Inkwell: Authors and Artists
Jon Lebkowsky (jonl) Fri 31 Aug 12 14:13
You say that our representative democracy, when it came to be, "...was based on the facts that travel and communications were hard, and that geographical groups needed to choose someone amongst themselves to make laws in their name." Are you thinking that we no longer need mediation of the popular will by a set of representatives? I would question whether representative democracy exists because it was hard for more people to gather or communicate. I think it solves a different problem, the fact that important decisions require time, focus, and consideration that people in general can't manage. And we can't very well take the time to vote on all the particulars of governance, even at a relatively high level. I don't think the solution is to move past representative democracy, but to leverage the tools that create more opportunity for input into governance. In the past, I've talked about swarming the legislative process - which we can do very effectively with new communications media, for instance. Unfortunately a few can swarm more effectively with money than many can swarm with representations of their will.
Jef Poskanzer (jef) Fri 31 Aug 12 15:11
We could try non-geographic representative democracy.
Bruce Schneier (bruceschneier) Sun 2 Sep 12 17:33
In response to <jef>'s <22>: These are good points, and precisely why the answers aren't easy. We could try to monitor every phone call, e-mail, Tweet, physical meeting, and so on of every politician, and it still wouldn't make a difference. Those in power would still find ways to get around the surveillance. This isn't to say that open government laws aren't good -- they certainly are -- only that more surveillance isn't always better. And cameras in every public space has similar revenge effects. Giving the more powerful increased tools to monitor the less powerful seems like a societal mistake, not a utopian vision. You might get fewer people rolling through stop signs, but you'd get fewer new ideas and original thoughts.
Bruce Schneier (bruceschneier) Sun 2 Sep 12 17:35
In response to <jonl>'s <26>: I'm not saying that we no longer need representation or mediation, but representation based on geographical proximity seems arbitrary. I am not the one to reinvent democracy for the 21st century, although as a security expert I'd like to be involved in the conversation -- but I think that such a reinvention is both possible and desirable.
Jef Poskanzer (jef) Sun 2 Sep 12 20:36
Ubiquitous surveillance certainly has potential for abuse, to put it mildly. I don't see it as a utopian vision. I see it as inevitable, and now is the time to start thinking about how we'll deal with it. One vague concept I'm mulling is a requirement that any government-run surveillance must be available to the public.
Ted Newcomb (tcn) Mon 3 Sep 12 05:06
Bruce, I'm wondering about data. We used to save and back up everything on our own drives and servers. Now, with the move to mobile, we are relying more and more on the Cloud and third parties. I'm not even sure "who" I'm trusting in some of these scenarios or what recourses I have in the event of system failure. I realize this is part of the transition as the move to a digital world matures. What are your concerns and recommendations about data protection for individuals, businesses, and governments? Similarly for identity. I'm not sure I can protect my identity much any more; I'm more concerned about protecting my personal data. It seems like I find myself more into branding and reputation scores; trying to establish a record of my 'digital self' that can be enhanced and defended. Comments, suggestions?
Bruce Schneier (bruceschneier) Wed 5 Sep 12 08:35
In response to <jef>'s <30>: It's an interesting notion, but it's not obvious to me that making government surveillance more broadly available is a solution. Already we're seeing corporate uses of government data on individuals. Do we really want more of it? An example might be my local airport in Minneapolis. I know that security there uses vehicle-mounted cameras to take a complete inventory of license plates in the parking lots every night. Is that the sort of data I really want sold to data brokers and telemarketers? On the other hand, public scrutiny of government actions is generally a good idea. So maybe there's some middle ground that works.
Ron Sipherd (ronks) Wed 5 Sep 12 09:04
I was puzzled by the statement on P. 179 that "A corporation is legally required to follow its charter, which for a non-profit corporation means maximizing shareholder value." I'm guessing that the "non-" is a misprint?
for dixie southern iraq (stet) Wed 5 Sep 12 10:04
Since corporations are persons, shouldn't that now read "A corporation is legally required to follow his or her charter..." :)
Gail Williams (gail) Wed 5 Sep 12 10:54
Seems to me that sexless and souless persons should be "it."
Jon Lebkowsky (jonl) Wed 5 Sep 12 11:31
Hoping this isn't too far off-topic: Many believe that a for-profit is required by law to maximize shareholder value, but my understanding is that no law includes this requirement. Noting that I'm not an attorney, I suspect there's an enforceable requirement to follow the charter or whatever agreement the corporation has made with its shareholders, and an assumption that the charter would include an agreement to maximize shareholder value seems reasonable. But it could include other agreements, and there could be other ways to define value than profit (e.g. where a company might put social responsibility first, and include that in the charter).
Ron Sipherd (ronks) Wed 5 Sep 12 13:03
The book says "A corporation is legally required to follow its charter"; that's true, or what's a charter for? (Of course the board gets to draft the charter as widely as they like.) But "maximizing shareholder value" as the Prime Directive, no, even at a for-profit corporation (whether male, female or none of the above). There are case-law limits on how far corporate shareholder value may be disregarded - in one famous instance a court determined that Henry Ford was using his company as a personal piggybank - but in general a corporation is allowed pretty wide latitude in deciding what is to the ultimate long-term benefit of its owners.
Michael C. Berch (mcb) Wed 5 Sep 12 17:36
Very few modern corporations have a specific charter. Where permitted, the typical charter or purpose stated in a corporation's articles is something like, "to engage in any lawful act or activity for which a corporation may be organized under the General Corporation Law of California other than the banking business, the trust company business or the practice of a profession permitted to be incorporated by the California Corporations Code."
Ron Sipherd (ronks) Wed 5 Sep 12 17:53
> Very few modern corporations have a specific charter They learned from their predecessors' mistakes.
Jon Lebkowsky (jonl) Thu 6 Sep 12 12:33
Bruce, in my years as an Internet rabble-rouser, I've run across many mostly-honest tech savants who felt few qualms about "defecting" in a particular context - e.g. downloading and sharing copyright content, or breaking into secure systems just because they can. It's arguable whether they're harming anyone, but they're clearly flaunting "the rules." And there's the phenomenon of trolls and griefers in various online contexts - people who can be just fine in physical social settings, but do the Mr. Hyde thing when they're online. Why do people who probably wouldn't "defect" in their day to day physical world choose to do so when they're online?
Jef Poskanzer (jef) Thu 6 Sep 12 12:59
Because the Founding Nerds of the Net failed to implement a nose-punching protocol?
Bruce Schneier (bruceschneier) Thu 6 Sep 12 16:01
In response to <tcn>'s <31>: No argument that this is a problem. My concerns are obvious, but I really don't have any good recommendations. We're being forced to trust companies more (and more companies) with our personal data without much in the way of contracts, agreements, and so on. And while I might still run Eudora for my e-mail, that's not a viable option for most people. Everyone's e-mail is in the cloud. And Facebook just doesn't make sense if it isn't in the cloud. My only suggestion is to agitate for a legislative environment conducive to privacy and security, even in this sort of environment. I'm not optimistic in the near term -- the police like the easy accessibility of this data just as much as the corporations do -- but it's our only hope in the long term.
Bruce Schneier (bruceschneier) Thu 6 Sep 12 16:03
In response to <ronks>'s <33>: Yes. As far as I know it's the only meaningful typo that made it through the editing process.
Bruce Schneier (bruceschneier) Thu 6 Sep 12 16:22
In response to <jonl>'s <40>: We don't know. There are a lot of theories: anonymity, the lack of social cues, a group mentality that rewards extreme behavior, specific things about the environment. It's probably a combination of things.
Jon Lebkowsky (jonl) Fri 7 Sep 12 10:39
And I suppose it could be different drivers for individual actors, hard to generalize. You're a security specialist, and in the book you talk a lot about security systems. Can you discuss briefly where security systems fit in, and where they're most effective?
Jon Lebkowsky (jonl) Fri 7 Sep 12 12:41
Resonant with the aspect of reputational pressures covered in the book, I'm reposting a link here that Ted Newcomb had posted in another part of the WELL (thanks, Ted!): Welcome to the new reputation economy: http://tinyurl.com/92ub3dl "An aggregated online reputation having a real-world value holds enormous potential for sectors where trust is fractured: banking; e-commerce, where value is exponentially increased by knowing who someone really is; peer-to-peer marketplaces, where a high degree of trust is required between strangers; and where a traditional approach based on disjointed information sources is currently inefficient, such as recruiting."
Ted Newcomb (tcn) Fri 7 Sep 12 12:47
re: <45> and <46> above, it seems like were on new ground, staying with the cyberspace as territory metaphor. What's on the horizon for security in the near future? And what are the implications of cyber terrorism?
Bruce Schneier (bruceschneier) Mon 10 Sep 12 15:04
In response to <jonl>'s <45>: Security systems fill the gap where other societal pressures fail. Let me step back. In my book, I identify four broad classes of inducements that push people to behave cooperatively: honestly, fairly, compliantly, etc. I call these "societal pressures." They are morals, reputation, institutions (laws), and security systems. I'm skipping over a lot of detail here, but you can think of them as all working in tandem. Take stealing. Most of us don't steal, most of the time, because we know it's wrong. Or we'll feel guilt or shame if we do. That's our morality talking. Some of us don't steal because of how other people will react to it. (If I invite a friend over to my house and he steals my sweater, I won't call the police -- I just won't invite him over anymore.) A few of us don't steal because it's illegal, and we fear the punishment. And the rest of us don't steal because of the door locks and the burglar alarms. That's the role of security systems.
Jon Lebkowsky (jonl) Tue 11 Sep 12 05:46
That seems to imply two levels of "defector" - those that would vary from the societal norm and steal but for the security systems that prevent them from doing so, and those that will look for ways to defeat or work around the locks and alarms so that they can steal anyway - i.e. thieves and burglars. Am I oversimplifying?
Bruce Schneier (bruceschneier) Fri 14 Sep 12 10:30
In response to <jonl>'s <49>: Yes, but it's a useful oversimplification. More specifically, there are four levels of defectors. Most of us don't steal because we know it's wrong. Some of us don't steal because of how others would react if we did. Still others don't steal because it's illegal. And the rest of us don't steal because of the door locks and burglar alarms. All four types of societal pressures work together to keep the theft rate down to some acceptable societal minimum. This is where I think my model is valuable to a security practitioner. In general, security concerns itself with systems like those locks and alarms. I argue that security is best conceptualized more broadly, and including morals, reputation, and institutions gives us a more comprehensive -- and more effective -- security toolbox. Here's a great example. Think of an office coffee machine and an honesty box. The protocol is simple: when you take a cup of coffee, you're supposed to put a quarter in the box. No one is watching, and there are no security measure in place to ensure compliance. The moral inclinations of the coffee drinkers are the only thing that induces them to put quarters in that box. This is also a good setup to collect data on honesty. You can measure the amount of coffee drunk, count the number of quarters in the box, and have a good idea of what percentage of people paid. What some researchers did was put a photograph of a pair of eyes behind the box. (The control was a photograph of flowers.) And what they found that the photograph significantly increased payment. It's a fascinating security mechanism: simply a reminder that someone might be watching induced cooperation. In our information-age hyper-networked world, I think we need more of this sort of security thinking. I think our discussion is about done. Thanks for having me.
Members: Enter the conference to participate