[Script Info]
Title: 
[Events]
Format: Layer, Start, End, Style, Name, MarginL, MarginR, MarginV, Effect, Text
Dialogue: 0,0:00:23.00,0:00:25.00,Default,,0000,0000,0000,,So security is two different things:
Dialogue: 0,0:00:25.00,0:00:27.74,Default,,0000,0000,0000,,it's a feeling, and it's a reality.
Dialogue: 0,0:00:27.98,0:00:29.31,Default,,0000,0000,0000,,And they're different.
Dialogue: 0,0:00:29.31,0:00:31.00,Default,,0000,0000,0000,,You could feel secure
Dialogue: 0,0:00:31.00,0:00:33.00,Default,,0000,0000,0000,,even if you're not.
Dialogue: 0,0:00:33.00,0:00:35.00,Default,,0000,0000,0000,,And you can be secure
Dialogue: 0,0:00:35.00,0:00:37.00,Default,,0000,0000,0000,,even if you don't feel it.
Dialogue: 0,0:00:37.00,0:00:39.00,Default,,0000,0000,0000,,Really, we have two separate concepts
Dialogue: 0,0:00:39.00,0:00:41.00,Default,,0000,0000,0000,,mapped onto the same word.
Dialogue: 0,0:00:41.00,0:00:43.00,Default,,0000,0000,0000,,And what I want to do in this talk
Dialogue: 0,0:00:43.00,0:00:45.00,Default,,0000,0000,0000,,is to split them apart --
Dialogue: 0,0:00:45.00,0:00:47.00,Default,,0000,0000,0000,,figuring out when they diverge
Dialogue: 0,0:00:47.00,0:00:49.00,Default,,0000,0000,0000,,and how they converge.
Dialogue: 0,0:00:49.00,0:00:51.00,Default,,0000,0000,0000,,And language is actually a problem here.
Dialogue: 0,0:00:51.00,0:00:53.00,Default,,0000,0000,0000,,There aren't a lot of good words
Dialogue: 0,0:00:53.00,0:00:56.00,Default,,0000,0000,0000,,for the concepts\Nwe're going to talk about.
Dialogue: 0,0:00:56.00,0:00:58.00,Default,,0000,0000,0000,,So if you look at security
Dialogue: 0,0:00:58.00,0:01:00.00,Default,,0000,0000,0000,,from economic terms,
Dialogue: 0,0:01:00.00,0:01:02.00,Default,,0000,0000,0000,,it's a trade-off.
Dialogue: 0,0:01:02.00,0:01:04.00,Default,,0000,0000,0000,,Every time you get some security,
Dialogue: 0,0:01:04.00,0:01:06.00,Default,,0000,0000,0000,,you're always trading off something.
Dialogue: 0,0:01:06.00,0:01:08.00,Default,,0000,0000,0000,,Whether this is a personal decision --
Dialogue: 0,0:01:08.00,0:01:10.96,Default,,0000,0000,0000,,whether you're going to install\Na burglar alarm in your home --
Dialogue: 0,0:01:10.96,0:01:14.61,Default,,0000,0000,0000,,or a national decision -- where you're\Ngoing to invade some foreign country --
Dialogue: 0,0:01:14.61,0:01:16.45,Default,,0000,0000,0000,,you're going to trade off something,
Dialogue: 0,0:01:16.45,0:01:18.73,Default,,0000,0000,0000,,either money or time,\Nconvenience, capabilities,
Dialogue: 0,0:01:18.73,0:01:21.00,Default,,0000,0000,0000,,maybe fundamental liberties.
Dialogue: 0,0:01:21.00,0:01:24.00,Default,,0000,0000,0000,,And the question to ask\Nwhen you look at a security anything
Dialogue: 0,0:01:24.00,0:01:27.00,Default,,0000,0000,0000,,is not whether this makes us safer,
Dialogue: 0,0:01:27.00,0:01:30.00,Default,,0000,0000,0000,,but whether it's worth the trade-off.
Dialogue: 0,0:01:30.00,0:01:32.00,Default,,0000,0000,0000,,You've heard in the past several years,
Dialogue: 0,0:01:32.00,0:01:34.78,Default,,0000,0000,0000,,the world is safer because\NSaddam Hussein is not in power.
Dialogue: 0,0:01:34.78,0:01:37.21,Default,,0000,0000,0000,,That might be true,\Nbut it's not terribly relevant.
Dialogue: 0,0:01:37.21,0:01:40.00,Default,,0000,0000,0000,,The question is, was it worth it?
Dialogue: 0,0:01:40.00,0:01:43.00,Default,,0000,0000,0000,,And you can make your own decision,
Dialogue: 0,0:01:43.00,0:01:45.73,Default,,0000,0000,0000,,and then you'll decide\Nwhether the invasion was worth it.
Dialogue: 0,0:01:45.73,0:01:47.61,Default,,0000,0000,0000,,That's how you think about security --
Dialogue: 0,0:01:47.61,0:01:49.00,Default,,0000,0000,0000,,in terms of the trade-off.
Dialogue: 0,0:01:49.00,0:01:52.00,Default,,0000,0000,0000,,Now there's often no right or wrong here.
Dialogue: 0,0:01:52.00,0:01:54.24,Default,,0000,0000,0000,,Some of us have\Na burglar alarm system at home,
Dialogue: 0,0:01:54.24,0:01:56.00,Default,,0000,0000,0000,,and some of us don't.
Dialogue: 0,0:01:56.00,0:01:58.00,Default,,0000,0000,0000,,And it'll depend on where we live,
Dialogue: 0,0:01:58.00,0:02:00.00,Default,,0000,0000,0000,,whether we live alone or have a family,
Dialogue: 0,0:02:00.00,0:02:02.00,Default,,0000,0000,0000,,how much cool stuff we have,
Dialogue: 0,0:02:02.00,0:02:04.00,Default,,0000,0000,0000,,how much we're willing to accept
Dialogue: 0,0:02:04.00,0:02:06.00,Default,,0000,0000,0000,,the risk of theft.
Dialogue: 0,0:02:06.00,0:02:08.00,Default,,0000,0000,0000,,In politics also,
Dialogue: 0,0:02:08.00,0:02:10.00,Default,,0000,0000,0000,,there are different opinions.
Dialogue: 0,0:02:10.00,0:02:12.00,Default,,0000,0000,0000,,A lot of times, these trade-offs
Dialogue: 0,0:02:12.00,0:02:14.00,Default,,0000,0000,0000,,are about more than just security,
Dialogue: 0,0:02:14.00,0:02:16.00,Default,,0000,0000,0000,,and I think that's really important.
Dialogue: 0,0:02:16.00,0:02:18.00,Default,,0000,0000,0000,,Now people have a natural intuition
Dialogue: 0,0:02:18.00,0:02:20.00,Default,,0000,0000,0000,,about these trade-offs.
Dialogue: 0,0:02:20.00,0:02:22.00,Default,,0000,0000,0000,,We make them every day --
Dialogue: 0,0:02:22.00,0:02:24.00,Default,,0000,0000,0000,,last night in my hotel room,
Dialogue: 0,0:02:24.00,0:02:26.00,Default,,0000,0000,0000,,when I decided to double-lock the door,
Dialogue: 0,0:02:26.00,0:02:28.00,Default,,0000,0000,0000,,or you in your car when you drove here,
Dialogue: 0,0:02:28.00,0:02:30.00,Default,,0000,0000,0000,,when we go eat lunch
Dialogue: 0,0:02:30.00,0:02:33.00,Default,,0000,0000,0000,,and decide the food's not poison\Nand we'll eat it.
Dialogue: 0,0:02:33.00,0:02:35.00,Default,,0000,0000,0000,,We make these trade-offs\Nagain and again,
Dialogue: 0,0:02:35.00,0:02:37.00,Default,,0000,0000,0000,,multiple times a day.
Dialogue: 0,0:02:37.00,0:02:39.00,Default,,0000,0000,0000,,We often don't even notice them.
Dialogue: 0,0:02:39.00,0:02:41.38,Default,,0000,0000,0000,,They're just part of being alive;\Nwe all do it.
Dialogue: 0,0:02:41.38,0:02:44.00,Default,,0000,0000,0000,,Every species does it.
Dialogue: 0,0:02:44.00,0:02:46.00,Default,,0000,0000,0000,,Imagine a rabbit in a field, eating grass,
Dialogue: 0,0:02:46.00,0:02:49.00,Default,,0000,0000,0000,,and the rabbit's going to see a fox.
Dialogue: 0,0:02:49.00,0:02:51.00,Default,,0000,0000,0000,,That rabbit will make\Na security trade-off:
Dialogue: 0,0:02:51.00,0:02:53.00,Default,,0000,0000,0000,,"Should I stay, or should I flee?"
Dialogue: 0,0:02:53.00,0:02:55.00,Default,,0000,0000,0000,,And if you think about it,
Dialogue: 0,0:02:55.00,0:02:58.00,Default,,0000,0000,0000,,the rabbits that are good\Nat making that trade-off
Dialogue: 0,0:02:58.00,0:03:00.00,Default,,0000,0000,0000,,will tend to live and reproduce,
Dialogue: 0,0:03:00.00,0:03:02.00,Default,,0000,0000,0000,,and the rabbits that are bad at it
Dialogue: 0,0:03:02.00,0:03:04.00,Default,,0000,0000,0000,,will get eaten or starve.
Dialogue: 0,0:03:04.00,0:03:06.00,Default,,0000,0000,0000,,So you'd think
Dialogue: 0,0:03:06.00,0:03:09.00,Default,,0000,0000,0000,,that us, as a successful species\Non the planet --
Dialogue: 0,0:03:09.00,0:03:11.00,Default,,0000,0000,0000,,you, me, everybody --
Dialogue: 0,0:03:11.00,0:03:14.00,Default,,0000,0000,0000,,would be really good\Nat making these trade-offs.
Dialogue: 0,0:03:14.00,0:03:16.00,Default,,0000,0000,0000,,Yet it seems, again and again,
Dialogue: 0,0:03:16.00,0:03:19.00,Default,,0000,0000,0000,,that we're hopelessly bad at it.
Dialogue: 0,0:03:19.00,0:03:22.00,Default,,0000,0000,0000,,And I think that's a fundamentally\Ninteresting question.
Dialogue: 0,0:03:22.00,0:03:24.00,Default,,0000,0000,0000,,I'll give you the short answer.
Dialogue: 0,0:03:24.00,0:03:26.47,Default,,0000,0000,0000,,The answer is, we respond\Nto the feeling of security
Dialogue: 0,0:03:26.47,0:03:29.00,Default,,0000,0000,0000,,and not the reality.
Dialogue: 0,0:03:29.00,0:03:31.85,Default,,0000,0000,0000,,Now most of the time, that works.
Dialogue: 0,0:03:33.00,0:03:34.51,Default,,0000,0000,0000,,Most of the time,
Dialogue: 0,0:03:34.51,0:03:36.100,Default,,0000,0000,0000,,feeling and reality are the same.
Dialogue: 0,0:03:38.00,0:03:40.00,Default,,0000,0000,0000,,Certainly that's true
Dialogue: 0,0:03:40.00,0:03:43.00,Default,,0000,0000,0000,,for most of human prehistory.
Dialogue: 0,0:03:43.00,0:03:45.67,Default,,0000,0000,0000,,We've developed this ability
Dialogue: 0,0:03:45.67,0:03:48.00,Default,,0000,0000,0000,,because it makes evolutionary sense.
Dialogue: 0,0:03:49.27,0:03:50.56,Default,,0000,0000,0000,,One way to think of it
Dialogue: 0,0:03:50.56,0:03:52.00,Default,,0000,0000,0000,,is that we're highly optimized
Dialogue: 0,0:03:52.00,0:03:54.00,Default,,0000,0000,0000,,for risk decisions
Dialogue: 0,0:03:54.00,0:03:57.00,Default,,0000,0000,0000,,that are endemic to living\Nin small family groups
Dialogue: 0,0:03:57.00,0:04:00.00,Default,,0000,0000,0000,,in the East African highlands\Nin 100,000 B.C.
Dialogue: 0,0:04:00.00,0:04:03.00,Default,,0000,0000,0000,,2010 New York, not so much.
Dialogue: 0,0:04:06.48,0:04:09.56,Default,,0000,0000,0000,,Now there are several biases\Nin risk perception.
Dialogue: 0,0:04:09.56,0:04:11.25,Default,,0000,0000,0000,,A lot of good experiments in this.
Dialogue: 0,0:04:11.25,0:04:15.02,Default,,0000,0000,0000,,And you can see certain biases\Nthat come up again and again.
Dialogue: 0,0:04:15.02,0:04:16.78,Default,,0000,0000,0000,,So I'll give you four.
Dialogue: 0,0:04:16.78,0:04:20.08,Default,,0000,0000,0000,,We tend to exaggerate\Nspectacular and rare risks
Dialogue: 0,0:04:20.08,0:04:21.56,Default,,0000,0000,0000,,and downplay common risks --
Dialogue: 0,0:04:21.56,0:04:23.64,Default,,0000,0000,0000,,so flying versus driving.
Dialogue: 0,0:04:24.41,0:04:26.46,Default,,0000,0000,0000,,The unknown is perceived
Dialogue: 0,0:04:26.46,0:04:28.21,Default,,0000,0000,0000,,to be riskier than the familiar.
Dialogue: 0,0:04:31.05,0:04:32.49,Default,,0000,0000,0000,,One example would be,
Dialogue: 0,0:04:32.49,0:04:35.21,Default,,0000,0000,0000,,people fear kidnapping by strangers
Dialogue: 0,0:04:35.21,0:04:38.66,Default,,0000,0000,0000,,when the data supports kidnapping\Nby relatives is much more common.
Dialogue: 0,0:04:38.66,0:04:40.59,Default,,0000,0000,0000,,This is for children.
Dialogue: 0,0:04:40.59,0:04:42.86,Default,,0000,0000,0000,,Third, personified risks
Dialogue: 0,0:04:42.86,0:04:45.83,Default,,0000,0000,0000,,are perceived to be greater\Nthan anonymous risks --
Dialogue: 0,0:04:45.83,0:04:48.46,Default,,0000,0000,0000,,so Bin Laden is scarier\Nbecause he has a name.
Dialogue: 0,0:04:49.71,0:04:51.14,Default,,0000,0000,0000,,And the fourth
Dialogue: 0,0:04:51.14,0:04:54.10,Default,,0000,0000,0000,,is people underestimate risks
Dialogue: 0,0:04:54.10,0:04:55.94,Default,,0000,0000,0000,,in situations they do control
Dialogue: 0,0:04:55.94,0:04:59.05,Default,,0000,0000,0000,,and overestimate them\Nin situations they don't control.
Dialogue: 0,0:04:59.05,0:05:01.86,Default,,0000,0000,0000,,So once you take up skydiving or smoking,
Dialogue: 0,0:05:01.86,0:05:04.21,Default,,0000,0000,0000,,you downplay the risks.
Dialogue: 0,0:05:04.21,0:05:07.69,Default,,0000,0000,0000,,If a risk is thrust upon you\N-- terrorism was a good example --
Dialogue: 0,0:05:07.69,0:05:10.99,Default,,0000,0000,0000,,you'll overplay it because you don't feel\Nlike it's in your control.
Dialogue: 0,0:05:10.99,0:05:15.13,Default,,0000,0000,0000,,There are a bunch of other\Nof these cognitive biases,
Dialogue: 0,0:05:15.13,0:05:16.90,Default,,0000,0000,0000,,that affect our risk decisions.
Dialogue: 0,0:05:17.78,0:05:20.24,Default,,0000,0000,0000,,There's the availability heuristic,
Dialogue: 0,0:05:20.24,0:05:22.10,Default,,0000,0000,0000,,which basically means
Dialogue: 0,0:05:22.10,0:05:24.72,Default,,0000,0000,0000,,we estimate the probability of something
Dialogue: 0,0:05:24.72,0:05:28.10,Default,,0000,0000,0000,,by how easy it is\Nto bring instances of it to mind.
Dialogue: 0,0:05:29.56,0:05:31.19,Default,,0000,0000,0000,,So you can imagine how that works.
Dialogue: 0,0:05:31.19,0:05:34.83,Default,,0000,0000,0000,,If you hear a lot about tiger attacks,\Nthere must be a lot of tigers around.
Dialogue: 0,0:05:34.83,0:05:38.14,Default,,0000,0000,0000,,You don't hear about lion attacks,\Nthere aren't a lot of lions around.
Dialogue: 0,0:05:38.14,0:05:40.72,Default,,0000,0000,0000,,This works until you invent newspapers.
Dialogue: 0,0:05:40.72,0:05:42.31,Default,,0000,0000,0000,,Because what newspapers do
Dialogue: 0,0:05:42.31,0:05:44.89,Default,,0000,0000,0000,,is they repeat again and again
Dialogue: 0,0:05:44.89,0:05:46.41,Default,,0000,0000,0000,,rare risks.
Dialogue: 0,0:05:46.41,0:05:49.21,Default,,0000,0000,0000,,I tell people, if it's in the news,\Ndon't worry about it.
Dialogue: 0,0:05:49.21,0:05:50.49,Default,,0000,0000,0000,,Because by definition,
Dialogue: 0,0:05:50.49,0:05:53.26,Default,,0000,0000,0000,,news is something\Nthat almost never happens.
Dialogue: 0,0:05:53.26,0:05:55.30,Default,,0000,0000,0000,,(Laughter)
Dialogue: 0,0:05:55.30,0:05:58.60,Default,,0000,0000,0000,,When something is so common,\Nit's no longer news --
Dialogue: 0,0:05:58.60,0:06:00.66,Default,,0000,0000,0000,,car crashes, domestic violence --
Dialogue: 0,0:06:00.66,0:06:02.91,Default,,0000,0000,0000,,those are the risks you worry about.
Dialogue: 0,0:06:03.38,0:06:05.42,Default,,0000,0000,0000,,We're also a species of storytellers.
Dialogue: 0,0:06:05.42,0:06:07.85,Default,,0000,0000,0000,,We respond to stories more than data.
Dialogue: 0,0:06:07.85,0:06:10.57,Default,,0000,0000,0000,,And there's some basic\Ninnumeracy going on.
Dialogue: 0,0:06:10.57,0:06:13.65,Default,,0000,0000,0000,,I mean, the joke\N"One, Two, Three, Many" is kind of right.
Dialogue: 0,0:06:13.80,0:06:16.22,Default,,0000,0000,0000,,We're really good at small numbers.
Dialogue: 0,0:06:16.22,0:06:18.44,Default,,0000,0000,0000,,One mango, two mangoes, three mangoes,
Dialogue: 0,0:06:18.44,0:06:20.31,Default,,0000,0000,0000,,10,000 mangoes, 100,000 mangoes --
Dialogue: 0,0:06:20.31,0:06:23.39,Default,,0000,0000,0000,,it's still more mangoes\Nyou can eat before they rot.
Dialogue: 0,0:06:23.39,0:06:26.53,Default,,0000,0000,0000,,So one half, one quarter, one fifth\N-- we're good at that.
Dialogue: 0,0:06:26.53,0:06:28.71,Default,,0000,0000,0000,,One in a million, one in a billion --
Dialogue: 0,0:06:28.71,0:06:30.77,Default,,0000,0000,0000,,they're both almost never.
Dialogue: 0,0:06:31.33,0:06:33.23,Default,,0000,0000,0000,,So we have trouble with the risks
Dialogue: 0,0:06:33.23,0:06:34.89,Default,,0000,0000,0000,,that aren't very common.
Dialogue: 0,0:06:34.89,0:06:37.39,Default,,0000,0000,0000,,And what these cognitive biases do
Dialogue: 0,0:06:37.39,0:06:39.89,Default,,0000,0000,0000,,is they act as filters\Nbetween us and reality.
Dialogue: 0,0:06:41.15,0:06:42.75,Default,,0000,0000,0000,,And the result
Dialogue: 0,0:06:42.75,0:06:45.05,Default,,0000,0000,0000,,is that feeling and reality\Nget out of whack,
Dialogue: 0,0:06:45.05,0:06:46.77,Default,,0000,0000,0000,,they get different.
Dialogue: 0,0:06:47.03,0:06:50.90,Default,,0000,0000,0000,,Now you either have a feeling\N-- you feel more secure than you are.
Dialogue: 0,0:06:50.90,0:06:52.71,Default,,0000,0000,0000,,There's a false sense of security.
Dialogue: 0,0:06:52.71,0:06:53.84,Default,,0000,0000,0000,,Or the other way,
Dialogue: 0,0:06:53.84,0:06:56.46,Default,,0000,0000,0000,,and that's a false sense of insecurity.
Dialogue: 0,0:06:56.46,0:06:58.88,Default,,0000,0000,0000,,I write a lot about "security theater,"
Dialogue: 0,0:06:58.88,0:07:02.24,Default,,0000,0000,0000,,which are products\Nthat make people feel secure,
Dialogue: 0,0:07:02.24,0:07:04.31,Default,,0000,0000,0000,,but don't actually do anything.
Dialogue: 0,0:07:04.31,0:07:06.81,Default,,0000,0000,0000,,There's no real word\Nfor stuff that makes us secure,
Dialogue: 0,0:07:06.81,0:07:08.89,Default,,0000,0000,0000,,but doesn't make us feel secure.
Dialogue: 0,0:07:08.89,0:07:11.87,Default,,0000,0000,0000,,Maybe it's what the CIA's supposed to do\Nfor us.
Dialogue: 0,0:07:12.78,0:07:15.06,Default,,0000,0000,0000,,So back to economics.
Dialogue: 0,0:07:15.06,0:07:18.26,Default,,0000,0000,0000,,If economics, if the market,\Ndrives security,
Dialogue: 0,0:07:18.26,0:07:21.26,Default,,0000,0000,0000,,and if people make trade-offs
Dialogue: 0,0:07:21.26,0:07:23.24,Default,,0000,0000,0000,,based on the feeling of security,
Dialogue: 0,0:07:23.24,0:07:26.98,Default,,0000,0000,0000,,then the smart thing for companies to do
Dialogue: 0,0:07:26.98,0:07:28.58,Default,,0000,0000,0000,,for the economic incentives
Dialogue: 0,0:07:28.58,0:07:30.89,Default,,0000,0000,0000,,are to make people feel secure.
Dialogue: 0,0:07:32.06,0:07:33.78,Default,,0000,0000,0000,,And there are two ways to do this.
Dialogue: 0,0:07:33.78,0:07:36.53,Default,,0000,0000,0000,,One, you can make people actually secure
Dialogue: 0,0:07:36.53,0:07:38.36,Default,,0000,0000,0000,,and hope they notice.
Dialogue: 0,0:07:38.36,0:07:41.06,Default,,0000,0000,0000,,Or two, you can make people\Njust feel secure
Dialogue: 0,0:07:41.06,0:07:43.07,Default,,0000,0000,0000,,and hope they don't notice.
Dialogue: 0,0:07:45.57,0:07:48.28,Default,,0000,0000,0000,,So what makes people notice?
Dialogue: 0,0:07:49.02,0:07:50.70,Default,,0000,0000,0000,,Well a couple of things:
Dialogue: 0,0:07:50.70,0:07:53.04,Default,,0000,0000,0000,,understanding of the security,
Dialogue: 0,0:07:53.04,0:07:54.50,Default,,0000,0000,0000,,of the risks, the threats,
Dialogue: 0,0:07:54.50,0:07:56.47,Default,,0000,0000,0000,,the countermeasures, how they work.
Dialogue: 0,0:07:56.47,0:07:57.99,Default,,0000,0000,0000,,But if you know stuff,
Dialogue: 0,0:07:57.99,0:08:01.85,Default,,0000,0000,0000,,you're more likely to have\Nyour feelings match reality.
Dialogue: 0,0:08:02.56,0:08:05.56,Default,,0000,0000,0000,,Enough real world examples helps.
Dialogue: 0,0:08:05.56,0:08:08.48,Default,,0000,0000,0000,,Now we all know the crime rate\Nin our neighborhood,
Dialogue: 0,0:08:08.48,0:08:11.00,Default,,0000,0000,0000,,because we live there,\Nand we get a feeling about it
Dialogue: 0,0:08:11.00,0:08:13.24,Default,,0000,0000,0000,,that basically matches reality.
Dialogue: 0,0:08:14.88,0:08:16.86,Default,,0000,0000,0000,,Security theater's exposed
Dialogue: 0,0:08:16.86,0:08:19.35,Default,,0000,0000,0000,,when it's obvious\Nthat it's not working properly.
Dialogue: 0,0:08:21.08,0:08:23.46,Default,,0000,0000,0000,,Okay, so what makes people not notice?
Dialogue: 0,0:08:23.46,0:08:25.88,Default,,0000,0000,0000,,Well, a poor understanding.
Dialogue: 0,0:08:25.88,0:08:28.97,Default,,0000,0000,0000,,If you don't understand the risks,\Nyou don't understand the costs,
Dialogue: 0,0:08:28.97,0:08:31.50,Default,,0000,0000,0000,,you're likely to get the trade-off wrong,
Dialogue: 0,0:08:31.50,0:08:34.04,Default,,0000,0000,0000,,and your feeling doesn't match reality.
Dialogue: 0,0:08:34.04,0:08:36.56,Default,,0000,0000,0000,,Not enough examples.
Dialogue: 0,0:08:36.56,0:08:38.13,Default,,0000,0000,0000,,There's an inherent problem
Dialogue: 0,0:08:38.13,0:08:40.26,Default,,0000,0000,0000,,with low probability events.
Dialogue: 0,0:08:40.28,0:08:41.76,Default,,0000,0000,0000,,If, for example,
Dialogue: 0,0:08:41.76,0:08:44.14,Default,,0000,0000,0000,,terrorism almost never happens,
Dialogue: 0,0:08:44.14,0:08:46.00,Default,,0000,0000,0000,,it's really hard to judge
Dialogue: 0,0:08:46.00,0:08:49.25,Default,,0000,0000,0000,,the efficacy of counter-terrorist\Nmeasures.
Dialogue: 0,0:08:50.49,0:08:53.30,Default,,0000,0000,0000,,This is why you keep sacrificing virgins,
Dialogue: 0,0:08:53.30,0:08:56.06,Default,,0000,0000,0000,,and why your unicorn defenses\Nare working just great.
Dialogue: 0,0:08:56.06,0:08:58.75,Default,,0000,0000,0000,,There aren't enough examples of failures.
Dialogue: 0,0:09:00.08,0:09:03.13,Default,,0000,0000,0000,,Also, feelings that are clouding\Nthe issues --
Dialogue: 0,0:09:03.13,0:09:05.55,Default,,0000,0000,0000,,the cognitive biases\NI talked about earlier,
Dialogue: 0,0:09:05.55,0:09:07.45,Default,,0000,0000,0000,,fears, folk beliefs,
Dialogue: 0,0:09:08.53,0:09:11.46,Default,,0000,0000,0000,,basically an inadequate model of reality.
Dialogue: 0,0:09:13.33,0:09:15.16,Default,,0000,0000,0000,,So let me complicate things.
Dialogue: 0,0:09:15.16,0:09:17.42,Default,,0000,0000,0000,,I have feeling and reality.
Dialogue: 0,0:09:17.42,0:09:19.93,Default,,0000,0000,0000,,I want to add a third element.\NI want to add model.
Dialogue: 0,0:09:20.71,0:09:22.86,Default,,0000,0000,0000,,Feeling and model in our head,
Dialogue: 0,0:09:22.86,0:09:24.76,Default,,0000,0000,0000,,reality is the outside world.
Dialogue: 0,0:09:24.76,0:09:26.46,Default,,0000,0000,0000,,It doesn't change; it's real.
Dialogue: 0,0:09:27.69,0:09:29.51,Default,,0000,0000,0000,,So feeling is based on our intuition.
Dialogue: 0,0:09:29.51,0:09:31.83,Default,,0000,0000,0000,,Model is based on reason.
Dialogue: 0,0:09:32.21,0:09:33.97,Default,,0000,0000,0000,,That's basically the difference.
Dialogue: 0,0:09:33.97,0:09:35.100,Default,,0000,0000,0000,,In a primitive and simple world,
Dialogue: 0,0:09:35.100,0:09:38.04,Default,,0000,0000,0000,,there's really no reason for a model
Dialogue: 0,0:09:40.10,0:09:42.48,Default,,0000,0000,0000,,because feeling is close to reality.
Dialogue: 0,0:09:42.48,0:09:44.33,Default,,0000,0000,0000,,You don't need a model.
Dialogue: 0,0:09:44.33,0:09:46.56,Default,,0000,0000,0000,,But in a modern and complex world,
Dialogue: 0,0:09:46.56,0:09:48.38,Default,,0000,0000,0000,,you need models
Dialogue: 0,0:09:48.38,0:09:50.88,Default,,0000,0000,0000,,to understand a lot of the risks we face.
Dialogue: 0,0:09:52.32,0:09:54.92,Default,,0000,0000,0000,,There's no feeling about germs.
Dialogue: 0,0:09:54.92,0:09:57.28,Default,,0000,0000,0000,,You need a model to understand them.
Dialogue: 0,0:09:57.28,0:09:58.97,Default,,0000,0000,0000,,So this model
Dialogue: 0,0:09:58.97,0:10:01.56,Default,,0000,0000,0000,,is an intelligent representation\Nof reality.
Dialogue: 0,0:10:01.56,0:10:04.61,Default,,0000,0000,0000,,It's, of course, limited by science,
Dialogue: 0,0:10:04.61,0:10:06.57,Default,,0000,0000,0000,,by technology.
Dialogue: 0,0:10:08.11,0:10:10.30,Default,,0000,0000,0000,,We couldn't have a germ theory of disease
Dialogue: 0,0:10:10.30,0:10:12.89,Default,,0000,0000,0000,,before we invented\Nthe microscope to see them.
Dialogue: 0,0:10:13.77,0:10:16.31,Default,,0000,0000,0000,,It's limited by our cognitive biases.
Dialogue: 0,0:10:17.70,0:10:19.28,Default,,0000,0000,0000,,But it has the ability
Dialogue: 0,0:10:19.28,0:10:21.40,Default,,0000,0000,0000,,to override our feelings.
Dialogue: 0,0:10:21.40,0:10:24.45,Default,,0000,0000,0000,,Where do we get these models?\NWe get them from others.
Dialogue: 0,0:10:24.45,0:10:27.50,Default,,0000,0000,0000,,We get them from religion, from culture,
Dialogue: 0,0:10:27.50,0:10:29.49,Default,,0000,0000,0000,,teachers, elders.
Dialogue: 0,0:10:29.49,0:10:30.80,Default,,0000,0000,0000,,A couple years ago,
Dialogue: 0,0:10:30.80,0:10:33.16,Default,,0000,0000,0000,,I was in South Africa on safari.
Dialogue: 0,0:10:33.16,0:10:36.12,Default,,0000,0000,0000,,The tracker I was with\Ngrew up in Kruger National Park.
Dialogue: 0,0:10:36.12,0:10:39.14,Default,,0000,0000,0000,,He had some very complex models\Nof how to survive.
Dialogue: 0,0:10:39.14,0:10:41.00,Default,,0000,0000,0000,,And it depended on if you were attacked
Dialogue: 0,0:10:41.00,0:10:43.45,Default,,0000,0000,0000,,by a lion or a leopard\Nor a rhino or an elephant --
Dialogue: 0,0:10:43.45,0:10:46.38,Default,,0000,0000,0000,,and when you had to run away,\Nand when you couldn't run away,
Dialogue: 0,0:10:46.38,0:10:49.74,Default,,0000,0000,0000,,and when you had to climb a tree --\Nwhen you could never climb a tree.
Dialogue: 0,0:10:49.74,0:10:51.67,Default,,0000,0000,0000,,I would have died in a day,
Dialogue: 0,0:10:51.67,0:10:53.52,Default,,0000,0000,0000,,but he was born there,
Dialogue: 0,0:10:53.52,0:10:55.88,Default,,0000,0000,0000,,and he understood how to survive.
Dialogue: 0,0:10:55.88,0:10:57.54,Default,,0000,0000,0000,,I was born in New York City.
Dialogue: 0,0:10:57.54,0:11:00.79,Default,,0000,0000,0000,,I could have taken him to New York,\Nand he would have died in a day.
Dialogue: 0,0:11:00.79,0:11:02.79,Default,,0000,0000,0000,,(Laughter)
Dialogue: 0,0:11:02.79,0:11:04.48,Default,,0000,0000,0000,,Because we had different models
Dialogue: 0,0:11:04.48,0:11:06.88,Default,,0000,0000,0000,,based on our different experiences.
Dialogue: 0,0:11:07.87,0:11:09.92,Default,,0000,0000,0000,,Models can come from the media,
Dialogue: 0,0:11:09.92,0:11:12.26,Default,,0000,0000,0000,,from our elected officials.
Dialogue: 0,0:11:13.14,0:11:15.80,Default,,0000,0000,0000,,Think of models of terrorism,
Dialogue: 0,0:11:15.80,0:11:18.12,Default,,0000,0000,0000,,child kidnapping,
Dialogue: 0,0:11:18.12,0:11:21.11,Default,,0000,0000,0000,,airline safety, car safety.
Dialogue: 0,0:11:21.11,0:11:23.10,Default,,0000,0000,0000,,Models can come from industry.
Dialogue: 0,0:11:24.56,0:11:27.09,Default,,0000,0000,0000,,The two I'm following\Nare surveillance cameras,
Dialogue: 0,0:11:27.09,0:11:28.61,Default,,0000,0000,0000,,ID cards,
Dialogue: 0,0:11:28.61,0:11:31.88,Default,,0000,0000,0000,,quite a lot of our computer security\Nmodels come from there.
Dialogue: 0,0:11:31.88,0:11:34.24,Default,,0000,0000,0000,,A lot of models come from science.
Dialogue: 0,0:11:34.24,0:11:36.08,Default,,0000,0000,0000,,Health models are a great example.
Dialogue: 0,0:11:36.08,0:11:39.25,Default,,0000,0000,0000,,Think of cancer, of bird flu,\Nswine flu, SARS.
Dialogue: 0,0:11:39.92,0:11:42.32,Default,,0000,0000,0000,,All of our feelings of security
Dialogue: 0,0:11:42.32,0:11:44.32,Default,,0000,0000,0000,,about those diseases
Dialogue: 0,0:11:44.32,0:11:45.76,Default,,0000,0000,0000,,come from models
Dialogue: 0,0:11:45.76,0:11:48.84,Default,,0000,0000,0000,,given to us, really, by science filtered\Nthrough the media.
Dialogue: 0,0:11:51.00,0:11:53.49,Default,,0000,0000,0000,,So models can change.
Dialogue: 0,0:11:53.49,0:11:55.48,Default,,0000,0000,0000,,Models are not static.
Dialogue: 0,0:11:55.48,0:11:58.43,Default,,0000,0000,0000,,As we become more comfortable\Nin our environments,
Dialogue: 0,0:11:58.43,0:12:01.66,Default,,0000,0000,0000,,our model can move closer to our feelings.
Dialogue: 0,0:12:03.63,0:12:05.96,Default,,0000,0000,0000,,So an example might be,
Dialogue: 0,0:12:05.96,0:12:07.99,Default,,0000,0000,0000,,if you go back 100 years ago
Dialogue: 0,0:12:07.99,0:12:10.58,Default,,0000,0000,0000,,when electricity was first\Nbecoming common,
Dialogue: 0,0:12:10.58,0:12:12.69,Default,,0000,0000,0000,,there were a lot of fears about it.
Dialogue: 0,0:12:12.69,0:12:15.60,Default,,0000,0000,0000,,I mean, there were people\Nwho were afraid to push doorbells,
Dialogue: 0,0:12:15.60,0:12:18.71,Default,,0000,0000,0000,,because there was electricity in there,\Nand that was dangerous.
Dialogue: 0,0:12:18.71,0:12:21.20,Default,,0000,0000,0000,,For us, we're very facile\Naround electricity.
Dialogue: 0,0:12:21.20,0:12:22.61,Default,,0000,0000,0000,,We change light bulbs
Dialogue: 0,0:12:22.61,0:12:24.83,Default,,0000,0000,0000,,without even thinking about it.
Dialogue: 0,0:12:24.83,0:12:28.18,Default,,0000,0000,0000,,Our model of security around electricity
Dialogue: 0,0:12:28.18,0:12:30.78,Default,,0000,0000,0000,,is something we were born into.
Dialogue: 0,0:12:31.76,0:12:34.08,Default,,0000,0000,0000,,It hasn't changed as we were growing up.
Dialogue: 0,0:12:34.08,0:12:36.22,Default,,0000,0000,0000,,And we're good at it.
Dialogue: 0,0:12:36.87,0:12:38.68,Default,,0000,0000,0000,,Or think of the risks
Dialogue: 0,0:12:38.68,0:12:41.25,Default,,0000,0000,0000,,on the Internet across generations --
Dialogue: 0,0:12:41.40,0:12:44.04,Default,,0000,0000,0000,,how your parents approach\NInternet security,
Dialogue: 0,0:12:44.04,0:12:45.50,Default,,0000,0000,0000,,versus how you do,
Dialogue: 0,0:12:45.50,0:12:47.52,Default,,0000,0000,0000,,versus how our kids will.
Dialogue: 0,0:12:47.75,0:12:50.32,Default,,0000,0000,0000,,Models eventually fade\Ninto the background.
Dialogue: 0,0:12:52.28,0:12:54.81,Default,,0000,0000,0000,,Intuitive is just another word\Nfor familiar.
Dialogue: 0,0:12:55.66,0:12:58.23,Default,,0000,0000,0000,,So as your model is close to reality,
Dialogue: 0,0:12:58.23,0:12:59.88,Default,,0000,0000,0000,,and it converges with feelings,
Dialogue: 0,0:12:59.88,0:13:01.96,Default,,0000,0000,0000,,you often don't know it's there.
Dialogue: 0,0:13:03.09,0:13:04.54,Default,,0000,0000,0000,,So a nice example of this
Dialogue: 0,0:13:04.54,0:13:06.57,Default,,0000,0000,0000,,came from last year and swine flu.
Dialogue: 0,0:13:07.75,0:13:09.92,Default,,0000,0000,0000,,When swine flu first appeared,
Dialogue: 0,0:13:09.92,0:13:12.90,Default,,0000,0000,0000,,the initial news caused\Na lot of overreaction.
Dialogue: 0,0:13:13.45,0:13:15.40,Default,,0000,0000,0000,,Now it had a name,
Dialogue: 0,0:13:15.40,0:13:17.69,Default,,0000,0000,0000,,which made it scarier\Nthan the regular flu,
Dialogue: 0,0:13:17.69,0:13:19.77,Default,,0000,0000,0000,,even though it was more deadly.
Dialogue: 0,0:13:19.77,0:13:22.91,Default,,0000,0000,0000,,And people thought doctors\Nshould be able to deal with it.
Dialogue: 0,0:13:23.24,0:13:25.82,Default,,0000,0000,0000,,So there was that feeling\Nof lack of control.
Dialogue: 0,0:13:25.82,0:13:27.18,Default,,0000,0000,0000,,And those two things
Dialogue: 0,0:13:27.18,0:13:28.93,Default,,0000,0000,0000,,made the risk more than it was.
Dialogue: 0,0:13:28.93,0:13:32.32,Default,,0000,0000,0000,,As the novelty wore off,\Nthe months went by,
Dialogue: 0,0:13:32.32,0:13:33.99,Default,,0000,0000,0000,,there was some amount of tolerance,
Dialogue: 0,0:13:33.99,0:13:35.64,Default,,0000,0000,0000,,people got used to it.
Dialogue: 0,0:13:36.20,0:13:38.96,Default,,0000,0000,0000,,There was no new data,\Nbut there was less fear.
Dialogue: 0,0:13:38.96,0:13:40.67,Default,,0000,0000,0000,,By autumn,
Dialogue: 0,0:13:40.67,0:13:42.72,Default,,0000,0000,0000,,people thought
Dialogue: 0,0:13:42.72,0:13:45.46,Default,,0000,0000,0000,,the doctors should have solved this\Nalready.
Dialogue: 0,0:13:45.46,0:13:47.22,Default,,0000,0000,0000,,And there's kind of a bifurcation --
Dialogue: 0,0:13:47.22,0:13:48.59,Default,,0000,0000,0000,,people had to choose
Dialogue: 0,0:13:48.59,0:13:51.43,Default,,0000,0000,0000,,between fear and acceptance --
Dialogue: 0,0:13:54.12,0:13:55.87,Default,,0000,0000,0000,,actually fear and indifference --
Dialogue: 0,0:13:55.87,0:13:58.27,Default,,0000,0000,0000,,they kind of chose suspicion.
Dialogue: 0,0:13:58.92,0:14:01.79,Default,,0000,0000,0000,,And when the vaccine appeared last winter,
Dialogue: 0,0:14:01.79,0:14:04.42,Default,,0000,0000,0000,,there were a lot of people\N-- a surprising number --
Dialogue: 0,0:14:04.42,0:14:06.58,Default,,0000,0000,0000,,who refused to get it --
Dialogue: 0,0:14:08.42,0:14:10.14,Default,,0000,0000,0000,,as a nice example
Dialogue: 0,0:14:10.14,0:14:13.93,Default,,0000,0000,0000,,of how people's feelings of security\Nchange, how their model changes,
Dialogue: 0,0:14:13.93,0:14:15.60,Default,,0000,0000,0000,,sort of wildly
Dialogue: 0,0:14:15.60,0:14:17.44,Default,,0000,0000,0000,,with no new information,
Dialogue: 0,0:14:17.44,0:14:19.09,Default,,0000,0000,0000,,with no new input.
Dialogue: 0,0:14:20.22,0:14:22.58,Default,,0000,0000,0000,,This kind of thing happens a lot.
Dialogue: 0,0:14:22.58,0:14:24.81,Default,,0000,0000,0000,,I'm going to give one more complication.
Dialogue: 0,0:14:24.81,0:14:27.25,Default,,0000,0000,0000,,We have feeling, model, reality.
Dialogue: 0,0:14:28.23,0:14:30.90,Default,,0000,0000,0000,,I have a very relativistic view\Nof security.
Dialogue: 0,0:14:30.90,0:14:33.10,Default,,0000,0000,0000,,I think it depends on the observer.
Dialogue: 0,0:14:33.10,0:14:35.05,Default,,0000,0000,0000,,And most security decisions
Dialogue: 0,0:14:35.05,0:14:38.29,Default,,0000,0000,0000,,have a variety of people involved.
Dialogue: 0,0:14:39.31,0:14:41.23,Default,,0000,0000,0000,,And stakeholders
Dialogue: 0,0:14:41.23,0:14:43.94,Default,,0000,0000,0000,,with specific trade-offs
Dialogue: 0,0:14:43.94,0:14:46.26,Default,,0000,0000,0000,,will try to influence the decision.
Dialogue: 0,0:14:46.26,0:14:48.31,Default,,0000,0000,0000,,And I call that their agenda.
Dialogue: 0,0:14:49.34,0:14:50.73,Default,,0000,0000,0000,,And you see agenda --
Dialogue: 0,0:14:50.73,0:14:52.84,Default,,0000,0000,0000,,this is marketing, this is politics --
Dialogue: 0,0:14:52.84,0:14:56.24,Default,,0000,0000,0000,,trying to convince you to have\None model versus another,
Dialogue: 0,0:14:56.24,0:14:58.32,Default,,0000,0000,0000,,trying to convince you to ignore a model
Dialogue: 0,0:14:58.32,0:15:00.89,Default,,0000,0000,0000,,and trust your feelings,
Dialogue: 0,0:15:00.89,0:15:04.11,Default,,0000,0000,0000,,marginalizing people\Nwith models you don't like.
Dialogue: 0,0:15:04.60,0:15:06.52,Default,,0000,0000,0000,,This is not uncommon.
Dialogue: 0,0:15:07.23,0:15:10.54,Default,,0000,0000,0000,,An example, a great example,\Nis the risk of smoking.
Dialogue: 0,0:15:11.52,0:15:14.43,Default,,0000,0000,0000,,In the history of the past 50 years,\Nthe smoking risk
Dialogue: 0,0:15:14.43,0:15:16.59,Default,,0000,0000,0000,,shows how a model changes,
Dialogue: 0,0:15:16.59,0:15:18.97,Default,,0000,0000,0000,,and it also shows\Nhow an industry fights against
Dialogue: 0,0:15:18.97,0:15:20.68,Default,,0000,0000,0000,,a model it doesn't like.
Dialogue: 0,0:15:21.87,0:15:24.96,Default,,0000,0000,0000,,Compare that\Nto the secondhand smoke debate --
Dialogue: 0,0:15:24.96,0:15:27.46,Default,,0000,0000,0000,,probably about 20 years behind.
Dialogue: 0,0:15:27.46,0:15:29.54,Default,,0000,0000,0000,,Think about seat belts.
Dialogue: 0,0:15:29.54,0:15:31.70,Default,,0000,0000,0000,,When I was a kid, no one wore a seat belt.
Dialogue: 0,0:15:31.70,0:15:33.52,Default,,0000,0000,0000,,Nowadays, no kid will let you drive
Dialogue: 0,0:15:33.52,0:15:35.90,Default,,0000,0000,0000,,if you're not wearing a seat belt.
Dialogue: 0,0:15:36.57,0:15:39.21,Default,,0000,0000,0000,,Compare that to the airbag debate --
Dialogue: 0,0:15:39.21,0:15:41.65,Default,,0000,0000,0000,,probably about 30 years behind.
Dialogue: 0,0:15:42.32,0:15:44.79,Default,,0000,0000,0000,,All examples of models changing.
Dialogue: 0,0:15:46.94,0:15:50.17,Default,,0000,0000,0000,,What we learn is that\Nchanging models is hard.
Dialogue: 0,0:15:50.17,0:15:52.70,Default,,0000,0000,0000,,Models are hard to dislodge.
Dialogue: 0,0:15:52.70,0:15:54.58,Default,,0000,0000,0000,,If they equal your feelings,
Dialogue: 0,0:15:54.58,0:15:56.52,Default,,0000,0000,0000,,you don't even know you have a model.
Dialogue: 0,0:15:57.34,0:15:59.25,Default,,0000,0000,0000,,And there's another cognitive bias
Dialogue: 0,0:15:59.25,0:16:01.24,Default,,0000,0000,0000,,I'll call confirmation bias,
Dialogue: 0,0:16:01.24,0:16:03.31,Default,,0000,0000,0000,,where we tend to accept data
Dialogue: 0,0:16:03.31,0:16:05.69,Default,,0000,0000,0000,,that confirms our beliefs
Dialogue: 0,0:16:05.69,0:16:08.50,Default,,0000,0000,0000,,and reject data\Nthat contradicts our beliefs.
Dialogue: 0,0:16:13.83,0:16:16.24,Default,,0000,0000,0000,,So evidence against our model,
Dialogue: 0,0:16:16.24,0:16:18.94,Default,,0000,0000,0000,,we're likely to ignore,\Neven if it's compelling.
Dialogue: 0,0:16:18.94,0:16:21.90,Default,,0000,0000,0000,,It has to get very compelling\Nbefore we'll pay attention.
Dialogue: 0,0:16:22.98,0:16:25.91,Default,,0000,0000,0000,,New models that extend\Nlong periods of time are hard.
Dialogue: 0,0:16:25.91,0:16:27.53,Default,,0000,0000,0000,,Global warming is a great example.
Dialogue: 0,0:16:27.53,0:16:28.89,Default,,0000,0000,0000,,We're terrible
Dialogue: 0,0:16:28.89,0:16:30.94,Default,,0000,0000,0000,,at models that span 80 years.
Dialogue: 0,0:16:31.19,0:16:33.17,Default,,0000,0000,0000,,We can do to the next harvest.
Dialogue: 0,0:16:33.17,0:16:35.99,Default,,0000,0000,0000,,We can often do until our kids grow up.
Dialogue: 0,0:16:35.99,0:16:38.52,Default,,0000,0000,0000,,But 80 years, we're just not good at.
Dialogue: 0,0:16:39.15,0:16:41.44,Default,,0000,0000,0000,,So it's a very hard model to accept.
Dialogue: 0,0:16:42.26,0:16:45.51,Default,,0000,0000,0000,,We can have both models\Nin our head simultaneously,
Dialogue: 0,0:16:46.01,0:16:49.00,Default,,0000,0000,0000,,right, that kind of problem
Dialogue: 0,0:16:49.65,0:16:52.53,Default,,0000,0000,0000,,where we're holding both beliefs together,
Dialogue: 0,0:16:52.83,0:16:54.58,Default,,0000,0000,0000,,right, the cognitive dissonance.
Dialogue: 0,0:16:54.58,0:16:55.91,Default,,0000,0000,0000,,Eventually,
Dialogue: 0,0:16:55.91,0:16:58.21,Default,,0000,0000,0000,,the new model will replace the old model.
Dialogue: 0,0:16:58.21,0:17:01.05,Default,,0000,0000,0000,,Strong feelings can create a model.
Dialogue: 0,0:17:01.76,0:17:04.75,Default,,0000,0000,0000,,September 11th created a security model
Dialogue: 0,0:17:04.75,0:17:06.67,Default,,0000,0000,0000,,in a lot of people's heads.
Dialogue: 0,0:17:06.67,0:17:10.22,Default,,0000,0000,0000,,Also, personal experiences\Nwith crime can do it,
Dialogue: 0,0:17:10.22,0:17:11.78,Default,,0000,0000,0000,,personal health scare,
Dialogue: 0,0:17:11.78,0:17:14.29,Default,,0000,0000,0000,,a health scare in the news.
Dialogue: 0,0:17:14.29,0:17:16.26,Default,,0000,0000,0000,,You'll see these called flashbulb events
Dialogue: 0,0:17:16.26,0:17:18.01,Default,,0000,0000,0000,,by psychiatrists.
Dialogue: 0,0:17:18.60,0:17:20.84,Default,,0000,0000,0000,,They can create a model instantaneously,
Dialogue: 0,0:17:20.84,0:17:23.05,Default,,0000,0000,0000,,because they're very emotive.
Dialogue: 0,0:17:23.80,0:17:25.69,Default,,0000,0000,0000,,So in the technological world,
Dialogue: 0,0:17:25.69,0:17:27.91,Default,,0000,0000,0000,,we don't have experience
Dialogue: 0,0:17:27.91,0:17:29.66,Default,,0000,0000,0000,,to judge models.
Dialogue: 0,0:17:29.66,0:17:32.36,Default,,0000,0000,0000,,And we rely on others. We rely on proxies.
Dialogue: 0,0:17:32.36,0:17:35.64,Default,,0000,0000,0000,,I mean, this works\Nas long as it's to correct others.
Dialogue: 0,0:17:35.64,0:17:38.33,Default,,0000,0000,0000,,We rely on government agencies
Dialogue: 0,0:17:38.33,0:17:41.65,Default,,0000,0000,0000,,to tell us what pharmaceuticals are safe.
Dialogue: 0,0:17:42.70,0:17:44.48,Default,,0000,0000,0000,,I flew here yesterday.
Dialogue: 0,0:17:44.48,0:17:47.00,Default,,0000,0000,0000,,I didn't check the airplane.
Dialogue: 0,0:17:47.00,0:17:49.16,Default,,0000,0000,0000,,I relied on some other group
Dialogue: 0,0:17:49.16,0:17:51.66,Default,,0000,0000,0000,,to determine whether\Nmy plane was safe to fly.
Dialogue: 0,0:17:51.66,0:17:55.20,Default,,0000,0000,0000,,We're here, none of us fear\Nthe roof is going to collapse on us,
Dialogue: 0,0:17:55.20,0:17:57.18,Default,,0000,0000,0000,,not because we checked,
Dialogue: 0,0:17:57.18,0:17:59.39,Default,,0000,0000,0000,,but because we're pretty sure
Dialogue: 0,0:17:59.39,0:18:01.53,Default,,0000,0000,0000,,the building codes here are good.
Dialogue: 0,0:18:02.89,0:18:05.00,Default,,0000,0000,0000,,It's a model we just accept
Dialogue: 0,0:18:05.00,0:18:07.22,Default,,0000,0000,0000,,pretty much by faith.
Dialogue: 0,0:18:07.64,0:18:09.59,Default,,0000,0000,0000,,And that's okay.
Dialogue: 0,0:18:12.02,0:18:14.29,Default,,0000,0000,0000,,Now, what we want
Dialogue: 0,0:18:14.29,0:18:16.38,Default,,0000,0000,0000,,is people to get familiar enough
Dialogue: 0,0:18:16.38,0:18:18.27,Default,,0000,0000,0000,,with better models --
Dialogue: 0,0:18:18.27,0:18:20.36,Default,,0000,0000,0000,,have it reflected in their feelings --
Dialogue: 0,0:18:20.36,0:18:23.03,Default,,0000,0000,0000,,to allow them to make security trade-offs.
Dialogue: 0,0:18:24.01,0:18:26.22,Default,,0000,0000,0000,,Now when these go out of whack,
Dialogue: 0,0:18:26.22,0:18:27.90,Default,,0000,0000,0000,,you have two options.
Dialogue: 0,0:18:27.90,0:18:30.22,Default,,0000,0000,0000,,One, you can fix people's feelings,
Dialogue: 0,0:18:30.22,0:18:32.24,Default,,0000,0000,0000,,directly appeal to feelings.
Dialogue: 0,0:18:32.24,0:18:34.69,Default,,0000,0000,0000,,It's manipulation, but it can work.
Dialogue: 0,0:18:35.46,0:18:37.23,Default,,0000,0000,0000,,The second, more honest way
Dialogue: 0,0:18:37.23,0:18:39.63,Default,,0000,0000,0000,,is to actually fix the model.
Dialogue: 0,0:18:40.92,0:18:42.96,Default,,0000,0000,0000,,Change happens slowly.
Dialogue: 0,0:18:42.96,0:18:45.50,Default,,0000,0000,0000,,The smoking debate took 40 years,
Dialogue: 0,0:18:45.50,0:18:47.48,Default,,0000,0000,0000,,and that was an easy one.
Dialogue: 0,0:18:49.70,0:18:51.76,Default,,0000,0000,0000,,Some of this stuff is hard.
Dialogue: 0,0:18:51.76,0:18:53.04,Default,,0000,0000,0000,,I mean really though,
Dialogue: 0,0:18:53.04,0:18:55.31,Default,,0000,0000,0000,,information seems like our best hope.
Dialogue: 0,0:18:55.31,0:18:56.84,Default,,0000,0000,0000,,And I lied.
Dialogue: 0,0:18:56.84,0:18:59.62,Default,,0000,0000,0000,,Remember I said feeling, model, reality;
Dialogue: 0,0:18:59.62,0:19:02.04,Default,,0000,0000,0000,,I said reality doesn't change.\NIt actually does.
Dialogue: 0,0:19:02.04,0:19:03.92,Default,,0000,0000,0000,,We live in a technological world;
Dialogue: 0,0:19:03.92,0:19:06.32,Default,,0000,0000,0000,,reality changes all the time.
Dialogue: 0,0:19:07.18,0:19:09.88,Default,,0000,0000,0000,,So we might have\N-- for the first time in our species --
Dialogue: 0,0:19:09.88,0:19:13.17,Default,,0000,0000,0000,,feeling chases model,\Nmodel chases reality, reality's moving --
Dialogue: 0,0:19:13.17,0:19:15.36,Default,,0000,0000,0000,,they might never catch up.
Dialogue: 0,0:19:16.50,0:19:18.30,Default,,0000,0000,0000,,We don't know.
Dialogue: 0,0:19:19.86,0:19:21.71,Default,,0000,0000,0000,,But in the long-term,
Dialogue: 0,0:19:21.71,0:19:23.62,Default,,0000,0000,0000,,both feeling and reality are important.
Dialogue: 0,0:19:23.62,0:19:26.89,Default,,0000,0000,0000,,And I want to close with two quick stories\Nto illustrate this.
Dialogue: 0,0:19:26.89,0:19:29.50,Default,,0000,0000,0000,,1982 -- I don't know if people\Nwill remember this --
Dialogue: 0,0:19:29.50,0:19:31.57,Default,,0000,0000,0000,,there was a short epidemic
Dialogue: 0,0:19:31.57,0:19:33.71,Default,,0000,0000,0000,,of Tylenol poisonings\Nin the United States.
Dialogue: 0,0:19:33.71,0:19:36.77,Default,,0000,0000,0000,,It's a horrific story.\NSomeone took a bottle of Tylenol,
Dialogue: 0,0:19:36.77,0:19:40.37,Default,,0000,0000,0000,,put poison in it, closed it up,\Nput it back on the shelf.
Dialogue: 0,0:19:40.37,0:19:42.33,Default,,0000,0000,0000,,Someone else bought it and died.
Dialogue: 0,0:19:42.33,0:19:43.98,Default,,0000,0000,0000,,This terrified people.
Dialogue: 0,0:19:43.98,0:19:45.97,Default,,0000,0000,0000,,There were a couple of copycat attacks.
Dialogue: 0,0:19:45.97,0:19:48.99,Default,,0000,0000,0000,,There wasn't any real risk,\Nbut people were scared.
Dialogue: 0,0:19:48.99,0:19:50.31,Default,,0000,0000,0000,,And this is how
Dialogue: 0,0:19:50.31,0:19:52.94,Default,,0000,0000,0000,,the tamper-proof drug industry\Nwas invented.
Dialogue: 0,0:19:52.94,0:19:55.10,Default,,0000,0000,0000,,Those tamper-proof caps,\Nthat came from this.
Dialogue: 0,0:19:55.10,0:19:56.80,Default,,0000,0000,0000,,It's complete security theater.
Dialogue: 0,0:19:56.80,0:19:59.68,Default,,0000,0000,0000,,As a homework assignment,\Nthink of 10 ways to get around it.
Dialogue: 0,0:19:59.68,0:20:01.56,Default,,0000,0000,0000,,I'll give you one, a syringe.
Dialogue: 0,0:20:01.56,0:20:04.49,Default,,0000,0000,0000,,But it made people feel better.
Dialogue: 0,0:20:05.02,0:20:06.93,Default,,0000,0000,0000,,It made their feeling of security
Dialogue: 0,0:20:06.93,0:20:08.59,Default,,0000,0000,0000,,more match the reality.
Dialogue: 0,0:20:09.63,0:20:12.47,Default,,0000,0000,0000,,Last story, a few years ago,\Na friend of mine gave birth.
Dialogue: 0,0:20:12.47,0:20:13.92,Default,,0000,0000,0000,,I visit her in the hospital.
Dialogue: 0,0:20:13.92,0:20:16.10,Default,,0000,0000,0000,,It turns out when a baby's born now,
Dialogue: 0,0:20:16.10,0:20:17.93,Default,,0000,0000,0000,,they put an RFID bracelet on the baby,
Dialogue: 0,0:20:17.93,0:20:19.78,Default,,0000,0000,0000,,put a corresponding one on the mother,
Dialogue: 0,0:20:19.78,0:20:23.40,Default,,0000,0000,0000,,so if anyone other than the mother\Ntakes the baby out of the maternity ward,
Dialogue: 0,0:20:23.40,0:20:24.34,Default,,0000,0000,0000,,an alarm goes off.
Dialogue: 0,0:20:24.34,0:20:26.20,Default,,0000,0000,0000,,I said, "Well, that's kind of neat.
Dialogue: 0,0:20:26.20,0:20:28.81,Default,,0000,0000,0000,,I wonder how rampant baby snatching is
Dialogue: 0,0:20:28.81,0:20:30.00,Default,,0000,0000,0000,,out of hospitals."
Dialogue: 0,0:20:30.00,0:20:31.61,Default,,0000,0000,0000,,I go home, I look it up.
Dialogue: 0,0:20:31.61,0:20:34.00,Default,,0000,0000,0000,,It basically never happens.
Dialogue: 0,0:20:34.62,0:20:36.00,Default,,0000,0000,0000,,But if you think about it,
Dialogue: 0,0:20:36.00,0:20:38.00,Default,,0000,0000,0000,,if you are a hospital,
Dialogue: 0,0:20:38.00,0:20:40.41,Default,,0000,0000,0000,,and you need to take a baby\Naway from its mother,
Dialogue: 0,0:20:40.41,0:20:42.07,Default,,0000,0000,0000,,out of the room to run some tests,
Dialogue: 0,0:20:42.07,0:20:44.13,Default,,0000,0000,0000,,you better have some\Ngood security theater,
Dialogue: 0,0:20:44.13,0:20:46.00,Default,,0000,0000,0000,,or she's going to rip your arm off.
Dialogue: 0,0:20:46.00,0:20:48.00,Default,,0000,0000,0000,,(Laughter)
Dialogue: 0,0:20:48.00,0:20:50.00,Default,,0000,0000,0000,,So it's important for us,
Dialogue: 0,0:20:50.00,0:20:52.00,Default,,0000,0000,0000,,those of us who design security,
Dialogue: 0,0:20:52.00,0:20:55.00,Default,,0000,0000,0000,,who look at security policy,
Dialogue: 0,0:20:55.00,0:20:57.00,Default,,0000,0000,0000,,or even look at public policy
Dialogue: 0,0:20:57.00,0:20:59.00,Default,,0000,0000,0000,,in ways that affect security.
Dialogue: 0,0:20:59.00,0:21:02.00,Default,,0000,0000,0000,,It's not just reality;\Nit's feeling and reality.
Dialogue: 0,0:21:02.00,0:21:04.00,Default,,0000,0000,0000,,What's important
Dialogue: 0,0:21:04.00,0:21:06.00,Default,,0000,0000,0000,,is that they be about the same.
Dialogue: 0,0:21:06.00,0:21:08.59,Default,,0000,0000,0000,,It's important that,\Nif our feelings match reality,
Dialogue: 0,0:21:08.59,0:21:10.96,Default,,0000,0000,0000,,we make better security trade-offs.
Dialogue: 0,0:21:10.96,0:21:12.00,Default,,0000,0000,0000,,Thank you.
Dialogue: 0,0:21:12.00,0:21:13.52,Default,,0000,0000,0000,,(Applause)