Society runs on trust and would collapse without it. The interconnectedness of the modern world creates new and dangerous risks to trust.
Bruce Schneier's recent book Liars and Outliers is a philosophical exploration of the role of trust in society, and is likely to appeal more to policy makers and academics than to information security practitioners. He describes how theories regarding trust (and perhaps trust itself) have evolved over time and sets this within the context of today's global interconnected society.
Schneier has done a very careful literature review, citing theories and experiments across multiple disciplines such as sociology, anthropology, and psychology. The computer scientist will find that the book does a very good job of discussing abstract concepts, while the computer professional will find that it lacks a concreteness needed for it to be useful in their daily work.
Schneier puts forth the idea that society runs on trust and that failures in trust now have global consequences. Parasites and fraudsters could ruin everything for honest people. The interest of society may be put into conflict with certain individuals within society. Society builds laws as controls to keep people from "ruining it for everyone." The book is more about how society establishes and maintains that trust--specifically, it explains how society enforces, evokes, elicits, compels, encourages "...trustworthiness, or at least compliance, through systems of what I call societal pressures, similar to sociology's social controls: coercive mechanisms that induce people to cooperate, act in the group interest, and follow group norms." It's all about the societal pressures that keep the masses in line by inducing cooperation.
The nearby image, from page 12, does a great job of breaking the entire book down into a flow chart. Click it to open a full-size image.
The book is divided into four parts.
In Part I, Schneier explores the background sciences of that shed light on trust: experimental psychology, evolutionary psychology, sociology, economics, behavioral economics, evolutionary biology, neuroscience, game theory, systems dynamics, anthropology, archeology, history, political science, law, philosophy, theology, cognitive science, and computer security. He provides a "cursory overview" that demonstrates where the "broad arcs of research" are pointing. He concludes Part I with some generalized societal dilemmas that "illustrate how society ensures that its members forsake their own interests when they run counter to society's interest."
Part II is where Schneier shares his full model of societal trust with the reader.
There are four basic categories of societal pressure that can induce cooperation in societal dilemmas:
Moral pressure. A lot of societal pressure comes from inside our own heads. Most of us don't steal, and it's not because there are armed guards and alarms protecting piles of stuff. We don't steal because we believe it's wrong, or we'll feel guilty if we do, or we want to follow the rules.
Reputational pressure. A wholly different, and much stronger, type of pressure comes from how others respond to our actions. Reputational pressure can be very powerful; both individuals and organizations feel a lot of pressure to follow the group norms because they don't want a bad reputation.
Institutional pressure. Institutions have rules and laws. These are norms that are codified, and whose enactment and enforcement is generally delegated. Institutional pressure induces people to behave according to the group norm by imposing sanctions on those who don't, and occasionally by rewarding those who do.
Security systems. Security systems are another form of societal pressure. This includes any security mechanism designed to induce cooperation, prevent defection, induce trust, and compel compliance. It includes things that work to prevent defectors, such as door locks and tall fences; things that interdict defectors, such as alarm systems and guards; things that only work after the fact, such as forensic and audit systems; and mitigation systems that help the victim recover faster and care less that the defection occurred.
Part III then applies the model to "the more complex dilemmas that arise in the real world" and explains how the above four forces are used to balance individual and group desires and actions. Part IV discusses the different ways societal pressures fail. Special attention is given to the issue of how living in an information society changes societal pressures.
Theoreticians, public policy students, and public policy professionals will find plenty in Liars and Outliers to stimulate thought regarding the abstract concept of trust. However, to loosely paraphrase Einstein, I am a security practitioner, not a philosopher; I am much more interested in learning how to secure something than I am in learning how to conceptualize trust. For my purposes, Liars and Outliers was an informative diversion and didn't provide very much, if any, practical security information or techniques.
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
2017 State of IT ReportIn today's technology-driven world, "innovation" has become a basic expectation. IT leaders are tasked with making technical magic, improving customer experience, and boosting the bottom line -- yet often without any increase to the IT budget. How are organizations striking the balance between new initiatives and cost control? Download our report to learn about the biggest challenges and how savvy IT executives are overcoming them.