Liars and Outliers by Bruce Schneier
Author:Bruce Schneier [Schneier, Bruce]
Language: eng
Format: epub, azw3, pdf
Published: 0101-01-01T00:00:00+00:00
$10,000, and the chance of her getting caught and fined is 10%, then any fine
over $100,000 will keep her cooperating (assuming she’s rational and that losing
$100,000 matters to her).
Now consider a large sandwich corporation, ALICE Foods. Because ALICE
Foods sells so many more sandwiches, its increased profit from defecting is
$1,000,000. With the same 10% probability of penalty, the fine has to be over
$10,000,000 to keep it from defecting. But there’s another issue. ALICE Foods
only has $5,000,000 in assets. For it, the maximum possible fine is everything
Book 1.indb 192
5/17/2012 6:47:58 PM
Corporations 193
the corporation has. Any penalty greater than $5,000,000 can be treated as
$5,000,000. So ALICE Foods will rationally defect for any increased profit
greater than $500,000, regardless of what the fine is set at (again, assuming the
same 10% chance of being fined and no semblance of conscience).
Think of it this way. Suppose ALICE Foods makes $10,000,000 a year, but
has a 5% chance of killing lots of people (or of encountering some other event
that would bankrupt the company). Over the long run, this is a guaranteed loss-
making business. But in the short term, management can expect ten years of
profit. There is considerable incentive for the CEO to take the risk.
Of course, that incentive is counteracted by any laws that ascribe personal lia-
bility for those decisions. And the difficulty of doing the math means that many
companies won’t make these sorts of conscious decisions. But there always will
be some defectors that will.
This problem occurs more frequently as the value of defecting increases with
respect to the total value to the company. It’s much easier for a large corporation
to make many millions of dollars through breaking the law. But as long as the
maximum possible penalty to the corporation is bankruptcy, there will be illegal
activities that are perfectly rational to undertake as long as the probability of
penalty is small enough.20
Any company that is too big to fail—that the government will bail out rather
than let fail—is the beneficiary of a free insurance policy underwritten by tax-
payers. So while a normal-sized company would evaluate both the costs and
benefits of defecting, a too-big-to-fail company knows that someone else will
pick up the costs. This is a moral hazard that radically changes the risk trade-off,
and limits the effectiveness of institutional pressure.
Of course, I’m not saying that all corporations will make these calculations
and do whatever illegal activity is under consideration. There are still both moral
and reputational pressures in place that keep both individuals and corporations
from defecting. But the increasing power and scale of corporations is making
this kind of failure more likely. If you assume that penalties are reasonably cor-
related with damages—and that a company can’t buy insurance against this sort
of malfeasance—then as companies can do more damaging things, the penalties
against doing them become less effective as security measures. If a company
can adversely affect the health of tens of millions of people, or cause large-scale
environmental damage, the harm can easily dwarf the total value of the com-
pany. In a nutshell, the bigger the corporation, the greater the likelihood it could
unleash a massive catastrophe on society.
Book 1.indb 193
5/17/2012 6:47:58 PM
Book 1.
Download
Liars and Outliers by Bruce Schneier.azw3
Liars and Outliers by Bruce Schneier.pdf
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.
Cryptography | Encryption |
Hacking | Network Security |
Privacy & Online Safety | Security Certifications |
Viruses |
Effective Threat Investigation for SOC Analysts by Yahia Mostafa;(6861)
Practical Memory Forensics by Svetlana Ostrovskaya & Oleg Skulkin(6558)
Machine Learning Security Principles by John Paul Mueller(6523)
Attacking and Exploiting Modern Web Applications by Simone Onofri & Donato Onofri(6188)
Operationalizing Threat Intelligence by Kyle Wilhoit & Joseph Opacki(6156)
Solidity Programming Essentials by Ritesh Modi(4173)
Microsoft 365 Security, Compliance, and Identity Administration by Peter Rising(3807)
Operationalizing Threat Intelligence by Joseph Opacki Kyle Wilhoit(3559)
Mastering Python for Networking and Security by José Manuel Ortega(3377)
Future Crimes by Marc Goodman(3369)
Mastering Azure Security by Mustafa Toroman and Tom Janetscheck(3359)
Blockchain Basics by Daniel Drescher(3329)
Learn Computer Forensics - Second Edition by William Oettinger(3305)
Incident Response with Threat Intelligence by Roberto Martínez(3028)
Building a Next-Gen SOC with IBM QRadar: Accelerate your security operations and detect cyber threats effectively by Ashish M Kothekar(3008)
Mobile App Reverse Engineering by Abhinav Mishra(2902)
Mastering Bitcoin: Programming the Open Blockchain by Andreas M. Antonopoulos(2891)
The Code Book by Simon Singh(2856)
From CIA to APT: An Introduction to Cyber Security by Edward G. Amoroso & Matthew E. Amoroso(2800)
