Saturday, July 30, 2011

They Made Me Do It

Security is a favorite excuse; "We can't do that, because of security". This is usually at least sort of true, but it is rarely entirely true. I present another rant in the form of an extended metaphor.

Suppose somebody takes the dog to the vet, and comes home empty-handed. "I'm sorry honey, the vet said we had to have him put to sleep." There are a lot of ways the vet can feel about that statement, which is almost never absolutely true.

It could be that the vet said "I strongly recommend putting the dog to sleep; otherwise he will just be in pain until he dies." In that case, the vet is going to feel that it's pretty fair to say "the vet said we had to have him put to sleep".

It could be that the vet said "There is a treatment available, but it is expensive, time-consuming, and uncomfortable for the dog, and there is no guarantee it will work. There are people who undertake it, and there are people who have the dog put to sleep; those are both reasonable choices." The vet is likely to feel less happy; the vet offered choices, the dog owner picked one, they were both hard choices. It's true that the vet did not produce any non-fatal choices the owner liked, but still, the vet did not doom the dog.

It could be that the vet said "Oh, we can treat that. It'll cost $100 and you need to give the dog pills every day for a week," and the dog owner said "Oh, I don't want to do that; what happens if I just don't treat it?" and the vet said "Then you'll have to put the dog to sleep." The vet is likely to be upset at the characterization "the vet said we had to have him put to sleep". The vet offered a different choice which most people would accept.

It could finally be that the vet said "The problem here is that you are not being a responsible dog owner; if you let the dog run loose unsupervised and it bites people, we'll have to put the dog to sleep." The vet is likely to be outraged at the idea that this is the vet's fault.

A lot of "we can't do that because of security" is like that. "I'm sorry; you can't do that thing you want to for security reasons" might mean "it's not safe" or it might mean "the safe options are really expensive and onerous" or it might mean "the safe options are more expensive than I'm willing to pay for" or it might mean  "the safe options involve actual effort, and I'm not willing to do anything at all" or it might even mean "I don't want to but I don't like taking the blame." (I would like to think this never happens to dogs, but I am very much afraid that it does.)

1 comment:

  1. I'd sympathise more if not for the fact that I see far more bad security decisions made than I do other bad decisions blamed incorrectly on security.

    In your analogy I feel like although there are people who come home and lie "The vet said we had to put the dog down" there are far more who tell us "The vet said the dog's going to be fine" when in fact they never went to the vet, they spent the consultation money on lottery tickets and crossed their fingers that whatever is wrong with the dog will heal naturally.

    What we see with Sony is an echo of an industry-wide problem. Following best practices is expensive, so few people do that - but properly checking they're followed is even more expensive, so absolutely no-one does that. Instead they take your word for it, until you are proved wrong, and then they make a big show of looking at the mess and pretending to be outraged.

    It's tempting. There's an incentive to cut corners. You will save a lot of money and you probably won't get caught. It's frustrating to know that if you do a great job you will probably just be perceived as unnecessarily expensive.