As an internationally renowned cryptography expert, American Bruce Schneier used to be a welcome visitor everywhere. But that's no longer the case. "I used to be popular with the National Security Agency," he says. "They used to invite me to their seminars, they listened to my advice. But it's over. I was very critical after Edward Snowden's revelations on their mass surveillance programs. My ratings fell."
In English-speaking media and on his blog Schneier on Security, he lashed out against one particular program called Bullrun. The NSA allegedly internationally promoted a weakened encryption algorithm that it could break. For a researcher like Schneier, such perversion of the integrity of the scientific process is unforgivable.
In the United States, "independent" cryptography — developed outside the reach of the state — is a politically engaged science, a rebellious subject. For supporters of a free Internet, data encryption is the one and only means to protect user privacy against government intrusion. There's a ongoing sort of war between libertarian encoders and government decoders, even though they sometimes work together.
Schneier has been involved in this fight in his own way for 25 years. Born in 1963, the son of a New York judge, he studied physics and computer science before specializing in cryptography, the art of encrypting messages to make them impregnable. He soon discovered that, paradoxically, the most difficult task was not to develop efficient algorithms, but rather to integrate them in easy-to-use, reliable software for non-specialists. If a piece of software is flawed, the key's impregnability is useless. Tirelessly, Schneier exhorted theorists to focus too on less noble but essential tasks, such as programming.
Now 52, Schneier leads the same hectic life as other charismatic and mediatized scientists. On top of his job as cryptography teacher at the Berkman Center for Internet & Society at Harvard University, he is also a successful writer of cryptography-popularization books and a board member for the Electronic Frontier Foundation, an association that defends Internet freedom.
Monetizing expertise
But Schneier is also a businessman. Last year, he joined *Resilient Systems, serving as Chief Technology Officer for the Boston-based technology security company founded in 2010 under the name Co3 Systems.
In that field too, his ideas proved to be original. "We offer a unique service, a full and coordinated response to a cyberattack at all possible levels: technical, legal, commercial, media," he explains. "It's the way of the future. Twenty years ago, experts were focusing on prevention with firewalls, anti-viruses, etc. Ten years ago, the trend was to detect. Now, we've understood that we couldn't prevent attacks, so we need to know how to respond to it quickly, globally."
The concept seems popular enough with companies. Resilient Systems will double its 40-person workforce in the coming months and open a new office in London. That said, Schneier insists logistics isn't part of his job. "I'm the technical director but not the CEO. I have a problem with authority. I can't obey, and I can't give orders either."
Increasingly, he writes less about computers and more about politics, philosophy, social psychology and geostrategy. More precisely, he has come to focus on the difficulty of protecting individual freedom in a context of "war on terrorism," in which government priorities are surveillance and repression.
In his next book, Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World (W.W. Norton & Company), due out in March, he addresses the reality brought to light by Edward Snowden"s revelations but that the public hasn't yet fully grasped. "U.S. government intelligence agencies work hand in hand with American Internet giants," he says. "The NSA takes advantage of the system established by Google, Facebook, Microsoft and the rest. When Gmail reads your emails, the NSA does too. It's that simple."
More generally, he questions the entire American intelligence philosophy of the past decade. "During the Cold War, the NSA's role was clearly established. They were there to protect our communications systems and spy on that of the Soviets." But everything is more blurry nowadays because the U.S. and the rest of the world use the same hardware and the same software, which are mostly American.
"The NSA is faced with a dilemma," he explains. "When it leaves a security backdoor open in a smartphone to spy on other countries, or when it decides not to fix a flaw it found, it also jeopardizes the security of Americans because other countries can also find and exploit this vulnerability." He says this is the wrong approach. "We should rather try to bolster security, even if it makes spying more difficult. In that field, open and democratic societies have more to lose than authoritarian countries."
Schneier is already working on a new book about the concept of catastrophic risk. "We have just entered a historic period that's unseen before. Two kids in a garage can inflict massive damages to a whole community, by provoking industrial accidents via digital networks, by creating a deadly bacteria with a bio-printer, etc. If a single one of us can kill us all, how will humanity survive? How can we create tools that will protect us against these new decentralized hazards?" he asks. But he doesn't have an answer, yet. "For me, writing a book is a quest. I don't have the answers to the questions I'm asking myself when I start it."
In the meantime, he continues his mission as a committed intellectual reacting to world developments. On Jan. 23, from Harvard University, he hosted a live video chat with Snowden. Of course, they talked about the virtues of cryptography, and Snowden was unequivocal. "Encryption really is the only thing we can rely on, provided that the math is correctly applied," he said. "In general, softwares aren't reliable, but math is."
As a matter of fact, he just repeated what Schneier has been saying for 25 years.
*Correction: Due to an error in the original version, an earlier version of this article misidentified Schneier as the founder of the company he currently works for. He joined in 2014 as CTO of Resilient Systems, which was founded in 2010.
