Rational Astrologies and Security

John Kelsey and I wrote a short paper for the Rossfest Festschrift: “Rational Astrologies and Security“:

There is another non-security way that designers can spend their security budget: on making their own lives easier. Many of these fall into the category of what has been called rational astrology. First identified by Randy Steve Waldman [Wal12], the term refers to something people treat as though it works, generally for social or institutional reasons, even when there’s little evidence that it works—­and sometimes despite substantial evidence that it does not.

[…]

Both security theater and rational astrologies may seem irrational, but they are rational from the perspective of the people making the decisions about security. Security theater is often driven by information asymmetry: people who don’t understand security can be reassured with cosmetic or psychological measures, and sometimes that reassurance is important. It can be better understood by considering the many non-security purposes of a security system. A monitoring bracelet system that pairs new mothers and their babies may be security theater, considering the incredibly rare instances of baby snatching from hospitals. But it makes sense as a security system designed to alleviate fears of new mothers [Sch07].

Rational astrologies in security result from two considerations. The first is the principal­-agent problem: The incentives of the individual or organization making the security decision are not always aligned with the incentives of the users of that system. The user’s well-being may not weigh as heavily on the developer’s mind as the difficulty of convincing his boss to take a chance by ignoring an outdated security rule or trying some new technology.

The second consideration that can lead to a rational astrology is where there is a social or institutional need for a solution to a problem for which there is actually not a particularly good solution. The organization needs to reassure regulators, customers, or perhaps even a judge and jury that “they did all that could be done” to avoid some problem—even if “all that could be done” wasn’t very much.

Tags: , ,

Posted on April 2, 2025 at 7:04 AM19 Comments

Comments

Keith Douglas April 2, 2025 10:27 AM

22 years after Anderson’s quote I still wait for his fusion … What can we do to get more cyber security people learn modern software development, for example? A lot of us are still talking like continuous integration (for example) is some revolutionary development when it has been standard practice for well over 10 years now.

Funz April 2, 2025 11:32 AM

Bracelets are not against baby snatching, but against baby switching in the crib, which is an absolute nightmare for any new parent.
So, it may be theater, but costs nothing, does a great deal of reassuring people and maybe prevents that horrific one-in-a-million case that goes on the newspapers.

Funz April 2, 2025 11:35 AM

Unless you are referring to some radio-controlled bracelet that didn’t exist when I became father, but then, what prevents a baby snatcher from cutting it?

Anonymous April 2, 2025 1:05 PM

The first is the principal­-agent problem: The incentives of the individual or organization making the security decision are not always aligned with the incentives of the users of that system. The user’s well-being may not weigh as heavily on the developer’s mind as the difficulty of convincing his boss to take a chance by ignoring an outdated security rule or trying some new technology.

This example does not fit the standard definition of the principal-agent problem. The canonical framing is that of the organization’s incentives being misaligned with its employees (agents). For example, the organization may actually value users’ security (because of legal liability, marketing strategy, or business model) but the marginal cost of following a particular, sensible rule to the employee is outweighed by the gain (to that employee) of meeting a deadline or doing something cool.

The organizations cope with this problems by increasing the costs of non-compliance by a threat of severe punishment. This works to an extent – the workers figure out quickly how to game the system without running afoul of a few enforceable rules.

Clive Robinson April 2, 2025 2:35 PM

@ Funz, ALL,

The real reason for “baby bracelets” are for the same reason nearly everyone gets one…

That is to reduce claims for medical negligence[1].

The thing is if you don’t have formal reason to be on a hospital site the bar for negligence is way higher almost having to equate with assault (think knocked over, run down, or physically attacked by an NHS employee).

If however you have a reason to be on site the bar is a lot lot lower for physical injury by “accident” then there is all the medical injury as well.

One significant preventable harm that happens in hospitals is incorrect or incorrectly given medicine. Those brackets whilst not entirely preventing mistakes at least make the process auditable and yes lessons do get learned.

