Privacy International a human rights watchdog, has announced it is to run the second Stupid Security Awards in order to reward the numbnuts responsible for some of the most ridiculous security measures on the planet. If it is annoying, pointless, intrusive, illusory, self-serving and above all else just plain stupid, then it could be a winner.

The five categories are:

  • Most Egregiously Stupid Award
  • Most Inexplicably Stupid Award
  • Most Annoyingly Stupid Award
  • Most Flagrantly Intrusive Award
  • