What do you think?
Rate this book
Click Here to Kill Everybody: Security and Survival in a Hyper-connected World
From driverless cars to smart thermostats, the Internet now has direct effects on the physical world. Although this computerized future, often called the Internet of Things, carries enormous potential, best- selling author Bruce Schneier argues that catastrophe awaits in its new vulnerabilities and dangers. Forget data theft; cutting- edge digital attackers can now literally crash your car, pacemaker, and home security system, as well as everyone else’s.
In Click Here to Kill Everybody, Schneier “sets out detailed solutions that should be required reading for politicians across the world” (Financial Times). From principles for a more resilient Internet of Things to a recipe for sane government oversight, Schneier’s vision is required reading for anyone invested in human flourishing.
“Sober, lucid and often wise in diagnosing how the security challenges posed by the expanding Internet came about, and in proposing what should (but probably won’t) be done about them.” — Nature
In Click Here to Kill Everybody, Schneier “sets out detailed solutions that should be required reading for politicians across the world” (Financial Times). From principles for a more resilient Internet of Things to a recipe for sane government oversight, Schneier’s vision is required reading for anyone invested in human flourishing.
“Sober, lucid and often wise in diagnosing how the security challenges posed by the expanding Internet came about, and in proposing what should (but probably won’t) be done about them.” — Nature
336 pages, Paperback
First published May 22, 2019
364 people are currently reading
3371 people want to read
About the author
Bruce Schneier
56 books630 followersBruce Schneier is a renowned security technologist, called a “security guru” by the Economist. He has written more than one dozen books, including the New York Times bestseller Data and Goliath (2014) and Click Here to Kill Everybody (2018). He teaches at the Harvard Kennedy School and lives in Cambridge, Massachusetts.
Ratings & Reviews
Friends & Following
Create a free account to discover what your friends think of this book!
Community Reviews
Displaying 1 - 30 of 130 reviews
February 6, 2019
Schneier is a good businessman. His deal: fear. And hopefully some governmental control that will impose hiring businesses like his on higher fees.
The book is using a technique called cherry picking. As the title implies, he than inflates his cherries up to the size of a small elephant. Finally, Schneier starts crying how each one of you are going to die because the North Korean government has guessed the password to your neighbor's security camera pointed to a street on which you have no exit.
On the technical side, Schneier is mildly competent, in the sense that he knows more than a provincial rookie journalist on how to secure his Free Gmail account.
The book is using a technique called cherry picking. As the title implies, he than inflates his cherries up to the size of a small elephant. Finally, Schneier starts crying how each one of you are going to die because the North Korean government has guessed the password to your neighbor's security camera pointed to a street on which you have no exit.
On the technical side, Schneier is mildly competent, in the sense that he knows more than a provincial rookie journalist on how to secure his Free Gmail account.
January 6, 2020
Interesante ensayo sobre el internet de las cosas (IoT por sus siglas en inglés) para un público general que da las claves de su funcionamiento, avisa de sus peligros y aporta posibles soluciones para evitarlos. Muy detallado ya que tiene en cuenta todos los escenarios y tremendamente adictivo (los primeros capítulos vuelan). Tiene más de cien páginas de notas, para mí innecesarias pero por lo demás un ensayo muy potente con un lenguaje muy accesible y que es imposible que te deje indiferente.
September 16, 2021
This book is more about politics than practical cybersecurity tips. Schneier tells why the Internet's increasing size and interconnectedness makes it more powerful but less secure. He calls on people (primarily Americans) to push for governmental policy to secure the Internet+, his name for the expanded Internet that includes the Internet of Things (IoT). I skimmed those parts because I'm more interested in the technical and behavioral aspects of cybersecurity than in governmental policy.
This book has even fewer practical tips than the few that are in Data and Goliath. Schneier's advice is focused on getting you to call on the government take a role in cybersecurity.
Schneier admits that the book's title is hyperbolic clickbait meant to make the point that "advances in technology allow attacks to scale, and better technology means that fewer attackers can do more damage." He gives examples of cyber attacks against cars, power plants, airplanes, medical devices, and infrastructure.
He describes the problem and his proposed solution this way:
Notes
Part 1: The Trends
With IoT (Internet of Things), "computer security will become everything security."
Computers Are Still Hard to Secure
Over the next few years, Schneier expects ransomware to hit IoT devices and other embedded computers.
Risks are Becoming Catastrophic
CIA triad: confidentiality, integrity, availability. "Basically, the three things I can do with your data are steal a copy of it, modify it, or delete it." "Confidentiality threats are about privacy, but integrity and availability threats are really about safety."
Part 2: The Solutions
What a Secure Internet+ Looks Like
Government Is Who Enables Security
If you want good people to be able to secure their data, as a side effect criminals and terrorists will be able to secure their data.
3 reasons encryption doesn't prevent law-enforcement and from solving crimes
1. Metadata can't be encrypted. Law enforcement can always learn who is talking to whom, and when, and where, even if they don't know what is said.
2. When people use third parties for data storage and processing, that data can't be encrypted. That data will always be available with a warrant, and sometimes without.
3. IoT devices are giving law enforcement new data streams that aren't end-to-end encrypted, allowing for surveillance.
Schneier says just as we expect US government to protect US companies from physical attack by a foreign governments, we should expect US government to protect US companies from cyber attacks by foreign governments.
Where Policy Can Go Wrong
Backdoors for law enforcement hurt security for everyone, because backdoors can be exploited by anyone.
Why hacking back ("active cyber defense") is a bad idea
1. It's difficult to know for sure who is attacking you.
2. It could create an international incident and lead to cyber war.
3. It's ripe for abuse; organizations could stage being attacked as an excuse to attack competitors.
4. Hostilities could easily escalate. Third parties could trick to organizations into battling.
5. There's no evidence it improves security or deters attacks.
Conclusion: Bring Technology and Policy Together
AI (artificial intelligence) will bring balance to the conflict between offense and defense, lessening attackers' advantages of speed, surprise, complexity.
This book has even fewer practical tips than the few that are in Data and Goliath. Schneier's advice is focused on getting you to call on the government take a role in cybersecurity.
Schneier admits that the book's title is hyperbolic clickbait meant to make the point that "advances in technology allow attacks to scale, and better technology means that fewer attackers can do more damage." He gives examples of cyber attacks against cars, power plants, airplanes, medical devices, and infrastructure.
He describes the problem and his proposed solution this way:
The Internet+ is coming. … It'll change security, too: more autonomy, more real-world consequences, fewer off switches, and much greater risks. … We need to start building security systems as robust as the threats. We need laws and policies that address the threats and the economics and the psychology properly.Schneir goes on to say,
It's important to talk now about what good Internet+ security policy will look like, when we have time to do it slowly and carefully, and before a catastrophe occurs. … I argue for good government doing good. This can be a tough argument to make, and there is a lot of potential for government to be ineffective or even harmful. But I don't see any other option.I read this to increase my knowledge of digital security and privacy.
Notes
Part 1: The Trends
With IoT (Internet of Things), "computer security will become everything security."
Computers Are Still Hard to Secure
Former National Cyber Security Center director Rod Beckstrom summarized it this way: (1) anything connected to the Internet can be hacked; (2) everything is being connected to the Internet; (3) as a result, everything is becoming vulnerable.Everyone Favors Insecurity
Over the next few years, Schneier expects ransomware to hit IoT devices and other embedded computers.
Risks are Becoming Catastrophic
CIA triad: confidentiality, integrity, availability. "Basically, the three things I can do with your data are steal a copy of it, modify it, or delete it." "Confidentiality threats are about privacy, but integrity and availability threats are really about safety."
Part 2: The Solutions
What a Secure Internet+ Looks Like
I think that people moving their data and processing into the cloud is our most fruitful avenue for security improvements. … Cloud providers have both the security expertise and economies of scale that individuals and small businesses black, and anything that gives people security without their having to become security experts is a win.Disconnecting systems can enhance security. Separate, distributed systems can be less susceptible to attack the large, centralized, interconnected systems.
Government Is Who Enables Security
Government is by far the most common way we improve our collective security, and it is almost certainly the most efficient. It's how we change business incentives. It's how we pay for common defense. It's how we solve collective action problems and prevent free riding.How Governments Can Prioritize Defense Over Offense
If you want good people to be able to secure their data, as a side effect criminals and terrorists will be able to secure their data.
3 reasons encryption doesn't prevent law-enforcement and from solving crimes
1. Metadata can't be encrypted. Law enforcement can always learn who is talking to whom, and when, and where, even if they don't know what is said.
2. When people use third parties for data storage and processing, that data can't be encrypted. That data will always be available with a warrant, and sometimes without.
3. IoT devices are giving law enforcement new data streams that aren't end-to-end encrypted, allowing for surveillance.
Schneier says just as we expect US government to protect US companies from physical attack by a foreign governments, we should expect US government to protect US companies from cyber attacks by foreign governments.
Where Policy Can Go Wrong
Backdoors for law enforcement hurt security for everyone, because backdoors can be exploited by anyone.
