Can Morality Improve Security?

This year, more than $22 billion in enterprise security products and services is expected to be sold worldwide. But according to Bruce Schneier, well-known cryptology expert and security luminary, technology alone isn’t the answer to better security.

In an in-depth interview with eSecurity Planet at the Black Hat 2012 conference in Las Vegas last week, Schneier argued that looking at security solely from a technology perspective is to take a too narrow view of the problem.

“If you look at broader society, there is a lot of security that happens at a much more personal level,” Schneier said.

That personal level includes things like basic human decency and moral codes.

“If you steal my stuff, you feel bad,” Schneier said. “And you feeling bad is a security mechanism that we as a society have evolved, to help society work.”

Schneier argues that evoking morals on the Internet is likely to make all us more secure, especially as the Internet itself becomes more social.

One example of how morality improves security is the transition from illegally downloaded music in the Napster era, to the modern era of paid legal music from Apple’s iTunes. Schneier said that people were stealing music, as it was the social norm at the time. Then along came Apple with an option that made people feel less bad and enabled them to easily legally acquire music.

Another example of morality as a means for better security is the reputation-based security system used by eBay.

“You cheat someone and you get bad feedback,” Schneier said.

That reputation-based system has enabled a thriving economy on eBay where the morality of doing the right thing plays a strong role. There are other potential ideas for evoking morality as a way to improve security. One idea that Schneier thinks might have limited impact is attaching user pictures to user bank accounts, so there is a human face attached to the numbers.

“We know from psychological research that people are less likely to steal from other people if they know them as human beings and not just as abstract names,” Schneier said.

Nation States

When it comes to nation states (which may or may not be at the root of a number of modern Internet security risks) Schneier also argues that morality plays a role.

He noted that in the U.S it is illegal to bribe an official in another country.

“If you go to a country where bribery is legal and do business there, it is illegal for you to bribe,” Schneier said. “So there is an example of us putting ourselves at a disadvantage because of a moral code.”

Overall, over the centuries, Schneier argues that countries have in fact become more moral with each other in their dealings. He doesn’t expect changes in morality to immediately impact banking fraud in 2012 for example, but he does expect it to have an impact in time.

“Fast forward 50 years, there will be less industrial espionage because there is less now than there was 50 years ago,” Schneier said.

Watch the full video on eSecurity Planet.

Categories: Articles, Text

Sidebar photo of Bruce Schneier by Joe MacInnis.