Former DHS/NSA Official Attacks Bruce Schneier With Bizarre, Factually Incorrect, Non-sensical Rant

from the anyone-can-publish-on-cnn dept

Over the years, at times, I’ve seen people criticize Bruce Schneier for perhaps getting more publicity than other security researchers, but it’s rare to see people question his knowledge. The complaints often appear to stem more out of jealousy than anything else. But, I’ve never seen anything quite as ridiculous as this “CNN iReport” by Richard Marshall and Andre Brisson, which appears to be a blatant hatchet job attack on Schneier that is at times incomprehensible, at times factually incorrect and bizarre throughout. Marshall is a former NSA and DHS “cybersecurity” expert, but he’s now the CEO of “Whitenoise Labs,” (something not mentioned in the article). Brisson is the founder of Whitenoise Labs, and appears to have a beef with Schneier going back at least a decade if not more. Brisson and Marshall appear to not be particularly adept at explaining themselves, so the history is not clearly laid out anywhere. The short hand, as far as I can tell, is that Brisson thinks he’s discovered some magic elixir security solution, which Schneier mocked way back in 2003. Brisson now feels that the security community gives him no respect and even Defcon ignores his pleas to present his own brilliance.

Last year, Brisson appears to have hired Marshall, and the two of them see this as an opportunity to attack Schneier. It looks like there are two main points to the article: (1) they don’t like Bruce Schneier (2) they want you to know about their own solution, which even they admit Schneier dismissed as “snake oil.” But here’s the bizarre part. Even though it’s clear that they’re just trying to promote their own thing, pretty much the whole point of their article is that you shouldn’t trust Bruce Schneier because he blogs and he’s only trying to promote his own business. I’m not joking.

It appears that one of the sources of Mr. Schneier’s information are documents leaked by E.Snowden, fugitive American living in Russia and former contractor with Booz Allen Hamilton, and Glenn Greenwald, a journalist who worked with Mr. Snowden. Mr. Schneier’s intentions clearly have nothing to do with his convictions about privacy, as much as business and profit motives. It must be emphasized that blogs are not journalism: they are marketing tools specifically designed to try to sell a product, not to get to the truth.

Where to start? First off, it does not “appear” that one of the sources is Snowden, it is confirmed fact. Also, Greenwald did not “work with” Snowden. Greenwald is a journalist and Snowden was a source. Since then, the Guardian, whom Greenwald worked for, also brought on Schneier to help understand some of the Snowden documents. This is all public knowledge. Second, while Schneier does blog quite a bit, he’s also been regularly published in all sorts of news publications that have significant editorial staffs, including The Guardian, the Atlantic, Harvard Business Review, Wired and more.

The suggestion that he’s just some random blogger is obviously false, and pretty much everyone knows that. Furthermore, Schneier’s experience in the field is pretty damn well documented. His own firm, Counterpane, was acquired years ago by British Telecom and Schneier has obviously done tremendous work in the world of computer security for many, many years.

Weeks of research regarding Mr. Schneier’s claims have highlighted one of the most frustrating problems with the internet age. Because virtually anyone lacking serious journalistic credentials can, and often does, write or post freely on any subject, the resulting sheer volume of information available may lead people to believe that the reporting is even-handed and well-researched. Unfortunately, in many circumstances nothing can be farther from the truth.

Weeks? As noted: Brisson’s feud with Schneier appears to go back a decade. And it took me all of about 3 minutes to find all those well known publications that Schneier writes for. Brisson and Marshall (two people!) couldn’t find them in weeks? Also, I’m beginning to wonder if the above paragraph actually refers to the article by Brisson and Marshall a lot more than anything Schneier has ever done.

Because the very information analyzed and evaluated may result in policy, it absolutely demands that such information be subject to the highest and most stringent scrutiny and as such, deserves to be evaluated and vetted by verified experts, politicians, business leaders, and citizens with proven track records of integrity, honesty, and true concern for the public interest. It should not be done by those with a history of practicing self-interest over privacy and security.

Again, this is coming from people whose main purpose with this article appears to be promoting their own mocked security solution, and who regularly run silly promotional “contests” and “countdown clocks” designed to focus on their own self-interest.

For many weeks, it has been noted that volumes of proselytizing and dissemination of “opinion-as-fact” come from unverified information through Mr. Schneier’s self-promoting blog, other blogs and various online sites, such as gamer’s sites, of unknown, dubious reputation and/or expertise in the critical areas of cryptography and privacy and not from reputable publications as The New York Times or The Washington Post.

I’ll let that sink in for a bit. Notice, of course, that they leave out “The Guardian” and “The Atlantic” — two publications that Schneier does write for, with reputations that are at least on par with the two publications named. Also, it appears to leave out that both the Washington Post and the NY Times have been publishing stories quite similar to Schneier’s, and both have (at least some of) the same documents from Snowden, which these two guys mocked Schneier for using as his source.

Mr. Schneier decries the NSA and mandated law enforcement agencies empowered by our laws. Yet, Mr. Schneier’s track record shows, significantly, that at least twice over the last decade he has turned a blind eye to workable security (but he complains about privacy.)

This bold claim is not supported anywhere in the article. It likely refers to Schneier ignoring or mocking their own “solution.”

The article goes on to make some half-baked suggestions about how to deal with the NSA surveillance issues that suggest they don’t even understand what’s going on. Their solution? “using the improved security technology we have available to combat the fatal flaws of public key” technology — which of course is what their firm has been pushing on the world for years, and which ignores the fact that the evidence so far from Snowden has shown that public key encryption, when done right, still works pretty damn well.

Reading the article, it’s laughable. Nearly all of the attacks on Schneier are more accurately directed at the authors of that article. If the DHS and the NSA are looking to attack Schneier, they should at least try to find former execs who can write comprehensibly, and who didn’t go off to work for a foreign “security” company with dubious credentials.

Filed Under: , , , , , , , , , ,
Companies: whitenoise labs

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Former DHS/NSA Official Attacks Bruce Schneier With Bizarre, Factually Incorrect, Non-sensical Rant”

Subscribe: RSS Leave a comment
Anonymous Coward says:

Remember this is what passes for MSM. This is what average Joe comes home to listen to and think he is informed. If ever there were a recommendation for why it is such a bad idea for 6 major corporations to own all the major news outlets you have documented that here.

This is not about news. It’s about an attempt to discredit an expert so that his findings would be considered invalid. The bad part about it is it’s a hatchet job, poorly constructed, that might fool average Joe but not anyone actually knowing the facts prior to the programs’ attempt.

Anonymous Coward says:

while Schneier does blog quite a bit, he’s also been regularly published in all sorts of news publications that have significant editorial staffs, including The Guardian, the Atlantic, Harvard Business Review, Wired and more.

It appears that Bruce Schneier also publishes technical articles and books, as well. Here are some articles:

See Wikipedia for books.

Baldaur Regis (profile) says:

Maybe doing cryptography for long periods fucks with your brain somehow….the cited article reads like something a bright fifth-grader would come up with.

But wait- what’s this? The article was submitted to ireport.cnn by one Jacques Tetu. Who is this mystery man? Find out in the exciting book In Denial: Code Red by Andre Brisson. Here’s the teaser:

Dreamers Jacques T?tu and St?phane Creusat, a quadriplegic, have created the first exponential, quantum computing secure, identity based cryptosystem that can secure the Internet and eliminate cyber crime. They sustain themselves with a security consulting business and by teaching security courses at a local technical college.

Backstop me on this one, but did Brisson use a character from his book to distribute his own article? How deliciously devious!

…but again, perhaps doing too much cryptography turns your brain into chow mien….

Anonymous Coward says:

Schneier's credentials

Mike, you managed to omit some very important credentials Schneier has, which shows how much these guys are full of ****.

Schneier, alone or together with other cryptographers, has designed Blowfish, Twofish, Skein, Yarrow, Fortuna, and probably others I am missing.

These are not weak algorithms. Twofish was one of the finalists of the AES competition. Skein was one of the finalists of the SHA-3 competition.

He also wrote one of the leading textbooks in the field.

When it comes to cryptography, I trust Schneier more than those two guys.

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...