Why is Schneier presumed to be the most effective critic of the TSA? The body scanner program in particular has been roundly criticized by civil libertarians (both conservative and liberal), has generated credible concerns from professional scientists as to health risks, and has been repeatedly demonstrated by physical security experts to be ineffective.
Schneier is an effective writer, particular when his audience comes with built-in respect for his accomplishments, but his broad disdain for virtually all of airport security† probably reduces his effectiveness in making a case to the wider public. He's easy to caricature, and traffics professionally in an image of "security muckraking" that suggests he'd oppose the TSA no matter what it does.
Schneier is effective because he tells a different side of the story from most. The civil libertarian angle is already pretty well covered. People take it as a security versus liberty tradeoff and the population has, in general, resoundingly chosen to favor security. I don't think there are any new arguments to be made there. The civil libertarians will say that this stuff is bad, the TSA will say that it's necessary to keep us safe, and nothing will really happen.
Schneier is different because he's an expert in security and he lays out just why the TSA's approach is bad security. Not because it infringes on liberties, but because it's just not effective, and the money could be used more effectively. This approach is, I believe, the only way to convince an unreasonably frightened American public to back change.
Schneier has less expertise in airport security than other professional security and law enforcement people who also disagree strongly with the TSA's approach to airport security.
My point isn't that "it's bad security" is a losing argument; my point is that Schneier isn't the only qualified person making that argument.
If a half-dozen more qualified individuals step up to make the same arguments, perhaps the inclusion of Schneier would prove redundant. I don't see those people lining up to make those arguments, and I see plenty lining up to defend the current state or try to make it worse.
It also helps to hear from someone who starts from the perspective of "only do things that work and are worth the cost", rather than someone who starts from the perspective of "do anything that could possibly make a difference, it couldn't hurt (given that we don't place any value on anything other than security)".
When you get down to it, there are broad and poignant parallels between airport and computer security, and similar problems with each. Both fields have tried and true, yet difficult-to-implement best practices (well-trained screeners a la Israel, and operational security such as "don't open that shady email"). Both industries suffer from a proliferation of charlatans, and both industries have customers who are more concerned with the appearance of doing something useful, than going through the pain of implementing actually useful best practices.
Schneier's as well-qualified as any to speak to the stupidity that pervades both industries.
That may be true, but Schneier is also a good figure head for a vocal minority. Schneier may be able to throw around his weight better, or may be more skilled at debating the broader issues.
"Schneier is different because he's an expert in security and he lays out just why the TSA's approach is bad security."
My question is how did it happen that Schneier was invited in the first place to testify? Did he propose it to them and got picked (and now withdrawn)? Did congressional staffers choose him?
"Schneier is different because he's an expert in security and he lays out just why the TSA's approach is bad security."
Expert compared to?
He's been quoted and he is well known. But I've been quoted and I'm well known in what I'm good at. But there are others who know what I know. But they aren't as good at promotion as I am.
> Why is Schneier presumed to be the most effective critic of the TSA?
I don't think he is presumed to be the most effective critic of the TSA. I think the problem is that he would have been the only critic of the TSA to speak before the committee.
> The work of our two Committees has documented a recurring pattern of mismanagement and waste at the Transportation Security Administration. Add to this an unending string of video clips, photographs and news reports about inappropriate, clumsy and even illogical searches and screenings by TSA agents. Americans are right to demand answers from TSA about the return on investment of their tax dollars.
Because Schneier in particular has shown numerous weaknesses in airport security systems. And what you've described as "disdain" amounts to treating airport security like any other kind of security system, evaluating it critically, and correctly realizing that it has almost zero value, a huge cost (in both money and time), and a huge impact on civil liberties.
In other words, he has very effective criticisms, which makes him unsuitable for hearings designed to publically demonstrate a lack of effective criticisms.
This comment basically presumes that I disagree with Schneier and that the way to rebut my point is to re-argue what Schneier has argued. But I agree with Schneier, as do I think most people --- particularly security-minded people --- who pay attention to the TSA. My point is that Schneier has a lot of credibility with nerds and a lot of credibility with Jeffrey Goldberg but perhaps not as much credibility elsewhere as, say, an FBI agent who also disdains the TSA.
Not trying to rebut your point, just answer the question you posed. I don't think anyone has assumed that Schneier represents the most effective critic, just someone with reasoned and thoroughly correct arguments, and background in a relevant field. I agree that Schneier's voice may not carry the most weight, but that just suggests the need for more voices.
>Why is Schneier presumed to be the most effective critic of the TSA?
It has less to do with whether he's the most effective critic of the TSA and more to do with whether he's the most effective critic of the TSA who is [was] going to be present at the hearing. All the qualified scientists and concerned LEOs in the world aren't going to do us any good if Congress doesn't listen to them. The hearing is already heavy on shills and light on saints, we need all of the voices we can get.
