Sam Varghese
Wednesday, 30 January 2008 06:06
Opinion and Analysis
Page 2 of 4
There was a roar of laughter from the LCA audience at this but everyone settled down when Schneier reminded them that grounding all air traffic was exactly what the US government had done after the incident. It temporarily gave people the feeling of being safe - but obviously could not be persevered with.
Schneier said when it came to the economics of security, once again it was a tradeoff - how much were you spending? And was it worth the risk you were eliminating? "If you take the example of software, you may have to drop a feature set to provide more security - but then you have to weigh up the tradeoff again - do you need that feature set to sell your product to a particular person," he said.
He noted that nobody in the audience was wearing a bulletproof vest - even though that would been a good way of ensuring that they would arrive alive to attend his keynote. But traded off against the inconvenience of wearing such a heavy garment in summer and the lack of fashion sense it would convey, people had chosen not to wear one, he said to peals of laughter.
People tended to over-estimate uncommon risks and play down common ones; they also tended to over-estimate involuntary risk and overplay voluntary risks, Schneier said.
Most of the time this worked reasonably well. But the human brain was optimised to deal with security threats from an age long past and was not used to modern times and all the accompanying threats.
Schneier pointed out that when feeling and reality got out of whack, then fear would influence behaviour.
"If I sell you a lock that does not work, pretty soon you will notice. Until you do, you will have that feeling of security," he said.