In many UK hospitals the first thing a nurse does is “scan your bar code” before they even touch you. They then check you are who the bracelet bar code says you are by DoB and First and Last name. If you can not give them for some reason and you don’t have a recognised guardian then not just nurses, but doctors, and others, “kick it up” usually by getting a colleague who has verified the patient already along as a witness to “overwatch”.

Due to chronic staff shortages due to lockdown fallout things were getting a little more relaxed. But since a recent trial where deaths of infants was part of the case it’s all got much stricter again. This is much like it did with Harold Shipman the main result of which is you don’t have “a General Practicianer”(GP) Doctor any longer. Instead you go into a group practice and you basically get the lowest quality of care because “the computer says” rather than the Dr actually knowing you as a patient. So knows when to be alarmed and when to be just friendly and supportive (actually what a lot of patients actually need is “support” and “advice” and a little “cajoling” not “pills and lotions”).

My old GP pre-shipman was a funny old duck in many respects but she really knew the majority of her patients and knew them well. So could tell before they said anything if there was something more than minor involved.

On one occasion I was kind of not feeling to good and standing leaning on the reception desk more than a little jaded around the gills. When she came out to call the next patient. She just glanced at me took me in the exam room took a couple of measurement and just phoned for an ambulance having only said “Hello, your looking out of breath” to which I just nodded.

Over two weeks later they let me out of hospital, apparently it had been very touch and go as a mixture of sepsis and blood clots can be (they call it DIC and I forget what it actually stands for, but with the grim humour medical staff develop the just call it “Death Is Coming”). For those who take a morbid interest or are just curious[3],

https://geekymedics.com/disseminated-intravascular-coagulation-dic/

It’s one of those “taxi down the side of a mountain” type conditions, where just about every second counts if you don’t want “a crash that’s EndEx”…

I’ve had it subsequently and now recognise the symptoms and thus just call an ambulance saying the word “Sepsis” loudly and clearly. Which gets a “blues and twos” all the way to me rapid checks whilst bluing and twoing off to “resuscitation” it looks very exciting on TV but trust me when you are on the gurny gasping away and having visual hallucinations the view is somewhat different…

Oh don’t take yourself to hospital, I did that just before Xmas and whilst queuing in “the admission line” I went out cold and splatterd down on the floor… Apparently that sort of “nearly live” entertainment is not appreciated when the nurses are wee little lasses barely a quarter my size as they cannot even turn you over easily. All very embarrassing, and after being discharged in Jan I took them in a “care package” of tins of busicuits, sweets, a couple of boxes of real tea bags a large tin of decent instant coffee and several boxes of packet soups along with a thank you note.

Front line nurses and medical staff in the UK do 13 hour or more shifts and often spend hours on public transport to and from home. For many they don’t get a chance for a break let alone food… So be nice to them they may only have had two or three busicuits and a couple of cuppers all day before a perilous journey in the dark going home. The reason a lot don’t drive is two fold,

1, The Government insists they pay £3/hour or more for parking.
2, The accident statistics are grim and insurance companies charge them a fortune in premiums.

So be nice, if you can sit up and look around your day is probably going better than theirs even if you’ve been sat there for eight hours.

The UK NHS may not be the best in the world by “Political Metrics” but it sees everyone it can and many it should not. Most who have a chance to survive when they get there do survive which is better than a lot of places. The food may not be great and any entertainment you have to make for yourself (it’s why I now always carry a pack of cards and a box of matches for a few hands of cards).

[1] The UK NHS hands out eye watering amounts of money each year due to various forms of negligence “on grounds”[2].

[2] Few realised it untill lock down but the only people actually with a right to be on NHS property are those working for them, those being formally treated and for some only their lawful guardians (the term “legal guardian” actually has further statutory meaning).

[3] I’m one who bleeds quite profusely from odd places whilst getting blood clots in legs, cardiovascular system and… What are sometimes called TIA’s or ministrokes along with major organ blocking… It kind of puts a dint in your social life… Oh and the cure for the bleeding makes the clotting worse and just for fun the other way around as well… I have thought of taking up a sword swallowing on a tightrope act as being a little easier to safely balance…

Dave April 2, 2025 4:35 PM

I’ve always used “PKI” in place of “rational astrology”. Or are they interchangeable?

ResearcherZero April 3, 2025 12:52 AM

There is an example here that has to do with weather prediction. Human weather forecasters can make better predictions regarding events that have little historical data, but AI which is trained on historical weather data, has trouble predicting unprecedented events.

These are the types of events which lead to the greatest loss of human life.

A hybrid solution may help, but humans and proper resourcing are incredibly important.
Because there is little data available about outlier events, attempting to work out what kind of an impact may occur in different impacted locations can be extremely difficult.

Some of these events can be impossible to prepare for when they impact a vast region.

‘https://www.abc.net.au/news/2025-04-01/outback-flooding-worsening-more-rain-for-queensland/105116402

AI is good at modelling standard and typical weather predictions, but not with the outlier and extreme weather events, even though it does have has good cyclone track prediction.
https://www.nature.com/articles/s41467-025-56573-8

AI overreliance
https://hai.stanford.edu/news/ai-overreliance-problem-are-explanations-solution

Chris Becke April 3, 2025 3:01 AM

When DNA testing first became mainstream it was discovered that numerous babies had been inadvertently switched in hospital. Babies all look the same, and with staff changes its way to easy to accidentally place a baby in the wrong bed and not even the parents notice the problem.
the ankle bands were never meant to stop baby snatching, but as a way to ensure accidental switches were not made.

ResearcherZero April 6, 2025 9:08 AM

@Clive Robinson, @ALL

That is bang on that is. Public health will investigate complaints and do have some very good on-sight security. The vast majority of public hospital staff are fantastic.

Since private equity began taking over health facilities, blood infections and complications have worsened in these privately operated facilities, because the way to get a return on investment is not always compatible with patient care. A private company might have security, but the service delivery may be below standard and open to abuse.

Very hard to litigate once you have become deceased or become incapacitated and are no longer able to properly pursue a complaint. Plus it is expensive and private systems have a myriad or commercial confidentiality agreements and are lawyered up to the wazoo.

Establishing trust with the public is comprised of perception management and risk avoidance. It is like taking a complaint to the police because a bent copper shot you. Those chaps are not good at investigating themselves. Successful complaints may make mistakes more costly in future. Everyone who was wrongly treated might lodge a complaint as a result. Still, private police have an even worse reputation and performance record.

It is far better to have bad policy and procedure, then cover it up when it inevitably fails, than a functional service that operates properly. At least from their perspective, as it saves a lot of money. Fixing problems within companies costs money and time. The public health system can at least fix problems without bankruptcy and typically delivers far better value for money, at least as long as the government is properly funding it.

ResearcherZero April 7, 2025 4:26 AM

State governments ignore shocking mistreatment of babies and toddlers in private childcare.

‘https://www.abc.net.au/news/2025-04-07/documents-expose-incidents-inside-nsw-childcare-centres/105143718

ResearcherZero April 8, 2025 2:12 AM

Maybe there are some lessons in international affairs we can learn from.

‘https://www.fpri.org/article/2025/03/obscurity-by-design/

“diplomacy becomes ethically compromised when performance ceases to serve process”

Credibility in international relations is built on clear, consistent commitments.
https://www.ethicsandinternationalaffairs.org/online-exclusives/diplomacy-as-stagecraft-ambush-performance-and-the-ethics-of-the-trump-zelenskyy-encounter

Five principles to guide strategic communication policy:

  • (1) practice strategic engagement, not global salesmanship;
  • (2) do not repeat the same message in the same channels with the same spokesperson and expect new or different results;
  • (3) do not seek to control a message’s meaning in cultures we do not fully understand;
  • (4) understand that message clarity and perception of meaning is a function of relationships, not strictly a function of word usage;
  • (5) seek “unified diversity” based on global cooperation instead of “focused wrongness” based on sheer dominance and power.

‘https://csc.asu.edu/sites/default/files/white-papers/116.pdf

ResearcherZero April 9, 2025 11:10 PM

Here is a very good example.

Public perceptions have changed. The public believes today that all fires can be put out.

Rising air temperatures will increase fire risks in cities worldwide.

‘https://www.nature.com/articles/s44284-025-00204-2

Because both natural fire in wilderness areas and indigenous fire practice have been suppressed – there exists a large fire deficit – where less intense and smaller fires once burned. Now when any fire ignites in the wild, humans rush to, or demand it be put out.

“When a wildfire enters an urban environment, the public expects it to be put out before it causes much damage. But the nation’s wild-land firefighting systems aren’t designed for that. …The U.S. got really good at putting out fires. So good that citizens grew to accept fire suppression as something the government simply does.”

https://theconversation.com/living-with-wildfire-how-to-protect-more-homes-as-fire-risk-rises-in-a-warming-climate-208652

Grants to reduce fire risk and intensity, plus around 10% of personnel, are now being cut.
https://www.scientificamerican.com/article/trump-firings-and-funding-freezes-leave-western-states-scrambling-to-prepare/

ResearcherZero April 9, 2025 11:45 PM

A problem of communication. – Not only do politicians not understand fire, they have ignored persistent warnings from scientists, experts in fire dynamics and senior fire officers.

Miscommunication to the public of how fire behaves naturally in the landscape, is also an extremely big problem. Some types of natural landscapes, along with particular species of plants and trees, require regular and less-intense fire in order to germinate and unlock the nutrients that they need to grow and flourish.

Smaller, less-intense and more frequent fires also protect fire intolerant areas, such as peat-swamps or species of trees that do not tolerate fire, as these smaller fires prevent the spread of large fires into these fragile and critically important environments.

Many species of animals, birds and insects are also dependent on these cycles to obtain the habitat and resources they need to survive, establish a nest, reproduce and thrive.

So what went wrong?

Prior to colonial settlement, traditionally practiced fire regimes allowed human societies to cope with fire as a reoccurring disturbance, by managing plant and animal productivity.

However this was disrupted following European settlement that suppressed those methods.

“Indeed, recent departures from traditional cultural use and perceptions of fire are associated with major shifts in ecological composition, ranging from local-scale shrub encroachment and forest degradation to regional- and continental-scale changes in vegetation.”

‘https://onlinelibrary.wiley.com/doi/full/10.1002/ece3.1494

What can be done to reduce the dangers of intense wildfires?

https://1earthmedia.com/integrating-indigenous-knowledge-into-bushfire-management/

podcast – what can be done to adapt to a more flammable future
https://www.smithsonianmag.com/science-nature/why-wildfires-are-burning-hotter-and-longer-180983334/

Clive Robinson April 9, 2025 11:50 PM

@ ResearcherZero, ALL,

Ahh,

“The public believes today that all fires can be put out.”

And so Nero played on… And look where that got him…

Sometimes I’m shocked at how the lack of simple reasoning causes what is not just utter stupidity but significant cognitive bias, that they will argue for “their belief” “in the face of all reason otherwise”.

Fire is a simple example of a cascade or avalanche process, where you get sufficient output to sustain the process or even accelerate the process.

That is When K is greater than 1 then without external moderation the process will become runaway untill K becomes less than 1… this is true for all processes. It’s most easily seen when a process is reversible and has a clear equilibrium constant, including the old fashioned weighing scales once used in the kitchen where science and much else originated from…

ResearcherZero April 10, 2025 12:46 AM

Australia’s rich tapestry of traditional fire management practices offers solutions.

In the absence of these regular traditional methods of controlled burning, a change in fire regimes introduced in the last century has lead to less frequent, larger and more severe wildfires that have altered vegetation composition and biodiversity.

Most fire management strategies now typically focused on emergency responses and fire suppression, and on fire bans as the only way of wildfire prevention. By integrating traditional knowledge and indigenous people into regional fire management decision making and properly supporting and funding local forest and fire management personnel, fire risk can be reduced.

Integrated fire management as an adaptation and mitigation strategy to altered fire regimes:

‘https://www.nature.com/articles/s43247-025-02165-9

If we do not integrate traditional fire practices and knowledge into the fire regimes and the latest scientific advice (see above) fires will continue to become hotter, with larger flames, and will spread faster. Fires in urban areas will be increasingly dangerous and unstoppable.

