Shostack + Friends Blog Archive


Fake Fish and Security

fish on a dish.jpg
There was a very interesting article in the New York Times, “Fish Tale has DNA Hook,” in which two high school students used DNA testing to discover that nearly 1/4 of the sushi they tested and identified was mis-labeled. The article only identifies one of the vendors:

Dr. Stoeckle was willing to divulge the name of one fish market whose products were accurately labeled in the test: Leonards’ Seafood and Prime Meats on Third Avenue. John Leonard, the owner, said he was not surprised to find that his products passed the bar code test. “We go down and pick the fish out ourselves,” he said. “We know what we’re doing.” As for the technology, Mr. Leonard said, “it’s good for the public,” since “it would probably keep restaurateurs and owners of markets more on their toes.”

I was amused by this, but Robin Hanson had an interesting comment:

This is a huge fraud rate. Will diners continue to tolerate it? Probably, yes – I suspect diners care more about affiliating with impressive cooks and fellow diners than they do that fish is correctly labeled.

I think that there’s a related phenomenon in software security. It’s hard to accurately identify secure or insecure software. It’s usually easier to look at other elements of what makes a program useful. Which makes for a very fishy market.

Photo: “Dinner at Masa: O! Fishy fishy fishy fish” by mobil’homme.

One comment on "Fake Fish and Security"

  • Davi Ottenheimer says:

    I thought it more interesting that the student doing the experiment was the son of a man developing a market for genetic barcoding. “Hey dad, test my sushi”
    This looks more like a carefully crafted media event than a scientific methodology. I have to wonder whether they are really maintaining independence through the marketing.
    I wrote about it here: [link no longer works]

Comments are closed.