A Bruce Schneier essay from IEEE Security & Privacy describes a series of experiments in logical thinking, through which some of our security blindspots come to light:
Consider the Wason selection task. Subjects are presented with four cards next to each other on a table. Each card represents a person, with each side listing some statement about that person. The subject is then given a general rule and asked which cards he would have to turn over to ensure that the four people satisfied that rule. For example, the general rule might be, "If a person travels to Boston, then he or she takes a plane." The four cards might correspond to travelers and have a destination on one side and a mode of transport on the other. On the side facing the subject, they read: "went to Boston," "went to New York," "took a plane," and "took a car." Formal logic states that the rule is violated if someone goes to Boston without taking a plane. Translating into propositional calculus, there's the general rule: if P, then Q. The four cards are "P," "not P," "Q," and "not Q." To verify that "if P, then Q" is a valid rule, you have to verify modus ponens by turning over the "P" card and making sure that the reverse says "Q." To verify modus tollens, you turn over the "not Q" card and make sure that the reverse doesn't say "P."
Shifting back to the example, you need to turn over the "went to Boston" card to make sure that person took a plane, and you need to turn over the "took a car" card to make sure that person didn't go to Boston. You don't — as many people think — need to turn over the "took a plane" card to see if it says "went to Boston" because you don't care. The person might have been flying to Boston, New York, San Francisco, or London. The rule only says that people going to Boston fly; it doesn't break the rule if someone flies elsewhere.
(Image: Theory of Boundaries, 1969-1970, chalk on dry pigment on wall by Mel Bochner, a Creative Commons Attribution (2.0) image from nostri-imago's photostream)
