When We Err, We Learn. When They Err, They’re Idiots

A good friend from the security industry, Eric Cowperthwaite, recently caused some debate with a blog post about security breach victims getting demonized for failing to prevent break-ins. Other industry friends disagreed.

The truth, as usual, is somewhere in between.

Mood music:

Let’s start with Cowperthawaite’s key point:

In the information security community there is a tendency to blame the victim first, rather than the criminal. And as soon as that starts to work, much of the community begins to pile on like sharks smelling blood in the water.

I’m not even going to name all the times this has happened and give examples. We all know about the retail company, the coffee company, the software company …. the list goes on and on …. that didn’t have perfect security, got victimized by a criminal, and we tore into them for “the thing they didn’t do.” This is so wrong, I don’t know where to start.

Boris Sverdlik and George V. Hulme see things differently. Says Sverdlik:

Most orgs aren’t in the business of security, they are in the business to make money. If you believe most companies do their darnedest to protect their customers then you are living in some other world I wish I could be a part of. The truth is most companies don’t give a shit about security until they get popped and when they do they will do the bare minimum to keep appearances up because nobody holds them liable. My job as a security professional is to reduce the risk to an organization and if I can’t 100 percent say that I’ve done my best I deserve to be blamed.

Hulme adds:

I don’t think an organization like Target that had a puke IT culture and didn’t bother to have a CISO or a point person on consumer privacy gets a pass on anything. And that company DEMANDED to scan Driver’s Licenses to buy things like Nicorette gum. As I was a customer at Target for years, that’s the only justification I need for that opinion.

The discussion went back and forth several more times on Facebook, but I think those capture the prime points.

Once again, what’s true in the security industry is true in the rest of the world. Is how we treat people who fail right?

We have a tendency to blame the victims. It’s not a good practice in the first place, but what’s worse is that it’s hypocritical. We all make mistakes and get things wrong. When it happens to us, it’s a learning experience. When it happens to someone else, they’re idiots.

That said, Sverdlik and Hulme are right to point out that companies tend to not give a shit about security until they get hosed. To that end, ridicule is justified.

But I’ll tell you what matters to me: how honest the victim is.

When a retailer is the victim, its customers are victims too. When the retailer tries to gloss over its culpability, the pile-on is deserved. Not because it suffered a breach in the first place, but because it wasn’t honest about what it learned and what it were doing about it.

We need more compassion, but we need accountability and consequences, too.

swift kick in the balls

Was She Bullied, or Did the Truth Cut Too Deep?

A good friend disliked yesterday’s post, “The Fat Lady Sang, And It Was Beautiful.” His main criticism was that I centered it on my own weight battles, which I traced back to Crohn’s Disease, Prednisone and addiction.

Mood music:

[spotify:track:1DH4YwHHGBkWO8dX3JISjl]

Livingston, a morning anchor at WKBT in La Crosse, Wisconsin, went on air after getting an email that read in part:

Surely you don’t consider yourself a suitable example for this community’s young people, girls in particular. Obesity is one of the worst choices a person can make and one of the most dangerous habits to maintain.

After reading the email she received, Livingston then took her critic apart, noting that he doesn’t know her well enough to pass judgement. She also accused him of bullying her. I applauded her for doing this because I felt her critic wrongly assumed she and other overweight people simply made a choice to be obese. My argument was that weight trouble can come from a variety of factors and that this guy was out of line.

My friend felt my response was based on assumptions and that framing my complaint in the context of my past issues with Prednisone and Crohn’s Disease didn’t jibe with the news woman’s situation. “Does the anchor woman share those same issues?” he asked. If she doesn’t and her obesity is simply a matter of her not taking care of herself, he said, my comments were off the mark.

“I also have issues with those that view the original comment as bullying,” my friend continued. “Some view things through the eyes of responsibility. Others just want to place blame and make excuses.”

For all we know, Jennifer Livingston falls into the latter camp, he said, concluding, “What you wrote is representative of not having all the facts.”

I agree that many people make excuses for being overweight and that their real problem is laziness and gluttony. There’s a joke making the rounds where a fat guy tells his doctor, “The problem is obesity runs in my family.” The doctor responds, “No, the problem is that no one in your family runs.”

When someone lets their body go to crap because they don’t feel like doing what’s good for them, they are being bad role models, especially when it comes to their children and how they’re allowed to develop the same bad habits. I took one such parent to task for that a while back in “When Parents Fail.”

Unfortunately, a lot of people who work hard to be good role models and take care of themselves end up overweight anyway. One friend of mine gained a lot of weight because he developed a foot infection that left him unable to do much physical activity.

As for Livingston, I don’t know why she’s overweight, and I don’t care. These days, a lot of people are hired to anchor news shows because they look like supermodels. That Livingston was able to break through that and succeed in the industry speaks volumes. TV media is a cut-throat field and you don’t succeed unless you work your ass off. As far as I’m concerned, that’s an example of a good role model.

Livingston is also a good role model for showing that you don’t have to be someone else’s idea of perfect to be on TV or to do a job. It’s not just men who come in all shapes and sizes. Society says that women must be skinny to an unhealthy degree and look perfect. She’s not perfect, but that doesn’t mean everything she does is wasted.

Actually, I don’t think perfect role models exist. People do big things and overcome obstacles in ways that inspire others to do better. But they make big mistakes along the way. It’s called being human.

Finally, let’s look at Livingston’s use of the word bully. That’s what she called Kenneth Krause, the man who sent her the email. To me, a bully taunts you with names, making sure everyone in the vicinity can hear it, and makes threats. Krause did none of these things. He called her a bad role model for being obese and called it a choice. Obviously, I disagree.

This guy was mean, superior, judgmental, disrespectful, and prejudiced. He doesn’t think fat people should be on the air.

Fuck that.

But was Krause a bully? He didn’t threaten her or call her names in earshot of others, which is how I picture the act of bullying. I don’t think he’s a bully per se. But consider these definitions Erin (my wife and editor) found:

The American Heritage Dictionary defines a bully as “a person who is habitually cruel or overbearing, especially to smaller or weaker people.”

The fact that Krause only wrote in once probably doesn’t fit, but he was cruel and overbearing, especially to someone he thought was weaker. And he never apologized, saying instead that she should follow his advice.

More important, though, to bully, says AHD, is “to treat in an overbearing or intimidating manner”; “to make (one’s way) aggressively.” Krause did treat her in an overbearing way and he was aggressive about trying to get his own way: that she lose weight.

No matter where Livingston’s weight problems come from, what Krause did was wrong.

Disagree if you wish. But that’s my position.

Jennifer Livingston