Promoting a False Sense of Security

I recently received a notification about the electoral roll records for my address. It detailed the information currently held and, if still correct, I need do nothing. It was. Brilliant. No action required.

Of course, if I’d moved away and the house was empty, or I was upstairs dead in my bed with my face half eaten by my cats* – which I’m fairly sure would make me ineligible to continue to cast a vote – then the letter would still be lying on the floor unopened.

I don’t know how the enquirer can be sure the lack of action on my part is a silent assent, not an inability or unwillingness to respond. It doesn’t seem too onerous a duty, in exchange for the right to participate in our democracy, to once every year or so have to go online to confirm “Yes, that’s still correct”, or to tick a box on the letter and pop the response in a postbox for those not internet savvy.

If, however, the information for my address was no longer valid, I could go online to update it. No doubt I also had the option to do this the old-fashioned way; send an update in the post, or even make a phone call. So far, so good.

The right to vote being a sacred privilege, and in need of protection from the fraudsters, villains, and other wrong-doers queuing up to usurp my perogative, in order to make any changes to my information I need to enter a security code. No problem with that. Pleased and relieved that I do, in fact.

My annoyance stems from the writer’s insistence that it’s a two-part security code.

The first part of your security code is: 1234
The second part of your security code is: 5678

This claim has been made by councils and government bodies for many years now. I also vaguely recall something similar from one of my financial institutions. I picture the concept being first proposed in good faith, and a committee of clueless people sagely nodding in agreement that having a two-part code would be so much more secure.

And so it would be … if it was actually in two parts. If each part was sent by a different method – for instance one by email and one by letter, or one of the parts was a password or security code I’d chosen myself in the past and registered already, so that I didn’t even need to be reminded what it is, then it would be. If both parts have to be sent by letter, then at least send them separately, and on different days, so that any would-be miscreant has to intercept both. I’m sure this, or something like it, is what the original proposer intended.

Sending both parts in the same message doesn’t make it two parts though. Sure, it may be written in two parts, with some space or maybe even some other letters inbetween, but it’s not two-part in the sense that the claim implies. Believing something is more secure because it has a two-part security code instead of the usual one, when it’s used like this, is no better than thinking your amplifiers must be superior because ‘These go up to eleven’.

To anyone who doesn’t think it through but just takes the claim on face value, it lends a misguided sense of security. If the purveyors of this fallacy actually believe it themselves, more fool them. If they’ve got enough common sense to realise the misleading inaccuracy of the claim, they should stop making it.

Better yet, change the system so that it genuinely does provide two-part security.

*Morbid, I know, but I’m fairly sure that’s my destiny.

0 0 vote
Rate this item
Notify of
Inline Feedbacks
View all comments