‘Liars and Outliers’ Reviewed by Bryan Bechard

Information security expert, Bryan Bechard has reviewed ‘Liars and Outliers: Enabling the Trust that Society Needs to Thrive‘ for IT Governance.

“Imagine two people are walking down the street toward each other about to get within arm’s length: what are the chances that they will pass each other unharmed? In most places and situations it is 99.99999%. This is because, in part, there is enough trust that we can walk around and not be assaulted the minute we walk out the door. This changes, however, based on the circumstances. If this situation was taking place in the world of The Walking Dead, then that percentage would drop significantly from lack of trust and, therefore, security. The fact that people live in a society that is built on – and cannot function without – trust and security is the starting concept of Bruce Schneier’s book Liars and Outliers: Enabling the Trust that Society Needs to Thrive.

“It is not your typical IT security book …”

The book covers a wide array of disciplines, from game theory and security to sociology and evolution, in its attempt to explain how trust scales. How it has evolved in line with the evolution of society from a small village, in which people know and trust each other, to a global economy where individuals cannot possibly trust every person they must work with. In this state, we must trust the systems of law and physical security instead. It is not your typical IT security book in that it does not focus on security controls or pen testing or forensics. Bruce Schneier instead focuses on security and trust as it fits into Maslow’s Hierarchy of Needs, and how it has evolved and what it will look like in the future as technology increasingly invades our lives.

Most people follow both the written rules of government and the unwritten rules of society. This is in opposition to defecting – not following the rules – which provides immediate benefits and advantages over competitors. While most of the time defection is not desired, it is not, by default, bad. It is simply a break from the norm. Those who pushed for the abolition of slavery were defectors. So was Nelson Mandella. Elon Musk and other entrepreneurs are defectors in that they are redefining what is normal. It is near impossible to look at the reasons for someone’s cooperation or defection through a simple lens of ‘good’ or ‘bad’ because it all depends on the context of the ‘society’ we’re defining.

Schneier says that there are, at any given time, four sets of societal pressures influencing our decisions on whether to cooperate or defect with a given norm:

  • Moral pressure. This pressure comes from inside. It feels ‘bad’ to steal, and ‘good’ to return someone’s wallet.
  • Reputational pressure. This is all about how people perceive our actions. As the name suggests, we engage in certain behaviors because of the impact it can have on our reputation.  We care what people think about us.
  • Institutional pressure. These are the rules or laws that are set out for us: break those laws, and there are consequences. This is true whether the laws are set by the government, our employer or a religious group we belong to.
  •  Security systems. The moat around a castle is a security system, so is the alarm system sticker you have on your window (even though you don’t have the system itself). Security systems are designed to induce cooperation or deter defection.

All four of these societal pressures influence our actions, to some degree or another. As Schneier suggests in the quote above, you really need to have all four in action to be effective in creating a certain behavior in your ‘society’.  As a business manager who is not necessarily getting the behavior you want from your team, it’s worth running through the list and seeing where you might be falling short.

I recommend reading this book if you are interested in security and trust as a concept. It is an insight into the psychology underpinning it and how it works. Concepts dealing with methods to increase trust and security are covered from several angles and using many disciplines. If, however, you are looking for specific programs and processes for securing your IT systems then this will not be a worthwhile read.”

By Bryan Bechard.

Liars and Outliers: Enabling the Trust that Society Needs to Thrive is available to purchase from IT Governance.