“A nearly impenetrable thicket of geekitude…”

Schneier at Turnrow

This last week, the security people at my wife’s place of work have instituted a new policy of X-raying lunchtime sandwiches purchased outside the building. Yesterday, a security guy I’ve been saying “hi” to regularly for a year asked me to present a credential I’ve never had (and then let me talk him out of it, which didn’t improve my opinion much). And of course, our politicians have gone into emergency “let’s sneak some laws past quick, before people start thinking again” mode.

None of this was very surprising; by now everyone is used to the suffocating results of the knee-jerk “must be seen to do something” reaction after a major incident. Whether the security measures imposed make sense in any way is another question, and I’ve always put a lot of it down to woolly thinking.

A newly published interview with Bruce Schneier at Turnrow reminds me that many of these measures make more sense if you think about them as security decisions being taken by someone else, ostensibly for your benefit, but within the decision-maker’s agenda rather than your own. Cutting it down to the bone, if someone is making a cost/benefit analysis on your behalf, they are likely to make sure that they will benefit while you pay the cost. If you can throw the cost (in money, convenience, or loss of civil liberties) over the wall to someone else you can justify almost anything, no matter how small the benefit.

This is an excellent interview, distilling most of the important points of Schneier’s book Beyond Fear into a couple of pages. Worth reading, and worth passing around to people when they ask why something incomprehensible is being foisted on them in the name of “security”.

[via Schneier on Security, of course]