When it comes to security, most people prefer to be completely safe and like to minimise the security risks to the lowest level possible. However, being secure is not always the best option. A determined attacker and a highly secured system may constitute the most dangerous situations. Not necessarily for the system that is protected, but also for yourself.

In some parts of Amsterdam, people are advised to keep their cars unlocked. This way, thieves do not have to smash a window to find out the car is empty. This measure actually constitutes great savings on window repairs, which are not cheap. As another example, in the past, cars got stolen by a smash of the window and some fiddling with the wires. Nowadays, there are cases known where the thieves went inside, held a gun against the head of the target and requested the keys and the paperwork for the car.

In a recent paper by Peter Swire, it is explained why modern technology drives the police to hacking and retrieving information from web application providers. The reason is quite simple: programs like Skype or Dropbox have such good encryption on board that the messages cannot easily be obtained. This leaves them with three options: hacking one of the involved parties, asking such a company to put in a backdoor, or retrieve the data from the provider.

Sometimes Less Is More
As we can see in the given examples, sometimes implementing more security measures means less security in reality. When a very secure car means that I may once find a thief in my bedroom, I would choose a less secure car.

In one of his wonderful comics, Randall Munroe explained what very strong encryption really means: an attacker will not target the encryption, but you. And, rest assured, nobody keeps their passwords secret at gun point. Actually, this is the very reason why bank employees should never know any vital passwords, for the sake of their lives and the security of the money the bank guards.

The Determined Attacker Will Succeed
Even if you are more secure than Fort Knox, a determined attacker will succeed. Of course, chances become increasingly low, but there is always an attack vector you have not thought of. At this point, you do not want perfect security, you want realistic security that protects your valued information or items, but also assures that you do not get harmed when an attacker is determined and smart enough to succeed.

The basic formula is quite simple: if the attacker values the hassle of breaking the security measures less than the reward of gaining his objective, he will try to do so. In other words, for a second-hand bicycle you need a cheap lock, for your money you need a safe, and the nuclear codes you just do not want to possess.

Value Your Possessions Wisely
As I already pointed out, one should value how much security measures his possessions are worth, not only to attackers, but also to himself. For example, I value my photo albums very highly, but no attacker will be able to make any money with it. Comparably, an attacker may value your car much higher than leaving you from harm.

Therefore, it is important to value your possessions wisely. You may bring yourself or your loved ones in danger, because of material issues. You may get someone to invest the time to hack your computer, because you wanted your gossip to be secured.

Insecurity: Not Always a Bad Idea
Yes, adequate security is very important, but one should not get carried away. There are situations where a determined attacker will try to succeed. There are situations where your security measures bring in danger what you value the most. There are situations where more security measures mean less real security. Therefore, try some insecurity for a change!

Tagged with:
 

2 Responses to A Plea for Insecurity

  1. Jeroen says:

    Dear Verberkt Bsc,

    Not to mention the fact that with full security society becomes a place of distrust and parandoid!

    Benjamin Franklin once quoted: ‘Those Who Sacrifice Liberty For Security Deserve Neither.’ Which shows the dillemma between security and liberty.

    Kind Regards,
    Jeroen

  2. Sukalp says:

    Well said Stas..
    @Jeron .. Very True..

Leave a Reply

Your email address will not be published. Required fields are marked *