[LINK] Requirements for net banking

Craig Sanders cas at taz.net.au
Fri Mar 18 15:27:33 EST 2005 

On Fri, Mar 18, 2005 at 02:01:44PM +1100, Stilgherrian wrote:
> On 18/3/05 1:31 PM, "Craig Sanders" <cas at taz.net.au> wrote:
> > there are two basic security problems with internet banking:
> > 
> > 1. insecure operating systems and client applications (incl. browsers)
> > 
> > 2. stupid or ignorant users
> > 
> > the first is solvable.  the second is not, and never will be.
> 
> Hmmm... I thought it was part of our job as IT professionals to help
> educate people, and to design systems which are easier and less
> dangerous to use.

yes, certainly.

but some people can't (or, more often, *won't*) be educated.

making things easier and more secure is valuable...up to a point. once
that point is reached, it is just pandering to the incurably stupid or
the wilfully ignorant - and that is much worse than just a waste of
time, it is counter-productive.

> To simply write off people as "stupid" and "ignorant" seems arrogant.

i'm arrogant. so sue me. i have good reason, and i have more than enough
evidence to justify my belief that there are a lot of stupid and/or
ignorant people in the world...that, in fact, they constitute the
overwhelming majority of the human population.

remember, an IQ of 100 is the *average*. that means roughly 50%
are under that (like most things, there is a typical bell-curve
distribution)...and 100 is not very smart. 80 is moron.

sturgeon's law applies to people too.


> Ignorance can be cured with knowledge -- but knowledge needs to be
> imparted.

it also needs to be accepted by the impartee.

attempting to educate hopeless cases is just casting pearls before
swine.


> People don't come pre-equipped with an innate understanding of the
> security implications of complex information systems. And we shouldn't
> berate them because of that.

of course they don't, and of course we shouldn't.

it is, however, perfectly OK to berate them for choosing not to bother.
and it's perfectly OK to give up attempting to educate the incapable.

> IMHO, if "ordinary people" don't understand that their are dangers to
> using a particular system, then I think it's *us* who have failed in
> our job, not them.

partly. mostly not. at some point, it is THEIR OWN responsibility to
keep themselves informed. it's not as if it's some deep dark secret that
us "IT people" are conspiring to keep from them. many of us are shouting
it as loud as we possibly can, trying to inform people all over the
place and in the process finding out that the vast majority of people
are not interested, do not care, and DO NOT WANT TO KNOW...same as they
don't want to know anything complicated or disturbing about the real
world.

craig

-- 
craig sanders <cas at taz.net.au>           (part time cyborg)

More information about the Link mailing list