Schneier Mulls Psychology of Security

bednarz writes "Cryptography expert Bruce Schneier says security decisions often are much less rational than one would prefer. He spoke at the RSA conference about the battle that goes on in the brain when responding to security issues. Schneier explains 'The primitive portion of the brain, called the amygdala, feels fear and incites a fear-or-flight response, he pointed out. "It's very fast, faster than consciousness. But it can be overridden by higher parts of the brain." The neocortex, which in a mammalian brain is associated with consciousness, is slower but "adaptive and flexible,"'"

Re:Just look to government....

[FooAtWFU]

Okay. I'll look to government. I'll even be bipartisan... or antibipartisan :)

We have two parties that have issues with threats to the world, after all. The Republicans have Terrorism, and the Democrats have Global Warming. Both are real and significant threats, but neither of them really gets addressed in the healthiest way possible. There's a lot of focus on OMG-deadly high-profile terrorist attacks, and on OMG-deadly consequences of global warming. Both parties have their people propose some ridiculously broad, sweeping changes to deal with the problem which would negatively impact everyday lives; fortunately, the more ridiculous ones are more likely to fail. And, of course, both parties are willing to throw money at people who claim to have some sort of solution to their problem, whether or not it's actually anything real, meaningful, or worthwhile (like the latest stupid XYZ antiterrorist technology rollout, or the latest bio-fuel legislation/subsidy).

No, they're not the same thing, but one can draw worthwhile parallels, and both parties would benefit by comparing themselves to the other, shaping their actions to avoid these excesses.

Irritating.

[Elentari]

It never fails to annoy me when people take snippets of theoretical psychology and redistribute them as truth. Scientists' views of which parts of the brain are responsible for which characteristics of human life change on almost a daily basis, yet phrases such as "language centre" or "mammalian brain" are constantly being used in a way that presents them as definite fact.

It seems unnecessary to incorporate impressive-sounding terms into a speech that, quite honestly, seems to be stating the obvious. Increasing or decreasing security is a response to fear; fear is an emotion and, therefore, decisions that use it as a base will not be purely rational, but will have emotional bias, like every other human decision. You don't need vague descriptions of brain "impulses", and such, to prove that.

Re:Most people cannot define "security".

[Short+Circuit]

As he says, we really should have two different words for the "feeling of security" and "security". I thought we called that "comfort". As in, "I'm comfortable running Linux." or "I'm uncomfortable running Windows without antivirus software."

A point easily proven

[TinBromide]

People care more about problems that they can't control than ones they can prevent.

For example: Airplanes. How many people feel more secure behind the wheel of a car than on a long flight with turbulence?

Put your hands down, now the sheer probability of getting into a car accident in one's lifetime (if one drives) is a miniscule number below one. Death statistics are somewhere around 1 in 237 of a car type accident. The odds of an airplane death are like 1 in 5051 source

However, people are freakishly nervous about planes... So, by induction (the bane of an engineer's existance) we can extrapolate (another fancy bane) that security people will ignore the dangerous mundane and fixate on the extraordinary rarity.

Overridden by higher parts of the brain

[brownaroo]

As a programmer I find (in regards to security) that fear is often overridden by laziness