Former DHS/NSA Official Attacks Bruce Schneier With Bizarre, Factually Incorrect, Non-sensical Rant
from the anyone-can-publish-on-cnn dept
Over the years, at times, I’ve seen people criticize Bruce Schneier for perhaps getting more publicity than other security researchers, but it’s rare to see people question his knowledge. The complaints often appear to stem more out of jealousy than anything else. But, I’ve never seen anything quite as ridiculous as this “CNN iReport” by Richard Marshall and Andre Brisson, which appears to be a blatant hatchet job attack on Schneier that is at times incomprehensible, at times factually incorrect and bizarre throughout. Marshall is a former NSA and DHS “cybersecurity” expert, but he’s now the CEO of “Whitenoise Labs,” (something not mentioned in the article). Brisson is the founder of Whitenoise Labs, and appears to have a beef with Schneier going back at least a decade if not more. Brisson and Marshall appear to not be particularly adept at explaining themselves, so the history is not clearly laid out anywhere. The short hand, as far as I can tell, is that Brisson thinks he’s discovered some magic elixir security solution, which Schneier mocked way back in 2003. Brisson now feels that the security community gives him no respect and even Defcon ignores his pleas to present his own brilliance.
Last year, Brisson appears to have hired Marshall, and the two of them see this as an opportunity to attack Schneier. It looks like there are two main points to the article: (1) they don’t like Bruce Schneier (2) they want you to know about their own solution, which even they admit Schneier dismissed as “snake oil.” But here’s the bizarre part. Even though it’s clear that they’re just trying to promote their own thing, pretty much the whole point of their article is that you shouldn’t trust Bruce Schneier because he blogs and he’s only trying to promote his own business. I’m not joking.
It appears that one of the sources of Mr. Schneier’s information are documents leaked by E.Snowden, fugitive American living in Russia and former contractor with Booz Allen Hamilton, and Glenn Greenwald, a journalist who worked with Mr. Snowden. Mr. Schneier’s intentions clearly have nothing to do with his convictions about privacy, as much as business and profit motives. It must be emphasized that blogs are not journalism: they are marketing tools specifically designed to try to sell a product, not to get to the truth.
Where to start? First off, it does not “appear” that one of the sources is Snowden, it is confirmed fact. Also, Greenwald did not “work with” Snowden. Greenwald is a journalist and Snowden was a source. Since then, the Guardian, whom Greenwald worked for, also brought on Schneier to help understand some of the Snowden documents. This is all public knowledge. Second, while Schneier does blog quite a bit, he’s also been regularly published in all sorts of news publications that have significant editorial staffs, including The Guardian, the Atlantic, Harvard Business Review, Wired and more.
The suggestion that he’s just some random blogger is obviously false, and pretty much everyone knows that. Furthermore, Schneier’s experience in the field is pretty damn well documented. His own firm, Counterpane, was acquired years ago by British Telecom and Schneier has obviously done tremendous work in the world of computer security for many, many years.
Weeks of research regarding Mr. Schneier’s claims have highlighted one of the most frustrating problems with the internet age. Because virtually anyone lacking serious journalistic credentials can, and often does, write or post freely on any subject, the resulting sheer volume of information available may lead people to believe that the reporting is even-handed and well-researched. Unfortunately, in many circumstances nothing can be farther from the truth.
Weeks? As noted: Brisson’s feud with Schneier appears to go back a decade. And it took me all of about 3 minutes to find all those well known publications that Schneier writes for. Brisson and Marshall (two people!) couldn’t find them in weeks? Also, I’m beginning to wonder if the above paragraph actually refers to the article by Brisson and Marshall a lot more than anything Schneier has ever done.
Because the very information analyzed and evaluated may result in policy, it absolutely demands that such information be subject to the highest and most stringent scrutiny and as such, deserves to be evaluated and vetted by verified experts, politicians, business leaders, and citizens with proven track records of integrity, honesty, and true concern for the public interest. It should not be done by those with a history of practicing self-interest over privacy and security.
Again, this is coming from people whose main purpose with this article appears to be promoting their own mocked security solution, and who regularly run silly promotional “contests” and “countdown clocks” designed to focus on their own self-interest.
For many weeks, it has been noted that volumes of proselytizing and dissemination of “opinion-as-fact” come from unverified information through Mr. Schneier’s self-promoting blog, other blogs and various online sites, such as gamer’s sites, of unknown, dubious reputation and/or expertise in the critical areas of cryptography and privacy and not from reputable publications as The New York Times or The Washington Post.
I’ll let that sink in for a bit. Notice, of course, that they leave out “The Guardian” and “The Atlantic” — two publications that Schneier does write for, with reputations that are at least on par with the two publications named. Also, it appears to leave out that both the Washington Post and the NY Times have been publishing stories quite similar to Schneier’s, and both have (at least some of) the same documents from Snowden, which these two guys mocked Schneier for using as his source.
Mr. Schneier decries the NSA and mandated law enforcement agencies empowered by our laws. Yet, Mr. Schneier’s track record shows, significantly, that at least twice over the last decade he has turned a blind eye to workable security (but he complains about privacy.)
This bold claim is not supported anywhere in the article. It likely refers to Schneier ignoring or mocking their own “solution.”
The article goes on to make some half-baked suggestions about how to deal with the NSA surveillance issues that suggest they don’t even understand what’s going on. Their solution? “using the improved security technology we have available to combat the fatal flaws of public key” technology — which of course is what their firm has been pushing on the world for years, and which ignores the fact that the evidence so far from Snowden has shown that public key encryption, when done right, still works pretty damn well.
Reading the article, it’s laughable. Nearly all of the attacks on Schneier are more accurately directed at the authors of that article. If the DHS and the NSA are looking to attack Schneier, they should at least try to find former execs who can write comprehensibly, and who didn’t go off to work for a foreign “security” company with dubious credentials.
Filed Under: andre brisson, blogs, bruce schneier, cybersecurity, dhs, ed snowden, encryption, nsa, reporting, richard marshall, security
Companies: whitenoise labs
Comments on “Former DHS/NSA Official Attacks Bruce Schneier With Bizarre, Factually Incorrect, Non-sensical Rant”
Whoopsie
He just attacked the face of Internet security. This will not go well for him.
I remember when TD used to be fun to read. Now it’s just NSA 24-7 whining. Obsess much, Mike?
So, is right term for amplifying it "Streisanding", or "Masnicking"? Discuss.
Well, I’ll just give you the answer: it’s Masnicking because unnecessary, distracting, and just trying to get page views.
Masnicking: daily spurts of short and trivial traffic-generating items.
09:20:00[k-401-0]
Re: So, is right term for amplifying it "Streisanding", or "Masnicking"? Discuss.
….just trying to get page views.
And here you are still viewing the articles.
OOTBing: hourly spurts of inane comments without forethought, logic, common sense or a purpose.
Re: Re: So, is right term for amplifying it "Streisanding", or "Masnicking"? Discuss.
And failing even at that. Pathetic.
Re: So, is right term for amplifying it "Streisanding", or "Masnicking"? Discuss.
But you already told us that “Masnicking” is when you masturbate while hitting refresh nonstop on Techdirt.com to find articles to troll.
Marshall and Brisson:
say the guys doing the CNN iReport.
Re: Re:
These days, journalism seems to mostly be about chasing “celebrities” and printing press releases. What actual information I do get mostly comes from blogs.
Re: Re: Re:
There is a reason they are called reporters and not journalists.
Re: Re:
I was gonna say the same damn thing. iReports ARE blogs. HA!
Re: Re:
http://ireport.cnn.com/about.jspa
“Everything you see on iReport starts with someone in the CNN audience. The stories here are not edited fact-checked or screened before they post.”
Re: Re: Re:
“Everything you see on iReport starts with someone in the CNN audience. The stories here are not edited fact-checked or screened before they post.”
But what I really want to know is, is this a good thing or a bad thing? That’s all I ever really want to know about a story from CNN when I am waiting for my airplane.
Re: Re: Re: Re:
Richard Marshall and Andre Brisson managed to tar themselves with their own brush. Any one got any feathers? It ain’t too long before they get relegated to covering important news like dog shows and kittens stuck in trees.
I’ve known Bruce Schneier’s name since the the mid nineties. Clem and Andre here just seem to have fallen off the Turnip truck.
