Joho the Blog » Schneier’s Favorite Color is Gray
EverydayChaos
Everyday Chaos
Too Big to Know
Too Big to Know
Cluetrain 10th Anniversary edition
Cluetrain 10th Anniversary
Everything Is Miscellaneous
Everything Is Miscellaneous
Small Pieces cover
Small Pieces Loosely Joined
Cluetrain cover
Cluetrain Manifesto
My face
Speaker info
Who am I? (Blog Disclosure Form) Copy this link as RSS address Atom Feed

Schneier’s Favorite Color is Gray

Posted on:: December 17th, 2002

Kevin Marks writes “Bruce Schneier gets it” and appends this quotation to prove it:

This is law, not technology, so there are all sorts of shades of gray to this issue. The interests at stake in the original attack, the nature of the property, liberty or personal safety taken away by the counterattack, the risk of being wrong, and the availability and effectiveness of other measures are all factors that go into the assessment of whether something is morally or legally right. The RIAA bill is at one extreme because copyright is a limited property interest, and there is a great risk of wrongful deprivation of use of the computer, and of the user’s privacy and security. A strikeback that disables a dangerous Internet worm is less extreme. Clearly this is something that the courts will have to sort out.

It’s important that we brand the RIAA position as extremist. It’s also important that we recognize that software will never be able to make the Fair Use judgments that humans do. Leeway is crucial.

Kevin writes: “His ‘Secrets and Lies’ book is good on this too.” I haven’t read it, but in my experience Kevin has yet to be wrong in a recommendation.

Categories: Uncategorized

Previous: « || Next: »

21 Responses to “Schneier’s Favorite Color is Gray”

  1. Kevin Marks, on December 17th, 2002 at 1:30 pm Said:

    Here’s the book
    And the preface
    I have written this book partly to correct a mistake.

    Seven years ago I wrote another book: Applied Cryptography. In it I described a mathematical utopia: algorithms that would keep your deepest secrets safe for millennia, protocols that could perform the most fantastical electronic interactions-unregulated gambling, undetectable authentication, anonymous cash-safely and securely. In my vision cryptography was the great technological equalizer; anyone with a cheap (and getting cheaper every year) computer could have the same security as the largest government. In the second edition of the same book, written two years later, I went so far as to write: “It is insufficient to protect ourselves with laws; we need to protect ourselves with mathematics.”

    It’s just not true. Cryptography can’t do any of that.

    It’s not that cryptography has gotten weaker since 1994, or that the things I described in that book are no longer true; it’s that cryptography doesn’t exist in a vacuum.

    Cryptography is a branch of mathematics. And like all mathematics, it involves numbers, equations, and logic. Security, palpable security that you or I might find useful in our lives, involves people: things people know, relationships between people, people and how they relate to machines. Digital security involves computers: complex, unstable, buggy computers.

    Mathematics is perfect; reality is subjective. Mathematics is defined; computers are ornery. Mathematics is logical; people are erratic, capricious, and barely comprehensible.

Leave a Reply

Comments (RSS).  RSS icon