Bruce Schneier’s Plan to Reinvent Democracy
I have a confession to make: I am a complete Bruce Schneier fanboy. I have been following the cryptographer, Harvard lecturer and privacy specialist for many years, and was delighted to meet him face-to-face at last week’s RSA Conference in San Francisco, where he gave a keynote (registration required) on how to reinvent democracy using cybersecurity concepts. His oeuvre spans decades with numerous books along with his own blog that publishes interesting links to security-related events, strategies and failures that you should follow.
Schneier began his talk by saying that “the political systems that were invented in the 18th century are poorly suited for the 21st century.” He mentioned how democracy and capitalism are both information systems and should be treated as such and require constant improvement. “Democracy is not a static system but an aspirational direction” he said. “But it hasn’t evolved at the same pace as our technology has.” It is a radical notion, especially when technology breaks the limitations of geography and filtering of ideas that were part of the early democratic principles. “How do we avoid polluting 21st century democracy with prejudice, misinformation and bias?” he asks.
My reason for being a fan is he is more often right than wrong. Back in 2007, he coined the term “security theater” to refer to actions that aren’t really effective at securing systems but are put on display to reassure people that something is being done. In his 2003 book “Beyond Fear,” he promoted a very cogent checklist of what any security professional needs to do, such as looking at what assets you are trying to protect and how to assess the risks to those assets.
His 2012 book “Liars and Outliers” talks about how our society can’t function without trust, and yet must function even when people are untrustworthy. He develops an understanding of trust, cooperation and social stability. He points out that we don’t usually do background checks on our plumber or do chemical analysis on our food, but when it comes to our computers and digital applications, we don’t have this inherent trust.
Ten years later, we are suffering a trust deficit across the board, and the societal cracks are beginning to show. As Schneier said in his keynote, “Our formal systems of trust aren’t inherently scalable anymore. We have replaced an innate interpersonal trust with a trust in processes and institutions.”
In his 2015 book, “Data and Goliath,” he showed us exactly what we can do to reform government surveillance programs, shake up surveillance-based business models and protect our individual privacy from social media misuses. He is the master of simple analogies, using the example of the king who builds a secret escape tunnel: What happens to the engineers who know about the tunnel? he asks, making the point that there will always be someone who knows your secrets.
His most recent book published earlier this year is “A Hacker’s Mind.” In it he asks his Harvard students to memorize the first 100 digits of pi (he expects them to cheat and documents their trials). The book is an appropriate preface to his RSAC keynote, because he puts hacking in the societal context, showing how bad actors can bend our various economic and legal systems, norms and rules. His talk was more of a discussion framework, where we can all come to some agreement about how to evolve democracy and continue to create new policies that can benefit the most individuals’ preferences. “In today’s society, the rich and powerful are just too good at hacking,” he said.
His keynote mentions that misinformation is a feature and not a bug. The problem is the incentive structure that makes misinformation a viable strategy, because “misinformation targets fringe ideas and tries to weaponize them,” he said. “Our systems have misaligned incentives, which has catastrophic consequences for society.” I got pushback from several folks at the show, who all agree that we need a common fact base for any successful democratic system, and misinformation throws that off.
He spoke during the keynote about the current trend toward zero-sum politics—where one party wins while the other loses—and how that situation isn’t optimal. “We have an economy where my success depends on your failures,” he said. “We need to have a game where everyone wins, and it would be unlike anything we have ever seen. We have to harness plurality and embrace conflict and disagreement.”
To fix this, we have to rethink the nature of growth, which as he says is the fuel that powers the zero-sum world and is relevant only in that world where resources are plentiful. He ended his talk with suggestions on how to change democracy with built-in security, recognizing other tech innovations to make it more efficient.
While watching the keynote, I was reminded of Isaac Asimov’s 1955 short story “Franchise” which posits a future “electronic democracy” where a computer selects a single voter to determine the election results, avoiding the need for any action plebiscite. The year chosen in the story was 2008. Interestingly, the sole voter is asked a series of questions, rather than doing any actual voting for candidates.
I asked Schneier if he read the story and he replied via email that he had. “I don’t think it’s a serious proposal, although the idea of polling being more accurate than actual elections is something that is discussed a lot in the relevant communities,” he said. “We have this fiction in our minds that voting is perfectly accurate: that even a differential of a few votes is meaningful. In reality, elections have error rates every step of the way, and a very close election is a statistical tie. But, of course, our system has no ability to deal with ties, so we need to declare a victor.”
Maybe his suggestions won’t come to pass, but his thoughts about how to make our systems work better are interesting and provocative. Knowing when to allow algorithms to make decisions for us, and when not to do so, as he stated in the keynote, will certainly take on increasing importance.