Americas

  • United States

Asia

Oceania

roger_grimes
Columnist

Book review: ‘Liars and Outliers: Enabling the Trust that Society Needs to Thrive’

Analysis
Jan 31, 20124 mins
Data and Information SecuritySecurity

Bruce Schneier's newest book explores how security without trust is destined to fail

I’ve always considered anything written by Bruce Schneier to be part of my ongoing education about IT security. Like Warren Buffet of the financial world, Schneier has a special talent for simplifying complex IT concepts by stripping away the fat. Each book is like its own little graduate course on whichever subject he happens to be discussing. I had a chance to review a pre-release of his forthcoming book “Liars and Outliers: Enabling the Trust that Society Needs to Thrive,” and I can say that it is among his best. It explores the end-game emotion for all computer security, trust — and it prompted me to rethink my long-standing proposal for fixing the Internet.

Schneier (who also pens a can’t-miss blog and newsletter) started his career as a nuts-and-bolts cryptographer. His more recent books have tended to touch instead on realms of computer security, such as privacy, human nature, and fear. In “Liars and Outliers,” he argues that in order for societies to advance, they have to trust the systems designed to keep them secure.

[ Stay up to date on the latest security developments with InfoWorld’s Security Central newsletter. ]

Fear of something naturally leads to the contemplation of whether or not we should trust related scenarios. A ready example is how we treat unexpected emails arriving from friends with strange-looking subject lines, asking us to click on unknown links. Is it really from a friend touting some interesting new content, or is it from a malware program just hoping we will click on the link and get pwned? Schneier’s first main argument is that we need security systems to extend trust beyond small, intimate groups to handle scaling issues. Without trusted security systems, the book declares, we would never have been able to evolve into a civilization.

I tend to measure the quality of a nonfiction book by the amount of highlighting I do in them so I can come back later to revisit the salient points. By that measurement, I liked “Liars and Outliers” a tremendous amount. I highlighted an average of two to three sections on every page. Although some topics are a little overly academic (a theme in some of his more recent works), the mix is very good. Chapters and subjects are short, yet meaty; at no time did I feel like I was plodding along — well done.

I’m sure every reader will come away with different lessons, but these are the ones that will stick with me:

  • Trust underlies all civil society in everything we do.
  • When security or societal pressure is applied, it takes time for the lessons and outcomes to be effective, and subsequently measured. As a result, we will always be playing catch-up with cyber criminals.
  • Civil society must always bear some negative outcomes or it won’t remain civil in the long run. For example, to get rid of all crime would require a complete loss of freedom. Or from an IT perspective, eradicating all spam would require a severely restricted, and probably, unusable email system.
  • Stateless civil-disobedience organizations, such as Anonymous and WikiLeaks, are far harder to control than state-bound institutions.
  • Lastly, informal societal pressures have a greater impact on outcomes than formal laws and controls.

Overall, I learned enough that I’m going to have to go back and re-examine my treatise on significantly improving Internet security. For one, my Internet safety goal has always been to eradicate all Internet crime. I now realize that my goal should be to right-size Internet crime to an acceptable level.

A second lesson is that it will be very hard to design a perfect proactive security system without taking away too much of the freedom necessary for civilization to take advantage of the positive gains of the technology. Make a system too secure, and you’ll lose the audience you’re trying to protect.

The fact that “Liars and Outliers” prompted me to go back and update my own thinking is truly the measure of Schneier’s latest book. It was so good that I had. Thanks again, Bruce. Can’t wait for your next one.

This story, “Book review: ‘Liars and Outliers: Enabling the Trust that Society Needs to Thrive’,” was originally published at InfoWorld.com. Keep up on the latest developments in network security and read more of Roger Grimes’s Security Adviser blog at InfoWorld.com. For the latest business technology news, follow InfoWorld.com on Twitter.

roger_grimes
Columnist

Roger A. Grimes is a contributing editor. Roger holds more than 40 computer certifications and has authored ten books on computer security. He has been fighting malware and malicious hackers since 1987, beginning with disassembling early DOS viruses. He specializes in protecting host computers from hackers and malware, and consults to companies from the Fortune 100 to small businesses. A frequent industry speaker and educator, Roger currently works for KnowBe4 as the Data-Driven Defense Evangelist and is the author of Cryptography Apocalypse.

More from this author