The Deterrence of Deception

Ross AndersonCambridge

Detecting deception

• Jeff Hancock’s demonstration yesterday reminded us that we usually can’t detect deception much better than random

• Yet all societies believe the contrary! • Most think that gaze avoidance is a signal

while others also believe in fidgeting, finger tapping … (see Aldert Vrij’s book)

• So what’s the purpose of looking your counterparts in the eye?

What’s happening here?

Hypotheses

• Big-stakes lies can be different (Robert noted “Darwin the detective”, ten Brinke et al)

• My hypothesis: in-group versus out-group – moving the relationship from “risk” to “vengeance” (this makes the stakes bigger … a vindictive response not a diplomatic one)

• Maybe leaders are also assessing other stuff, such as intelligence, neuroticism, faith …

Hypotheses (2)

• In some activities, deception is part of the game – such as bluffing at poker

• Can you affect online game behaviour by personalising game pages (e.g. David’s “puppy eyes” versus “predator eyes”)?

• Does it work differently for low-stakes lies, such as small-scale credit-card fraud?

• Suggested repersonalisation at SHB last year but still haven’t found the right experimental partner

Future payment page?

Alessandro, you’re about to pay Ross $70.Are you still Alessandro? Password: ******

What is privacy anyway?

• The Internet makes some cheating easier (forging a bank branch) but much cheating harder (fact checking has expanded from witness testimony to writing to science to Google :- )

• How is being deterred by human watchers different from software watchers?

• Many geeks have high privacy preferences but are relaxed about search ads

• Are we more more ready to have our self-delusions punctured by software than by people?

What are the longer term effects?

• Blackstone described the law as “a long march from status to contract”

• Are we on a long march from honor codes to pervasive technical surveillance?

• If so, how does it change power relationships between people, state and corporations?

• Bruce remarked how we’re not as good as the doctors yet at selling our expertise

• What other policy gaps likely to open up?

And finally…

• Eight of us have a big cyber-crime survey paper at WEIS at the end of this month– “traditional” frauds like tax, welfare have indirect

costs < direct costs– in the middle, card fraud has direct and indirect costs

about equal– “modern” crimes have indirect > direct

• Where we can’t leverage human behaviour things can get very hard to control

• And just as terrorism evolves to be annoying, crime will evolve to be inconspicuous