Entries Tagged "books"

Page 12 of 17

Liars and Outliers: Interview on The Browser

I was asked to talk about five books related to privacy.

You’re best known as a security expert but our theme today is "trust". How would you describe the connection between the two?

Security exists to facilitate trust. Trust is the goal, and security is how we enable it. Think of it this way: As members of modern society, we need to trust all sorts of people, institutions and systems. We have to trust that they’ll treat us honestly, won’t take advantage of us and so on – in short, that they’ll behave in a trustworthy manner. Security is how we induce trustworthiness, and by extension enable trust.

An example might make this clearer. For commerce to work smoothly, merchants and customers need to trust each other. Customers need to trust that merchants won’t misrepresent the goods they’re selling. Merchants need to trust that customers won’t steal stuff without paying. Each needs to trust that the other won’t cheat somehow. Security is how we make that work, billions of times a day. We do that through obvious measures like alarm systems that prevent theft and anti-counterfeiting measures in currency that prevent fraud, but I mean a lot of other things as well. Consumer protection laws prevent merchants from cheating. Other laws prevent burglaries. Less formal measures like reputational considerations help keep merchants, and customers in less anonymous communities, from cheating. And our inherent moral compass keeps most of us honest most of the time.

In my new book Liars and Outliers, I call these societal pressures. None of them are perfect, but all of them – working together – are what keeps society functioning. Of course there is, and always will be, the occasional merchant or customer who cheats. But as long as they’re rare enough, society thrives.

How has the nature of trust changed in the information age?

These notions of trust and trustworthiness are as old as our species. Many of the specific societal pressures that induce trust are as old as civilisation. Morals and reputational considerations are certainly that old, as are laws. Technical security measures have changed with technology, as well as details around reputational and legal systems, but by and large they’re basically the same.

What has changed in modern society is scale. Today we need to trust more people than ever before, further away – whether politically, ethnically or socially – than ever before. We need to trust larger corporations, more diverse institutions and more complicated systems. We need to trust via computer networks. This all makes trust, and inducing trust, harder. At the same time, the scaling of technology means that the bad guys can do more damage than ever before. That also makes trust harder. Navigating all of this is one of the most fundamental challenges of our society in this new century.

Given the dangers out there, should we trust anyone? Isn’t "trust no one" the first rule of security?

It might be the first rule of security, but it’s the worst rule of society. I don’t think I could even total up all the people, institutions and systems I trusted today. I trusted that the gas company would continue to provide the fuel I needed to heat my house, and that the water coming out of my tap was safe to drink. I trusted that the fresh and packaged food in my refrigerator was safe to eat – and that certainly involved trusting people in several countries. I trusted a variety of websites on the Internet. I trusted my automobile manufacturer, as well as all the other drivers on the road.

I am flying to Boston right now, so that requires trusting several major corporations, hundreds of strangers – either working for those corporations, sitting on my plane or just standing around in the airport – and a variety of government agencies. I even had to trust the TSA [US Transportation Security Administration], even though I know it’s doing a lousy job – and so on. And it’s not even 9:30am yet! The number of people each of us trusts every day is astounding. And we trust them so completely that we often don’t even think about it.

We don’t walk into a restaurant and think: "The food vendors might have sold the restaurant tainted food, the cook might poison it, the waiter might clone my credit card, other diners might steal my wallet, the building constructor might have weakened the roof, and terrorists might bomb the place." We just sit down and eat. And the restaurant trusts that we won’t steal anyone else’s wallet or leave a bomb under our chair, and will pay when we’re done. Without trust, society collapses. And without societal pressures, there’s no trust. The devil is in the details, of course, and that’s what my book is about.

As an individual, what security threats scare you the most?

My primary concerns are threats from the powerful. I’m not worried about criminals, even organised crime. Or terrorists, even organised terrorists. Those groups have always existed, always will, and they’ll always operate on the fringes of society. Societal pressures have done a good job of keeping them that way. It’s much more dangerous when those in power use that power to subvert trust. Specifically, I am thinking of governments and corporations.

Let me give you a few examples. The global financial crisis was not a result of criminals, it was perpetrated by legitimate financial institutions pursuing their own self-interest. The major threats against our privacy are not from criminals, they’re from corporations trying to more accurately target advertising. The most significant threat to the freedom of the Internet is from large entertainment companies, in their misguided attempt to stop piracy. And the cyberwar rhetoric is likely to cause more damage to the Internet than criminals could ever dream of.

What scares me the most is that today, in our hyper-connected, hyper-computed, high-tech world, we will get societal pressures wrong to catastrophic effect.

The Penguin and the Leviathan

By Yochai Benkler

Let’s get stuck into the books you’ve chosen on this theme on trust. Beginning with Yochai Benkler’s The Penguin and the Leviathan.

This could be considered a companion book to my own. I write from the perspective of security – how society induces cooperation. Benkler takes the opposite perspective – how does this cooperation work and what is its value? More specifically, what is its value in the 21st century information-age economy? He challenges the pervasive economic view that people are inherently selfish creatures, and shows that actually we are naturally cooperative. More importantly, he discusses the enormous value of cooperation in society, and the new ways it can be harnessed over the Internet.

I think this view is important. Our culture is pervaded with the idea that individualism is paramount – Thomas Hobbes’s notion that we are all autonomous individuals who willingly give up some of our freedom to the government in exchange for safety. It’s complete nonsense. Humans have never lived as individuals. We have always lived in communities, and we have always succeeded or failed as cooperative groups. The fact that people who separate themselves and live alone – think of Henry David Thoreau in Walden – is so remarkable indicates how rare it is.

Benkler understands this, and wants us to accept the cooperative nature of ourselves and our societies. He also gives the same advice for the future that I do – that we need to build social mechanisms that encourage cooperation over control. That is, we need to facilitate trust in society.

What’s next on your list?

The Folly of Fools, by the biologist Robert Trivers. Trivers has studied self-deception in humans, and asks how it evolved to be so pervasive. Humans are masters at self-deception. We regularly deceive ourselves in a variety of different circumstances. But why? How is it possible for self-deception – perceiving reality to be different than it really is – to have survival value? Why is it that genetic tendencies for self-deception are likely to propagate to the next generation?

Trivers’s book-long answer is fascinating. Basically, deception can have enormous evolutionary benefits. In many circumstances, especially those involving social situations, individuals who are good at deception are better able to survive and reproduce. And self-deception makes us better at deception. For example, there is value in my being able to deceive you into thinking I am stronger than I really am. You’re less likely to pick a fight with me, I’m more likely to win a dominance struggle without fighting, and so on. I am better able to bluff you if I actually believe I am stronger than I really am. So we deceive ourselves in order to be better able to deceive others.

The psychology of deception is fundamental to my own writing on trust. It’s much easier for me to cheat you if you don’t believe I am cheating you.

The Murderer Next Door

By David M Buss

Third up, The Murderer Next Door by David M Buss.

There have been a number of books about the violent nature of humans, particularly men. I chose The Murderer Next Door both because it is well-written and because it is relatively new, published in 2005. David M Buss is a psychologist, and he writes well about the natural murderousness of our species. There’s a lot of data to support natural human murderousness, and not just murder rates in modern societies. Anthropological evidence indicates that between 15% and 25% of prehistoric males died in warfare.

This murderousness resulted in an evolutionary pressure to be clever. Here’s Buss writing about it:

"As the motivations to murder evolved in our minds, a set of counterinclinations also developed. Killing is a risky business. It can be dangerous and inflict horrible costs on the victim. Because it’s so bad to be dead, evolution has fashioned ruthless defences to prevent being killed, including killing the killer. Potential victims are therefore quite dangerous themselves. In the evolutionary arms race, homicide victims have played a critical and unappreciated role – they pave the way for the evolution of anti-homicide defences."

Those defences involved trust and societal pressures to induce trust.

The Better Angels of Our Nature

By Steven Pinker

Your fourth book is by psychologist, science writer and previous FiveBooks interviewee Steven Pinker.

The Better Angels of Our Nature is Steven Pinker’s explanation as to why, despite the selection pressures for murderousness in our evolutionary past, violence has declined in so many cultures around the world. It’s a fantastic book, and I recommend that everyone read it. From my perspective, I could sum up his argument very simply: Societal pressures have worked.

