Over time I’ve been putting together a list or laws or rules that govern our industry, or affect us. I’m adding a new one:
Security is the new darling of mass media. Since security is not absolutely and will always be broken and security at some point has to trust something else without assurances, then security will always be potentially broken (no matter how insane or movie-script-like the scenario is). Likewise, security will always ultimately depend on fallible people. Thus, the media will forever have something to wave around when it comes to security, or insecurity incidents. And thus, the media should not be our guideline or focus when it comes to evaluating our security stances. The media only provides for measurements of security theater (which itself is important to keep in mind, but does itself not convey much real security value).*
* If I were to play devil’s advocate here, I would say that many things like even our police department does not convey as much security value as it does value through security theater. What prevents us from looting and pillaging and ravaging in the streets? Most often our collective moral compass; our knowledge of right and wrong and not wanting to be seen doing the wrong thing. This is why once a criminal steps over that moral line, it is forever easy to continue to step over it. The internets don’t and never will (and never would have!) that same moral inhibition, no matter how much we try to strip away anonymity (we can’t)…