Friday Star Wars and Psychological Acceptability
This week’s Friday Star Wars Security Blogging closes the design principles series. (More on that in the first post of the series, “Economy of Mechanism.”) We close with the principle of psychological acceptability. We do so through the story that ties the six movies together: The fall and redemption of Anakin Skywalker.
There are four key moments in this story. There are other important moments, but none of them are essential to the core story of failure and redemption. Those four key moments are the death of Anakin’s mother Shmi, the decision to go to the dark side to save Padme, Vader’s revelation that he is Luke’s father, and his attempts to turn Luke, and Anakin’s killing Darth Sideous.
The first two involve Anakin’s failure to save the ones he loves. He becomes bitter and angry. That anger leads him to the dark side. He spends twenty years as the agent of Darth Sideous, as his children grow up. Having started his career by murdering Jedi children, we can only assume that those twenty years involved all manner of evil. Even then, there are limits past which he will not go.
The final straw that allows Anakin to break the Emperor’s grip is the command to kill his son. It is simply unacceptable. It goes so far beyond the pale that the small amount of good left in Anakin comes out. He slays his former master, and pays the ultimate price.
Most issues in security do not involve choices that are quite so weighty, but all have to be weighed against the psychological acceptability test. What is acceptable varies greatly across people. Some refuse to pee in a jar. Others decline to undergo background checks. Still others cry out for more intrusive measures at airports. Some own guns to defend themselves, others feel having a gun puts them at greater risk. Some call for the use of wiretaps without oversight, reassured that someone is doing something, while others oppose it, recalling past abuses.
Issues of psychological acceptability are hard to grapple with, especially when you’ve spent a day immersed in code or network traces. They’re “soft and fuzzy.” They involve people who haven’t made up their minds, or have nuanced opinions. It can be easier to declare that everyone must have eight character passwords with mixed case, numbers, and special characters. That your policy has been approved by executives. That anyone found in non-compliance will be fired. That you have monitoring tools that will tell you that. (Sound familiar?) The practical difficulties get swept under the rug. The failures of the systems are declared to be a price we all must pay. In the passive voice, usually. Because even those making the decisions know that they are, on a very real level, unacceptable, and that credit and its evil twin of accountability, is to be avoided.
Most of the time, people will meekly accept the bizarre and twisted rules. They will also resent them, and believe that small ways of getting back, rather than throwing their former boss into a reactor core. The story, so much in the news about NSA wiretapping, is in the news today because NSA officials have been strongly indoctrinated that spying on Americans is wrong. There’s thirty years of culture, created by the Foreign Intelligence Surveillance Act, that you don’t spy on Americans without a court order. They were ordered to discard that. It was psychologically unacceptable.
A powerful principle, indeed.
(If you enjoyed this post, you can read the others in the “Star Wars” category archive.)
Psychological acceptability isn’t an absolute scale, of course. It’s important to remember that we tend to reference everything against the status quo. This has a couple of relavant effects on security: any sort of change is hard to effect unless the status quo harms outweigh the costs of change to key players; “temporary” changes are easier to get accepted, and then easier to lock in (e.g. Bush tax cuts, patriot act, etc); acceptance of flaws in (written) signature-based authentication. Status quo bias has empowered the base of the pro end-to-end movement, keeping the internet as it was originally intended.