Page 27 of 46
My new book, Liars and Outliers, has a cover.
Publication is still scheduled for the end of February—in time for the RSA Conference—assuming I finish the manuscript in time.
EDITED TO ADD (8/12): The cover was inspired by a design by Luke Fretwell. He sent me an unsolicited cover design, which I liked and sent to my publisher. They liked the general idea, but refined it into the cover you see. Luke has a blog post on the exchange, which includes a picture of his cover.
I think I gave this interview at the RSA Conference in February.
Thank you for all your comments and suggestions regarding my next book title. It will be:
Liars and Outliers:
How Security Holds Society Together
We’re still deciding on a cover, but it won’t be any of the five from the above link. Vaguely ominous crowd scenes are not what I want.
As my regular readers already know, I’m in the process of writing my next book. It’s a book about why security exists: specifically, how a group of people protects itself from individuals within that group. My working title has been The Dishonest Minority. The idea behind the title is that “honesty” is defined by social convention, then those that don’t follow the social conventions are by definition dishonest.
In my second blog post about the book, there was a lot of commentary about the word “dishonest.” The problem is that there are two kinds of dishonest people: those who are selfish, and those who are differently moral than the rest of society. So the word has to apply to both burglars and abolitionists. It has to apply to a criminal within society as a whole, and a police informant within a society of criminals. It has to apply to people who don’t pay their taxes because they’re selfish, and those who don’t pay because they are morally opposed to what the government is doing with the money. It has to apply to both Bernie Madoff and Gandhi.
It’s true that it’s a bit pejorative to use the word “dishonest” to describe both Madoff and Gandhi. But I can’t think of a better word. Here are some options:
I don’t really like any of them.
Another option is to explicitly call out the two different types:
Alliteration is always a plus. Biblical references I’m less sure about.
I like this general concept for title, because the potential reader will be intrigued how the two are related. They’re both “transgressors,” which might be a good word for the title.
Or the word alone:
The subtitle is still one of these:
Other options:
In general, I like an exciting title paired with a descriptive subtitle. But I’m willing to be convinced otherwise.
Remember, the goal of a title is to make people—people who don’t already know me and my writing—want to read my book.
Question 1: What do you think of the title options? What other words would work, either in the “adjective noun” title style, or the “A, B, and other Cs” style? What other completely different titles or subtitles would work?
Next: cover options. I’m not sure how much book cover matters anymore, now that my books will primarily be sold from online stores and in ebook formats. But I’d like a cover that doesn’t suck. And it’s hard. “Security” is a concept that’s full of trite metaphors. And it’s hard to come up with a picture that really captures what I am writing about. (Maybe this one.) Below are five options that my publisher has sent me.
1. 
2. 
3. 
4. 
5. 
Note that the stock photos sometimes have watermarks, or are shown in artificially reduced resolution. If we actually use one of the photos, those artifacts will disappear.
Question 2: What do you think of the cover options: the stock photos, the typefaces, the colors, the overall layout of the cover? Will any of those work, or do we have to go back to the drawing board?
I appreciate your opinions. Please first give them to me cold, without reading the other comments. Then feel free to comment on what other people think.
I’m at SHB 2011, the fourth Interdisciplinary Workshop on Security and Human Behavior, at Carnegie Mellon University. This is a two-day invitational gathering of computer security researchers, psychologists, behavioral economists, sociologists, political scientists, anthropologists, philosophers, and others—all of whom are studying the human side of security—organized by Alessandro Acquisti, Ross Anderson, and me. It’s not just an interdisciplinary conference; most of the people here are individually interdisciplinary. For the past four years, this has been the most intellectually stimulating conference I have attended.
Here is the program. The list of attendees contains links to readings from each of them—definitely a good place to browse for more information on this topic.
Ross Anderson is liveblogging this event. Matt Blaze is taping the sessions; I’ll link to them if he puts them up on the Internet.
Here are links to my posts on the first, second, and third SHB workshops. Follow those links to find summaries, papers, and audio recordings of the workshops.
I’m at the Tenth Workshop on Economics of Information Security (WEIS 2011) , at George Mason University. Most of the papers are online, and Ross Anderson is liveblogging the talks.
These are what I get for giving interviews when I’m in a bad mood. For the record, I think Sony did a terrible job with its customers’ security. I also think that most companies do a terrible job with customers’ security, simply because there isn’t a financial incentive to do better. And that most of us are pretty secure, despite that.
One of my biggest complaints with these stories is how little actual information we have. We often don’t know if any data was actually stolen, only that hackers had access to it. We rarely know how the data was accessed: what sort of vulnerability was used by the hackers. We rarely know the motivations of the hackers: were they criminals, spies, kids, or someone else? We rarely know if the data is actually used for any nefarious purposes; it’s generally impossible to connect a data breach with a corresponding fraud incident. Given all of that, it’s impossible to say anything useful or definitive about the attack. But the press always wants definitive statements.
Three months ago, I announced that I was writing a book on why security exists in human societies. This is basically the book’s thesis statement:
All complex systems contain parasites. In any system of cooperative behavior, an uncooperative strategy will be effective—and the system will tolerate the uncooperatives—as long as they’re not too numerous or too effective. Thus, as a species evolves cooperative behavior, it also evolves a dishonest minority that takes advantage of the honest majority. If individuals within a species have the ability to switch strategies, the dishonest minority will never be reduced to zero. As a result, the species simultaneously evolves two things: 1) security systems to protect itself from this dishonest minority, and 2) deception systems to successfully be parasitic.
Humans evolved along this path. The basic mechanism can be modeled simply. It is in our collective group interest for everyone to cooperate. It is in any given individual’s short-term self interest not to cooperate: to defect, in game theory terms. But if everyone defects, society falls apart. To ensure widespread cooperation and minimal defection, we collectively implement a variety of societal security systems.
Two of these systems evolved in prehistory: morals and reputation. Two others evolved as our social groups became larger and more formal: laws and technical security systems. What these security systems do, effectively, is give individuals incentives to act in the group interest. But none of these systems, with the possible exception of some fanciful science-fiction technologies, can ever bring that dishonest minority down to zero.
In complex modern societies, many complications intrude on this simple model of societal security. Decisions to cooperate or defect are often made by groups of people—governments, corporations, and so on—and there are important differences because of dynamics inside and outside the groups. Much of our societal security is delegated—to the police, for example—and becomes institutionalized; the dynamics of this are also important. Power struggles over who controls the mechanisms of societal security are inherent: “group interest” rapidly devolves to “the king’s interest.” Societal security can become a tool for those in power to remain in power, with the definition of “honest majority” being simply the people who follow the rules.
The term “dishonest minority” is not a moral judgment; it simply describes the minority who does not follow societal norm. Since many societal norms are in fact immoral, sometimes the dishonest minority serves as a catalyst for social change. Societies without a reservoir of people who don’t follow the rules lack an important mechanism for societal evolution. Vibrant societies need a dishonest minority; if society makes its dishonest minority too small, it stifles dissent as well as common crime.
At this point, I have most of a first draft: 75,000 words. The tentative title is still “The Dishonest Minority: Security and its Role in Modern Society.” I have signed a contract with Wiley to deliver a final manuscript in November for February 2012 publication. Writing a book is a process of exploration for me, and the final book will certainly be a little different—and maybe even very different—from what I wrote above. But that’s where I am today.
And it’s why my other writings continue to be sparse.
This is a surprise. My TED talk made it to the website. It’s a surprise because I didn’t speak at TED. I spoke last year at a regional TED event, TEDxPSU. And not all talks from the regional events get on the main site, only the good ones.
EDITED TO ADD (5/13): A transcript.
EDITED TO ADD (5/14): Motley Fool article about the talk.
This three–part video interview with me was conducted at the RSA Conference last month.
Sidebar photo of Bruce Schneier by Joe MacInnis.