Re: Re: Re: Re:
lol! I think it is a “Good Thing” but I’ve been wrong before…
Re: Re: Re:2 Re:
lol! I think it is a “Good Thing” but I’ve been wrong before…
Thanks Ben. I couldn’t resist…the money was just too good.
The sad thing is that I do tend to watch CNN far more than I should (even if it is background noise,) and when Jon did that bit, my ribs and side were hurting.
Re: Re:
If trying to sell something means you’re not doing journalism, wouldn’t it follow that nobody working for a newspaper or a TV network is a journalist either?
After all, they sell newpapers and they sell advertising slots.
Re: Re: Re:
And radio, and internet in some cases etc.
Re: Re:
I’m not sure if you are mocking the fact that they are publishing at CNN or that they published in a blog-like platform =/
Remember this is what passes for MSM. This is what average Joe comes home to listen to and think he is informed. If ever there were a recommendation for why it is such a bad idea for 6 major corporations to own all the major news outlets you have documented that here.
This is not about news. It’s about an attempt to discredit an expert so that his findings would be considered invalid. The bad part about it is it’s a hatchet job, poorly constructed, that might fool average Joe but not anyone actually knowing the facts prior to the programs’ attempt.
They also spammed the comments on another story here
This may not be the only time, but they put in a full length article comment on the last Bruce Schneier story:
http://www.techdirt.com/articles/20131031/15234825094/bruce-schneier-speculates-nsa-double-laundering-information-it-obtains-via-network-infiltration.shtml#c550
Marshall + Brisson
Well, you’ve gotta give them marks for transparency. Anyone who knows Schneier’s work can see clearly through these guys. Given their own reputations, they appear to be suffering from a case of clinical projection.
Re: Marshall + Brisson
Clinical projection? Don’t you mean clinical depression? After all, Schneier has the respect of the security industry that these two boneheads would only hope for! 🙂
these guys should drop security I am sure the government would be freaking out to hire these guys. Seems like a good fit.
while Schneier does blog quite a bit, he’s also been regularly published in all sorts of news publications that have significant editorial staffs, including The Guardian, the Atlantic, Harvard Business Review, Wired and more.
It appears that Bruce Schneier also publishes technical articles and books, as well. Here are some articles:
http://216.92.33.154/references/authors/bruce_schneier.html
See Wikipedia for books.
In short, Mike — you could have just collected his bibliography and listed it in your article — it’s called a vita — and you would cream these guys!!
hee hee hee
yet another Dunning-Kruger classic!
Re: hee hee hee
Wow that was interesting. I have noticed that the older and more knowledgeable I get, the less inclined I am to offer opinions based on that knowledge (because it might not be entirely right). But I didn’t know that was a good thing.
Maybe doing cryptography for long periods fucks with your brain somehow….the cited article reads like something a bright fifth-grader would come up with.
But wait- what’s this? The article was submitted to ireport.cnn by one Jacques Tetu. Who is this mystery man? Find out in the exciting book In Denial: Code Red by Andre Brisson. Here’s the teaser:
Backstop me on this one, but did Brisson use a character from his book to distribute his own article? How deliciously devious!
…but again, perhaps doing too much cryptography turns your brain into chow mien….
I think someone needs some schooling...
I think someone needs to be pointed to http://www.schneierfacts.com/
As a great bonus...
Not only are these two hawking snake-oil, but their “Whitenoise” stream cypher thats the center of their snake-oil (calling it a “One Time Pad” is a lie) is actually already known-broken!
http://eprint.iacr.org/2003/250
Truly sad..
It must have been really hard for these guys not to be able to express their personal frustrations for such a long period of time. This is pitiful and pathetic. I wonder why CNN have agreed to post something like this on their site ?
Schneier's credentials
Mike, you managed to omit some very important credentials Schneier has, which shows how much these guys are full of ****.
Schneier, alone or together with other cryptographers, has designed Blowfish, Twofish, Skein, Yarrow, Fortuna, and probably others I am missing.
These are not weak algorithms. Twofish was one of the finalists of the AES competition. Skein was one of the finalists of the SHA-3 competition.
He also wrote one of the leading textbooks in the field.
When it comes to cryptography, I trust Schneier more than those two guys.
“Eric Snowden” ?