Defending policy makers.
Alex got me going with his rant about the extremely irresponsible Wall Street Journal article, and other ignorant commenters haven’t made it any calmer, so I thought I’d toss a few things out there for anyone who’s tempted to complain about a security policy.
I actually felt a lot of sympathy for Kip Hawley, who is currently being raked over the coals (very expertly, I might add) by Bruce Schneier over on his blog. Kip said:
Imagine for a moment that TSA people are somewhat bright, and motivated to protect the public with the least intrusion into their lives, not to mention travel themselves.
First thing, imagine for a moment that policy makers are well-intentioned, mostly intelligent, and have good reasons that you don’t know about for the policies they create.
The loudest and stupidest criticisms of security policies come from people who have never been in a position of responsibility for security—especially when the stakes are high.
People who give their bosses a hard time often have no idea how annoying it would be to them to be on the receiving end of the same grief. If you’re a learning person at all, you learn a lot in your first supervisory position. It’s a lot like the one-way mirror of parenting: when you’re on one side, you see only yourself; when you’re finally on the other side, you see both sides.
As someone who has had to sit in on policy meetings, keep ugly secrets, and write up policies that met management and legal objectives without going overboard, I can tell you that there are almost always stories behind a new policy that you know nothing about. A new or changed policy is usually brought out in reaction to an actual event, and the reason you don’t hear about it is that litigation is still pending, law enforcement asked us not to talk about it while they’re still investigating, or it’s an HR issue and none of your damned business. If two employees were caught cybering each other on IM and one of them filed a harassment complaint, you’ll see an addition to the sexual harassment policy of your organization that happens to mention “email and instant messaging.” You won’t hear the story unless gossip gets around; management won’t tell anyone who doesn’t have a need to know.
With military or homeland security, the iceberg goes even deeper. You can complain about the secrecy, but only to a point: there are plenty of good reasons why some things are classified, and you won’t understand this unless you walk a mile in the shoes of the people who are really trying to tackle this.
When I try to imagine what Kip Hawley’s organization is trying to prevent, and what they’re not allowed to reveal, I can believe that he’s representing himself creditably in the firing line. When you’re in security, you’re always walking a tightrope, trying to keep public opinion on your side while at the same time protecting things they don’t know or care about, and enforcing rules broken by self-centered idiots or actual malevolent threats. If you succeed, nobody thanks you; if you fail, everyone wants your head.
So let’s cut security officers of the world some slack, ‘k? Assume that they’re just like you—because they are—and that they are both trying to do a good job and know more about the details of that job than you do. If you have been in their place, then you can criticize them. If you don’t think they’re doing a good job, then get out there and start doing it yourself. Make a difference.
Otherwise—and I mean this most sincerely—shut your pie-hole.
Posted by shrdlu on Wednesday, August 01, 2007
(3) Comments • Permalink •
