Monday, February 20, 2012

Review: Liars and Outliers

My opinions about security are well known. Yet once in a while someone will point me to something by Bruce Schneier and I will read it and it would actually seem reasonable. So when I saw he had a new book out I read the sample and found myself ordering Liars and Outliers.

The trick? It's not actually a book about security. It's more or less a book about the Prisoner's Dilemma. Not the game that's played as a two player game, but in all its glories, with respect to an individual to society, and corporations against society, as well as all the complexity inside those edge cases.

I don't know how Schneier is as an engineer, but as a writer, he's far more interesting than any security person I've actually had to interact with as a co-worker. After reading this book, a lot of it I'm sure is that as an author, he's more likely to be willing to concede that many security considerations are less important than what's necessary to keep society functioning smoothly. Security engineers, on the other hand, often have to justify their jobs, and so you'll never hear security engineers say something like: "You're already too secure!" (And yes, it comes up --- as Steve Yegge points out in his famous blog posts, if you dial security down to zero, you get the Playstation Network, which is still somewhat useful, whereas if you dial security up to infinity, nobody uses it, and it's useless)

What's more interesting is that he says things like:
There is considerable evidence, both observational and experimental, that the group dynamics of a hierarchical organizational structure, especially a corporate one, dampen moral considerations as well. There are many reasons for this, and it seems to increase as organizations grow in size. (Pg. 169)
It's only a bit over the top to call corporations “immortal sociopaths,” as attorney and writer Joel Baken did. For corporations, the closest thing they have to morals is law. (Pg. 216)
What's interesting isn't just those quotes, it's that Schneier proceeds to explain why corporations, especially when they leave the startup stage, essentially turn evil and become sociopaths. What's really funny to me is that he uses Google frequently as an example of a non-evil corporation, especially the motto "Don't be evil", which was never actually a former corporate statement. Of course, the book went to press before the recent Google debacles became widely known. I'm not actually referring to the so-called privacy scandals, but to the fake pharmacy charges, where the federal government actually had a sting operation that showed that the policy that led to breaking the law went all the way to the top (including Larry Page), where not only did the executives knew they were breaking the law, they were explicitly told by the sting operators that they were breaking the law but approved and assisted anyway! It also explains why people who might otherwise be good human beings do regularly turn into sociopaths when employed by large corporations with lots of money. I gained a lot of sympathy for John T Reed's views as expressed in Succeeding as a result.

Schneier points out that 100% social conformance is not a good thing:
Increasing societal pressure isn't always worth it. It's not just the problem of diminishing returns discussed in Chapter 10. Looking back through history, the societies that enforce cooperation and conformance to the group norm, that ruthlessly clamp down and punish defectors, and that monitor every aspect of their citizens' lives are not societies we think of as free. (Pg. 245)

All in all, I read the book in just one night and found it fascinating and worth the time. Your views about society, cooperation, and how people behave (and misbehave) will change as a result of reading the book.

Post a Comment