POSTS
Review: Click Here to Kill Everybody
By networking everything, we are making awesome things possible. I mean awesome in the sense of inspiring awe; much of the potential is also awful. The empowering nature of technology, particularly its tendency to become faster, cheaper, and simpler over time, means that destructive capabilities are being pushed down to small nations, corporations, organizations, and even individuals.
In his latest book, Bruce Schneier tries to sort out the risks, precautions, and likely effects of this situation. His characteristically rational perspective keeps the book calm and cautiously optimistic.
Though it does get a little dark.
The book is divided into two halves, labeled “The Trends” and “The Solutions.” That first half is filled with disturbing anecdotes of security failures in Internet-enabled devices, and it has plenty of speculation about attacks which we haven’t yet seen.
I found myself getting a little claustrophobic. I also felt betrayed to receive this kind of rhetoric from Bruce Schneier. He popularized the term “security theater,” to describe the TSA’s procedures after all. And for many years, he ran a writing competition called “The Movie Plot Threat Contest,” where he invited entrants “to submit the most unlikely, yet still plausible, terrorist attack scenarios they can come up with.”
That made the book’s sensational title so disorienting, but page after page of scary stories about hacked bank accounts, cars, and 3D printers really caught me off guard. I jotted this down while reading, “It’d take a lot for me to accuse Schneier of sensationalism, but I’m having trouble seeing how this is productive.”
The joke was on me, though. Here’s how the final chapter in that first section (ominously titled “Risks are Becoming Catastrophic”) wraps up:
[…] Devices not normally associated with critical infrastructure can also cause catastrophes. I’ve already mentioned class breaks against systems like automobiles, especially driverless cars, and medical devices. To this we can add mass murder by swarms of weaponized drones, the disruption of critical systems by ever-more-massive botnets, using biological printers to produce lethal pathogens, malicious AIs enslaving humanity, malicious code received from space aliens hacking the planet, and all the things we haven’t thought of yet.
Okay; let’s pause to catch our collective breath. We tend to panic unduly about the future. Think of all the doomsday scenarios throughout history that never happened. […]
Now, I’ve never thought of Schneier as particularly literary. He’s a strong writer, and his sense of humor peeks through occasionally, but like many well-spoken technologists, the first word I’d use to describe his style is “precise.” This transition into “The Solutions” changes that for me. The alarmism builds into an absurd crescendo and is abruptly extinguished with a wink and a nod. This is a punch line many pages in the making. Not a tactic I’d expect from a “precise” technologist, and deeply satisfying for it.
Schneier immediately launches into the second section with two compelling examples of how technological problems have already been solved thanks to social changes: e-mail spam and credit card fraud. In addition to supporting the rhetorical pivot, these examples demonstrate a sharpness I’ve come to appreciate in all of Schneier’s books. Between his monthly newsletter and regular speaking engagements, he is constantly discussing the topics that will one day comprise a book. By the time he publishes them in this format, the ideas are impressively well-honed. Just like the aforementioned discussion on incentives, the author’s explanation of regulatory capture and the precautionary principle flow off the page.
Click Here to Kill Everybody has another strength in common with so many others in the author’s catalog: breadth of reference. When I wanted to learn more about the terrifying “social credit” system China plans to enact, I turned to the back of the book, confident that I’d find some citation for further reading. I was surprised by how long it took to page through the references before I found the source of that anecdote. This cuts both ways, though: the girth of the references section makes the book appear far longer than it actually is, so I reached the conclusion far sooner than I expected.
While I found myself nodding along with most of Schneier’s arguments, I did find a few bones to pick. The first was with his take on the universality of the Internet. He writes, “[The distributed governance model] prevents a splintering–called balkanization–of the Internet that might result from totalitarian countries enforcing their own demands.” This seems overly optimistic to me. Google CEO’s have commented on the likelihood of formal bifurcation, and even today, the term “Chinese internet” (lower case “i”) seems to roll off the tongue of many tech writers. I’m still learning what might constitutes a concrete split, but unlike Schneier, I’m confident that it’s a real risk.
The author advises individuals to “encrypt as much as possible.” This aligns with most everything he’s written over the years, but when framed so starkly, the directive gives me pause. It recalls The Transparent Society, where author David Brin advocates “sousveillance” as an alternative to strong encryption for the advancement of public safety. Schneier would no doubt object to the concept, but I wish he at least acknowledged it when making recommendations like this. “Sousveillance” is a rare word in the archives of Schneier’s blog, most recently cited by (allegedly) Brin himself, so it might be that the idea has been somehow debunked since The Transparent Society (in 1998!), but I’ve not seen any indication of that.
The biggest bone I have to pick is with something Schneier didn’t write. He fills the chapter titled “How Governments Can Prioritize Defense over Offense” with suggestions about new policies and even new organizations that could be introduced to promote safety across the web. Missing from this chapter (and the entire book, actually) is a recommendation on the use and support of free and open source software. This would seem odd in a general discourse on security practices, but it’s particularly relevant for governments, where FOSS has been so consistently shunted. Schneier is a Windows user a proponent of BitLocker, so maybe I shouldn’t be surprised. I guess it just further aggravates a complaint I’ve had about his work for a long time.
On a more positive note, Click Here to Kill Everybody introduced me to a bunch of new concepts. This included the threat of compromised information integrity (particularly for decision makers), the restraint that will come when society finally appreciates data as pollution (with parallels to the initial proliferation and later reduction of nuclear power), and the legal distinction between standards and rules. That last one in particular reminds me of learning about fiduciaries in Data and Goliath. The ideas are not new, but they’re not widely recognized in the tech industry, either. As much as I like widening my own horizons, I know the book has to reach more people than me to be effective. Fresh-feeling topics like these make me hopeful that Schneier’s words might make a difference.
It’s cliched to describe today as “an exciting time to be alive,” but this book has me thinking that for different reasons. Usually, people make the claim in reference to the power of new technology and the speed at which it’s advancing. That is interesting, but I think what makes it exciting is that we’re being forced to learn. We haven’t found answers to these problems, and I’m excited by the idea that we will and that they will seem obvious in retrospect. I’m looking forward to the day where I can read this review and feel embarrassed by my lack of foresight. If that day comes, it will be thanks to a concerted effort (and maybe a few catastrophes), but we’ll be in a better place societally. It’s exciting to think that we can’t know how we’ll get there.