
My Priorities for the Next Four Years - r721
https://www.schneier.com/blog/archives/2016/12/my_priorities_f.html
======
idm
Good post and worth the read. His four priorities are:

1\. fight the fights. There will be more government surveillance and more
corporate surveillance.

2\. prepare for those fights. Much of the next four years will be reactive,
but we can prepare somewhat.

3\. lay the groundwork for a better future.

4\. continue to solve the actual problems. The serious security issues around
cybercrime, cyber-espionage, cyberwar, the Internet of Things...

This isn't exactly presented like a political platform or policy agenda, but
in fact that is what it is - and I am happy to see it. Schneier has been
writing for so long - becoming such the guru - that I'm glad to see him
courting audiences beyond the security community.

~~~
koheripbal
I have a hard time imagining these exact same four points not being equally
urgent if we were ushering in a Clinton administration.

From an IT perspective, I think it's more important to recognize the
increasing complexity and chaos of our security environment, and recognize
that governments are not homogeneous objects, but themselves composed of good
actors and bad actors.

Engage the good, protect yourself from the bad.

------
jstewartmobile
Brother Bruce has been fighting the righteous fight for a long time now, and
he has been doing it with minimal ego and loads of class.

And here is he is trying to lift the spirits of the anti-Trump privacy folks.
What's wrong with that?

Where's the love y'all?

~~~
karim
I wouldn't read too much into this. People on Hacker News have this pavlovian
need to contradict any article they're commenting on. If Schneier was saying
the task was too big, you'd have people saying he's giving up too easily.

~~~
idlewords
> People on Hacker News have this pavlovian need to contradict any article
> they're commenting on.

No they don't.

~~~
schoen
"Look here, this isn't an argument, it's just a contradiction!"

------
clarkmoody
> And if there's a major terrorist attack under Trump's watch, it'll be open
> season on our liberties.

I'm starting to believe that there is not a single world leader who is more
than one crisis away from "reluctantly" assuming dictatorial powers. And the
populations of advanced economies have no conception of the value of their
liberty, since they so willingly give it away.

~~~
robotresearcher
There have been bombings, gun battles and other mass murders in the streets of
Paris, Marseille and elsewhere in Europe, and no sign of dictatorships.

~~~
clarkmoody
France _has_ curtailed liberties in the wake of recent attacks. No dictators
though, you're right.

------
apatters
Interesting read, but I can't imagine how anyone could convince Google and
Facebook to change their business models at this stage unless the market truly
revolted and started moving away from their products due to privacy issues. I
think change is much more likely to happen through disruption (which perhaps
is the other side of his ideas, coming up with business models that are more
privacy-friendly).

I think security and privacy are a lot more important to people than Facebook
and Google's market share are thought to indicate. In 2017 they will be real
selling points for a product if it can match the UX and features of the
incumbents. That is the hard part -- particularly given that good UX for
secure products has a long way to go. I don't believe it's impossible, but it
requires a mindset shift in the industry. "Give an extra key to your
friend/family member in case you lock yourself out" is an idea that's been
with us a lot longer than "contact customer support." It just isn't how the
tech industry has ever worked.

~~~
kijin
IMO there are only two companies in the world right now that could possibly
compete against Google and Facebook on that kind of scale but with a
different, more privacy-respecting business model.

Unfortunately, the one in Cupertino only takes a lukewarm stance on privacy
despite being in an excellent position to make it a distinguishing feature of
their platform; and the one in Redmond with its always-calling-home operating
system has just blown a ton of goodwill that it had accumulated over the last
few years.

~~~
potatolicious
> _" the one in Cupertino only takes a lukewarm stance on privacy"_

Genuinely curious - but how so?

My observation of Apple so far is that they've taken a remarkably strong
privacy stance. Not maintaining logs of iMessage, keeping nearly all personal
data on-device, ensuring analytics do not leak personal data, going above and
beyond to ensure their customers' devices are strongly encrypted (and
exceptionally difficult to break, even for government entities)...

And they've made a point of publicizing this during their keynotes, too, so
much of this isn't necessarily even under-the-hood details that only us nerds
know about.

~~~
matt4077
Indeed. They stared down the FBI with engineers threatening to quit and/or go
to jail rather than compromising their users' phones. That had the enormous
risk of making them unpalatable to the conservative half of the nation.

Compare to yahoo, where they apparently handed out data to anyone asking, and
not a single person considered it m0re important than their paycheck.

~~~
jjwiseman
A single person reportedly did consider it more important: "According to two
of the former employees, Yahoo Chief Executive Marissa Mayer's decision to
obey the directive roiled some senior executives and led to the June 2015
departure of Chief Information Security Officer Alex Stamos, who now holds the
top security job at Facebook Inc."

[http://www.reuters.com/article/us-yahoo-nsa-exclusive-
idUSKC...](http://www.reuters.com/article/us-yahoo-nsa-exclusive-
idUSKCN1241YT)

------
Balgair
I was watching the 'Dunkirk' trailer the other day and a line stuck out to me:

An older fishing boat captain is talking to a younger and soggy rescued
solider and says: "There's no hiding from this, boy", referring to the coming
of WW2 in general and the captain having to turn to boat back into the melee
to search for more survivors.

I think that line is also what Bruce is trying to say to a lot of the EFF
supporters out there. There's no hiding from the next 4 years. The implication
is then that you have to fight.

~~~
scaryspooky
I know EFF and Schneier have been fighting the expansion of the US spy
machine, but it seems like a lot of more liberal leaning groups didn't push
back when Obama expanded policies started under Bush and that's pretty
disappointing. Civil liberties and rights are to be protected even if your
candidate/party is in power. Not just when the other party takes over.

~~~
pavlovasdog
This seems irrelevant and possibly untrue. What liberal leaning groups are you
referring to?

~~~
scaryspooky
The ACLU has, maybe for fund raising reasons, taken out a full page ad in the
NYTimes promising to challenge Trump. They never took out a full page ad when
Obama escalated the drone war or killed a US citizen without trial via drone
strike.

A lot of pro-marijuana groups (let's face it they are liberal groups) weren't
aggressively going after the DEA under Obama because his administration had a
hands-off approach. Suddenly this is a huge issue with the nomination of
Sessions, even though the law is still the same under both administrations.

None of the groups have gone after the flagrant violation of 1st amendment
rights that the 'hate speech' laws bring about. You might not like a neonazi
defaming Jewish people but hate speech laws are counter to the US
Constitution.

The ACLU hasn't defended aggressions against the 2nd amendment.

The PATRIOT act was renewed under Obama. The NDAA was also renewed with
increased powers under Obama. NSA spying has increased, the FBI has taken more
liberties in 'national security letters' and the CIA has still had free reign
to do as they please.

Yet all of the liberal watchdog groups gave Obama a free pass, even though he
was basically the same as Bush whom they hated. You can go read his record:
[https://en.wikipedia.org/wiki/Barack_Obama_on_mass_surveilla...](https://en.wikipedia.org/wiki/Barack_Obama_on_mass_surveillance)
and yet the ACLU never took out a full page ad about his spying. Maybe you
will also read this editorial:
[http://articles.latimes.com/2011/sep/29/opinion/la-oe-
turley...](http://articles.latimes.com/2011/sep/29/opinion/la-oe-turley-civil-
liberties-20110929)

Where were the 'civil liberty' or 'civil rights' groups these past 8 years?

~~~
Balgair
Okay... but this has nothing to do with my comment.

~~~
scaryspooky
How many accounts do you have? Because I was asked what liberal leaning groups
didn't fight Obama and I replied.

------
dwe3000
> Under a Clinton administration, my list would have looked much the same.

And the political polarization and bantering continue. But at least there is
some truth in there.

~~~
new299
The context of the next line is somewhat important:

> Trump's election just means the threats will be much greater, and the
> battles a lot harder to win.

~~~
tomp
I'm not sure I agree with this. Certainly most of these problems (surveilance,
assaults on various liberties, etc.) were started/ramped up under W. Bush, but
most of them were greately enhanced during Obama, so I have no reason to
assume that Hillary might be any better (except better at PR/propaganda, of
course).

~~~
AimHere
One reason for thinking that Trump would be worse is precisely _because_
Hillary and Obama's propaganda machine is good at painting them in a better
light.

Trump doesn't have to _pretend_ to care about human rights, or war crimes or
civil liberties - he outright came out in favour of torture, the killing of
innocent people, racial profiling, and said a whole bunch of other heinous
things during the campaign.

At least with the previous politicians, bad publicity can act as some sort of
brake on the violence and the repression and the surveillance, because you
have some leverage against a politician's public image. When the next Abu
Ghraib-type scandal comes out, Trump can legitimately say 'So what? I said I
as going to torture suspects during the campaign, didn't I?'; if it came out
under Hillary, she'd be under immediate pressure to shut down whatever
happened.

Having an openly lawless politician is a shitton worse than having a closet
lawbreaker with a good PR machine.

~~~
tomp
Does this theory work if you apply it to the past? Have Snowden's leaks about
surveillance or relevations about Obama's drone programme (killing people,
even US citizens, without trial and with a lot of collateral damage) resulted
in any change in government behaviour (except more secrecy and extensive
supression of leaks/information)?

My take on these questions is "no", but I haven't been following the events in
detail, so I might be missing some positive consequences.

