In the early days after I started writing up pieces on this blog, I regularly mentioned my admiration for Bruce Schneier the writer of this blog, that security analysts with really unique view of security. He distills principles for security advice from both economics and technology and delivers very useful insights on what the causes and fixes for poor security both in the real and virtual worlds are. To my mind, two factors that he stresses again and again are that secrecy is not equal to more security and that there's a lot of security theatre which does not pass a cost-effectiveness test but it helps agencies and software makers to look busy and concerned.
As required, inspiration for this blog post has occurred from my reading of the supremely interesting series of pieces on lock picking by Tom Vanderbilt on Slate Magazine. In the latest piece, the author discusses why it is virtually impossible to make a absolutely safe lock. Curiously, the conclusion is very similar to Bruce Schneier's two principles which asks for understanding that software and general security requires trade offs and also that notwithstanding the claims by lock makers, secrecy does not make a lock any safer from individuals intent on breaking it.
Essentially, the series of articles by Tom Vanderbilt merely confirm the assertion by Bruce Schneier that principles of good security are important and that society would be better served if the principles were applied more generally. For general consumers of products such as anti-virus software and home owners, security requires trade offs and is an arms race of sorts. There is no absolute instrument to ensure that all households and all people are safe in all activities. Society would be much better if this fact was understood more broadly.
No comments:
Post a Comment