Not that this matters to the general public, but it seems to me that general security knowledge should be applicable to airport security. In other words, there's nothing that makes airports special.
It seems rather like refusing to listen to a janitor talk about cleaning airport floors because he's not an "airport janitor."
Strong disagree. Experts at airport security might for instance:
* Have intimate knowledge of the kinds of day-to-day security events that actually occur in airports
* May be intimately acquainted with security incidents and interdictions that haven't been reported on in the media
* Might have detailed knowledge of the processes by which various types of employees gain access to airport facilities
* Might have detailed knowledge of the monitoring and surveillance systems employed within the airport
* Might have detailed knowledge of specific vulnerabilities to airplanes or fueling systems or other airport facilities
I bring this up because there are people who know this stuff who have been vocally opposed to the TSA. For instance, FBI Counterterrorism Agent Steven Moore. Or: an even better figurehead than Schneier: former counterterrorism "czar" Richard Clarke.
It's extremely telling. Schneier does know about the issues, and the TSA official, IMHO, totally fails to substantially counter any of his arguments. Of course, you should read it yourself to form your own opinions.
Sure, someone who works at an airport might know about details we or Schneier don't know about. Well, then, great. They should tell us. They haven't.
I'm not arguing against the inclusion of other experts, whether in addition to or as a replacement for Schneier. Other experts are great. But they aren't being included either. The question here seems to be "include opposition" vs. not. It's not "include Schneier" vs. someone else instead.
I don't disagree with you that Schneier may not be the most ideal representative of the opposition to the TSA. I'm simply saying that, to a well-informed congress, in an ideal world, Schneier's word should still count for something.
Edit: I'll also add that detailed knowledge of airport security systems isn't strictly necessary to argue against the TSA if general knowledge of common security principles is enough to prove the inadequacies of their methods.
Airports are not that special relative to bus terminals, train terminals or perhaps any public venue where the "bits" are actual people. So someone who had experience in providing security at a large public venue would have skills applicable to airport security.
But computer security (knowledge of cryptography, hacking etc with the exception of perhaps "social engineering" ) really is a different animal.
A secret service agent who knows nothing about the bulk of what Bruce knows about most likely would be better qualified to evaluate threats based on their specific training and experience.
I would argue that a top-tier computer security expert would be better qualified to comment on physical security issues than a top-tier physical security expert would be on computer security issues. This is because computer experts are required to think in terms of abstractions and similarities, thus a computer security expert would be better equipped to apply abstract lessons learned while defending a computer system to physical security.
Schneier in particular, however, seems to have studied physical security well enough to comment on it without having to use an abstract map from computer knowledge to the real world.
...essentially amounts to what publications and others think of him as a result of what he has done (above) I'm guessing. What I would call "assumption of legitimacy".
"Described by The Economist"
"Described by Wired"
"Called by Fortune"
"Regularly quoted in the Media"
"Testified on security before Congress"
"Written op eds for major publications"
"crypto gram has 150,000 readers ..."
Now I don't know enough about security and haven't read any of his writings to independently know whether Schneier is an expert or not. And I'm also guessing that many of the media and others that give him credibility also don't know.
After I was quoted in major media everyone else came out of the woodwork and wanted info from me on what I know about. That of course doesn't mean I am not qualified. But it's really not that hard to get the ball rolling on being an expert once the ball is rolling.
While unsuitable for a bio, it is also worth noting that his algorithm is one of the five finalists for the ongoing NIST SHA3 competition. This is further than Dan Bernstein's algorithm went.
He is also the author of blowfish, which is the basis of bcrypt, which you may have heard people preaching about on HN.
I wasn't actually trying to suggest that Schneier is better than Dan, just trying to convey that he isn't just some blogger/author that blows hot air. He has technical accomplishments at least roughly on par with those in his field.
"My first job after college was with the Department of Defense. Years later, I was laid off from AT&T Bell Labs"
The DOD job was out of college. "laid off" from Bell Labs doesn't offer a time line.
But most importantly it doesn't appear on his own "about" page so for whatever reason while he is highlighting other things he is not drawing attention to that.
He also has technical credentials a mile long.
In truth, this is an outrage.