In the span of just weeks, the US government has experienced what may be the most consequential security breach in its history—not through a sophisticated cyberattack or an act of foreign espionage, but through official orders by a billionaire with a poorly defined government role. And the implications for national security are profound.

First, it was reported that people associated with the newly created Department of Government Efficiency (DOGE) hadaccessedtheUSTreasury computer system, giving them the ability to collect data on and potentially control the department’s roughly …

Back in the 1960s, if you played a 2,600Hz tone into an AT&T pay phone, you could make calls without paying. A phone hacker namedJohn Draper noticed that theplastic whistle that came free in a box of Captain Crunch cereal worked to make the right sound. That became his hacker name, and everyone who knew the trick made free pay-phone calls.

There were all sorts of related hacks, such as faking the tones that signaled coins dropping into a pay phone and faking tones used by repair equipment. AT&T could sometimes change the signaling tones, make them more complicated, or try to keep them secret. But the general class of exploit was impossible to fix because the problem was general: Data and control used the same channel. That is, the commands that told the phone switch what to do were sent along the same path as voices…

This text is the transcript from akeynote speech delivered during the RSA Conference in San Francisco on April 25, 2023. 

There is a lot written about technology’s threats to democracy. Polarization. Artificial intelligence. The concentration of wealth and power. I have a more general story: The political and economic systems of governance that were created in the mid-18th century are poorly suited for the 21st century. They don’t align incentives well. And they are being hacked too effectively.

At the same time, the cost of these hacked systems has never been greater, across all human history. We have become too powerful as a species. And our systems cannot keep up with fast-changing disruptive technologies…

Listen to the Audio on NextBigIdeaClub.com

Bruce Schneier is a Lecturer in Public Policy at the Harvard Kennedy School. He is a cryptographer, computer security professional, and privacy specialist. He has been called a "security guru" byThe Economist.

Below, Bruce shares 5 key insights from his new book,A Hacker’s Mind: How the Powerful Bend Society’s Rules, and How to Bend them Back.

1. Hacking is ubiquitous.

We normally think about hacking as something done to computers, but any system of rules can be hacked. Take the tax code as an example. It’s not computer code, but its code is a series of rules, of algorithms. It has vulnerabilities—we call them loopholes. It has exploits—we call them tax avoidance strategies. And there is an industry of black hat hackers finding exploitable vulnerabilities, whom we call tax attorneys and tax accountants…

Every year, an army of hackers takes aim at the tax code.

The tax code is not computer code, but it is a series of rules—supposedly deterministic algorithms—that take data about your income and determine the amount of money you owe. This code has vulnerabilities, more commonly known as loopholes. It has exploits; those are tax avoidance strategies. There is an entire industry of black-hat hackers who exploit vulnerabilities in the tax code: We call them accountants and tax attorneys.

Hacking isn’t limited to computer systems, or even technology. Any system of rules can be hacked. In general terms, a hack is something that a system permits, but that is unanticipated and unwanted by its designers. It’s unplanned: a mistake in the system’s design or coding. It’s clever. It’s a subversion, or an exploitation. It’s a cheat, but only sort of. Just as a computer vulnerability can be exploited over the internet because the code permits it, a tax loophole is "allowed" by the system because it follows the rules, even though it might subvert the intent of those rules…