Schneier on Security, published in 2008, is a collection of essays drawn primarily from the schneier-on-security-blog and the crypto-gram-newsletter, covering the period roughly from 2004 to 2008. It represents the security-commentator-era in concentrated form — the years when Schneier was publishing several substantial pieces per month on topics ranging from airport security to corporate privacy to voting machine vulnerabilities to the psychology of risk.
What the Book Is
Unlike Schneier's other books, which advance single sustained arguments, Schneier on Security is a collection of shorter pieces. The individual essays vary from two to five pages; the book is organized thematically rather than chronologically. This format reflects the original publication venue: the blog and newsletter are designed for frequent, topical commentary rather than sustained argument.
The collection's value is in demonstrating the range and consistency of Schneier's analytical method across many different security domains. The same framework — identify the threat model, assess the countermeasure, account for tradeoffs, ask who benefits — appears in pieces about identity theft and pieces about national ID cards and pieces about computer security vulnerabilities. Schneier's contribution is not a different analysis in each domain but the consistent application of a unified method.
Key Themes
The essays collected here engage most of the major security policy debates of the mid-2000s: the Transportation Security Administration and the security theater of airport screening; the REAL ID Act and national identity infrastructure; data breaches and corporate liability for security failures; the expansion of surveillance post-September 11; and the gap between computer security vendor claims and actual security outcomes.
The collection is a historical document as much as an analytical one. Reading it in sequence gives a picture of the security policy landscape of the period and of Schneier's position within public debates about it. Many of the specific issues — voting machine security, RFID in passports, no-fly list accuracy — were live controversies at the time that have since been partially resolved or superseded, making the collection valuable for understanding what those debates looked like from inside them.
Relationship to the Blog
The book should be understood as a curated artifact of schneier-on-security-blog, not as an independent creative work. Schneier's primary ongoing publishing venue is the blog; the book makes a selection of that output available in bound form. Readers who want the full ongoing corpus should go to the blog; the book is an entry point and a snapshot.
Position in the Arc
Schneier on Security (the book) captures Schneier at the height of his influence as a commentator — after the credibility established by secrets-and-lies and beyond-fear, but before the deeper theoretical work of liars-and-outliers and data-and-goliath. The essays are sharp and accessible but operate within the framework already established. The book does not represent a new development in Schneier's thinking so much as the sustained application of the existing framework across the full breadth of contemporary security policy.