Why hacking back ("active cyber defense") is a bad idea
1. It's difficult to know for sure who is attacking you.
2. It could create an international incident and lead to cyber war.
3. It's ripe for abuse; organizations could stage being attacked as an excuse to attack competitors.
4. Hostilities could easily escalate. Third parties could trick to organizations into battling.
5. There's no evidence it improves security or deters attacks.
Conclusion: Bring Technology and Policy Together
AI (artificial intelligence) will bring balance to the conflict between offense and defense, lessening attackers' advantages of speed, surprise, complexity.
September 19, 2021
If you are in the tech industry you already know that IoT devices are sloppily coded and incredibly insecure, so that part of the book won't be new information. You will also already know that the Internet itself isn't particularly secure (see: all the data breaches in the past X years). But even having this background the book is still interesting from a policy perspective (and for giving me another reason to hate the DMCA).
The long story short here is that governments don't like encryption or timely patching of vulnerabilities because it makes it hard for them to spy on other countries and their own citizens (under the guise of national security and catching criminals in Western democracies, and in the interest of tamping down dissent and targeting rivals in more totalitarian countries). But a lack of encryption and patches puts all sorts of data, infrastructure, and proprietary works at risk at not just an individual level, but also for companies and the governments exploiting the insecurities in the first place.
A big part of the problem is the lack of technical knowledge in our politicians, but also because, relatively speaking, the Internet (or the Internet+ as Schneier refers to the Internet, IoT, and the people who use and develop these systems) is still in its infancy. New technologies tend to not have a lot of regulation around them until they start killing people, and as the click-bait title of the book suggests, we're just now on the cusp of that becoming a reality -- through the hacking of autonomous vehicles, hacking of implanted medical devices, or in one doomsday scenario Schneier presents, the 3D printing of biological weapons (this one feels like a bit of a stretch, but they have been able to 3D print corneas this year so... ¯\_(ツ)_/¯).
Don't read this book if you are looking for solid actions you can take RIGHT NOW to keep your data and devices more secure, because honestly there is only so much you can do: turn on encryption or use encrypted apps; download and install updates (from legitimate sources) as soon as they become available; and vote for more technically savvy politicians.
Do read this book if you are interested in: some of the history behind various hacks; reading someone rightfully disparage* multiple law enforcement agencies for relying too heavily on retrieving data off of people's phones and forgetting about old school techniques that worked before people had high tech devices; scaring yourself with doomsday scenarios of Russia taking out our power grid; and pondering over potential government regulations that could help fix some but not all of the problems.
---
*He raked the FBI and James Comey across the coals here a little bit, which I did too when I read Comey's book and Comey was having a melt down about wanting the tech industry to install back doors into their software and the various companies balking at that suggestion.
The long story short here is that governments don't like encryption or timely patching of vulnerabilities because it makes it hard for them to spy on other countries and their own citizens (under the guise of national security and catching criminals in Western democracies, and in the interest of tamping down dissent and targeting rivals in more totalitarian countries). But a lack of encryption and patches puts all sorts of data, infrastructure, and proprietary works at risk at not just an individual level, but also for companies and the governments exploiting the insecurities in the first place.
A big part of the problem is the lack of technical knowledge in our politicians, but also because, relatively speaking, the Internet (or the Internet+ as Schneier refers to the Internet, IoT, and the people who use and develop these systems) is still in its infancy. New technologies tend to not have a lot of regulation around them until they start killing people, and as the click-bait title of the book suggests, we're just now on the cusp of that becoming a reality -- through the hacking of autonomous vehicles, hacking of implanted medical devices, or in one doomsday scenario Schneier presents, the 3D printing of biological weapons (this one feels like a bit of a stretch, but they have been able to 3D print corneas this year so... ¯\_(ツ)_/¯).
Don't read this book if you are looking for solid actions you can take RIGHT NOW to keep your data and devices more secure, because honestly there is only so much you can do: turn on encryption or use encrypted apps; download and install updates (from legitimate sources) as soon as they become available; and vote for more technically savvy politicians.
Do read this book if you are interested in: some of the history behind various hacks; reading someone rightfully disparage* multiple law enforcement agencies for relying too heavily on retrieving data off of people's phones and forgetting about old school techniques that worked before people had high tech devices; scaring yourself with doomsday scenarios of Russia taking out our power grid; and pondering over potential government regulations that could help fix some but not all of the problems.
---
*He raked the FBI and James Comey across the coals here a little bit, which I did too when I read Comey's book and Comey was having a melt down about wanting the tech industry to install back doors into their software and the various companies balking at that suggestion.
January 27, 2019
Quite an interesting read about current hot topics in the world of computer security. If you're well versed in this subject, you will probably not find anything new, but it is still a good book.
It is interesting to observe how some of the reviews posted here criticize the suggestion to solve the problem through regulation, because the government itself has a history of screwing up or abusing its power.
Not all governments are alike. It takes a few good players to do the right thing, in order to influence others to adapt better practices. For example the GDPR in the EU is a step in the right direction. Even though it is only a "European thing", it affects pretty much everyone else too [if they "touch" the personal data of EU citizens]. So, if one wants a piece of this market, they have to comply - so it's a win-win.
Better transparency in data handling practices will ensure that when consumers "vote with their wallet", they will not only choose by looking at the "megapixels, megabytes and gigahertz", but they will also consider privacy and security aspects that are highlighted on the packaging.
People are looking for "high-fructose corn syrup", "no GMO" and "organic" on food products, yet none of these were "a thing" in the past. With security and privacy it is the same pattern - these aspects are only discussed by experts, so consumers cannot make decisions based on this data. However, it will change, if product labeling practices are changed too (and this is where regulation can do the trick).
One attempt to make such a "privacy facts" label that follows the GDPR mindset is documented and evaluated in this paper: https://www.zenodo.org/record/1621795 (DOI 10.1145/3236112.3236126)
It is interesting to observe how some of the reviews posted here criticize the suggestion to solve the problem through regulation, because the government itself has a history of screwing up or abusing its power.
Not all governments are alike. It takes a few good players to do the right thing, in order to influence others to adapt better practices. For example the GDPR in the EU is a step in the right direction. Even though it is only a "European thing", it affects pretty much everyone else too [if they "touch" the personal data of EU citizens]. So, if one wants a piece of this market, they have to comply - so it's a win-win.
Better transparency in data handling practices will ensure that when consumers "vote with their wallet", they will not only choose by looking at the "megapixels, megabytes and gigahertz", but they will also consider privacy and security aspects that are highlighted on the packaging.
People are looking for "high-fructose corn syrup", "no GMO" and "organic" on food products, yet none of these were "a thing" in the past. With security and privacy it is the same pattern - these aspects are only discussed by experts, so consumers cannot make decisions based on this data. However, it will change, if product labeling practices are changed too (and this is where regulation can do the trick).
One attempt to make such a "privacy facts" label that follows the GDPR mindset is documented and evaluated in this paper: https://www.zenodo.org/record/1621795 (DOI 10.1145/3236112.3236126)
October 12, 2018
THE SKY IS FALLING!
Just kidding. That isn't the tone that this book takes. It presents scary facts about the problems of lack of security on the internet, but soberly. Like for instance the ability for hackers to shut down a power grid (has already happened), disable hospital operations (already happened), or shut down someone's car while they are driving it (possible but hasn't happened yet). As more and more of our devices get connected to the internet, which he refers to as Internet+, more and more risks appear.
The author knows what he is talking about, having worked on computer security for years. He lays out very carefully what some of the risks are. He presents ideas for the sorts of changes and regulations that would need to be enacted to mitigate those risks. But he is clear-headed enough to know those rational changes will not happen. Security is an afterthought in most software design. Nobody has much incentive to make the big changes necessary. Government regulations won't happen until after some major disaster, and will probably be very wrong-headed regulations.
So, yeah, the sky is falling. The calmness in the way he speaks of it, though, lulls me to sleep. Falling sky? That sounds nice. I'll go back to bed now.
Just kidding. That isn't the tone that this book takes. It presents scary facts about the problems of lack of security on the internet, but soberly. Like for instance the ability for hackers to shut down a power grid (has already happened), disable hospital operations (already happened), or shut down someone's car while they are driving it (possible but hasn't happened yet). As more and more of our devices get connected to the internet, which he refers to as Internet+, more and more risks appear.
The author knows what he is talking about, having worked on computer security for years. He lays out very carefully what some of the risks are. He presents ideas for the sorts of changes and regulations that would need to be enacted to mitigate those risks. But he is clear-headed enough to know those rational changes will not happen. Security is an afterthought in most software design. Nobody has much incentive to make the big changes necessary. Government regulations won't happen until after some major disaster, and will probably be very wrong-headed regulations.
So, yeah, the sky is falling. The calmness in the way he speaks of it, though, lulls me to sleep. Falling sky? That sounds nice. I'll go back to bed now.
March 11, 2019
Really good intro into the issue, doesn’t go too far into detail and doesn’t require technical knowledge. Lots of good concrete examples of what is already happening due to internet insecurity and how this can continue to worsen if steps are not taken! The internet is literally EVERYWHERE now, everything is a computer and it’s dumb how government doesn’t seem to take that too seriously. Proves yet again that our current system doesn’t allow politicians to deal with long term issues which is dumb as hell. Not really about personal steps you can take as the average consumer since like in all other industries government regulation is needed! When pacemakers, cars, bioprinters and power stations all connect to the internet/ are hackable we need to secure that shit!!
Shall leave you with my fav tidbits
1. that perhaps a way to help combat insecurity would lead to us eventually needing internet insurance the same way we have car or home insurance
2. Criminals asking for ransom have a victim helpline to help you send the ransom money. Way to rub that shit in the victims face man. That’s big dick energy for sure.
PS Why do so many nonfiction books get boring by the last 75 pages?
PPS We’re no longer in the era of Charles Dickens, stop repeating yourself so often and get to the meat of the issue. Hence why you’re only getting a 4 star my guy.
Shall leave you with my fav tidbits
1. that perhaps a way to help combat insecurity would lead to us eventually needing internet insurance the same way we have car or home insurance
2. Criminals asking for ransom have a victim helpline to help you send the ransom money. Way to rub that shit in the victims face man. That’s big dick energy for sure.
PS Why do so many nonfiction books get boring by the last 75 pages?
PPS We’re no longer in the era of Charles Dickens, stop repeating yourself so often and get to the meat of the issue. Hence why you’re only getting a 4 star my guy.
August 29, 2020
Excellent book for anyone, who is trying to get oriented in the topic of digital, hence general security and privacy. As Bruce Schneier argues, everything is now internet, everything is getting networked and connected, even our homes, cars etc. - therefore taking care of our digital security is becoming the equivavelnt of holding house keys and being concerned about our security in general. This book can be a good starter for individuals, but also for policy makers.
January 3, 2019
Nontechnical overview of the current cyber-political landscape.
February 22, 2021
Disclaimer: this is the book review I turned in for a class, and I almost died writing it, so I don't have the strength to do more than copy/paste. If it doesn't sound like my usual breezy review style, that's why. Many apologies.
Bruce Schneier is a technologist and security expert who has written about security since the 90’s. He is a fellow at the Berkman Center for Internet and Society at Harvard University and has published books, articles, and academic papers about cybersecurity. In his 2016 book, Data and Goliath, he warned about the mass surveillance issues associated with big data. In Click Here to Kill Everybody, he tackles the dangers of our increasingly interconnected planet and the Internet of Things (IoT).
Schneier says, “It used to be that things had computers in them. Now they are computers with things attached to them.” He asserts that even if we don’t think of cars or refrigerators as computers when we buy them, the fact that they are raises serious security concerns. If computers are vulnerable to attack, and if everything is a computer, the threats have escalated from loss of data to loss of life and property, where an attack could crash a car or an airplane, sabotage someone’s pacemaker, or shut down a city power grid. Throughout the book, Schneier uses the term “Internet+” as shorthand for the interconnected computer systems that are “the Internet + Things + Us.”
Since the book is directed to a general audience, the author is careful to explain terminology that may be new to readers, such as the CIA triad used to describe information security, which consists of confidentiality, integrity, and availability. His explanations are clear and thorough, with enough review when terms are used in different chapters, that a layperson never feels lost. The book is heavily cited (78 pages’ worth) and easy to navigate back and forth from text to citations on an electronic version (his citation method is less user-friendly with a print copy). His citations can also be found on the book’s website https://www.schneier.com/books/click-... (Links to an external site.), and any updates after April 2018 will be found on this page.
The book is written as an overview to raise awareness of the issues and draw a larger audience into the discussion. Schneier says himself he’s offering breadth rather than depth. The book has two parts: The Trends and The Solutions. In Part 1, he discusses why Internet+ has so many security problems (it was never designed with security in mind), and why security isn’t prioritized by companies or government agencies. He says, “Insecurity is in the interests of both corporations and governments…Corporations want insecurity for reasons of profit. Governments want it for reasons of law enforcement, social control, international espionage, and cyberattack.” Most of Part 1 will be review for longtime followers of Schneier’s writing. Newcomers may be overwhelmed by these chapters because the picture they paint is certainly dire. Schneier provides ample, persuasive documentation of vulnerabilities in such things as infrastructure, health equipment, cars, data integrity, algorithms, and supply chains. He says new risks “arise from the very nature of Internet+, which encompasses and connects almost everything, making it all vulnerable at the same time.” In Part 2, Schneier outlines his ideas for securing Internet+. Many of his ideas need further discussion and fleshing out, which the author readily admits, calling them “a bunch of great ideas that won’t happen anytime soon.” Most of his solutions depend on the cooperation of tech companies and government, which leaves the reader perhaps more informed by the end of the book but not necessarily empowered.
The research that went into this book is one of its greatest strengths, and Schneier has a clear, persuasive writing style that makes the subject matter accessible to the general public. There’s a lot to absorb, and Schneier probably would have been able to make his case without quite the bombardment of doom that made up the early chapters of the book. It’s clearly a topic he’s passionate about, and for good reason. Even though the reader may not have a clear sense of direction of their role in the larger solutions outlined in Part 2, the information in the book will still raise awareness of the issues and be useful for decisions made as a consumer.
This book is recommended for general collections in both public and academic libraries. The information is useful for consumers in general, and it provides a good introduction to current cybersecurity issues for students and individuals interested in educating themselves on the subject
Bruce Schneier is a technologist and security expert who has written about security since the 90’s. He is a fellow at the Berkman Center for Internet and Society at Harvard University and has published books, articles, and academic papers about cybersecurity. In his 2016 book, Data and Goliath, he warned about the mass surveillance issues associated with big data. In Click Here to Kill Everybody, he tackles the dangers of our increasingly interconnected planet and the Internet of Things (IoT).
Schneier says, “It used to be that things had computers in them. Now they are computers with things attached to them.” He asserts that even if we don’t think of cars or refrigerators as computers when we buy them, the fact that they are raises serious security concerns. If computers are vulnerable to attack, and if everything is a computer, the threats have escalated from loss of data to loss of life and property, where an attack could crash a car or an airplane, sabotage someone’s pacemaker, or shut down a city power grid. Throughout the book, Schneier uses the term “Internet+” as shorthand for the interconnected computer systems that are “the Internet + Things + Us.”
Since the book is directed to a general audience, the author is careful to explain terminology that may be new to readers, such as the CIA triad used to describe information security, which consists of confidentiality, integrity, and availability. His explanations are clear and thorough, with enough review when terms are used in different chapters, that a layperson never feels lost. The book is heavily cited (78 pages’ worth) and easy to navigate back and forth from text to citations on an electronic version (his citation method is less user-friendly with a print copy). His citations can also be found on the book’s website https://www.schneier.com/books/click-... (Links to an external site.), and any updates after April 2018 will be found on this page.
The book is written as an overview to raise awareness of the issues and draw a larger audience into the discussion. Schneier says himself he’s offering breadth rather than depth. The book has two parts: The Trends and The Solutions. In Part 1, he discusses why Internet+ has so many security problems (it was never designed with security in mind), and why security isn’t prioritized by companies or government agencies. He says, “Insecurity is in the interests of both corporations and governments…Corporations want insecurity for reasons of profit. Governments want it for reasons of law enforcement, social control, international espionage, and cyberattack.” Most of Part 1 will be review for longtime followers of Schneier’s writing. Newcomers may be overwhelmed by these chapters because the picture they paint is certainly dire. Schneier provides ample, persuasive documentation of vulnerabilities in such things as infrastructure, health equipment, cars, data integrity, algorithms, and supply chains. He says new risks “arise from the very nature of Internet+, which encompasses and connects almost everything, making it all vulnerable at the same time.” In Part 2, Schneier outlines his ideas for securing Internet+. Many of his ideas need further discussion and fleshing out, which the author readily admits, calling them “a bunch of great ideas that won’t happen anytime soon.” Most of his solutions depend on the cooperation of tech companies and government, which leaves the reader perhaps more informed by the end of the book but not necessarily empowered.
The research that went into this book is one of its greatest strengths, and Schneier has a clear, persuasive writing style that makes the subject matter accessible to the general public. There’s a lot to absorb, and Schneier probably would have been able to make his case without quite the bombardment of doom that made up the early chapters of the book. It’s clearly a topic he’s passionate about, and for good reason. Even though the reader may not have a clear sense of direction of their role in the larger solutions outlined in Part 2, the information in the book will still raise awareness of the issues and be useful for decisions made as a consumer.
This book is recommended for general collections in both public and academic libraries. The information is useful for consumers in general, and it provides a good introduction to current cybersecurity issues for students and individuals interested in educating themselves on the subject
March 21, 2021
A thorough analysis of the cyber security risks imposed by the internet, more specially the growing connection of IoT devices to our networks.
Schneier discusses things like product vulnerabilities and the ease of cyber attacks, the governments desire of surveillance over security, and the lack of transparency given to the public by corporations.
