Why should we pay for a website

Why the IoT is killing and we should pay for Google

The slogan of your new book "Click Here to Kill Everybody" is: "A world of intelligent devices means that the internet can kill people." Isn't that a bit of an exaggeration?

Bruce Schneier: Not at all. Machines can kill people, such as cars or medical equipment. We are used to that. Counter-question: How do you get the idea that I'm exaggerating?

It sounds as if computer technology and the Internet are evil things that conspire against humans by themselves. Technology cannot be evil, it can only be misused.

Definitely, but this Internet of Things abuse risk is absolutely real. Maybe not today, but soon. Computers are vulnerable, so every self-driving car and every hospital robot will be vulnerable. Of course, machines are not evil by themselves. It takes people who click on purpose, then technology can kill. That's why I chose this slogan.

In IT, everything is currently about blockchain. What do you think of this technology?

Satoshi Nakamoto's Bitcoin whitepaper was just some concept by some crypto anarchist back in 2008. His ideas were formulated in an interesting way, but not really new. There was actually nothing of importance in it that was not previously known. Blockchain was just an evolution, not a radically new thing. The technology hasn't made a splash in the cryptography community. I and many others have therefore paid no special attention to it.

What did you think when suddenly everyone was talking about it?

I thought it was strange. You have to see Bitcoin in its history. The cryptocurrency emerged in the financial crisis of 2008. It is a product of distrust towards the banks. Bitcoin says a lot about the state of our society after this crisis.

Could it be that in 20 years we will be paying with a blockchain-based currency?

No, definitely not. We already have many forms of digital money today - credit cards, Paypal, and so on. They all work well. Nobody cares about cryptocurrencies. Furthermore, the problem in the financial world today is not IT security, but financial security. As long as nobody loses money when their bank is hacked, it will stay that way.

What can we do with blockchain technology today that wasn't possible before?

So far, I don't see any purpose for the blockchain. The question is of course important. Bitcoin is unique in a way because it represents value in the digital world. But Bitcoin's problems are far greater than its benefits. Apart from that, I haven't come across a single use case for the blockchain. Every company that relies on the blockchain today could actually do without it. Nobody has ever had a problem for which the blockchain is a solution. Instead, people take the technology and go looking for problems.

What about the hundreds of companies that - especially in Switzerland - develop blockchain solutions?

For them, technology is primarily a PR tool. They will drop the blockchain again when it becomes clear that it does not add any value.

Hyperledger boss Brian Behlendorf had a completely opposite statement on the subject in an interview at the Hyperledger Forum. Read here how he justified his opinion.

There are many demands for more openness and transparency in IT - open source, open access to the Internet, open data. Isn't cryptography going in the wrong direction?

Open is great, and cryptography enables this openness. Cryptography does not go in one direction, but creates properties of systems. If that quality is openness, there is no contradiction between the two.

But doesn't the increasing encryption of communication conflict with the principle of openness?

We can of course expose all communications on the planet, but is that desirable? Would you want everyone to be able to read the private conversations with your partner?

No of course not.

There you have it.

Digital technology influences business, politics and society. How does this affect our world?

The implications are huge and I don't think we fully understand them yet. We are only just beginning to grasp them.

What is the role of cybersecurity in this context?

In a world where everything is a computer, cybersecurity becomes central to security. It becomes national security, democratic security, personal security, or medical security. Everything is conveyed through computers and that is why cybersecurity is the be-all and end-all.

Some praise digital technology as a solution to human problems - poverty, disease or even climate change ...

... Which is, of course, ridiculous. We have known that for a long time. But it's true, techno utopias are widespread in the IT industry.

What do you think of these utopians with your experience as a security expert?

Digital technologies are fundamentally human. You cannot solve social problems as easily as some imagine. More and more people are realizing that too. There are fewer techno utopias today than there were two or three years ago. Brexit and the US elections have shown that. The new public skepticism towards Google and Facebook is also a sign of this change of heart.

In the US, companies were broken up by the state in the past when their market power became too great. Is this fate also flourishing for Google, Amazon & Co.?

Yes it will happen. Maybe not soon, but at some point it will come to that. At the moment it is still difficult to imagine, because these companies are perceived as too big and powerful for something to be dangerous for them.

Critics say that the business model of companies like Google or Facebook is fundamentally wrong because it is not based on payments but on user monitoring. How do you see it

This discussion is about whether surveillance capitalism as a business model is a good idea. And yes, there are good reasons to assume that surveillance capitalism is undesirable and that such firms should not exist. That is why we should have this discussion. However, it is not yet being taken seriously, also because the business model almost naturally arose from the Internet.

Are there any alternative business models? Should we pay Google for each search query individually?

There are many alternatives for internet companies. What you are suggesting would be microtransactions. Another option would be a subscription. State funding is also conceivable. Corporations made money long before they spied on people. You will find other ways to make money, I am not worried about that at all.

What has been the most important technological development in the last ten years?

Difficult to say, probably something in the biotech area. That's where I would look if I had to.

Which technologies will shape the world in the next ten years?

If I'd know that! I'm really bad at questions like that. What I know: Technologies often emerge that nobody expected, so I don't want to commit myself to them.

IT is becoming more and more intelligent and efficient. How will people be able to keep up?

It may well be that computers will depend on people at some point - maybe in 20, maybe in 1000 years. We are hardly the peak of evolution. The problem with artificial intelligence is that the technology does not evolve linearly. What hardly seems possible today can be solved easily tomorrow - and vice versa. It is therefore very difficult to make forecasts. So we don't even know what to keep up with.

Let's talk about IT security again. As a cybersecurity specialist - what worries keep you awake at night?

The security problems of computer systems that can physically directly affect the world. With the Internet of Things and the networking of all machines, the way we use computers is changing. This has profound consequences that we do not fully understand today. I am very worried about that.

"What keeps IT security experts awake" - read more about IT security here.

That's the problem, what's the solution?

You can read about that in my new book, two thirds of which are about solutions. It is about regulation, licenses, standards and ways in which other incentives can be set in the market. The missing link in the chain are the state authorities. With their help we can solve the problems.

Are we more vulnerable to cyber risk today than in the past?

In any case. Not because the attackers got better or cybersecurity deteriorated, but because computers are becoming more and more intimate and vital. With the new role computers play in our everyday lives, risk has also changed. As I said, cars and medical technology will probably be the first areas in which computers kill people. But there are many other risk areas, such as power plants, food production, drones and weapon systems.

How will the threats from the Internet of Things change the job of those responsible for IT security in the company?

This is an important question, but we still don't know the answer to it today. His job will have to change, there is no doubt about that.

Cybersecurity isn't just a software issue. Bloomberg reported on an attempt by the Chinese military to place spy chips on US server boards ...

... What most people no longer believe to be true. Nobody really knows. Nobody can provide evidence for it or against it, that's the real story.

How real is the danger of such hardware hacking?

The danger is very real and known. But if you were China and you wanted to spy on US servers, you wouldn't put a device in it that consumes space, weight, and power. That would be very stupid. They would build something into the software like everyone else does. If this spy chip actually existed, we would have already seen a picture of it. Even so, Bloomberg didn't withdraw the report, a crazy story.

Encryption specialists, cyber criminals and government agencies are in a race for control over digital information. Can anyone win this race or will we be forced to compromise?

Nobody can win this race. To win it would mean that it would come to an end. But it will probably continue like this as long as IT exists in its current form, i.e. at least in the foreseeable future.

Some call quantum computers the end of cryptography, as it can be used to crack encryption. What will this technology change in cybersecurity?

Not too much. My colleagues and I are of course taking this matter seriously and are thinking about the time after the breakthrough of the quantum computer. For example, we are working intensively on the development of quantum-resistant public key algorithms. Quantum computing is not even in its infancy right now. We do not yet know what is safe and what is not. The quantum computer is not a catastrophe for cryptography. We will survive.

Read more about IBM's first commercial quantum computer here.

To person

Bruce Schneier is an internationally recognized security expert, the "Economist" dubbed him a "security guru". He is the author of 13 books as well as numerous articles, essays and academic papers. Schneier has testified before the US Congress, is a frequent guest on television and radio, and has served on several government committees. He is a fellow at the Berkman Klein Center for Internet & Society at Harvard University, a board member of the Electronic Frontier Foundation, and special advisor for IBM Security and Chief Technology Officer at IBM Resilient.