Bruce Schneier's recent book Liars and Outliers is a philosophical exploration of the role of trust in society, and is likely to appeal more to policy makers and academics than to information security practitioners. He describes how theories regarding trust (and perhaps trust itself) have evolved over time and sets this within the context of today's global interconnected society.
Schneier has done a very careful literature review, citing theories and experiments across multiple disciplines such as sociology, anthropology, and psychology. The computer scientist will find that the book does a very good job of discussing abstract concepts, while the computer professional will find that it lacks a concreteness needed for it to be useful in their daily work.
Schneier puts forth the idea that society runs on trust and that failures in trust now have global consequences. Parasites and fraudsters could ruin everything for honest people. The interest of society may be put into conflict with certain individuals within society. Society builds laws as controls to keep people from "ruining it for everyone." The book is more about how society establishes and maintains that trust--specifically, it explains how society enforces, evokes, elicits, compels, encourages "...trustworthiness, or at least compliance, through systems of what I call societal pressures, similar to sociology's social controls: coercive mechanisms that induce people to cooperate, act in the group interest, and follow group norms." It's all about the societal pressures that keep the masses in line by inducing cooperation.
The book is divided into four parts.
In Part I, Schneier explores the background sciences of that shed light on trust: experimental psychology, evolutionary psychology, sociology, economics, behavioral economics, evolutionary biology, neuroscience, game theory, systems dynamics, anthropology, archeology, history, political science, law, philosophy, theology, cognitive science, and computer security. He provides a "cursory overview" that demonstrates where the "broad arcs of research" are pointing. He concludes Part I with some generalized societal dilemmas that "illustrate how society ensures that its members forsake their own interests when they run counter to society's interest."
Part II is where Schneier shares his full model of societal trust with the reader.
There are four basic categories of societal pressure that can induce cooperation in societal dilemmas:
- Moral pressure. A lot of societal pressure comes from inside our own heads. Most of us don't steal, and it's not because there are armed guards and alarms protecting piles of stuff. We don't steal because we believe it's wrong, or we'll feel guilty if we do, or we want to follow the rules.
- Reputational pressure. A wholly different, and much stronger, type of pressure comes from how others respond to our actions. Reputational pressure can be very powerful; both individuals and organizations feel a lot of pressure to follow the group norms because they don't want a bad reputation.
- Institutional pressure. Institutions have rules and laws. These are norms that are codified, and whose enactment and enforcement is generally delegated. Institutional pressure induces people to behave according to the group norm by imposing sanctions on those who don't, and occasionally by rewarding those who do.
- Security systems. Security systems are another form of societal pressure. This includes any security mechanism designed to induce cooperation, prevent defection, induce trust, and compel compliance. It includes things that work to prevent defectors, such as door locks and tall fences; things that interdict defectors, such as alarm systems and guards; things that only work after the fact, such as forensic and audit systems; and mitigation systems that help the victim recover faster and care less that the defection occurred.
Part III then applies the model to "the more complex dilemmas that arise in the real world" and explains how the above four forces are used to balance individual and group desires and actions. Part IV discusses the different ways societal pressures fail. Special attention is given to the issue of how living in an information society changes societal pressures.
Theoreticians, public policy students, and public policy professionals will find plenty in Liars and Outliers to stimulate thought regarding the abstract concept of trust. However, to loosely paraphrase Einstein, I am a security practitioner, not a philosopher; I am much more interested in learning how to secure something than I am in learning how to conceptualize trust. For my purposes, Liars and Outliers was an informative diversion and didn't provide very much, if any, practical security information or techniques.