So, security is two different things: it's a feeling, and it's a reality. And they're different. You could feel secure even if you're not. And you can be secure even if you don't feel it. Really, we have two separate concepts mapped onto the same word. And what I want to do in this talk is to split them apart -- figuring out when they diverge and how they converge. And language is actually a problem here. There aren't a lot of good words for the concepts we're going to talk about. So if you look at security from economic terms, it's a trade-off.
安全有兩種涵義 感覺上的安全,和真實裡的安全 二者並不相同 你可能感到安全 但現實情況是不安全的 而在真實的安全中 卻感到不安全 確實,這兩種不同的概念 被放在同一個字詞裡 這個演講的目的 就是將它們區分清楚 -- 探討它們何時會分歧 又在什麼狀況下合而為一 語言本身是個問題 因為沒有足夠合適的字詞 來傳達我們要談到的概念 用經濟學的角度 來看安全 安全就是一項權衡的交易
Every time you get some security, you're always trading off something. Whether this is a personal decision -- whether you're going to install a burglar alarm in your home -- or a national decision, where you're going to invade a foreign country -- you're going to trade off something: money or time, convenience, capabilities, maybe fundamental liberties. And the question to ask when you look at a security anything is not whether this makes us safer, but whether it's worth the trade-off. You've heard in the past several years, the world is safer because Saddam Hussein is not in power. That might be true, but it's not terribly relevant. The question is: Was it worth it? And you can make your own decision, and then you'll decide whether the invasion was worth it. That's how you think about security: in terms of the trade-off.
要得到安全 一定要先付出 無論是個人的決定- 例如在家中安裝防盜警鈴 還是攸關國家安全的決策-例如侵略他國 你總得有所付出 不是錢就是時間,或是便利性,能力 也可能是基本自由 面對安全議題,該問的 不是「這樣做會更安全嗎」 而是「值得付出這個代價嗎」 在過去這幾年,你們都聽過這種說法 我們的世界更安全是因為薩達姆.海珊垮台的緣故 兩件事情也許都是真的,但兩者之間卻沒有關連 該問的問題是,這樣做值得嗎? 你可以做出自己的選擇 然後判斷是否值得為此入侵他國 這就是以權衡的觀點 來分析安全的方法
Now, there's often no right or wrong here. Some of us have a burglar alarm system at home and some of us don't. And it'll depend on where we live, whether we live alone or have a family, how much cool stuff we have, how much we're willing to accept the risk of theft. In politics also, there are different opinions. A lot of times, these trade-offs are about more than just security, and I think that's really important. Now, people have a natural intuition about these trade-offs. We make them every day. Last night in my hotel room, when I decided to double-lock the door, or you in your car when you drove here; when we go eat lunch and decide the food's not poison and we'll eat it.
決定沒有正確或錯誤之分 有人在家裡安裝防盜警鈴系統 有人不裝 這取決於我們居住的地點 是獨居或是與家人同住 擁有多少值錢的物品 以及願意承擔多少竊盜損失 竊盜損失 政治上也一樣 各種意見分歧 在權衡得失時 通常要考慮的不只有安全因素 我認為這點很重要 人們對於抉擇 有天生的直覺 我們每天都在做決定 像是昨晚在飯店 我決定把房門上雙層鎖 或是當你在車裡決定開車來此地的時候 或是我們吃午餐時 先判斷食物沒有毒,才決定吃它
We make these trade-offs again and again, multiple times a day. We often won't even notice them. They're just part of being alive; we all do it. Every species does it. Imagine a rabbit in a field, eating grass. And the rabbit sees a fox. That rabbit will make a security trade-off: "Should I stay, or should I flee?" And if you think about it, the rabbits that are good at making that trade-off will tend to live and reproduce, and the rabbits that are bad at it will get eaten or starve. So you'd think that us, as a successful species on the planet -- you, me, everybody -- would be really good at making these trade-offs. Yet it seems, again and again, that we're hopelessly bad at it.
一天中有很多場合需要 需要一再地做出決定 大部分的時後,我們甚至不會留意到這點 因為這已是我們生存的一部份;我們都是這樣的 每個物種也都一樣 試想原野中的一隻兔子,正在吃著草 這時牠見到一隻狐狸 兔子需要做一個攸關安全的抉擇 留下還是逃命? 你認為 擅長做出正確決定的兔子 比較容易存活且繁衍下去 而做出錯誤決定的兔子 不是被吃就是餓死了 那麼 在地球上表現傑出優異的我們 -- 包括你、我、以及每個人 -- 必定也擅長做出正確抉擇吧 然而,事實似乎一再地證明 人類做出的決策糟糕無比
And I think that's a fundamentally interesting question. I'll give you the short answer. The answer is, we respond to the feeling of security and not the reality. Now, most of the time, that works. Most of the time, feeling and reality are the same. Certainly that's true for most of human prehistory. We've developed this ability because it makes evolutionary sense. One way to think of it is that we're highly optimized for risk decisions that are endemic to living in small family groups in the East African Highlands in 100,000 BC. 2010 New York, not so much. Now, there are several biases in risk perception. A lot of good experiments in this. And you can see certain biases that come up again and again. I'll give you four.
這問題非常重要也相當有趣 我給你們一個簡短的解答 答案是,因為人類是依據對安全的感覺做出判斷 而非依據真實的安全狀況 大部分的情況下,這麼做是正確的 因為大多數的時候 感覺和真實是一致的 人類在史前時代 也是這樣的 我們發展出這種能力 是因演化而來 有些看法認為 人類目前所擁有的最佳能力 是為了配合 公元前100,000年在東非高地生活的小型家庭 他們生存所須具備的風險決策能力 但已不太符合在2010年的紐約生存的條件了 如今,人類的風險感知能力出現偏差 很多的實驗在探討這點 某些類型的偏差會反覆出現 我會說明其中的四種
We tend to exaggerate spectacular and rare risks and downplay common risks -- so, flying versus driving. The unknown is perceived to be riskier than the familiar. One example would be: people fear kidnapping by strangers, when the data supports that kidnapping by relatives is much more common. This is for children. Third, personified risks are perceived to be greater than anonymous risks. So, Bin Laden is scarier because he has a name. And the fourth is: people underestimate risks in situations they do control and overestimate them in situations they don't control. So once you take up skydiving or smoking, you downplay the risks. If a risk is thrust upon you -- terrorism is a good example -- you'll overplay it, because you don't feel like it's in your control.
一,我們容易誇大驚心動魄且不常見的風險 卻低估常見的風險 例如搭飛機的風險對比陸地上駕駛的風險 二,我們認為未知的事 比起熟知的事更加危險 其中一個例子是 人們害怕被陌生人綁架 但資料顯示被親友綁架的案件更普遍 這裡指的是誘拐孩童 三,我們認為具名化的事件 比不具名事件的風險高 賓拉登很恐怖,正是因為他有個名字 第四 人們容易在可以控制狀況時 低估風險 在不能控制的情境中高估風險 所以,你開始特技跳傘或是抽菸後 就會忽略它的風險 面對突如其來的危險-例如恐怖主義 人們會過度反應,是因為覺得無法控制狀況
There are a bunch of other of these cognitive biases, that affect our risk decisions. There's the availability heuristic, which basically means we estimate the probability of something by how easy it is to bring instances of it to mind. So you can imagine how that works. If you hear a lot about tiger attacks, there must be a lot of tigers around. You don't hear about lion attacks, there aren't a lot of lions around. This works, until you invent newspapers, because what newspapers do is repeat again and again rare risks. I tell people: if it's in the news, don't worry about it, because by definition, news is something that almost never happens.
類似的偏差還有很多,這些認知的偏差 影響我們的風險決策 所謂”可得性捷思” 指的是 人在評估事件可能發生的機率時 是基於該事件在我們心目中容易聯想的程度 像一下這是怎麼運作的 聽到多起老虎攻擊事件,就表示附近老虎很多 沒聽到獅子攻擊事件,就表示附近的獅子不多 直到新聞報紙被發明前,這種判斷準則是成立的 因為報紙所做的 就是一再地重複報導 那些鮮少發生的危險 我要告訴大家,新聞中報導的事情,都無需煩憂 因為根據定義 新聞就是不會發生的事件
(Laughter)
(笑)
When something is so common, it's no longer news. Car crashes, domestic violence -- those are the risks you worry about. We're also a species of storytellers. We respond to stories more than data. And there's some basic innumeracy going on. I mean, the joke "One, two, three, many" is kind of right. We're really good at small numbers. One mango, two mangoes, three mangoes, 10,000 mangoes, 100,000 mangoes -- it's still more mangoes you can eat before they rot. So one half, one quarter, one fifth -- we're good at that. One in a million, one in a billion -- they're both almost never.
