Bruce Schneier quotes “Confessions of a Master Jewel Thief” : ”
Nothing works more in a thief’s favor than people feeling secure. That’s why places that are heavily alarmed and guarded can sometimes be the easiest targets. The single most important factor in security – more than locks, alarms, sensors, or armed guards – is attitude. A building protected by nothing more than a cheap combination lock but inhabited by people who are alert and risk-aware is much safer than one with the world’s most sophisticated alarm system whose tenants assume they’re living in an impregnable fortress.
I get uncomfortable when I hear people placing too much faith in technology – partly because the technology often lets us down, and partly because when we trust in the technology we let our guard down. That’s why I prefer simple, boring systems for Patent Evidence. Sexy technology (like Digital Signatures, Encryption, third parties) are useful in their place, but only as part of an overall system where the system owners understand they – and only they – responsible for the system’s integrity. Also, bear in mind that a lot of the technology people think they want to use for Patent Evidence systems is actually aimed at different problems (e.g. commerce) and is potentially being misapplied for the patent area.
I was with a customer the other week and they wanted to implement a particular technique which didn’t really do much for the system’s integrity and actually made it a whole load more complicated (and expensive). “Why do you want to do this?” I ask – “Because it makes us feel comfortable” they said. Well, the customer is the ultimate arbiter (it is after all their system) so if they want it, they can have it – but me, I’d rather everyone involved in running this system felt very uncomfortable because then they’ll keep an eye on it.
Sometimes to be “safe” you have to feel unsafe. Only the paranoid survive etc. 🙂