So, security is two different things: it's a feeling, and it's a reality. And they're different. You could feel secure even if you're not. And you can be secure even if you don't feel it. Really, we have two separate concepts mapped onto the same word. And what I want to do in this talk is to split them apart -- figuring out when they diverge and how they converge. And language is actually a problem here. There aren't a lot of good words for the concepts we're going to talk about. So if you look at security from economic terms, it's a trade-off.
安全其实是两种事物: 它不仅是感觉,也是现实。 这两样事物是完全不同的。 你可以在不安全的时候 感觉很安全。 或者你不感到安全的时候 却很安全 真的,我们有两种不同的概念 存在于同一个词语上。 我在这里想要做的是 把它们区分开来 找出什么时候它们存在分歧, 什么时候又聚合在一起。 语言是个大问题。 因为没有多少适合的词语去表达 我们将要谈到的概念。 如果你将安全 视为一个经济学的名词, 那它就是“权衡取舍”。
Every time you get some security, you're always trading off something. Whether this is a personal decision -- whether you're going to install a burglar alarm in your home -- or a national decision, where you're going to invade a foreign country -- you're going to trade off something: money or time, convenience, capabilities, maybe fundamental liberties. And the question to ask when you look at a security anything is not whether this makes us safer, but whether it's worth the trade-off. You've heard in the past several years, the world is safer because Saddam Hussein is not in power. That might be true, but it's not terribly relevant. The question is: Was it worth it? And you can make your own decision, and then you'll decide whether the invasion was worth it. That's how you think about security: in terms of the trade-off.
每一次你得到一些安全, 你总是在拿一些东西去交换。 不管是个人决定 比如是否给家里装一个防盗器 或者国家的决策,比如去侵略哪个国家 你都要去交换, 不管是金钱、时间、便利、能力, 还可能是基本自由权。 当你面对安全的时候,要问的 不是这个能不能让我们更安全, 而是值不值得我们去交换。 你们这几年都听过, 世界更安全了是因为萨达姆倒台了。 那个可能是真的,但没什么关系。 问题是,值得吗? 你可以有自己的想法, 然后决定那个侵略是否值得 那就是你如何在以权衡取舍 来考虑安全。
Now, there's often no right or wrong here. Some of us have a burglar alarm system at home and some of us don't. And it'll depend on where we live, whether we live alone or have a family, how much cool stuff we have, how much we're willing to accept the risk of theft. In politics also, there are different opinions. A lot of times, these trade-offs are about more than just security, and I think that's really important. Now, people have a natural intuition about these trade-offs. We make them every day. Last night in my hotel room, when I decided to double-lock the door, or you in your car when you drove here; when we go eat lunch and decide the food's not poison and we'll eat it.
这里没有绝对的对与错。 我们中的有些人在家安了防盗器 有些人没有 安不安取决于我们住在哪里 我们是独居还是有个家庭 我们有多少值钱的东西 我们愿意接受多少 盗窃带来的风险 对于政治来说也是一样 存在着各种不同的观点 很多时候,这些权衡取舍 不仅仅跟安全有关 对于这点我觉得很重要 当今人们有一种 关于这些权衡取舍的直觉 我们每天都在用它来做决定 比如昨晚我在酒店房间里 决定是否给门上两层锁的时候 或者你在驾车到这里的路上 或者当我们去吃午饭时 会认为食物是没毒的然后放心地吃
We make these trade-offs again and again, multiple times a day. We often won't even notice them. They're just part of being alive; we all do it. Every species does it. Imagine a rabbit in a field, eating grass. And the rabbit sees a fox. That rabbit will make a security trade-off: "Should I stay, or should I flee?" And if you think about it, the rabbits that are good at making that trade-off will tend to live and reproduce, and the rabbits that are bad at it will get eaten or starve. So you'd think that us, as a successful species on the planet -- you, me, everybody -- would be really good at making these trade-offs. Yet it seems, again and again, that we're hopelessly bad at it.
我们反复做出这种权衡取舍 每天都有很多次 我们甚至没有留意它们 它们只是生活的一部分,人们都是这么做的 每一个物种都是这么做的 想象有一只兔子在吃草 然后它看到了一只狐狸 那只兔子需要做出一个关于安全的权衡取舍 “我应该留下,还是逃跑呢?” 正如你所见 懂得做出权衡取舍的兔子 会选择生存和繁衍 而不懂的兔子 则被吃掉 所以你可能会想 作为这个星球上一支成功的物种的我们 -- 你、我、所有人 -- 比较擅长于做出有利的权衡取舍 然而事实一次又一次地证明 我们并非如此
And I think that's a fundamentally interesting question. I'll give you the short answer. The answer is, we respond to the feeling of security and not the reality. Now, most of the time, that works. Most of the time, feeling and reality are the same. Certainly that's true for most of human prehistory. We've developed this ability because it makes evolutionary sense. One way to think of it is that we're highly optimized for risk decisions that are endemic to living in small family groups in the East African Highlands in 100,000 BC. 2010 New York, not so much. Now, there are several biases in risk perception. A lot of good experiments in this. And you can see certain biases that come up again and again. I'll give you four.
我认为那是个关键又有趣的问题 我给你们一个简短的答案 答案就是,我们依据的是安全的感觉 而非现实 很多时候,这样没什么问题 因为在大部分时间里 感觉和现实是相同的 在绝大部分史前人类历史中 那也是没错的 我们发展了这个能力 因为它有利于进化 继续思考一下就知道 我们做出某些风险决策的能力 是高度优化了的 这些决策是以群居的小型家庭形式 生活在公元前十万年的东非高地的人们所独有 -- 其实2010年的纽约也差不多 现在有一些对风险的偏见 很多实验都关于这些偏见 你可以观察到有些偏见反复出现 我讲四个
We tend to exaggerate spectacular and rare risks and downplay common risks -- so, flying versus driving. The unknown is perceived to be riskier than the familiar. One example would be: people fear kidnapping by strangers, when the data supports that kidnapping by relatives is much more common. This is for children. Third, personified risks are perceived to be greater than anonymous risks. So, Bin Laden is scarier because he has a name. And the fourth is: people underestimate risks in situations they do control and overestimate them in situations they don't control. So once you take up skydiving or smoking, you downplay the risks. If a risk is thrust upon you -- terrorism is a good example -- you'll overplay it, because you don't feel like it's in your control.
第一个,我们会夸大那些耸人听闻但少见的风险 并漠视常见的 比如像飞机和汽车的事故率 第二个,未知的被认为比熟悉的 更加危险 举个例子 人们害怕被陌生人绑架 即使数据证实被亲戚绑架更常见 以上都是针对孩子们来说的 第三个,人格化的风险 被认为比匿名的更严重 所以本拉登很可怕是因为他有个名字 第四个是 人们在他们觉得可以掌控的情况下 会低估风险 而在不能控制的情况下高估风险 所以你在开始跳伞或抽烟后 会不再重视它们带来的风险 如果你猛然面临某种风险 -- 恐怖主义是个好例子 -- 你会高估它,因为你不觉得你可以控制了
There are a bunch of other of these cognitive biases, that affect our risk decisions. There's the availability heuristic, which basically means we estimate the probability of something by how easy it is to bring instances of it to mind. So you can imagine how that works. If you hear a lot about tiger attacks, there must be a lot of tigers around. You don't hear about lion attacks, there aren't a lot of lions around. This works, until you invent newspapers, because what newspapers do is repeat again and again rare risks. I tell people: if it's in the news, don't worry about it, because by definition, news is something that almost never happens.
还有许多这样的认知偏见 影响着我们的风险决策 有一种易得性偏差 意思是 我们在估计某事发生的概率时 依据的是想到具体的例子是否容易 你可以想象那是怎么作用的 如果你听说了许多老虎袭击人的消息,那么你会认为肯定有很多老虎在附近 如果你没听说狮子袭击人,那么就没有多少狮子在附近 这是可行的直到报纸被发明 因为报纸所做的 就是一遍又一遍地重复 那些少见的风险 我告诉大家,如果事情出现在新闻里,那就不用担心了 因为按照定义 新闻是从来没有发生过的事情
(Laughter)
(笑)
When something is so common, it's no longer news. Car crashes, domestic violence -- those are the risks you worry about. We're also a species of storytellers. We respond to stories more than data. And there's some basic innumeracy going on. I mean, the joke "One, two, three, many" is kind of right. We're really good at small numbers. One mango, two mangoes, three mangoes, 10,000 mangoes, 100,000 mangoes -- it's still more mangoes you can eat before they rot. So one half, one quarter, one fifth -- we're good at that. One in a million, one in a billion -- they're both almost never.
当事情变得常见了,那就不是新闻了 比如车祸和家庭暴力 你会担心这些风险 我们同时也是一种会讲故事的物种 相比于数据,我们更喜欢故事 在故事里,总有些对科学的无知存在 比如 “一、二、三、很多”(见英文) 这个笑话 我们善于用小数字 一个芒果,两个芒果,三个芒果 一万个芒果,十万个芒果 -- 在烂掉前还有足够的芒果等你去吃 二分之一,四分之一,五分之一 -- 我们擅长这些 百万分之一,十亿分之一 -- 它们就像永远不会发生那样
So we have trouble with the risks that aren't very common. And what these cognitive biases do is they act as filters between us and reality. And the result is that feeling and reality get out of whack, they get different. Now, you either have a feeling -- you feel more secure than you are, there's a false sense of security. Or the other way, and that's a false sense of insecurity.
所以我们不知如何面对 那些不常见的风险 这些认知偏见所起的作用 就是像过滤器一样隔断我们和现实 结果呢 感觉和现实被割开 它们变得不同了 现在你要么有种感觉 -- 你觉得比现实更加安全 这是一个错误的安全感 要么相反 出现错误的不安全感
I write a lot about "security theater," which are products that make people feel secure, but don't actually do anything. There's no real word for stuff that makes us secure, but doesn't make us feel secure. Maybe it's what the CIA is supposed to do for us. So back to economics. If economics, if the market, drives security, and if people make trade-offs based on the feeling of security, then the smart thing for companies to do for the economic incentives is to make people feel secure. And there are two ways to do this.
我写了很多关于”安全剧场“的文章 这个概念只起到让人们觉得很安全的作用 除此之外一无是处 现实世界里不存在让我们安全 但不让我们觉得安全的事物 可能这就是CIA应该为我们做的 好了,回到经济学里 如果经济,或者市场,以安全为重 并且人们根据安全的感觉 作出权衡取舍 那么精明的公司所应该做的 为了经济上的激励 就是让人们觉得安全 有两种方法可以做到
One, you can make people actually secure and hope they notice. Or two, you can make people just feel secure and hope they don't notice. Right? So what makes people notice? Well, a couple of things: understanding of the security, of the risks, the threats, the countermeasures, how they work. But if you know stuff, you're more likely to have your feelings match reality. Enough real-world examples helps. We all know the crime rate in our neighborhood, because we live there, and we get a feeling about it that basically matches reality. Security theater is exposed when it's obvious that it's not working properly.
一,你可以真正地做到安全 然后希望人们可以注意到 二,你可以让人们觉得安全 然后希望他们没有注意到真相 那么到底什么可以引起人们注意是否安全呢? 有很多,比如 对安全的理解 对风险和威胁的理解 对 对策及其原理的理解 如果你知道很多东西 那么你更有可能拥有与现实一致的感觉 很多现实生活中的例子可以帮助理解 比如我们都了解我们居住的地区的犯罪率 因为我们住在那,并且我们能够感受的到 这种感觉与现实基本相符 ”安全剧场“会在失灵的时候 很明显的暴露出来
OK. So what makes people not notice? Well, a poor understanding. If you don't understand the risks, you don't understand the costs, you're likely to get the trade-off wrong, and your feeling doesn't match reality. Not enough examples. There's an inherent problem with low-probability events. If, for example, terrorism almost never happens, it's really hard to judge the efficacy of counter-terrorist measures. This is why you keep sacrificing virgins, and why your unicorn defenses are working just great. There aren't enough examples of failures. Also, feelings that cloud the issues -- the cognitive biases I talked about earlier: fears, folk beliefs -- basically, an inadequate model of reality.
