Complexity is not the main enemy of security, it is lethargy

First published: LinkedIn on November 23, 2016

Of late I see a lot of ‘security’ people mumbling about how complexity is the main enemy of security.

That is just like saying that dying is the main cause of death; it might be true, but it conveys absolutely no actionable information.

Someone might respond “well, yes it does, decrease complexity!”, but that is just as silly; there are so many contexts in ICT/Security that a generic statement like that can not even begin to make a difference.

In fact, this whole rigmarole reminds me of the climate issue, or the fossil fuel issue; for some reason people look at the people who benefit the most from putting off an immediate solution, namely the energy companies, when in fact the consumer can pressure politicians and corporations by just enduring a bit of discomfort (‘Oh noes! I do not want discomfort! I rather have my grandchildren go down in flames instead of wearing a woolen vest…’ that level).

If consumers did not fall for the nonsense of buying new stuff every x months then companies could be held more easily liable for not creating proper solid products and be more easily sued for failing to keep their customers safe.

Just look at the arguments companies are trying to give you to buy new hardware (I use over 6 year old hardware and have a happy laptop that is 14 years old. And it still keeps up with what I have to do):

  • Buy a phone because it has pretty colors at the edge (the edges are even rounded!)

  • Buy new headphones because the 3.5mm jack is removed so it becomes thinner (why? WHY DOES A PHONE HAVE TO BE UNCOMFORTABLY THIN?). It generates more power loss in the charger for the wireless headphones, but who gives a thing about the environment anyway?

  • The phone comes with a new version of an OS. Your current phone can not run that new version…

  • The phone is encrypted military grade (really?) so Spectre, Cobra and the NSA can not get all your nude pics. (Don’t get me wrong, I am a hard privacy advocate, but man… make your politicians do something first before you buy something you do not know how to use properly anyway).

  • Etc. Etc. Etc.

All of that and more, I do not need to tell you, just look at the season´s ads, convinces you that you should discard your perfectly fine hardware, be totally ok with the vendor stopping support for it and buy something new for full price but which gives you, as a net effect, maybe two or three very small changes in usage…

Well, that, and nothing else, is where the ‘complexity’ comes from. From consumer lethargy. And we all, me included, are the consumers. We create this undefendable ‘complexity’.

And just so we do not have to do anything, we just give up more of our rights, we give them up to the companies, to the politicians, to the hackers. Just to get our next fix of ‘new newness’.

My advice for gifts this year? Don’t buy stuff. Give someone else a better life, for instance, buy them clothing, food, pay someone’s rent for a month, get them education…

And maybe your phone will be able to message your friends and family for another year. Maybe it will display websites for another year. Maybe you can still read the news for another year.

Maybe even two years….