It would be cool if you (or anyone) could list a few people who might be really convincing, and we might be able to get them to contact Congress -- it's too late for this hearing, tho'.
With that said, this narrative about the TSA getting Schneier removed from the hearing is helpful to the cause, since it exposes the TSA's nasty manipulative tactics, so I'll be sharing this link around, and I hope you'll join me.
Not that this matters to the general public, but it seems to me that general security knowledge should be applicable to airport security. In other words, there's nothing that makes airports special.
It seems rather like refusing to listen to a janitor talk about cleaning airport floors because he's not an "airport janitor."
Strong disagree. Experts at airport security might for instance:
* Have intimate knowledge of the kinds of day-to-day security events that actually occur in airports
* May be intimately acquainted with security incidents and interdictions that haven't been reported on in the media
* Might have detailed knowledge of the processes by which various types of employees gain access to airport facilities
* Might have detailed knowledge of the monitoring and surveillance systems employed within the airport
* Might have detailed knowledge of specific vulnerabilities to airplanes or fueling systems or other airport facilities
I bring this up because there are people who know this stuff who have been vocally opposed to the TSA. For instance, FBI Counterterrorism Agent Steven Moore. Or: an even better figurehead than Schneier: former counterterrorism "czar" Richard Clarke.
It's extremely telling. Schneier does know about the issues, and the TSA official, IMHO, totally fails to substantially counter any of his arguments. Of course, you should read it yourself to form your own opinions.
Sure, someone who works at an airport might know about details we or Schneier don't know about. Well, then, great. They should tell us. They haven't.
I'm not arguing against the inclusion of other experts, whether in addition to or as a replacement for Schneier. Other experts are great. But they aren't being included either. The question here seems to be "include opposition" vs. not. It's not "include Schneier" vs. someone else instead.
I don't disagree with you that Schneier may not be the most ideal representative of the opposition to the TSA. I'm simply saying that, to a well-informed congress, in an ideal world, Schneier's word should still count for something.
Edit: I'll also add that detailed knowledge of airport security systems isn't strictly necessary to argue against the TSA if general knowledge of common security principles is enough to prove the inadequacies of their methods.
Airports are not that special relative to bus terminals, train terminals or perhaps any public venue where the "bits" are actual people. So someone who had experience in providing security at a large public venue would have skills applicable to airport security.
But computer security (knowledge of cryptography, hacking etc with the exception of perhaps "social engineering" ) really is a different animal.
A secret service agent who knows nothing about the bulk of what Bruce knows about most likely would be better qualified to evaluate threats based on their specific training and experience.
I would argue that a top-tier computer security expert would be better qualified to comment on physical security issues than a top-tier physical security expert would be on computer security issues. This is because computer experts are required to think in terms of abstractions and similarities, thus a computer security expert would be better equipped to apply abstract lessons learned while defending a computer system to physical security.
Schneier in particular, however, seems to have studied physical security well enough to comment on it without having to use an abstract map from computer knowledge to the real world.
...essentially amounts to what publications and others think of him as a result of what he has done (above) I'm guessing. What I would call "assumption of legitimacy".
"Described by The Economist"
"Described by Wired"
"Called by Fortune"
"Regularly quoted in the Media"
"Testified on security before Congress"
"Written op eds for major publications"
"crypto gram has 150,000 readers ..."
Now I don't know enough about security and haven't read any of his writings to independently know whether Schneier is an expert or not. And I'm also guessing that many of the media and others that give him credibility also don't know.
After I was quoted in major media everyone else came out of the woodwork and wanted info from me on what I know about. That of course doesn't mean I am not qualified. But it's really not that hard to get the ball rolling on being an expert once the ball is rolling.
While unsuitable for a bio, it is also worth noting that his algorithm is one of the five finalists for the ongoing NIST SHA3 competition. This is further than Dan Bernstein's algorithm went.
He is also the author of blowfish, which is the basis of bcrypt, which you may have heard people preaching about on HN.
I wasn't actually trying to suggest that Schneier is better than Dan, just trying to convey that he isn't just some blogger/author that blows hot air. He has technical accomplishments at least roughly on par with those in his field.
"My first job after college was with the Department of Defense. Years later, I was laid off from AT&T Bell Labs"
The DOD job was out of college. "laid off" from Bell Labs doesn't offer a time line.
But most importantly it doesn't appear on his own "about" page so for whatever reason while he is highlighting other things he is not drawing attention to that.
He is a expert witness. One of the more renown security experts. He's not "making a case to the wider public". He is testifying before a congressional committee (or would have been).
Schneier is an effective writer, particular when his audience comes with built-in respect for his accomplishments, but his broad disdain for virtually all of airport security† probably reduces his effectiveness in making a case to the wider public. He's easy to caricature, and traffics professionally in an image of "security muckraking" that suggests he'd oppose the TSA no matter what it does.
† A disdain I share, mind you.