Security quotes of the week

Far-fetched tales of West African riches strike most as comical. Our analysis suggests that is an advantage to the attacker, not a disadvantage. Since his attack has a low density of victims the Nigerian scammer has an over-riding need to reduce false positives. By sending an email that repels all but the most gullible the scammer gets the most promising marks to self-select, and tilts the true to false positive ratio in his favor.

From the tone of the hearing, and the language of the House resolution, we are being asked to believe that "the position of the United States Government has been and is to advocate for the flow of information free from government control."

If only it were true. The reality is that Congress increasingly has its paws all over the Internet. Lawmakers and regulators are busier than ever trying to expand the horizons of cyber-control across the board: copyright mandates, cybersecurity rules, privacy regulations, speech controls, and much more.

This seems to be a result of a fundamental misunderstanding of the economic incentives involved here, combined with a magical thinking that a market solution solves all. In airport screening, the passenger isn't the customer. (Technically he is, but only indirectly.) The airline isn't even the customer. The customer is the U.S. government, who is in the grip of an irrational fear of terrorism.

It doesn't matter if an airport screener receives a paycheck signed by the Department of the Treasury or Private Airport Screening Services, Inc. As long as a terrorized government -- one that needs to be seen by voters as "tough on terror," wants to stop every terrorist attack regardless of the cost, and is willing to sacrifice all for the illusion of security -- gets to set the security standards, we're going to get TSA-style security.