If I were looking for a "winner" for this, I'd be especially interested in measures that end up reducing security rather than improving it.
One category of these is those that improve one person or group's security a little but degrade someone else's a lot. An example of this would be the "require identification" fad, in which personal information is collected for even the most trivial transactions, creating attractive databases for identity theft and other mischief. I was recently asked, "for security reasons", by a department store to provide my social security number when I tried to exchange a shirt that was the wrong size that I had bought the day before for one of the correct size (When I offered to just leave the item there and dispute the original charge on my credit card, the clerk gave in and just wrote some made up numbers on the form.) An even stupider category includes mechanisms that end up degrading security for exactly the same people they supposedly are trying to protect. My favorite example concerns safety, not security, but it was just this past weekend, in Washington, DC, and is fresh in my mind. A walkway leading to a Metro station was closed because of icy conditions that made it too slippery and dangerous to cross. They posted a security guard at one end of the walkway to stop people, but not the other end, where there was no indication at all that anything was wrong. How do I know this? I crossed from wrong (unguarded) end, almost breaking my neck before I got to the security guard and the sign redirecting people to another entrance. He tried to send me back across the icy path, having been instructed not to let anyone go past his checkpoint. The most prevalent category, though, is where "security reasons" are invoked to explain away almost any inconvenience, expense, or indignity, no matter how unconnected to security it may be. "For security reasons" is now a mantra that can be used with a straight face to prefix almost any bad news. "For security reasons, we have raised our prices." > "Human rights watchdog Privacy International has launched a quest to > find the World's Most Stupid Security Measure. " > > > http://www.theregister.co.uk/content/55/29279.html > > --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
