Shostack + Friends Blog Archive


Age and Perversity in Computer Security

I’ve observed a phenomenon in computer security: when you want something to be easy, it’s hard, and when you want the same thing to be hard, it’s easy. For example, hard drives fail at seemingly random, and it’s hard to recover data. When you want to destroy the data, it’s surprisingly hard.

I call this my law of perversity in computer security.

Today, Kashmir Hill brings a great example in “So which is it?”

Privacy online

Contradiction much? When it comes to the state of online privacy, the media tend to send mixed messages, but this is one of the more extreme examples I’ve seen.

It’s just perverse: it’s hard to be sure when someone wants to rely on the data to protect kids, but it’s easy (for marketing firms) when we prefer to remain private.

2 comments on "Age and Perversity in Computer Security"

  • peter honeyman says:

    i think this is related to the observation (attributed to mark twain) that a lie can travel halfway around the world while the truth is putting on its shoes.

  • Jack Daniel says:

    In many situations I think this apparent paradox comes down to the level of required accuracy. If I were smarter I might even try to work the word asymmetry in here.
    In the age question, 90% accuracy would thrill the marketeers; they are trying to narrow the broadcast scope of their message and that would be a big improvement. Conversely (and perversely?) 90% accuracy in “protecting children” would be completely unacceptable.

Comments are closed.