From: Rafal Smigrodzki (rms2g@virginia.edu)
Date: Tue Jul 16 2002 - 18:20:21 MDT
Harvey Newstrom wrote:
I don't like gambling with my life, and prefer to get rid of such
gambles wherever possible.
### Yes, me too but all too frequently I don't have enough money to pay.
------
This means I would like to see all bags
scanned in airport security.
### How much (in $$ and travel time) are you willing to pay?
-----
Real security does exist, or else why try? You probably mean perfect
security doesn't exist. This is true. But again, just because it will
never be perfect is not a good argument for accepting weak security.
### No contest here. But poverty is reason enough to accept risks. The
smallest ones you can afford.
------
> Even if it works 99% of the time, the
> attackers just keep retrying until they get through.
>
> ### If it works 99% of the time, it means 99 out of 100 bad guys get
> burned - this is likely to reduce their numbers substantially over time,
> especially measured over evolutionary timeframes.
Get real. Nobody wants to slowly increase security over evolutionary
timeframes.
### Sorry, this is a misunderstanding - I meant that thanks to evolution and
the imperfect but workable ways of weeding out the cheaters, we have
built-in mechanisms restricting our propensity to act destructively against
those we perceive as "kin" (in a fuzzy sense). Some of us have these
mechanisms developed to a higher degree - they are more trustworthy. I like
them.
-----
We want personal security for ourselves now, not a slight
average increase in security for future generations. Besides, if one
guy gets through at an airport for every 99 who are caught, and that bad
guy downs a plane with more than 99 people on it, then we are losing
more people than we catch. This is not a very good statistic at all.
### If everybody knows that trying to blow up a plane will get him 99% of
times dead and unsuccessful, only a very small number of really persistent
(and crazy) guys will still try to do it. 99% percent will be thwarted. Say,
once in ten years or so one will be successful. Increasing security to 99.9%
will make it only one planeload (100 humans) of dead people every hundred
years but if the cost is 10 billion $/year, the per person expenditure will
be (10x10e9 x 100)/(100 x 9)=1.1 billion $. Is this the kind of money you
want to pay?
--------
When one plays with statistical methods for security, one provides the
attackers with statistical basics for success. They could send 100
people out to attack various airports on a single day. Ninety-nine
might get caught while one gets through.
### So where do you buy 100 suicide bombers? I'll believe it when I see it.
-------
I never meant to imply that "trustworthiness" is bad. However, no
business should "trust" people to the extent of not having written
contracts. No customer should "trust" a cashier to the extent of not
counting their change. No person should "trust" the neighbors to the
point of leaving their doors unlocked. Basic security trumps "trust"
any day.
### Now we are getting somewhere. Looks like you agree that trust is good
but even better if supported by additional measures. This is what I wanted
to express in my posts here.
------
How do you know if someone has a long track record and a stable
personality, unless you have double-checked them already? If you don't
count our change, how do you know which cashier is trustworthy? It is
only be verifying security in previous transactions that you can afford
to "trust" someone without verification this time. Therefore, this
"blind" trust requires prior verification before it is given. It makes
no sense to argue "blind trust" in favor of verification, because the
former requires the latter as a foundation.
### Exactly. Almost full agreement - you can also afford some trust "on
credit", and verify later, especially if the stakes are small.
------
Yes, there will always be some level of security that costs more than
the loss itself would have cost. But the more security infractions are
blocked, the more costs are saves such that security pays for itself.
In the case of the 9/11 incident, I think that a lot of low-level
security, such as monitoring visas, better communications between the
CIA and FBI, real-time tracking of airplanes, better contingency plans,
and the like would have prevented this much more efficiently than some
megascale engineering project providing perfect protection. I argue not
for a mega-solution, but for a lot of smaller more complete solutions.
If we didn't have a lot of little failures or a dozen lower checks that
failed or a thousand little details that "fell through the cracks", we
would have more complete security.
### No contest.
-------
What exactly do you argue as security procedures in your "trust" model?
How would you modify airport security, for example, to put more "trust"
in the system? How does "trusting" people make anything more secure?
### I wouldn't rely on trust where stakes are high and recovery not
possible. In the airport, just as you do, I want the best security I can
afford, period. But in many other situations (checking in to a well-run
motel chain, buying a known brand of cereal, etc. etc), it's good to be able
to trust others - it really saves a lot of time and aggravation.
Rafal
This archive was generated by hypermail 2.1.5 : Sat Nov 02 2002 - 09:15:29 MST