Schneier Mulls Psychology of Security 101
bednarz writes "Cryptography expert Bruce Schneier says security decisions often are much less rational than one would prefer. He spoke at the RSA conference about the battle that goes on in the brain when responding to security issues. Schneier explains 'The primitive portion of the brain, called the amygdala, feels fear and incites a fear-or-flight response, he pointed out. "It's very fast, faster than consciousness. But it can be overridden by higher parts of the brain." The neocortex, which in a mammalian brain is associated with consciousness, is slower but "adaptive and flexible,"'"
Just look to government.... (Score:5, Funny)
Re:Just look to government.... (Score:4, Informative)
Re:Just look to government.... (Score:5, Insightful)
We have two parties that have issues with threats to the world, after all. The Republicans have Terrorism, and the Democrats have Global Warming. Both are real and significant threats, but neither of them really gets addressed in the healthiest way possible. There's a lot of focus on OMG-deadly high-profile terrorist attacks, and on OMG-deadly consequences of global warming. Both parties have their people propose some ridiculously broad, sweeping changes to deal with the problem which would negatively impact everyday lives; fortunately, the more ridiculous ones are more likely to fail. And, of course, both parties are willing to throw money at people who claim to have some sort of solution to their problem, whether or not it's actually anything real, meaningful, or worthwhile (like the latest stupid XYZ antiterrorist technology rollout, or the latest bio-fuel legislation/subsidy).
No, they're not the same thing, but one can draw worthwhile parallels, and both parties would benefit by comparing themselves to the other, shaping their actions to avoid these excesses.
Re: (Score:3, Insightful)
You can't get anywhere in politics if you allow the more radical elements to represent their party. Ignore them.
In the interest of bipartisanship you've equated the wholesale removal of civil rights with the suggestion that we shouldn't use so much oil.
Thats what I call Fair and Balanced.
Re: (Score:2, Interesting)
That's what I call a double straw-man.
Re:Just look to government.... (Score:4, Interesting)
One of these is a minor annoyance to the human species. The other is the end of life as we know it. Some have even suggested that run-away global warming caused Venus to become the hell-hole it is today. These are very different problems.
You are right that politicians, in general, care more about the appearance of solving problems than actually solving problems. But don't equate global warming with the relatively trivial issue of terrorism.
Re: (Score:1, Flamebait)
Some have even suggested that run-away global warming caused Venus to become the hell-hole it is today.
How did humans get to Venus to cause all that global warming?
Re: (Score:2)
We are the only lifeforms with high intelligence. We are the only lifeforms with space travel. It would be stupidly reductionist to assume that we are just another lifeform.
Re: (Score:2)
Re: (Score:1)
Re: (Score:3, Insightful)
I appreciate that. But consider, from the text of the article itself:
Okay. Mass extinction. Rare? Ehh, depends-how-you-define-it. Children? Eh, not so much ("our children wil
Re: (Score:2)
Libertarians tend to believe in global warming, though not necessarily human-caused global warming. However, they also believe in voluntary cooperation, rather than government force, as the only morally acceptable solution to this or any other problem. Forcing people to act contrary to their own interests, even if it is for a "good cause," invariably makes problems worse and not better.
My personal take is that global warming is here, and is a GOOD thing, regardless of who caused it. It is likely to hav
You're overreacting (Score:2)
One of these is a minor annoyance to the human species. The other is the end of life as we know it.
Says who? The Earth's biosphere has undergone climate changes many times more rapid and many times more devastating than it is currently undergoing. Increased CO2 emissions are unlikely to be doing it any good, but nor is it the end of the world by any stretch of the imagination. How can you react so rationally to the threat of terrorism, and yet so irrationally to the threat of global warming?
That said, the side effects of global warming will likely result in a far higher death toll than terrorism. But at
Oblig. joke (Score:5, Funny)
That's alright, they have a neoconcortex instead!
Sorry, couldn't help myself. You may now mod this post into oblivion...
Stupid new moderation thingy (Score:2)
Re: (Score:1)
Re: (Score:2)
3000 Americans died from terrorism in this entire young century. Meanwhile, 40,000 Americans died in auto crashes last year alone. I vote we use some of the "homeland security" money on guard rails.
Right, because even though we were promised followup events that "will dwarf 9/11" and they haven't happened, _obviously_ that money has all been wasted, is that it? As far as the auto crashes...I've been an EMT for a dozen years or so. I've never been to a fatal accident where the person who died was wearing a seatbelt. Not once. Spend all you want but when some idiot doesn't even take advantage of the basic safety equipment they've already been provided in their vehicle, there's no helping them.
Most people cannot define "security". (Score:5, Informative)
http://www.schneier.com/essay-155.html [schneier.com]
As he says, we really should have two different words for the "feeling of security" and "security".
Re: (Score:3, Insightful)
Re: (Score:2)
Not a bad point, but it somewhat flies in the face of the idea that Bruce Schneier is an expert on any topic (neurophysiology, today) that remotely pertains to any definition of "security".
Re: (Score:2)
Unfortunately, this would have about the same effect has having two words for "thinking" and "acting as if you'd thought about it." People would only apply the term for a "feeling of security" to others, and it would quickly be labeled derogatory and non-PC.
Amydala feels fear (Score:4, Funny)
Re: (Score:2)
Brain region for thinking about security (Score:3, Funny)
Most thinking about security seems to be centered in the nullcortex.
42 (Score:5, Funny)
It makes sense (Score:5, Funny)
That is why the real amygdala hides in the background pretending to be a mere attendant like the pitutary gland and communicates with a prominantly placed fake-amygdala using elaborate signals and esp communication. All these scientists have been fooled into studying the fake-amygdala. So they underestimate the real security of the brain. Let someone assassinate the fake-amygdala in a spaceport in Coruscant and suddenly you will see the real amygdala emerge from the shadows and assume the role as the rightfully elected Queen of Naboo.
Re:It makes sense (Score:4, Funny)
It must be said... (Score:3, Insightful)
Re: (Score:2, Funny)
Re: (Score:2)
(H. J. Simpson)
Re: (Score:2)
Re: (Score:2, Interesting)
That's not a problem if he is actually right. He's a security expert, which implies at least some competence in related areas. If someone thinks they are right, it's not a fault if they are actually right.
The second is that for some reason people are unwilling to stand up and say when he is full of it.
Where is he full of it? And why are people supposedly such cowards when it comes to standing up to him?
Some days his
Re: (Score:3, Insightful)
"No, it's just that reality has an anti-Bush 'bias'."
repeat? (Score:3, Insightful)
Good lord, I want that guys press agent!
Tom
Re: (Score:2)
Security - 100% (Score:2)
Re: (Score:1, Insightful)
Why I hate metaphors (Score:3, Funny)
Now I need to go take a shower.
Schneier says no, but that's not his aim (Score:5, Informative)
More on this philosophy:
Re: (Score:2)
Well, in essence, security is not about being "100% secure". 100% never happens, and can't even happen theoretically. The 100% only way to prevent unauthorized access to a computer is to prevent any kind of access whatsoever. The only way to prevent anyone from ever accessing a particular piece of data is to never create that data anyway, or else destroy it immediately. Even then, you face a possible breakdown: what about the mechanism for preventing that data from being created, or for destroying it?
Re: (Score:2)
Re: (Score:1)
In the grave.
Irritating. (Score:5, Insightful)
It seems unnecessary to incorporate impressive-sounding terms into a speech that, quite honestly, seems to be stating the obvious. Increasing or decreasing security is a response to fear; fear is an emotion and, therefore, decisions that use it as a base will not be purely rational, but will have emotional bias, like every other human decision. You don't need vague descriptions of brain "impulses", and such, to prove that.
rich techie blowhards (Score:1)
But the real world doesn't work that way, unless you live in Mensa-Fascist-Fantasy-World and fantasize the state killing those that don't behave with Klingon-like rationality. Basically, you have to take the stupid, irrational people into account. (Damn Customers!)
