Privacy and security
how to get it
Why does your computer bother you so much about security, but still isn’t secure? It’s
because users don’t have a model for security, or a simple way to keep important things safe.
CoMPu Ter seCuri TY TodaY is in bad shape: people worry about it a lot and spend a good deal of money on it, but most systems are insecure.
Security is not about perfection. In
principle we can make secure software
and set it up correctly, but in practice
we can’t, for two reasons:
Bugs ˲ : Secure systems are complicated, hence imperfect. Of course
software always has bugs, but even
worse, security must be set up: user accounts and passwords, access control
on resources, and trust relationships
between organizations. In a world of
legacy systems, networked computers,
mobile code, and changing relationships between organizations, setup is
PhotograPh by ian LLoyD
Conflicts ˲ : Even more important,
security gets in the way of other things
you want. In the words of General B. W.
Chidlaw, “If you want security, you
must be prepared for inconvenience.”a
For users and administrators, security
a Chidlaw, B. Dec. 12, 1954. Quoted by the International Spy Museum, Washington D.C.
adds hassle and blocks progress. For
software developers, it interferes with
features and with time to market.
To make things worse, security is
fractal: Each part is as complex as the
whole, and there are always more things
to worry about. Security experts always
have a plausible scenario that demands
a new option, and a plausible threat that
demands a new defense. There’s no resting place on the road to perfection.
Security is really about risk management: balancing the loss from
breaches against the costs of security.
Unfortunately, both are difficult to
measure. Loss is the chance of security breaches times the expense of dealing with them. Cost is partly in dollars
budgeted for firewalls, software, and
help desks but mostly in the time users
spend typing and resetting passwords,
responding to warnings, finding work-arounds so they can do their jobs, and
so forth. Usually all of these factors are
unknown, and people seldom even try
to estimate them.
More broadly, security is about
2 Users, administrators, organizations, and vendors respond to
the incentives they perceive. Users
just want to get their work done; they
don’t have good reasons to value security, and view it as a burden. If it’s hard
or opaque, they will ignore it or work
around it; given today’s poor usability they are probably doing the right
thing. If you force them, less useful
work will get done.
1 Tight security