Bits and Pieces

One of my roommates tries to be security-conscious, but doesn’t really get it. One of the things he’s concerned about is identity-theft, which is understandable; unfortunately, I can’t get him to embrace that slightly overkill degree of paranoia which would not only make his token efforts a whole lot more useful, but at the same time offer better security. The problem, I think, is that he isn’t conditioned to look at things from an adversary’s perspective: he goes through the motions, doing what he’s told, without fully appreciating the implications.

Case in point: shredding mail.

He very carefully sorts through his mail every day, and separates out every piece of paper that contains personal information; these he sets aside for shredding once a month or so. All the other bits of paper from the mail get tossed in a bag for recycling.

Sounds good, right? I disagree.

What I want him to do – what I keep telling him to do – is to shred all his mail, every last piece of paper. He refuses – I think he secretly balks at the small amount of extra effort involved – saying he doesn’t see, even after I’ve tried to explain it several times, the point. The point, by the way, is twofold. First, generate peace of mind by eliminating the margin for human error: if he no longer throws away any unshredded mail, the chances of accidentally tossing out something containing personal information is eliminated. Second, it makes the work of an adversary – however far-fetched that might be – ten times harder. As it is, if someone stole the bag of shredded paper after it had been put out at the curb, any and every piece of paper they managed to reassemble would contain personal information about my roommate. If he shredded everything, the odds would drop to, what: One in ten? One in twenty? The hypothetical identity thief could still steal my roommate’s identity – it’d just take a whole lot more effort – effort, I like to think, that he or she wouldn’t bother to make.

I can’t help but feel my roommate has this mentality of “you only shred important pieces of paper”, which is understandable, in its way. What he can’t grasp are the security implications of that: reassembling shredded paper, especially on a very small scale, is easily doable, and it’s not that far-fetched to see – in a society where most people do only shred “important” paperwork – bad people rightly seeing all shredded paperwork as a potential bounty. People only shred important papers; these papers are shredded, ergo they must be important.

Then again, perhaps I’m just slightly paranoid about this kind of stuff; too much risk-analysis will do that to people, I guess…

Published in: General, Security | on January 13th, 2009| Comments Off on Bits and Pieces

Both comments and pings are currently closed.

Comments are closed.