Former DHS/NSA Official Attacks Bruce Schneier With Bizarre, Factually Incorrect, Non-sensical Rant
from the anyone-can-publish-on-cnn dept
Over the years, at times, I've seen people criticize Bruce Schneier for perhaps getting more publicity than other security researchers, but it's rare to see people question his knowledge. The complaints often appear to stem more out of jealousy than anything else. But, I've never seen anything quite as ridiculous as this "CNN iReport" by Richard Marshall and Andre Brisson, which appears to be a blatant hatchet job attack on Schneier that is at times incomprehensible, at times factually incorrect and bizarre throughout. Marshall is a former NSA and DHS "cybersecurity" expert, but he's now the CEO of "Whitenoise Labs," (something not mentioned in the article). Brisson is the founder of Whitenoise Labs, and appears to have a beef with Schneier going back at least a decade if not more. Brisson and Marshall appear to not be particularly adept at explaining themselves, so the history is not clearly laid out anywhere. The short hand, as far as I can tell, is that Brisson thinks he's discovered some magic elixir security solution, which Schneier mocked way back in 2003. Brisson now feels that the security community gives him no respect and even Defcon ignores his pleas to present his own brilliance.Last year, Brisson appears to have hired Marshall, and the two of them see this as an opportunity to attack Schneier. It looks like there are two main points to the article: (1) they don't like Bruce Schneier (2) they want you to know about their own solution, which even they admit Schneier dismissed as "snake oil." But here's the bizarre part. Even though it's clear that they're just trying to promote their own thing, pretty much the whole point of their article is that you shouldn't trust Bruce Schneier because he blogs and he's only trying to promote his own business. I'm not joking.
It appears that one of the sources of Mr. Schneier’s information are documents leaked by E.Snowden, fugitive American living in Russia and former contractor with Booz Allen Hamilton, and Glenn Greenwald, a journalist who worked with Mr. Snowden. Mr. Schneier’s intentions clearly have nothing to do with his convictions about privacy, as much as business and profit motives. It must be emphasized that blogs are not journalism: they are marketing tools specifically designed to try to sell a product, not to get to the truth.Where to start? First off, it does not "appear" that one of the sources is Snowden, it is confirmed fact. Also, Greenwald did not "work with" Snowden. Greenwald is a journalist and Snowden was a source. Since then, the Guardian, whom Greenwald worked for, also brought on Schneier to help understand some of the Snowden documents. This is all public knowledge. Second, while Schneier does blog quite a bit, he's also been regularly published in all sorts of news publications that have significant editorial staffs, including The Guardian, the Atlantic, Harvard Business Review, Wired and more.
The suggestion that he's just some random blogger is obviously false, and pretty much everyone knows that. Furthermore, Schneier's experience in the field is pretty damn well documented. His own firm, Counterpane, was acquired years ago by British Telecom and Schneier has obviously done tremendous work in the world of computer security for many, many years.
Weeks of research regarding Mr. Schneier’s claims have highlighted one of the most frustrating problems with the internet age. Because virtually anyone lacking serious journalistic credentials can, and often does, write or post freely on any subject, the resulting sheer volume of information available may lead people to believe that the reporting is even-handed and well-researched. Unfortunately, in many circumstances nothing can be farther from the truth.Weeks? As noted: Brisson's feud with Schneier appears to go back a decade. And it took me all of about 3 minutes to find all those well known publications that Schneier writes for. Brisson and Marshall (two people!) couldn't find them in weeks? Also, I'm beginning to wonder if the above paragraph actually refers to the article by Brisson and Marshall a lot more than anything Schneier has ever done.
Because the very information analyzed and evaluated may result in policy, it absolutely demands that such information be subject to the highest and most stringent scrutiny and as such, deserves to be evaluated and vetted by verified experts, politicians, business leaders, and citizens with proven track records of integrity, honesty, and true concern for the public interest. It should not be done by those with a history of practicing self-interest over privacy and security.Again, this is coming from people whose main purpose with this article appears to be promoting their own mocked security solution, and who regularly run silly promotional "contests" and "countdown clocks" designed to focus on their own self-interest.
For many weeks, it has been noted that volumes of proselytizing and dissemination of “opinion-as-fact” come from unverified information through Mr. Schneier’s self-promoting blog, other blogs and various online sites, such as gamer’s sites, of unknown, dubious reputation and/or expertise in the critical areas of cryptography and privacy and not from reputable publications as The New York Times or The Washington Post.I'll let that sink in for a bit. Notice, of course, that they leave out "The Guardian" and "The Atlantic" -- two publications that Schneier does write for, with reputations that are at least on par with the two publications named. Also, it appears to leave out that both the Washington Post and the NY Times have been publishing stories quite similar to Schneier's, and both have (at least some of) the same documents from Snowden, which these two guys mocked Schneier for using as his source.
