Brennan Hawkins, the 11-year-old Boy Scout has been found after being lost in the wilderness for four days. Now we learn that he would have been found sooner, except he had been taught to stay away from strangers.
I like to think about the unintended consequences of various policy decisions. One of my peeves is that people will advocate one or another policy without adequate consideration of the unintended consequences.
In this case, the unintended consequence of teaching a boy to avoid strangers was that he nearly died.
One of the reasons I read and enjoy Bruce Schneier's Crypto-Gram newsletter, and (yay!!!) now his blog, is that he also looks at unintended consequences. In a way, security is all about unintended consequences. Insecurity results when a system, intended to do one thing, does something else, with or without the help of someone with malicious intent. Sometimes, the unintended consequences are the result of a system intended to increase security.
In this case, a procedure intended to increase security – training a boy to avoid strangers – increased the danger of his situation instead. He would have been better off had he been told never to go with a stranger. Sure, he might have refused to get within six feet of a rescuer, but the rescuer could have called for a family member to come and get him, and he'd have been found sooner.
(I have also read that parents should establish a "password" for their kids, which can be given to any adults sent to pick them up if the parents can't be there. If the rescuers had had a password to shout to the boy, he might not have stayed hidden.)
No comments:
Post a Comment