Category Archives: Fear

Phishing Verified

jeremy_clarkson.jpg Or is it really phishing when the victim first broadcasts his bank account details?
BTop Gear presenter Jeremy Clarkson has admitted he was wrong to brand the scandal of lost CDs containing the personal data of millions of Britons a “storm in a teacup” after falling victim to an internet scam.

The outspoken star printed his bank details in a newspaper to try and make the point that his money would be safe and that the spectre of identity theft was a sham.

He also gave instructions on how to find his address on the electoral roll and details about the car he drives.

However, in a rare moment of humility Clarkson has now revealed the stunt backfired and his details were used to set up a £500 direct debit payable from his account to the British Diabetic Association.

The charity is one of many organisations that do not need a signature to set up a direct debit.

Clarkson stung by fraud stunt, Guardian Unlimited, Monday January 7 2008

He admits he was wrong, but nonetheless tries to pin the blame partly on a privacy law:
“The bank cannot find out who did this because of the Data Protection Act and they cannot stop it from happening again,” he said. “I was wrong and I have been punished for my mistake.”
At least he doesn’t call for revoking that Act; he does call for going after the perpetrators.


PS: Seen on BoingBoing.

The Flaming Black Swan of Hinckley

suicideexpress.jpg They didn’t see it coming, because they were looking the other way:

Speaking of wildfires, my book of the day is Under a Flaming Sky: The Great Hinckley Firestorm of 1894. It is the sharply written story of a how a Minnesota town of 1,200 was devastated by a catastrophic firestorm that came raging out of the nearby woods with tornado-class winds and a 300-foot wall of fire, killing 436 people.

Book du Jour: Under a Flaming Sky, Paul Kedrosky, Infectuous Greed, October 3, 2007

Wikipedia says it burned 200,000 acres and some sources say 800 people died. Some people who lived jumped into wells or ponds or the river, or caught one of two trains that made it out of town.

So what was it that burned?

Continue reading

Fear of Flying and Fear of Terrorism

fearofflying.gif Here’s a good way to think about it:

…jet travel is safe enough that when someone suffers form fear of flying, he is asked to seek treatment. Flight attendants don’t grab the microphone and say, "We have someone on board who is afraid to fly. This means we are all in great danger." Yet in regard to terrorism, the most frightened voters are being allowed to dictate security policy. Unless you are personally anxious, you are considered unrealistic in the face of the terrorist threat, and politicians feel forced to be "strong on security," meaning that they must appeal to fear rather than to courage, patience, and trust. Therefore, it is up to each individual to nurture those qualities at home and spread their influence to others. Security is a quality of consciousness and always has been. Now is the time when personal security needs to come forward to counter mass insecurity.

How to Feel Safe and Secure (Part 2), Deepak Chopra, Huffington Post, September 28, 2007 | 03:21 PM (EST)

Or, as Bruce Schneier keeps saying, "refuse to be terrorized."


Identity Theft as Marketing Opportunity

Since identity thieves are making many people worried about losing control of their identities, of course somebody has found a way to cash in on all that free publicity:
By now you’ve heard the stories about Americans whose identities have been stolen. They’re not pretty…people working for hundreds of hours over many years to get their lives back in order, kids not getting student loans because someone has already ruined their credit, people losing homes because thieves placed mortgages they never knew existed, even innocent individuals ending up in jail.

LifeLock can keep this from happening to you and we guarantee our service up to $1,000,000.


I seem to recall reading that the typical identity theft is only worth $1,000, but nevermind that.

Look who recommends it:

You’ve heard Rush Limbaugh, Paul Harvey, Dr. Laura, Sean Hannity, Howard Stern, Dr. Joy and others endorse us.
Well! None of those people would ever sell pure fear, would they?

I have to give them credit for honesty, though: LifeLock admits right out that the main four preventive things they do you could do for yourself. Beyond that, the main substance they seem to offer is essentially an insurance package:

If your Identity is stolen while you are our client, we’re going to do whatever it takes to recover your good name. If you need lawyers, we’re going to hire the best we can find. If you need investigators, accountants, case managers, whatever, they’re yours. If you lose money as a result of the theft, we’re going to give it back to you.
For $110/year or $10/month, is such an insurance policy overpriced, underpriced, or what?


Outrage: Less and More

danrather0207.jpg We’ve been discussing Outrage Considered Useful. Alex remarked in a comment:

The term "Outrage" suggests that risk cannot or should not be discussed in a rational manner.

What I think Sandman is getting at is that often risk isn’t discussed in a rational manner, because managers’ (and security people’s) egos, fears, ambitions, etc. get in the way. In a perfect Platonic world perhaps things wouldn’t be that way, but in this one, people don’t operate by reason alone, even when  they think they are doing so.

Outrage x Hazard may be a means to express risk within the context of the organization, but I like probability of loss event x probable magnitude of loss better for quantitative analysis.

Indeed, quantitative analysis is good. However, once you’ve got that analysis, you still have to sell it to management. And there’s the rub: that last part is going to require dealing with emotion.

Continue reading

Outrage Considered Useful

peter_sandman.jpg There’s a bit of comment discussion going on in Metricon Slides, and Viewed as PR about counting vs. selling, in which the major point of agreement seems to be that even at a metrics conference there weren’t a lot of metrics presented that were strategic and business-like.

Let’s assume for a moment that we have such metrics, and listen to Peter Sandman, whose website motto is Risk = Hazard + Outrage:

Sometimes, of course, senior management is as determined as you are to take safety seriously. And sometimes when it’s not, its reservations are sound: The risk is smaller than you’re claiming, or the evidence is weak, or the precautions are untested or too expensive. But what’s going on when a senior manager nixes your risk reduction recommendation even though you can prove that it’s cost-effective, a good business decision? Assume the boss isn’t too stupid to get it. If the evidence clearly supports the precautions you’re urging, and the boss isn’t dumb, why might the boss nonetheless have trouble assessing the evidence properly?

As a rule, when smart people act stupid, something emotional is usually getting in the way. I use the term “outrage” for the various emotion-laden factors that influence how we see risk. Whether or not a risk is actually dangerous, for example, we are all likely to react strongly if the risk is unfamiliar and unfair, and if the people behind it are untrustworthy and unresponsive. Factors like these, not the technical risk data, pretty much determine our response. Risk perception researchers can list the “outrage factors” that make people get upset about a risk even if it’s not very serious.

The Boss’s Outrage (Part I): Talking with Top Management about Safety by Peter M. Sandman, The Peter Sandman Risk Communication Web Site, 7 January 2007

He goes on to outline several reasons management might get upset.

Continue reading

Liability Waiver?

Speciality Insurance Blog points out that liability waivers, while increasingly popular, may not protect governmental entities from gross negligence claims.

That doesn’t stop governmental entities from using them even in the grossest cases:

Sec. 5. For those persons whose property and interests in property are blocked pursuant to this order who might have a constitutional presence in the United States, I find that, because of the ability to transfer funds or other assets instantaneously, prior notice to such persons of measures to be taken pursuant to this order would render these measures ineffectual. I therefore determine that for these measures to be effective in addressing the national emergency declared in Executive Order 13303 and expanded in Executive Order 13315, there need be no prior notice of a listing or determination made pursuant to section 1(a) of this order.

Sec. 8. This order is not intended to, and does not, create any right, benefit, or privilege, substantive or procedural, enforceable at law or in equity by any party against the United States, its departments, agencies, instrumentalities, or entities, its officers or employees, or any other person.

Executive Order: Blocking Property of Certain Persons Who Threaten Stabilization Efforts in Iraq , by George W. Bush, The White House, 17 July 2007

You’ve got to admire the chutzpah of promulgating a blatantly unconstitutional directive (see Fourth Amendment) and ending it with a liability waiver.

And there’s always suppressing the evidence, as in FEMA trailers outgassing formaldehyde.

Risk management includes watching what’s going on.


Breach Discovery

bv.jpg If people know about security breaches, maybe there’s incentive for the companies whose customers they are or the governments whose constituents they are to do something about them, so this is good news:

New Hampshire, one of a handful of U.S. states that require breaches involving personal information to be reported to the state as well as to affected individuals, has made at least some breach notices it has received available on the net.

New Hampshire gets it, Chris Walsh, Emergent Chaos, 13 June 2007

Or at least if we know what’s really going on, maybe unfounded scare

Continue reading

Terrorism, Lightning, and Bloomberg

bloo0902.jpg Sometimes a politician says something so sensible you wonder why everbody doesn’t say it:

There are lots of threats to you in the world. There’s the threat of a heart attack for genetic reasons. You can’t sit there and worry about everything. Get a life.

You have a much greater danger of being hit by lightning than being struck by a terrorist.

In terms of what you as individual on the streets should worry about is not whether the person sitting next to you on the subway is a terrorist. The likelihood of that is so small it is not something you should worry about.

Buzz Over Mayor’s ‘Get a Life’ Remark, By Sewell Chan, Empire Zone, June 6, 2007,  9:46 am

The outlet that originally quoted Bloomberg,, quotes several people as saying terrorism is a big threat. However, it also points out that New York City is the safest city in America, with violent crime in general low and decreasing. Maybe if that TV station and others reported that more often, instead of constant, irrational fear, more people would understand what Bloomberg is saying.

Continue reading