Here’s a snip from his June Crypto-Gram (you should subscribe to this!):
When I talk about “Liars and Outliers” to security audiences, one of the things I stress is our traditional security focus — on technical countermeasures — is much narrower than it could be. Leveraging moral, reputational, and institutional pressures are likely to be much more effective in motivating cooperative behavior. This story illustrates the point. It’s about the psychology of fraud, “why good people do bad things.”
Along similar lines, some years ago Ross Anderson made the suggestion that the webpages of people’s online bank accounts should include their photographs, based on the research that it’s harder to commit fraud against someone whom you identify with as a person. Two excellent papers on this topic: 1 2
This really resonates with me. I’d like to think, generally speaking, that there aren’t good guys and bad guys, just people with different perspectives on different situations and institutions, and that pretty much everyone has some form of moral code, even possibly overlapping in many areas. Isn’t that really our only hope as a species?