Of course it’s more complicated than that, and Pinker does an excellent job of leading the reader through his analysis and conclusions. First, he spends six chapters documenting the fact that violence has in fact declined. In the next two chapters, he does his best to figure out exactly what has caused the "better angels of our nature" to prevail over our more natural demons. His answers are complicated, and expand greatly on the interplay among the various societal pressures which I talk about myself. It’s not things like bigger jails and more secure locks that are making society safer. It’s things like the invention of printing and the resultant rise of literacy, the empowerment of women and the rise of universal moral and ethical principles.

Braintrust

By Patricia S Churchland

What is your final selection?

Braintrust, by the neuroscientist Patricia Churchland. This book is about the neuroscience of morality. It’s brand new – published in 2011 – which is good because this is a brand new field of science, and new discoveries are happening all the time. Morality is the most basic of societal pressures, and Churchland explains how it works.

This book tries to understand the neuroscience behind trust and trustworthiness. In her own words:

"The hypothesis on offer is that what we humans call ethics or morality is a four dimensional scheme for social behavior that is shaped by interlocking brain processes: (1) caring (rooted in attachment to kin and kith and care for their well-being), (2) recognition of other’s psychological states (rooted in the benefits of predicting the behavior of others) (3) problem-solving in a social context (e.g., how we should distribute scarce goods, settle land disputes; how we should punish the miscreants) and (4) learning social practices (by positive and negative reinforcement, by imitation, by trial and error, by various kinds of conditioning, and by analogy)."

Those are our innate human societal pressures. They are the security systems that keep us mostly trustworthy most of the time – enough for most of us to be trusting enough for society to survive.

Are we safer for all the security theatre of airport checks?

Of course not. There are two parts to the question. One: Are we doing the right thing? That is, does it make sense for America to focus its anti-terrorism security efforts on airports and airplanes? And two: Are we doing things right? In other words, are the anti-terrorism measures at airports doing the job and preventing terrorism? I say the answer to both of those questions is no. Focusing on airports, and specific terrorist tactics like shoes and liquids, is a poor use of our money because it’s easy for terrorists to switch targets and tactics. And the current TSA security measures don’t keep us safe because it’s too easy to bypass them.

There are two basic kinds of terrorists – random idiots and professionals. Pretty much any airport security, even the pre-9/11 measures, will protect us against random idiots. They will get caught. And pretty much nothing will protect us against professionals. They’ve researched our security and know the weaknesses. By the time the plot gets to the airport, it’s too late. Much more effective is for the US to spend its money on intelligence, investigation and emergency response. But this is a shorter answer than your readers deserve, and I suggest they read more of my writings on the topic.

How does the rise of cloud computing affect personal risk?

Like everything else, cloud computing is all about trust. Trust isn’t new in computing. I have to trust my computer’s manufacturer. I have to trust my operating system and software. I have to trust my Internet connection and everything associated with that. I have to trust all sorts of data I receive from other sources.

So on the one hand, cloud computing just adds another level of trust. But it’s an important level of trust. For most of us, it reduces our risk. If I have my email on Google, my photos on Flickr, my friends on Facebook and my professional contacts on LinkedIn, then I don’t have to worry much about losing my data. If my computer crashes I’ll still have all my email, photos and contacts. This is the way the iPhone works with iCloud – if I lose my phone, I can get a new one and all my data magically reappears.

On the other hand, I have to trust my cloud providers. I have to trust that Facebook won’t misuse the personal information it knows about me. I have to trust that my data won’t get shipped off to a server in a foreign country with lax privacy laws, and that the companies who have my data will not hand it over to the police without a court order. I’m not able to implement my own security around my data; I have to take what the cloud provider offers. And I must trust that’s good enough, often without knowing anything about it.

Finally, how many Bruce Schneier Facts are true?

Seven.

This Q&A originally appeared on TheBrowser.com

Posted on February 27, 2012 at 12:30 PMView Comments

Liars and Outliers News

The book is selling well. (Signed copies are still available on the website.) All the online stores have it, and most bookstores as well. It is available in Europe and elsewhere outside the U.S. And for those who wanted a DRM-free electronic copy, it’s available on the OReilly.com bookstore for $11.99.

I have collected four new reviews. And a bunch of reviews on Amazon.

There’s an interview with me about the book on TheBrowser.com.

Gizmodo has published an except from Chapter 17. I (and others) have published Chapter 1. And all the figures, mostly for people reading the ebook.

Posted on February 24, 2012 at 3:18 PMView Comments

Liars and Outliers Update

Liars and Outliers is available. Amazon and Barnes & Noble have been shipping the book since the beginning of the month. Both the Kindle and the Nook versions are available for download. I have received 250 books myself. Everyone who read and commented on a draft will get a copy in the mail. And as of today, I have shipped books to everyone who ordered a signed copy.

I’ve seen five more reviews. And there’s one print and one audio (there’s also a transcript) interview about the book.

A bunch of people on Twitter have announced that they’re enjoying the book. Right now, there are only three reviews on Amazon. Please, leave a review on Amazon. (I’ll write about the problem of fake reviews on these sorts of sites in another post.)

I’m not sure, but I think the Kindle price is going to increase. So if you want the book at the current $10 price, now is the time to buy it.

Posted on February 13, 2012 at 2:53 PMView Comments

Liars and Outliers Update

According to my publisher, the book was printed last week and the warehouse is shipping orders to booksellers today. Amazon is likely to start shipping books on Thursday. (Yes, Amazon’s webpage claims that the book will be published on February 21, 2012, but they’ll ship copies as soon as they get them—this ain’t Harry Potter.) The Kindle edition is already shipping.

Those of you who ordered signed copies from me are likely going to have to wait a couple more weeks. My copies will arrive from the publisher eventually; then I will sign them and ship them on to you.

Reviews are starting to come out. I expect more in the coming month.

At the end of February, I’ll be at the RSA Conference in San Francisco. In addition to my other speaking events, Davi Ottenheimer will interview me about the book at something called The Author’s Studio. I’ll be doing two one-hour book signings at the conference bookstore. And, and this is the best news of all, HP has bought 1,000 copies of the book and will be giving them away at their booth. I’ll be doing a couple of signings there as well.

Posted on January 30, 2012 at 1:59 PMView Comments

Liars and Outliers News

The Liars and Outliers webpage is live. On it you can find links to order both paper and e-book copies from a variety of online retailers, and signed copies directly from me. I’ve also posted the jacket copy, the table of contents, the first chapter, the 15 figures from the book, an image of the full wraparound cover, and all the blurbs for the book.

Last week, I chose 10 winners from the 278 people who entered the drawing for a free galley copy. Those copies have all been mailed, as have copies to potential book reviewers.

Several readers suggested that I auction some copies, and I’m going to do that now. I have two galley copies that I will auction to the two highest bidders. This is a charity auction; the proceeds from one copy will go to EFF and the other to EPIC. Leave bids in the comments below. The auction closes at the end of the day on Wednesday, January 11. (I am deliberately being sloppy about this. I’m happy to let the bidding go if it will raise more money, but eventually I’m going to call things to a close.) So check the comments for the high bidders, and please contribute to these organizations that are doing a lot to keep the Internet—and the whole information age—open and free.

EDITED TO ADD (1/5): There’s only one auction. The top two bidders will in, and the proceeds will be split between EPIC and EFF. There’s no reason to specify an organization in the bidding.

EDITED TO ADD (1/12): The winners are Tom Ehlert and Manasi. Can both of you please contact me.

Posted on January 5, 2012 at 1:39 PMView Comments

Giveaway: Liars and Outliers Galleys

My box of galley copies arrived in the mail yesterday. They’re filled with uncorrected typos, but otherwise look great. Wiley printed about 500 of them, and they’re mostly going to journalists and book reviewers, with some going to different wholesale and retail outlets. I have 20 copies to give away to readers of my blog and Crypto-Gram.

Earlier this month, I asked readers to suggest methods of distribution. There were a lot of good suggestions, but one stood out:

The best way to achieve that may be by letting people hand it personally to an ‘opinion leader.’ Their argument for which ‘opinion leader’ they think is most important *and* needs to read this the most (could be someone who talks out of his ass on the subject) gives you a good selection criterium, as well as giving some people and excuse to visit an ‘opinion leader.’

