Bruce Schneier (previously) has spent literal decades as part of the vanguard of the movement to get policy makers to take internet security seriously: to actually try to make devices and services secure, and to resist the temptation to blow holes in their security in order to spy on "bad guys." In Click Here to Kill Everybody: Security and Survival in a Hyper-connected World, Schneier makes a desperate, impassioned plea for sensible action, painting a picture of a world balanced on the point of no return.


"Click Here…" describes a world where all the bad policy decisions of PCs and laptops and phones are starting to redound onto embedded systems in voting machines and pacemakers and cars and nuclear reactors. He calls this internet-plus-IoT system the "Internet+" and the case he makes for its importance is by turns inspiring and devastating.

That's because Schneier, more than the average policymaker or marketing blowhard, has a pretty good idea of what the actual benefits of these systems can be. He avoids the twin temptations of wholesale dismissal and breathless hype, and charts a course that manages the tricky business of being both nuanced and exciting.

That's the inspiring part. The devastating part will be familiar to readers of mine: all these devices are incredibly badly secured. Their manufacturers have terrible incentives and bad product quality-assurance processes, the governments who are supposed to be protecting us are actually sabotaging our electronic world so that they can weaponize it and spy on their enemies. This is bad enough when it's your laptop and phone, but this shortsighted foolishness is spreading as fast as Internet+ itself.

I've got a theory of change I call the "peak indifference" theory. The early stage of a crisis involves trying to convince people that the crisis even exists, because things haven't gotten really terrible yet and it's not obvious that there's anything to really worry about, and the people who profit from the status quo will spend liberally to convince people that there's no reason to worry or change anything (see also: climate change, Facebook, cancer from smoking).

At a certain point, though, the crisis is undeniable: too many things are failing, the momentum for bigger failures is building, and people start to get scared. That's when the activist's job flips: now we're not in the business of convincing people that there's a problem, now we're in the business of convincing them it's not too late to do something about it.


That's where "Click Here…" comes in. We have incurred an almost unimaginable technology debt, but Schneier has a payment plan — it's not even too onerous. He offers a host of modest, plausible, and effective changes we can make to how we regulate (and thus make) tech. Things like apportioning liability, creating oversight agencies, and clearing the path for independent researchers to blow the whistle on bad practices and for competitors and community groups to offer solutions to these practices, and dividing up the NSA into an offensive unit charged with spying on other countries and a defensive unit charged with keeping US computers safe (which will mean making it harder to spy on other countries, which is why they have to be separate entities).


Then, of course, Schneier explains why these modest, sensible ideas are unlikely to be adopted until the crisis has become a catastrophe, and lays out several catastrophic scenarios that will come as the result of unregulated markets and absurd "cyberwar" campaigns.


It's a devastating way of talking about the problem: solutions are at hand, if we want them, but our leaders lack the political will to realize them. It also suggests a roadmap to a better future: make these issues into ones that leaders make or break their careers on.


Schneier wraps up with a rumination on trust, corruption and crime. Authoritarian surveillance states are expensive propositions: because they treat their citizenry as enemies, they can never trust them to be a part of the national prosperity — instead, they have to squander blood and treasure on preventing cheating and gamesmanship, and drag around the dead-weight loss of everyday petty fraud and the lack of social cohesion it engenders.

A world wound around with technology could be a marvelous place, if we don't fuck it up.

Click Here to Kill Everybody: Security and Survival in a Hyper-connected World [Bruce Schneier/WW Norton]