【TED】布魯斯-施奈爾：安全海市蜃樓（Bruce Schneier: The security mirage）。 (【TED】Bruce Schneier: The security mirage (Bruce Schneier: The security mirage))

字幕列表影片播放

So, security is two different things:

譯者: wentzu chen 審譯者: Diwen Mueller
it's a feeling, and it's a reality.

安全有兩種涵義
And they're different.

感覺上的安全,和真實裡的安全
You could feel secure even if you're not.

二者並不相同
And you can be secure

你可能感到安全
even if you don't feel it.

但現實情況是不安全的
Really, we have two separate concepts

而在真實的安全中
mapped onto the same word.

卻感到不安全
And what I want to do in this talk is to split them apart --

確實,這兩種不同的概念
figuring out when they diverge and how they converge.

被放在同一個字詞裡
And language is actually a problem here.

這個演講的目的
There aren't a lot of good words

就是將它們區分清楚 --
for the concepts we're going to talk about.

探討它們何時會分歧
So if you look at security from economic terms,

又在什麼狀況下合而為一
it's a trade-off.

語言本身是個問題
Every time you get some security, you're always trading off something.

因為沒有足夠合適的字詞
Whether this is a personal decision --

來傳達我們要談到的概念
whether you're going to install a burglar alarm in your home --

用經濟學的角度
or a national decision,

來看安全
where you're going to invade a foreign country --

安全就是一項權衡的交易
you're going to trade off something: money or time, convenience, capabilities,

要得到安全
maybe fundamental liberties.

一定要先付出
And the question to ask when you look at a security anything

無論是個人的決定－
is not whether this makes us safer,

例如在家中安裝防盜警鈴
but whether it's worth the trade-off.

還是攸關國家安全的決策-例如侵略他國
You've heard in the past several years, the world is safer

你總得有所付出
because Saddam Hussein is not in power.

不是錢就是時間,或是便利性,能力
That might be true, but it's not terribly relevant.

也可能是基本自由
The question is: Was it worth it?

面對安全議題,該問的
And you can make your own decision,

不是「這樣做會更安全嗎」
and then you'll decide whether the invasion was worth it.

而是「值得付出這個代價嗎」
That's how you think about security: in terms of the trade-off.

在過去這幾年,你們都聽過這種說法
Now, there's often no right or wrong here.

我們的世界更安全是因為薩達姆.海珊垮台的緣故
Some of us have a burglar alarm system at home and some of us don't.

兩件事情也許都是真的，但兩者之間卻沒有關連
And it'll depend on where we live,

該問的問題是,這樣做值得嗎?
whether we live alone or have a family,

你可以做出自己的選擇
how much cool stuff we have,

然後判斷是否值得為此入侵他國
how much we're willing to accept the risk of theft.

這就是以權衡的觀點
In politics also, there are different opinions.

來分析安全的方法
A lot of times, these trade-offs are about more than just security,

決定沒有正確或錯誤之分
and I think that's really important.

有人在家裡安裝防盜警鈴系統
Now, people have a natural intuition about these trade-offs.

有人不裝
We make them every day.

這取決於我們居住的地點
Last night in my hotel room, when I decided to double-lock the door,

是獨居或是與家人同住
or you in your car when you drove here;

擁有多少值錢的物品
when we go eat lunch

以及願意承擔多少竊盜損失
and decide the food's not poison and we'll eat it.

竊盜損失
We make these trade-offs again and again,

政治上也一樣
multiple times a day.

各種意見分歧
We often won't even notice them.

在權衡得失時
They're just part of being alive; we all do it.

通常要考慮的不只有安全因素
Every species does it.

我認為這點很重要
Imagine a rabbit in a field, eating grass.

人們對於抉擇
And the rabbit sees a fox.

有天生的直覺
That rabbit will make a security trade-off:

我們每天都在做決定
"Should I stay, or should I flee?"

像是昨晚在飯店
And if you think about it,

我決定把房門上雙層鎖
the rabbits that are good at making that trade-off

或是當你在車裡決定開車來此地的時候
will tend to live and reproduce,

或是我們吃午餐時
and the rabbits that are bad at it

先判斷食物沒有毒,才決定吃它
will get eaten or starve.

一天中有很多場合需要
So you'd think

需要一再地做出決定
that us, as a successful species on the planet -- you, me, everybody --

大部分的時後,我們甚至不會留意到這點
would be really good at making these trade-offs.

因為這已是我們生存的一部份;我們都是這樣的
Yet it seems, again and again, that we're hopelessly bad at it.

每個物種也都一樣
And I think that's a fundamentally interesting question.

試想原野中的一隻兔子,正在吃著草
I'll give you the short answer.

這時牠見到一隻狐狸
The answer is, we respond to the feeling of security

兔子需要做一個攸關安全的抉擇
and not the reality.

留下還是逃命?
Now, most of the time, that works.

你認為
Most of the time,

擅長做出正確決定的兔子
feeling and reality are the same.

比較容易存活且繁衍下去
Certainly that's true for most of human prehistory.

而做出錯誤決定的兔子
We've developed this ability

不是被吃就是餓死了
because it makes evolutionary sense.

那麼
One way to think of it is that we're highly optimized

在地球上表現傑出優異的我們 --
for risk decisions

包括你、我、以及每個人 --
that are endemic to living in small family groups

必定也擅長做出正確抉擇吧
in the East African Highlands in 100,000 BC.

然而,事實似乎一再地證明
2010 New York, not so much.

人類做出的決策糟糕無比
Now, there are several biases in risk perception.

這問題非常重要也相當有趣
A lot of good experiments in this.

我給你們一個簡短的解答
And you can see certain biases that come up again and again.

答案是,因為人類是依據對安全的感覺做出判斷
I'll give you four.

而非依據真實的安全狀況
We tend to exaggerate spectacular and rare risks

大部分的情況下,這麼做是正確的
and downplay common risks --

因為大多數的時候
so, flying versus driving.

感覺和真實是一致的
The unknown is perceived to be riskier than the familiar.

人類在史前時代
One example would be:

也是這樣的
people fear kidnapping by strangers,

我們發展出這種能力
when the data supports that kidnapping by relatives is much more common.

是因演化而來
This is for children.

有些看法認為
Third, personified risks are perceived to be greater

人類目前所擁有的最佳能力
than anonymous risks.

是為了配合
So, Bin Laden is scarier because he has a name.

公元前100,000年在東非高地生活的小型家庭
And the fourth is:

他們生存所須具備的風險決策能力
people underestimate risks in situations they do control

但已不太符合在2010年的紐約生存的條件了
and overestimate them in situations they don't control.

如今,人類的風險感知能力出現偏差
So once you take up skydiving or smoking,

很多的實驗在探討這點
you downplay the risks.

某些類型的偏差會反覆出現
If a risk is thrust upon you -- terrorism is a good example --

我會說明其中的四種
you'll overplay it,

一,我們容易誇大驚心動魄且不常見的風險
because you don't feel like it's in your control.

卻低估常見的風險
There are a bunch of other of these cognitive biases,

例如搭飛機的風險對比陸地上駕駛的風險
that affect our risk decisions.

二,我們認為未知的事
There's the availability heuristic,

比起熟知的事更加危險
which basically means we estimate the probability of something

其中一個例子是
by how easy it is to bring instances of it to mind.

人們害怕被陌生人綁架
So you can imagine how that works.

但資料顯示被親友綁架的案件更普遍
If you hear a lot about tiger attacks, there must be a lot of tigers around.

這裡指的是誘拐孩童
You don't hear about lion attacks, there aren't a lot of lions around.

三,我們認為具名化的事件
This works, until you invent newspapers,

比不具名事件的風險高
because what newspapers do is repeat again and again

賓拉登很恐怖,正是因為他有個名字
rare risks.

第四
I tell people: if it's in the news, don't worry about it,

人們容易在可以控制狀況時
because by definition, news is something that almost never happens.

低估風險
(Laughter)

在不能控制的情境中高估風險
When something is so common, it's no longer news.

所以,你開始特技跳傘或是抽菸後
Car crashes, domestic violence --

就會忽略它的風險
those are the risks you worry about.

面對突如其來的危險-例如恐怖主義
We're also a species of storytellers.

人們會過度反應,是因為覺得無法控制狀況
We respond to stories more than data.

類似的偏差還有很多,這些認知的偏差
And there's some basic innumeracy going on.

影響我們的風險決策
I mean, the joke "One, two, three, many" is kind of right.

所謂”可得性捷思”
We're really good at small numbers.

指的是
One mango, two mangoes, three mangoes,

人在評估事件可能發生的機率時
10,000 mangoes, 100,000 mangoes --

是基於該事件在我們心目中容易聯想的程度
it's still more mangoes you can eat before they rot.

像一下這是怎麼運作的
So one half, one quarter, one fifth -- we're good at that.

聽到多起老虎攻擊事件,就表示附近老虎很多
One in a million, one in a billion --

沒聽到獅子攻擊事件,就表示附近的獅子不多
they're both almost never.

直到新聞報紙被發明前,這種判斷準則是成立的
So we have trouble with the risks that aren't very common.

因為報紙所做的
And what these cognitive biases do

就是一再地重複報導
is they act as filters between us and reality.

那些鮮少發生的危險
And the result is that feeling and reality get out of whack,

我要告訴大家,新聞中報導的事情,都無需煩憂
they get different.

因為根據定義
Now, you either have a feeling -- you feel more secure than you are,

新聞就是不會發生的事件
there's a false sense of security.

(笑)
Or the other way, and that's a false sense of insecurity.

太常見的事件,就不會是新聞
I write a lot about "security theater,"

像是車禍,家庭暴力
which are products that make people feel secure,

這些才是我們該擔憂的
but don't actually do anything.

人類是說故事的物種
There's no real word for stuff that makes us secure,

比起數據,故事更容易影響我們
but doesn't make us feel secure.

人類多少有點數字文盲,我的意思是
Maybe it's what the CIA is supposed to do for us.

有個笑話說:人只會數一,二,三,很多.
So back to economics.

人真的是這樣,我們對小數字很在行
If economics, if the market, drives security,

一個芒果,兩個芒果,三個芒果
and if people make trade-offs based on the feeling of security,

一萬個芒果,十萬的芒果
then the smart thing for companies to do for the economic incentives

在它們腐壞前,還有許多芒果可吃
is to make people feel secure.

½,¼, 1/5,這些數字我們也都很在行
And there are two ways to do this.

百萬分之一,十億分之一
One, you can make people actually secure

這些被當作幾乎沒有
and hope they notice.

所以,一旦面對不尋常的危機
Or two, you can make people just feel secure

我們就不知該怎麼對付了
and hope they don't notice.

認知的偏見
Right?

如同濾鏡般,存在我們和真實之間
So what makes people notice?

於是
Well, a couple of things:

感覺背離了真實
understanding of the security,

他們不再相同
of the risks, the threats,

並產生兩種可能狀況,一是擁有過多的安全感
the countermeasures, how they work.

這是錯誤的安全感
But if you know stuff, you're more likely

另一種是,
to have your feelings match reality.

錯誤的不安全感
Enough real-world examples helps.

我寫過很多關於「安全劇院」的文章
We all know the crime rate in our neighborhood,

它是一種可以讓人們感覺到安全的機制
because we live there, and we get a feeling about it

但事實上並沒有改善實際的安全狀況
that basically matches reality.

沒有確切的字眼來形容那種能改善真實安全
Security theater is exposed

但無法增加安全感的機制
when it's obvious that it's not working properly.

CIA該為我們做的也許就是這個
OK. So what makes people not notice?

回到經濟學
Well, a poor understanding.

如果經濟,或者市場,是驅動安全的力量
If you don't understand the risks, you don't understand the costs,

而人們是依據對安全的感覺
you're likely to get the trade-off wrong,

來進行交易
and your feeling doesn't match reality.

那麼,公司想要促進經濟誘因的
Not enough examples.

最佳策略
There's an inherent problem with low-probability events.

就是讓人們感覺到安全
If, for example, terrorism almost never happens,

有兩種方式可以達成這個目的
it's really hard to judge the efficacy of counter-terrorist measures.

一是讓人們在真實中更安全
This is why you keep sacrificing virgins,

並且期盼他們有留意到這點
and why your unicorn defenses are working just great.

或者你也可以讓人們只是感覺更安全
There aren't enough examples of failures.

但你要期望他們不會發現到真相
Also, feelings that cloud the issues --

究竟什麼會引起人們關注
the cognitive biases I talked about earlier: fears, folk beliefs --

舉例來說
basically, an inadequate model of reality.

對安全的認知程度
So let me complicate things.

對風險及威脅的認知
I have feeling and reality.

以及了解如何採取對策等
I want to add a third element. I want to add "model."

知道得更多
Feeling and model are in our head,

感覺和真實就愈趨一致
reality is the outside world; it doesn't change, it's real.

真實世界中有很多這方面的例子
Feeling is based on our intuition,

我們對居家附近區域的犯罪率很明瞭
model is based on reason.

因為我們住在這裡,所以我們對治安的感覺
That's basically the difference.

基本上符合真實狀況
In a primitive and simple world,

安全劇院所揭露的
there's really no reason for a model,

是真實與感覺明顯背離的情況
because feeling is close to reality.

那麼,又是什麼讓人們忽略安全?
You don't need a model.

認知不足
But in a modern and complex world,

不了解風險,不了解代價
you need models to understand a lot of the risks we face.

就愈可能做出錯誤的安全策略
There's no feeling about germs.

並且無法感覺真實情況
You need a model to understand them.

相關的例子不多
This model is an intelligent representation of reality.

對於不常發生的事件
It's, of course, limited by science, by technology.

這是本質上存在的問題
We couldn't have a germ theory of disease

舉例來說
before we invented the microscope to see them.

如果恐怖主義幾乎是不曾發生的
It's limited by our cognitive biases.

那麼要判斷反恐措施的功效
But it has the ability to override our feelings.

就難上加難了
Where do we get these models? We get them from others.

這就是為什麼人們不斷地奉獻處女祭祀
We get them from religion, from culture, teachers, elders.

或是將過錯推諉給編造出來的「他」,都很有用
A couple years ago, I was in South Africa on safari.

因為災難本來就不多
The tracker I was with grew up in Kruger National Park.

加上心理作用作祟
He had some very complex models of how to survive.

就是我剛剛所說的認知偏差
And it depended on if you were attacked by a lion, leopard, rhino, or elephant --

恐懼,民間信仰
and when you had to run away, when you couldn't run away,

這些基本上都無法適當地反映真實
when you had to climb a tree, when you could never climb a tree.

讓我把事情弄得再複雜些
I would have died in a day.

除了感覺,以及真實的世界
But he was born there, and he understood how to survive.

我想再加上第三個元素-模型
I was born in New York City.

感覺和模型存在腦海裡
I could have taken him to New York, and he would have died in a day.

而真實存在於外在
(Laughter)

它不會變,它是真實的
Because we had different models based on our different experiences.

感覺是基於直覺
Models can come from the media,

模型是基於理智
from our elected officials ...

這是兩者最基本的差異
Think of models of terrorism,

在遠古的簡單世界裡
child kidnapping,

模型沒有存在的意義
airline safety, car safety.

因為感覺和真實非常的接近
Models can come from industry.

你不需要模型
The two I'm following are surveillance cameras,

但在現代複雜的社會
ID cards,

你需要模型
quite a lot of our computer security models come from there.

來解析我們面對的風險
A lot of models come from science.

我們無法用感覺來認識細菌
Health models are a great example.

所以需要模型
Think of cancer, bird flu, swine flu, SARS.

模型可以
All of our feelings of security about those diseases

清楚地呈現真實
come from models given to us, really, by science filtered through the media.

然而,模型受限於科學
So models can change.

與技術
Models are not static.

在顯微鏡被發明來觀測細菌以前
As we become more comfortable in our environments,

疾病的細菌理論就不可能存在
our model can move closer to our feelings.

模型也受限於我們認知的偏差
So an example might be,

但它的能力
if you go back 100 years ago,

足以駕馭我們的感覺
when electricity was first becoming common,

模型來自何處? 通常是從他人而來
there were a lot of fears about it.

可能是宗教,文化
There were people who were afraid to push doorbells,

老師或是長老
because there was electricity in there, and that was dangerous.

數年前
For us, we're very facile around electricity.

我到南非進行狩獵之旅
We change light bulbs without even thinking about it.

我的追蹤嚮導是在克魯格國家公園長大的
Our model of security around electricity is something we were born into.

他的求生模型非常的複雜
It hasn't changed as we were growing up.

遭受到不同動物攻擊有不同的模型
And we're good at it.

像是獅子、美洲豹、犀牛或是大象
Or think of the risks on the Internet across generations --

依照不同的情況:在何時必須逃跑,或是爬樹
how your parents approach Internet security,

或者無法爬樹,採用的模型也不同
versus how you do,

我在那裡可能活不過一天
versus how our kids will.

但他生於此
Models eventually fade into the background.

他了解此地求生之道
"Intuitive" is just another word for familiar.

我生於紐約市
So as your model is close to reality and it converges with feelings,

如果我帶他到紐約,那他可能也活不過一天吧
you often don't even know it's there.

(笑聲)
A nice example of this came from last year and swine flu.

因為我們有不同的生存模型
When swine flu first appeared,

這來自我們不同的經驗
the initial news caused a lot of overreaction.

模型來自媒體
Now, it had a name,

也來自我們選出的官員
which made it scarier than the regular flu,

回想一下恐怖攻擊
even though it was more deadly.

幼童綁票
And people thought doctors should be able to deal with it.

飛行安全以及汽車安全這些模型
So there was that feeling of lack of control.

模型也來自工業界
And those two things made the risk more than it was.

我最近關注在監控攝影機
As the novelty wore off and the months went by,

和身分證這兩項議題
there was some amount of tolerance; people got used to it.

很多資訊安全的模型與此有關
There was no new data, but there was less fear.

很多模型來自科學
By autumn,

和健康相關的模型是很好的例子
people thought the doctors should have solved this already.

例如癌症,禽流感,豬流感以及SARS
And there's kind of a bifurcation:

我們對這些疾病
people had to choose between fear and acceptance --

產生的危機感
actually, fear and indifference --

其實是來自於模型
and they kind of chose suspicion.

模型由科學家提供,經過媒體傳達給我們
And when the vaccine appeared last winter,

模型是變動的
there were a lot of people -- a surprising number --

不是固定的
who refused to get it.

當我們對愈適應環境時
And it's a nice example of how people's feelings of security change,

模型會愈趨近我們的感覺
how their model changes,

另一個的例子可能是這樣的
sort of wildly,

假設你回到100年前
with no new information, with no new input.

當時電力剛開始普及
This kind of thing happens a lot.

人們對電力存有相當多的恐懼
I'm going to give one more complication.

像是,有人害怕壓門鈴
We have feeling, model, reality.

因為那裡有電,非常危險
I have a very relativistic view of security.

現在的我們對電力已相當熟悉了
I think it depends on the observer.

像是換燈泡這種事情
And most security decisions have a variety of people involved.

我們不會去想它的安全問題
And stakeholders with specific trade-offs will try to influence the decision.

我們對電力的安全認知模型
And I call that their agenda.

幾乎是與生俱來的
And you see agenda -- this is marketing, this is politics --

長大後也沒變過
trying to convince you to have one model versus another,

我們很擅長運用電力
trying to convince you to ignore a model

你也可以想想看
and trust your feelings,

不同世代對網際網路的風險評估
marginalizing people with models you don't like.

你的父母親是怎麼看待網路安全的
This is not uncommon.

對照一下你自己的做法
An example, a great example, is the risk of smoking.

再對照一下我們的下一代,他們將會如何做
In the history of the past 50 years,

模型最終會融到我們的生活背景
the smoking risk shows how a model changes,

直覺其實是來自於熟悉
and it also shows how an industry fights against a model it doesn't like.

當模型與真實接近時
Compare that to the secondhand smoke debate --

並且與感覺合而為一
probably about 20 years behind.

此時,你感覺不到它的存在
Think about seat belts.

有個很好的例子
When I was a kid, no one wore a seat belt.

就是去年發生的豬流感
Nowadays, no kid will let you drive if you're not wearing a seat belt.

豬流感剛開始時
Compare that to the airbag debate,

最初的報導引起許多過度恐慌
probably about 30 years behind.

接著,它有正式名稱了
All examples of models changing.

這使得它比一般感冒更恐怖
What we learn is that changing models is hard.

即使一般感冒致死率更高
Models are hard to dislodge.

人們原本認為醫生應該可以處理豬流感
If they equal your feelings,

這時,我們覺得事情失控了
you don't even know you have a model.

由於以上兩項因素
And there's another cognitive bias

風險顯得比實際狀況更高
I'll call confirmation bias,

數個月過後,人們對新事物的陌生恐懼逐漸淡去
where we tend to accept data that confirms our beliefs

接納度提升
and reject data that contradicts our beliefs.

也漸漸習慣了
So evidence against our model, we're likely to ignore,

雖然沒有新進展,但是恐懼減少了
even if it's compelling.

在秋天來臨前
It has to get very compelling before we'll pay attention.

人們相信
New models that extend long periods of time are hard.

醫生已經解決問題了
Global warming is a great example.

這時出現了分歧
We're terrible at models that span 80 years.

人們必須
We can do "to the next harvest."

在恐懼或是接受中做出選擇
We can often do "until our kids grow up."

更正確的說,是恐懼和忽視
But "80 years," we're just not good at.

最後,人們選擇了懷疑
So it's a very hard model to accept.

當疫苗在去年冬天上市時
We can have both models in our head simultaneously --

很多人 -- 令人驚訝的數目
that kind of problem where we're holding both beliefs together,

反而拒絕疫苗接種
the cognitive dissonance.

這個例子很清楚指出
Eventually, the new model will replace the old model.

人們的安全感是如何改變,模型又是如何改變
Strong feelings can create a model.

在沒有新資訊
September 11 created a security model in a lot of people's heads.

也沒有新來源時
Also, personal experiences with crime can do it,

也會有巨大的改變
personal health scare,

這樣的事情其實常常發生
a health scare in the news.

現在,我要再加上一個複雜的因素
You'll see these called "flashbulb events" by psychiatrists.

除了感覺,模型,真實三項因素
They can create a model instantaneously,

我認為安全是相對的
because they're very emotive.

因人而異
So in the technological world,

多數的安全決策
we don't have experience to judge models.

牽扯到許多不同類型的人
And we rely on others. We rely on proxies.

有利益牽扯的
And this works, as long as it's the correct others.

利害關係人
We rely on government agencies

會試圖去影響決定
to tell us what pharmaceuticals are safe.

我稱之為關係人的「議程規畫表」
I flew here yesterday.

這個規畫表
I didn't check the airplane.

是一種行銷,也是政治
I relied on some other group

它企圖影響你信任某種模型而放棄另一個
to determine whether my plane was safe to fly.

企圖影響去忽視模型
We're here, none of us fear the roof is going to collapse on us,

只信任你的感覺
not because we checked,

並且邊緣化那些採用你不喜歡的模型的人
but because we're pretty sure the building codes here are good.

這並非不尋常
It's a model we just accept

一個例子,很好的例子,就是關於抽菸的危害
pretty much by faith.

過去50 年的歷史,抽菸風險的變化
And that's OK.

顯示出模型是如何改變的
Now, what we want is people to get familiar enough with better models,

也顯示出業界如何對付
have it reflected in their feelings,

它們不喜歡的模型
to allow them to make security trade-offs.

相對起來,關於二手煙的討論
When these go out of whack, you have two options.

晚了約20年
One, you can fix people's feelings, directly appeal to feelings.

再看看安全帶
It's manipulation, but it can work.