Many public (law enforcement) agencies have a motto: "Could You Explain It On 60 Minutes?" That pretty much sums it
Re: (Score:2)
Damn those Klingons and their rationality! It's always "Logic dictates this" and "Humans are irrational and impulsive" with them. Smug jerks.
Re: (Score:2)
Re: (Score:1)
Re: (Score:2)
Re: (Score:1)
mammalian brain theorists (Score:1)
Tell me about it, those mammalian brain theory advocates are getting on my nerve lately, too. I mean, the existence of so called mammals
Re: (Score:2)
Bruce Schneier has been doing this ever since 9/11 - parlaying his reputation (well earned) in cryptography into a career as a security pundit (without any actual credentials).
Re: (Score:2)
Re: (Score:2)
Then he's extraordinarily ignorant of his own field - I first encountered the idea that security wasn't just about cryptography in the mid 70's while reading Kahn's The Codebreakers (itself written in 1967). The more general idea that security is about
Re: (Score:1)
A point easily proven (Score:3, Insightful)
For example: Airplanes. How many people feel more secure behind the wheel of a car than on a long flight with turbulence?
Put your hands down, now the sheer probability of getting into a car accident in one's lifetime (if one drives) is a miniscule number below one. Death statistics are somewhere around 1 in 237 of a car type accident. The odds of an airplane death are like 1 in 5051 source [nsc.org]
However, people are freakishly nervous about planes... So, by induction (the bane of an engineer's existance) we can extrapolate (another fancy bane) that security people will ignore the dangerous mundane and fixate on the extraordinary rarity.
Re: (Score:2)
Ralph Nader to the RESCUE!
Re: (Score:1)
Re: (Score:2)
Did you fly through a thunderstorm? That's the best. There are even flashy lights going off all around you.
The major downside is the smell of vomit that permeates the cabin. Ga
Re: (Score:1)
Deaths per Mile (Score:3, Insightful)
The important measure isn't odds of death in a crash, it's odds of death per mile traveled.
If you drive from Boston to San Diego y
Re: (Score:1)
Lets say that the average person in this statistics travel twice a day with their cars, and twice a year they take a plane. And this ratio is just 237/5051.
If your numbers are correct, cars are much safer than planes. This statistic manipulation to tell planes are safe is just an old lie.
Re: (Score:1)
Let's say:
Airborn Hours = total # hours that all humans spend in the air in a year
Driving Hours = total # hours that all humans spend in a car (either passenger or driver) in a year
So I want to know how (Automobile Deaths / Driving Hours) compares to (Airplane Deaths / Airborn Hours).
Re: (Score:2)
Hey Mr. Statistics: Care to use some meaningful numbers? What are the chances of dying PER HOUR of being on a plane compared to the chances PER HOUR of being in a car?
I haven't looked it up, but I assume a two-hour flight is more likely to kill you than a two-hour road trip. That's a pretty good justification to fear the flight more than the drive.
Not to take away from your argument, but I HATE bullshit statistics.
Re: (Score:1)
Re: (Score:2)
Motor Vehicle: 1.3 deaths per million miles driven (by all vehicles, that is, if a million cars drove 1 mile, 1.3 drivers would die)
Air Carriers: 1.9 deaths per million miles flown by all aircraft.
Now wait a second! Whatshisface grandparent said planes were SAFER!
Well, OK. There are less planes than cars, but more people, so:
Yearly, 1 out of every 7,700 people die in a car wreck.
Yearly, 1 out of every 2,067,000 people die in an airplane wreck, but by that measure, motorcycles are safer than c
Re: (Score:2)
The safest way to travel a given number of miles (what you seem to be talking about) was never an issue.
Re: (Score:2)
The fact of the matter is every Tom, Dick and Jane moron drives. If the vehicle accidents only showed people with actual driving skill then you could compare to flying in a plane but throwing in the general population against trained maintenance staff and pilots is rediculous. Now I know there are times when even the best driver may not be able to avoid a bad situation but the statistics don't make any distinction between driving skill
Re: (Score:1)
You forget that you are much more likely to die *per hour* in a plane than a car.
Average people travel by plane perhaps ten hours per year; by car perhaps 700 hours per year. (My numbers, made up on the spot.)
So the lifetime death should be 70 times lower, if the death rate per hour were the same. But it isn't: it's about 20 times lower (via your numbers). So while you're in a plane, you're three or four times more likely to die than while you're in a car.
Also
Difficulty Factor (Score:3, Insightful)
instant vs. considered responses (Score:4, Interesting)
Re: (Score:2)
I strongly recommend the book and everything else Gladwell has written.
Blink has been on the verge of being added to my reading list for a long while. I've read some other stuff by Gladwell and frankly, while I found it sort of entertaining, I also thought his "logic" was spotty at best. Maybe he understands how to draw logical, supported conclusions, but he sure doesn't present it well and some of his assertions seem to be sheer nonsense. My main motivation for reading it would be to understand his argu
Re: (Score:2)
Re: (Score:2)
I learned a lot from both it and "the tipping point" -- the width of his coverage is amazing.
So I read "the tipping point" and found it interesting, but upon looking a little harder I realized the research was very backwards. It looks like he started with a few premises, then looked specifically for data to support that, resulting in a wholly improper application of statistics. Gladwell even admits in later interviews that he no longer believes some of the concepts he espoused after seeing others evaluat
Re: (Score:2)
Consciousness? (Score:1)
Re: (Score:2)
I am not sure what the author means when he refers to the part of the brain that is related to "Consciousness". Neither am I clear on what the author means by the term "consciousness" here. Is consciousness, per the author, limited to the brain?
The model of human consciousness, to which the author refers is one that normally maps us to three layers, each of which corresponds to an evolutionary stage. The first layer is pain/pleasure and even very small organisms with no real brains, can respond to this s
No doubt I will be flamed for this (Score:2)
As much as I respect Schenier, I would no sooner trust his assertions on psychology, than I would trust those of Dr. Phil. If he had co-written a couple of articles with someone relevant and had them published in a proper journal things would be different. But after reading the (otherwise
Re: (Score:1)
If you read the essay you'll see that he isn't inventing his own psychological theories. He's doing a survey of several fields that have produced results relevant to security, and showing how those results affect decision-making and perception around security.
He may make mistakes in applying theories from other fields, but it's only by publishing his applications that the academic conversation can occur. Cross-disciplinary stuff
Too complicated (Score:3, Interesting)
His view is far too complicated. The essence of security is: people think they are secure. They happily type their data into web sites without considering where it goes because in most cases, they have no clue what systems are in operation. Past the words "computer", "database", and "Internet (or Web)" the average person has no concept of how any of it works. Someone, their bank say, sends them a link to a website -- the first problem is, they really have no way to verify it is from their bank, other than going to their local branch and asking, which seems to be beyond anyone's capability. Now, once they've accepted that the link is "legitimate", whether it is or not, they plow ahead and begin banging on the keyboard and typing in their info. Screens come and go, they are admonished occasionally when they don't enter something right, and finally some message pops up thanking them and that's that. Whether the whole transaction was legitimate or not never enters into it.
"Security" is a misnomer -- you are no more secure against possible data theft or manipulation on the Internet than you are physically safe crossing the street in a crosswalk. The only security you can have is in being vigilant in what you do and following up everything you do to make sure it is legitimate. Past that, you're on you own.
Security and panic disorder (Score:1, Interesting)
Obvious action item here (Score:2)
Hire River Tam [wikipedia.org] as your chief security officer.
Got that right (Score:2)
But rarely is, in ninety-eight percent of the known cases, i.e., humans.
"The neocortex, which in a mammalian brain is associated with consciousness, is slower but "adaptive and flexible,"
Again, rarely - about two percent of the known cases at best.
Chimpanzees simply don't do well with the
Re: (Score:2)
Primitive perhaps, but it has worked well enough for a very long time. I'd say any of that "new fangled" stuff needs maybe millions more years (or more) to prove that it's actually better.
Overridden by higher parts of the brain (Score:3, Insightful)