Former DHS/NSA Official Attacks Bruce Schneier With Bizarre, Factually Incorrect, Non-sensical Rant

from the anyone-can-publish-on-cnn dept

Tue, Nov 5th 2013 1:00pm — Mike Masnick

Over the years, at times, I've seen people criticize Bruce Schneier for perhaps getting more publicity than other security researchers, but it's rare to see people question his knowledge. The complaints often appear to stem more out of jealousy than anything else. But, I've never seen anything quite as ridiculous as this "CNN iReport" by Richard Marshall and Andre Brisson, which appears to be a blatant hatchet job attack on Schneier that is at times incomprehensible, at times factually incorrect and bizarre throughout. Marshall is a former NSA and DHS "cybersecurity" expert, but he's now the CEO of "Whitenoise Labs," (something not mentioned in the article). Brisson is the founder of Whitenoise Labs, and appears to have a beef with Schneier going back at least a decade if not more. Brisson and Marshall appear to not be particularly adept at explaining themselves, so the history is not clearly laid out anywhere. The short hand, as far as I can tell, is that Brisson thinks he's discovered some magic elixir security solution, which Schneier mocked way back in 2003. Brisson now feels that the security community gives him no respect and even Defcon ignores his pleas to present his own brilliance.

Last year, Brisson appears to have hired Marshall, and the two of them see this as an opportunity to attack Schneier. It looks like there are two main points to the article: (1) they don't like Bruce Schneier (2) they want you to know about their own solution, which even they admit Schneier dismissed as "snake oil." But here's the bizarre part. Even though it's clear that they're just trying to promote their own thing, pretty much the whole point of their article is that you shouldn't trust Bruce Schneier because he blogs and he's only trying to promote his own business. I'm not joking.

It appears that one of the sources of Mr. Schneier’s information are documents leaked by E.Snowden, fugitive American living in Russia and former contractor with Booz Allen Hamilton, and Glenn Greenwald, a journalist who worked with Mr. Snowden. Mr. Schneier’s intentions clearly have nothing to do with his convictions about privacy, as much as business and profit motives. It must be emphasized that blogs are not journalism: they are marketing tools specifically designed to try to sell a product, not to get to the truth.

Where to start? First off, it does not "appear" that one of the sources is Snowden, it is confirmed fact. Also, Greenwald did not "work with" Snowden. Greenwald is a journalist and Snowden was a source. Since then, the Guardian, whom Greenwald worked for, also brought on Schneier to help understand some of the Snowden documents. This is all public knowledge. Second, while Schneier does blog quite a bit, he's also been regularly published in all sorts of news publications that have significant editorial staffs, including The Guardian, the Atlantic, Harvard Business Review, Wired and more.

The suggestion that he's just some random blogger is obviously false, and pretty much everyone knows that. Furthermore, Schneier's experience in the field is pretty damn well documented. His own firm, Counterpane, was acquired years ago by British Telecom and Schneier has obviously done tremendous work in the world of computer security for many, many years.

Weeks of research regarding Mr. Schneier’s claims have highlighted one of the most frustrating problems with the internet age. Because virtually anyone lacking serious journalistic credentials can, and often does, write or post freely on any subject, the resulting sheer volume of information available may lead people to believe that the reporting is even-handed and well-researched. Unfortunately, in many circumstances nothing can be farther from the truth.

Weeks? As noted: Brisson's feud with Schneier appears to go back a decade. And it took me all of about 3 minutes to find all those well known publications that Schneier writes for. Brisson and Marshall (two people!) couldn't find them in weeks? Also, I'm beginning to wonder if the above paragraph actually refers to the article by Brisson and Marshall a lot more than anything Schneier has ever done.

Because the very information analyzed and evaluated may result in policy, it absolutely demands that such information be subject to the highest and most stringent scrutiny and as such, deserves to be evaluated and vetted by verified experts, politicians, business leaders, and citizens with proven track records of integrity, honesty, and true concern for the public interest. It should not be done by those with a history of practicing self-interest over privacy and security.

Again, this is coming from people whose main purpose with this article appears to be promoting their own mocked security solution, and who regularly run silly promotional "contests" and "countdown clocks" designed to focus on their own self-interest.

For many weeks, it has been noted that volumes of proselytizing and dissemination of “opinion-as-fact” come from unverified information through Mr. Schneier’s self-promoting blog, other blogs and various online sites, such as gamer’s sites, of unknown, dubious reputation and/or expertise in the critical areas of cryptography and privacy and not from reputable publications as The New York Times or The Washington Post.

I'll let that sink in for a bit. Notice, of course, that they leave out "The Guardian" and "The Atlantic" -- two publications that Schneier does write for, with reputations that are at least on par with the two publications named. Also, it appears to leave out that both the Washington Post and the NY Times have been publishing stories quite similar to Schneier's, and both have (at least some of) the same documents from Snowden, which these two guys mocked Schneier for using as his source.

Mr. Schneier decries the NSA and mandated law enforcement agencies empowered by our laws. Yet, Mr. Schneier’s track record shows, significantly, that at least twice over the last decade he has turned a blind eye to workable security (but he complains about privacy.)

This bold claim is not supported anywhere in the article. It likely refers to Schneier ignoring or mocking their own "solution."

The article goes on to make some half-baked suggestions about how to deal with the NSA surveillance issues that suggest they don't even understand what's going on. Their solution? "using the improved security technology we have available to combat the fatal flaws of public key" technology -- which of course is what their firm has been pushing on the world for years, and which ignores the fact that the evidence so far from Snowden has shown that public key encryption, when done right, still works pretty damn well.

Reading the article, it's laughable. Nearly all of the attacks on Schneier are more accurately directed at the authors of that article. If the DHS and the NSA are looking to attack Schneier, they should at least try to find former execs who can write comprehensibly, and who didn't go off to work for a foreign "security" company with dubious credentials.

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: andre brisson, blogs, bruce schneier, cybersecurity, dhs, ed snowden, encryption, nsa, reporting, richard marshall, security
Companies: whitenoise labs

33 Comments

If you liked this post, you may also be interested in...

Reader Comments

Subscribe: RSS

View by: Time | Thread

pegr, 5 Nov 2013 @ 1:07pm

Whoopsie
He just attacked the face of Internet security. This will not go well for him.
[ link to this | view in chronology ]
Anonymous Coward, 5 Nov 2013 @ 1:09pm

I remember when TD used to be fun to read. Now it's just NSA 24-7 whining. Obsess much, Mike?
[ link to this | view in chronology ]
This comment has been flagged by the community. Click here to show it

out_of_the_blue, 5 Nov 2013 @ 1:20pm

So, is right term for amplifying it "Streisanding", or "Masnicking"? Discuss.
Well, I'll just give you the answer: it's Masnicking because unnecessary, distracting, and just trying to get page views.
Masnicking: daily spurts of short and trivial traffic-generating items.

09:20:00[k-401-0]
[ link to this | view in chronology ]
- Gwiz (profile), 5 Nov 2013 @ 1:40pm
  
  Re: So, is right term for amplifying it "Streisanding", or "Masnicking"? Discuss.
  ....just trying to get page views.
  
  And here you are still viewing the articles.
  
  OOTBing: hourly spurts of inane comments without forethought, logic, common sense or a purpose.
  [ link to this | view in chronology ]
  - techflaws (profile), 5 Nov 2013 @ 10:47pm
    
    Re: Re: So, is right term for amplifying it "Streisanding", or "Masnicking"? Discuss.
    And failing even at that. Pathetic.
    [ link to this | view in chronology ]
- The Groove Tiger (profile), 5 Nov 2013 @ 7:55pm
  
  Re: So, is right term for amplifying it "Streisanding", or "Masnicking"? Discuss.
  But you already told us that "Masnicking" is when you masturbate while hitting refresh nonstop on Techdirt.com to find articles to troll.
  [ link to this | view in chronology ]
sorrykb (profile), 5 Nov 2013 @ 1:24pm

Marshall and Brisson:
It must be emphasized that blogs are not journalism

say the guys doing the CNN iReport.
[ link to this | view in chronology ]
- hjweth (profile), 5 Nov 2013 @ 1:44pm
  