So that’s the plan. If you want a book, you have to promise to give a book to someone else. This someone should be a person who doesn’t otherwise know about me, and wouldn’t otherwise know about my book. This should be someone who would enjoy my book, and who would be likely to spread the word to others. Maybe it’s the CEO of the company you work for. Maybe it’s someone in politics. Maybe it’s just someone who influences the thinking of a lot of people. It shouldn’t be someone who would just dismiss my book out of hand, or not bother reading it because he already knows what he thinks. It should be someone who will read the book, think about it, and tell others about it.

Sometime between now and Christmas Day, send an e-mail whose subject matches the subject line of this post to schneier@schneier.com. Tell me who you’re going to give the book to and why. I’ll randomly choose ten people from those e-mails and ask them for their physical addresses. (This way, only winners have to mail me their addresses.) I’ll send each of the winners two copies of the galley: one for the winner, and the other for the winner’s thought leader. If Wiley sends me more galleys to give away, I will simply choose more winners.

Of course, I have no way of verifying that the winners actually comply. Someone could keep one copy of the galley and auction the other on eBay. I can’t stop that, but I will be cross if it happens. And I will number the galleys, so if I do ever see the book, I will know who did it.

Thank you to reader Jur, who suggested this method of distributing galley copies of my readers in response to my request. Jur, email me with your address and I will send you a copy of the galley.

Posted on December 22, 2011 at 6:09 AMView Comments

Liars and Outliers Galleys

My publisher is printing galley copies of Liars and Outliers. If anyone out there has a legitimate reason to get one, like writing book reviews for a newspaper, magazine, popular blog, etc., send me an e-mail and I’ll forward your request to Wiley’s PR department. I think they’ll be ready in a week or so, although it might be after the new year.

Additionally, I’m going to get 10 to 20 copies that I’d like to give away to readers of this blog. I’m not sure how to do it, though. Offering copies to “the first N people who leave a comment” would discriminate based on time zone. Giving copies away randomly to commenters seems, well, too easy. The person in charge of PR at Wiley wants me to give copies away randomly to people who “like” me on Facebook or tweet about me to their friends, or do some other sort of fake distributed marketing thing, but I’m not going to do that.

So to start, I’ve decided to give away a free galley copy of Liars and Outliers to the person who can come up with the best way to give away free galley copies of Liars and Outliers. Leave your suggestions in comments.

Posted on December 14, 2011 at 11:00 PMView Comments

Status Report: Liars and Outliers

After a long and hard year, Liars and Outliers is done. I submitted the manuscript to the publisher on Nov 1, got edits back from both an outside editor and a copyeditor about a week later, spent another week integrating the comments and edits, and submitted the final manuscript to the publisher just before Thanksgiving. Now it’s being laid out, and I’ll have one more chance to read it and correct typos next week.

It really feels great to be done. This is the hardest book I’ve written, and the most ambitious. Now I have to see how it’s received. I know I should be thinking about creating a talk based on the book, but I want some time away from the ideas. I’ll get back to that task in January.

Meanwhile, the publisher and I have been working on the cover. We settled on the art and layout months ago, but there’s the back cover copy, the inside flaps copy, the author’s bio, and the blurbs. I’m really happy with the blurbs I’ve received, and we’re deciding what goes on the front cover, what goes on the back cover, and what goes inside on the first couple of pages of the book. Much of this text will also be used at various online bookstores as well, and at my own webpage for the book. I’ll post the whole cover when it’s final.

After that, the publisher will create the various e-book formats. I’m not sure how the figures and tables will translate, but I’ll figure it out. Publication is still scheduled for mid-February, in time for the RSA Conference in San Francisco at the end of the month. I’ll be doing a short interview about my book in something called the “Author’s Studio” on Wednesday, and will have a book signing at the conference bookstore sometime that week. If there is any exhibitor wanting to use my book as a conference giveaway and have me sign them, e-mail me and we’ll work something out.

