February 15, 2018

The renowned technologist Bruce Schneier visited SIPA February 8 for a conversation about “Securing Our Hyperconnected World.”

As Dean Merit E. Janow said in her introduction, Schneier “has been thinking about security for a very long time.” He has written 14 books and hundreds of articles, and is currently a fellow at Harvard University’s Berkman Klein Center for Internet and Society, a lecturer in public policy at the Harvard Kennedy School, a special advisor to IBM Security, and the CTO of Resilient.

The discussion among Schneier, Janow, and Senior Research Scholar Jason Healey was the latest event in SIPA’s Tech and Society Speaker Series, which focuses on emerging policy issues at the intersection of technology and policy.

Janow opened the discussion with a question: Is the open internet a historical anomaly or does it have a future?”

Schneier pointed to the internet’s origins as a tool for the academic community and suggested that nobody especially foresaw an internet that would connect to automobiles, power plants, airline reservation systems, and much more.

“The internet was designed by academics to talk about academic stuff and then it was used to talk about Star Trek, and then a lot of people were talking about Star Trek,” he joked. “And then suddenly we were doing commerce on it, and banks started using it, and the internet kind of accreted.”

“Can we live with the open internet? I guess the answer is yes,” he said. “These decisions were made in the ’60s and ’70s when none of this mattered, and countries are grappling with that.”

The internet has been at times a channel for exporting American ideals to the world, Schneier observed, but its openness is threatened by nation-specific regulations. As various countries push to create different sets of rules, the lack of uniform regulation could lead to a Balkanized internet.

“The U.S. is very much an outlier on national speech laws,” he said, citing the example of countries like China and Singapore to emphasize how views of openness diverge.

Janow asked if the decision to regulate—to potentially sacrifice the dynamism and innovation that correlate with openness—might reflect a country’s size or national character.

Schneier said that China is certainly advantaged by its size, which gives it a unique opportunity to insist not only on apps in its own languages, but firewalls that enable government restrictions on content.

A country like China “will impose restrictions on what Apple does, what Google does, and those companies will go along because it’s too big a market and they don’t want to pull out,” he said.

Countries without market power are less well positioned to pursue similar policies.

Europe is also a “regulatory superpower” but initiatives like the General Data Protection Regulation (GDPR), which will go into effect next month, are aimed at protecting consumers.

“The best of regulation will have a knock-on [indirect] effect on our market because Europe’s a large market; companies will tune their products and services to strict regulation and then we all benefit.”

Still, Schneier said he believes that it’s better to regulate companies as lightly as possible.

Schneier said he is most concerned with what he called precursor trends.

“I worry about the fact that large corporations control our data, our computers, our connections [in a way] that is perfectly legal, but that creates an environment where other risks are more capable of flourishing,” he said.

Schneier further emphasized the dangers of this as these companies were gaining more control:

“Companies like Apple are trying to control our devices, so if you have an IOT [internet of things] device, like a car or a thermostat, you’re controlling it through your phone,” he said. “This is now a single point of control, and Google and Apple own these points. Companies like Phillips and Siemens are trying to control these home systems; systems like Alexa are trying to also control your environment.”

The problem, Schneier said, will no longer be about data but about these new capabilities which will give companies “extraordinary control over how we interact with the internet of the future.”

Janow closed by asking, what skills would enable the next generation to better deal with these emerging issues.

“In cybersecurity, as in many areas, the policy debates are deeply technical and we need people who can straddle these, we need public interest technologists,” Schneier said.

About one fifth of students at Harvard Law pursue jobs in the public interest, he said, but the number of computer science students who similarly forego private-sector positions is much, much lower.

“I’m not just blaming the students—there aren’t the jobs to catch them,” he said. “We just don’t have that ecosystem and we need it. You must know tech to formulate the right policy, and it’s not just cybersecurity, this is going to be true for climate change, for food safety, and the future of employment. The more programs there are that marry tech and policy, the better we’re going to be able to navigate the next century.”

— Neha Sharma MPA ’18