Security and Human Behavior (SHB 2016)

Earlier this week, I was at the ninth Workshop on Security and Human Behavior, hosted at Harvard University.

SHB is a small invitational gathering of people studying various aspects of the human side of security. The fifty or so people in the room include psychologists, economists, computer security researchers, sociologists, political scientists, philosophers, political scientists, neuroscientists, lawyers, anthropologists, business school professors, and a smattering of others. It's not just an interdisciplinary event; most of the people here are individually interdisciplinary.

These are the most intellectually stimulating two days of my year; this year someone called it "Bruce's brain in conference form."

The goal is maximum interaction and discussion. We do that by putting everyone on panels. There are eight six-person panels over the course of the two days. Everyone gets to talk for ten minutes about their work, and then there's half an hour of discussion in the room. Then there are lunches, dinners, and receptions -- all designed so people meet each other and talk.

This page lists the participants and gives links to some of their work. As usual, Ross Anderson liveblogged the talks.

Here are my posts on the first, second, third, fourth, fifth, sixth, seventh, and eighth SHB workshops. Follow those links to find summaries, papers, and audio recordings of the workshops.

Posted on June 3, 2016 at 1:36 PM • 10 Comments


Green SquirrelJune 5, 2016 4:00 AM

Reading the liveblog, I found this the most interesting bit:

Jonathan Zittrain is interested in algorithmic accountability, from Facebook’s ability to tell that two people are in a relationship before they announce it, to their ability to engineer an election by prompting one side’s supporters. They’d be in the soup if they were caught, but they have been near the soup a number of times. One internal meeting had the question “What responsibility does FB have to prevent President Trump?” That has repudiated once leaked, but the age of innocence is behind us. Back in 2005 Google apologised when the hate site “jew watch news” appeared in search results for “jew”; but the site has morphed from tool to friend. Facebook’s M and Apple’s Siri are the same. This leads Jonathan to the idea of “information fiduciaries” whereby the big firms would have to put user welfare first like doctors or lawyers. Should Google tell you to vaccinate your child? Already in Europe they suppress hate speech and promote counter-narratives. To whom does Uber owe a fiduciary duty – the driver or the passenger? And should data scientists join divines, medics, lawyers and surveyors as a learned profession?

It seems to me that this opens the door for all kinds of questions society should be asking.

Gerard van VoorenJune 5, 2016 4:52 AM

@ Green Squirrel,

Interesting philosophies. The problem is that Capitalism is so short sighted.

ianfJune 5, 2016 5:44 AM

@ Green Squirrel:
                              indeed, lots of food for thought… not that Google and Fuckfacebook will ever admit, much less owe up to, them being in position to surreptitiously lobby for a society in which they-as-businesses are the main benefactors (not little akin to parasites invading brains of organisms to affect their parasite-genes-benefitting behaviors).

That said, given short span of human lives, not to mention span of attention each of us is able to bestow on any one single topic, I wish Bruce could clone himself, or at least create a volunteer cottage industry devoted to close reading and then CUMULATIVELY, AND ON A SINGLE BLOG PAGE summarizing of his summaries, papers and audio recordings of these workshops:

    my posts on the 1st, 2nd, 3rd, 4th, 5th, 6th, 7th, and 8th SHB workshops. Follow those links to find summaries, papers, and audio recordings of the workshops. (hrefs present in the post above)

    PRETTY PLEASE PLEASE PLEASE, BRUCE, make good on that promise of "Ask, and you shall be given" that I once heard on TV (I'm asking).

@ Gerard - Capitalism a shortsighted economic system – as opposed to what other exactly (I mean 'other' THAT WORKS).

Clive RobinsonJune 5, 2016 6:14 AM

@ ianf,

As you well know "capitalism" is far from the only socio-economic model. It also has various sub types within it.

Historicaly as taught it appears that the English exported what we might otherwise call "greed" around the world in the process destroying many other socio-economic systems by force of technology. And they were soon followed by other nations. The reality is that ever since mankind came to understand what advantages could be gained by secrecy you could make significant benifit by being the "middle man" in trade.

When the secrecy is removed the middle man suffers and a race to the bottom follows, which causes other harmfull issues to arise.

The problem with short term thinking is down to the likes of shareholders, who want fast profit not large profit. This usually means that it has a detrimental effect not just on growth but stability as well. There have been more companies smashed into the wall by shareholder greed than by any other external influence (see what has happened with Sir Philip Green and BHS for just the latest big crash story).

As has been pointed out countless times, double digit economic growth is not sustainable, it is almost always ended by a bubble forming due to shareholder activity, followed by a crash, which drags in not just those caught in the bubble burst but usually a much much larger area of the general market, and can cause entire nations and global crashes.

So it is a specific part of capitalism practiced by the few against the rest, that can only happen by secrecy and speed. Unfortunatly if you look around you will see that more and more faux markets are being set up with secrecy and speed being their major operational modes. The result is instability, which they then further use via secrecy and speed.

But as the era of "Mad Maggie" Thatcher and Ronnie "ray gun" showed given any oportunity greed would very harmfully prevail with people openly saying "Greed is Good", which any sane analysis would say otherwise.

Clive RobinsonJune 5, 2016 6:51 AM

@ Green Squirrel,

When you look at the "proffesions" they all started out espousing "noble intent" whilst in reality forming closed shops. Just like Guilds etc where "members interests" were the only real interest behind a faux genteel public image.