He proposes strong plans for the improvement of global cyber security and data privacy, along with how government policy done right can help turn us in a direction to a better, safe, and peaceful inter-connected world.
Overall, a very informative (albeit terrifying) view into how unstable everything really is (even if it’s all a little cherrypicked). He does repeat a little too much sometimes, and a few of his proposals for the future seem rather implausible, but nonetheless a great read.
Schneier discusses things like product vulnerabilities and the ease of cyber attacks, the governments desire of surveillance over security, and the lack of transparency given to the public by corporations.
He proposes strong plans for the improvement of global cyber security and data privacy, along with how government policy done right can help turn us in a direction to a better, safe, and peaceful inter-connected world.
Overall, a very informative (albeit terrifying) view into how unstable everything really is (even if it’s all a little cherrypicked). He does repeat a little too much sometimes, and a few of his proposals for the future seem rather implausible, but nonetheless a great read.
This entire review has been hidden because of spoilers.
August 22, 2020
Bruce Schneier's 'Data and Goliath' was one of the first books I read on cyber-security and was part of the reason in me becoming paranoid, social media hermit. 'Click Here...' picks up right where that one left off, so much so that the first part of the book is essentially a summary and retread of general cyber-security threats discussed previously. While personally, I did not feel it to be redundant and appreciated having a recap of what came before, other readers might want to take note of this fact.
The later part is where the book differentiates itself from its predecessor. With the first one focusing on an overview of cyber-security threats and some personal steps that can be taken to mitigate the risks, here the author focuses on the bigger picture. Instead of tips on what each reader can individually do to protect themselves in the scary inter-webs, the exploration here is around potential policy ideas and fixes that can remedy the issue at a macro level. As someone who is currently stepping into the world of public policy and cyber-security, needless to say, this was exactly what I was looking for.
There is no one stop solution to the myriad of issues and I doubt if there can ever be an all encompassing solution. But the frameworks presented here through which the problems can be approached is insightful and offers ideas that could be formulated into policies. In that sense, this is more of an enabler to find the answers than a book of answers in itself. Though the title is hyperbolic (the author acknowledges as much), it is not difficult to see the need to start thinking about macro level solutions to these problems.
The later part is where the book differentiates itself from its predecessor. With the first one focusing on an overview of cyber-security threats and some personal steps that can be taken to mitigate the risks, here the author focuses on the bigger picture. Instead of tips on what each reader can individually do to protect themselves in the scary inter-webs, the exploration here is around potential policy ideas and fixes that can remedy the issue at a macro level. As someone who is currently stepping into the world of public policy and cyber-security, needless to say, this was exactly what I was looking for.
There is no one stop solution to the myriad of issues and I doubt if there can ever be an all encompassing solution. But the frameworks presented here through which the problems can be approached is insightful and offers ideas that could be formulated into policies. In that sense, this is more of an enabler to find the answers than a book of answers in itself. Though the title is hyperbolic (the author acknowledges as much), it is not difficult to see the need to start thinking about macro level solutions to these problems.
February 2, 2019
The author is a legend in the field and the book gives us a great overview of the cybersecurity field and its upcoming issues. The focus is on governance and international relations theory rather than technology and that might be better for general audiences but it does not intersect with my interests in the discipline. The book is extremely well referenced, perhaps too well, since a lot of the links lead to blogs and websites which require further investigation of their reliability. His explanations are generally well written but occasionally he uses too many classification and enumeration schemes to convey information which makes it hard to follow and understand his ideas. While I am mostly on board with Schneier's views, we can agree to disagree on certain topics and specifically his tendency to give vague and magical solutions to extremely complex problems. For instance, the idea for a change from military metaphors in cyberspace to environmental ones is nonsensical without firmly defined steps. All in all, it is a decent book that could be entertaining for any type of reader, regardless of their background.
November 12, 2018
Schneier is the most technically knowledgeable and pragmatically wisest Internet security expert. His newest book is a timely gem, with even bleeding edge current examples from 2017/18. Appropriate for Novices and exports alike, the endnotes both prove everything and offer countless ideal avenues to greater depth.
“We need to create a nurturer the field of public interest technologists.“ (p10) hey, that’s me!
“None of the companies that make implantable medical devices will allow patients access to their own data, and there’s nothing anyone can do about it. The data is owned by the companies.“ (p63)
He like insurance as a market enforcement mechanism, and I’m not sure I share that enthusiasm. “ Insurance is also self reinforcing mechanism for improving security and safety, while still allowing companies room to innovate.” “if we require people who purchase dangerous technology to also purchase insurance, then we are affectively privatizing the regulation of those technologies. The market will determine what the insurance will cost…” (p132)
I do love the call for critical investing by government in cybersec regulation and Internet infrastructure. (P141-145...)
The number one most clear thing to me after reading this book is: describing the massive problems and dangers is much easier than finding solutions, even for the preeminent experts. Notably the chapters on how laws and regulations could be done harmfully seemed easy to write.
“We need to create a nurturer the field of public interest technologists.“ (p10) hey, that’s me!
“None of the companies that make implantable medical devices will allow patients access to their own data, and there’s nothing anyone can do about it. The data is owned by the companies.“ (p63)
He like insurance as a market enforcement mechanism, and I’m not sure I share that enthusiasm. “ Insurance is also self reinforcing mechanism for improving security and safety, while still allowing companies room to innovate.” “if we require people who purchase dangerous technology to also purchase insurance, then we are affectively privatizing the regulation of those technologies. The market will determine what the insurance will cost…” (p132)
I do love the call for critical investing by government in cybersec regulation and Internet infrastructure. (P141-145...)
The number one most clear thing to me after reading this book is: describing the massive problems and dangers is much easier than finding solutions, even for the preeminent experts. Notably the chapters on how laws and regulations could be done harmfully seemed easy to write.
March 11, 2020
Con una tonelada de ejemplos y una bibliografía bastante extensa e interesante Bruce Schneier nos muestra el sombrío panorama de la seguridad informática.
El reto es gigante: actualmente nos enfrentamos como dice el autor, a problemas del siglo XXI con mentalidad del siglo XX y con legislación del siglo XIX (en algunos países incluso del XVIII). Lá única esperanza es que la política y la tecnología trabajen de la mano, pero sinceramente dudo que eso suceda en el corto plazo. Prepárense! Lo peor está por venir.
Este libro debería ser de obligatoria lectura en colegios y universidades. Totalmente recomendado.
El reto es gigante: actualmente nos enfrentamos como dice el autor, a problemas del siglo XXI con mentalidad del siglo XX y con legislación del siglo XIX (en algunos países incluso del XVIII). Lá única esperanza es que la política y la tecnología trabajen de la mano, pero sinceramente dudo que eso suceda en el corto plazo. Prepárense! Lo peor está por venir.
Este libro debería ser de obligatoria lectura en colegios y universidades. Totalmente recomendado.
October 17, 2018
Steinbra bok om informasjons- og cybersikring; nåværende trender og framtidige løsninger. Helt klart obligatorisk lesning for alle som har et fnugg av interesse for området. Og det bør egentlig gjelde de fleste (!)
Lettfattelig og godt skrevet med masse eksempler og «war stories» underveis. Denne boken kombinerer økonomisk teori, politikk og informasjonssikring på en fabelaktig måte, og gir leserne en god forståelse for hvorfor vi kan være på vei «rett åt skogen» sikringsmessig.
Lettfattelig og godt skrevet med masse eksempler og «war stories» underveis. Denne boken kombinerer økonomisk teori, politikk og informasjonssikring på en fabelaktig måte, og gir leserne en god forståelse for hvorfor vi kan være på vei «rett åt skogen» sikringsmessig.
November 30, 2018
Perhaps the most meaningless term in information security is though leader. I know what it is supposed to mean, but many people who consider themselves information security thought leaders are anything but that. Nonetheless, if there is anyone who is a thought leader in the true sense of the term, it’s Bruce Schneier. Schneier has written on near every aspect of information security. From cryptography, data collection, privacy, spying, and much more.
In his latest work: Click Here to Kill Everybody: Security and Survival in a Hyper-connected World (W. W. Norton 978-0393608885), Schneier takes on the Internet of Things and smart devices. The premise of the book is that with so many smart devices now in use and more coming on the market, devices that can literally kill people, more needs to be done to ensure the security of these devices. He makes that point that everything is a computer now. A smartphone is not a telephone; rather it is a computer that makes telephone calls, and a lot more. With the IoT, everything from thermostats, cars, to pacemakers and more will be computers.
As to the term IoT, Schneier writes that it is really more than just the Internet of Things. It is really Internet + Things. Or more accurately, Internet + Things + Us. He ends up using the term Internet+ throughout the book. It is the us element which is different here. As these devices in the past which were more peripheral, now have the power, if misused, to one day kill us.
The first part of the book deals with the issues of security in an interconnected world. For those who are regular readers of Schneier’s blog or his previous books, a lot of part 1 will be a review.
