Promoting a False Sense of Security

Electronic equipment control knobs,  numbered from 1 to 11

I recently received a notification about the electoral roll records for my address. It detailed the information currently held and, if still correct, I need do nothing. It was. Brilliant. No action required.

Of course, if I’d moved away and the house was empty, or I was upstairs dead in my bed with my face half eaten by my cats* – which I’m fairly sure would make me ineligible to continue to cast a vote – then the letter would still be lying on the floor unopened.

I don’t know how the enquirer can be sure the lack of action on my part is a silent assent, not an inability or unwillingness to respond. It doesn’t seem too onerous a duty, in exchange for the right to participate in our democracy, to once every year or so have to go online to confirm “Yes, that’s still correct”, or to tick a box on the letter and pop the response in a postbox for those not internet savvy.

Update Opportunity

If, however, the information for my address was no longer valid, I could go online to update it. No doubt I also had the option to do this the old-fashioned way; send an update in the post, or even make a phone call. So far, so good.

The right to vote being a sacred privilege, and in need of protection from the fraudsters, villains, and other wrong-doers queuing up to usurp my perogative, in order to make any changes to my information I need to enter a security code. No problem with that. Pleased and relieved that I do, in fact.

My annoyance stems from the claim that it’s a two-part security code.

The first part of your security code is: 1234
The second part of your security code is: 5678

Councils and government bodies have been making this assertion for many years now. I also vaguely recall one of my financial institutions doing something similar. I picture the concept being first proposed in good faith, and a committee of clueless people sagely nodding in agreement that having a two-part code would be so much more secure.

This isn’t what (s)he meant

And so it would be … if it was actually in two parts. If each part was sent by a different method – for instance one by email and one by letter, or one of the parts was a password or security code I’d chosen myself in the past and registered already, so that I didn’t even need to be reminded what it is, then it would be. If both parts have to be sent by letter, then at least send them separately, and on different days, so that any would-be miscreant has to intercept both. I’m sure this, or something like it, is what the original proposer intended.

Sending both parts in the same message doesn’t make it two parts though. Sure, it may be written in two parts, with some space or maybe even some other letters inbetween, but it’s not two-part in the sense that the claim implies. Believing something is more secure because it has a two-part security code instead of the usual one, when it’s used like this, is no better than thinking your amplifiers must be superior because ‘These go up to eleven’.

In my opinion, claiming it’s a ‘two-part’ code suggests a sense of extra security to anyone who just takes the claim on face value. If the purveyors of this fallacy actually believe it themselves, more fool them. If they’ve got enough common sense to realise the misleading inaccuracy of the claim, they should stop making it.

Better yet, change the system so that it genuinely does provide two-part security.

*Morbid, I know, but I’m fairly sure that’s my destiny.

0 0 votes
Rate this item
Notify of
Inline Feedbacks
View all comments