Mr. Schneier decries the NSA and mandated law enforcement agencies empowered by our laws. Yet, Mr. Schneier’s track record shows, significantly, that at least twice over the last decade he has turned a blind eye to workable security (but he complains about privacy.)This bold claim is not supported anywhere in the article. It likely refers to Schneier ignoring or mocking their own "solution."
The article goes on to make some half-baked suggestions about how to deal with the NSA surveillance issues that suggest they don't even understand what's going on. Their solution? "using the improved security technology we have available to combat the fatal flaws of public key" technology -- which of course is what their firm has been pushing on the world for years, and which ignores the fact that the evidence so far from Snowden has shown that public key encryption, when done right, still works pretty damn well.
Reading the article, it's laughable. Nearly all of the attacks on Schneier are more accurately directed at the authors of that article. If the DHS and the NSA are looking to attack Schneier, they should at least try to find former execs who can write comprehensibly, and who didn't go off to work for a foreign "security" company with dubious credentials.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: andre brisson, blogs, bruce schneier, cybersecurity, dhs, ed snowden, encryption, nsa, reporting, richard marshall, security
Companies: whitenoise labs
Reader Comments
Subscribe: RSS
View by: Time | Thread
Whoopsie
[ link to this | view in chronology ]
[ link to this | view in chronology ]
So, is right term for amplifying it "Streisanding", or "Masnicking"? Discuss.
Masnicking: daily spurts of short and trivial traffic-generating items.
09:20:00[k-401-0]
[ link to this | view in chronology ]
Re: So, is right term for amplifying it "Streisanding", or "Masnicking"? Discuss.
And here you are still viewing the articles.
OOTBing: hourly spurts of inane comments without forethought, logic, common sense or a purpose.
[ link to this | view in chronology ]
Re: Re: So, is right term for amplifying it "Streisanding", or "Masnicking"? Discuss.
[ link to this | view in chronology ]
Re: So, is right term for amplifying it "Streisanding", or "Masnicking"? Discuss.
[ link to this | view in chronology ]
say the guys doing the CNN iReport.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re:
"Everything you see on iReport starts with someone in the CNN audience. The stories here are not edited fact-checked or screened before they post."
[ link to this | view in chronology ]
Re: Re:
But what I really want to know is, is this a good thing or a bad thing? That's all I ever really want to know about a story from CNN when I am waiting for my airplane.
[ link to this | view in chronology ]
Re: Re: Re:
I've known Bruce Schneier's name since the the mid nineties. Clem and Andre here just seem to have fallen off the Turnip truck.
[ link to this | view in chronology ]
Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re: Re:
Thanks Ben. I couldn't resist...the money was just too good.
The sad thing is that I do tend to watch CNN far more than I should (even if it is background noise,) and when Jon did that bit, my ribs and side were hurting.
[ link to this | view in chronology ]
Re:
After all, they sell newpapers and they sell advertising slots.
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
This is not about news. It's about an attempt to discredit an expert so that his findings would be considered invalid. The bad part about it is it's a hatchet job, poorly constructed, that might fool average Joe but not anyone actually knowing the facts prior to the programs' attempt.
[ link to this | view in chronology ]
They also spammed the comments on another story here
http://www.techdirt.com/articles/20131031/15234825094/bruce-schneier-speculates-nsa-double-lau ndering-information-it-obtains-via-network-infiltration.shtml#c550
[ link to this | view in chronology ]
Marshall + Brisson
[ link to this | view in chronology ]
Re: Marshall + Brisson
[ link to this | view in chronology ]
[ link to this | view in chronology ]
It appears that Bruce Schneier also publishes technical articles and books, as well. Here are some articles:
http://216.92.33.154/references/authors/bruce_schneier.html
See Wikipedia for books.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
hee hee hee
[ link to this | view in chronology ]
Re: hee hee hee
[ link to this | view in chronology ]
But wait- what's this? The article was submitted to ireport.cnn by one Jacques Tetu. Who is this mystery man? Find out in the exciting book In Denial: Code Red by Andre Brisson. Here's the teaser: Backstop me on this one, but did Brisson use a character from his book to distribute his own article? How deliciously devious!
...but again, perhaps doing too much cryptography turns your brain into chow mien....
[ link to this | view in chronology ]
I think someone needs some schooling...
[ link to this | view in chronology ]
As a great bonus...
http://eprint.iacr.org/2003/250
[ link to this | view in chronology ]
Truly sad..
[ link to this | view in chronology ]
Schneier's credentials
Schneier, alone or together with other cryptographers, has designed Blowfish, Twofish, Skein, Yarrow, Fortuna, and probably others I am missing.
These are not weak algorithms. Twofish was one of the finalists of the AES competition. Skein was one of the finalists of the SHA-3 competition.
He also wrote one of the leading textbooks in the field.
When it comes to cryptography, I trust Schneier more than those two guys.
[ link to this | view in chronology ]
[ link to this | view in chronology ]