But an important point he makes in part 1, which set the tone of the overall tone, is that many of the world’s most valuable companies, you’ll find a number of them that engage in surveillance capitalism. From Google, Facebook, Amazon, to Microsoft, eBay and more. Apple is the exception, as it makes money only via hardware and software. And that is why its prices are higher than the competition.
Part 2 starts off on a rather disheartening note that the security of Internet+ looks pretty bleak, and that it won’t get better anytime soon. Schneier though provides ten high-level design principles to improve the privacy and security of Internet+, in addition to 7 principles to secure data. None of the suggestions are new or radical, which emphasizes that many older security fundamentals are not being implemented in Internet+ devices. That alone should be a significant cause for concern.
Schneier does make some radical suggestions, including the need to start disconnecting systems. This might be heresy in today’s hyper-connected world, but a connected device is a device that can be attacked. If you can’t secure a complex system (and Internet+ is inherently complex), then you may not want to design a system where everything is connected. That is likely easier said than done, but does indicate the level of insecurity within Internet+.
Schenier wrote the book on encryption (literally), and emphasizes the importance of trying to encrypt as much as possible. Given he knows so much about encryption, he also is pragmatic enough to know that encryption is not a panacea. While the data might be encrypted, there are still attacks against authentication systems, which can render that encrypted data into plaintext rather quickly. And encryption still doesn’t stop government attacks where they may be able to hack the underlying hardware.
Schneier thinks regulation can go a long way in security Internet+, but notes there is little meaningful regulation that has come out to date.
Aside from the clickbait title, this book shows Schneier at his pragmatic best. He understands the problems (including the technical, ethical, business and pollical aspects) in depth, and suggests realistic solutions to deal with the security challenges of Internet+. He writes that it is important that the technology community get involved in the politics and policy process of Internet+, as it’s imperative that those making the policy understand the technology. And as the recent Facebook hearings shows: Congress still doesn’t really get technology.
At 225 pages, Schneier makes a strong case for security around Internet+. He notes that security is not enough of an impetus to force manufacturers to change their insecure ways, and that regulation is not always the most effective method. It’s up to consumers to a large part to demand better security.
Products are getting more connected and the underlying security issues more complex. Schneier reiterates that complexity is the worst enemy of security. Internet+ brings on some pretty complex scenarios, and the security controls that Schneier feels are fundamental, are simply not implemented yet. While we are years away from an app where someone can click to kill a person, Click Here to Kill Everybody: Security and Survival in a Hyper-connected World makes the case that unless something is done, rather quickly, that horror scenario will be a script-kiddie exercise in a short while.
A fascinating and timely read, this book is another information security wake-up call from Schneier, to a world that is in a deep sleep about information security, privacy and risk.
In his latest work: Click Here to Kill Everybody: Security and Survival in a Hyper-connected World (W. W. Norton 978-0393608885), Schneier takes on the Internet of Things and smart devices. The premise of the book is that with so many smart devices now in use and more coming on the market, devices that can literally kill people, more needs to be done to ensure the security of these devices. He makes that point that everything is a computer now. A smartphone is not a telephone; rather it is a computer that makes telephone calls, and a lot more. With the IoT, everything from thermostats, cars, to pacemakers and more will be computers.
As to the term IoT, Schneier writes that it is really more than just the Internet of Things. It is really Internet + Things. Or more accurately, Internet + Things + Us. He ends up using the term Internet+ throughout the book. It is the us element which is different here. As these devices in the past which were more peripheral, now have the power, if misused, to one day kill us.
The first part of the book deals with the issues of security in an interconnected world. For those who are regular readers of Schneier’s blog or his previous books, a lot of part 1 will be a review.
But an important point he makes in part 1, which set the tone of the overall tone, is that many of the world’s most valuable companies, you’ll find a number of them that engage in surveillance capitalism. From Google, Facebook, Amazon, to Microsoft, eBay and more. Apple is the exception, as it makes money only via hardware and software. And that is why its prices are higher than the competition.
Part 2 starts off on a rather disheartening note that the security of Internet+ looks pretty bleak, and that it won’t get better anytime soon. Schneier though provides ten high-level design principles to improve the privacy and security of Internet+, in addition to 7 principles to secure data. None of the suggestions are new or radical, which emphasizes that many older security fundamentals are not being implemented in Internet+ devices. That alone should be a significant cause for concern.
Schneier does make some radical suggestions, including the need to start disconnecting systems. This might be heresy in today’s hyper-connected world, but a connected device is a device that can be attacked. If you can’t secure a complex system (and Internet+ is inherently complex), then you may not want to design a system where everything is connected. That is likely easier said than done, but does indicate the level of insecurity within Internet+.
Schenier wrote the book on encryption (literally), and emphasizes the importance of trying to encrypt as much as possible. Given he knows so much about encryption, he also is pragmatic enough to know that encryption is not a panacea. While the data might be encrypted, there are still attacks against authentication systems, which can render that encrypted data into plaintext rather quickly. And encryption still doesn’t stop government attacks where they may be able to hack the underlying hardware.
Schneier thinks regulation can go a long way in security Internet+, but notes there is little meaningful regulation that has come out to date.
Aside from the clickbait title, this book shows Schneier at his pragmatic best. He understands the problems (including the technical, ethical, business and pollical aspects) in depth, and suggests realistic solutions to deal with the security challenges of Internet+. He writes that it is important that the technology community get involved in the politics and policy process of Internet+, as it’s imperative that those making the policy understand the technology. And as the recent Facebook hearings shows: Congress still doesn’t really get technology.
At 225 pages, Schneier makes a strong case for security around Internet+. He notes that security is not enough of an impetus to force manufacturers to change their insecure ways, and that regulation is not always the most effective method. It’s up to consumers to a large part to demand better security.
Products are getting more connected and the underlying security issues more complex. Schneier reiterates that complexity is the worst enemy of security. Internet+ brings on some pretty complex scenarios, and the security controls that Schneier feels are fundamental, are simply not implemented yet. While we are years away from an app where someone can click to kill a person, Click Here to Kill Everybody: Security and Survival in a Hyper-connected World makes the case that unless something is done, rather quickly, that horror scenario will be a script-kiddie exercise in a short while.
A fascinating and timely read, this book is another information security wake-up call from Schneier, to a world that is in a deep sleep about information security, privacy and risk.
June 20, 2022
No-nonsense nontechnical intro to current cybersecurity issues with possible solutions. Schneier is one of the few that can provide a readable and realistic review of what he calls Internet+. Recommend to anyone interested.
Read
July 15, 2019Awesome as influencer book. Bruce discusses defense over offense strategy and practices.
June 15, 2023
I read this book when it was first published and re-read it five years later. While the threats were identified, it seems that the governments and technology companies haven't done much about it. Our computers, telephones, cars are still vulnerable and so are power grids, refineries and other aspects of our non-digital life.
October 8, 2023
This book discusses the topic of the internet and technological insecurity, how it impacts us, and what we can do to secure our information technology systems. The book is intended to give a wide basis for many aspects of internet insecurity and solutions to fix it, so it doesn’t have a ton of detail or specifics, but it provides good information for the average reader who lacks extensive knowledge on the subject. The book is divided into two parts, one part describing the insecurities and the other discussing solutions.
The title of the book suggests its thesis, to show how insecurities in our technology can hurt us or even kill us all. That is most of part one of the books, part two is just how we can fix the problems. The book goes on to suggest that our current technology is so insecure because society, government, and businesses want it that way. This may seem ridiculous to most people, but give it a read, Schneier makes a solid argument for this claim. The insecurities of our systems make it easy for anyone to steal our data, alter the information we see, destroy infrastructure, start wars, disrupt society, and kill people. But not to worry, for part two says that if we can work together, society, government, and business, we can make everything secure. As if that is going to ever happen.
Although I think that many of the claims in this book are quite solid, there are also many flaws, especially with the strategies of how to solve them. The book contains many great examples of how internet insecurities have already been an issue, for individuals, corporations, and governments. These examples do really help back up the claims in part one of the book, as they show how attackers can harm many or even “kill everyone”. He also gives many great claims as to why society accepts these risks, giving reasons about people that I will admit I agree with; that in most cases I prefer insecurity. However as to why people let the government and corporations steal their data and spy on them, the book provides little beyond people just simply not knowing any better, yet I see many people discuss these topics all the time in life.
Part two on the other hand is much more limited in supporting the potential solutions. Although many great examples are brought in as to why we need a solution, as well as examples of solutions, they fall short of reality. Most of the examples of other countries and organizations creating solutions have ultimately had minor impact in real life, and five years later when I am reviewing the book, nothing has changed, even from the examples he provided that were supposed to be solutions. I will admit though, even if the solutions are not convincing, he is doing the best with what examples are available, which is not much. Furthermore, he addresses the shortcoming of policy changes in the introduction on page 11, saying that he is unable to give good policy changes or methods to advocate for said policies. And the major argument for solution, which is that we all need to work together, and that some participating parties will cause others to participate, I don’t see happening anytime soon, as globally we have not been able to do so for much of anything.
Overall, I enjoyed this book, and it gave many insights into data insecurity that as an average person I didn’t know much about. I think that if everyone were to realize the insecurity of our systems and the problems they can cause, it might help people make better decisions and force companies and governments to respect people’s desire for privacy. But that is speculative, just as Schneider’s solutions are, which I declared flawed. But those flaws are understandable, as we have no solid answers for a solution, so I guess it’s okay. So give it a read, it might make you think differently of the technology you use every day.
The title of the book suggests its thesis, to show how insecurities in our technology can hurt us or even kill us all. That is most of part one of the books, part two is just how we can fix the problems. The book goes on to suggest that our current technology is so insecure because society, government, and businesses want it that way. This may seem ridiculous to most people, but give it a read, Schneier makes a solid argument for this claim. The insecurities of our systems make it easy for anyone to steal our data, alter the information we see, destroy infrastructure, start wars, disrupt society, and kill people. But not to worry, for part two says that if we can work together, society, government, and business, we can make everything secure. As if that is going to ever happen.
Although I think that many of the claims in this book are quite solid, there are also many flaws, especially with the strategies of how to solve them. The book contains many great examples of how internet insecurities have already been an issue, for individuals, corporations, and governments. These examples do really help back up the claims in part one of the book, as they show how attackers can harm many or even “kill everyone”. He also gives many great claims as to why society accepts these risks, giving reasons about people that I will admit I agree with; that in most cases I prefer insecurity. However as to why people let the government and corporations steal their data and spy on them, the book provides little beyond people just simply not knowing any better, yet I see many people discuss these topics all the time in life.
Part two on the other hand is much more limited in supporting the potential solutions. Although many great examples are brought in as to why we need a solution, as well as examples of solutions, they fall short of reality. Most of the examples of other countries and organizations creating solutions have ultimately had minor impact in real life, and five years later when I am reviewing the book, nothing has changed, even from the examples he provided that were supposed to be solutions. I will admit though, even if the solutions are not convincing, he is doing the best with what examples are available, which is not much. Furthermore, he addresses the shortcoming of policy changes in the introduction on page 11, saying that he is unable to give good policy changes or methods to advocate for said policies. And the major argument for solution, which is that we all need to work together, and that some participating parties will cause others to participate, I don’t see happening anytime soon, as globally we have not been able to do so for much of anything.
Overall, I enjoyed this book, and it gave many insights into data insecurity that as an average person I didn’t know much about. I think that if everyone were to realize the insecurity of our systems and the problems they can cause, it might help people make better decisions and force companies and governments to respect people’s desire for privacy. But that is speculative, just as Schneider’s solutions are, which I declared flawed. But those flaws are understandable, as we have no solid answers for a solution, so I guess it’s okay. So give it a read, it might make you think differently of the technology you use every day.
August 24, 2024
Frankly, I was a little disappointed with Click Here to Kill Everybody by Bruce Schneier. Now. how bold does one have to be to register disagreements and disappointment with perhaps the most important voice in the cryptographic and cybersecurity community in the 21st century? It's not that I think I know better than Bruce Schneier; I certainly don't. But his focus was just so far off of where we can be that I think he lost sight of the small communities of people who are accomplishing what mainstream computer and internet-of-things companies are not. It's from the small communities that Linux and Bitcoin arose, and Schneier ignores these small communities to the detriment of his policy proposals.
Here's what the curmudgeonly cypherpunks, the Theo de Raadts and Richard Stallmans of the world have been showing us for years, that Schneier should have incorporated into his prescriptions for improvement:
1. Free and open source software is the technological embodiment of the scientific method. Among the values of the scientific process is throwing open the doors wide to all possible verifiers and critics, imposing no barriers to entry but welcoming and inviting all inspection and replication to ensure that knowledge asserted is true and accurate to the best of everyone's ability to verify. Free and open source software does the same, explicitly welcoming contributions and feedback from all users, distributors, auditors, reviewers, paying customers, and even forkers. This openness to input from outsiders is what builds the robustness that has resulted in the success of Linux, for one example, and the internet itself. By contrast, closed-source software and IoT device manufacturers are trying to tell the consumers and end-users, "NO YOU CAN'T HAVE OUR PRECIOUS INTELLECTUAL PROPERTY JUST TRUST US OKAY" and there is nothing else to say about that except: "that's stupid. Simply stop trusting them. The end." And Schneier didn't say to simply stop trusting them.
2. A secure, private network can be built atop a chaotic, insecure one, as long as the end-to-end connectivity is reliable. We can make our own communities and enforce our own standards as private groups, enacting any of the policies Schneier advocates (or that anyone else advocates, for that matter) as long as the traffic can get from one end to the other reliably. Schneier himself could be building the kinds of networks with the kinds of regulation he thinks would work, rather than trying to push for politicians and corporations to act in his interest. In fact some of the small communities I've referred to above are already doing this, and it's getting to the point now where self-hosting/home-server hobbyists can provide better security and privacy than what the big-name corporations offer. Schneier might do well to actually "be the change he wants to see in the world" rather than write books of ideas for other people to implement.
Schneier deserves a lot of credit for the work he did in this book to accurately present the current state of the internet and the many examples of failures, and some of his advocacy positions have merit. But because he just assumed that what's popular now is the necessary starting point for future action, and overlooked the smaller communities that are demonstrating we don't have to participate in the latest fads and "enshittification" trends from big-name companies, he's missing a lot of concrete actions that we as consumers (and even Schneier himself as an expert) can take right now, today, to make our lives better and not be at the mercy of corporations and governments.
Here's what the curmudgeonly cypherpunks, the Theo de Raadts and Richard Stallmans of the world have been showing us for years, that Schneier should have incorporated into his prescriptions for improvement:
1. Free and open source software is the technological embodiment of the scientific method. Among the values of the scientific process is throwing open the doors wide to all possible verifiers and critics, imposing no barriers to entry but welcoming and inviting all inspection and replication to ensure that knowledge asserted is true and accurate to the best of everyone's ability to verify. Free and open source software does the same, explicitly welcoming contributions and feedback from all users, distributors, auditors, reviewers, paying customers, and even forkers. This openness to input from outsiders is what builds the robustness that has resulted in the success of Linux, for one example, and the internet itself. By contrast, closed-source software and IoT device manufacturers are trying to tell the consumers and end-users, "NO YOU CAN'T HAVE OUR PRECIOUS INTELLECTUAL PROPERTY JUST TRUST US OKAY" and there is nothing else to say about that except: "that's stupid. Simply stop trusting them. The end." And Schneier didn't say to simply stop trusting them.
2. A secure, private network can be built atop a chaotic, insecure one, as long as the end-to-end connectivity is reliable. We can make our own communities and enforce our own standards as private groups, enacting any of the policies Schneier advocates (or that anyone else advocates, for that matter) as long as the traffic can get from one end to the other reliably. Schneier himself could be building the kinds of networks with the kinds of regulation he thinks would work, rather than trying to push for politicians and corporations to act in his interest. In fact some of the small communities I've referred to above are already doing this, and it's getting to the point now where self-hosting/home-server hobbyists can provide better security and privacy than what the big-name corporations offer. Schneier might do well to actually "be the change he wants to see in the world" rather than write books of ideas for other people to implement.
Schneier deserves a lot of credit for the work he did in this book to accurately present the current state of the internet and the many examples of failures, and some of his advocacy positions have merit. But because he just assumed that what's popular now is the necessary starting point for future action, and overlooked the smaller communities that are demonstrating we don't have to participate in the latest fads and "enshittification" trends from big-name companies, he's missing a lot of concrete actions that we as consumers (and even Schneier himself as an expert) can take right now, today, to make our lives better and not be at the mercy of corporations and governments.
October 9, 2023
Introduction
"Click Here to Kill Everybody" by Bruce Schneier takes us on a journey through the world of internet security and connected technology, which impacts all of us, whether we’re tech-savvy or not. The book wants to help a wide range of people, like everyday internet users, policy makers, and tech experts, understand the potential dangers of our heavily connected world and think about ways to make it safer.
Summary
Schneier talks about something he calls "Internet+," which is not just our regular internet but also all the things that are connected to it, like our smart refrigerators, cars, and more. He argues that while these connected gadgets make our lives easier in many ways, they also open doors to new kinds of dangers and threats. The main point he makes is that the more we step into a world where everything is connected - from our coffee maker to national defense systems - the more we expose ourselves to possible attacks from bad actors. This book connects well to themes we’ve discussed about information technology and society because it shows the two-edged sword of tech: it makes things convenient but can also expose us to risks if not properly managed.
Evaluation
Bruce Schneier's book does a really solid job painting a picture of what's going on in the world of internet security. He makes use of real-life examples, which helps put things into perspective and make the topics approachable for folks who might not know much about technology or cybersecurity. He speaks plainly, avoiding too much jargon, which is super helpful for regular readers but might leave those who know a lot about tech wanting more.
However, while Schneier's great at showing us where the problems lie, his ideas for how to fix them might be a bit too hopeful. He talks a lot about new rules and everyone around the world working together to sort out internet security issues. But anyone who’s watched the news knows that getting countries to agree on things and make big changes can be really tricky. So, while his ideas are interesting and worth thinking about, they might not be as easy to put into action as he suggests. He doesn’t ignore the hard stuff but maybe doesn’t give it the weight it deserves. This can leave the reader feeling like they’ve been shown a big, scary problem without being given a real, workable way to address it. So, Schneier’s book is a bit of a mixed bag – excellent at revealing issues in our connected world, but perhaps a bit too light on giving us practical paths forward.
Discussion and Conclusion
In conclusion, "Click Here to Kill Everybody" is an eye-opening read that shows us how our connected world is like a double-edged sword, bringing us cool features but also new dangers. Schneier's writing is clear and understandable, and his examples are super relatable. However, while he draws a clear picture of the problems we face, his solutions might be easier said than done. Nevertheless, it's a valuable read for anyone who wants to understand the invisible wires that connect our modern lives, as well as the hidden traps that may come with them.
"Click Here to Kill Everybody" by Bruce Schneier takes us on a journey through the world of internet security and connected technology, which impacts all of us, whether we’re tech-savvy or not. The book wants to help a wide range of people, like everyday internet users, policy makers, and tech experts, understand the potential dangers of our heavily connected world and think about ways to make it safer.
Summary
Schneier talks about something he calls "Internet+," which is not just our regular internet but also all the things that are connected to it, like our smart refrigerators, cars, and more. He argues that while these connected gadgets make our lives easier in many ways, they also open doors to new kinds of dangers and threats. The main point he makes is that the more we step into a world where everything is connected - from our coffee maker to national defense systems - the more we expose ourselves to possible attacks from bad actors. This book connects well to themes we’ve discussed about information technology and society because it shows the two-edged sword of tech: it makes things convenient but can also expose us to risks if not properly managed.
Evaluation
Bruce Schneier's book does a really solid job painting a picture of what's going on in the world of internet security. He makes use of real-life examples, which helps put things into perspective and make the topics approachable for folks who might not know much about technology or cybersecurity. He speaks plainly, avoiding too much jargon, which is super helpful for regular readers but might leave those who know a lot about tech wanting more.
However, while Schneier's great at showing us where the problems lie, his ideas for how to fix them might be a bit too hopeful. He talks a lot about new rules and everyone around the world working together to sort out internet security issues. But anyone who’s watched the news knows that getting countries to agree on things and make big changes can be really tricky. So, while his ideas are interesting and worth thinking about, they might not be as easy to put into action as he suggests. He doesn’t ignore the hard stuff but maybe doesn’t give it the weight it deserves. This can leave the reader feeling like they’ve been shown a big, scary problem without being given a real, workable way to address it. So, Schneier’s book is a bit of a mixed bag – excellent at revealing issues in our connected world, but perhaps a bit too light on giving us practical paths forward.
Discussion and Conclusion
In conclusion, "Click Here to Kill Everybody" is an eye-opening read that shows us how our connected world is like a double-edged sword, bringing us cool features but also new dangers. Schneier's writing is clear and understandable, and his examples are super relatable. However, while he draws a clear picture of the problems we face, his solutions might be easier said than done. Nevertheless, it's a valuable read for anyone who wants to understand the invisible wires that connect our modern lives, as well as the hidden traps that may come with them.
Read
March 29, 2020Where did I pick up mr. schnier’s elegant tome on the lack of “security” out there on amid the world wide webs? It’s certainly not the kind of thing I’m given to reading, being more of the neoliberal persuasion (should I re-read the neapolitan trilogy, with its safely distant yet diligently familiar tales of feminism and socialism, yet again?) but I think I should be reading more of these hard, tough wonky adventures through the wires of unknown words.
I quite like his ability to tie together a bunch of news stories together into a cohesive history, from the equifax data break to the jeremiads against surveillance capitalism regularly published in the stylish alt-weekly’s I like to read online (baffle me, baby). The scenarios of elegant cybercrimes he outlined were such fun to read and imagine (the titular cybermurdering, less so). While the book’s second half was comparatively boring, with all its dumb suggestions of how to change the world by changing things I don’t care about, it did give the give the writer, a fine-looking beard-scratching crypto hippie who lectures at harvard, the chance to betray his casual disinterest in the world outside of so-called “critical infrastructure” and those who think they are building such things. Are they? Why do shadowy companies matter more than, I dunno, cool hipsters? it's a question that I don't think mr. schnier has thought of once in his life and I think of it every day of mine.
It’s sad that so much of our life is governed by people with such a limited imagination. But you see it everywhere: in means testing rhetoric outside of this book as much as much in the semi-libertarian assertions inside, all that government-hurts-as-much-as-it-helps yada yada. And then he finally packs this into his conclusion:
In my fantasy world, policy decisions look like they do in Star Trek: The Next Generation. There, everyone sits around a conference table and the technologists explain the meaning of data and scientific realities to Captain Picard. Picard listens, considers the facts and his options, then makes a policy decision informed by science and technology.
We’ll never be enough, us poor humans, for these awful nerds.
I quite like his ability to tie together a bunch of news stories together into a cohesive history, from the equifax data break to the jeremiads against surveillance capitalism regularly published in the stylish alt-weekly’s I like to read online (baffle me, baby). The scenarios of elegant cybercrimes he outlined were such fun to read and imagine (the titular cybermurdering, less so). While the book’s second half was comparatively boring, with all its dumb suggestions of how to change the world by changing things I don’t care about, it did give the give the writer, a fine-looking beard-scratching crypto hippie who lectures at harvard, the chance to betray his casual disinterest in the world outside of so-called “critical infrastructure” and those who think they are building such things. Are they? Why do shadowy companies matter more than, I dunno, cool hipsters? it's a question that I don't think mr. schnier has thought of once in his life and I think of it every day of mine.
It’s sad that so much of our life is governed by people with such a limited imagination. But you see it everywhere: in means testing rhetoric outside of this book as much as much in the semi-libertarian assertions inside, all that government-hurts-as-much-as-it-helps yada yada. And then he finally packs this into his conclusion:
In my fantasy world, policy decisions look like they do in Star Trek: The Next Generation. There, everyone sits around a conference table and the technologists explain the meaning of data and scientific realities to Captain Picard. Picard listens, considers the facts and his options, then makes a policy decision informed by science and technology.
We’ll never be enough, us poor humans, for these awful nerds.
March 21, 2021
Overall Impressions
Another excellent volume full of plain language that wrestles with the intersection of Technology and Public Policy.
The last 30% of the book pages are sources and academic support. Like other Schneier books, this is not merely opinion or speculation; it’s expertise.
The Main Argument
• Everything is becoming a computer. A phone is no longer just a phone, but a computer running a phone application. As chips get cheaper, market economics are putting more computers into more products both for features benefiting users and for gathering data about those users.
• Chip manufacturers are moving away from specialized chips to more general-purpose chips where mass production makes them cheaper. Soon it will be less expensive to include Internet connectivity than to remove it.
• More and more Internet-connected sensors are being embedded everywhere (such as streetlights, and video surveillance) and more and more physical devices are being controlled remotely (such as in factories, pipelines, and the power grid).
• More and more decisions are being made by Artificial Intelligence, Machine Learning, and algorithms (such as stock market trading and dynamic pricing). We have a complex hyper-connected world where systems are increasingly interconnected and self-regulating with properties emerging that we can’t predict, and humans can’t control.
• There is a convergence of autonomous computer-controlled switches, valves, and signals affecting the physical world all connected by the Internet –which was designed without security. This leaves us vulnerable to damage and disruption of critical infrastructure and supply chains which can lead to catastrophic human suffering.
Summary
The rest of the book discusses specific vulnerabilities, risks, human tendencies, corporate and governmental interests benefitting from the current insecurity, and how Public Policy can eventually lead to a solution or lead to making things even worse.
Another excellent volume full of plain language that wrestles with the intersection of Technology and Public Policy.
The last 30% of the book pages are sources and academic support. Like other Schneier books, this is not merely opinion or speculation; it’s expertise.
The Main Argument
• Everything is becoming a computer. A phone is no longer just a phone, but a computer running a phone application. As chips get cheaper, market economics are putting more computers into more products both for features benefiting users and for gathering data about those users.
• Chip manufacturers are moving away from specialized chips to more general-purpose chips where mass production makes them cheaper. Soon it will be less expensive to include Internet connectivity than to remove it.
• More and more Internet-connected sensors are being embedded everywhere (such as streetlights, and video surveillance) and more and more physical devices are being controlled remotely (such as in factories, pipelines, and the power grid).
• More and more decisions are being made by Artificial Intelligence, Machine Learning, and algorithms (such as stock market trading and dynamic pricing). We have a complex hyper-connected world where systems are increasingly interconnected and self-regulating with properties emerging that we can’t predict, and humans can’t control.
• There is a convergence of autonomous computer-controlled switches, valves, and signals affecting the physical world all connected by the Internet –which was designed without security. This leaves us vulnerable to damage and disruption of critical infrastructure and supply chains which can lead to catastrophic human suffering.
Summary
The rest of the book discusses specific vulnerabilities, risks, human tendencies, corporate and governmental interests benefitting from the current insecurity, and how Public Policy can eventually lead to a solution or lead to making things even worse.
December 9, 2018
Click Here to Kill Everybody is a worthy, non-sensationalist, yet sobering, up-to-date read, especially for anyone who isn't caught up on the societal impact of information security.
For readers of other recent books on this subject, there’s not a whole lot of groundbreaking stuff. However, this book expands on the author’s previous writing on problems facing our increasingly interconnected world. With some discussion on the importance of the EU GDPR, the book attempts to broaden the views of a US centric audience.
Bruce Schneier is such an articulate writer on the intersection of society and tech that I personally find it useful to get his views on stuff every few years when he releases new books. His output tends to reflect recent events, and while he offers no simple answers, he's very clear on what questions to ask.
Schneier views on the need for regulation of tech is also so against the mainstream of (US) tech groupthink that I’m pretty sure he might be heading towards being out of favor among Google et al.
Yet, Schneier has strong, sensible arguments on the need to avoid outlawing strong cryptography, and all these other truly harebrained ideas gov’t and law enforcement people tend to develop.
Near the end of the book, a strong case is made for young professionals seeking work in what Schneier calls Public Interest Technology, much like, according to Schneier, many US law students go on to work in the field of Public Interest Law in the beginning of their careers.
I think this, and many other aspects of the book makes it relevant for the technically inclined who personally want to influence the world in a positive way. Likewise for techies, the book makes excellent reading material to hand out and discuss with non-technical audiences.
After all, having such conversations is at the very core of the book's message.
For readers of other recent books on this subject, there’s not a whole lot of groundbreaking stuff. However, this book expands on the author’s previous writing on problems facing our increasingly interconnected world. With some discussion on the importance of the EU GDPR, the book attempts to broaden the views of a US centric audience.
Bruce Schneier is such an articulate writer on the intersection of society and tech that I personally find it useful to get his views on stuff every few years when he releases new books. His output tends to reflect recent events, and while he offers no simple answers, he's very clear on what questions to ask.
Schneier views on the need for regulation of tech is also so against the mainstream of (US) tech groupthink that I’m pretty sure he might be heading towards being out of favor among Google et al.
Yet, Schneier has strong, sensible arguments on the need to avoid outlawing strong cryptography, and all these other truly harebrained ideas gov’t and law enforcement people tend to develop.
Near the end of the book, a strong case is made for young professionals seeking work in what Schneier calls Public Interest Technology, much like, according to Schneier, many US law students go on to work in the field of Public Interest Law in the beginning of their careers.
I think this, and many other aspects of the book makes it relevant for the technically inclined who personally want to influence the world in a positive way. Likewise for techies, the book makes excellent reading material to hand out and discuss with non-technical audiences.
After all, having such conversations is at the very core of the book's message.
December 31, 2021
Loved the tech exposition, did not care for the leftist bigger-government solutioneering to combat the problem. Not to say he's wrong about the need for regulation, the apparent need for regulation with the force of law to enforce compliance /might/ be necessary, I haven't thought about it enough, so my opinion has to be in-check for now.
Nevertheless! I would not trust the author to write/influence that regulation, nor would I trust the current US/EU governments of the 2020s to make & enforce such regulation.
COVID-19 has taught us many things, sadly, the era in which I encountered and read this book. The first and foremost of these is that government doesn't really care about you, government doesn't really care about the truth or the pursuit of the truth (in fact, it's normally quite exactly the opposite, to the extent of mass redaction and classification to keep it hidden), or what will work well and be an actual solution to an actual problem. Government cares about tax farming and taxpayer control. You are a single stalk of corn in their cornfield, a single beef cow in their herd. In government's view, we the governed exist exclusively for their benefit. We are chattel to it. The beef farmer weeps not for the cow sold on to the feedlot to become tasty steaks and jerky.
But the author *is* absolutely spot-on with the technical discussion here. The risk is real, the vulnerabilities are real, and he knows what he's talking about in teaching you about them.
If you enjoy this subject, seek out "Security Now!" with host Steve Gibson, on the TWiT podcast network. You'll get solid technical takes on the news of the week affecting computer/IT security. The author's works are frequent source material.
Nevertheless! I would not trust the author to write/influence that regulation, nor would I trust the current US/EU governments of the 2020s to make & enforce such regulation.
COVID-19 has taught us many things, sadly, the era in which I encountered and read this book. The first and foremost of these is that government doesn't really care about you, government doesn't really care about the truth or the pursuit of the truth (in fact, it's normally quite exactly the opposite, to the extent of mass redaction and classification to keep it hidden), or what will work well and be an actual solution to an actual problem. Government cares about tax farming and taxpayer control. You are a single stalk of corn in their cornfield, a single beef cow in their herd. In government's view, we the governed exist exclusively for their benefit. We are chattel to it. The beef farmer weeps not for the cow sold on to the feedlot to become tasty steaks and jerky.
But the author *is* absolutely spot-on with the technical discussion here. The risk is real, the vulnerabilities are real, and he knows what he's talking about in teaching you about them.
If you enjoy this subject, seek out "Security Now!" with host Steve Gibson, on the TWiT podcast network. You'll get solid technical takes on the news of the week affecting computer/IT security. The author's works are frequent source material.
November 1, 2018
This book is a great primer on the types of issues that we face with internet technology becoming embedded in everything. It explains them at a level the average person can understand as well as exploring some ways to approach resolve those issues. The key to the situation is openness and asking the right questions. This book is a springboard to asking the right questions so we can get to better answers.
Some quotes from the book--
On why we should not allow even law enforcement to have so-called "backdoors":
"Imagine that every house could be opened with a master key, and this was known to the criminals. Fixing those locks would also mean that criminals' safe houses would be more secure, but it's pretty clear that this downside would be worth the trade-off of protecting everyone's house."
"Just as we don't think about road rage and car bombs in the same way, even though they both involve cars, we can't treat all cyber threats the in the same way. I don't think US policy makers understand that yet, but they'll need to if we want them to act reasonably and responsibly."
"...we are much more likely to engineer our way out of the problems we face than we are to restrict our way out of them."
"Despite the pessimistic tone of much of this book, I am optimistic about cybersecurity in the long term. Eventually, we will solve this."
"...the mutual distrust between government and tech companies--is dangerous...."
Some quotes from the book--
On why we should not allow even law enforcement to have so-called "backdoors":
"Imagine that every house could be opened with a master key, and this was known to the criminals. Fixing those locks would also mean that criminals' safe houses would be more secure, but it's pretty clear that this downside would be worth the trade-off of protecting everyone's house."
"Just as we don't think about road rage and car bombs in the same way, even though they both involve cars, we can't treat all cyber threats the in the same way. I don't think US policy makers understand that yet, but they'll need to if we want them to act reasonably and responsibly."
"...we are much more likely to engineer our way out of the problems we face than we are to restrict our way out of them."
"Despite the pessimistic tone of much of this book, I am optimistic about cybersecurity in the long term. Eventually, we will solve this."
"...the mutual distrust between government and tech companies--is dangerous...."
March 5, 2019
This was an interesting book. Author Bruce Schneier guides the reader through the current climate of cyber security (or the lack thereof). He talks about the "internet of things", which he labels the "internet plus". Basically a term used to describe the ever-increasing number of devices that are connected to the internet; everything from doorbells and door locks, to refrigerators, to thermostats, to your car and your watch, among many others.
The first half of the book lists out many examples of tech that have been hacked, and how it was done.
His synopsys is grim but realistic: Most, if not all things connected to the "internet plus" are hackable, in one or more ways. The results of this hacking can range from stealing your data for targeted advertising purposes, to sabotaging your car or pacemaker with the goal of killing you. This is where he derived the clickbait title from.
The second half of the book is devoted to his recommendations on how these problems can be dealt with.
While this book was an interesting read, he doesn't really provide any information here that a news, media and tech-savvy reader wouldn't already know.
I found the second half of the book to be long-winded and excessive. An abridged version could have communicated the same information with about 60-80 less pages.
Overall, I would recommend this book to people interested in cyber-security and internet technology.
The first half of the book lists out many examples of tech that have been hacked, and how it was done.
His synopsys is grim but realistic: Most, if not all things connected to the "internet plus" are hackable, in one or more ways. The results of this hacking can range from stealing your data for targeted advertising purposes, to sabotaging your car or pacemaker with the goal of killing you. This is where he derived the clickbait title from.
The second half of the book is devoted to his recommendations on how these problems can be dealt with.
While this book was an interesting read, he doesn't really provide any information here that a news, media and tech-savvy reader wouldn't already know.
I found the second half of the book to be long-winded and excessive. An abridged version could have communicated the same information with about 60-80 less pages.
Overall, I would recommend this book to people interested in cyber-security and internet technology.
Displaying 1 - 30 of 130 reviews