Slashdot Log In
Schneier Mulls Psychology of Security
Posted by
ScuttleMonkey
on Wed Feb 07, 2007 01:24 PM
from the idle-musings dept.
from the idle-musings dept.
bednarz writes "Cryptography expert Bruce Schneier says security decisions often are much less rational than one would prefer. He spoke at the RSA conference about the battle that goes on in the brain when responding to security issues. Schneier explains 'The primitive portion of the brain, called the amygdala, feels fear and incites a fear-or-flight response, he pointed out. "It's very fast, faster than consciousness. But it can be overridden by higher parts of the brain." The neocortex, which in a mammalian brain is associated with consciousness, is slower but "adaptive and flexible,"'"
This discussion has been archived.
No new comments can be posted.
Schneier Mulls Psychology of Security
|
Log In/Create an Account
| Top
| 101 comments
| Search Discussion
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

Just look to government.... (Score:5, Funny)
(http://www.anthonymclin.com/)
Re:Just look to government.... (Score:4, Informative)
Re:Just look to government.... (Score:5, Insightful)
(http://fennecfoxen.org/)
We have two parties that have issues with threats to the world, after all. The Republicans have Terrorism, and the Democrats have Global Warming. Both are real and significant threats, but neither of them really gets addressed in the healthiest way possible. There's a lot of focus on OMG-deadly high-profile terrorist attacks, and on OMG-deadly consequences of global warming. Both parties have their people propose some ridiculously broad, sweeping changes to deal with the problem which would negatively impact everyday lives; fortunately, the more ridiculous ones are more likely to fail. And, of course, both parties are willing to throw money at people who claim to have some sort of solution to their problem, whether or not it's actually anything real, meaningful, or worthwhile (like the latest stupid XYZ antiterrorist technology rollout, or the latest bio-fuel legislation/subsidy).
No, they're not the same thing, but one can draw worthwhile parallels, and both parties would benefit by comparing themselves to the other, shaping their actions to avoid these excesses.
Re:Just look to government.... (Score:4, Interesting)
(http://127.31.33.7/)
One of these is a minor annoyance to the human species. The other is the end of life as we know it. Some have even suggested that run-away global warming caused Venus to become the hell-hole it is today. These are very different problems.
You are right that politicians, in general, care more about the appearance of solving problems than actually solving problems. But don't equate global warming with the relatively trivial issue of terrorism.
Oblig. joke (Score:5, Funny)
(http://wellhellosailor.com/ | Last Journal: Thursday November 08, @03:23PM)
That's alright, they have a neoconcortex instead!
Sorry, couldn't help myself. You may now mod this post into oblivion...
Most people cannot define "security". (Score:5, Informative)
http://www.schneier.com/essay-155.html [schneier.com]
As he says, we really should have two different words for the "feeling of security" and "security".
Amydala feels fear (Score:4, Funny)
Brain region for thinking about security (Score:3, Funny)
Most thinking about security seems to be centered in the nullcortex.
42 (Score:5, Funny)
It makes sense (Score:5, Funny)
(Last Journal: Wednesday October 31, @08:33AM)
That is why the real amygdala hides in the background pretending to be a mere attendant like the pitutary gland and communicates with a prominantly placed fake-amygdala using elaborate signals and esp communication. All these scientists have been fooled into studying the fake-amygdala. So they underestimate the real security of the brain. Let someone assassinate the fake-amygdala in a spaceport in Coruscant and suddenly you will see the real amygdala emerge from the shadows and assume the role as the rightfully elected Queen of Naboo.
Re:It makes sense (Score:4, Funny)
repeat? (Score:3, Insightful)
(http://libtom.org/)
Good lord, I want that guys press agent!
Tom
Security - 100% (Score:2)
(http://in2mind.blogspot.com/)
Schneier says no, but that's not his aim (Score:5, Informative)
More on this philosophy:
Irritating. (Score:5, Insightful)
(Last Journal: Monday May 28, @06:35AM)
It seems unnecessary to incorporate impressive-sounding terms into a speech that, quite honestly, seems to be stating the obvious. Increasing or decreasing security is a response to fear; fear is an emotion and, therefore, decisions that use it as a base will not be purely rational, but will have emotional bias, like every other human decision. You don't need vague descriptions of brain "impulses", and such, to prove that.
