by Malcolm Rowe

The Psychology of Security

Anyone interested in how psychology and security interact should probably take a look a Bruce Schneier’s draft essay, The Psychology of Security.

[Y]ou can be secure even though you don’t feel secure. And you can feel secure even though you’re not. The feeling and reality of security are certainly related to each other, but they’re just as certainly not the same as each other. We’d probably be better off if we had two different words for them.

This essay is my initial attempt to explore the feeling of security: where it comes from, how it works, and why it diverges from the reality of security.

Bruce Schneier, The Psychology of Security

As a thesis, it’s a bit disorganised, but it still contains a lot of interesting information.

Security is something I’ve been thinking about a fair bit recently — every time I’ve flown recently it seems that there’s more and more security silliness. Last time I flew, we all queued up to go through the metal detectors, emptied our pockets, put laptops in separate trays for scanning, and so on, and then, after we exited security, queued up again to get our shoes scanned by a separate magic box.

Every time I see something like this (particularly in airports), it tends to spark off two thoughts:

  1. How much is this costing me?”
  2. “This is silly! If I were a bad guy, I’d just do $whatever. Isn’t that obvious?”

In fact, the latter usually ends up making me feel less secure, as I go on to imagine all the ways an enterprising terrorist (you know: the canonical bad guy in airports, the only reason that airport security exists, clearly) could sneak a bomb/weapon/whatever aboard the plane I’m waiting for.

The rational part of me hopes that the people in charge of security at airports do know what they’re doing, and so even though I might be able to come up with all these evil plans that look like they’d work, doesn’t mean that there’s something I don’t know about that’d catch me out. “Security by obscurity” can sometimes be a good thing.

The cynical part of me thinks that I might be being too charitable, of course :-)

In any case, it’s good to see someone spending some serious time to try to explain why people behave and feel the way they do when evaluating risk.