The Real Barrier to Security: We’re All Too Lazy

I like to use the Alarmed column for broad contemplation at the start of each new year; it just seems like a good time to reflect on ideas like the erosion of privacy, security types doing Good in post-tsunami Indonesia, or the relative merits of cash. This year I’ve been ruminating on a major barrier to improving information security: You’re lazy.

OK, I’m lazy, too. But you’re still lazy, and here’s a test to prove it: Imagine someone offered you a free 60-inch plasma TV and free cable for life, provided you never again used a remote control. It’s, what, 10 steps across the room, in exchange for high-def heaven. You taking that deal? Or say a car dealer knocked $2,000 off the price of your new wheels, but only if you gave up your power windows and locks. You going to walk around your car to unlock your doors with a key, or lean way back across the back seat to crank your down your screaming kid’s window? Would you buy that car?

Or, what if your bank said it could drastically decrease your chances of suffering fraud and identity theft, for free; all you’d have to do is agree to never bank or shop online again. Would you do it?

Of course you wouldn’t. Neither would I. You’re lazy, and so am I. Or put another way, we’re addicted to convenience. Product developers and marketers are pushing it on us like never before because they know that we can’t resist it. We crave it. We make our buying decisions based on it. Easy is our heroin.

Have to wring out a mop? Nah, here’s a disposable pad. Have to put the kid down to slide the minivan door open? Don’t bother, we’ll give it an remote activated electric motor. One of my favorite examples of our laziness is a phenomenon that parents everywhere know. It’s called Gogurt. For the non-parents, this is yogurt in a plastic tube. Just rip open (along a pre-torn notchno need for scissors!) and squeeze down the gullet.

Hey, look, getting out a spoon and peeling back the foil top can be a real pain, you know?

But so what, right? As Bertrand Russell writes in “In Praise of Idleness” (which does not celebrate sloth), we can assume that “labor is, on the whole, disagreeable.” So if Gogurt saves time and makes a parent’s life a little more agreeable, how is that bad?

It may not be. On the other hand, convenience’s benefits aren’t that simple. We’re actually hooked on a specific kind of easy called instant gratification, which has a strange way of making us overestimate the benefits we get from being lazy. It makes us think that what’s easy right this second is easier than something that might require a little work right this second. That’s not necessarily true. Think of elevators. Easier than taking the stairs, right? Actually, unless you’re in a skyscraper, elevators save you very little time. Time you’d spend making progress to your floor on the stairs you waste waiting for the elevator car to arrive and waiting as it stops on other floors.

But your inclination is still to be lazy. It’s easier to stand around than climb stairs. Of course, those short-term benefits of not having to exert yourself borrow against your long-term interests. The time you might save taking the elevator four floors may come off the end of your life. All that standing around takes good exercise out of your day; it’s unhealthful. Another example: A mechanical minivan door may require energy from your arms now, but it also won’t cost $800 to fix when a motor burns out later.

Sometimes, the benefits of convenience are flat-out illusory. Take the computer mouse. It’s actually a terribly inefficient navigation tool compared to alternatives such as using keystroke DOS commands (CTRL-X for cut, CTRL-V for paste, etc.). Using DOS commands instead of a mouse for navigation could save you hours, perhaps whole business days, over the course of a year.

But a mouse is intuitive, and requires very little investment up front. DOS commands require the unlazy task of learning before you can reap the benefits. That requisite investment up front would be paid off several times over in a year, but we resist ever making that investment. The mouse, on the other hand, brings instant gratification. It just seems more convenient.

Online banking’s convenience is not the illusory kind; it’s a real and powerful narcotic. It’s far easier to manage finances from your couch than to use Jurassic relics like checkbooks and bank tellers. The convenience is so addictive that most of us willingly increase our risk of losing some or our most precious material assetsmoney, personally identifying information, good credit ratingsand increase that risk significantly, in order to get that easiness.

What’s more, we resist anything that puts off that instant gratification, that keeps us from being as lazy as possible. Why did Amazon.com create one-click shopping? Because the more clicks, the less likely we’ll buy. We’re too lazy to click a few times and think at each screen! We’d rather just click once and get it done. Same with banking online: there are ways to make it safer and yet we refuse to invest in them. We whine about having to deal with second factors of authentication. Biometric authentication is out of the questiontalk about work!

One security researcher, who knows how serious online risks are, has adjusted his behavior so that he uses two browsersa “promiscuous” one for general Internet use, and a “safe” one for transactions. Can you imagine doing that? In the context of the risk, it’s a minor inconvenience, but still, it’s an inconvenience. Two browsers? No way. You’re lazy, and so am I.

I don’t mean to let the vendors off the hook. As much as we’re lazy, the pushers continue to offer prey on that and offer up products that they promise will make our lives better even if they carry a significant risk of making our lives worse. Still, keeping with the metaphor, the first step to overcoming our addiction to laziness is admitting we have a problem. Until that happens, we’re a bunch of convenience junkies. We get what we give.