Hacker News new | past | comments | ask | show | jobs | submit login

It's CYA policy for blame-shifting, a variant of security theater. When the next attack happens, the map purveyor needs to be able to say "he didn't do it with my maps". The map maker is not really interested in preventing attacks; just preventing blame. His self-interest is to make sure he can't be perceived to bear any fault for any attack that may happen.

And this effect works recursively for any entity that has power over the map maker. The Israeli government similarly wants to shift any blame away. So they can ban publishing a map of anything they consider vulnerable, not to realistically prevent any attack, but just to make sure they look like they tried and nobody can play the card of "why didn't they do something?" against them.

For a tech example, consider a system of stringent password requirements, with specifications for length and no dictionary words and special characters and so on. We know that this leads to the Post-it approach by users. But the password designer is only looking to avoid blame for any hypothetical attack - if the password is stolen off the written note, he can blame the stupid user and point to his own "secure" requirements.




Excellent description, thank you for sharing it.

I have a major pet peeve against the warped culture of "accountability" which really just means "find someone to blame when things go wrong". In that environment (when you aren't lavished rewarded when things go well, but are punished when they break) the incentives are skewed.




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: