My latest Forbes column is entitled “Why Doesn’t Society Just Fall Apart?” and it’s a short review of Bruce Schneier’s latest book, Liars & Outliers: Enabling the Trust that Society Needs to Thrive. It’s an interesting exploration of the societal pressures that combine to ensure that (most!) societies don’t go off the rails and end in anarchic violence. In particular, he identifies and discusses four “societal pressures” combine to help create and preserve trust within society. Those pressures include: (1) Moral pressures; (2) Reputational pressures; (3) Institutional pressures; and (4) Security systems. By “dialing in” these societal pressures in varying degrees, trust is generated over time within groups.
Of course, these societal pressures also fail on occasion, Schneier notes. He explores a host of scenarios — in organizations, corporations, and governments — when trust breaks down because defectors seek to evade the norms and rules the society lives by. These defectors are the “liars and outliers” in Schneier’s narrative and his book is an attempt to explain the complex array of incentives and trade-offs that are at work and which lead some humans to “game” systems or evade the norms and rules others follow.
The most essential lesson Schneier teaches us is that perfect security is an illusion. We can rely on those four societal pressures in varying mixes to mitigate problems like theft, terrorism, fraud, online harassment, and so on, but it would be foolish and dangerous to believe we can eradicate such problems completely. “There can be too much security,” Schneier explains, because, at some point, constantly expanding security systems and policies will result in rapidly diminishing returns. Trying to eradicate every social pathology would bankrupt us and, worse yet, “too much security system pressure lands you in a police state,” he correctly notes.
Schneier’s framework is particularly useful when addressing a variety of security dilemmas in the field of information policy. “Parasites are all over the Internet,” he notes, and “new technologies, new innovations, and new ideas increase the scope of defection in several dimensions.” Whether its spam, malware attacks, data theft, copyright piracy, or cybersecurity, the defectors have a first-mover advantage in that “they get to try the new attack first.” The Net and new digital networks and technologies have created a never-ending cat-and-mouse game: “It’s a race between the ability to deceive and the ability to detect deception,” Schneier notes. Again, there are no silver-bullet solutions because “this process never ends.” As he correctly concludes, we must accept the fact that “security is a process, not a product.”