Bruce Schneier accuses security vendors of stalling anti-spam developments

Schneier discusses developments in encryption and anti-spam at the V3 Security Summit

Anti-spam is one area of security that could be improved, were it in the financial interests of security vendors, according to legendary cryptographer Bruce Schneier, speaking at the V3 Security Summit.

"It would be really good if we could delete spam in the middle of the network in the backbone, but there really isn't enough financial incentive to do this," said Schneier.

"That's why it is deleted at the end point which really is the worst place to do it. But that's the place you can bill or charge somebody."

Advances in cryptography are also occurring slowly but this is because businesses and governments have little requirement for stronger encryption standards, Schneier continued.

"We have all the cryptography we need. The US [National Institute of Standards and Technology (NIST)] will soon be announcing a new hash function," said Schneier.

"Will this be better than the old standard? Marginally. Will it be faster? A little bit. You know it's not that exciting. Crytopgraphy plods on. The real hard work is embedding cryptography in the system and then the system around it."

There are currently five teams competing to have their algorithm chosen for the NIST standard.

Schneier is one of the world's most renowned cryptography experts, having published a best-selling book on the subject, Applied Cryptograph y. He is currently the chief security officer for BT.

"There are not a lot of advances in crypto, but there is stuff around the edges and there is stuff that we in the field are excited about. But in terms of actual products and business we have all the cryptography we need. Making it work is what's hard," Schneier added.

Schneier also restated his arguments against electronic voting machines.

"Voting people who are used to creating voting machines are quick to build electronic machines and move to internet voting. But as an internet security person, I don't know how to make that secure, and I find this very worrisome," he said.

"You see arguments like 'we can make ATM machines secure so why can't we make electronic voting booths secure?'. ATMs are secure through the audit process. If something happens weird in the machines, you can go through every transaction, look at the video cameras, and figure out what went wrong and exactly where."

Schneier explained that because the voting process is anonymous, it is impossible to run audits on voting machines.

Schneier, who published his most recent book, Liars and Outliers in February, said it would be another couple of years before his next book appears.

The V3 Virtual Security Summit is taking place on 25 September. All the videos will be available to watch on-demand for a three month period following today's broadcast. Please click here to watch any of the sessions now.