  Re:
  These days, journalism seems to mostly be about chasing "celebrities" and printing press releases. What actual information I do get mostly comes from blogs.
  [ link to this | view in chronology ]
  - Anonymous Coward, 5 Nov 2013 @ 10:29pm
    
    Re: Re:
    There is a reason they are called reporters and not journalists.
    [ link to this | view in chronology ]
- Anonymous Coward, 5 Nov 2013 @ 2:05pm
  
  Re:
  I was gonna say the same damn thing. iReports ARE blogs. HA!
  [ link to this | view in chronology ]
- W Klink (profile), 5 Nov 2013 @ 2:07pm
  
  Re:
  http://ireport.cnn.com/about.jspa
  
  "Everything you see on iReport starts with someone in the CNN audience. The stories here are not edited fact-checked or screened before they post."
  [ link to this | view in chronology ]
  - ltlw0lf (profile), 5 Nov 2013 @ 2:37pm
    
    Re: Re:
    "Everything you see on iReport starts with someone in the CNN audience. The stories here are not edited fact-checked or screened before they post."
    
    But what I really want to know is, is this a good thing or a bad thing? That's all I ever really want to know about a story from CNN when I am waiting for my airplane.
    [ link to this | view in chronology ]
    - Anonymous Coward, 5 Nov 2013 @ 8:51pm
      
      Re: Re: Re:
      Richard Marshall and Andre Brisson managed to tar themselves with their own brush. Any one got any feathers? It ain't too long before they get relegated to covering important news like dog shows and kittens stuck in trees.
      
      I've known Bruce Schneier's name since the the mid nineties. Clem and Andre here just seem to have fallen off the Turnip truck.
      [ link to this | view in chronology ]
    - Ben (profile), 6 Nov 2013 @ 2:28am
      
      Re: Re: Re:
      But what I really want to know is, is this a good thing or a bad thing? That's all I ever really want to know about a story from CNN when I am waiting for my airplane.
      lol! I think it is a "Good Thing" but I've been wrong before...
      [ link to this | view in chronology ]
      - ltlw0lf (profile), 6 Nov 2013 @ 11:03am
        
        Re: Re: Re: Re:
        lol! I think it is a "Good Thing" but I've been wrong before...
        
        Thanks Ben. I couldn't resist...the money was just too good.
        
        The sad thing is that I do tend to watch CNN far more than I should (even if it is background noise,) and when Jon did that bit, my ribs and side were hurting.
        [ link to this | view in chronology ]
- Bergman (profile), 5 Nov 2013 @ 3:05pm
  
  Re:
  If trying to sell something means you're not doing journalism, wouldn't it follow that nobody working for a newspaper or a TV network is a journalist either?
  
  After all, they sell newpapers and they sell advertising slots.
  [ link to this | view in chronology ]
  - Anonymous Coward, 25 Feb 2015 @ 5:23pm
    
    Re: Re:
    And radio, and internet in some cases etc.
    [ link to this | view in chronology ]
- Ninja (profile), 6 Nov 2013 @ 2:09am
  
  Re:
  I'm not sure if you are mocking the fact that they are publishing at CNN or that they published in a blog-like platform =/
  [ link to this | view in chronology ]
Anonymous Coward, 5 Nov 2013 @ 1:37pm

Remember this is what passes for MSM. This is what average Joe comes home to listen to and think he is informed. If ever there were a recommendation for why it is such a bad idea for 6 major corporations to own all the major news outlets you have documented that here.

This is not about news. It's about an attempt to discredit an expert so that his findings would be considered invalid. The bad part about it is it's a hatchet job, poorly constructed, that might fool average Joe but not anyone actually knowing the facts prior to the programs' attempt.
[ link to this | view in chronology ]
Not the first time, 5 Nov 2013 @ 1:41pm

They also spammed the comments on another story here
This may not be the only time, but they put in a full length article comment on the last Bruce Schneier story:

http://www.techdirt.com/articles/20131031/15234825094/bruce-schneier-speculates-nsa-double-lau ndering-information-it-obtains-via-network-infiltration.shtml#c550
[ link to this | view in chronology ]
delia ruhe (profile), 5 Nov 2013 @ 1:42pm

