Bruce Schneier's newest book explores how security without trust is destined to fail I’ve always considered anything written by Bruce Schneier to be part of my ongoing education about IT security. Like Warren Buffet of the financial world, Schneier has a special talent for simplifying complex IT concepts by stripping away the fat. Each book is like its own little graduate course on whichever subject he happens to be discussing. I had a chance to review a pre-release of his forthcoming book “Liars and Outliers: Enabling the Trust that Society Needs to Thrive,” and I can say that it is among his best. It explores the end-game emotion for all computer security, trust — and it prompted me to rethink my long-standing proposal for fixing the Internet.Schneier (who also pens a can’t-miss blog and newsletter) started his career as a nuts-and-bolts cryptographer. His more recent books have tended to touch instead on realms of computer security, such as privacy, human nature, and fear. In “Liars and Outliers,” he argues that in order for societies to advance, they have to trust the systems designed to keep them secure.[ Stay up to date on the latest security developments with InfoWorld’s Security Central newsletter. ]Fear of something naturally leads to the contemplation of whether or not we should trust related scenarios. A ready example is how we treat unexpected emails arriving from friends with strange-looking subject lines, asking us to click on unknown links. Is it really from a friend touting some interesting new content, or is it from a malware program just hoping we will click on the link and get pwned? Schneier’s first main argument is that we need security systems to extend trust beyond small, intimate groups to handle scaling issues. Without trusted security systems, the book declares, we would never have been able to evolve into a civilization. I tend to measure the quality of a nonfiction book by the amount of highlighting I do in them so I can come back later to revisit the salient points. By that measurement, I liked “Liars and Outliers” a tremendous amount. I highlighted an average of two to three sections on every page. Although some topics are a little overly academic (a theme in some of his more recent works), the mix is very good. Chapters and subjects are short, yet meaty; at no time did I feel like I was plodding along — well done.I’m sure every reader will come away with different lessons, but these are the ones that will stick with me: Trust underlies all civil society in everything we do. When security or societal pressure is applied, it takes time for the lessons and outcomes to be effective, and subsequently measured. As a result, we will always be playing catch-up with cyber criminals. Civil society must always bear some negative outcomes or it won’t remain civil in the long run. For example, to get rid of all crime would require a complete loss of freedom. Or from an IT perspective, eradicating all spam would require a severely restricted, and probably, unusable email system. Stateless civil-disobedience organizations, such as Anonymous and WikiLeaks, are far harder to control than state-bound institutions. Lastly, informal societal pressures have a greater impact on outcomes than formal laws and controls.Overall, I learned enough that I’m going to have to go back and re-examine my treatise on significantly improving Internet security. For one, my Internet safety goal has always been to eradicate all Internet crime. I now realize that my goal should be to right-size Internet crime to an acceptable level.A second lesson is that it will be very hard to design a perfect proactive security system without taking away too much of the freedom necessary for civilization to take advantage of the positive gains of the technology. Make a system too secure, and you’ll lose the audience you’re trying to protect.The fact that “Liars and Outliers” prompted me to go back and update my own thinking is truly the measure of Schneier’s latest book. It was so good that I had. Thanks again, Bruce. Can’t wait for your next one.This story, “Book review: ‘Liars and Outliers: Enabling the Trust that Society Needs to Thrive’,” was originally published at InfoWorld.com. Keep up on the latest developments in network security and read more of Roger Grimes’s Security Adviser blog at InfoWorld.com. For the latest business technology news, follow InfoWorld.com on Twitter. Related content analysis The 5 types of cyber attack you're most likely to face Don't be distracted by the exploit of the week. Invest your time and money defending against the threats you're apt to confront By Roger Grimes Aug 21, 2017 7 mins Phishing Malware Social Engineering analysis 'Jump boxes' and SAWs improve security, if you set them up right Organizations consistently and reliably using one or both of these approaches have far less risk than those that do not. By Roger Grimes Jul 26, 2017 13 mins Authentication Access Control Data and Information Security analysis Attention, 'red team' hackers: Stay on target You hire elite hackers to break your defenses and expose vulnerabilities -- not to be distracted by the pursuit of obscure flaws By Roger Grimes Dec 08, 2015 4 mins Hacking Data and Information Security Network Security analysis 4 do's and don'ts for safer holiday computing It's the season for scams, hacks, and malware attacks. But contrary to what you've heard, you can avoid being a victim pretty easily By Roger Grimes Dec 01, 2015 4 mins Phishing Malware Patch Management Software Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe