Bruce Schneier's book: The Internet has created 'the largest trust gap' in history

Technology, often made possible through networks, grants new powers to communicate and learn, to travel, to make decisions of critical importance, to make things, provide services, sell them and buy them. In a modern society, it's all done against a backdrop of trust not only that the technology is reliable and secure, but that the people involved in every process, whether we meet them face-to-face or not, are trustworthy. That trust is largely created by societal pressures -- ranging from codes of moral behavior and laws, plus worries about reputation, for example. 

Trust is at the heart of security, argues Bruce Schneier in his latest book, "Liars and Outliers." But the Internet, in particular, is making it easier and easier for the liars -- he criminals, the attackers, the cheats and the "defectors" from societal norms of trust -- to thrive. And in his book, Schneier doesn't let corporations and government off the hook, either, calling them some of the biggest "defectors" of all from trust.

MORE FROM SCHNEIER: Stuxnet attack by U.S. a 'dangerous' and 'destabilizing' course of action

Blending philosophy, technical concepts, even taking up religious precepts like "Do unto others as you would have them do unto you," Schneier's latest book, which he'll be discussing during a talk at the upcoming Black Hat Conference in Las Vegas, may confound the security techies there if their world starts and stops with the latest hacker exploit.

But in "Liars and Outliers," Schneier, one of the few technical security experts of our time showing the inclination to take on the big questions about the impact of technology on society, makes it clear why he thinks why the Internet is leading to "the largest trust gap in our history."

"In prehistoric times, the scale was smaller, and our emergent social pressures -- moral and reputational -- worked well because they evolved for the small-scale societies of the day," Schneier writes in his book. "As civilizations emerged and technology advanced, we invented institutions to help deal with the societal dilemmas on the larger scale of our growing societies. We also invented security technologies to further enhance societal pressures. We needed to trust both those institutions and the security systems that increasingly affected our lives."

We gradually have expected life to be better, with less disease or accidental death. But the acceleration of technology is taking security and trust problems to a higher degree than ever before, Schneier argues.

"In particular, the revolutionary social and political changes brought about by information technology are causing security and trust problems to a whole new degree. We've already seen several manifestations of this: the global financial crisis, international terrorism, and cyberspace fraud. We've seen music and movie piracy grow from minor annoyance to an international problem due to the ease of distributing pirated content on the Internet. We've seen Internet worms progress from minor annoyances to criminal tools to military-grade weapons that cause real-world damage, like the Internet worm Stuxnet, the first military-grade cyberweapon the public has seen."

With the world's data and its daily usage migrating out onto the Internet, the risk and difficulty in security has grown substantially in comparison to when "systems were manual, or housed on computers not attached to a global network," Schneier points out. Modern society's increased dependence on networked technologies allows for attacks at a distance, and allows the "defectors" from social norms to easily congregate, prepare and strike their targets.

It's not just the attackers lurking on the Internet we need to worry about. It's also the corporations and governments, including the U.S. government, that use technology in ways that elude social pressures intended to promote trust and security. "For example, Microsoft can be -- and in the past has been -- pressured by the U.S. government to deliberately weaken encryption software in its products, so the government could better spy on people," writes Schneier, himself a recognized encryption expert. "This works because Microsoft is an American corporation, and at least in some ways beholden to American interests. Its operating system competitor, Linux, is not. Linux is an open-source operating system, not controlled by a business."

The ultimate "defectors" in the age of the Internet may be corporations acting in the role of institutions, says Schneier. "With the rise of the Internet as a communications system, and social networking sites in particular, corporations have become the designers, controllers and arbiters of our social infrastructure. As such, they're assuming the role of institutions, even if they really aren't." They can "set societal norms, determine what it means to cooperate, and enforce cooperation through the options on its site. It can take away legal and socially acceptable rights simply by not allowing them: think of how publishers have eroded fair use rights for music by not enabling copying options on digital players."

Schneier takes a jab at Facebook in this round. "Take Facebook as an example. Facebook gets to decide what privacy options users have. It can allow users to keep certain things private if they want, and it can deny users the ability to keep other things private." Facebook can give them anything Facebook decides for them. "And it will do or not do all of these things based on its business model of selling user information to other companies for marketing purposes," Schneier writes. "Facebook is the institution implicitly delegated by its users to implement societal pressures, but because it is a for-profit corporation and not a true agent for its users," it as well can be said to be defecting from society as it acts in its own self-interest, according to Schneier.

Many other businesses, including the vast business of the media and journalism, take a pounding in Schneier's book. The U.S. government will at times successfully "clamp down" on freedom of the press, Schneier contends, offering the example of The New York Times delaying publishing information about the NSA's illegal wiretapping of American citizens without a warrant for over a year. Newspaper publishers may be considering whether its "unpatriotic, or otherwise wrong, to publish government secrets," and worry about their reputation with readers, advertisers and others, he notes. But if no court decision makes it forbidden to publish leaks, that hesitation is questionable. WikiLeaks, on the other hand, "changes that dynamic." Schneier notes. "This means the government can't rely on the partial cooperation of WikiLeaks in the same way it can rely on that of traditional newspapers."

Schneier also writes, "No one in the U.S. government is interested in taking the National Security Agency to task for illegally spying on American citizens (spy agencies make bad enemies)." He also notes there's "little questioning" about "President Obama's self-claimed right to assassinate Americans abroad without due process."

The Internet in many regards is breaking down national affiliation, but the same basic problem of balancing "group interest with self-interest" is evident everywhere, he says. This takes Schneier to ponder the meaning of "outliers," the second group mentioned in the title of his book along with the "liars."

Like the "liars," the "outliers" are also people who don't along with the norms of the group because their beliefs and actions aren't in accord with it. In that sense, outliers are also society's "defectors." But because it's often society's institutions setting norms, the outliers who defy official ideas and practices sometimes contribute to changes that can be regarded later by some as positive.

"Sometimes a whistle-blower needs to publish documents proving the government has been waging an illegal bombing campaign in Laos and Cambodia. Sometimes a plutonium processing plant worker needs to contact a reporter to discuss her employer's inadequate safety practices. And sometimes a black woman needs to sit down at the front of the bus and not get up. Without defectors, social change would be impossible; stagnation would set in," Schneier writes.

Everyone at some point will defect in some way will find themselves behaving like a "defector," and sometimes it's hard to tell what's might be "good" or "bad" about it, Schneier admits.

When it comes to technology and finding ways to improve what is a deteriorating trust situation, the key may be finding new ways to create "accountability," Schneier argues, saying everyone has to keep everyone else in check in a world where connectivity is so extraordinarily broad. If we don't think about and implement "new social systems to deal with the new world of globalizing technologies," Schneier concludes, and try to build out trust into our newer type of Internet-connected society, there's the danger "the parasites will kill the host."

Ellen Messmer is senior editor at Network World, an IDG publication and website, where she covers news and technology trends related to information security.

Read more about wide area network in Network World's Wide Area Network section.

Join the CSO newsletter!

Error: Please check your email address.
Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Ellen Messmer

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts