On Fri, Mar 6, 2009 at 5:42 PM, Scott Stroz <[email protected]> wrote: > > That's kind of like saying, if small percentage of the population commits > crime, should we really spend money to enforce the laws.
In a very real way this all comes down to security. Security is about preventing abuse of systems whether it is application security on a computer or fraud prevention rules in a social program. As computer professionals I would hope that we all understand that security is a very nebulous area and that all security is subject to the law of diminishing marginal returns. We all know that the only truly secure application is one that sits on a computer with no power supply in a locked room with no Internet connection and an armed guard at the door. But obviously that is not a useable application. So what do we do? We balance a desire for security with the usability of a program. You can make a very secure user authentication system that requires biometric keys, multiple security questions, preauthorization for new accounts, etc. But in most situations, that is overkill. It impedes the usage of the system and gets in the way of the actual function of the program. In some situations the security measures might be warranted but in most situations we have to remember that security is not the point of a program, it is something that supports the program. In the same exact way you need to think about the actual purpose of a social program. What is it intending to do? That is what we need to support. Security is important and to the extent that it supports the purpose of a program then it is a valuable thing to invest in. Security prevents money going to fraudulent activities and keeps more money available to support the intended usage of the program. But security beyond that point gets in the way of the program and costs more than it returns, decreasing the value of the program and inhibiting its actual function. There are common rules to user security that everyone should follow, like not storing passwords in plain text. In the same fashion, there are common rules about tracking social programs and implementing basic measures of fraud prevention. You can go much farther but before you do, you need to ask yourself whether the additional measures are justified. Mandatory drug testing of people receiving welfare is a security measure. Maybe it is a reasonable security measure, maybe it isn't. In order to answer that question, however, we need to look at whether it supports the function of the program or not. How much money does it take away from the program? How much would it save? Are the people that are shut out of the program people we really want shut out? Should there be a mechanism for allowing people back in after a failure? Unfortunately most programs such as this are proposed in the context of punishment. The fear is that someone, somewhere, is gaming the system and getting a free ride on your dime. The focus is on security but not within a context of the function of the program, only security for the sake of security. And every security professional will tell you that security for the sake of security is a bad way to design a system. The only thing it helps are the people providing the security. Judah ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-community/message.cfm/messageid:290932 Subscription: http://www.houseoffusion.com/groups/cf-community/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.5
