People need to be informed about security, so they can make intelligent decisions and get the most for their money, said Bruce Schneier, founder and chief technology officer of California-based Counterpane Internet Security.
People are security consumers who weigh the pros and cons and make determinations based on perceptions – some of which are not accurate – Schneier told the crowd during the afternoon keynote address at Wednesdays South Sound Technology Conference 2004, held at the Tacoma Sheraton.
Security is always a trade-off, he said. Theres no such thing as absolute security.
For example, Schneier said he has relatives in New York City who live in a gated community. Theyve given up a little bit of freedom to live in a restricted access area he noted. People make lots of little security-related decisions everyday, he said, that benefit them, including locking the car door and deciding which street to walk down.
Conversely, most people do not wear bulletproof vests, he said, because its not worth the trade-off of donning such a heavy, bulky piece of protection.
Of course, security trade-offs are subjective, depending on your point of view. The question you have to ask yourself, he said, is this: Is this a good use of your security dollar?
Making that decision is sometimes difficult because there is often a difference between real risk and perceived risk, he said.
Pigs are more dangerous than sharks, he quipped, a reference to a list of the most common causes of death in his most recent book, Beyond Fear: Thinking Sensibly About Security in an Uncertain World. Who knew?
There are two culprits, Schneier said, that contribute to peoples misperceptions of risk: the media and technology.
The media exacerbates rare, but spectacular events, but not more dangerous everyday happenings, he said. As an example, he pointed to the fact that airplane crashes receive lots of media coverage, while driving, a statistically much more dangerous mode of travel, does not receive as much. Terrorism, while a real threat, is overblown, he said.
Technology also obscures how things work, he pointed out, causing people to be more afraid than they need to be. People being reluctant to give their credit card number out over the Internet is a good example of this, he said.
The solution to security problems is not to put on a big show that looks good but actually accomplishes little – security theater, as Schneier put it, but to focus on preventative measures/intelligence and emergency response plans. Devoting resources to the middle points of those two opposite spectrums is largely useless, he said.
We (consumers, citizens) need to start paying attention and exercising our aggregate muscle, he said.