~~~
ethbro
We wouldn't be having these conversations if the leaks hadn't happened.

It was suspected before, now it's known. That's a fairly big difference.

Or in other words, speaking about nation state backhaul taps, etc as a threat
model before made you a paranoid OpenBSD cyberpunk: now it makes you an
average HN commenter.

~~~
bmj
"We" are having these conversations, but in the time since the Snowden leak,
have we seen the government move away from the behaviors and patterns that
Snowden brought to light?

~~~
ethbro
Big ship, slow turning, etc. It's been 3 years since the initial leaks.

It took roughly 2 years between the Washington Post first reporting on
Watergate and Nixon's resignation. And that was pertaining to multiple
_obviously illegal_ activities. National security and executive orders have a
lot more gray area.

The most important thing is to keep the pressure on, keep it in the public
discourse, and make it uncomfortable for anyone who supports the apparatus.

------
MrZongle2
Key sentence: _" Under a Clinton administration, my list would have looked
much the same."_

I have a lot of respect for Mr. Schneier. But he is fooling himself if he
thinks a Clinton administration would be one iota less threatening.

~~~
treebeard901
That's exactly the point of the quote... The list would have looked much the
same. Or am I missing something?

~~~
MrZongle2
The following sentence is "Trump's election just means the threats will be
much greater, and the battles a lot harder to win."

And I think that's a bunch of poppycock. The threats would be no less under a
Clinton administration. The battles would be no easier.

Have we all forgotten the Clipper Chip debacle under the _last_ Clinton
administration?

~~~
nickpsecurity
The last Clinton Administration increased FOIA capability & compromised on the
crypto wars. Wheeler at FCC fought the schemes of ISP's. In each of these
areas, Trump would do worse due to his politics or style of not compromising.

I'm a left-leaning moderate who expected Trump to win. I'm not saying any of
this in a bubble. Republicans have almost always fought against civil rights
(2nd Amendment is exception), privacy, far enforcement of copyright, and net
neutrality. That's in the laws they pushed or passed rather than campaign
promises. Trump, if he's consistent with Republican politics, will likewise do
worse for people concerned about these areas. Better for those who liked the
status quo & want noose tightened around individuals necks for big business &
government.

I'm still holding out for the 3rd option of him knocking out a lot of this bad
stuff after just saying what he needed to get elected. He could feed his ego
quite well as a hero against bad laws created by special interests. On top of
whatever else he does. Hope he does it but no evidence so far.

------
drieddust
I think he should plan for 8 years :) Trump might get another term. Trump
probably will win the next election because he knows how to attract populace.
At least this has worked beautifully in other places.

To be fair a lot of thing he talk about are sensible. But he doesn't have a
clue on how to fix them so he won't bring any meaningful change. He did the
talking and won. He will talk again and win again.

~~~
naasking
> Trump probably will win the next election because he knows how to attract
> populace.

Trump only won because fewer Liberals voted. I don't think that will happen 4
years from now.

~~~
AnimalMuppet
Fewer liberals voted because a lot of people couldn't stomach Hillary, and a
lot of people were apathetic toward her. She didn't _excite_ many people. If
the Democrats run someone less entitled, less establishment, less robotic (for
want of a better word), then that should help.

On the other hand, Trump needs to deliver, or have a mighty good reason why
not. Talking big won't be enough next time. If he hasn't actually done
anything for job creation, saying "I'll create jobs" won't cut it.

Yes, he'll have the incumbent's advantage. But people turned to Trump because
they were desperate, because the status quo was failing them. That won't be
enough to get Trump another four years if he doesn't deliver during the first
four. It will just make people desperate _for something different_.

~~~
drieddust
> That won't be enough to get Trump another four years if he doesn't deliver
> during the first four.

Not to be confronting but Obama got elected twice. Did he delivered the first
time?

~~~
AnimalMuppet
Obama probably shouldn't have been elected twice... but the Republicans ran
Romney. He was nearly as hard to get excited about as Hillary. Obama, on the
other hand, was very good at inspiring people.

Did he deliver? Well, the economy didn't crater into a Great Depression, so
kind of yes. But he left us with a not-really-recovered economy in 2012, so
kind of no.

Look, I may be under-rating Trump's ability to genuinely inspire trust. He may
be able to bamboozle enough people into buying more empty promises and lack of
substance in 2020. I just don't think the "true believers" were enough of his
voters this time for him to be able to pull it off.

[Edit: If, by some stroke of insanity, the Democrats run Hillary again in
2020, Trump may well win.]

~~~
mangodrunk
Let's also not forget that Trump lost the popular vote, so if we didn't have
this arcane system, he would have lost. The majority of people (who at least
voted, I imagine most people who didn't vote would have gone with the
Democrat) didn't vote for him.

