Security and Human Behaviour 2010 – Session 2: Foundations

…continued from Session 1 – Deception.

Petter Johannson (UCL) presented the fascinating Choice Blindness study and asked whether choice blindness can be used to detect deception.

Michelle Baddeley (Cambridge) asked “Why aren’t people trying to protect their privacy & security?” She described security as a public good, making me instantly connect computer users’ nonchalantness towards harming others with their actions (network externalities of unsafe behaviour in a networked world) with the Tragedy of the Commons.

Michelle talked about Herbert Simon‘s concept of bounded rationality and how it translates to the struggle between substantive and procedural rationality.

Michelle mentioned further concepts that affect how people make security decisions:

  • Quasi-rational economics
  • Present bias (manifested by procrastination – e.g. we’re happy to pay yearly gym memberships, when we realistically scarcely visit the gym)
  • Our trait of being disproportionately impatient
  • The need for a “strategy-proof design”.

Terence Taylor talked about Natural Security, a concept captured in the book he co-edited titled “Natural Security –
A Darwinian Approach to a Dangerous World”
. He talked about the National Centre for Ecological Analysis and Synthesis (NCEAS) and the Darwinian Security Working Group.

Terence pointed us to the books The Starfish and the Spider and Jean-Francois Rischard’s High Noon: 20 problems, 20 years to solve them.

Rick Wash (Michigan State) took the stage and wondered about people’s motivation. Why do people do what they do? He conducted interviews with home PC users and asked them about the security-related problems. Turns out that most answers can be categorised in one of the following two buckets:

  1. “Viruses”, which includes all bad software
  2. “Hackers” which includes all bad people

Refer to “Folk Models of Home Computer Security” for the details.

Wolfram Schultz (Cambridge) demonstrated graphical images of the brain as decisions were being made. He pointed out that humans have a subjective probability perception. Also, we take a different risk attitude depending on the stakes involved.

Mark Levine (Lancaster) eloquently explained that aggression is difficult to turn to violence. He quoted Dave Grossman’s “On Killing” where the argument is made that most people studying violence are like “A world of virgins studying sex” – the assumption apparently being that modern societies do not expose their members to real violence, hence making it very difficult to understand true violence.

Mark demonstrated research on bystander behaviour and noted that an increase in group size usually leads to the de-escalation of aggression. This appears to happen because third parties bring “natural conflict resolution”. He made the counter-intuitive (but compelling) argument that groups bring peace. Hence, groups are not necessarily detrimental to the security of individuals.

At that point I scribbled in my notepad Note: Sensationalism leads perception of risk/threat and Risk can be used to manipulate population – which is a bit like stating the obvious. The establishment uses media to threaten people into submission.

The paper “The Social Amplification of Risk – A Framework” was mentioned at this point, which begins with:

One of the most perplexing problems in risk analysis is why some relatively minor risks or
risk events, as assessed by technical experts, often elicit strong public concerns and result in
substantial impacts upon society and economy.

Session 3 of the workshop to follow…

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s