Monday, July 6, 2009

Podcast: Crypto-Gram 28 Feb 2007: Security is both a feeling and a reality

from the Feb 28, 2007 Crypto-Gram Newsletter
by Bruce Schneier

A special edition: THE PSYCHOLOGY OF SECURITY -- DRAFT

Security is both a feeling and a reality. And they're not the same.

The reality of security is mathematical, based on the probability of different risks and the effectiveness of different countermeasures. We can calculate how secure is something, given enough data, it's easy.
But security is also a feeling, based not on probabilities and mathematical calculations, but on your psychological reactions to both risks and countermeasures.


The Feeling of security: where it comes from, how it works, and why it diverges from the reality of security.
Four fields of research -- two very closely related -- can help illuminate this issue.
1. Behavioral economics: looks at human biases - emotional, social, and cognitive - and how they affect economic decisions.
2. The psychology of decision-making ~ rationality: examines how we make decisions - explain the divergence between the feeling and the reality of security and, more importantly, where that divergence comes from.
3. The psychology of risk: trying to figure out when we exaggerate risks and when we downplay them.
4. Neuroscience: psychology of security is intimately tied to how we think: both intellectually and emotionally.

Over the millennia, our brains have developed complex mechanisms to deal with threats. Understanding how our brains work, and how they fail, is critical to understanding the feeling of security.


Security is a trade-off. There's no such thing as absolute security, and any gain in security always involves some sort of trade-off.

Security costs money, but it also costs in time, convenience, capabilities, liberties, and so on.

"Is this effective against the threat?" is the wrong question to ask. You need to ask: "Is it a good trade-off?"

We get it wrong all the time. We exaggerate some risks while minimizing others. We exaggerate some costs while minimizing others. The truth is that we're not hopelessly bad at making security trade-offs.

We are very well adapted to dealing with the security environment endemic to hominids living in small family groups on the highland plains of East Africa. It's just that the environment of New York in 2007 is different from Kenya circa 100,000 BC. And so our feeling of security diverges from the reality of security, and we get things wrong.

There are several specific aspects of the security trade-off that can go wrong. For example:
1. The severity of the risk.
2. The probability of the risk.
3. The magnitude of the costs.
4. How effective the countermeasure is at mitigating the risk.
5. How well disparate risks and costs can be compared.

The more your perception diverges from reality in any of these five aspects, the more your perceived trade-off won't match the actual trade-off.

The divergences between perception and reality that can't be explained that easily.

Why is it that, even if someone knows that automobiles kill 40,000 people each year in the U.S. alone, and airplanes kill only hundreds worldwide, he is more afraid of airplanes than automobiles?

These irrational trade-offs can be explained by psychology.

It's critical to understanding why, as a successful species on the planet, we make so many bad security trade-offs.

Most of the time, when the perception of security doesn't match the reality of security, it's because the perception of the risk doesn't match the reality of the risk.
There are some general pathologies that come up over and over again.:
* People exaggerate spectacular but rare risks and downplay common risks.
* People have trouble estimating risks for anything not exactly like their normal situation.
* Personified risks are perceived to be greater than anonymous risks.
* People underestimate risks they willingly take and overestimate risks in situations they can't control.
* Last, people overestimate risks that are being talked about and remain an object of public scrutiny.[1]
David Ropeik and George Gray have a longer list in their book _Risk: A Practical Guide for Deciding What's Really Safe and What's Really Dangerous in the World Around You_:
* Most people are more afraid of risks that are new than those they've lived with for a while.
* Most people are less afraid of risks that are natural than those that are human-made.
* Most people are less afraid of a risk they choose to take than of a risk imposed on them.
* Most people are less afraid of risks if the risk also confers some benefits they want.
* Most people are more afraid of risks that can kill them in particularly awful ways, than they are of the risk of dying in less awful ways.
* Most people are less afraid of a risk they feel they have some control over and more afraid of a risk they don't control.
* Most people are less afraid of risks that come from places, people, corporations, or governments they trust, and more afraid if the risk comes from a source they don't trust.
* We are more afraid of risks that we are more aware of and less afraid of risks that we are less aware of.
* We are much more afraid of risks when uncertainty is high, and less afraid when we know more,
* Adults are much more afraid of risks to their children than risks to themselves.
* You will generally be more afraid of a risk that could directly affect you than a risk that threatens others.


The human brain is a fascinating organ, but an absolute mess. Because it has evolved over millions of years, there are all sorts of processes jumbled together rather than logically organized. Some of the processes are optimized for only certain kinds of situations, while others don't work as well as they could. And there's some duplication of effort, and even some conflicting brain processes.

Assessing and reacting to risk is one of the most important things a living creature has to deal with, and there's a very primitive part of the brain that has that job

Amygdala is responsible for processing base emotions that come from sensory inputs, like anger, avoidance, defensiveness, and fear. It's an old part of the brain, and seems to have originated in early fishes. It's what causes adrenaline and other hormones to be pumped into your bloodstream, triggering the fight-or-flight response, causing increased heart rate and beat force, increased muscle tension, and sweaty palms.
This kind of thing works great if you're a lizard or a lion. Fast reaction is what you're looking for; the faster you can notice threats and either run away from them or fight back, the more likely you are to live to reproduce.

But the world is actually more complicated than that. Some scary things are not really as risky as they seem, and others are better handled by staying in the scary situation to set up a more advantageous future response. This means that there's an evolutionary advantage to being able to hold off the reflexive fight-or-flight response while you work out a more sophisticated analysis of the situation and your options for dealing with it.

Neocortex, a more advanced part of the brain that developed very recently, evolutionarily speaking, and only appears in mammals. It's intelligent and analytic. It can reason. It can make more nuanced trade-offs. It's also much slower.

So here's the first fundamental problem: we have two systems for reacting to risk -- a primitive intuitive system and a more advanced analytic system -- and they're operating in parallel. And it's hard for the neocortex to contradict the amygdala.

time 87:05
PS: this is my cheat sheet of Bruce Schneier's Podcast:
http://www.schneier.com/crypto-gram-0702a.html

Labels: ,

0 Comments:

Post a Comment

Subscribe to Post Comments [Atom]

<< Home