[http://www.politifact.com/truth-o-
meter/statements/2016/dec/...](http://www.politifact.com/truth-o-
meter/statements/2016/dec/12/donald-trump/donald-trumps-electoral-college-
victory-was-not-ma/)

------
falcolas
> we have a defeated majority

I take this to mean HRC supporters. It's also important to realize and
recognize the pains being endured by the "minority" (I hate that word when it
comes to binary politics and the "minority" is only 1-2% smaller than the
"majority") that caused them to support Trump in the first place.

Failing to do so, or treating them as idiots, is only going to exacerbate the
problem. Bruce Schneier addresses that a bit, but I think it's even more
important, since his message also needs to reach so many of them.

~~~
schoen
It might also be more accurate to say "a defeated plurality" (Trump's 46% and
Clinton's 48% are both minorities of the electorate).

[https://en.wikipedia.org/wiki/Plurality_(voting)](https://en.wikipedia.org/wiki/Plurality_\(voting\))

------
Randgalt
This comment from Keith Glass is the perfect response to Schneier:
[https://www.schneier.com/blog/archives/2016/12/my_priorities...](https://www.schneier.com/blog/archives/2016/12/my_priorities_f.html#c6740580)

~~~
brainfire
Meh. It quibbles over points that have no impact on the actual message of the
blog post regarding security.

------
ipunchghosts
> Like many, I was surprised and shocked by the election of Donald Trump as
> president.

To me, this is a fundamental flaw with those in charge of our security. Your
job in security is essentially to predict the future. The best security should
be surprised by nothing.

I can't see how BS was surprised by Trump being elected. he had literally
millions of datapoints to sample. The election is not some hidden process that
spits an answer out. You simply hold a vote, count the votes, and the elect.

I like BS and have been reading him for about 10 years but this has really
changed my view about him. I'm starting to think he really doesnt get it.

~~~
scblock
This comment makes zero sense.

~~~
ipunchghosts
I will restate my point another way and hopefully it will make sense.

The fact that BS was surprised that Trump got elected means in some sense he
is not tuned to the issues right in front of him. Scott Adams would say he is
living in another reality than half of america (half of america voted for
trump). Security is all about prediction. You are most secure when you can
predict everyone's movements.

Regarding the US vote of trump, there were lots of signs that showed Trump had
a real chance of winning. It wasnt like the polls showed trump down by many
points and then all of a sudden several million american's changed their mind
and decided to vote for him. If you read about poll science, you will see
Trump had the large gain in polls ever seen since they started polling.

~~~
matt4077
Well, I understood you the first time, and it's not getting better.

Scott Amundsen would say "Nate Silver gave Trump a 30% chance, 30% chances
sometimes happen (about 30% of the time), and you and Scott Adams are trying
to extrapolate a single point of data into a Grand Unifying Theory of why
you're awesome and how liberals live in la-la-fantasy-land."

The idea that some sort of personal connection to a different group of voters
allows you to better predict election results than the combined effort of
dozens of polling firms calling hundreds of thousands of people is laughable
on it's face.

------
aaron-lebo
I don't say this in a rude way, I just say it because I don't understand: it
_baffles_ me that the election of Donald Trump caused people to notice certain
things.

If you are worried about government surveillance now, why were you not worried
about that same power under a different administration? If you are worried
about corporate overreach now, why were you not worried about that power under
a different administration? Why is this fear more valid now then when people
were worried four years ago? Did you not notice it? Is it because those people
weren't on your side? Do we assume benevolent dictators?

I genuinely don't understand the mindset. If you know that in the future power
may be abused by someone...why would you ever give someone that power? What
caused this vast attention shift? It's genuinely smart people that seem to be
noticing this stuff for the first time. How?

~~~
tptacek
Nobody on HN is clueful about every subject that comes up on HN. You're not
expected to be able to comment intelligently on every story here.

However, if you have no substantive contribution to make about a thread ---
for instance, because it's about the most famous living cryptographer and you
no exposure to cryptography or Internet security --- you are expected _not to
comment at all_.

As it stands, you've derailed the whole thread with an objection that to most
readers on HN appears completely nonsensical. Whether intended that way or
not, this kind of commenting is indistinguishable from trolling.

Everyone else: this is why we have a flag button.

~~~
aaron-lebo
I don't have any problem with you personally, but it's not your job to shut
down a thread because you disagree with the author.

~~~
dang
Please don't take this thread any further off topic.

A substantive debate about variance or the lack of it in the surveillance
policies of successive administrations is on-topic in a thread about
surveillance. But arguing about whether you should or shouldn't know who
Schneier is, and some of these other things you've posted, are way out in the
weeds.

