Bruce Schneier – Communications of the ACM

Opinion Mar 24 2025

It’s time for new integrity-focused standards to enable the trusted AI services of tomorrow.

wave glow circle with motion of dots, illustration

Author Archives

Opinion May 24 2024

Lattice-Based Cryptosystems and Quantum Cryptanalysis

There have been decades of unsuccessful research into breaking lattice-based systems with classical computers; there has been much less research into quantum cryptanalysis.

Computing Applications

A lattice structure made to look like a chain-link fence.

Opinion May 9 2024

LLMs’ Data-Control Path Insecurity

We need to think carefully about using LLMs in potentially adversarial situations . . . like on the Internet.

Artificial Intelligence and Machine Learning

finger pointing at a whistle and a trail of data, illustration

News Apr 8 2024

In Memoriam: Ross Anderson, 1956-2024

A researcher, author, and industry consultant in security engineering, Anderson also was a professor of Security Engineering at the Department of Computer Science and Technology of the U.K.'s University of Cambridge.

Education

Credit: harry-m, licensed under CC BY 2.0

Opinion Oct 1 2015

Keys Under Doormats

Mandating insecurity by requiring government access to all data and communications.

Computing Applications

Opinion May 1 2007

The Psychology of Security

The information security literature is filled with risk pathologies, heuristics that we use to help us evaluate risks. I’ve collected them from many different sources. When you look over the list of exaggerated and downplayed risks in the table here, the most remarkable thing is how reasonable so many of them seem. This makes sense […]

Computing Applications

Opinion May 1 2005

Risks of Third-Party Data

Recent reports of personal information theft are coming in torrents. Criminals are known to have downloaded the personal credit information of over 145,000 individuals from ChoicePoint’s network. Hackers took over one of the LexisNexis databases, gaining access to personal files of 32,000 people. Bank of America Corp. lost computer data tapes that contained personal information […]

Computing Applications

Opinion Apr 1 2005

Two-Factor Authentication: Too Little, Too Late

Two-factor authentication isn’t our savior. It won’t defend against phishing. It’s not going to prevent identity theft. It’s not going to secure online accounts from fraudulent transactions. It solves the security problems we had 10 years ago, not the security problems we have today. The problem with passwords is that it is too easy to […]

Computing Applications

Opinion Oct 1 2004

The Nonsecurity of Secrecy

Considerable confusion exists between the different concepts of secrecy and security, which often causes bad security and surprising political arguments. Secrecy usually contributes only to a false sense of security. In June 2004, the U.S. Department of Homeland Security urged regulators to keep network outage information secret. The Federal Communications Commission requires telephone companies to […]

Computing Applications

Opinion Jul 1 2004

Insider Risks in Elections

Many discussions of voting systems and their relative integrity have been primarily technical, focusing on the difficulty of attacks and defenses. This is only half of the equation: it’s not enough to know how much it might cost to rig an election by attacking voting systems; we also need to know how much it would […]

Computing Applications

Shape the Future of Computing

ACM encourages its members to take a direct hand in shaping the future of the association. There are more ways than ever to get involved.

Get Involved