Monday, July 26, 2004

Book Review: Beyond Fear

Now that I've lured you all here with my sensitive handling of emotional nuance, let's switch gears and geek out for a while. I want to talk about Bruce Schneier's new book Beyond Fear. Bruce was nice enough to send me a copy back in May, when I wrote about systematic errors in risk perception. I read it in one big gulp, and ever since then I've been carrying it around in my briefcase, waiting to have enough time to write a review. Here it is.

Bruce Schneier is a security expert who achieved his fame in the field of cryptography and Internet security and has subsequently branched out to write and consult about general security issues. Beyond Fear is his attempt to demystify security for the post-9/11 general public. His general thesis is that all security decisions, ranging from a homeowner's decision about whether to buy a burglar alarm to a government's decision about whether to spy on its own citizens, are based on the same general concepts. By understanding these concepts, we can make rational decisions about whether and how proposed security measures should be implemented, rather than being driven by fear.

Schneier proposes a five-step process for evaluating any security measure: (1) What assets need to be protected? (2) What are the risks to these assets? (3) How well does the security solution mitigate those risks? (4) What other risks does the security solution cause? (5) What costs and tradeoffs does the security solution impose? Schneier models the five-step process in sidebars throughout the book, applying it to security decisions as diverse as "should I use my credit card to make purchases over the Internet?" and "should I invade Iraq to protect my country from terrorism?"

The five steps seem simple, even obvious, but consider how often they're overlooked in public debate. For example, since 9/11 we have frequently been told by pundits that "giving up a few rights is a small price to pay for safety," and have been encouraged to skim over inconvenient questions about how much safety we're actually getting for the price.

I found two of Schneier's concepts particularly useful. First is the notion that everyone involved in a security decision has their own agenda, and that, as illustrated here, these agendas are often driven by factors unrelated to security – such as profit or PR or the need for people to feel safe. Non-security agendas aren't necessarily bad things. For example, Schneier points out that during the 2002 sniper attacks on the Washington DC area, many parents drove their children to school despite the fact that, statistically, the children were at greater risk of dying in a car accident than a sniper attack. Driving them to school was valuable because it provided emotional security, not because it increased their physical security. Schneier's point is not that non-security agendas must be eliminated, but that they must be understood - and not mistaken for real security factors.

The other concept I found especially useful is that every security decision involves tradeoffs. We can't decide to have "no compromises" when it comes to security, we can only decide where our compromises will be, who will bear the brunt of them, and how we will deal with them. Explicit discussion of security tradeoffs is often avoided, as anyone who's read the "child safety" sections of parenting magazines can attest. That makes it awfully difficult to reject proposed security measures. ("Well, why wouldn't we want to do it, if it saves just one life... if there's the smallest chance...") We can't make rational decisions about security without articulating and choosing among the associated tradeoffs.

The first part of Beyond Fear outlines the basic principles of Schneier's approach to security decision-making. The second part of the book discusses specific elements of threats, attackers, defenses, and countermeasures (for example: "Brittleness makes for bad security," "Detection works where prevention fails"), in short chapters filled with vivid real-world examples. Schneier's got a gift for logical exposition; reading this book, I frequently found myself saying "how obvious!" in response to a point I knew had never occurred to me before. At the end of the book, I felt much more confident in my ability to understand security debates and participate intelligently in the discussion.

Beyond Fear is beautifully organized, clearly expressed, and not the least bit dull. Rivka-Bob says: Check it out.