ADVANCE PRAISE FOR LIARS AND OUTLIERS
"A rich, insightfully fresh take on what security really means!"
―DAVID ROPEIK, Author of How Risky is it, Really?
"Schneier has accomplished a spectacular tour de force: an enthralling ride through history, economics, and psychology, searching for the meanings of trust and security. A must read."
―ALESSANDRO ACQUISTI, Associate Professor of Information Systems and Public Policy at the Heinz College, Carnegie Mellon University
"Liars and Outliers offers a major contribution to the understandability of these issues, and has the potential to help readers cope with the ever-increasing risks to which we are being exposed. It is well written and delightful to read."
―PETER G. NEUMANN, Principal Scientist in the SRI International Computer Science Laboratory
"Whether it's banks versus robbers, Hollywood versus downloaders, or even the Iranian secret police against democracy activists, security is often a dynamic struggle between a majority who want to impose their will, and a minority who want to push the boundaries. Liars and Outliers will change how you think about conflict, our security, and even who we are."
―ROSS ANDERSON, Professor of Security Engineering at Cambridge University and author of Security Engineering
"Readers of Bruce Schneier's Liars and Outliers will better understand technology and its consequences and become more mature practitioners."
―PABLO G. MOLINA, Professor of Technology Management, Georgetown University
"Liars & Outliers is not just a book about security―it is the book about it. Schneier shows that the power of humour can be harnessed to explore even a serious subject such as security. A great read!"
―FRANK FUREDI, author of On Tolerance: A Defence of Moral Independence
"This fascinating book gives an insightful and convincing framework for understanding security and trust."
―JEFF YAN, Founding Research Director, Center for Cybercrime and Computer Security, Newcastle University
"By analyzing the moving parts and interrelationships among security, trust, and society, Schneier has identifi ed critical patterns, pressures, levers, and security holes within society. Clearly written, thoroughly interdisciplinary, and always smart, Liars and Outliers provides great insight into resolving society's various dilemmas."
―JERRY KANG, Professor of Law, UCLA
"By keeping the social dimension of trust and security in the center of his analysis, Schneier breaks new ground with an approach that both theoretically grounded and practically applicable."
―JONATHAN ZITTRAIN, Professor of Law and Computer Science, Harvard University and author of The Future of the Internet―And How to Stop It
"Eye opening. Bruce Schneier provides a perspective you need to understand today’s world."
―STEVEN A. LEBLANC, Director of Collections, Harvard University and author of Constant Battles: Why We Fight
"An outstanding investigation of the importance of trust in holding society together and promoting progress. Liars and Outliers provides valuable new insights into security and economics."
―ANDREW ODLYZKO, Professor, School of Mathematics, University of Minnesota
"What Schneier has to say about trust―and betrayal―lays a groundwork for greater understanding of human institutions. This is an essential exploration as society grows in size and complexity."
―JIM HARPER, Director of Information Policy Studies, CATO Institute and author of Identity Crisis: How Identification is Overused and Misunderstood
"Society runs on trust. Liars and Outliers explains the trust gaps we must fill to help society run even better."
―M. ERIC JOHNSON, Director, Glassmeyer/McNamee Center for Digital Strategies, Tuck School of Business at Dartmouth College
"An intellectually exhilarating and compulsively readable analysis of the subtle dialectic between cooperation and defection in human society. Intellectually rigorous and yet written in a lively, conversational style, Liars and Outliers will change the way you see the world."
―DAVID LIVINGSTONE SMITH, author of Less Than Human: Why We Demean, Enslave, and Exterminate Others
"Schneier tackles trust head on, bringing all his intellect and a huge amount of research to bear. The best thing about this book, though, is that it's great fun to read."
―ANDREW MCAFEE, Principal Research Scientist, MIT Center for Digital Business and co-author of Race Against the Machine
"Bruce Schneier is our leading expert in security. But his book is about much more than reducing risk. It is a fascinating, thought-provoking treatise about humanity and society and how we interact in the game called life."
―JEFF JARVIS, author of Public Parts: How Sharing in the Digital Age Improves the Way We Work and Live
"Both accessible and thought provoking, Liars and Outliers invites readers to move beyond fears and anxieties about security in modern life to understand the role of everyday people in creating a healthy society. This is a must-read!"
―DANAH BOYD, Research Assistant Professor in Media, Culture, and Communication at New York University
"Trust is the sine qua non of the networked age and trust is predicated on security. Bruce Schneier’s expansive and readable work is rich with insights that can help us make our shrinking world a better one."
―DON TAPSCOTT, co-author of Macrowikinomics: Rebooting Business
and the World
"An engaging and wide-ranging rumination on what makes society click. Highly recommended."
―JOHN MUELLER, author of Overblown: How Politicians and the Terrorism Industry Inflate National Security Threats, and Why We Believe Them
Liars and Outliers
Enabling the Trust that Society Needs to ThriveBy Bruce SchneierJohn Wiley & Sons
Copyright © 2012 John Wiley & Sons, Ltd
All right reserved.
ISBN: 978-1-1181-4330-8
Chapter One
Overview Just today, a stranger came to my door claiming he was here to unclog a bathroom drain. I let him into my house without verifying his identity, and not only did he repair the drain, he also took off his shoes so he wouldn't track mud on my floors. When he was done, I gave him a piece of paper that asked my bank to give him some money. He accepted it without a second glance. At no point did he attempt to take my possessions, and at no point did I attempt the same of him. In fact, neither of us worried that the other would. My wife was also home, but it never occurred to me that he was a sexual rival and I should therefore kill him.
Also today, I passed several strangers on the street without any of them attacking me. I bought food from a grocery store, not at all concerned that it might be unfit for human consumption. I locked my front door, but didn't spare a moment's worry at how easy it would be for someone to smash my window in. Even people driving cars, large murderous instruments that could crush me like a bug, didn't scare me.
Most amazingly, this worked without much overt security. I don't carry a gun for self-defense, nor do I wear body armor. I don't use a home burglar alarm. I don't test my food for poison. I don't even engage in conspicuous displays of physical prowess to intimidate other people I encounter.
It's what we call "trust." Actually, it's what we call "civilization."
All complex ecosystems, whether they are biological ecosystems like the human body, natural ecosystems like a rain forest, social ecosystems like an open-air market, or socio-technical ecosystems like the global financial system or the Internet, are deeply interlinked. Individual units within those ecosystems are interdependent, each doing its part and relying on the other units to do their parts as well. This is neither rare nor difficult, and complex ecosystems abound.
At the same time, all complex ecosystems contain parasites. Within every interdependent system, there are individuals who try to subvert the system to their own ends. These could be tapeworms in our digestive tracts, thieves in a bazaar, robbers disguised as plumbers, spammers on the Internet, or companies that move their profits offshore to evade taxes.
Within complex systems, there is a fundamental tension between what I'm going to call cooperating, or acting in the group interest; and what I'll call defecting, or acting against the group interest and instead in one's own self-interest. Political philosophers have recognized this antinomy since Plato. We might individually want each other's stuff, but we're collectively better off if everyone respects property rights and no one steals. We might individually want to reap the benefits of government without having to pay for them, but we're collectively better off if everyone pays taxes. Every country might want to be able to do whatever it wants, but the world is better off with international agreements, treaties, and organizations. In general, we're collectively better off if society limits individual behavior, and we'd each be better off if those limits didn't apply to us individually. That doesn't work, of course, and most of us recognize this. Most of the time, we realize that it is in our self-interest to act in the group interest. But because parasites will always exist—because some of us steal, don't pay our taxes, ignore international agreements, or ignore limits on our behavior—we also need security.
Society runs on trust. We all need to trust that the random people we interact with will cooperate. Not trust completely, not trust blindly, but be reasonably sure (whatever that means) that our trust is well-founded and they will be trustworthy in return (whatever that means). This is vital. If the number of parasites gets too large, if too many people steal or too many people don't pay their taxes, society no longer works. It doesn't work both because there is so much theft that people can't be secure in their property, and because even the honest become suspicious of everyone else. More importantly, it doesn't work because the social contract breaks down: society is no longer seen as providing the required benefits. Trust is largely habit, and when there's not enough trust to be had, people stop trusting each other.
The devil is in the details. In all societies, for example, there are instances where property is legitimately taken from one person and given to another: taxes, fines, fees, confiscation of contraband, theft by a legitimate but despised ruler, etc. And a societal norm like "everyone pays his or her taxes" is distinct from any discussion about what sort of tax code is fair. But while we might disagree about the extent of the norms we subject ourselves to—that's what politics is all about—we're collectively better off if we all follow them.
Of course, it's actually more complicated than that. A person might decide to break the norms, not for selfish parasitical reasons, but because his moral compass tells him to. He might help escaped slaves flee into Canada because slavery is wrong. He might refuse to pay taxes because he disagrees with what his government is spending his money on. He might help laboratory animals escape because he believes animal testing is wrong. He might shoot a doctor who performs abortions because he believes abortion is wrong. And so on.
Sometimes we decide a norm breaker did the right thing. Sometimes we decide that he did the wrong thing. Sometimes there's consensus, and sometimes we disagree. And sometimes those who dare to defy the group norm become catalysts for social change. Norm breakers rioted against the police raids of the Stonewall Inn in New York in 1969, at the beginning of the gay rights movement. Norm breakers hid and saved the lives of Jews in World War II Europe, organized the Civil Rights bus protests in the American South, and assembled in unlawful protest at Tiananmen Square. When the group norm is later deemed immoral, history may call those who refused to follow it heroes.
In 2008, the U.S. real estate industry collapsed, almost taking the global economy with it. The causes of the disaster are complex, but were in a large part caused by financial institutions and their employees subverting financial systems to their own ends. They wrote mortgages to homeowners who couldn't afford them, and then repackaged and resold those mortgages in ways that intentionally hid real risk. Financial analysts, who made money rating these bonds, gave them high ratings to ensure repeat rating business.
This is an example of a failure of trust: a limited number of people were able to use the global financial system for their own personal gain. That sort of thing isn't supposed to happen. But it did happen. And it will happen again if society doesn't get better at both trust and security.
Failures in trust have become global problems:
• The Internet brings amazing benefits to those who have access to it, but it also brings with it new forms of fraud. Impersonation fraud—now called identity theft—is both easier and more profitable than it was pre-Internet. Spam continues to undermine the usability of e-mail. Social networking sites deliberately make it hard for people to effectively manage their own privacy. And antagonistic behavior threatens almost every Internet community.
• Globalization has improved the lives of people in many countries, but with it came an increased threat of global terrorism. The terrorist attacks of 9/11 were a failure of trust, and so were the government overreactions in the decade following.
• The financial network allows anyone to do business with anyone else around the world; but easily hacked financial accounts mean there is enormous profit in fraudulent transactions, and easily hacked computer databases mean there is also a global market in (terrifyingly cheap) stolen credit card numbers and personal dossiers to enable those fraudulent transactions.
• Goods and services are now supplied worldwide at much lower cost, but with this change comes tainted foods, unsafe children's toys, and the outsourcing of data processing to countries with different laws.
• Global production also means more production, but with it comes environmental pollution. If a company discharges lead into the atmosphere— or chlorofluorocarbons, or nitrogen oxides, or carbon dioxide—that company gets all the benefit of cheaper production costs, but the environmental cost falls on everybody else on the planet.
And it's not just global problems, of course. Narrower failures in trust are so numerous as to defy listing. Here are just a few examples:
• In 2009–2010, officials of Bell, California, effectively looted the city's treasury, awarding themselves unusually high salaries, often for part-time work.
• Some early online games, such as Star Wars Galaxy Quest, collapsed due to internal cheating.
• The senior executives at companies such as WorldCom, Enron, and Adelphia inflated their companies' stock prices through fraudulent accounting practices, awarding themselves huge bonuses but destroying the companies in the process.
What ties all these examples together is that the interest of society was in conflict with the interests of certain individuals within society. Society had some normative behaviors, but failed to ensure that enough people cooperated and followed those behaviors. Instead, the defectors within the group became too large or too powerful or too successful, and ruined it for everyone.
* * *
This book is about trust. Specifically, it's about trust within a group. It's important that defectors not take advantage of the group, but it's also important for everyone in the group to trust that defectors won't take advantage.
"Trust" is a complex concept, and has a lot of flavors of meaning. Sociologist Piotr Sztompka wrote that "trust is a bet about the future contingent actions of others." Political science professor Russell Hardin wrote: "Trust involves giving discretion to another to affect one's interests." These definitions focus on trust between individuals and, by extension, their trustworthiness.
When we trust people, we can either trust their intentions or their actions. The first is more intimate. When we say we trust a friend, that trust isn't tied to any particular thing he's doing. It's a general reliance that, whatever the situation, he'll do the right thing: that he's trustworthy. We trust the friend's intentions, and know that his actions will be informed by those intentions.
The second is less intimate, what sociologist Susan Shapiro calls impersonal trust. When we don't know someone, we don't know enough about her, or her underlying motivations, to trust her based on character alone. But we can trust her future actions. We can trust that she won't run red lights, or steal from us, or cheat on tests. We don't know if she has a secret desire to run red lights or take our money, and we really don't care if she does. Rather, we know that she is likely to follow most social norms of acceptable behavior because the consequences of breaking these norms are high. You can think of this kind of trust— that people will behave in a trustworthy manner even if they are not inherently trustworthy—more as confidence, and the corresponding trustworthiness as compliance.
In another sense, we're reducing trust to consistency or predictability. Of course, someone who is consistent isn't necessarily trustworthy. If someone is a habitual thief, I don't trust him. But I do believe (and, in another sense of the word, trust) that he will try to steal from me. I'm less interested in that aspect of trust, and more in the positive aspects. In The Naked Corporation, business strategist Don Tapscott described trust, at least in business, as the expectation that the other party will be honest, considerate, accountable, and transparent. When two people are consistent in this way, we call them cooperative.
In today's complex society, we often trust systems more than people. It's not so much that I trusted the plumber at my door as that I trusted the systems that produced him and protect me. I trusted the recommendation from my insurance company, the legal system that would protect me if he did rob my house, whatever the educational system is that produces and whatever insurance system bonds skilled plumbers, and—most of all—the general societal systems that inform how we all treat each other in society. Similarly, I trusted the banking system, the corporate system, the system of police, the system of traffic laws, and the system of social norms that govern most behaviors.
This book is about trust more in terms of groups than individuals. I'm not really concerned about how specific people come to trust other specific people. I don't care if my plumber trusts me enough to take my check, or if I trust that driver over there enough to cross the street at the stop sign. I'm concerned with the general level of impersonal trust in society. Francis Fukuyama's definition nicely captures the term as I want to use it: "Trust is the expectation that arises within a community of regular, honest, and cooperative behavior, based on commonly shared norms, on the part of other members of that community."
Sociologist Barbara Misztal identified three critical functions performed by trust: 1) it makes social life more predictable, 2) it creates a sense of community, and 3) it makes it easier for people to work together. In some ways, trust in society works like oxygen in the atmosphere. The more customers trust merchants, the easier commerce is. The more drivers trust other drivers, the smoother traffic flows. Trust gives people the confidence to deal with strangers: because they know that the strangers are likely to behave honestly, cooperatively, fairly, and sometimes even altruistically. The more trust is in the air, the healthier society is and the more it can thrive. Conversely, the less trust is in the air, the sicker society is and the more it has to contract. And if the amount of trust gets too low, society withers and dies. A recent example of a systemic breakdown in trust occurred in the Soviet Union under Stalin.
I'm necessarily simplifying here. Trust is relative, fluid, and multidimensional. I trust Alice to return a $10 loan but not a $10,000 loan, Bob to return a $10,000 loan but not to babysit an infant, Carol to babysit but not with my house key, Dave with my house key but not my intimate secrets, and Ellen with my intimate secrets but not to return a $10 loan. I trust Frank if a friend vouches for him, a taxi driver as long as he's displaying his license, and Gail as long as she hasn't been drinking. I don't trust anyone at all with my computer password. I trust my brakes to stop the car, ATM machines to dispense money from my account, and Angie's List to recommend a qualified plumber—even though I have no idea who designed, built, or maintained those systems. Or even who Angie is. In the language of this book, we all need to trust each other to follow the behavioral norms of our group.
Many other books talk about the value of trust to society. This book explains how society establishes and maintains that trust. Specifically, it explains how society enforces, evokes, elicits, compels, encourages—I'll use the term induces— trustworthiness, or at least compliance, through systems of what I call societal pressures, similar to sociology's social controls: coercive mechanisms that induce people to cooperate, act in the group interest, and follow group norms. Like physical pressures, they don't work in all cases on all people. But again, whether the pressures work against a particular person is less important than whether they keep the scope of defection to a manageable level across society as a whole.
A manageable level, but not too low a level. Compliance isn't always good, and defection isn't always bad. Sometimes the group norm doesn't deserve to be followed, and certain kinds of progress and innovation require violating trust. In a police state, everybody is compliant but no one trusts anybody. A too-compliant society is a stagnant society, and defection contains the seeds of social change.
This book is also about security. Security is a type of a societal pressure in that it induces cooperation, but it's different from the others. It is the only pressure that can act as a physical constraint on behavior regardless of how trustworthy people are. And it is the only pressure that individuals can implement by themselves. In many ways, it obviates the need for intimate trust. In another way, it is how we ultimately induce compliance and, by extension, trust.
It is essential that we learn to think smartly about trust. Philosopher Sissela Bok wrote: "Whatever matters to human beings, trust is the atmosphere in which it thrives." People, communities, corporations, markets, politics: everything. If we can figure out the optimal societal pressures to induce cooperation, we can reduce murder, terrorism, bank fraud, industrial pollution, and all the rest.
(Continues...)
Excerpted from Liars and Outliersby Bruce Schneier Copyright © 2012 by John Wiley & Sons, Ltd. Excerpted by permission of John Wiley & Sons. All rights reserved. No part of this excerpt may be reproduced or reprinted without permission in writing from the publisher.
Excerpts are provided by Dial-A-Book Inc. solely for the personal use of visitors to this web site.
Audiobook
