next up previous
Next: Attitudes of security experts Up: Why do users make Previous: Security seems excessive or

It's someone else's problem

Douglas Adams describes the ultimate device for hiding things in his Hitchhiker's Guide to the Galaxy trilogy: It's called a ``Someone else's problem field" (SEP) and it makes people think that the subject cloaked in the field, no matter how odd, is simply someone else's problem and need not be worried about.

While his SEP is a fictional device that generates a field over things that might otherwise be noticeable, security designs apparently suffer from a similar effect. Studies have shown that people, be they users or designers, have a tendency to delegate security to others [Flechais et al., 2003], [Dourish et al., 2003]. The other entity may be technology (``Oh, the server will handle the security"), another individual (``Well, my cousin who knows more about computers set it up") or an organization (``The IT department's system administrators handle that"). This is particularly noticeable when combined with the attitude that security gets in the way of work: it seems logical that it should be handled by someone else so the user's important work is not delayed. Unfortunately, it is often not someone else's responsibility and users, particuarly managers and users with higher status in a company, may mistakenly believe it is rather than taking personal responsibility.


next up previous
Next: Attitudes of security experts Up: Why do users make Previous: Security seems excessive or
Terri 2004-01-05