Hacker News new | past | comments | ask | show | jobs | submit login
Surveillance critic Bruce Schneier to leave post at BT (arstechnica.com)
273 points by indy on Dec 16, 2013 | hide | past | favorite | 71 comments

"Schneier told The Register this evening of his departure: "This has nothing to do with the NSA. No, they [BT] weren't happy with me, but they knew that I am an independent thinker and they didn't try to muzzle me in any way. It's just time. I spent seven years at BT, and seven years at Counterpane Internet Security, Inc before BT bought us. It's past time for something new."


I think it's a little more complicated than that.

If you had his background and the job in question, could you morally continue? No. If you were his employer and were involved in such things, could you continue employing him? No.

Nothing may have been said, even between Schneier and BT, but consider that every contract out there has a "don't badmouth your old employer" clause these days.

I don't know. They were definitely at odds, but there was a mutual benefit to working together. Keep your enemies close comes to mind, as both he and his employer benefit from close contact with their opponents.

I think Schneier is a great advocate as of recent and has become a more inspiring security leader (compared to many who are just talking heads who have no real experience, comparatively). That being said, I feel he was a different person when Counterpane got bought out by BT. I happened to work for BT North America Professional Services at the time, which was ultimately purchased headcount from International Network Services to expand quickly. We had no access to Counterpane resources for the most part - although we were told to try and work some of the Counterpane product into consulting recommendations. I tried a few times to get involved with what Counterpane used to be, with the intent of trying to get some facetime with Schneier to really find out who he was (was very deterministic about finding a good mentor at the time). Long story short - BT was so fragmented internally to tie the name BT to Counterpane, or even Schneier was a joke. It was obvious after the first few months that BT bought Counterpane for the talking head (IMHO) which I still feel was true up until now. Schneier's name was worth more than the IP they bought, most likely. Sad state of affairs. BT was, and still today, has no interest in improving security within their own telecom products, but wanted to be very good at the emerging pentesting market (back in 2007'ish). They're no better than the PWCs of the world today - overpriced scanning services with no real meat, but they have a few key folks to make it look like they 'can'.

TL;DR Glad to see Schneier leaving. I thought it was hypocritical of him working for BT given his recent improvement in position publicly around the Snowden releases. I have renewed respect for him.

I seem to remember a PWC connection. Did PWC own @stake (what was l0pht) before it disappeared into Symantec? Or did their army of pen testers diffuse elsewhere?

A new career in journalism? I think Glenn Greenwald and Pierre Omidyar are hiring.

I'm not sure anyone wants to pay journalists what a world-class cryptographer makes.

Just like "business" skills, journalism should be something people develop on the side while still maintaining their primary work skillset (with industry-specific skills).

The big problem with journalism right now is the complete disconnect between the journalist and their understanding of the topic. Just look at every software or bitcoin article. This is largely because of the internet's turn-around speed requirements and low pay. They have no time to invest in learning about the topic.

The only way to save journalism is if we start contributing to it like we do OSS. Instead of paying people minimum wage and expecting quality results, we have people who contribute articles on the side.

But not just anybody writing (like blogging), but people who invest in learning how to write - working with full-time editors who manage the input and source writers.

Depends on the sort of journalism. Sure, you can do some sorts of writing on the side. But there's plenty of journalism that doesn't work that way.

A good chunk of news requires personal presence and connection. For example, if you're covering a state legislature or a city government, you just have to spend a lot of time getting to know legislative staff and other people around the capitol or city hall. And you have to have enough readership for them to be willing to talk to you. You might be able to do that in your spare time for a small town, but I don't think it's possible for anything more substantial.

The same is true of investigative journalism. Deep stories take months of research and writing. They take real budgets, real skills, real editorial backing.

I write a lot for fun, and have for years. But there's only so far that fun can take you, and those places don't include the most important societal functions of journalism.

I don't totally disagree but the downside is that the writers are then increasingly people who are being paid for things that may influence what they write. Of course, smart and principled people aren't necessarily as influenced as some would like to believe--but how many commenters on this site would really give someone from $PROPRIETARY_COMPANY an unbiased hearing on topics that touch open source or open standards.

Journalists tend to have their own cultural biases--although more on political topics than technical ones. But, even if I won't write things I don't believe, I still choose the topics I discuss in public.

"Journalists tend to have their own cultural biases--although more on political topics than technical ones."

Glenn Greenwald actually argues for transparency in advocacy rather than pretending that an objective journalist even exists. Long-winded conversation about it here: http://www.nytimes.com/2013/10/28/opinion/a-conversation-in-...