太常見的事件,就不會是新聞 像是車禍,家庭暴力 這些才是我們該擔憂的 人類是說故事的物種 比起數據,故事更容易影響我們 人類多少有點數字文盲,我的意思是 有個笑話說:人只會數一,二,三,很多. 人真的是這樣,我們對小數字很在行 一個芒果,兩個芒果,三個芒果 一萬個芒果,十萬的芒果 在它們腐壞前,還有許多芒果可吃 ½,¼, 1/5,這些數字我們也都很在行 百萬分之一,十億分之一 這些被當作幾乎沒有
So we have trouble with the risks that aren't very common. And what these cognitive biases do is they act as filters between us and reality. And the result is that feeling and reality get out of whack, they get different. Now, you either have a feeling -- you feel more secure than you are, there's a false sense of security. Or the other way, and that's a false sense of insecurity.
所以,一旦面對不尋常的危機 我們就不知該怎麼對付了 認知的偏見 如同濾鏡般,存在我們和真實之間 於是 感覺背離了真實 他們不再相同 並產生兩種可能狀況,一是擁有過多的安全感 這是錯誤的安全感 另一種是, 錯誤的不安全感
I write a lot about "security theater," which are products that make people feel secure, but don't actually do anything. There's no real word for stuff that makes us secure, but doesn't make us feel secure. Maybe it's what the CIA is supposed to do for us. So back to economics. If economics, if the market, drives security, and if people make trade-offs based on the feeling of security, then the smart thing for companies to do for the economic incentives is to make people feel secure. And there are two ways to do this.
我寫過很多關於「安全劇院」的文章 它是一種可以讓人們感覺到安全的機制 但事實上並沒有改善實際的安全狀況 沒有確切的字眼來形容那種能改善真實安全 但無法增加安全感的機制 CIA該為我們做的也許就是這個 回到經濟學 如果經濟,或者市場,是驅動安全的力量 而人們是依據對安全的感覺 來進行交易 那麼,公司想要促進經濟誘因的 最佳策略 就是讓人們感覺到安全 有兩種方式可以達成這個目的
One, you can make people actually secure and hope they notice. Or two, you can make people just feel secure and hope they don't notice. Right? So what makes people notice? Well, a couple of things: understanding of the security, of the risks, the threats, the countermeasures, how they work. But if you know stuff, you're more likely to have your feelings match reality. Enough real-world examples helps. We all know the crime rate in our neighborhood, because we live there, and we get a feeling about it that basically matches reality. Security theater is exposed when it's obvious that it's not working properly.
一是讓人們在真實中更安全 並且期盼他們有留意到這點 或者你也可以讓人們只是感覺更安全 但你要期望他們不會發現到真相 究竟什麼會引起人們關注 舉例來說 對安全的認知程度 對風險及威脅的認知 以及了解如何採取對策等 知道得更多 感覺和真實就愈趨一致 真實世界中有很多這方面的例子 我們對居家附近區域的犯罪率很明瞭 因為我們住在這裡,所以我們對治安的感覺 基本上符合真實狀況 安全劇院所揭露的 是真實與感覺明顯背離的情況
OK. So what makes people not notice? Well, a poor understanding. If you don't understand the risks, you don't understand the costs, you're likely to get the trade-off wrong, and your feeling doesn't match reality. Not enough examples. There's an inherent problem with low-probability events. If, for example, terrorism almost never happens, it's really hard to judge the efficacy of counter-terrorist measures. This is why you keep sacrificing virgins, and why your unicorn defenses are working just great. There aren't enough examples of failures. Also, feelings that cloud the issues -- the cognitive biases I talked about earlier: fears, folk beliefs -- basically, an inadequate model of reality.
那麼,又是什麼讓人們忽略安全? 認知不足 不了解風險,不了解代價 就愈可能做出錯誤的安全策略 並且無法感覺真實情況 相關的例子不多 對於不常發生的事件 這是本質上存在的問題 舉例來說 如果恐怖主義幾乎是不曾發生的 那麼要判斷反恐措施的功效 就難上加難了 這就是為什麼人們不斷地奉獻處女祭祀 或是將過錯推諉給編造出來的「他」,都很有用 因為災難本來就不多 加上心理作用作祟 就是我剛剛所說的認知偏差 恐懼,民間信仰 這些基本上都無法適當地反映真實
So let me complicate things. I have feeling and reality. I want to add a third element. I want to add "model." Feeling and model are in our head, reality is the outside world; it doesn't change, it's real. Feeling is based on our intuition, model is based on reason. That's basically the difference. In a primitive and simple world, there's really no reason for a model, because feeling is close to reality. You don't need a model. But in a modern and complex world, you need models to understand a lot of the risks we face.
讓我把事情弄得再複雜些 除了感覺,以及真實的世界 我想再加上第三個元素-模型 感覺和模型存在腦海裡 而真實存在於外在 它不會變,它是真實的 感覺是基於直覺 模型是基於理智 這是兩者最基本的差異 在遠古的簡單世界裡 模型沒有存在的意義 因為感覺和真實非常的接近 你不需要模型 但在現代複雜的社會 你需要模型 來解析我們面對的風險
There's no feeling about germs. You need a model to understand them. This model is an intelligent representation of reality. It's, of course, limited by science, by technology. We couldn't have a germ theory of disease before we invented the microscope to see them. It's limited by our cognitive biases. But it has the ability to override our feelings. Where do we get these models? We get them from others. We get them from religion, from culture, teachers, elders.
我們無法用感覺來認識細菌 所以需要模型 模型可以 清楚地呈現真實 然而,模型受限於科學 與技術 在顯微鏡被發明來觀測細菌以前 疾病的細菌理論就不可能存在 模型也受限於我們認知的偏差 但它的能力 足以駕馭我們的感覺 模型來自何處? 通常是從他人而來 可能是宗教,文化 老師或是長老
A couple years ago, I was in South Africa on safari. The tracker I was with grew up in Kruger National Park. He had some very complex models of how to survive. And it depended on if you were attacked by a lion, leopard, rhino, or elephant -- and when you had to run away, when you couldn't run away, when you had to climb a tree, when you could never climb a tree. I would have died in a day. But he was born there, and he understood how to survive. I was born in New York City. I could have taken him to New York, and he would have died in a day.
數年前 我到南非進行狩獵之旅 我的追蹤嚮導是在克魯格國家公園長大的 他的求生模型非常的複雜 遭受到不同動物攻擊有不同的模型 像是獅子、美洲豹、犀牛或是大象 依照不同的情況:在何時必須逃跑,或是爬樹 或者無法爬樹,採用的模型也不同 我在那裡可能活不過一天 但他生於此 他了解此地求生之道 我生於紐約市 如果我帶他到紐約,那他可能也活不過一天吧
(Laughter)
(笑聲)
Because we had different models based on our different experiences. Models can come from the media, from our elected officials ... Think of models of terrorism, child kidnapping, airline safety, car safety. Models can come from industry. The two I'm following are surveillance cameras, ID cards, quite a lot of our computer security models come from there.
因為我們有不同的生存模型 這來自我們不同的經驗 模型來自媒體 也來自我們選出的官員 回想一下恐怖攻擊 幼童綁票 飛行安全以及汽車安全這些模型 模型也來自工業界 我最近關注在監控攝影機 和身分證這兩項議題 很多資訊安全的模型與此有關
A lot of models come from science. Health models are a great example. Think of cancer, bird flu, swine flu, SARS. All of our feelings of security about those diseases come from models given to us, really, by science filtered through the media. So models can change. Models are not static. As we become more comfortable in our environments, our model can move closer to our feelings.
很多模型來自科學 和健康相關的模型是很好的例子 例如癌症,禽流感,豬流感以及SARS 我們對這些疾病 產生的危機感 其實是來自於模型 模型由科學家提供,經過媒體傳達給我們 模型是變動的 不是固定的 當我們對愈適應環境時 模型會愈趨近我們的感覺
So an example might be, if you go back 100 years ago, when electricity was first becoming common, there were a lot of fears about it. There were people who were afraid to push doorbells, because there was electricity in there, and that was dangerous. For us, we're very facile around electricity. We change light bulbs without even thinking about it. Our model of security around electricity is something we were born into. It hasn't changed as we were growing up. And we're good at it. Or think of the risks on the Internet across generations -- how your parents approach Internet security, versus how you do, versus how our kids will.
另一個的例子可能是這樣的 假設你回到100年前 當時電力剛開始普及 人們對電力存有相當多的恐懼 像是,有人害怕壓門鈴 因為那裡有電,非常危險 現在的我們對電力已相當熟悉了 像是換燈泡這種事情 我們不會去想它的安全問題 我們對電力的安全認知模型 幾乎是與生俱來的 長大後也沒變過 我們很擅長運用電力 你也可以想想看 不同世代對網際網路的風險評估 你的父母親是怎麼看待網路安全的 對照一下你自己的做法 再對照一下我們的下一代,他們將會如何做
Models eventually fade into the background. "Intuitive" is just another word for familiar. So as your model is close to reality and it converges with feelings, you often don't even know it's there. A nice example of this came from last year and swine flu. When swine flu first appeared, the initial news caused a lot of overreaction. Now, it had a name, which made it scarier than the regular flu, even though it was more deadly. And people thought doctors should be able to deal with it. So there was that feeling of lack of control. And those two things made the risk more than it was.
模型最終會融到我們的生活背景 直覺其實是來自於熟悉 當模型與真實接近時 並且與感覺合而為一 此時,你感覺不到它的存在 有個很好的例子 就是去年發生的豬流感 豬流感剛開始時 最初的報導引起許多過度恐慌 接著,它有正式名稱了 這使得它比一般感冒更恐怖 即使一般感冒致死率更高 人們原本認為醫生應該可以處理豬流感 這時,我們覺得事情失控了 由於以上兩項因素
As the novelty wore off and the months went by, there was some amount of tolerance; people got used to it. There was no new data, but there was less fear. By autumn, people thought the doctors should have solved this already. And there's kind of a bifurcation: people had to choose between fear and acceptance -- actually, fear and indifference -- and they kind of chose suspicion. And when the vaccine appeared last winter, there were a lot of people -- a surprising number -- who refused to get it. And it's a nice example of how people's feelings of security change, how their model changes, sort of wildly, with no new information, with no new input. This kind of thing happens a lot.
風險顯得比實際狀況更高 數個月過後,人們對新事物的陌生恐懼逐漸淡去 接納度提升 也漸漸習慣了 雖然沒有新進展,但是恐懼減少了 在秋天來臨前 人們相信 醫生已經解決問題了 這時出現了分歧 人們必須 在恐懼或是接受中做出選擇 更正確的說,是恐懼和忽視 最後,人們選擇了懷疑 當疫苗在去年冬天上市時 很多人 -- 令人驚訝的數目 反而拒絕疫苗接種 這個例子很清楚指出 人們的安全感是如何改變,模型又是如何改變 在沒有新資訊 也沒有新來源時 也會有巨大的改變 這樣的事情其實常常發生
I'm going to give one more complication. We have feeling, model, reality. I have a very relativistic view of security. I think it depends on the observer. And most security decisions have a variety of people involved. And stakeholders with specific trade-offs will try to influence the decision. And I call that their agenda. And you see agenda -- this is marketing, this is politics -- trying to convince you to have one model versus another, trying to convince you to ignore a model and trust your feelings, marginalizing people with models you don't like. This is not uncommon. An example, a great example, is the risk of smoking. In the history of the past 50 years, the smoking risk shows how a model changes, and it also shows how an industry fights against a model it doesn't like.
現在,我要再加上一個複雜的因素 除了感覺,模型,真實三項因素 我認為安全是相對的 因人而異 多數的安全決策 牽扯到許多不同類型的人 有利益牽扯的 利害關係人 會試圖去影響決定 我稱之為關係人的「議程規畫表」 這個規畫表 是一種行銷,也是政治 它企圖影響你信任某種模型而放棄另一個 企圖影響去忽視模型 只信任你的感覺 並且邊緣化那些採用你不喜歡的模型的人 這並非不尋常 一個例子,很好的例子,就是關於抽菸的危害 過去50 年的歷史,抽菸風險的變化 顯示出模型是如何改變的 也顯示出業界如何對付 它們不喜歡的模型
Compare that to the secondhand smoke debate -- probably about 20 years behind. Think about seat belts. When I was a kid, no one wore a seat belt. Nowadays, no kid will let you drive if you're not wearing a seat belt. Compare that to the airbag debate, probably about 30 years behind. All examples of models changing. What we learn is that changing models is hard. Models are hard to dislodge. If they equal your feelings, you don't even know you have a model. And there's another cognitive bias I'll call confirmation bias, where we tend to accept data that confirms our beliefs and reject data that contradicts our beliefs. So evidence against our model, we're likely to ignore, even if it's compelling. It has to get very compelling before we'll pay attention.
相對起來,關於二手煙的討論 晚了約20年 再看看安全帶 我小的時後,沒有人繫安全帶 而現今,如果不繫上安全帶 連小孩都會阻止你開車 相對起來,安全氣囊的討論 落後了約三十年 所有的模型都會改變 我們目前知道的是,模型的改變不容易 模型也很難被移走 當它們和感覺完全相同時 你甚至不知道模型的存在 另一種認知偏見 我認為是肯證偏見 是指人們傾向於接受 和自己立場相符的訊息 而拒絕與我們立場相左的資訊 所以和我們模型不符的證據 我們也會忽略它,不管它多麼的讓人信服 它必須強烈到無法忽視,才能引起我們的注意
New models that extend long periods of time are hard. Global warming is a great example. We're terrible at models that span 80 years. We can do "to the next harvest." We can often do "until our kids grow up." But "80 years," we're just not good at. So it's a very hard model to accept. We can have both models in our head simultaneously -- that kind of problem where we're holding both beliefs together, the cognitive dissonance. Eventually, the new model will replace the old model.
跨越長時間的新模型是難以接受的 全球暖化的議題就是個例子 我們很難接受 一個長達八十年之久的模型 我們可以應付下一個收割季來臨前的問題 也可以應付小孩長大前的事情 但是八十年耶,我們不知道怎麼辦了 所以,接受這種模型並不容易 兩種模型可能並存在大腦中 就像對某些事情 我們會有兩種信念 這是種認知失調 但最後
Strong feelings can create a model.
舊模型終將被新模型取代
September 11 created a security model in a lot of people's heads. Also, personal experiences with crime can do it, personal health scare, a health scare in the news. You'll see these called "flashbulb events" by psychiatrists. They can create a model instantaneously, because they're very emotive. So in the technological world, we don't have experience to judge models. And we rely on others. We rely on proxies. And this works, as long as it's the correct others.
強烈的感覺可以產生模型 九一一事件在很多人的心裡 建立新的安全模型 還有,個人經歷的犯罪事件 個人的健康危機 以及新聞報導中的健康問題都會產生新模型 精神病專家稱之為 閃光燈效應 這些事件可以立即產生新模型 因為他們引起強烈的情緒 在科技的世界裡 我們沒有經驗 足以判斷模型 所以,我們仰賴他人,我們仰賴代理人 只要代理人能夠指正錯誤,這樣做是可行的。
We rely on government agencies to tell us what pharmaceuticals are safe. I flew here yesterday. I didn't check the airplane. I relied on some other group to determine whether my plane was safe to fly. We're here, none of us fear the roof is going to collapse on us, not because we checked, but because we're pretty sure the building codes here are good. It's a model we just accept pretty much by faith. And that's OK.
我們依賴政府機關 來告訴我們藥物是安全的 我昨天搭機來此地 我沒有檢查飛機 是因為另一群人 會先檢查飛機是否安全 我們在這裡,沒有人擔心屋頂會垮下來 不是因為我們檢查過了 而是我們非常確定 建築法規很建全 基於這樣的信念 我們接受這個模型 它也運作得很好
Now, what we want is people to get familiar enough with better models, have it reflected in their feelings, to allow them to make security trade-offs. When these go out of whack, you have two options. One, you can fix people's feelings, directly appeal to feelings. It's manipulation, but it can work. The second, more honest way is to actually fix the model. Change happens slowly. The smoking debate took 40 years -- and that was an easy one. Some of this stuff is hard. Really, though, information seems like our best hope.
我們希望 人們能去了解 更好的模型 真正反應出感覺的模型 幫助人們可以在安全上做出正確的抉擇 當模型與感覺不一致時 你有兩個選擇 其一是,先修正個人的感覺 然後直接針對感覺下判斷 雖然動了點手腳,但是行的通 第二種方式比較誠實 就是去修正模型 改變是很緩慢的 抽菸的辯論持續了40年 這還算是簡單的 有些改變很難 相當困難 要靠絕對的資訊才有希望能改變
And I lied. Remember I said feeling, model, reality; reality doesn't change? It actually does. We live in a technological world; reality changes all the time. So we might have, for the first time in our species: feeling chases model, model chases reality, reality's moving -- they might never catch up. We don't know. But in the long term, both feeling and reality are important.
我剛撒了一個謊 在說到感覺、模型和真實三個因素時 我說,真實是不會變的,事實上它會 我們處在科技的世界 所謂的真實一直都在變 第一次,我們人類這個物種發生這種現象 感覺追逐模型,模型追逐真實,而真實不停的跑 它們可能永遠也追不上 我們不知道結果 但是,就長期來說 感覺和真實都是重要的
And I want to close with two quick stories to illustrate this. 1982 -- I don't know if people will remember this -- there was a short epidemic of Tylenol poisonings in the United States. It's a horrific story. Someone took a bottle of Tylenol, put poison in it, closed it up, put it back on the shelf, someone else bought it and died. This terrified people. There were a couple of copycat attacks. There wasn't any real risk, but people were scared. And this is how the tamper-proof drug industry was invented. Those tamper-proof caps? That came from this. It's complete security theater. As a homework assignment, think of 10 ways to get around it. I'll give you one: a syringe. But it made people feel better. It made their feeling of security more match the reality.
我以兩個簡短的故事證明這點,並以此做為總結 1982 年,不知道你們還記不記得 當時美國有個很短暫但散播很廣的 泰諾(Thlenol)止痛藥中毒事件 事情很可怕.有人取走一瓶的泰諾 在裡面下毒,關上盒蓋,又放回架上販賣 其他人買下這瓶藥後,中毒死亡 事情嚇壞了群眾 當時還有數起模仿這個手法的攻擊事件 雖然沒有真正的危險,但是民眾嚇壞了 這事件驅使 藥品業界發明防盜安全裝置 那些防盜安全瓶蓋就是這樣來的 這就是安全劇場 這是你們的作業-想出十個破解安全瓶蓋的方法 我先給個答案,針筒 但是安全瓶蓋確實讓人們感覺比較安全 這使得人們對安全的感覺 和實際情況更符合
Last story: a few years ago, a friend of mine gave birth. I visit her in the hospital. It turns out, when a baby's born now, they put an RFID bracelet on the baby, a corresponding one on the mother, so if anyone other than the mother takes the baby out of the maternity ward, an alarm goes off. I said, "Well, that's kind of neat. I wonder how rampant baby snatching is out of hospitals." I go home, I look it up. It basically never happens.
最後一個故事,數年前,我的一個朋友生小孩 我去醫院看她 才發現現在小孩出生時 要繫上RFID(無線射頻辨識系統) 手環 母親也配戴對應的RFID 所以,除了母親以外的人抱小孩離開產房 警報就會響起 我說:「哇!這真棒 那些猖獗的嬰兒綁架犯 怎麼可能走的出醫院」 回到家,我查了一下資料 發現嬰兒綁架幾乎不曾發生
(Laughter)
你想想看
But if you think about it, if you are a hospital, and you need to take a baby away from its mother, out of the room to run some tests, you better have some good security theater, or she's going to rip your arm off.
如果你是個醫務人員 你需要從母親的手中把嬰兒 帶出房間去進行檢驗 那你最好有些絕佳的安全策略 不然你的手臂一定會被嬰兒的母親扭斷
(Laughter)
(笑聲)
So it's important for us, those of us who design security, who look at security policy -- or even look at public policy in ways that affect security. It's not just reality; it's feeling and reality. What's important is that they be about the same. It's important that, if our feelings match reality, we make better security trade-offs.
這對我們很重要 有些人從事安全設計 有人審視安全政策 或是研究 會影響安全的公共政策 要考慮的不是只有真實,而是感覺與真實兩者 重要的是 這兩者要盡可能相同 這是重要的,當我們的感覺和真實更一致 才能在安全議題上做出更好的選擇
Thank you.
謝謝
(Applause)
(鼓掌)