我小的時後,沒有人繫安全帶
The second, more honest way

而現今,如果不繫上安全帶
is to actually fix the model.

連小孩都會阻止你開車
Change happens slowly.

相對起來,安全氣囊的討論
The smoking debate took 40 years -- and that was an easy one.

落後了約三十年
Some of this stuff is hard.

所有的模型都會改變
Really, though, information seems like our best hope.

我們目前知道的是，模型的改變不容易
And I lied.

模型也很難被移走
Remember I said feeling, model, reality; reality doesn't change?

當它們和感覺完全相同時
It actually does.

你甚至不知道模型的存在
We live in a technological world;

另一種認知偏見
reality changes all the time.

我認為是肯證偏見
So we might have, for the first time in our species:

是指人們傾向於接受
feeling chases model, model chases reality, reality's moving --

和自己立場相符的訊息
they might never catch up.

而拒絕與我們立場相左的資訊
We don't know.

所以和我們模型不符的證據
But in the long term,

我們也會忽略它,不管它多麼的讓人信服
both feeling and reality are important.

它必須強烈到無法忽視,才能引起我們的注意
And I want to close with two quick stories to illustrate this.

跨越長時間的新模型是難以接受的
1982 -- I don't know if people will remember this --

全球暖化的議題就是個例子
there was a short epidemic of Tylenol poisonings

我們很難接受
in the United States.

一個長達八十年之久的模型
It's a horrific story.

我們可以應付下一個收割季來臨前的問題
Someone took a bottle of Tylenol,

也可以應付小孩長大前的事情
put poison in it, closed it up, put it back on the shelf,

但是八十年耶,我們不知道怎麼辦了
someone else bought it and died.

所以,接受這種模型並不容易
This terrified people.

兩種模型可能並存在大腦中
There were a couple of copycat attacks.

就像對某些事情
There wasn't any real risk, but people were scared.

我們會有兩種信念
And this is how the tamper-proof drug industry was invented.

這是種認知失調
Those tamper-proof caps? That came from this.

但最後
It's complete security theater.

舊模型終將被新模型取代
As a homework assignment, think of 10 ways to get around it.

強烈的感覺可以產生模型
I'll give you one: a syringe.

九一一事件在很多人的心裡
But it made people feel better.

建立新的安全模型
It made their feeling of security more match the reality.

還有，個人經歷的犯罪事件
Last story: a few years ago, a friend of mine gave birth.

個人的健康危機
I visit her in the hospital.

以及新聞報導中的健康問題都會產生新模型
It turns out, when a baby's born now,

精神病專家稱之為
they put an RFID bracelet on the baby, a corresponding one on the mother,

閃光燈效應
so if anyone other than the mother takes the baby out of the maternity ward,

這些事件可以立即產生新模型
an alarm goes off.

因為他們引起強烈的情緒
I said, "Well, that's kind of neat.

在科技的世界裡
I wonder how rampant baby snatching is out of hospitals."

我們沒有經驗
I go home, I look it up.

足以判斷模型
It basically never happens.

所以,我們仰賴他人,我們仰賴代理人
(Laughter)

只要代理人能夠指正錯誤,這樣做是可行的。
But if you think about it, if you are a hospital,

我們依賴政府機關
and you need to take a baby away from its mother,

來告訴我們藥物是安全的
out of the room to run some tests,

我昨天搭機來此地
you better have some good security theater,

我沒有檢查飛機
or she's going to rip your arm off.

是因為另一群人
(Laughter)

會先檢查飛機是否安全
So it's important for us,

我們在這裡,沒有人擔心屋頂會垮下來
those of us who design security,

不是因為我們檢查過了
who look at security policy --

而是我們非常確定
or even look at public policy in ways that affect security.

建築法規很建全
It's not just reality; it's feeling and reality.

基於這樣的信念
What's important

我們接受這個模型
is that they be about the same.

它也運作得很好
It's important that, if our feelings match reality,

我們希望
we make better security trade-offs.

人們能去了解
Thank you.

更好的模型
(Applause)

真正反應出感覺的模型