Ronald Cass’s column about Bernard Madoff is insightful:
The sense of common heritage, of community, also makes it less seemly to ask hard questions. Pressing a fellow parishioner or club member for hard information is like demanding receipts from your aunt — it just doesn’t feel right. Hucksters know that, they play on it, and they count on our trust to make their confidence games work.
The level of affinity and of trust may be especially high among Jews. The Holocaust and generations of anti-Semitic laws and practices around the world made reliance on other Jews, and care for them, a survival instinct. As a result, Jews are often an easy target both for fund-raising appeals and fraud. But affinity plays a role in many groups, making members more trusting of appeals within the group.
“Affinity groups” (to use modern marketing-speak) may be particularly vulnerable to fraud because trust works both ways. Group members tend to be more trusting of other group members than of outsiders, and this caution toward outsiders protects the group. But it also means that group members tend to let down their guard against other group members. This is OK most of the time because the extra caution about outsiders keeps predators at bay, and business people who gain admittance to the group are more likely to be trustworthy than outsiders are. However, a sociopath who penetrates the group’s defenses may wreak havoc — the single-point-of-failure problem.
This is an inherent weakness of high-value and high-trust organizations, and of any high-stakes situation where trustworthiness is defined as passing one test or as passing a series of tests once. More-competent security and intelligence agencies minimize this problem by encouraging employees to be vigilant about security, by compartmentalizing, by testing employees frequently and by creating internal departments whose job is to maintain the security of the organization. (Less-competent security agencies like the TSA do dumb things like creating a “trusted flier” program.) Competent business organizations use audits and other internal controls to minimize theft of money and physical valuables, and contracts to deter theft of intellectual property. Yet even the CIA and FBI are compromised from time to time, occasionally with disastrous results. A country club or other affinity group with wealthy members — Cass, citing Tocqueville, points out that the USA as a society is particularly rich with such organizations — may be as attractive to thieves and con-men as the CIA is to foreign spies. Yet most such organizations and their members are lax about security and by nature encourage trust rather than suspicion.
Cass is right that this is a problem that won’t be solved by passing laws. Nor would it be solved by the adoption by clubs and religious and civic organizations of stringent security measures. Such organizations, if they become security-minded, tend to create single points of failure. And unlike security agencies they have little control over the behavior of their members. And people who join clubs and other social networks are not usually doing so in order to work toward a common business or national-security agenda that might justify putting up with rigorous security measures, but rather because they want and need to trust people in their communities. The only response that makes sense is for individuals to be more careful about security in their personal and financial affairs, and to diversify their investments along all dimensions. Your social network may remain vulnerable no matter what you do, but you can greatly reduce your risk by not creating single points of failure in your own affairs. Compartmentalize your assets. Don’t put all of your eggs into one basket.
(via Tom Smith)
UPDATE: The game-theory angle.