Book Notes: Beyond Fear: Thinking Sensibly About Security in an Uncertain World
It seems like a good deal: the sign says that if the cashier fails to give a receipt you get your purchase free. Who knows? Maybe you track your expenses or you need the receipt for a reimbursement. Plus, it never hurts to have a shot at something free.
Actually, Bruce Schneier writes, the offer is a clever security maneuver. The store’s owner wants to make sure the cashier rings up sales, and generating a receipt for the customer also creates an internal register receipt. The offer enlists the customer as a security agent—not receiving a receipt means the customer will ask for reimbursement and the manager or owner will be notified that the cashier did not ring up the sale.
Security is all around us and Schneier takes on the mission of helping people make sense of it. A highly respected security expert, he succeeds. He does so by applying fundamental ideas of decision-making under uncertainty, such as thinking about events in terms of both their cost and probability; findings on decisionmaking biases and errors, such as the fact that people overestimate the likelihood of low-probability events and underestimate the likelihood of high-probability events; and basics of probability and statistics, such as false positives and false negatives.
Schneier organizes his argument in three sections. “Sensible Security” introduces the basic themes. “How Security Works,” details the language and key concepts of security. “The Game of Security” describes how citizens can influence security decisions, and ties together and reinforces the previous chapters.
The overriding theme is that security involves trade-offs. No measure can ever fully block a threat, so people must move “beyond fear” to analyze tradeoffs rationally. Thinking clearly helps evaluate not only security measures but also the agendas behind the proponents of different strategies. Schneier includes one important caveat. People evaluate risks and trade-offs subjectively. Even with the same information, people differ on which threats to protect against because they have different values.
Schneier creates a five-step process as a systematic way to think about security:
- What assets are you trying to protect?
- What are the risks to these assets?
- How well does the security solution mitigate those risks?
- What other risks does the security solution cause?
- What costs and trade-offs does the security solution impose?
He presents numerous applications of this process. In one, he evaluates whether to install face-scanning equipment in airports to identify terrorists (p. 201):
- The assets include air travelers, and people in general.
- The risk is that a known terrorist will board an airplane.
- The system will not mitigate risk well because terrorists are extremely rare and most people the system identifies will be false positives. Security screeners will learn not to trust the system and most likely ignore it.
- The system creates other risks. Designing, developing, installing, and operating a database of faces makes it available to a large number of people, some of who could misuse it. Terrorists could break into it, learn if they were known, and modify their appearances.
- The expense of creating and running the system is a huge trade-off, as are the inconvenience to the people mistakenly identified as terrorists and the expense of possible lawsuits they might bring if detained.
Schneier concludes that such a system is not worth implementing. He notes that all field tests have failed and that the chief proponents are the companies that produce face-recognition systems.
Beyond Fear has two flaws. The more important flaw resides in the 12 chapters of the long middle section, in which Schneier discusses the basics of how security works. Although packed with information, the section sometimes proceeds like a reference book with a limited narrative thread. Schneier mitigates this problem by referring to previously introduced concepts as he explains new ones. Only in the second-last chapter of the book, however, does he present a road map to previous chapters, clarifying how they fit into his framework for thinking about security.
The less-important flaw is that the book contains several extremely useful tables showing the probabilities or occurrences of adverse events, such as getting injured in a car accident or dying of anthrax, but Schneier does not directly refer to them in the text or discuss them. Many readers might not have seen such comparisons, and Schneier could have strengthened his argument by discussing the data in more de tail.
These flaws do not devalue the book much. Schneier writes clearly and illustrates his ideas with examples from current events, history, and nature, keeping his points lively with a little humor now and then. Referring to the ways that sheep use detection as part of their security system, he writes, “sheep are slow and tasty, and therefore must remain constantly alert” (p. 150). Discussing the value of human intuition, he tells of a U. S. customs agent who stopped the entry of a would-be terrorist from Canada because, as the agent said, the person was acting “hinky,” slang for suspicious. The “notion of hinkiness,” Schneier writes, “cannot be bureaucratized and replaced with hinkiness awareness training, a hinkiness threat index, and hinkiness alerts” (p. 278).
Schneier uses that example to make a larger point: good security uses technology but must rely on the creativity, ingenuity, and adaptability of people. That may be surprising to some, and the book has other surprising conclusions, such as the idea that more secrecy can actually make a system less secure.
Schneier’s book will not turn its readers into security experts. Expertise is developed through practice, and people may not want or be able to make the effort to practice Schneier’s principles. Nonetheless, the book exposes people to statistical reasoning, helps them incorporate the fact of uncertainty into policy evaluation, and arms them with skepticism about some of the security plans proposed since the terrorist events of September 11, 2001. The book can also serve as an excellent adjunct text in public policy and decision sciences classes, demonstrating numerous applications of theory. For the specialist, student, and general reader, Beyond Fear gives a well-paced opportunity to learn how a serious security expert thinks through a wide range of security problems.