Schneier on Security
A blog covering security and security technology.
« Insider Attack Against Diebold Voting Machines |
| FBI-Sponsored Backdoors »
October 5, 2011
Status Report: Liars and Outliers
Last weekend, I completely reframed the book. I realized that the book isn't about security. It's about trust. I'm writing about how society induces people to behave in the group interest instead of some competing personal interest. It's obvious that society needs to do this; otherwise, it can never solve collective action problems. And as a social species, we have developed both moral systems and reputational systems that encourage people behave in the group interest. I called these systems "societal security," along with more recent developments: institutional (read "legal") systems and technological systems.
That phrasing strained the definition of "security." Everything, from the Bible to your friends treating you better if you were nice to them, was a security system. In my reframing, those are all trust pressures. It's a language that's more intuitive. We already know about moral pressure, peer pressure, and legal pressure. Reputational pressure, institutional pressure, and security pressure is much less of a stretch. And it puts security back in a more sensible place. Security is a mechanism; trust is the goal.
This reframing lets me more easily talk directly about the central issues of the book: how these various pressures scale to larger societies, and how security technologies are necessary for them to scale. Trust changes focus as society scales, too. In smaller societies (a family, for example), trust is more about intention and less about actions. In larger societies, trust is all about actions. It's more like compliance. And as things scale even further, trust becomes less about people and more about systems. I don't need to trust any particular banker, as long as I trust the banking system. And as we scale up, security becomes more important.
Possibly the book's thesis statement: "Security is a set of constructed systems that extend the naturally occurring systems that humans have always used to induce trust and enable society. This extension became necessary when society began to operate at a scale and complexity where the naturally occurring mechanisms started to break down, and is more necessary as society continues to grow in scale."
So the phrase "societal security" is completely gone from the book. (Like the phrase "dishonest minority," it only exists in old blog posts.) There's more talk about the role of trust in society. There's more talk about how security, real security this time, enables trust. It felt like a major change when I embarked on it, but the fact that I did it in three days says how this framing was always there under the surface. And the fact that the book reads a lot more cleanly now says this framing is the right one.
The title remains the same: Liars and Outliers. The cover remains the same. The table of contents is the same, although some chapters have different names. The subtitle has to change, though. Candidates include:
- How Trust Holds Society Together -- my publisher probably won't allow me to write a book without the word "security" somewhere in the title.
- Security, Trust, and Society -- not punchy enough.
- How Security Enables the Trust that Holds Society Together -- probably too long.
- How Trust and Security Hold Society Together -- maybe.
Any other ideas?
The manuscript is still due to the publisher at the end of the month, and publication is still set for mid-February. I am enjoying writing it, but I am also looking forward to it being done.
Posted on October 5, 2011 at 7:38 PM
• 189 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
Well from purely financial considerations can I suggest "Harry Potter and ...." ?
1 is the only one I like.
Of the 12 "books" listed on Amazon for you, only 5 have "Security" in the title or subtitle.
Also wanted to mention I hate you for being able to fully-realize a rejiggering of a book in a weekend. Everything I try takes /forever/. Though maybe you are just well-practiced.
"How Security Enables Trust and Holds Society Together"
Just my humble rewrite. Can't wait for the book.
I like No. 4 the best, but how about something like "How Trust and Security Bond Society"....something maybe stronger than "hold ... together" ...
And what does your publisher think about things like "our" society, making is all feel bound together?
Whatever you decide, sounds like a great read! Good luck!
"You must trust someone for security, but whom, when, and how?"
How to secure trust and trust your security?
Or perhaps even: "How to secure trust -- when to trust your security"?
You know, I keep thinking of how trust and security keep us marching to the beat of the same drummer, while the outliers from the Gandhi's to the Manson's would be considered to march to the beat of different drummers. Sort of a reverse cliche (I won't get into how that is ironic). Maybe something like how security and trust keep society marching in rhythm?
"Trust, Security and Society"
Can't resist taking a run at it:
Why a trusting society needs security
How security builds a trusting society
Why big communities need security
I'll keep playing :)
Minor variant on the first one: How Trust Secures Society
How We Achieve Security Through Trust
How Trust Underlies Security
Trust: the Foundation of (Our) Security
Trust: the Foundation of a Secure Society
Trust Is All That Binds Us Together
How Security Enables Trust (shorter)
or How Security Enables Trust and Holds Society Together
I'm not sure this word 'trust' is any less deep and squishy than 'security'. I recently met someone who had just completed his (security related) PhD dissertation on the dimensions of this word.
You may end up having to write another book on it, a prequel. Perhaps your publisher will like this.
Security enabling Trust at scale
Scaling Trust requires Security
If you trust, then you don´t need security.
Reagan's quote of "Trust but verify" comes to mind. From Wiki: Trust, but verify was a signature phrase adopted and made famous by U.S. president Ronald Reagan. Reagan frequently used it when discussing U.S. relations with the Soviet Union. Reagan rightly presented it as a translation of the Russian proverb "doveryai, no proveryai" (Russian: Доверяй, но проверяй). Soviet revolutionary Vladmir Lenin also frequently used the phrase.
The phrase was learned by Reagan from Suzanne Massie, a writer on Russia. She told Reagan, "The Russians like to talk in proverbs. It would be nice of you to know a few. You are an actor – you can learn them very quickly". 
