Bruce Schneier’s public lecture: Liars and Outliers

Prominent security expert Bruce Schneier takes the floor at NZITF to present his book “Liars and Outliers”, providing in-depth analysis of how the concepts of trust and security overlap in the present-day society.

Bruce Schneier Hey there! What I want to talk about today is trust and security. Basically, what I really want to talk about is the work I’ve been doing the last year that culminated in a book called “Liars and Outliers” which I published about 2 months ago, and the book is really part of my endless series of generalizations trying to figure out how security works and why it exists. Sort of an interesting question to ask: why security exists? You know, we can say security exists because there are bad guys, but, you know, that really doesn’t answer the question. Rocks don’t have security, what is it about people, what is it about life, that requires security? And in the book I attempt to answer that. And throughout the work I came to realize that that the reason we have security is to facilitate trust. The book is about security, trust, and society.

Trust is sort of an interesting concept. This morning I woke up in a hotel trusting quite a number of people who had keys to my room. I went and had breakfast trusting not only the people who cooked the food, I had eggs, but the people who made it, produced it, shipped it. I got into a taxi – another huge trust situation, there are other cars, other drivers, I’m walking down the street, passing people none of whom were attacking me. You may laugh, but if we were a race of chimpanzees, we couldn’t do this. I probably trusted tens, hundreds of thousands people, and it’s 10:30 in the morning and the day hasn’t even started yet.

Trust, security and society – key concepts analyzed in Bruce Schneier’s book Our trust is essential to society; now, trust is how society works and we, as a species, are very trusting. We are all sitting in this room, mostly strangers, sure that the person next to us won’t turn and attack us. If this turns out not to be true, society doesn’t function. And the fact that we don’t even think about it – I mean, all the things I’ve just mentioned, it never occurs to us, I’m trusting my food suppliers when I’m cooking dinner tonight – again, the fact that we don’t even think about it, the fact that we can sit here and not worry about the ceiling going to collapse on us, trusting the architects, the designers, the builders, the municipal building codes here in New Zealand, and we trust them to such a degree that it never occurs to us that we are in fact trusting them.

So, what I present really is not only a way of thinking about security, but a way of thinking about society and society’s problems. I think the lens of security is a valuable one, and looking at some of the issues in society in terms of security and trust is valuable. So, what I’m writing about and talking about is security’s role in enabling society. There’s a lot written about why trust is important, there’s a whole lot of really good writings, on the values of high-trust societies, the problems of low-trust societies, why it’s important to have trust – I’m not really about that, I’m more of how society enables it.

It’s a good thing that’s given, we are security people, how do we enforce it, how do we make sure that people behave in a trustworthy manner? And it’s also essentially a look at group interest vs. self interest, and how society enforces the group interest, whatever that happens to be.

So trust is a complicated concept. You know, if you work in security, specifically if you write about security, you quickly realize that the word ‘security’ has lots of different meanings, and depending on what you are writing about, the flavor of the word is different.

The word ‘trust’ is even worse. It’s a very overloaded term in our language, it means a lot of different things. There’s a sort of personal intimate trust, when you trust your partner, when you trust a close friend – that’s a very specific kind of trust. It’s interesting, it’s not really about their actions, it’s about who they are as a person. When I say, “I trust my wife”, it’s not because I know she is compliant, it’s because I know her as a person and I trust that her actions, whatever they’ll be, will be informed by that person who I know, and I trust that. I’m trusting their intentions, I’m trusting who they are.

Taking a taxi is a trust situation There’s also a much less personal and intimate form of trust. When I say, “I trusted the taxi driver to drive me here”, there’s no intimacy, I don’t know who that driver was, I know nothing about him as a person, I know nothing about his intentions, he could be a burglar on the weekends. I don’t know and I don’t care. I’m trusting his actions within the context of our relationship, which is ‘he’s a taxi driver and I’m a passenger for the 5 minutes that occurred.’ I’m trusting that he won’t run me off the road, drive me north to Auckland, I’m trusting just that piece.

It’s an odd type of trust; I mean, we can, maybe, call it ‘confidence’, I have confidence in what he’s doing, and it’s less that he’s being trustworthy, maybe it’s more that he’s being compliant, but this is the sort of trust that makes the world go round, that is the sort of the trust that we have in the strangers sitting next to us in this room – not who they are, but that they will behave according to social norms which would be sit quietly, don’t make noise, and don’t pick each other’s pockets.

So, when people are trustworthy in that way, the term I use, it’s from game theory, is ‘cooperative’. In today’s society we trust people in this way, but we also trust institutions and systems. It’s not that I trusted the particular front-desk clerk that took my credit card and checked me in yesterday, it’s that I trusted the company that produced him. It’s not that I trusted the taxi driver, but the whole system that produced the taxi driver, the hotel calling the company and the car appearing with the company logo.

Using ATM implies trust for banking system And there’s all those trappings that help me trust these strangers, so we trust people, we trust corporations, government institutions, we trust systems. Yesterday I put my credit card into an ATM machine and I got out local currency which I trust is valid, I hadn’t seen it in a couple of decades, and I also trusted, by some magical process I don’t even understand, that a similar amount would be debited from my account back in the United States. I’m not really trusting the bank even, or my bank, I’m just trusting this amorphous international interbank transfer system.

All complex systems require cooperation. All eco-systems require cooperation. This is true for biological systems, it’s true for social systems, and, important in our world, it’s true for socio-technical systems. They are all fundamentally cooperative. Also, in any cooperative system, there exists an alternative uncooperative strategy – basically, a parasitical strategy. And this holds true for tapeworms in your digestive tract, it holds true for thieves in a market, it holds true for spammers in e-mail, it holds true for companies that take their profits overseas to avoid taxes.

In any cooperative system there’s an uncooperative strategy. And also using game theory, I’m calling those uncooperatives, those parasites ‘defectors’, defectors in the system where we are looking at. These defectors, these parasites, the uncooperatives can only survive if they are not too successful, this is important. If the parasites in your digestive tract get too greedy, you die, and then they die. If the thieves in a marketplace get too greedy, the market closes down, and the thieves starve. Too much spam in your e-mail – we all stop reading e-mail, everyone stops reading spam. If everyone pulls their profits overseas and doesn’t pay taxes, society collapses. There’s this fundamental tension in all systems between cooperating and defecting.

It also can be looked at as a tension between us as individuals and us collectively as society: individuals here, society here. Of course, the individuals and society are the same people, but it’s about how we view ourselves.

We’re better off if everyone is cooperative Take stealing as an example: we’re each individually better off if we steal each other’s stuff, but we’re all better off if we live in a society where no one steals. We’re each better off if we don’t pay our taxes, but we’re all better off if everyone does. As a country, each of our countries is better off if we do what we want, but the world is better off if countries follow international treaties. That’s that tension. And one other point is we’re all better off if everyone is cooperative and nobody else is, and I’m better off if I’m stealing, but I’m much better off living in the society where no one steals; but I’m even better off, if I’m the only one who’s stealing, because I get the benefit of living in a society where no one steals and I get all your stuff. But of course, if everyone acts that way, society collapses.

Read next: Bruce Schneier’s public lecture: Liars and Outliers 2. Societal pressures

Like This Article? Let Others Know!
Related Articles:

Leave a comment:

Your email address will not be published. Required fields are marked *

Comment via Facebook: