Astrophysics Lecture. “Sorry, did you just say that our earth will burn up in the sun in 5 million years ??!” “In 5 billion years.” Sigh of relief: “Thank God, I thought …”
He has a weak point for risks and writing about cyber: In his main job security researcher at HiSolutions AG, David Fuhr rages and rages on in this column about current incidents and general truths of information security. In addition to new articles, articles already printed in the iX appear here – always with a tongue-in-cheek update on the current security situation.
We were born to deal with risks. And already in the evolutionary. When risk means the fact that failure, loss and death are possible in an unpredictable environment, it describes the only constant element of our development on this planet.
In the primordial soup, dice had to be rolled quite often until stable, self-reproducing amino acids aka life emerged, just as coronaviruses play roulette billions of times a day today – and sometimes accidentally get in our way.
It therefore seems to border on a miracle that we are not yet extinct. Whereby: We are, already a hundred thousand times! Because what we are today are the few mutant lines that it has not gotten away over the eons – the sparsest leaves on an evolutionary tree, 99.99% of which has long since died. So shouldn’t we be very good at handling risks? Shouldn’t we be the galaxy’s risk management professionals? Yes and no.
The “trial and error” system
Evolution does not teach anything, it learns as much as possible, through trial and error, and that only at the system level. We personally do not learn in this strangest school system in the universe. We only try out what has been fuzzy programmed into us and are judged on success. The most powerful framework in the history of life on earth is not “divide and rule”, but “Fuck around and find out” – or “Fuck around and die out”.
This works very well for certain adaptation steps: after all, we were able to leave the water, climb down from the trees, beat each other with sticks and shoot cars into space. What we have not learned, however, could not learn, is how to avoid major catastrophes.
What drives us in the world is an insatiable FOMO (Fear of Missing Out). In evolutionary terms, grabbing resources made sense. The FODO (Fear of Dying Out) on the other hand, i.e. the fear of becoming extinct as a species, we naturally do not know, since such an event has obviously not yet occurred.
Successful model abolished
Biology has actually given us a conservative risk behavior: We save energy, follow protective instincts and, if necessary, play dead. Surprisingly, this successful model was not continued when we came up with the crazy idea to start thinking. Our superpower to (sometimes) defy reflexes that have been tried and tested for thousands of years is anything but rational.
Since the end of the 1970s, psycho-economic research under the heading “Prospect Theory” has shown that we like to play, especially when it comes to survival. If there is something to be won, we prefer to play it safe and not take any risks. Because of YOLO (You Only Live Once)! If, on the other hand, we could get on the collar, we like to try to cheat fate.
In evolutionary terms, that even makes sense: When the going gets tough, it is better for the species if a few get through happily than if everyone goes down the drain in a mediocre way. It only became a problem when we came up with the idea that a few should decide for many or even all. YODA (You Only Die Alone) is no longer valid in times of representative democracy and pandemic; one big mistake in decision-making can lead all of humanity to or even into the abyss, whether in nuclear policy or climate change.
Wrong weighting
It gets downright stupid, however, where we already know the antidote and its benefits. Two current examples: Multi-factor authentication means a certain calculable effort and a certain calculable amount of availability problems. The attractiveness of the chance that things could go well without 2FA, however, is irrationally rated far too high. The same could be said about many other safety measures, the benefits of which have been scientifically proven (“evidence”).
It is even more extreme when it comes to vaccination: the relatively frequent, mostly insignificant vaccination reactions are weighted disproportionately more heavily than the severe course, which has a lower but significant probability.
What could help is a reframing of the situation: If I present 2FA not as an attempt to ward off damage, but as an attempt to increase the level of security, according to Prospect Theory, the relative evaluation should improve compared to doing nothing. Likewise, a vaccination that is touted as a reliable improvement in my immune system against a virus should be easier to get to men and women than one that could ward off the worst.
All of this has an interesting consequence for us: If we want to achieve something, we should no longer try to “sell” both through fear, corona and security measures. And that takes courage.
This column was published in iX 01/2022.
(ur)