Happy New Year! To start off 2019 I shall begin with an information-filled blog continuing with the book Liars & Outliers by Bruce Schneier once again.

What I really love about Schneier’s book is that he continuously brings back familiar ideas and situations to make it very easy to follow new concepts. This clever technique really makes his new ideas more understandable and fun at the same time along with his relaxed tone – which is what makes his book so attractive to read.

Since the last blog Schneier has almost finished his section on the models of trust (one more left to go) and has moved onto applying them in real-life.  

I’ll move a back first to the last model of trust, which was on Schneier’s analysis of Security Systems which told me about the different types of defences, in what stages they would be used in (e.g before, during or after a defection), and the advantages and disadvantages of each one. He goes extremely in depth into them and thoroughly analyses how those defences are used. He uses a real-life example of performance-enhancing drugs in Sports. I’ll summarise it here:

Everyone wants a safe and fair sport and to do this everyone must not take the performance-enhancing drugs. People are competitive and desire to win as much money as possible, but in order to beat the majority of the competition, people take the drugs.

• Moral Pressure: Guilt of not winning fair and square. Reminders that athletes are role models to children
• Reputational Pressure: Keep fans and endorsements by maintaining reputation of a fair player
• Institutional Pressure: Bans on performance-enhancing drugs
• Security Pressure: Drug testing for the specific substances.

We all hope these pressures would deter and discourage the use of these drugs, but it turns out to be the opposite. Before the sport started paying attention, long-distance cyclists consumed stimulants such as caffeine, cocaine, nitro-glycerine, amphetamines and painkillers to improve their endurance. All the cyclists are just looking to win, without thinking about the long-term health effects. As moral and reputational pressures do not work, it comes down to institutional rules to be enforced by security systems such as drug testing. Of course there can be times where an over the counter cold medicine has one of these substances and athletes can get their reward confiscated and their title stripped from them; which was what happened to a Romanian gymnast Andreea R?ducan in the 2000 Olympics.

Schneier ends this section with the conclusion that “There can be too much security” where the perfect security measures would not affect the cost of defection. Too much security will become a police state. Moreover, an increase in security means more money is spent, which would seem like the security is more secure. Logically this would make sense and is the societal expectation, but in reality this is not the case and there is a threshold where security cannot be improved to completely stop defectors – every individual will make their own risk trade-off. Of course, this all depends on the scale of the stakeholders and the context of the issue.

To relate this back to ITGS, the internet has brought new challenges to the world and has not brought security to a whole new level. Defections such as identity theft, black-hat hacking and data theft require completely new security measures to counter them. Audit trails, encryption, authentication and verification. Even simple things such as using a VPN to pass through a firewall can be counted as defection, as the group interest would be for everyone to obey to the rules of the firewall and not access things that others can’t. This is extremely hard to control; there are so many citizens that have access to the internet that the government cannot keep track of everyone at the same time, which makes defecting even easier and more appealing. Users could use computers in internet cafes which would mean being anonymous and harder to be tracked by the government.

Let’s move onto the third part of the book where Schneier talks about The Real World. He plunges into the depths of competing interests and how they affect organizations and corporations – well that’s all I got up to, so I’ll just talk about them 🙂

The main idea I got out from the three following chapters is how different competing interests affect an individual’s desire to defect. Competing interests include selfish self-interest, self-preservation interest, ego-preservation interest, other psychological motivations, the group interest of another group, and ignorance. These all mainly affect an individual.

Selfish Self-interest: Person who cheats, defrauds, steals and puts their selfish interest ahead of the group interest. Extreme cases would include being a sociopath.

Self-Preservation interest: Someone who is motivated to preserve themselves. Fear would make an individual adhere to the group norm. Example, someone may defect but will be blackmailed as a consequence so they would not defect.

Ego-Preservation Interest: Things people to do preserve their ego and reputation. Cannot be seen as a sucker or weak. Individual needs to always appear rich.

Other psychological motivations: Category for personal interests that don’t fit anywhere else. Includes anxiety, poor impulse control, genuine laziness, or insanity.

Relational Interest: Remaining true to another person is a powerful motivation.

Group interest of another group: An individual belongs to two different groups and for the groups’ interest and norms to conflict.

Competing moral interest: A person’s own morals may be different to those of the group.

Ignorance: Plain ignorance is when a person might not even realise that they are defecting. No risk-trade off as person did not have any intention in stealing for example.

There is a lot to get into for organizations and corporations but the main idea is that as a whole, they are treated differently to individuals: they are not affected by moral pressures as much (unless eco-friendly company) but are heavily affected by reputational pressure and institutional pressure. As moral pressures cannot limit a company’s interest, official institutional pressure and security systems would have to force companies to not go overboard and only care about their end product (usually money). Reputation is key as some companies rely heavily on it to get business.

People in organisations are also affected by different interests: Moral (do they think what they are doing is right), family (if a family member wants to work in the company) affected by family ties, affected by government ties (perhaps secretly working for them). Individuals can be exploited and it becomes very dangerous when someone who has a lot of power in a hierarchal system is manipulated and influenced by another group. This is when competing interests come in and interfere with the company’s own interest; which one do they follow?

That’s all from me! I urge you to read his book!

Whyhello