A point easily proven (Score:3, Insightful)
(http://www.forensic-data-svc.com/)
For example: Airplanes. How many people feel more secure behind the wheel of a car than on a long flight with turbulence?
Put your hands down, now the sheer probability of getting into a car accident in one's lifetime (if one drives) is a miniscule number below one. Death statistics are somewhere around 1 in 237 of a car type accident. The odds of an airplane death are like 1 in 5051 source [nsc.org]
However, people are freakishly nervous about planes... So, by induction (the bane of an engineer's existance) we can extrapolate (another fancy bane) that security people will ignore the dangerous mundane and fixate on the extraordinary rarity.
Difficulty Factor (Score:3, Insightful)
(http://www.shezphoto.com/)
instant vs. considered responses (Score:4, Interesting)
(Last Journal: Wednesday October 05 2005, @10:39AM)
Consciousness? (Score:1)
(http://www.ashtophoenix.com/)
No doubt I will be flamed for this (Score:2)
As much as I respect Schenier, I would no sooner trust his assertions on psychology, than I would trust those of Dr. Phil. If he had co-written a couple of articles with someone relevant and had them published in a proper journal things would be different. But after reading the (otherwise impressive) list of his publications it is clear that this is not the case.
So flame me, but Schenier has little authority when he speaks of psychology.
Too complicated (Score:3, Interesting)
(Last Journal: Wednesday November 07, @10:09AM)
His view is far too complicated. The essence of security is: people think they are secure. They happily type their data into web sites without considering where it goes because in most cases, they have no clue what systems are in operation. Past the words "computer", "database", and "Internet (or Web)" the average person has no concept of how any of it works. Someone, their bank say, sends them a link to a website -- the first problem is, they really have no way to verify it is from their bank, other than going to their local branch and asking, which seems to be beyond anyone's capability. Now, once they've accepted that the link is "legitimate", whether it is or not, they plow ahead and begin banging on the keyboard and typing in their info. Screens come and go, they are admonished occasionally when they don't enter something right, and finally some message pops up thanking them and that's that. Whether the whole transaction was legitimate or not never enters into it.
"Security" is a misnomer -- you are no more secure against possible data theft or manipulation on the Internet than you are physically safe crossing the street in a crosswalk. The only security you can have is in being vigilant in what you do and following up everything you do to make sure it is legitimate. Past that, you're on you own.
Security and panic disorder (Score:1, Interesting)
All that said, I think Schneider's comments about the amygdala are a bit misplaced. The horrendous waste of security resources in this country -- the 3oz limitation on liquids for example -- do not originate from a panicky, palm sweating reaction but rather a much more calculated, if reactive, decision to make the average person feel like something is being done. If you want to talk about the amygdala and security, talk about one's reaction to a stranger approaching you in the park at night with a "hey buddy, come here a second." Corporate and government security policies are hashed out in nauseatingly arduous sessions with many "expert" consultants who throw out their usual spiel to justify their oversized fee.
Bruce would do better to argue that we need to account for our tendency to implement security schemes which favor the perception of effectiveness rather than true scenario effectiveness. Then again, he is a cryptographer, we can't expect him to be an expert on all things security. Injecting bits of psychology is tempting but runs the risk of being disingenuous. He loses a little credence in my view.
Obvious action item here (Score:2)
Hire River Tam [wikipedia.org] as your chief security officer.
Got that right (Score:2)
But rarely is, in ninety-eight percent of the known cases, i.e., humans.
"The neocortex, which in a mammalian brain is associated with consciousness, is slower but "adaptive and flexible,"
Again, rarely - about two percent of the known cases at best.
Chimpanzees simply don't do well with the fear of death. You can blame evolution, but facts are facts.
Overridden by higher parts of the brain (Score:3, Insightful)