After Reagan used the phrase at the signing of the INF Treaty, his counterpart Mikhail Gorbachev responded: "You repeat that at every meeting," to which Reagan answered "I like it."
Leave off the subtitle. Your title stands on its own. Be brief.
Liars and Outliers: Trust, Security, Danger.
Liars and Outliers: Trust & Security in a Dangerous World.
Building a society based on trust
You could tack "and security" on the end if needed.
In this blog post: http://newschoolsecurity.com/2010/05/...
I called security a "judgment about the present" because it answers the question "Am I secure?", which is in line with your reframing.
Implicit in any trust or security assessment is the notion of future probabilistic losses -- "what could go wrong?" and "how likely?"
I don't have an appropriate subtitle, but I want to say you have really zeroed in on what is important.
Trust is the foundation of security.
I run NIS 2011 on some of my machines and Norton 360 on the others. Why? Because I _trust_ Symantec and 99% of the people who work on their security programs.
If they start making too many mistakes, that will change, which is why I no longer _trust_ another security software company I used to run on my machines.
Which brings me to the next part. I trust them because I don't know any better. I think they are doing the best that can be done and that they know what they are doing. But what if all of the less-than-$100 commercial security software programs are really bunkum, but I don't 'have a need to know' that because I can't afford what would _really_ protect me on the internet anyway, so just let the commoners think everything is OK so we can get on 'wit da bidness'.
One thing that really bothers me is a particular change in morals that has occurred in this country in my lifetime. It is deceit. Deceit in all forms used to be anathema, verboten, unacceptable. At least it was in my part of the country.
Somewhere along the decades, it became acceptable to scam someone if they were stupid enough to let you get away with it. One prime example is 'fine print'. Didn't you read the 'fine print'? Didn't you read 'the EULA'? 'Well, if you were stupid enough to believe me, you deserve what you got.'
Right now, commerce sites are telling me their websites are 'secure' and it is 'safe' for me to type in my credit card at their site. No way they are going to warn me about bogus certificates or hacked SSL protocols. And they typically don't volunteer the information that their customer databases have been hacked until someone threatens to 'out' them.
My point is that the _trust_ has to come first ... before I feel any _security_.
I think #3 is backwards, Bruce ...
'Why Trust is the Foundation of a Secure Society' ... but then that statement is so obvious it is boring ... (g)
Good luck dreaming up something for the subtitle that will pique interest ... I have one of your books, so I know you are an engaging writer (plus Cryptonomicon, of course), and I am looking forward to this book.
I don't like the title, but that doesn't matter ... it is the 'Outliers' part that leaves me blank ... maybe you should elaborate on what you mean by that term in the subtitle. I know from reading the posts about the new book that the 'Outliers' are those who don't conform ... don't stay within the bounds of societal norms, but the term is not in common usage, so it did not readily form a conceptual image when I first saw that title choice.
So glad it is you and not me having to come up with a 'get the book in their hand' subtitle ... (g)
cheering for success ... van
Something about a three-legged stool like:
The Three-Legged Stool: Security, Trust and Society
Security, Trust and Society - The Three-Legged Stool
"security and trust"
"trust, security and that actors that bind them"
Another for the suggestions list:
"How trust built society"
And another suggestion - a signed copy for anyone who comes up with a subtitle you actually use!
How security holds society together through trust.
How security leads to trust, and trust holds society together.
Security, trust, and keeping society functioning.
Security, trust, and functioning society.
I also like Canyon R's suggestion.
The security and insecurity of trust
Number 1, if nothing else tickles your fancy.
Being predictable is a common courtesy and expected social norm. Black swans are not welcome and weaken trust. I would suggest,
"Trust, the precursor to security and society."
>If you trust, then you don´t need security.
And if you are wrong, you get reamed.
I linked this post on HackerNews and asked the question there: "What other mechanisms do you see helping improve social trust?"
I liked "Trust + Security = Society."
Then I read Bill's "In Security we Trust." Excellent!
Liars and Outliers: Trust and other lies
"Liars & Outliers: Security Is Who You Trust"? Something to connect the idea of familial or individual trust with the larger point.
Where do we get our moral code?
How Security Scales Trust
How Trust Holds Society Together
This seems to suggest a reframing that goes in a direction that leads to some uncomfortable conclusions, at least for me. Like security theater; "it's not for the sake of security, it's for maintaining trust" (and it just might be the right tool for that job). Is that completely off the mark?
Anyway, I'd go for something too wordy like "How trust holds society together, and the role of security in building trust" which is probably completely unrealistic on a book cover..
There is a book about Empires Of Trust.
Might be a good read for this topic.
It's not entirely clear right away what "Outliers" refers to.
That being said, assuming that I'm constrained to #s 1-4, I like #1 best.
Since you believe you trust me,
You may well ask me,
'What is this security?'
When we seek security,
We seek to be free
From the acts of enemies.
Of denied action;
Trust is an expressed action,
That produces a savings
From repeat actions,
By relying on someone.
- from Tulsa Davenport's Noire,
with permission, for
Bruce Schneier's blog-posting here.
Security Outside the Theater
My preferred variation on the theme:
Security, Society, and the Trust
That Holds Them Together
How trust secures society.
In these times it's more like "Society without tust for security".
If everybody is trustworthy then you never need security added on - the Incas left their jewels - unlocked up - open for anyone to steal - and no one did until the Europeans arrived.
Sorry I forgot the punch line: the Europeans were the outliers in that case.
"How Security enables Trust in Complex Societies"
A must-read: "International Systems in World History" by Barry Buzan. Covers similar ground and is sure to be informative for your thesis.
Regarding moral codes, here is my candidate for a universal social code:
"Every person is sovereign, except to the extent that a person has violated the sovereignty of another person, and has not yet made full restitution to that person, thereby restoring the integrity of the injured person as well as the sovereignty of the injurer."
This formulation of the universal ethic of reciprocity (the "Golden Rule") makes individual sovereignty conditional on respecting the sovereignty of others, thereby exactly matching freedom (sovereignty) and responsibility (liability), thus making it an inherently self-balancing and self-enforcing system. It institutes natural restitutive justice, rather than punitive justice. All valid human rights, such as life, liberty, property, freedom of thought, expression, movement, association, contract, etc. are either corollaries of this statement, or are consistent with it. But this statement also excludes many so-called "rights" that violate the genuine rights of others. It also excludes limited liability entities such as corporations, which systematically corrupt incentives and destroy society, as we are now witnessing around the world. There is much more to be said about this statement and how to build an advanced legal system and society around it, but this is enough as an introduction.
- "Security is a mechanism, trust is the goal"
- "Security...it's all about Trust"
- "Securing trust"
Society, Security, Trust: a love triangle
Because security can mean both the state of being free from harmful actions of others and the means by which you try to avoid these actions or their effect, I wouldn't try to describe the causal relationship between trust and security in the subtitle.
I also find saying that security (measures ?) hold(s) society together a strong statement, particularly with the implication that it may be the only thing. Yet it's not strong enough to pass as an obvious exaggeration like "Only the paranoid survive."
Not making this link would also cover the evolution of certain security measures as society develops, without these measures contributing directly to the development.
So, borrowing from Johann Gevers, how about
"Trust and security in a complex society"
"Trust and security in our complex society"
If you like to emphasize the aspect of the co-evolution of trust and society. it could also be "growing" or "expanding" instead of "complex". "evolving", "developing", or "changing" would also fit but have ambiguity issues as well.
Securing trust, trusting security
Can we trust security to secure trust
"Trust, Security, And The Scale Of Society"
Liars and Outliers or "Trust me, I'm a security expert"
Bruce, you don't need a subtitle.
Liars and Outliers
Let the title be the title. Put your name on it. The book needs nothing more.
Security as the Mechanism of Trust - though maybe too abstract
From a marketing point, i like Trust but Verify which captures the ideas you have blogged, and may get you some unintentional readers.
Daniel's suggestion Security and Trust in a Dangerous World really popped, and it was the only one that did.
Securing Society Through Trust
trUSt in US (Unique/Universal Security) :-)
I was going to suggest "In security we trust" but someone beat me to it.
Of the ones you posted, #4. Other suggestions:
Trust, But Verify
Who To Trust and When
Securing A Trustworthy World
(or) Security In An Untrustworthy World
By reading your post, resilience is a key factor for the security of the society. Trust appears to be a cultural component of such a resilience.
Material security, economical security or ecological security are, among others, some of the key components.
Please go and see resalliance (in google) to have clear view on the process and the panarchy which will give you a systemic perspective of resilience.
Liars and Outliers: About Society trusting Security
"How society, secure in trust, trusts security"
I agree that it should help explain "Liars and Outliers"
Securing trust in the midst of adversity
The Trust of Society is the Security of Society?
I wonder about the words 'That phrasing strained the definition of "security." '
What definition was that?
I'm ignoring the 'definitions' that go on about the CIA triad -- it's fairly obvious they don't work as definitions, except perhaps in a very academical sense.
"How trust emerges from security"
"From security to trust"
Liars and Outliers: Trust at the Margins of Security
Liars and Outliers: Trust at the Borders of Security
I'm thinking something alone the lines of "Security and Trust: Societal Glue" but that doesn't quite work. Maybe the rest of you can help tweak this idea?
"Why trust is the glue of society and how security makes it possible."
I think this reframing is key. It's amazing how many people, particularly libertarians, don't realize that trust is a key ingredient to societies larger than a village. Consider the amount of trust you have in people you will never meet whenever you buy a gallon of milk from the corner store for your kid's cereal. You are trusting your kid's health to the good graces of a thousand people, most of whom you would never leave your kid with, precisely because you don't know them. The only reason I trust them is the many layers of security that act on them to ensure the quality of that gallon of milk.
Trust, but Verify: the Connections of Trust and Security
Honestly, I would think your publisher would highly support a book without the word "security" in it. From a business standpoint, everyone that knows your work already knows it will have a security twist. Anyone who doesn't already know your work and specifically those outside of the field you are in will be turned off by the word security in the title. Everyone cares about trust as that is an interaction everyone believes they have some grasp of and wants to know more about.
I think if you want to reach a broader audience, use #1 and explain how security is integrated in your prologue.
Just my humble opinion
I'm with the other three commenters who proposed subtitles including cognates of "scale". It's repeated lots of times in your summary, including in the paragraph describing the "central issues". Hence:
Liars and Outliers: Scaling Trust With Society Through Security
Raoul beat me to it: Securing Trust and Trusting Security.
