The Big Idea: Bruce Schneier

Do you trust me? And if so, why do you trust me? And what do you trust me for? “Trust” is an interesting term, with some simple definitions, and others that aren’t so simple. Or so Bruce Schneier, the noted security expert, discovered as he was putting together his latest book Liars and Outliers. The web of trust in our society is pervasive and profound, and when the threads of trust are broken, interesting things happen. Here he is to tell you more.


My big idea is a big question. Every cooperative system contains parasites. How do we ensure that society’s parasites don’t destroy society’s systems?

It’s all about trust, really. Not the intimate trust we have in our close friends and relatives, but the more impersonal trust we have in the various people and systems we interact with in society. I trust airline pilots, hotel clerks, ATMs, restaurant kitchens, and the company that built the computer I’m writing this short essay on. I trust that they have acted and will act in the ways I expect them to. This type of trust is more a matter of consistency or predictability than of intimacy.

Of course, all of these systems contain parasites. Most people are naturally trustworthy, but some are not. There are hotel clerks who will steal your credit card information. There are ATMs that have been hacked by criminals. Some restaurant kitchens serve tainted food. There was even an airline pilot who deliberately crashed his Boeing 767 into the Atlantic Ocean in 1999.

My central metaphor is the Prisoner’s Dilemma, which nicely exposes the tension between group interest and self-interest. And the dilemma even gives us a terminology to use: cooperators act in the group interest, and defectors act in their own selfish interest, to the detriment of the group. Too many defectors, and everyone suffers — often catastrophically.

The Prisoner’s Dilemma is not only useful in describing the problem, but also serves as a way to organize solutions. We humans have developed four basic mechanisms for ways to limit defectors: what I call societal pressure. We use morals, reputation, laws, and security systems. It’s all coercion, really, although we don’t call it that. I’ll spare you the details; it would require a book to explain. And it did.

This book marks another chapter in my career’s endless series of generalizations. From mathematical security — cryptography — to computer and network security; from there to security technology in general; then to the economics of security and the psychology of security; and now to — I suppose — the sociology of security. The more I try to understand how security works, the more of the world I need to encompass within my model.

When I started out writing this book, I thought I’d be talking a lot about the global financial crisis of 2008. It’s an excellent example of group interest vs. self-interest, and how a small minority of parasites almost destroyed the planet’s financial system. I even had a great quote by former Federal Reserve Chairman Alan Greenspan, where he admitted a “flaw” in his worldview. The exchange, which took place when he was being questioned by Congressman Alan Waxman at a 2008 Congressional hearing, was once the opening paragraphs of my book. I called the defectors “the dishonest minority,” which was my original title.

That unifying example eventually faded into the background, to be replaced by a lot of separate examples. I talk about overfishing, childhood immunizations, paying taxes, voting, stealing, airplane security, gay marriage, and a whole lot of other things. I dumped the phrase “dishonest minority” entirely, partly because I didn’t need it and partly because a vocal few early readers were reading it not as “the small percentage of us that are dishonest” but as “the minority group that is dishonest” — not at all the meaning I was trying to convey.

I didn’t even realize I was talking about trust until most of the way through. It was a couple of early readers who — coincidentally, on the same day — told me my book wasn’t about security, it was about trust. More specifically, it was about how different societal pressures, security included, induce trust. This interplay between cooperators and defectors, trust and security, compliance and coercion, affects everything having to do with people.

In the book, I wander through a dizzying array of academic disciplines: experimental psychology, evolutionary psychology, sociology, economics, behavioral economics, evolutionary biology, neuroscience, game theory, systems dynamics, anthropology, archeology, history, political science, law, philosophy, theology, cognitive science, and computer security. It sometimes felt as if I were blundering through a university, kicking down doors and demanding answers. “You anthropologists: what can you tell me about early human transgressions and punishments?” “Okay neuroscientists, what’s the brain chemistry of cooperation? And you evolutionary psychologists, how can you explain that?” “Hey philosophers, what have you got?” I downloaded thousands — literally — of academic papers. In pre-Internet days I would have had to move into an academic library.

What’s really interesting to me is what this all means for the future. We’ve never been able to eliminate defections. No matter how much societal pressure we bring to bear, we can’t bring the murder rate in society to zero. We’ll never see the end of bad corporate behavior, or embezzlement, or rude people who make cell phone calls in movie theaters. That’s fine, but it starts getting interesting when technology makes each individual defection more dangerous. That is, fishermen will survive even if a few of them defect and overfish — until defectors can deploy driftnets and single-handedly collapse the fishing stock. The occasional terrorist with a machine gun isn’t a problem for society in the overall scheme of things; but a terrorist with a nuclear weapon could be.

Also — and this is the final kicker — not all defectors are bad. If you think about the notions of cooperating and defecting, they’re defined in terms of the societal norm. Cooperators are people who follow the formal or informal rules of society. Defectors are people who, for whatever reason, break the rules. That definition says nothing about the absolute morality of the society or its rules. When society is in the wrong, it’s defectors who are in the vanguard for change. So it was defectors who helped escaped slaves in the antebellum American South. It’s defectors who are agitating to overthrow repressive regimes in the Middle East. And it’s defectors who are fueling the Occupy Wall Street movement. Without defectors, society stagnates.

We simultaneously need more societal pressure to deal with the effects of technology, and less societal pressure to ensure an open, free, and evolving society. This is our big challenge for the coming decade.


Liars and Outliers: Amazon|Barnes & Noble|Indiebound|Powell’s

Read an excerpt. Visit Schneier’s blog.

23 Comments on “The Big Idea: Bruce Schneier”

  1. I have worked in IT security for something like 20 years now & am very familiar with his work. I am very excited to read this new book, he is an excellent writer and a good ‘thinker’. I’m sure this will have at least one big idea in it! Thanks

  2. If I decide that all these Big Idea pieces that make me want to go and buy a book RIGHT NOW are the final push over the edge that makes me buy a Kindle, do you get a kickback from Amazon??

  3. @ DGL: I think in that case Scalzi gets a toaster oven. But I may be thinking about something else.

  4. @Greg: I’m a huge fan of Bruce Schneier. I trust him.


    The only book of Schneier’s that I’ve read was his huge “Applied Cryptography”, which managed to be informative and entertaining (and cryptography is not generally a high lulz subject). This sounds worth a read.

  5. Added the book to my Amazon cart and added the author to my “check out this guy” list.

  6. This is fascinating. I spent most of last year getting into internal data security. 99% of what I have to guard against are accidents, but that 1% of trickery? OMG, so much work goes into that. And I find it extremely gratifying when some tricky SOB tries and fails to get into my system whether it be via social engineering, blunt-force hacking into the system, or any other method – I had one guy convince one of our vendors he was on our team and they helped him attempt to get in masquerading as an admin! Boy, did both parties get the pimp hand.

    I can’t wait to read this book.

  7. I’ve got a mock demotivational poster in my cube. It’s a pic of him from a conference. Underneath it says “Security. You’re doing it wrong.” The man is very very smart and yet still entertaining. I’d already ordered this, so no credits to scalzi for it, sadly.

  8. I’m maybe 25% of the way through this book and it’s extremely interesting. I’m familiar with Schneier’s computer security work, but this really does delve deeply into the sociology and psychology of all the rules and norms we encounter in society. It’s really an excellent look at where collective pressure does and doesn’t work on individual behavior.

  9. Schneier is one of those authors where every book you read of his leaves you feeling like you just digested a dozen really well crafted tomes, but without wading through all the academic monotony. If security fascinates you at all, everything he writes is a must read for my money.

    Normally an author included in a Big Idea post goes up in my estimation, but this is one instance where what’s raised is my already good opinion of Whatever and Scalzi.

    Oh, and let’s not forget this!

  10. If you enjoy looking at the world this way you can sign up for Schneier’s email newsletter, Crypto-gram, via his blog. You don’t need to be a nerd at all to find things in it that are interesting; he’s been leading up to this book about larger societal issues for a long time. I’ve been enjoying it for going on a decade now.

  11. @Donna I am with Wiley, the publisher of Liars and Outliers. We hope to have an Audible Audio Edition available within the next 90 days. Thanks for the recommendation!

  12. This gives an interesting perspective on life in modern China, where the rate of defectors (melamine, food safety, etc.) is alarmingly high. People often attribute this to the lack of basic morality in the society. And then when Schneider notes the positive aspects of defectors, you can see high rates of defection in other aspects of modern Chinese life is higher than average as well (nail houses, Wukan, etc.).

  13. Armadillo—that’s an interesting comment. What does that say about Chinese society? In terms of pressures and perceptions, it’s very different from our own in ways we don’t often realize. No doubt it’s a combination of multiple factors that makes for that sort of deviation from what we consider to be the norm.

    (I wouldn’t call it “lack of basic morality” so much as different weight given to certain moral aspects. For instance, valuing the good of the family over that of the individual.)