RSA: Bruce Schneier ponders the nature of security

Industry legend dissects the basis for bad behaviour

Author and security expert Bruce Schneier has been explaining how human nature drives security policies.

Schneier said at the 2011 RSA Conference in San Francisco that social structures and some basic traits in the human brain could help to explain modern trends in cyber crime and security.

Schneier pointed out that in every social group there exists a large set of people who will co-operate with one another, and a "dishonest minority" who will thrive on criminal behaviour.

As a society grows, however, more steps must be taken to limit dishonest behaviour. Eventually, this gives rise to the need for security and creates more complexity in protecting people.

Additionally, Schneier said that the growth in individuals and information means that the risks from dishonest behaviour rises and creates new challenges.

"We all build security to protect against the subset of us that tries to subvert security," he said. "As we need to be able to trust more and more strangers, more formal security is required."

The talk was part of an ongoing Schneier project to study the basic factors that drive security. Speakers and delegates at the conference are looking at new challenges that have arisen as people are increasingly interacting and sharing data on a social level.

Schneier cited multiple sociology and psychology studies in suggesting that humans in general want to follow established laws and social rules, noting the rise in online music stores and e-commerce services as alternatives to illegal file sharing.

"The genius of iTunes was that it made music easy to buy and not use file sharing," he said. "It made it easy to obey the law, so more people did."