This will require appropriate and adequate funding of both resources and personnel.
Currently regional forest and parks management, and fire services are not provisioned with enough financial funding, staffing levels or resources to meet existing demands. 🙁

https://phys.org/news/2025-03-climate-severe-uk.html

Prolonged dry weather is also increasing the risk of fire.
https://inews.co.uk/news/uk-fire-officer-extreme-weather-rise-wildfires-3625866

Vapor pressure deficit is an absolute measure of the moisture deficit of the atmosphere.
https://cee.mit.edu/fueling-the-flames-how-environmental-dynamics-drive-los-angeles-fires/

Clive Robinson April 10, 2025 8:08 AM

@ ResearcherZero, ALL,

With regards,

“And this is purely because politicians are d–kheads.”

No they are simply acting like wind-vanes to the community they have most contact with,

“The overly self entitled.”

As I point out from time to time it’s a scale or balance of,

“Individual Rights -v- Social Responsibilities.”

Politicians of all political stripe tend to the “My Entitlement” as do those that surround them both socially and during what they would call “working hours”.

Thus these types and their parasitic significant others not just want that what is around them is “just so” they actually “demand it” and put considerable resources behind their wants…

It’s why we have that numpty nonsense about the “trickle down effect” to salve the conscience of those not fully “self entitled”.

A part of that is “style over substance” where several hundred years ago when the “Estates of Man” were more apparent and actually codified there were fairly draconian laws about even what people could wear hence,

“The beggar in his lowly born rags”

You were “cast from birth” into one of the estates or “cast down” as with the livestock as property of a lord of the land (who owns all and tithes all the earliest of “unearned income”).

Thus “status has to be seen”. Even into the late 1800’s people were separated by the cloth they wore, where a single dress or outfit could cost more than many could earn in a lifetime.

Over the years “status” has fallen to the growth of the middle classes that actually made or managed the making of items of “status”. But self entitlement remains…

Thus people want a “nice home” not just to live in but to display their status.

They did not want their lives intruded upon by “agriculture, trade, or industry”.

Burn-back at the end of harvest gets carried on the wind. To those who do not understand the reason for it the smoke and smell is an intolerable reminder that their status is not assured…

As I’ve noted before some self entitled people would rather live the short brutish and sick lives of the middle ages because of the “status gap” that they can quite literally “look down from upon”.

C19 highlighted a point I’d been making for years about health care,

“You can not be healthy in a sick society”

As Dr John Snow demonstrated without doubt back in Soho London in 1854. Where he demonstrated water bourn infection from cess pits getting into the drinking water supply. Along with the “Great Stink” Victorians finally realised what the Romans knew about health and society.

Because pathogens like smoke move like the wind and from person to person with no respect for wealth or power.

People often wonder why “all Americans live less” than the average Europeans… you are aware that @JohnKnowsNothing and @SpaceLifeForm spent many comments here discussing the “whys” and their are a great deal of them.

However they can almost all be traced back to “self entitlement”, because of

“Status making society sick”

And the self entitled don’t get it because try as they might even the wealthiest of Americans can not get away from the consequence of the “status gap” they desire beyond all else,

https://theconversation.com/americans-die-earlier-at-all-wealth-levels-even-if-wealth-buys-more-years-of-life-in-the-us-than-in-europe-253620

The desire for visible status is what causes the build up of the fuel that feeds the fires that various “New World” nations have experienced. Ask yourself the question,

“How many people will die early deaths oft by horrible diseases that can all be attributed to the massive amounts of toxic smoke from wild fires that have run rampant up the US West Coast from California to Canada these past few years?”

Have a look at the US company PE&G,

https://www.bbc.co.uk/news/world-us-canada-64505596

I was warning here and other places that they were going to create disaster after disaster “for shareholder value” and the “status” that gave a few who were oh so far over to their “Individual Rights” they actually deliberately and wilfully with malice aforethought acted against all “Social Responsibility” to the extent they were murdering people by their actions…

Leave a comment

Blog moderation policy

Login

Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via https://michelf.ca/projects/php-markdown/extra/

Sidebar photo of Bruce Schneier by Joe MacInnis.