Your reframing makes a lot of sense. If you still were using the phrase, the reframing would require a change to "the dishonest minority." While few liked that phrase I expect that the reframed phrase would work well: "the untrustworthy minority."
I myself would have no problems considering Gandhi untrustworthy, in this context.
Foundations of Trust in a Secure Society.
I am really looking forward to the book.
Security, Trust and the Rise and Fall of Civilizations
If my own assumptions are accurate, you can work in how the global economic systems are lacking in sufficient global security/trust systems. Something like that.
subtitle: "The role of Trust and Security in modern society"
How Security Lets Us Trust Strangers
subtitle:How the interaction of trust and security hold a society
I like the phrase "Security and Trust" better than "Trust and Security." There's something about putting the monosyllabic "trust" at the end of a phrase that sounds...punchy.
With that in mind, I like a modified #4: "How Security and Trust Hold Society Together"
Witha nod to Simon's "Securing Trust" and the other practisioners of brevity above who led me this:
Trust: Security Cements Society
I second all those that suggested going without subtitle. I thing the brand "Bruce Schneier" is by now strong enough that a subtitle will not make any difference.
And "Liars and Outliers" _without_ subtitle is strikingly elegant!
@gabriel: since there's no IM here, and this is of particular distraction to me:
use of 's is short for 'owns' when attached to a noun (ignore pronouns). Plural is formed by skipping the apostrophe.
"the Gandhi's" refers to something Gandhi owns. "The Gandhis" would refer to multiple Gandhi-like individuals (or, in different context, multiple individuals named Gandhi).
With pronouns, the rules are different. Many pronouns like "his" and "hers" have possession is built in, and many pronouns have singular/plural built in (you, their). Where possession is not built in, pronouns take the opposite form from nouns: "it's" = "it is" whereas "its" = "it owns".
Security versus Trust: a Means to an End
As the marketing manager at Wiley for Liars & Outliers, I truly appreciate the reader feedback and insight that we've had throughout this process with the cover and title.
As Bruce mentioned in his post, we're still working on the subtitle. The subtitle needs to be succinct while offering a few key insights into the book. It also needs to compliment the title. Basically a reader needs to immediately know what the book is about (and want to read it).
I see some interesting suggestions here that we will absolutely take into consideration. Bruce knows his book and continues to ensure that we're accurately representing it.
This part of the publishing process is often what gets me most excited. I love seeing how words and knowledge work together to inspire and educate someone. And, yes, I still get uber excited about titles and subtitles. It's in my blood.
Thanks, again, for the insight and suggestions.
John Wiley & Sons
Liars and Outliers: How security drives societal trust
You should work with Brene Brown. Great cross overs between vulnerability and trust. How secure should we be. Do we lose what we're trying to gain by being secure?
Some of the comments surely give me pause. I think it's important to realize that the whole "trust and society" issue has been beaten to death in the social sciences, particularly in the political sciences, during the last half century. What the "glue" is that holds modern society together is not a new question.
For those who are interested in this question I would suggest as a place to start the book "Lying" by former Harvard professor Sissela Bok. She argues that lying is not nearly has bad as people make it out to be and that honesty is not always the best policy. Then there is the classic "Postmodern Bourgeois Liberalism" by the late Stanford professor Richard Rorty. He argues that the whole concept of trust is, at best, just a marketing ploy and completely unnecessary for social sustainability. Indeed, there has been an interminable academic war between Rawlsian ideas of social security and Rortyian ideas of social security.
My point is that /if/ the point of Bruce's book is that trust and security is the "glue" that holds society together then there are plenty of people on the record who have already said NO NO NO.
Trust but Verify Security
Trust is default, Security is Verified
Secured by Trust?
Disclosure: I'm with the publisher...
My biggest goal is to get someone to understand immediately what the book is about by reading the title and subtitle. Sure there is a natural link between SCHNEIER and SECURITY, but in no way do I have to have that anywhere in the title to help me sleep at night. What exactly does "trust" mean to a reader? It's a very broad word, and I think that's where we're getting into a little trouble here. How are we trusting? Who are we trusting? Why is trust important? That's what I think when I see that in a title. And I certainly don't want to throw "security" in there if it doesn't belong.
I see a couple of interesting ideas, but it's really Bruce who knows this work best, and can help guide us to the subtitle that tells the story of it best.
FWIW, I love that Bruce has such engaged readers and that you want to participate in such a conversation. It's beyond helpful to have close to real time interaction about these kind of things.
I went thru all of these:
Security by acceptability
Security by agreability
Security by believability
Security by credibility
Security by defensibility
Security by explainability
Security by gullibility
Security by ideality
Security by nonsensibility
Security by suggestibility
Security by trustability
While I like some of them quite a bit, I wound up with this:
Security by truthiness
@:How Security Enables the Trust that Holds Society Together -- probably too long.
@How Trust and Security Hold Society Together -- maybe
I like the first because it shows the dependency of trust on security. But you're right about the length. The second is shorter but does not show the relationship.
"How security enables the trust that sustains society."
"Security enables trust...
...trust sustains society."
"From personal trust to societal security"
"I realized that the book isn't about security. It's about trust. I'm writing about how society induces people to behave in the group interest instead of some competing personal interest."
This is very interesting, I like the reframe -- I'd read it. But it seems like a huge topic. If you're really going to get into "...how society induces people to behave in the group interest", you'll be getting into all the sociological classics on social compact -- to me an essential foundation. I'm sure you could weave an interesting thread to security and trust -- you could pull anything out of those sociological treatises. Maybe I'm thinking to expansively, but it's not clear to me how to do justice to all three topics (security, trust, social compact) without short-changing one of the other, especially what to date has been your main focus -- security.
tl;dr all the comments
can't think of something more punchy, sorry.
Good luck! Here's hoping it becomes a best seller and A MOVIE!
Social Trust in an Age of Insecurity
I intend "insecurity" in both the "personal feeling of anxiety" subjective sense, and the "not completely trustworthy" objective sense. Why? To go with the liars (deceivers) and outliers (statistical anomalies) of the title.
"How Security Enables Trust in Society"
"How Security Enables Trust in a Diverse Society"
"How Security Enables Trust in a Disruptive Society"
Have you considered whether you should be publishing a book on this topic if you don't understand it completely yourself?
I'll have a go ...
"How Security affects the margins of trust in Society"
"Security as a trust enabler in everyday society".
Worst suggestion: "The three-legged stool", which I kinda imagined myself as some mutant turd with paws. (no offense meant, Mark; I may just be having an episode of anal fixation and I should see my analyst.)
"Trusting Trust" is taken
The Role of Trust in Security and Society
or simply: Trust, Security, and Society (a variation of #2).
Trust should come first, because it's the central theme; it's what security is all about - allowing access for the trusted, while preventing access by the untrusted, and how to establish trust (identity/authentication/authorization).
I think you put it best above: Security is a mechanism; trust is the goal
A quick change would just be:
Security is the mechanism; trust is the goal
I just settle for reading something that I can understand, Alice in Wonderland.
Security: Who should you trust and when?
"The good of society" is itself a question-begging term -- and assumes uncritical trust by a vast majority in the people who get to define what it means.
And uncritical trust in anybody or anything is a very bad idea.
"How Society has scaled Trust to become Security."
Trust and Security in the Computer Age
How Society and Security Are Built on Trust
As a subtitle for the book, may I suggest:
"gaming your trust in security"?
Liars and Outliers: Trust, Security, and Society In the Age of Convergence
Liars and Outliers: Why Security Is Trust.
Liars and Outliers: Security as an Enabler of Trust
Liars and Outliers: The Role of Security in Enabling Trust
Liars and Outliers: Security Enables Trust
Liars and Outliers: Trust Enabled by Security
Liars and Outliers: Trust and Security in the 21st and Beyond
You said it yourself, if you noticed. Your sub is thus: "Security is a mechanism; trust is the goal"
Liars and Outliers: Who do you trust?
Liars and Outliers: Founding Trust of Such Society on Security Systems
I liked David's "Security and Trust in a Dangerous World" but I think that "Security and Trust in a Complex World" is more on point and simpler than Johann Gevers' "How Security enables Trust in Complex Societies". It seems you have points to make both ways, the impact of security on trust and the impact of trust on security, so I like "and" as the operator.
"How Security Enables Trust in Modern Society"
Securing Trust in a Deceitful World
As Bruce mentioned in his post, we're still working on the subtitle. The subtitle needs to be succinct while offering a few key insights into the book. It also needs to compliment the title. Basically a reader needs to immediately know what the book is about (and want to read it).
You need to keep thinking.
The subtitle suggestions here are indistinguishable from one another. A random phrase generator could have written all of them. The upside is that once you read through them, you realize they're all gibberish. Now you know the problem. How are you going to solve it?
Putting "trust", "security", etc into a bag, shaking, and pulling out another subtitle isn't going to produce anything brilliant. Neither will asking a thousand people in an echo chamber produce anything other than a committee response.
A title is most elegant and makes its strongest impact when it stands alone. Maybe the problem lies not in the subtitle, but some other place. Do not be averse to creating a better cover. Do not strike down the idea of providing the phrasing you want in something other than the subtitle. Title up top, "Security & Trust Expert" above Bruce's name.
Just keep thinking.
(fwiw, I don't think I like the specific example at the end of my post there. It's just an example of what I meant.)
i woulg suggest a short, complex phrase. Then task you to explain it.
1. Securing Societal trust
2. Trusting Societal Security or Trust in Societal Security
3. Secrity and Trust in changing sociey
...How trust enables our illusion of security.
"Trusting one another in a world where we don't know each other."
Best of luck with the book Bruce. Can't wait to read it.
In the OP I like #4 the best. Or perhaps - Liars and Outliers: Comprehending Trust in Our Systemic Society
Security's Society of Trust
Liars and Outliers: why 'trust' is a four-letter word
Add another punchy word to get:
Threats, trust and security.
The secrets of trust and the lies of security.
Security is nothing more than Control. In a balance of Trust vs Control we find our value of Liberty. Depending upon the pendulum, be it big or small or a healthy balance. Thoreau hinted as such. We all strive to be unshackled and free requiring there to be no control and only trust. But then she bit the ruddy apple and all went pearshaped. (I'm not blaming women, it could very well be he egged her on ;)
We all want Control. Desire it. For being cheated on or slighted, feeling uncertain and vulnerable all the time is too much to bear. Being in control gives us certainty and steadiness. But Dr Brene Brown put all that in plain perspective and taught me a much needed life lesson. For in the end to be in control and using it to give you certainty and confidence towards others is cheating yourself. You should already be confident and certain in yourself. This resilience and self-respect comes from a good upbringing.