Also check Paid Content for a bit of a summary: http://paidcontent.org/2013/10/28/glenn-greenwald-vs-the-nyt...

Journalists tend to have their own cultural biases--although more on political topics than technical ones.

You're on to more than you give yourself credit for there. Much modern journalism is an integral part of the political system, and many papers fit into your $PROPRIETARY_COMPANY variable quite neatly.

There is some separation between party and paper, but I think as far as politics goes, we're pretty close to the hypothetical situation you describe.

This probably goes further back in time than many on this site remember but once upon a time Newsweek and Time were pretty much the two weekly news mags. (US News and World Report but that had a somewhat different focus.) People were often surprised when Time and Newsweek had the same cover story even when it wasn't the current big news story--but this really reflected that the reporters and editors went to the same schools and worked in the same environment so really thought the same in a lot of respects.

I was an engineering major but I was involved with newspapers in various respects through school and there was definitely a certain "perspective" with the mainstream publications.

journalism should be something people develop on the side while still maintaining their primary work skillset (with industry-specific skills).

I really love the idea of this, but I think its infeasible given time constraints in every industry, including press. I do think there is room and cross-disciplinary talent in media organizations for a journalist reporting on a (for example) programming heavy topic to grab someone from their engineering staff to collaborate and then share a by-line. If you have someone with domain knowledge in-house you might actually save research time and get a better article even with more people working on it.

I agree with all of your suggestions, but I think a more pressing issue in the world of journalism is getting rid of the political agendas.

Though some of the bias might be naturally eliminated as the quality of journalists is improved.

If we stop hiring "professional" writers with English degrees to write everything, and replace them with a distributed collection of writers with industry knowledge, we'll have a much greater input from a variety of fields.

Much less likely to have bias or feel pressure from their newsroom bosses.

But equally if not more likely to have to filter through fluff pieces and submarine PR to get to any useful information.

Yeah, it wouldn't be a highest and best use of his talents... eg hard-core crypto research. The opinion pieces seem like a highly-visible side hobby.

So like an Wikipedia for news? You may be on to something there!

I'm not sure that matters to Pierre Omidyar. Bruce could help make sure the rest of the new media organization's systems are secure and also help train more traditional journalists on how to stay secure.

I'm not sure that matters much to a world-class cryptographer who has consistently spoken out on principle. Many many people want to do meaningful work that matters.

Just curious, what does a world class crypto make?

I think this might be more likely than just a random hunch.

His columns and blog posts are certainly mass-appeal compatible.

Are they still in "stealth mode" (eg havent figured out a brand identity)?

They're still calling it "NewCo", if that's what you're asking. And some other not-so-minor details are also still either under development or under wraps, most notably the revenue model. But the general strategy has been announced: They want to be a full-service news organization, with everything from Greenwald's stuff to sports, and they want to trade on the personal brands of their top hires. And a lot of those hires have also been announced.

It seems a little odd to call this "stealth"; the more typical stealth startup has announced only its name, and none of that other stuff!

Are they? How can I get at them?

I don't know if they are, but you could probably email Glenn at the email/PGP key he provides on his twitter.

Good for him, I say. Opens up interesting opportunities.

Feel sad for BT employees though. With a company culture like this I don't think it's much of an attraction for smart, innovative folk.

They need to follow Microsofts lead and get rid of stack ranking - That would increase morale by 100% at a stroke the CARE scores (BT's internal 360 feed back system) would go through the roof.

I wouldn't have thought full stack ranking (i.e. actually firing the bottom x% each year) would be legal under British/European employment law.

IANAL, but it is possible to do this under UK law - employees in the UK can be fired for any or no reason for the first 2 years, providing they are not being discriminated against (religion, gender etc). After that, they can be fired if it is for fair reason, and a fair process is followed. Underperformed is a fair reason, and formal stack ranking is a fair process (i.e. no discrimination). The employer would need to update people on their performance regularly, and provide ailing employees with help to improve. Underperformed sales staff are fired regularly like this pretty much everywhere.

It is true that firing employees does expose an employer to litigation / tribunal, which can be expensive. However, an employer that is doing stack ranking and is prepared for that sort of thing would not fall victim to the usual things that get companies in trouble - not having good enough performance metrics to justify firing the only X in that department, or assigning unpleasant work to employees to drive them out (which can be seen as constructive dismissal).

I have also noticed some large companies hiring the bulk of their staff as contractors, and 'firing' them for 3 days a year so that they don't become employees. This would make them basically at will employees, but I am not sure how well this would stand up if tested.

This book is cool: http://www.cm-murray.com/little-books/little-book-of-uk-empl...

Interesting, thanks for the response and for the link.

> Underperformed is a fair reason, and formal stack ranking is a fair process (i.e. no discrimination).

Would you say that the legal definition of fair was that the outcome was non-discriminatory (for instance, not occurring on the basis of race, gender etc)? It seems to me that the system goes further than that, and is specifically designed to prevent employees from being fired because 'they didn't fit in', but rather for clear-cut performance reasons, and it would be trivial to argue that stack ranking was measuring the former, not the latter. i.e. you could argue, and it could well be the case, that your low ranking within a team was due to being outside a clique, or due to internal politics, and it didn't represent a fair measurement of performance.

Unfortunately in BT's case the PRP system (aka stack ranking) shows evidence of discrimination against these groups.

It's also very easy to manipulate and leads to massive gaming on the system one guy i knew was going for a promotion and was spending so much time in prep that as my boss said "he hasn't done any real work in the last 6 months"

ROTFL - you have no idea mate. - contrary to belief in Europe you can fire people for poor performance fairly easy and in the Uk employers can do stuff which would end them up in court in even right to work states - ie artificially make a subsidiary go bust to avoid paying statutory redundancy (so that the tax payer pays).

And soory if that sounded harsh but you can manipulate any PRP system to get that result - it was an openly admitted fact that every year the scores where manipulated to put the right number of people in the CAT 4 (in need of improvement) who where targeted for redundancy.

Even getting a CAT 2 or 1 wouldn't keep pace with inflation

(UK at least...)

You couldn't just point blank fire the bottom x% each year based on their ranking, you'd need to give the bottom x% warnings and put them on an improvement plan (so they have a chance to improve) and then, for those that don't, you can sack them.

Even then it may be tricky if you are cutting too deeply. Taking it to the extreme you couldn't use this method to fire the bottom 99% of employees as a tribunal would take that as constructive dismissal.

Firing the bottom 5%, after appropriate warnings/etc, is in the realms of possibility as there's a good chance that the employer can provide documentary proof that the employees fired were performing below expectations should a disgruntled employee take them to tribunal (which, sadly, now costs the dismissed employee £250 to file the claim and £950 if it goes to a hearing.)

I know for fact BT do not do this however it is my understanding that Amazon (and possibly other big US tech companies operating in the UK) employ their UK workers as contractors to the US subsidiaries to avoid employment law.

That would't work - the main reason they use a subsidiary is so that they can play around with tax.

Recently former BT employee here. The primary affects of stack ranking at BT is on bonus and raises. If you receive a sufficient number of sub-standard rankings then you would go through the usual UK process of being given warnings which tally up and could eventually lead to dismissal. It definitely is not the case that they fire the bottom x%.

There are a lot of smart, innovative people at BT. But move above direct line managers and it's... not pretty.

MBO's cause quarterly firedrills/death marches to get "something out" - objective reached! In the resulting bloodbath it's the IC's who get hung out to dry.

Also there are just too many people, with too many kingdoms, trying to do too many things in slightly different ways. There are so many 30 year vets who have their domain, and will sabotage projects that threaten it. There are some good 30 year vets who drive change, but unsurprisingly they don't get very far, and are aware that they are about to leave things in the hands of 20 year people who gleefully look forward to inheriting a job for the next 15+ years... :-/

So weird that Schneier was working for BT - As a Brit, this is the company that you have to buy a phone line from to get broadband, and that then spams you to buy their broadband with snail mail glossy leaflets once a month.

Britain is an extremely competitive telecoms marketplace.

BT is broken up into several independent companies. The business of physically laying last-mile copper and fibre and connecting customers is done by Openreach, who are required by OFCOM (the telecoms regulator) to provide fair and non-discriminatory access to their services to any communications company.

The same applies to BT Wholesale, who maintain the network and provide access to that network to communications companies. BT Retail are the company who send you glossy leaflets, but they have to compete under exactly the same terms as any other company - they pay the same prices to Openreach and BT Wholesale as Plusnet, Sky, TalkTalk or anyone else.

In addition, there's a completely independent fibre network operated by Virgin Media that covers the majority of households, and national coverage for HSPA from five different mobile operators. Brits love to complain about broadband, but I think we've got it pretty good.

I still have to pay a monthly "line rental" for a phone number that I don't use, in order to pay someone else for ADSL broadband. I didn't know (until seeing the various replies to this post) that it could be someone other than BT.

If the only existing mechanism for ADSL delivery is down a twisted copper pair that BT own, then it seems reasonable to pay BT for the use of that line. What's actually annoying is the way that you can't rent a line without buying a phone service as well.

Especially where in the USA you lucky if you have a duopoly. The one thing the uk did right was local Loop unbundeling.

And as a BT.A shareholder and ex employee I must admit to enjoying the fact that buzby is kicking that nice Mr Murdoch in the nads in football

No you don't. I've had broadband for years without having any relationship with BT.

but you had to pay for extra physical cables to be installed to your house right? and the same again every time you move?

Nope. It was already there when I moved in 12 years ago.

And even if I did, that still doesn't involve BT.

I don't have a BT phone cable at my house though, so would need to pay for that to be installed if I wanted to go down that route.

Interesting... I thought the old nationalised BT had cables to every house.

I just object to not being allowed to use the hardware already installed with a provider entirely of my own choice, which would be the most efficient way to run infrastructure businesses.

You can now get a PSTN connection without having a direct relationship with BT, through unbundling. I get my phone line from Zen (no relationship apart from being a happy customer). At the end of the day it's still a BT engineer who comes to fit the thing (assuming the wiring isn't there already), but it's your provider who has the contractual relationship with BT.

There's also the cable option, but if you go down that route then you're actually more tied in to a single provider for services than with PSTN/ADSL.

They had wires to any house that had paid to have it connected. I was 7 before we had a phone in the house, and they had to wire us up when that happened.

My current house had BT at some point (there's a BT access box in a cupboard, but it's not connected to anything), but it was gone before I moved in - I'm guessing either as a result of some roadworks having cut through the wires or possibly a BT upgrade of their infrastructure, but as the people who lived there before me were on what was Diamond Cable at the time, BT clearly didn't bother doing whatever was involved in rewiring the house back in.

BT was forced to unbundle the local loops years ago, and it's been possible to get broadband and phone services from a diversity of providers using old BT-installed lines for some time.

Don't BT end up getting some/most of the line rental money anyway; whether directly passed on or via a Wholesale Line Rental?

The price of which is regulated. It's still considered high by the ISPs that rent it.

A lot of the UK has cable, but also recently I believe they're now unbundling the exchanges in a lot of the bigger cities, which means you don't have to buy a BT phone line.

Although I've had terrible service from them in the past I thought I'd try their Infinity 2 FTTC service - we've had it a couple of months and I have to say I am pretty pleased. Download and upload speeds are great and the sports channels are a nice bonus (I have a rugby mad son).

My only real complaint about them is trying to work out how to actually get the £50 Sainsbury voucher they promised when I signed up. Fortunately this seems to be the only part of the process that suffers from the old-style BT Kafkaesque processes....

BT is more than just the ex GPO business they where moving into the big international business in a big way.

Ironically abroad BT is often seen as the fast new innovative disrupting company when compared to incumbent telcos.

+1 on the nope, I have Virgin Media. No installation fee & the line was run to the house years ago, we don't even have a BT phone line.

...well, unless you have access to cable.

As an Ex BT person I could see this coming a mile off with Bruces principled stand it could realistically only end this way.

And techcruch guys "ouster" are we channeling variety now!!!

I wonder if this has anything to do with the fact that BT has introduced an opt-out filtering process for internet access.


What sort of title is "security futurologist"?

Once you reach a certain level of skill and experience, like Schneier has, you sort of outgrow titles. I'd say he's a researcher and an educator.

Have you ever read his articles? I think that's as apt a title as any for Mr. Schneier.

Without doing any research on what he actually does at BT, that's probably between senior consultant/advisor and security evangelist, which he would speak about his cryptanalysis skill and be the go-to person when someone needs advise on security matter.


an awesome one

It's indicative of an interesting, less corporate future.

As knowledge workers become more important, then it's the personal capabilities (and integrity) that matter most - and that's not something that can be applied across a 100,000 person "enterprise" or mandated in policy procedures.

We shall see smaller companies, and more fragmentation of working relationships - so protect that reputation and that brand folks !

> NSA surveillance critic

Out of all of the possible titles they could have chosen for him, they chose this? Just lump him in with the other millions of humans that are critical of surveillance?

Thing is, about all he has ever been is a critic. Anybody got an example of his skill at anything but writing about crypto at the level of commentary and advocacy?

You obviously haven't read "Applied Cryptography" or looked at any of his algorithms.

Walking away is the greatest form of rejection. Kudos Bruce.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact