Bruce Schneier's book: The Internet has created 'the largest trust gap' in history
- 10 July, 2012 15:43
Technology, often made possible through networks, grants new powers to communicate and learn, to travel, to make decisions of critical importance, to make things, provide services, sell them and buy them. In a modern society, it's all done against a backdrop of trust not only that the technology is reliable and secure, but that the people involved in every process, whether we meet them face-to-face or not, are trustworthy. That trust is largely created by societal pressures -- ranging from codes of moral behavior and laws, plus worries about reputation, for example.
Trust is at the heart of security, argues Bruce Schneier in his latest book, "Liars and Outliers." But the Internet, in particular, is making it easier and easier for the liars -- he criminals, the attackers, the cheats and the "defectors" from societal norms of trust -- to thrive. And in his book, Schneier doesn't let corporations and government off the hook, either, calling them some of the biggest "defectors" of all from trust.
MORE FROM SCHNEIER: Stuxnet attack by U.S. a 'dangerous' and 'destabilizing' course of action
Blending philosophy, technical concepts, even taking up religious precepts like "Do unto others as you would have them do unto you," Schneier's latest book, which he'll be discussing during a talk at the upcoming Black Hat Conference in Las Vegas, may confound the security techies there if their world starts and stops with the latest hacker exploit.
But in "Liars and Outliers," Schneier, one of the few technical security experts of our time showing the inclination to take on the big questions about the impact of technology on society, makes it clear why he thinks why the Internet is leading to "the largest trust gap in our history."
"In prehistoric times, the scale was smaller, and our emergent social pressures -- moral and reputational -- worked well because they evolved for the small-scale societies of the day," Schneier writes in his book. "As civilizations emerged and technology advanced, we invented institutions to help deal with the societal dilemmas on the larger scale of our growing societies. We also invented security technologies to further enhance societal pressures. We needed to trust both those institutions and the security systems that increasingly affected our lives."
We gradually have expected life to be better, with less disease or accidental death. But the acceleration of technology is taking security and trust problems to a higher degree than ever before, Schneier argues.
"In particular, the revolutionary social and political changes brought about by information technology are causing security and trust problems to a whole new degree. We've already seen several manifestations of this: the global financial crisis, international terrorism, and cyberspace fraud. We've seen music and movie piracy grow from minor annoyance to an international problem due to the ease of distributing pirated content on the Internet. We've seen Internet worms progress from minor annoyances to criminal tools to military-grade weapons that cause real-world damage, like the Internet worm Stuxnet, the first military-grade cyberweapon the public has seen."
With the world's data and its daily usage migrating out onto the Internet, the risk and difficulty in security has grown substantially in comparison to when "systems were manual, or housed on computers not attached to a global network," Schneier points out. Modern society's increased dependence on networked technologies allows for attacks at a distance, and allows the "defectors" from social norms to easily congregate, prepare and strike their targets.
It's not just the attackers lurking on the Internet we need to worry about. It's also the corporations and governments, including the U.S. government, that use technology in ways that elude social pressures intended to promote trust and security. "For example, Microsoft can be -- and in the past has been -- pressured by the U.S. government to deliberately weaken encryption software in its products, so the government could better spy on people," writes Schneier, himself a recognized encryption expert. "This works because Microsoft is an American corporation, and at least in some ways beholden to American interests. Its operating system competitor, Linux, is not. Linux is an open-source operating system, not controlled by a business."
The ultimate "defectors" in the age of the Internet may be corporations acting in the role of institutions, says Schneier. "With the rise of the Internet as a communications system, and social networking sites in particular, corporations have become the designers, controllers and arbiters of our social infrastructure. As such, they're assuming the role of institutions, even if they really aren't." They can "set societal norms, determine what it means to cooperate, and enforce cooperation through the options on its site. It can take away legal and socially acceptable rights simply by not allowing them: think of how publishers have eroded fair use rights for music by not enabling copying options on digital players."
Schneier takes a jab at Facebook in this round. "Take Facebook as an example. Facebook gets to decide what privacy options users have. It can allow users to keep certain things private if they want, and it can deny users the ability to keep other things private." Facebook can give them anything Facebook decides for them. "And it will do or not do all of these things based on its business model of selling user information to other companies for marketing purposes," Schneier writes. "Facebook is the institution implicitly delegated by its users to implement societal pressures, but because it is a for-profit corporation and not a true agent for its users," it as well can be said to be defecting from society as it acts in its own self-interest, according to Schneier.
Many other businesses, including the vast business of the media and journalism, take a pounding in Schneier's book. The U.S. government will at times successfully "clamp down" on freedom of the press, Schneier contends, offering the example of The New York Times delaying publishing information about the NSA's illegal wiretapping of American citizens without a warrant for over a year. Newspaper publishers may be considering whether its "unpatriotic, or otherwise wrong, to publish government secrets," and worry about their reputation with readers, advertisers and others, he notes. But if no court decision makes it forbidden to publish leaks, that hesitation is questionable. WikiLeaks, on the other hand, "changes that dynamic." Schneier notes. "This means the government can't rely on the partial cooperation of WikiLeaks in the same way it can rely on that of traditional newspapers."
Schneier also writes, "No one in the U.S. government is interested in taking the National Security Agency to task for illegally spying on American citizens (spy agencies make bad enemies)." He also notes there's "little questioning" about "President Obama's self-claimed right to assassinate Americans abroad without due process."
The Internet in many regards is breaking down national affiliation, but the same basic problem of balancing "group interest with self-interest" is evident everywhere, he says. This takes Schneier to ponder the meaning of "outliers," the second group mentioned in the title of his book along with the "liars."
Like the "liars," the "outliers" are also people who don't along with the norms of the group because their beliefs and actions aren't in accord with it. In that sense, outliers are also society's "defectors." But because it's often society's institutions setting norms, the outliers who defy official ideas and practices sometimes contribute to changes that can be regarded later by some as positive.
"Sometimes a whistle-blower needs to publish documents proving the government has been waging an illegal bombing campaign in Laos and Cambodia. Sometimes a plutonium processing plant worker needs to contact a reporter to discuss her employer's inadequate safety practices. And sometimes a black woman needs to sit down at the front of the bus and not get up. Without defectors, social change would be impossible; stagnation would set in," Schneier writes.
Everyone at some point will defect in some way will find themselves behaving like a "defector," and sometimes it's hard to tell what's might be "good" or "bad" about it, Schneier admits.
When it comes to technology and finding ways to improve what is a deteriorating trust situation, the key may be finding new ways to create "accountability," Schneier argues, saying everyone has to keep everyone else in check in a world where connectivity is so extraordinarily broad. If we don't think about and implement "new social systems to deal with the new world of globalizing technologies," Schneier concludes, and try to build out trust into our newer type of Internet-connected society, there's the danger "the parasites will kill the host."
Ellen Messmer is senior editor at Network World, an IDG publication and website, where she covers news and technology trends related to information security.
Read more about wide area network in Network World's Wide Area Network section.