One does not demand when leading, one commands. The best military commanders understand this. Patton himself always valued a loyal staff officer over a brilliant one.
Control is doing
Trust is being
I bought a t shirt long ago. It had written on it:
To be is to do
To do is to be
Do be do be do
Considering life and the wobblies it throws us, I reckon Frank was closer to the truth. ;)
After reading all of the comments, one subtitle (by Johann Gevers) definitelly stands out:
"How Security enables Trust in Complex Societies"
If I understand your book's thesis statement correctly, that subtitle would just nail it. We live in a complex society. Living together is based on trust. "Natural" (as in e.g. old family-clan-like societies) trust does not work in complex societies, thus security "emerged" to establish trust. So basically: Security -> [enables] -> trust -> [enables] -> complex society. Johann Gevers' subtitle covers all except the part where trust is necessary for complex societies. If you want this in, you need to go for a longer subtitle, like your #3.
"Modern Society" instead of "Complex Societies" would also work, probably a matter of style. I'd stay with "complex". It may be more formal, but once some time passes, an old book on "modern society" will look outdated, whilst an old book on "complex society" might still seem worth to read.
I wouldn't use "security *and* trust" in any form, because from what I understand of your idea, security and trust are not on the same level: trust is the goal, security is the way. If we had trust, we didn't need security. Its a bit like saying "Installing program updates (1) and keeping your PC secure (2) are the ways to protect you from fraud (3)", when clearly (1) is just a means to achieve (2), and only (2) is necessary for (3).
Subtitle: The Role of Social Pressure in Security
Maybe it's already been said, but how about using a phrase we know well in the security field?
Liars and Outliers: Trust but Verify
As others have already written in different words, the subtitle you are aiming for is about the means to an end.
Liars and Outliers: Security as the path to the goal of societal trust.
or as you said yourself in this post ...
Liars and Outliers: How security is the building of trust at societal levels.
Bruce writes the book is about "... about how society induces people to behave in the group interest instead of some competing personal interest. It's obvious that society needs to do this; otherwise, it can never solve collective action problems."
Perhaps you slightly misstated what the book is about, but that premise, as written, is so wrong that it cannot stand. Collective farms fail —spectacularly and repeatably— while private farms now produce more than enough to feed every human on the planet. It certainly is not perfect, but the free enterprise system is by far the most productive supplier of human needs and economic justice that the world has ever seen.
Perhaps you believe personal and societal safety or security is different from economic safety and security, in which case the book will be extremely interesting in a way not anticipated by most of your readers.
Why Secure Societies Are Rooted In Trust
Why Community Trust Is Rooted In Security
Trust and Security in a Complex World.
Good point: intention versus actions.
'Trust, but verify' - no contradiction.
You trust intentions, but still verify actions, because good intentions not always generate good actions - just human nature.
For what it's worth, I don't like the often mentioned "Trust, but verify" at all.
It doesn't tell me, the potential reader in the bookstore, anything about the contents of the book I'm holding; it's just a second title tacked onto the first one.
(And to me, the interested amateur, that phrase suggests that the book is about tedious procedural details in an intelligence/military context, the approximate opposite of what it seems the book will be about.)
Reframing the book as being about trust? You might want to read John Ringo's "The Last Centurion"; in it he has an essay (presented as a monologue by the narrator) about the role of trust in societal survival.
Liars and Outliers: Trust and its influence on security in complex societies
Liars and Outliers: Why you trust your security even when you shouldn't
Security has a well-defined scale that goes from -inf to +inf. But the typical usage of the word "trust" seems to only go from 0 up. So when you put "trust and security" together, it makes "security" sound like "a state of being secure".
Society's Struggles with Security and Trust?
(It's possible that's slightly too sibilant.)
The perfect subtitle was given in your post. I've pointed it out below.
My picks from others, ranked:
- Trust and Other Lies
- Trust, Security, Danger
- The secrets of trust, the lies of security
- Why a trusting society needs security
- How to secure trust -- when to trust your security
- How Security Enables Trust and Holds Society Together
That last one seems most descriptive but far too wordy. However, none of the others similar to it seem right either.
- Liars and Outliers: Reputational and Institutional pressures to Conform
- Liars and Outliers: Families Gauge/Weigh Intention, Societies Gauge/Weigh Action
- Liars and Outliers: Security is a Mechanism; Trust is the Goal
The only thing wrong with this is the correct punctuation. It appears that the subtitle has a subtitle (which many suggestions also suffer). A coma could replace the semi-colon and I think even pedants like myself would be comfortable with it.
My top pick over all, your subtitle as pointed out by me. I hope to get a signed copy. Thank you.
I followed billswift's link to HackerNews and see that he had the same idea, but he didn't post it here. I hope that if you use your subtitle on security being the mechanism and trust the goal, you'll send him a signed copy.
I learned two very important rules about sentence/slogan composition: the first was from Strunk and White: use terse, powerful words rather than prepositions and the like. The second was from WJ Kennedy: The most important words in a sentence are the first and the last: make them count.
So if you like "Liars and Outliers: How Trust Holds Society Together" but you want the word "security" in there, why not fix all three problems at once?
"Liars and Outliers: How Trust Secures Societies."
It's a direct verb, it moves a stronger word to the end, and it contains the notion of security. Alternatively, you could add a couple of syllables to it as a sort of relief:
"Liars and Outliers: How societies use trust in the search for security."
(or just "to find security", "to provide security").
"how security enables communal trust"
I actually really like your "How Security Enables the Trust that Holds Society Together". Plenty of other books have gotten published with longer and more confusing subtitles than that.
Security and Trust in Modern Society
Security and Trust: The future of Society
My two, off the top of my head.
"Security is a set of constructed systems that extend the naturally occuring systems that humans have always used to induce trust and enable society. This extension became necessary when society began to operate at a scale and complexity where the naturally occurring mechanisms started to break down, and is more necessary as society continues to grow in scale."
You mean... as more and more of our daily life is conducted on line, it becomes more and more important to make sure that what we do there is secure?
wow.. I just never thought of that..
Trust and Society
In Society We Trust
Society, Security, and Trust
Here's my own first suggestion: "How society needs to trust security to keep outliers honest"
Got all the keywords and it also helps explaining the "outliers" part of the title through context.
It can be altered along Andrew Green's line, like this: "How security enables society to trust outliers"
To emphasize trust more than security: "Why security has to enable society to trust outliers".
The point is that good security means that you only have to trust the outliers to not go out of their way to ensure havoc - somebody who's willing to tell a lie to do damage would not do so if no damage can be done by their lies without substantial (relative) effort.
Maybe it should be a bit less "repetitive", or "outliers" should be explained better. I don't think "liars" has to be explained, though I don't want people to think outliers and liars are the same thing either...
"How security enables trust to hold society together" are my version of one of your suggestions.
"How security enables trust in strangers"?
"Why security needs to enable trust in strangers"
"How security enables trust in a society of liars"
"Security and trust in societies of strangers" - Strangers include both liars, outliers and all the rest. But maybe it shouldn't just be strangers.
"Security and trust in complex societies" - That should account for most of it. Or maybe like this:
"Why security must enable trust in complex societies" - More focus on trust than security, the role of liars in the book are understood instantly, the role of outliers should be at least partially understood (although not instantly explained, but that can be done on the back of the book for those who don't know that the outliers are those statistical anamolies (like most of us here :)).
"The Importance of Trust in Complex Societies"
Also, maybe this;
"Liars And Outliers
The Importance of Trust in Complex Societies
And How Security Enables It"
(A bit long, but whatever - maybe the last line should be "And Why We Need Security to Enable It", "And The Role of Security" or something along the line of that.)
"The subtitle needs to be succinct while offering a few key insights into the book. It also needs to compliment the title. Basically a reader needs to immediately know what the book is about (and want to read it)." - Ashley Zurcher
I think that my suggestions above does that. Maybe. :)
Some that I like:
"How Security enables Trust in Complex Societies" - Johann Gevers
How Security Lets Us Trust Strangers - Andrew Greene
'Why Trust is the Foundation of a Secure Society' - vanilla
"Liars & Outliers: Security Is Who You Trust" - Posted by: Aidan
How Security Scales Trust - Peter E Retep
How Trust Holds Society Together - magetoo
"Security...it's all about Trust" - P-Air
"Why trust is the glue of society and how security makes it possible." - Rob Kinyon
Liars and Outliers: Scaling Trust With Society Through Security - Peter
Security: Chains of social trust.
(what's good for society, not always good for individual)
A patina of trust bringing the illusion of security.
Take a look at the term "sangha".
And knowledge is trust. In the sense that communities determine what they find is true. Like small experts in their field, usually no more than a few dozen per.
Religious knowledge is similar. See Ken Wilber's "Marriage of Sense and Soul". It might have bizarre implications for security.
The scary thing can be that those who have the power say what can be accepted as trustworthy and therefore "true". The scariest thing about a world puppeted by the Bush crowd was their slow-moving attempt to shutdown scientists they didn't want to hear from.
But the history of suppressing information goes back to the beginning.
Blah, blah, blah.
Here's a title w/ some pizazz:
Liars, Big Liars, Deniers, and Outliers: How Security, Trust, and Law Underpin Society
When meta-trust proves insufficient.
I think the subtitle should ask a question of the potential reader to draw them in. Something like: "Can there be security without trust?" Or "How trust leads to security", or "Is trust a prerequisite to security."
I'd say go for something along the lines of:
"Liars & Outliers: Why We Replace Certainty For Security"
Subtitles should help explain the title, and you've already got an "and" in the title. It wouldn't be good form to also have an "and" in the subtitle. I.e., "just tell me what the book is about (but not what it's ALL about)."
I don't like "society" being called out. We're all part of society. "We" should suffice. Plus: it's more direct and challenges the reader. ("I do that?!")
Since you said the book is now about "[behaving] in the group interest instead of some competing personal interest," there's a substitution that's happening. It makes sense to focus on that.
It also keeps "security" reading both as an construct, and as an emotion, which you're always pointing out in your writing.
Your reframing is excellent.
It seems to me that underneath is the question of why people behave in good and bad ways, and so you need to explicate your views on that.
Liars and Outliers:
Trust - society's nuclear binding force
Might as well throw in a few more.
Liars and Outliers:
Risks and Benefits of Security and Trust in Society.
