Stupid security procedures

Bruce Schneier, in his monthly Crypto-Gram newsletter, comments on stupid and intrusive "security" procedures that people must endure:

Sadly, I believe things will get much worse before they get better. Many people seem not to be bothered by stupid security; it even makes some feel safer. In the U.S., people are now used to showing their ID everywhere; it's the new security reality post-9/11. They're used to intrusive security, and they believe those who say that it's necessary.

I'll admit that I believe them when they say that some stupid or intrusive security procedure is necessary - necessary for them. Whether it is for the appearance of security, marketing data, avoidance of liability, protection from fraud - these are interests that do not make me one bit more secure. A company or agency that does these things is inappropriately shifting the burden and cost of protecting those interests onto the individual, in the name of security.

Bruce writes an excellent monthly newsletter providing summaries, analyses, insights, and commentaries on computer security and cryptography - I highly recommend it to anyone interested in the subject. His archive of past newsletters can be found here.