Marshall + Brisson
Well, you've gotta give them marks for transparency. Anyone who knows Schneier's work can see clearly through these guys. Given their own reputations, they appear to be suffering from a case of clinical projection.
[ link to this | view in chronology ]
- Spaceman Spiff (profile), 5 Nov 2013 @ 1:57pm
  
  Re: Marshall + Brisson
  Clinical projection? Don't you mean clinical depression? After all, Schneier has the respect of the security industry that these two boneheads would only hope for! :-)
  [ link to this | view in chronology ]
Anonymous Coward, 5 Nov 2013 @ 1:55pm

these guys should drop security I am sure the government would be freaking out to hire these guys. Seems like a good fit.
[ link to this | view in chronology ]
Anonymous Coward, 5 Nov 2013 @ 2:09pm

while Schneier does blog quite a bit, he's also been regularly published in all sorts of news publications that have significant editorial staffs, including The Guardian, the Atlantic, Harvard Business Review, Wired and more.

It appears that Bruce Schneier also publishes technical articles and books, as well. Here are some articles:

http://216.92.33.154/references/authors/bruce_schneier.html

See Wikipedia for books.
[ link to this | view in chronology ]
Anonymous Coward, 5 Nov 2013 @ 2:11pm

In short, Mike -- you could have just collected his bibliography and listed it in your article -- it's called a vita -- and you would cream these guys!!
[ link to this | view in chronology ]
jon w, 5 Nov 2013 @ 2:13pm

hee hee hee
yet another Dunning-Kruger classic!
[ link to this | view in chronology ]
- GMacGuffin (profile), 5 Nov 2013 @ 3:18pm
  
  Re: hee hee hee
  Wow that was interesting. I have noticed that the older and more knowledgeable I get, the less inclined I am to offer opinions based on that knowledge (because it might not be entirely right). But I didn't know that was a good thing.
  [ link to this | view in chronology ]
Baldaur Regis (profile), 5 Nov 2013 @ 2:26pm

Maybe doing cryptography for long periods fucks with your brain somehow....the cited article reads like something a bright fifth-grader would come up with.

But wait- what's this? The article was submitted to ireport.cnn by one Jacques Tetu. Who is this mystery man? Find out in the exciting book In Denial: Code Red by Andre Brisson. Here's the teaser:
Dreamers Jacques T�tu and St�phane Creusat, a quadriplegic, have created the first exponential, quantum computing secure, identity based cryptosystem that can secure the Internet and eliminate cyber crime. They sustain themselves with a security consulting business and by teaching security courses at a local technical college.
Backstop me on this one, but did Brisson use a character from his book to distribute his own article? How deliciously devious!

...but again, perhaps doing too much cryptography turns your brain into chow mien....
[ link to this | view in chronology ]
Anonymous Coward, 5 Nov 2013 @ 2:41pm

I think someone needs some schooling...
I think someone needs to be pointed to http://www.schneierfacts.com/
[ link to this | view in chronology ]
Nicholas Weaver (profile), 5 Nov 2013 @ 5:37pm

As a great bonus...
Not only are these two hawking snake-oil, but their "Whitenoise" stream cypher thats the center of their snake-oil (calling it a "One Time Pad" is a lie) is actually already known-broken!

http://eprint.iacr.org/2003/250
[ link to this | view in chronology ]
clon3 (profile), 6 Nov 2013 @ 12:53am

Truly sad..
It must have been really hard for these guys not to be able to express their personal frustrations for such a long period of time. This is pitiful and pathetic. I wonder why CNN have agreed to post something like this on their site ?
[ link to this | view in chronology ]
Anonymous Coward, 6 Nov 2013 @ 5:24am

Schneier's credentials
Mike, you managed to omit some very important credentials Schneier has, which shows how much these guys are full of ****.

Schneier, alone or together with other cryptographers, has designed Blowfish, Twofish, Skein, Yarrow, Fortuna, and probably others I am missing.

These are not weak algorithms. Twofish was one of the finalists of the AES competition. Skein was one of the finalists of the SHA-3 competition.

He also wrote one of the leading textbooks in the field.

When it comes to cryptography, I trust Schneier more than those two guys.
[ link to this | view in chronology ]
Sam, 11 Nov 2013 @ 4:58am

"Eric Snowden" ?
[ link to this | view in chronology ]