Posted on December 1, 2011 at 6:25 AMView Comments

Status Report: Liars and Outliers

Last weekend, I completely reframed the book. I realized that the book isn’t about security. It’s about trust. I’m writing about how society induces people to behave in the group interest instead of some competing personal interest. It’s obvious that society needs to do this; otherwise, it can never solve collective action problems. And as a social species, we have developed both moral systems and reputational systems that encourage people behave in the group interest. I called these systems “societal security,” along with more recent developments: institutional (read “legal”) systems and technological systems.

That phrasing strained the definition of “security.” Everything, from the Bible to your friends treating you better if you were nice to them, was a security system. In my reframing, those are all trust pressures. It’s a language that’s more intuitive. We already know about moral pressure, peer pressure, and legal pressure. Reputational pressure, institutional pressure, and security pressure is much less of a stretch. And it puts security back in a more sensible place. Security is a mechanism; trust is the goal.

This reframing lets me more easily talk directly about the central issues of the book: how these various pressures scale to larger societies, and how security technologies are necessary for them to scale. Trust changes focus as society scales, too. In smaller societies (a family, for example), trust is more about intention and less about actions. In larger societies, trust is all about actions. It’s more like compliance. And as things scale even further, trust becomes less about people and more about systems. I don’t need to trust any particular banker, as long as I trust the banking system. And as we scale up, security becomes more important.

Possibly the book’s thesis statement: “Security is a set of constructed systems that extend the naturally occurring systems that humans have always used to induce trust and enable society. This extension became necessary when society began to operate at a scale and complexity where the naturally occurring mechanisms started to break down, and is more necessary as society continues to grow in scale.”

So the phrase “societal security” is completely gone from the book. (Like the phrase “dishonest minority,” it only exists in old blog posts.) There’s more talk about the role of trust in society. There’s more talk about how security, real security this time, enables trust. It felt like a major change when I embarked on it, but the fact that I did it in three days says how this framing was always there under the surface. And the fact that the book reads a lot more cleanly now says this framing is the right one.

The title remains the same: Liars and Outliers. The cover remains the same. The table of contents is the same, although some chapters have different names. The subtitle has to change, though. Candidates include:

  1. How Trust Holds Society Together—my publisher probably won’t allow me to write a book without the word “security” somewhere in the title.
  2. Security, Trust, and Society—not punchy enough.
  3. How Security Enables the Trust that Holds Society Together—probably too long.
  4. How Trust and Security Hold Society Together—maybe.

Any other ideas?

The manuscript is still due to the publisher at the end of the month, and publication is still set for mid-February. I am enjoying writing it, but I am also looking forward to it being done.

Posted on October 5, 2011 at 7:38 PMView Comments

A Status Report: "Liars and Outliers"

It’s been a long hard year, but the book is almost finished. It’s certainly the most difficult book I’ve ever written, mostly because I’ve had to learn academic fields I don’t have a lot of experience in. But the book is finally coming together as a coherent whole, and I am optimistic that the results will prove to be worth the effort.

Table of contents:

1. Introduction
2. A Natural History of Security
3. The Evolution of Cooperation
4. A Social History of Security
5. Societal Dilemmas
6. Societal Security
7. Moral Societal Security
8. Reputational Societal Security
9. Institutional Societal Security
10. Technological Societal Security
11. Competing Interest
12. Organizations and Societal Dilemmas
13. Corporations and Societal Dilemmas
14. Institutions and Societal Dilemmas
15. Understanding Societal Security Failures
16. Societal Security and the Information Age
17. The Future of Societal Security

The old title, “The Dishonest Minority,” has been completely expunged from the book. The phrase appears nowhere in the text—it’s only existence is in old blog posts about the book.

Lastly, I want to apologize to all my readers for the scant pickings on my blog and in Crypto-Gram. So much of my attention is going into writing my book that I don’t have time for much else. I promise to write more essays and blog posts once the book is finished. That’s likely to be the December issue of Crypto-Gram. Thank you for your patience.

The manuscript is due in 45 days; publication is still scheduled for mid February. Right now it’s 88,000 words long, with another 30,000 words in notes and references.

Posted on September 15, 2011 at 6:52 AMView Comments

1 10 11 12 13 14 17

Sidebar photo of Bruce Schneier by Joe MacInnis.