Stupid security measures, a contest

Matt Blaze mab at
Wed Feb 12 18:10:56 EST 2003

If I were looking for a "winner" for this, I'd be especially interested
in measures that end up reducing security rather than improving it.

One category of these is those that improve one person or group's
security a little but degrade someone else's a lot.  An example of
this would be the "require identification" fad, in which personal
information is collected for even the most trivial transactions,
creating attractive databases for identity theft and other mischief.
I was recently asked, "for security reasons", by a department store
to provide my social security number when I tried to exchange a shirt
that was the wrong size that I had bought the day before for one of
the correct size   (When I offered to just leave the item there and
dispute the original charge on my credit card, the clerk gave in and
just wrote some made up numbers on the form.)

An even stupider category includes mechanisms that end up degrading
security for exactly the same people they supposedly are trying to
protect.  My favorite example concerns safety, not security, but
it was just this past weekend, in Washington, DC, and is fresh
in my mind.   A walkway leading to a Metro station was closed
because of icy conditions that made it too slippery and dangerous
to cross.  They posted a security guard at one end of the walkway to
stop people, but not the other end, where there was no indication
at all that anything was wrong.  How do I know this?   I crossed from
wrong (unguarded) end, almost breaking my neck before I got to the
security guard and the sign redirecting people to another entrance.
He tried to send me back across the icy path, having been instructed not
to let anyone go past his checkpoint.

The most prevalent category, though, is where "security reasons" are
invoked to explain away almost any inconvenience, expense, or indignity,
no matter how unconnected to security it may be.  "For security reasons"
is now a mantra that can be used with a straight face to prefix almost
any bad news.  "For security reasons, we have raised our prices."

> "Human rights watchdog Privacy International has launched a quest to
> find the World's Most Stupid Security Measure. "

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list