Liars and Outliers by Bruce Schneier
Author:Bruce Schneier [Schneier, Bruce]
Language: eng
Format: epub, azw3, pdf
Published: 0101-01-01T00:00:00+00:00
$10,000, and the chance of her getting caught and fined is 10%, then any fine
over $100,000 will keep her cooperating (assuming she’s rational and that losing
$100,000 matters to her).
Now consider a large sandwich corporation, ALICE Foods. Because ALICE
Foods sells so many more sandwiches, its increased profit from defecting is
$1,000,000. With the same 10% probability of penalty, the fine has to be over
$10,000,000 to keep it from defecting. But there’s another issue. ALICE Foods
only has $5,000,000 in assets. For it, the maximum possible fine is everything
Book 1.indb 192
5/17/2012 6:47:58 PM
Corporations 193
the corporation has. Any penalty greater than $5,000,000 can be treated as
$5,000,000. So ALICE Foods will rationally defect for any increased profit
greater than $500,000, regardless of what the fine is set at (again, assuming the
same 10% chance of being fined and no semblance of conscience).
Think of it this way. Suppose ALICE Foods makes $10,000,000 a year, but
has a 5% chance of killing lots of people (or of encountering some other event
that would bankrupt the company). Over the long run, this is a guaranteed loss-
making business. But in the short term, management can expect ten years of
profit. There is considerable incentive for the CEO to take the risk.
Of course, that incentive is counteracted by any laws that ascribe personal lia-
bility for those decisions. And the difficulty of doing the math means that many
companies won’t make these sorts of conscious decisions. But there always will
be some defectors that will.
This problem occurs more frequently as the value of defecting increases with
respect to the total value to the company. It’s much easier for a large corporation
to make many millions of dollars through breaking the law. But as long as the
maximum possible penalty to the corporation is bankruptcy, there will be illegal
activities that are perfectly rational to undertake as long as the probability of
penalty is small enough.20
Any company that is too big to fail—that the government will bail out rather
than let fail—is the beneficiary of a free insurance policy underwritten by tax-
payers. So while a normal-sized company would evaluate both the costs and
benefits of defecting, a too-big-to-fail company knows that someone else will
pick up the costs. This is a moral hazard that radically changes the risk trade-off,
and limits the effectiveness of institutional pressure.
Of course, I’m not saying that all corporations will make these calculations
and do whatever illegal activity is under consideration. There are still both moral
and reputational pressures in place that keep both individuals and corporations
from defecting. But the increasing power and scale of corporations is making
this kind of failure more likely. If you assume that penalties are reasonably cor-
related with damages—and that a company can’t buy insurance against this sort
of malfeasance—then as companies can do more damaging things, the penalties
against doing them become less effective as security measures. If a company
can adversely affect the health of tens of millions of people, or cause large-scale
environmental damage, the harm can easily dwarf the total value of the com-
pany. In a nutshell, the bigger the corporation, the greater the likelihood it could
unleash a massive catastrophe on society.
Book 1.indb 193
5/17/2012 6:47:58 PM
Book 1.
Download
Liars and Outliers by Bruce Schneier.azw3
Liars and Outliers by Bruce Schneier.pdf
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.
Cryptography | Encryption |
Hacking | Network Security |
Privacy & Online Safety | Security Certifications |
Viruses |
Future Crimes by Marc Goodman(3002)
Mastering Python for Networking and Security by José Manuel Ortega(2951)
Blockchain Basics by Daniel Drescher(2891)
Mastering Bitcoin: Programming the Open Blockchain by Andreas M. Antonopoulos(2511)
From CIA to APT: An Introduction to Cyber Security by Edward G. Amoroso & Matthew E. Amoroso(2483)
Practical Threat Detection Engineering by Megan Roddie & Jason Deyalsingh & Gary J. Katz(2357)
The Art Of Deception by Kevin Mitnick(2297)
Effective Threat Investigation for SOC Analysts by Yahia Mostafa;(2212)
The Code Book by Simon Singh(2209)
Machine Learning Security Principles by John Paul Mueller(1912)
Practical Memory Forensics by Svetlana Ostrovskaya & Oleg Skulkin(1900)
Wireless Hacking 101 by Karina Astudillo(1848)
DarkMarket by Misha Glenny(1847)
Hands-On AWS Penetration Testing with Kali Linux by Benjamin Caudill & Karl Gilbert(1842)
Applied Network Security by Arthur Salmon & Michael McLafferty & Warun Levesque(1839)
Mobile Forensics Cookbook by Igor Mikhaylov(1814)
Serious Cryptography: A Practical Introduction to Modern Encryption by Aumasson Jean-Philippe(1806)
Solidity Programming Essentials by Ritesh Modi(1795)
Bulletproof Android: Practical Advice for Building Secure Apps (Developer's Library) by Godfrey Nolan(1671)