Liars and Outliers:
Mutual Influences of Security, Trust and Society.
Liars and Outliers: Security and Trust in the Globalized Society?
New suggestion: How We Depend on Trust and How Security Enables it
@Noah Mittman: Can you figure out how to drop the "and" in there? ^
Liars and outliers:
Security, dependence and Reliance
Liars and outliers:
Security, dependence and Trust in Society
Definately number 1.
Sounds like a great read.
Happy to see you are taking the tack that you are with the new book.
I've maintained - for decades - whether it's religion or philosophy, law, or politics: The problem is a moral one. People have to individually make the choice about their own personal behavior, especially regarding their behavior towards other people. No amount of laws, politics, or religion can "legislate morality".
Thanks for your great and helpful incites over the years.
I really like Chris Drost's  suggestion: "Liars and Outliers: How Trust Secures Societies", but it seems like an inversion of the "How Security Builds Social Trust" angle that you have been arguing. The goal of a society is not to be secure, but to use security to enable people to trust each other.
Maybe that latter subtitle would be actually better?
I'm not sure that your possible thesis for the book captures the essence of the scale and complexity problem.
"... This extension became necessary when society began to operate at a scale and complexity where the naturally occurring mechanisms started to break down, and is more necessary as society continues to grow in scale."
How about "This extension became necessary when one person had to trust someone they new to vouch for someone they didn't know"
As you note, in smaller societies you know (and can trust or not) your family / neighbour / direct social contacts. But this doesn't scale so well once "society" is bigger than the group of people you personally know.
In essence, at two degrees of separation, you start to need a security system and the higher the degree of separation the more complex the security system tends to be (although for effective security, the increase in complexity need not be linear.
Will look forward to reading the book.
Ivan Reitman would propose "Who you're gonna trust?"
Societal Trust for Future Security
It's worth noting that political liberals tend to trust people and institutions, while conservatives tend not to.
how about "The Social Glue that Binds"
On a very silly note:
"I gotta brand new pair of roller skates; you gotta a brand new key"
Trust and Security -- the Glue that Holds Society Together
Several commenters have mentioned "Trust but Verify" -- how about
Trust but Verify////// Secure
(i.e. strikeout for Verify)
Trust but Verify////// Secure -- The New Paradigm that Holds Society Together
I see this as about the role of security to fulfil the void that a scaled society creates in basic trust relationships.
Security can be modern encryption or 17th Century Guild exclusivity. They all perform and fulfil the same purpose.
therefore my 2 cents is:
'How Security created the trusting Society'
I was thinking along the lines of trust and security and scaling of groups and communities. Not quite sure I have an answer, but here are some thoughts along those lines:
from trusting people to trusting security:
being secure as societies grow.
from trusting people to trusting systems:
staying secure as community grows.
trusting friends and securing society -
security and trust as society grows
trusting people through securing trust -
being secure as communities grow.
So... most folks are trustworthy, because that's what makes society work. The minority who aren't trustworthy take advantage of that trust, in spite of the societal breakdown that this causes. For small societies, the economics of being untrustworthy don't work, so there are few Liars and Outliers. As society scales, though, being untrustworthy becomes more lucrative, more folks do it, and untrustworthy individuals become a serious drag on the large society.
Security is a high-overhead mechanism that eliminates the need for trust by enforcing the activities that a trustworthy person would have done without security. So, at a small scale, trust is good enough. At a large scale, security makes trust irrelevant.
So, subtitles. I'm thinking along these lines:
How Security Eliminates the Need for Trust
Security and the Irrelevance of Trust
Security and the Trouble with Trust
Society, Security, and Making Trust Irrelevant
Interesting book project you have, I just heard about it and the revamp from societal security to trust. Looking forward to reading it!
I work in reputation-based trust management research myself, and would like to suggest that you take the transition all the way - from the text I got the impression that you believe a security mechanism may create trust, which kind of implies you're still a bit hung up on the 'social security' version of the term.
* All kinds of collaboration and social action sets you at risk.
* To alleviate risks towards you, you apply various mechanisms like a reputation system to help you know who you're dealing with, monitors to keep an eye on what's going on, and burly bouncers at your door to throw out the bad guys.
* To reduce misbehaviour in the system in general, you apply/design mechanisms for social pressure and social control (e.g. through reputation systems punishing misbehaviour through reputation loss, legislation etc).
But some risk still remains.
Trust is for the risk that remains - for when you can't remove it and decide to accept the residual risk. Trust therefore cannot be _created_ by a mechanism of, say, social control or cryptographic-certificate-analyzing "trust" management, but in actual fact the need to apply the mechanism indicates lack of trust, or distrust. Trust simplifies life exactly because you can focus on the social action / collaboration itself, rather than the security mechanisms. It's a cognitive shortcut of sorts.
Most importantly, when something is trusted, it means you are more vulnerable to attacks through it, not less.
If that something turns out to be trustworthy, your objective vulnerability level has remained the same, but thanks to a favourable outcome you just saved yourself the price of all those security mechanisms you replaced with a decision to trust. Yay!
(Sorry about throwing in terminology commentary so late in the process. The "how to use the word trust to minimize confusion" discussions were quite active in this year's IFIPTM trust management conference, so it's a topical concern in the community.)
Schneier.com is a personal website. Opinions expressed are not necessarily those of BT.