In February of this year Bruce Schneier released his latest book, Liars & Outliers -- enabling the trust that society needs to thrive. This accessible book does a good job exploring the scientific theory of trust and collaboration and combines a theoretical framework with real-life examples. It does not bring many new insights to people who have followed Schneier's other work but the theoretical framework is useful and this is a book worth reading.
Mr. Schneier is a well-known computer security specialist. In college I studied from his book Applied Cryptography, a standard work on practical cryptography, and he has a great blog on security. I received a discounted copy of the book on the condition that I'd write a review.
A framework to describe trust and societal pressures
Schneier uses Francis Fukuyama's definition of trust: "Trust is the expectation that arises within a community of regular, honest, and cooperative behavior, based on commonly shared norms, on the part of other members of that community". His books discusses how society enables and maintains that trust, and how it induces trustworthiness by individuals through societal pressures -- coercive mechanisms that induce people to cooperate, act in the group interest and follow group norms.
The first half of the book sets up a framework; the second part applies the framework to real-world scenarios. There are separate chapters on organizations, companies and institutions.
"Any society -- a family, a business, a government -- is constantly balancing its need for security with the side effects, unintended consequences, and other considerations."
Value of the book
The value of this book is two-fold. The examples of real-world dilemmas are instructive, and secondly, the framework that Schneier put together enables further analysis. As he writes: "Perspectives frame thinking, and sometimes asking new questions is the catalyst to greater understanding. [...] An illuminating new framework with which to help understand how the world works. "
Some parts of the book are too simple and at times the author seems to target a fairly novice audience. Basic economic concepts like tragedy of the commons and the Prison's Dilemma are explained in a lot of detail.
A lot of the framework speaks to the intuition; it makes sense. But it is valuable to see it made explicit since it allows for further analysis and research. Even more than that, the many case studies and examples that the authors brings up help understand the various trade-offs.
The charts in the book are very useful. I particularly like the charts with the assessment of effectiveness of societal pressure, for each scale of society, as well as the Security Gap charts on page 231. The footnotes are particularly interesting -- it is unfortunate that the publisher decided to separate them from the main text and put them in a standalone chapter.
The author is at his strongest when discussing failures of security systems, and Chapter 15, "How Societal Pressures Fail" is one of the most interesting. Schneier recognizes the following reasons for failures:
- misunderstanding the actor
- misunderstanding the security incentives
- misunderstanding the risk
- creating a dilemma that encourages deception
- accidentally making the costs of cooperation too high
- accidentally increasing the incentive to defect
- misunderstanding how different societal dilemmas interact
- ignoring changing social norms
For each of those he gives good examples and discusses the trade-offs involved.
Ultimately, Schneier is optimistic. "... The very fact that the most extreme failures [due to failing societal pressures] rarely happen in the modern industrial world is proof that we've largely gotten societal pressures right. The failures that we've had show we have a lot further to go".
Personally, I would have liked to read more about the way humans processes these things and the psychology of risk assessments. The author touches on the fallibility of the human brain in this area but does not dive into detail, which is a bit of a missed opportunity.
There are two books I would recommend for further reading. There is the concept of the Jen ratio as posed in Born to be good by Dacher Keltner and the discussion of the erosion of trust in the public sphere by Fahreed Zakaria in The Future of Freedom.
Liars and Outlier is worth reading and it illuminates the framework with interesting examples, many of which I had not heard before. Sometimes it rehashes things most people in the security field already know but the target audience of the book is wider than that.