suspects relative to honest travellers means such systems
would be swamped by false alarms. And the Department of Homeland
Security's colour-coded threat alerts, in their current form at least, are
a waste of time.
But Mr Schneier's book is no anti-authoritarian tract. He is simply
calling for sensible security. (He approves of reinforcement of aircraft
doors, for example, though not of routinely arming pilots.) Nor, despite
its subject matter, is this a gloomy book. It is often surprisingly
entertaining, with its many examples of security systems, both good and
bad, drawn from the natural world, military history and other fields.
Many examples and the themes they illustrate will be familiar to readers
of Mr Schneier's previous computer-security books, who may find this work
somewhat repetitive, but they are not its intended audience. Mr Schneier's
aim is to demystify security for a general readership and provide the
tools to evaluate and challenge badly designed and pointless security
measures. With security an increasingly obtrusive part of everyday life,
"Beyond Fear" deserves to be widely read.