好,接下来,什么让人们不去注意安全呢? 这里有个简单的理解 如果你不理解风险,你就不理解成本 你就会做出错误的权衡取舍 并且你的感觉与现实不符 没多少例子 在小概率事件里 存在一个固有的问题 举个例子 如果恐怖行动从来没发生过 那么就很难对反恐措施的效果 进行衡量 这是为什么人们牺牲处女 和对童话的抵触会如此成功的原因 鲜有失败的例子 同时,对于事情的感觉 -- 之前说的认知偏见 恐惧和盲目相信熟悉的人 -- 基本上一个对现实的不完整模型
So let me complicate things. I have feeling and reality. I want to add a third element. I want to add "model." Feeling and model are in our head, reality is the outside world; it doesn't change, it's real. Feeling is based on our intuition, model is based on reason. That's basically the difference. In a primitive and simple world, there's really no reason for a model, because feeling is close to reality. You don't need a model. But in a modern and complex world, you need models to understand a lot of the risks we face.
让我深入一点 我现在有感觉和现实 我想加入第三个元素,一个模型 感觉和模型存在于脑海里 现实存在于外部世界 它是不会变的,它是真实的 所以感觉是建立在直觉上的 模型是建立在理智上的 那是关键的不同之处 在一个原始又简单的世界里 没有建立模型的必要 因为感觉和现实很接近 你不需要 但是在现在这个复杂的世界里 你需要模型 去理解面对的很多风险
There's no feeling about germs. You need a model to understand them. This model is an intelligent representation of reality. It's, of course, limited by science, by technology. We couldn't have a germ theory of disease before we invented the microscope to see them. It's limited by our cognitive biases. But it has the ability to override our feelings. Where do we get these models? We get them from others. We get them from religion, from culture, teachers, elders.
比如说,没有什么感觉是关于细菌的 你需要一个模型去了解它们 所以这个模型 是在理智层面上的现实 它当然被科学和技术 所限制着 我们没法在发明显微镜观察细菌前 拥有一套关于细菌和疾病的理论 它同时也被我们的认知偏见所限制 但模型有能力 凌驾于我们的感觉 我们从哪里得到这些模型的呢?从其他人那里 从宗教、文化 老师、长辈那里得到
A couple years ago, I was in South Africa on safari. The tracker I was with grew up in Kruger National Park. He had some very complex models of how to survive. And it depended on if you were attacked by a lion, leopard, rhino, or elephant -- and when you had to run away, when you couldn't run away, when you had to climb a tree, when you could never climb a tree. I would have died in a day. But he was born there, and he understood how to survive. I was born in New York City. I could have taken him to New York, and he would have died in a day.
很多年前 我在南非狩猎 跟我一起的那个追踪者是在克鲁格国家公园长大的 他有一些如何生存的复杂模型 分别针对被狮子、猎豹、 犀牛还是大象所攻击的情况 和什么时候应该逃跑,什么时候应该爬树 和什么时候千万别上树 我可能会在一天内就死在那里 但他生在那里 他知道生存的方法 我生在纽约 我可以把他带到纽约,估计他也会在一天内就没命了
(Laughter)
(笑)
Because we had different models based on our different experiences. Models can come from the media, from our elected officials ... Think of models of terrorism, child kidnapping, airline safety, car safety. Models can come from industry. The two I'm following are surveillance cameras, ID cards, quite a lot of our computer security models come from there.
原因在我们有建立在我们各自经验上的 不同的模型 模型来自媒体 来自我们选出的政府 想一下恐怖袭击的模型 绑架儿童的模型 飞机和汽车的安全模型 模型可以来自某个工业领域 我关注的两个是监视器 和身份证 很多计算机安全模型都来自它们
A lot of models come from science. Health models are a great example. Think of cancer, bird flu, swine flu, SARS. All of our feelings of security about those diseases come from models given to us, really, by science filtered through the media. So models can change. Models are not static. As we become more comfortable in our environments, our model can move closer to our feelings.
还有些模型来自科学 以健康模型为例 想想癌症、禽流感、猪流感、非典 我们所有关于 这些疾病的感觉 都来自于 媒体从科学里过滤出来之后灌输给我们的 所以模型是可变的 模型不是静态的 随着我们越来越适应环境 模型会越来越接近现实
So an example might be, if you go back 100 years ago, when electricity was first becoming common, there were a lot of fears about it. There were people who were afraid to push doorbells, because there was electricity in there, and that was dangerous. For us, we're very facile around electricity. We change light bulbs without even thinking about it. Our model of security around electricity is something we were born into. It hasn't changed as we were growing up. And we're good at it. Or think of the risks on the Internet across generations -- how your parents approach Internet security, versus how you do, versus how our kids will.
举个例子 如果你回到一百年前 那时电刚刚普及 仍然有很多人害怕它 有些人害怕按门铃 因为那有电,所以很危险 对于我们来说,我们跟电相处地很融洽 我们不用怎么想 就可以换灯泡 我们拥有的关于电和安全的模型 是天生的 它没有随着我们的成长而变化 并且我们很适应 再想想在不同年龄层的人 关于互联网风险的认识 -- 你的父母是怎么看待互联网安全的 你是怎么看待的 你的孩子们会怎么看待
Models eventually fade into the background. "Intuitive" is just another word for familiar. So as your model is close to reality and it converges with feelings, you often don't even know it's there. A nice example of this came from last year and swine flu. When swine flu first appeared, the initial news caused a lot of overreaction. Now, it had a name, which made it scarier than the regular flu, even though it was more deadly. And people thought doctors should be able to deal with it. So there was that feeling of lack of control. And those two things made the risk more than it was.
模型最终会消失在无意识里 直觉来自于熟悉 所以随着你的模型越来越接近现实 它将同感觉合二为一 你将感觉不到它的存在 以去年的猪流感为例 以去年的猪流感为例 当猪流感第一次出现时 一开始的新闻造成了过度的反应 现在它有了个名字 使之变得比平常的流感更加可怕 即使它没那么致命 另外,人们觉得医生应该能够解决掉它 所以产生了一种失去控制的感觉 以上两种原因
As the novelty wore off and the months went by, there was some amount of tolerance; people got used to it. There was no new data, but there was less fear. By autumn, people thought the doctors should have solved this already. And there's kind of a bifurcation: people had to choose between fear and acceptance -- actually, fear and indifference -- and they kind of chose suspicion. And when the vaccine appeared last winter, there were a lot of people -- a surprising number -- who refused to get it. And it's a nice example of how people's feelings of security change, how their model changes, sort of wildly, with no new information, with no new input. This kind of thing happens a lot.
使风险变得比实际更严重 几个月过去了,随着新鲜感的消退 人们接受了 并且习惯了猪流感的事情 没有新的数据,但恐惧减少了 秋天的时候 人们想 医生应该已经解决问题了 一个选择出现了 -- 人们必须从 恐惧接受中选择 -- 实际上是恐惧和漠视 -- 他们选择了怀疑 当疫苗在冬天出现的时候 很多人 -- 非常大的数量 -- 拒绝接种 这可以作为 人们的安全感和模型是如何 剧烈地 在没有新信息 的情况下改变的 这种情况经常发生
I'm going to give one more complication. We have feeling, model, reality. I have a very relativistic view of security. I think it depends on the observer. And most security decisions have a variety of people involved. And stakeholders with specific trade-offs will try to influence the decision. And I call that their agenda. And you see agenda -- this is marketing, this is politics -- trying to convince you to have one model versus another, trying to convince you to ignore a model and trust your feelings, marginalizing people with models you don't like. This is not uncommon. An example, a great example, is the risk of smoking. In the history of the past 50 years, the smoking risk shows how a model changes, and it also shows how an industry fights against a model it doesn't like.
现在我再把概念深入一点 我们有感觉、模型和现实 我认为安全其实还是相对的 它取决于观察者 大多数关于安全的决策 是由各种人群所参与决定的 有小算盘的利益相关者 有小算盘的利益相关者 会试着影响决策的进行 我称其为他们的议程 你可以瞧见这个议程 -- 不管是市场还是政治 -- 它尝试着说服你只拥有其中一种模型 说服你去忽视模型 而相信感觉 边缘化那些拥有跟你的模型的不同的人们 这很常见 这里有个例子,很好的例子,关于吸烟的危害 在过去50年里,吸烟的危害 展示了一个模型是怎么变化的 同时也展示了一个工业是怎么对付 一个它不喜欢的模型
Compare that to the secondhand smoke debate -- probably about 20 years behind. Think about seat belts. When I was a kid, no one wore a seat belt. Nowadays, no kid will let you drive if you're not wearing a seat belt. Compare that to the airbag debate, probably about 30 years behind. All examples of models changing. What we learn is that changing models is hard. Models are hard to dislodge. If they equal your feelings, you don't even know you have a model. And there's another cognitive bias I'll call confirmation bias, where we tend to accept data that confirms our beliefs and reject data that contradicts our beliefs. So evidence against our model, we're likely to ignore, even if it's compelling. It has to get very compelling before we'll pay attention.
你可以把它跟20年后 关于二手烟的争论相比较 再想想安全带 当我还小的时候,没人系安全带 现在呢,如果你不系安全带 没有哪个孩子会让你开车 你可以把它跟30年后 关于安全气囊的争论相比较 这几个例子里的模型都变了 由此我们可以的出结论,模型是很难被改变的 模型是很难被移除的 如果模型跟你的感觉相符 你甚至不知道你有个模型 再说另一个认知偏见 证实性偏见 意思是我们倾向于接受 那些能够支持我们观点的数据 而拒绝那些反对的 所以对于那些与我们的模型相反的证据 我们会忽略掉,即使它们很有说服力 那些证据必须非常非常令人信服,我们才会去关注
New models that extend long periods of time are hard. Global warming is a great example. We're terrible at models that span 80 years. We can do "to the next harvest." We can often do "until our kids grow up." But "80 years," we're just not good at. So it's a very hard model to accept. We can have both models in our head simultaneously -- that kind of problem where we're holding both beliefs together, the cognitive dissonance. Eventually, the new model will replace the old model.
一个时间跨度长的新模型难以让人接受 比如像全球变暖 我们很难接受一个 超过80年的的模型 我们可以接受一年的 我们也可以接受让一个小孩长大那么长的时间 但80年还是太难了 所以那是个非常难以让人接受的模型 我们可以同时拥有对同一件事情的 两个模型 此时,我们拥有同时两种信念 这种情况也叫认知不协调 最后
Strong feelings can create a model.
新模型代替了旧模型
September 11 created a security model in a lot of people's heads. Also, personal experiences with crime can do it, personal health scare, a health scare in the news. You'll see these called "flashbulb events" by psychiatrists. They can create a model instantaneously, because they're very emotive. So in the technological world, we don't have experience to judge models. And we rely on others. We rely on proxies. And this works, as long as it's the correct others.
强烈的感觉可以产生一个模型 911在很多人脑里 产生了一个安全模型 同时,个人的犯罪经历和 一次健康危机 -- 就是那种在新闻里可以看到的那种 -- 也可以产生模型 那些经历在心理学里叫做 闪光灯事件 它们能迅速地产生一个模型 因为引起了强烈的个人感情 所以在一个技术世界里 我们没有可以判断模型 的经历 我们依赖其他人,我们依赖于代理人 这样是可以的,只要它能够纠正错误就行
We rely on government agencies to tell us what pharmaceuticals are safe. I flew here yesterday. I didn't check the airplane. I relied on some other group to determine whether my plane was safe to fly. We're here, none of us fear the roof is going to collapse on us, not because we checked, but because we're pretty sure the building codes here are good. It's a model we just accept pretty much by faith. And that's OK.
我们依赖政府 来告诉我们哪些药品是安全的 我是昨天坐飞机来的 我没检查飞机是否安全 我依赖其他人 去决定我坐的飞机是否安全 我们坐在这里,没人担心屋顶会塌 不是因为我们亲自检查过 而是我们非常确定 这建筑符合规范 这是一种模型我们只是 因为信念而接受 这也没错
Now, what we want is people to get familiar enough with better models, have it reflected in their feelings, to allow them to make security trade-offs. When these go out of whack, you have two options. One, you can fix people's feelings, directly appeal to feelings. It's manipulation, but it can work. The second, more honest way is to actually fix the model. Change happens slowly. The smoking debate took 40 years -- and that was an easy one. Some of this stuff is hard. Really, though, information seems like our best hope.
现在,我们希望的是 人们能够认识一些 更好的模型 -- 在感觉里显现出来 -- 以帮助他们做出更好的权衡取舍 当感觉和模型分开的时候 你有两个选择 第一,改变人们的感觉 直接诉诸于感觉 这是一种操纵,但有效果 第二,更诚实一点的做法 就是改变模型 改变是很缓慢的 吸烟的争论持续了40年 而那还是比较简单的一个 有一些是非常困难的 是真的很困难 看起来信息是我们最好的希望
And I lied. Remember I said feeling, model, reality; reality doesn't change? It actually does. We live in a technological world; reality changes all the time. So we might have, for the first time in our species: feeling chases model, model chases reality, reality's moving -- they might never catch up. We don't know. But in the long term, both feeling and reality are important.
事实上我之前撒了个谎 我之前提到感觉、模型和现实 我说现实不会改变。事实上它会。 我们生活在一个技术的世界里 现实每时每刻都在改变 所以,可能是我们这个物种里的第一次 感觉追赶着模型,模型追赶着现实,而现实则在不断改变 它们可能永远也追不上 这点谁知道呢 但是就长期来看 感觉和现实是很重要的
And I want to close with two quick stories to illustrate this. 1982 -- I don't know if people will remember this -- there was a short epidemic of Tylenol poisonings in the United States. It's a horrific story. Someone took a bottle of Tylenol, put poison in it, closed it up, put it back on the shelf, someone else bought it and died. This terrified people. There were a couple of copycat attacks. There wasn't any real risk, but people were scared. And this is how the tamper-proof drug industry was invented. Those tamper-proof caps? That came from this. It's complete security theater. As a homework assignment, think of 10 ways to get around it. I'll give you one: a syringe. But it made people feel better. It made their feeling of security more match the reality.
结束前我想以两个小故事来说明这点 1982年 -- 我不知道人们还记不记得 -- 那时在美国发生了一次 时间不长但传播范围广的泰诺中毒事件 很可怕。有人拿了一瓶泰诺胶囊, 放毒进去,关上盖子,然后又放回货架 七个人买回去吃了然后中毒而死 人们很害怕 当时还有些模仿此投毒的行为 幸好后者没什么真正的危险,但人们被吓到了 这是防盗瓶盖产业 得以发展起来的原因 那些防盗瓶盖就是这么来的 它就是所谓的安全剧场 你们可以想想10种破解防盗瓶盖的方法 我先说一个,用注射器 即使没那么安全,但至少人们感觉更安全了 它让人们对安全的感觉 跟现实更为符合
Last story: a few years ago, a friend of mine gave birth. I visit her in the hospital. It turns out, when a baby's born now, they put an RFID bracelet on the baby, a corresponding one on the mother, so if anyone other than the mother takes the baby out of the maternity ward, an alarm goes off. I said, "Well, that's kind of neat. I wonder how rampant baby snatching is out of hospitals." I go home, I look it up. It basically never happens.
最后一个故事。几年前,我一个朋友要生了 我去医院看她 发现当一个婴儿出生后 他们会给婴儿戴上一个带RFID的手镯 然后给母亲也配一个对应的 这样,当一个不是母亲的人想把婴儿从产房带走 警报就会响 我说:“这措施不错。 我想知道在医院 偷盗婴儿的行为有多猖獗。” 回到家,我查了一下。 基本上从来没发生过
(Laughter)
但如果你仔细想想
But if you think about it, if you are a hospital, and you need to take a baby away from its mother, out of the room to run some tests, you better have some good security theater, or she's going to rip your arm off.
如果你是医生 你需要给婴儿从母亲身边带走 带出房间做点测试 你最好有安全剧院 不然的话那位母亲会把你的胳膊都拽下来
(Laughter)
(笑)
So it's important for us, those of us who design security, who look at security policy -- or even look at public policy in ways that affect security. It's not just reality; it's feeling and reality. What's important is that they be about the same. It's important that, if our feelings match reality, we make better security trade-offs.
所以,安全剧院这个概念对于 那些做安全设计的, 那些以实际效果来看待 安全政策或公共政策的人来说 是非常重要的 它不只是现实,它是感觉和现实 重要的是 它们几乎是一样的 如果我们的感觉和现实相符 我们就能够做出更好的关于安全的权衡取舍
Thank you.
谢谢
(Applause)
(鼓掌)