It was only when some members became so blatant that the public started becoming aware that "ethics committees" were set up. However as can still be seen today in many cases they are compleatly toothless except for self protective "show trials" that rarely achive any kind of change.

It was only when you had to be pre-judged by ethics committees to get approval to carry out a particular instance of an activity that the committees gained teeth out of their own self protection. That is it is easy to judge after the fact safely than judge before the act safely, because as a judge your own personal position gets tied into the outcome of the activity. Thus ethics committees as they gained teeth became ultra conservative in their outlook.

It is that "pre-judging for approval" asspect that is currently missing --from the activities mentioned in your quote-- which alows them to happen to others detriment.

It is thus desirable to have ethics committees be stuffed with "the great and the good" with significant reputations that could be harmed sitting in pre-judgment.

Whilst that might happen in countries with a "catholic outlook" hence a societal view that says "permission befor action" it is rather less likely to happen with the "protestant outlook" of "action prior to possible prosecution". The former encorages "low risk" behaviour whilst the latter actively encorages chancers and those lacking any kind of morals thus is "high risk". Needless to say in the first world we see most of these types of activity happening unabated in WASP nations.

But it has a secondary effect, the thing with chancers is that those who go first, get away with it because there is no legislation by which their actions can be prosecuted. It is only when their actions create sufficient stink that legislation followes. The problem with this is two fold, the first is the legislation is usually either deficient or over reaching hence open to abuse by either side respectively. Secondly the statute books become so labyrinthine that it is not possible to know it all as an individual.

The alternative of pre-judging ethics committees goes a long way to stopping such issues. Whilst I would by no means claim they are perfect --in fact I can state problems with them-- overall I think they can limit the more agrivious chancers or make their prosecution far easier.

Gerard van VoorenJune 5, 2016 9:11 AM

@ ianf,

I mean 'other' THAT WORKS

What Clive said.

Personally I am not really convinced that Capitalisme is the right answer. Why we are having a good economy has little to do with Capitalism btw but more with dirt cheap oil. Let's see how things are going when oil is 20 dollar a gallon.

More and more unwanted side effects of Capitalism are becoming public knowledge. Just watch the news. The Panama Papers, massive forest fires (palm oil), lay offs, Global Warming, the financial crisis etc, etc.

Why did I say that Capitalism is short sighted? Well it's because the lack of accountability. There are lots of people who really belong behind bars. They get a media podium to speak on instead.

Jesse ThompsonJune 5, 2016 3:13 PM

@ ianf,

> I mean 'other' THAT WORKS

You do not require an already tested superior system as a fundamental underpinning of finding fault in the current one. It's quite the other way around. You can't design a superior system without first discovering what flaws in the existing one need to be improved upon.

Just off the top of my head, some directions of improvement worth considering are Universal Basic Income (competition is good but when the stakes of *economic* competition are life and death then those with reason to believe they are at risk for the fatal fail state will naturally break any law or contract and work against society at large to overcome it) and finding a way to redesign the laws on stock dividends.

For example, some kind of inductive payment model might be best where dividends are not paid out instantly to the current shareholder but instead payments get split between all shareholders over the past 20 years, divided up based on what percentage of the last 20 years each holder held that particular unit of stock.

That's a relatively easy and inexpensive approach that would lead any particular holder of stock to stop being incentivized to wring short term profit out of a company at the expense of near-term, and then sell the stock to somebody else come near-term on the strength of past performance. Instead, every holder will be no more incentivized to wring profit out this year than to see the company continue to profit up to 20 years after they sell off. And when people buy stock, they know the people who sold the stock to them maintain incentive for the underlying business to continue to succeed for as long as possible.

Favian RayJune 6, 2016 12:57 AM

Oh, to be a fly on the wall in that room. I imagine there is so much territory to cover. Security doesn't just apply to technical means. It encompasses a wide range of fields. Even at the human interaction level, there is still a diverse amount of information to discuss and analyze. What an awesome conference to be a part of! And thanks for posting the blogs/follow-up in relation to it!

blakeJune 6, 2016 6:01 AM

> “What responsibility does FB have to prevent President Trump?”

FB is a corporation, with a duty to return shareholder profit. If it thinks that a Trump presidency will harm shareholder profit, then yes, FB might do something about that.

Which is why we shouldn't allow corporations into positions where they get to make these choices.

Green SquirrelJune 7, 2016 4:36 PM


FB is a corporation, with a duty to return shareholder profit. If it thinks that a Trump presidency will harm shareholder profit, then yes, FB might do something about that.

Quite true but for me, the issue is greater than that as this assumes corporations function in robotic functions.

The fundamental reality is corporations are run by people with their own foibles.

This means that it does't need to be linked to shareholder profit - it could be as simple as "Situation X" is one enough senior people dont want to happen.

The Google, Twitter, Facebook (and to a much lesser extent Microsoft) all have the power to significantly influence what happens in the world with almost no ability for the public to monitor or compensate for this. If a facebook engineer tweaks and algorithm so that pro-trump or anti-trump sentiment gets a boost is anyone outside facebook's engineering department able to tell? If a senior manager instructs his team to do this would there even be anyone to complain to? And if we do complain, what are our grounds for complaint? They have no legal obligation to be fair....

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.