Content

PR, crime and punishment

Kurt Wismer put a pointer on his Security Memetics blog to a Marrickville, Australia-area command police banner showing images of police officers with the slogan, “These people are responsible for crime in your area." According to the Sydney Morning Heralds Glenda Kwek, the poster has gone viral on the internet, with discussion on Facebook and Twitter as to whether it's actually a good idea to suggest that the police are actually committing crime rather than policing it.

"The sign has already worked...because it's a talking point," says Superintendant Peters, the local area commander. "And that's what it's for." And from the point of view of attracting attention and discussion with the local community, that seems to be so, though Kurt suggests forcefully that it's poorly worded at a time when popular trust in authority is so low. Personally, if I had to engage in a marketing campaign, I wouldn't be altogether happy with a sales pitch that relied on people telling me that I'd made a mistake, but it seems to be working in terms of customer engagement.

Actually, it was less the good/bad PR angle of the story that grabbed my attention than the fact that it was about Marrickville, a suburb of Sydney where, as it happens, I stayed for a few days some years ago. And I came away with an example of a quirky local view of security – though it had nothing to do with the local police – that I've used as a little security parable on many occasions since.

As I was journeying in every day to attend a conference, I became quite well acquainted with Marrickville CityRail station, and in particular, the fact that the toilet there was padlocked, with an explanatory note to the effect that it had been closed for security reasons. I can understand it being closed because of vandalism, or some other form of damage, but security?

When I was a young security administrator, we heard a great deal about the CIA tripod model of security: confidentiality, integrity and availability. I once worked in an IT department whose head maintained that availability is the most important of the three, and many business-oriented managers would agree with him that the first priority is to maintain business processes, not to implement perfect, hermetic security. Well, your mileage may vary on that, but that sign struck me as being such a perfect exemplification of the opposite mindset, holding that it's better to make a service unavailable than to subject it to another kind of breach.

And that's sometimes defensible too: for instance, where maintaining a compromised service results in damage cascading to other services or units.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.