07.14.07
Security Without Idiocy, Part 2
For the first part of this series, check out “Can We Have Security Without Idiocy?”.
What is your business? What product do you make? What service do you offer? How has the increased focus on security and blame-tracking affected the way you do business?
Let’s think about this. Think about all the background checks that you probably do on your employees. What do they typically find? That your applicant drank a lot of alcohol during college? To be sure, there are times when a background check will turn up something unsavory in a person’s past. However, think about the spy rings that infested (and probably still infest) our nation’s military weapons industry (probably the most background-checked jobs on earth) and that of the United Kingdom. Which is not to say that these checks cannot be helpful, but they are flawed by the idea that one’s future actions are predictable by what one is known to have done in the past.
Think about your teen years and maybe even your twenties. If you are like many Americans, those were times filled with all sorts of exploration and experiences, doing things that you not only would not do today, but things that you don’t even approve of anymore. What if your daughter was to decide to do some of the exact same things (in whatever modern incarnation they go by) that you did twenty or thirty years ago? How would you react?
Exactly.
You turned out okay. You have not killed anyone or robbed any banks. You work hard, maybe a little too many hours. Then you go home and try to spend a few minutes with the kids before bedtime and then you try to finish some leftover work before you also collapse, exhausted, into bed.
The point is, people are dynamic — we are ever-changing. While you are capable in theory of drinking a quart of schnapps at one time again, you know that you really cannot do it anymore. If someone were to categorize you as an alcohol abuser based on what you did during your college years, that person would do you a disservice as well as waste his or her time trying to monitor your (greatly-reduced) consumption.
I knew someone in high school who had an interesting father. The dad had fled from his homeland after participating in a “national liberation” movement. Yet, here in this country, he married and had children. He wrote poetry. He bought a little house where his kids could play in a treehouse in the backyard. PAST=violence; PRESENT=harmonious family living. Even after his former country won its independence, he stayed in America where he had the lovely family thing going on. I never knew him to be a threat, and I believe that two of the three kids went into law enforcement.
There was a young guy named Kevin who became well-known for breaching computer systems. In fact, rumor has it that the movie War Games is loosely based on one of his adventures. After a prison term, he was forbidden to touch or use computer or network equipment. The question is, how much of his old technical knowledge is relevant today? How much of a threat is he, and could we not put his knowledge to positive use instead of trying to block him out?
Side note: I would not be able to conform to this kind of punishment. My natural interest and curiosity for all things computer would compel me to learn about both current and upcoming technology.
He has been able to start a security consultancy, based on the non-technology skills that he used to accomplish his former feats. Still, he might be an even more effective security consultant if he had been able to maintain and update his technical skills.
Are there some things you did when you were in high school or college which you do not wish to see on the evening news? How would you feel if one of those silly acts suddenly blocked you from advancing in your career or possibly even cost you your job?
In other words, when you look at someone’s history, you also have to look at the person’s present. If they do not appear to line up, it may be that the history is no longer relevant. Now if we can only get certain policy-makers to understand this.
