Ending his lecture at NZITF, Bruce Schneier announces the Q&A section where he answers relevant questions from the audience on the topic.
I’m happy to take questions on sort of any of this, and then after that on sort of greater topics, since I know there’s a lot of things I didn’t talk about.
Q: Thank you! What you are pretty well known for is bringing the issues that we face in computer security outside of computer security. I know you’ve been pushing this message for a long time, do you think that this message has been really picked up globally and that we are, actually, starting to see a transition to seeing computer security in the wider context of an environment and a society?
A: You know, I do think so. Maybe not as formally as I’ve written here, but I think more computer security people are working within their larger context, and that’s because the stuff we’re doing is affecting more and more people, it’s not just securing a bank vault or an Internet website, it’s things like Facebook, where we do have hundreds of millions of people using it, and we have to think more broadly. The people who are doing user interface are looking at how we can trigger different mental processes by our technological mechanisms. So I do see that there’s a couple of conferences that try to put these things together, so I am seeing more of this, I want to see a lot more, because I think we would be much more effective as a community if we understood the greater context and not just looked at the technological aspects of what we’re doing, because as we embed them, I think we get a lot more power and there’s value there. Also, a lot more of our social problems have a technological aspect to them because everything we do these days has a technological aspect, which, again, makes us integrate them more. So, I think, the answer is ‘yes’, but not nearly to the degree that I want.
Q: A lot of what you’ve spoken about has been scaling issues, and you’ve talked also about the positive benefits that come to the enforcers from technology. A lot of those are about security gap being around, institutions not reacting fast enough in your example of the police and the automobile, but we have institutions to do what we can’t do as individuals, and while you speak of the threat of the small number of defectors amplified by technology, isn’t there also a growth in the degree to which we can protect ourselves using those same technologies and, perhaps, in some sense, the institutions will become less significant?
A: I think the opposite is true. That whole, you know, ‘every man’s an island’ – I think it’s total nonsense, especially today. If we sort of think about the global nature of everything we do… You can’t test your own food for poison, you just can’t. You can’t be an expert in your car. I flew here on an airplane, I have no choice but to trust the institutions, the corporations, the systems. So no, I don’t think technology is allowing us to take this into our own hands, more and more we have to trust people, we have to trust people half a planet away that we didn’t 50 years ago, because they are in our supply chains. And as we become more global and more technological, the number of people increases even more, so I think the exact opposite is true.
Q: Thank you for your analysis of the different kinds of defectors, and I was interested by your observation, true observation obviously, that some of today’s heroes were defectors in their times – civil rights movement, for instance. I wonder if there’s some way to tell ex-ante between the defectors who are merely the ones we would still regard as common criminals and those who actually will generate some societal good in the long run.
A: Yes, I think in some cases we can, we have a good intuition about it. We know the bank robber will pretty much never be heralded as the vanguard of the social change of no banks, that just seems implausible; or the mugger; or the person who beats his spouse. And some stuff we know is a little more ambiguous. Are the vegetarians of today going to be the social norm of tomorrow, who knows? I mean this goes really far afield, now we’re nowhere near my expertise, and I’m not even willing to speculate. So there’s a lot of philosophy here that I think is relevant, and again, you know, this is me sort of putting a boundary on what I can talk about.
Q: Is there too much trust in some areas? Some of the bad stuff happens because of the low level of awareness, and people don’t take sufficient precautions to defend themselves.
A: But I think that’s good, in a lot of cases that’s good. There’ll always be some level of bad things happening. It doesn’t mean that society’s better off preventing them. If you are a herd of a hundred thousand gazelles, there’re going to be about two hundred lions circling your herd, picking off the weak ones. It doesn’t mean the gazelles are doing it wrong, it just means there are so many gazelles that this is okay. Of course, the individuals who get eaten are, you know, kind of out of luck, but the value of living in a trusted, in a high-trust society is really great. So we are here and there’s some possibility there’s going to be a pickpocket upstairs, and there are some in New Zealand, and they do make a living. We’re okay, and we’re going to have a fine time at tea; now, we could all take precautions, but we’d have so much less good a time that it’s not worth it. Security’s always a tradeoff, so you have to look at what you’re getting versus what you’re giving up. And I think in a lot of cases humans, we, have a really good trust barometer, we have a good feeling for when we can trust a situation and when we can’t, we get it wrong occasionally, but usually we’re pretty good.
Q: Hi there! Given the massive international nature of a lot of security attacks these days, do you have any comments on how things are working, or changing, improving or not improving internationally as regards enhancing trust for us as a society?
A: International’s hard on Internet systems, there aren’t good international enforcement mechanisms. There are some, and some countries share information, but there always are countries where criminals can operate with relative impunity, and we know where they are, it’s South-East Asia, it’s Sub-Saharan Africa, parts of Eastern Europe, parts of South America. I mean, this is where the Internet fraud comes from, because there’s lax computer crime laws, and bribal police forces, and no good extradition treaties.
So I think there are serious issues, and the result is you see a lot of sort of fortress mentality, the institutional systems are failing, so you have to rely more on the technologies, you have to rely more on your firewall. It’s like a low-trust society run by warlords, each warlord maintaining their own security, because you can’t trust the greater society. That’s working pretty well. Internet crime is a huge area of crime, but most of us are on the Net not worrying about it, most of us engage in commerce, most of us do Internet banking, and we do so safely.
It’s hard for us in the industry to remember that we deal with the exceptions, we deal with the few cases, we are the ones who have to worry about the defectors even though they are in a great minority. But in general I think we’re doing okay on the Net, but yes, the international challenges are very hard, we’re doing better, but we’re doing better very slowly. I think it’s going to take a lot to do a lot better because ‘rogue’ countries can do so much damage.
I think the security gap has been getting wider because of more technology and rapid technological change. My guess is those two trends aren’t going to change, which will make the gap get even wider, although I’m heartened by some of the mechanisms that are reacting to this, things like agile security, those sorts of things are a new way of thinking about security that has a potential to close that, and that would be neat to see. I think the jury is still out on whether that will work or not, but at least people are thinking differently, so we have a chance.
Q: Hi! I’m interested in the difference between defectors who defected out of their own self-interest as opposed to defectors who might have been defecting in the interest of a group of people, because I think that might be answering the question of the gentleman at the front, as to who are the ones who might be affecting positive social change.
A: Or defecting because of a higher moral cause, which you can argue is the group interest of a society as a whole. And yes, that is an important distinction to make; I spend a good chapter on that in the book – why someone is defecting matters a lot. And you’re right, that is one way to look at, how you can separate the greedy from the differently moral, for lack of a better term. Although you can claim greed is a moral good, we do have philosophies that try to make that point; then it gets sloppier. But yeah, it does seem obvious that the sociopath and the philosopher are not similar, they are so fundamentally different in their motivations. And you’d think there would be some test to disambiguate them.
Q: You’ve been very outspoken about the US transport security administration as an example of a failed security system, huge overreaction to a minor threat. How can your model of trust and defectors shed light on that, on why that huge reaction has happened and how we can do better in future?
A: Well, I do talk about them in the book, and one of the points I make is it’s really an issue about institutions, and the delegation problem. So we as society delegate (in the United States, it’s the TSA, I don’t know who it is in this country) an organization that will be effectively our proxy to implement societal pressures to deal with whatever this risk is. We among us pick a few of us to go over there and do that. Once we do that, this organization now becomes a separate group, and they have their own group interests, and some of that is maintaining their organization, making sure it gets funded, making sure it looks good. And once you do that you have a separation now between our interests as a society and this group’s interest. And that difference fundamentally causes the problems we’re seeing in things like airport security, and that’s a fundamental problem of the delegation process. In economics this is called the ‘principal-agent problem’: if I hire you to do a job for me, how do I ensure that you’ll do the job for me and not the job for you? But in fact, it’s not really in your interest to do the job for me, it is in your interest to do the job for you, mostly.
That’s the problem. So I do talk about it, it does get really complicated, and that’s the basic flavor of where the answer comes from.
Alright. Thank you very much!