Liars and Outliers: Interview on The Browser

I was asked to talk about five books related to privacy.

You're best known as a security expert but our theme today is "trust". How would you describe the connection between the two?

Security exists to facilitate trust. Trust is the goal, and security is how we enable it. Think of it this way: As members of modern society, we need to trust all sorts of people, institutions and systems. We have to trust that they'll treat us honestly, won't take advantage of us and so on – in short, that they'll behave in a trustworthy manner. Security is how we induce trustworthiness, and by extension enable trust.

An example might make this clearer. For commerce to work smoothly, merchants and customers need to trust each other. Customers need to trust that merchants won't misrepresent the goods they're selling. Merchants need to trust that customers won't steal stuff without paying. Each needs to trust that the other won't cheat somehow. Security is how we make that work, billions of times a day. We do that through obvious measures like alarm systems that prevent theft and anti-counterfeiting measures in currency that prevent fraud, but I mean a lot of other things as well. Consumer protection laws prevent merchants from cheating. Other laws prevent burglaries. Less formal measures like reputational considerations help keep merchants, and customers in less anonymous communities, from cheating. And our inherent moral compass keeps most of us honest most of the time.

In my new book Liars and Outliers, I call these societal pressures. None of them are perfect, but all of them – working together – are what keeps society functioning. Of course there is, and always will be, the occasional merchant or customer who cheats. But as long as they're rare enough, society thrives.

How has the nature of trust changed in the information age?

These notions of trust and trustworthiness are as old as our species. Many of the specific societal pressures that induce trust are as old as civilisation. Morals and reputational considerations are certainly that old, as are laws. Technical security measures have changed with technology, as well as details around reputational and legal systems, but by and large they're basically the same.

What has changed in modern society is scale. Today we need to trust more people than ever before, further away – whether politically, ethnically or socially – than ever before. We need to trust larger corporations, more diverse institutions and more complicated systems. We need to trust via computer networks. This all makes trust, and inducing trust, harder. At the same time, the scaling of technology means that the bad guys can do more damage than ever before. That also makes trust harder. Navigating all of this is one of the most fundamental challenges of our society in this new century.

Given the dangers out there, should we trust anyone? Isn't "trust no one" the first rule of security?

It might be the first rule of security, but it's the worst rule of society. I don't think I could even total up all the people, institutions and systems I trusted today. I trusted that the gas company would continue to provide the fuel I needed to heat my house, and that the water coming out of my tap was safe to drink. I trusted that the fresh and packaged food in my refrigerator was safe to eat – and that certainly involved trusting people in several countries. I trusted a variety of websites on the Internet. I trusted my automobile manufacturer, as well as all the other drivers on the road.

I am flying to Boston right now, so that requires trusting several major corporations, hundreds of strangers – either working for those corporations, sitting on my plane or just standing around in the airport – and a variety of government agencies. I even had to trust the TSA [US Transportation Security Administration], even though I know it's doing a lousy job – and so on. And it's not even 9:30am yet! The number of people each of us trusts every day is astounding. And we trust them so completely that we often don't even think about it.

We don't walk into a restaurant and think: "The food vendors might have sold the restaurant tainted food, the cook might poison it, the waiter might clone my credit card, other diners might steal my wallet, the building constructor might have weakened the roof, and terrorists might bomb the place." We just sit down and eat. And the restaurant trusts that we won't steal anyone else's wallet or leave a bomb under our chair, and will pay when we're done. Without trust, society collapses. And without societal pressures, there's no trust. The devil is in the details, of course, and that's what my book is about.

As an individual, what security threats scare you the most?

My primary concerns are threats from the powerful. I'm not worried about criminals, even organised crime. Or terrorists, even organised terrorists. Those groups have always existed, always will, and they'll always operate on the fringes of society. Societal pressures have done a good job of keeping them that way. It's much more dangerous when those in power use that power to subvert trust. Specifically, I am thinking of governments and corporations.

Let me give you a few examples. The global financial crisis was not a result of criminals, it was perpetrated by legitimate financial institutions pursuing their own self-interest. The major threats against our privacy are not from criminals, they're from corporations trying to more accurately target advertising. The most significant threat to the freedom of the Internet is from large entertainment companies, in their misguided attempt to stop piracy. And the cyberwar rhetoric is likely to cause more damage to the Internet than criminals could ever dream of.

What scares me the most is that today, in our hyper-connected, hyper-computed, high-tech world, we will get societal pressures wrong to catastrophic effect.

The Penguin and the Leviathan

By Yochai Benkler

Let's get stuck into the books you've chosen on this theme on trust. Beginning with Yochai Benkler's The Penguin and the Leviathan.

This could be considered a companion book to my own. I write from the perspective of security – how society induces cooperation. Benkler takes the opposite perspective – how does this cooperation work and what is its value? More specifically, what is its value in the 21st century information-age economy? He challenges the pervasive economic view that people are inherently selfish creatures, and shows that actually we are naturally cooperative. More importantly, he discusses the enormous value of cooperation in society, and the new ways it can be harnessed over the Internet.

I think this view is important. Our culture is pervaded with the idea that individualism is paramount – Thomas Hobbes's notion that we are all autonomous individuals who willingly give up some of our freedom to the government in exchange for safety. It's complete nonsense. Humans have never lived as individuals. We have always lived in communities, and we have always succeeded or failed as cooperative groups. The fact that people who separate themselves and live alone – think of Henry David Thoreau in Walden – is so remarkable indicates how rare it is.

Benkler understands this, and wants us to accept the cooperative nature of ourselves and our societies. He also gives the same advice for the future that I do – that we need to build social mechanisms that encourage cooperation over control. That is, we need to facilitate trust in society.

What's next on your list?

The Folly of Fools, by the biologist Robert Trivers. Trivers has studied self-deception in humans, and asks how it evolved to be so pervasive. Humans are masters at self-deception. We regularly deceive ourselves in a variety of different circumstances. But why? How is it possible for self-deception – perceiving reality to be different than it really is – to have survival value? Why is it that genetic tendencies for self-deception are likely to propagate to the next generation?

Trivers's book-long answer is fascinating. Basically, deception can have enormous evolutionary benefits. In many circumstances, especially those involving social situations, individuals who are good at deception are better able to survive and reproduce. And self-deception makes us better at deception. For example, there is value in my being able to deceive you into thinking I am stronger than I really am. You're less likely to pick a fight with me, I'm more likely to win a dominance struggle without fighting, and so on. I am better able to bluff you if I actually believe I am stronger than I really am. So we deceive ourselves in order to be better able to deceive others.

The psychology of deception is fundamental to my own writing on trust. It's much easier for me to cheat you if you don't believe I am cheating you.

The Murderer Next Door

By David M Buss

Third up, The Murderer Next Door by David M Buss.

There have been a number of books about the violent nature of humans, particularly men. I chose The Murderer Next Door both because it is well-written and because it is relatively new, published in 2005. David M Buss is a psychologist, and he writes well about the natural murderousness of our species. There's a lot of data to support natural human murderousness, and not just murder rates in modern societies. Anthropological evidence indicates that between 15% and 25% of prehistoric males died in warfare.

This murderousness resulted in an evolutionary pressure to be clever. Here's Buss writing about it:

"As the motivations to murder evolved in our minds, a set of counterinclinations also developed. Killing is a risky business. It can be dangerous and inflict horrible costs on the victim. Because it's so bad to be dead, evolution has fashioned ruthless defences to prevent being killed, including killing the killer. Potential victims are therefore quite dangerous themselves. In the evolutionary arms race, homicide victims have played a critical and unappreciated role – they pave the way for the evolution of anti-homicide defences."

Those defences involved trust and societal pressures to induce trust.

The Better Angels of Our Nature

By Steven Pinker

Your fourth book is by psychologist, science writer and previous FiveBooks interviewee Steven Pinker.

The Better Angels of Our Nature is Steven Pinker's explanation as to why, despite the selection pressures for murderousness in our evolutionary past, violence has declined in so many cultures around the world. It's a fantastic book, and I recommend that everyone read it. From my perspective, I could sum up his argument very simply: Societal pressures have worked.

Of course it's more complicated than that, and Pinker does an excellent job of leading the reader through his analysis and conclusions. First, he spends six chapters documenting the fact that violence has in fact declined. In the next two chapters, he does his best to figure out exactly what has caused the "better angels of our nature" to prevail over our more natural demons. His answers are complicated, and expand greatly on the interplay among the various societal pressures which I talk about myself. It's not things like bigger jails and more secure locks that are making society safer. It's things like the invention of printing and the resultant rise of literacy, the empowerment of women and the rise of universal moral and ethical principles.

Braintrust

By Patricia S Churchland

What is your final selection?

Braintrust, by the neuroscientist Patricia Churchland. This book is about the neuroscience of morality. It's brand new – published in 2011 – which is good because this is a brand new field of science, and new discoveries are happening all the time. Morality is the most basic of societal pressures, and Churchland explains how it works.

This book tries to understand the neuroscience behind trust and trustworthiness. In her own words:

"The hypothesis on offer is that what we humans call ethics or morality is a four dimensional scheme for social behavior that is shaped by interlocking brain processes: (1) caring (rooted in attachment to kin and kith and care for their well-being), (2) recognition of other's psychological states (rooted in the benefits of predicting the behavior of others) (3) problem-solving in a social context (e.g., how we should distribute scarce goods, settle land disputes; how we should punish the miscreants) and (4) learning social practices (by positive and negative reinforcement, by imitation, by trial and error, by various kinds of conditioning, and by analogy)."

Those are our innate human societal pressures. They are the security systems that keep us mostly trustworthy most of the time – enough for most of us to be trusting enough for society to survive.

Are we safer for all the security theatre of airport checks?

Of course not. There are two parts to the question. One: Are we doing the right thing? That is, does it make sense for America to focus its anti-terrorism security efforts on airports and airplanes? And two: Are we doing things right? In other words, are the anti-terrorism measures at airports doing the job and preventing terrorism? I say the answer to both of those questions is no. Focusing on airports, and specific terrorist tactics like shoes and liquids, is a poor use of our money because it's easy for terrorists to switch targets and tactics. And the current TSA security measures don't keep us safe because it's too easy to bypass them.

There are two basic kinds of terrorists – random idiots and professionals. Pretty much any airport security, even the pre-9/11 measures, will protect us against random idiots. They will get caught. And pretty much nothing will protect us against professionals. They've researched our security and know the weaknesses. By the time the plot gets to the airport, it's too late. Much more effective is for the US to spend its money on intelligence, investigation and emergency response. But this is a shorter answer than your readers deserve, and I suggest they read more of my writings on the topic.

How does the rise of cloud computing affect personal risk?

Like everything else, cloud computing is all about trust. Trust isn't new in computing. I have to trust my computer's manufacturer. I have to trust my operating system and software. I have to trust my Internet connection and everything associated with that. I have to trust all sorts of data I receive from other sources.

So on the one hand, cloud computing just adds another level of trust. But it's an important level of trust. For most of us, it reduces our risk. If I have my email on Google, my photos on Flickr, my friends on Facebook and my professional contacts on LinkedIn, then I don't have to worry much about losing my data. If my computer crashes I'll still have all my email, photos and contacts. This is the way the iPhone works with iCloud – if I lose my phone, I can get a new one and all my data magically reappears.

On the other hand, I have to trust my cloud providers. I have to trust that Facebook won't misuse the personal information it knows about me. I have to trust that my data won't get shipped off to a server in a foreign country with lax privacy laws, and that the companies who have my data will not hand it over to the police without a court order. I'm not able to implement my own security around my data; I have to take what the cloud provider offers. And I must trust that's good enough, often without knowing anything about it.

Finally, how many Bruce Schneier Facts are true?

Seven.

This Q&A originally appeared on TheBrowser.com

Posted on February 27, 2012 at 12:30 PM • 22 Comments

Comments

Arnie LermaFebruary 27, 2012 1:47 PM

TRUST is the finest form of data compression. If you TRUST another's judgement, you don't even have to know the details.

AlanSFebruary 27, 2012 2:24 PM

Should I trust your book recommendations?

Benkler muddles Adam Smith. He writes about "Adam Smith's alternative solution to our selfishness--the invisible hand." The invisible hand as it is currently and commonly understood originates from an influential misreading (maybe willful misreading) of The Wealth of Nations by the economist Paul Samuelson. There is no theory of the invisible hand in The Wealth of Nations. The term invisible hand appears exactly once in Wealth, near the middle of the book. It is a metaphor used to describe the unintended consequences that result when investors choose domestic over foreign investment because of perceived risks and trust issues. Smith never used the term to describe the operation of markets and never articulated an invisible hand "solution".

Benkler goes on contrast what he perceives as Smith's view of human nature in The Wealth of Nations with the one articulated in his earlier book, The Theory of the Moral Sentiments. The contradiction between the two books only exists if you accept the Samuelson reading of Wealth. Smith gave no indication that he changed his mind between the two books and there is no credible evidence that he did so.

vasiliy pupkinFebruary 27, 2012 2:30 PM

'TRUST, but VERIFY'. There were a lot of jokes on that old Russian statement.
Majority claims that trust excludes verification. I think that is just misunderstanding: trust intentions (that is what Bruce was talking about), but verify actions. That is why random penetration test, polygraph testing (that is just not scientific method, but still working with proper methodology), food sampling, etc. by independent tester provide some tools to keep intentions on a good side.
Regardless, according to Napoleon, there are two driving forces for humans: fear and personal interest.
Both are working in concert.
"If men were angels, no government would be necessary" (James Madison).
I think if (wo)men were angels, no verification would be necessary as well.

GodelFebruary 27, 2012 5:53 PM

Bruce said:
"On the other hand, I have to trust my cloud providers. I have to trust that Facebook won't misuse the personal information it knows about me."

Hell no!

You either encrypt the information that you're uploading, or give them slightly false or misleading information, or don't upload anything valuable that others might have access to.

You certainly don't trust the likes of Facebook or Google or Apple.

Their EULAs tell us so!

WilliamFebruary 27, 2012 9:29 PM

Regarding the importance of trust to social stability, I can certainly see the effects of a lack of trust on society here in China: there is so much incompetence, dishonesty, fraud, corruption, adulteration of food, etc., that people have a hard time trusting anyone aside from their own families and closest friends. There are huge costs to everyone resulting from the fact that you can't trust anything you haven't closely inspected.

NobodySpecialFebruary 27, 2012 10:03 PM

@Godel - how do you process encrypted data on a machine you don't trust?

If you don't trust Google/Apple/Facebook do you use them? What about Intel/Microsoft/Micron/your ISP/the maker of your network card?

It's hard to do much other than sit in a basement with your eyes closed if you trust no one!

Nick PFebruary 28, 2012 2:04 AM

@ NobodySpecial

Good points. The trust issue in life is similar to the CompSci idea of "trusted computing base." To be secure, what does a given app, subject, process,etc. depend on? What can influence it? For average app, it might be protocols, middleware, OS, drivers, privileged software, firmware, hardware, etc. They all have to be securely implemented or app can be compromised.

Likewise, we can't be truly safe/secure unless everything we depend on for safety/security occurs in a safe/secure fashion. Most of it carries a little risk and plenty of options carry more than a little. An old adage says that you can combine things together & get an effect greater than the sum of its parts. Applying this to societal risk, the risk of one's lifestyle is at least as high as the sum of all the risks in all those we trust. Maybe. Hence, we must make tradeoffs & total risk mitigation is impossible. It's also stupid. ;)

AC2February 28, 2012 3:37 AM

@William "there is so much incompetence, dishonesty, fraud, corruption, adulteration of food, etc., "

Hmmm, sure you aren't in Chinatown???

Peter A.February 28, 2012 11:43 AM

@Godel:

When you encrypt your data sent to the cloud, you do not need to trust the provider not to misuse it; you still have to trust it not to loose it. You may try diversifying by uploading copies to several different providers, but it raises the costs. Even still, you often have to trust that all your copies do not in fact land in the same data center :-) There's a lot of reselling going in the business...

http://xkcd.com/908/

NobodySpecialFebruary 28, 2012 1:45 PM

@Peter - the important difference is that the 'cloud' is not remote storage, it is remote processing ie. commodity computing

So you upload your data and run an app on Amazon S3 or some other cloud provider they own the CPU they can see your data. However you encrypt it they see exactly what your app sees.

There is a very interesting research area into what processing you can do on encrypted data without the algorithm having to decrypt it - the answer is not much!

Peter A.February 28, 2012 3:06 PM

@NobodySpecial:

Maybe I wasn't clear, but in my response to @Godel I was referring to a 'storage-only' use of cloud resources (backups and the like), for which encryption actually makes sense. You have already covered 'computing' use in your comment, so I just skipped this other part of the problem.

Amazon S3 you've mentioned is exactly that: storage service. I use it myself - encrypting data locally before upload. They offer various computing services as well.

renoXFebruary 29, 2012 3:09 AM

"There are two basic kinds of terrorists – random idiots and professionals."

I'm not sure that this is a useful dichotomy, where do you classify Anders Behring Breivik?

JohannesFebruary 29, 2012 3:54 AM

renoX: Despite being mentally ill, I'd say he was a professional as far as his terrorist activities go. He evaded detection for quite a long time, obtained firearms and bomb construction supplies legally without rousing suspicion and was apparently a meticulous planner.

The bomb also did go off, obviously, so instead of being one of the plenty would-be terrorists who build malfunctioning bombs or had plots that could never have worked, he was quite successful.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc..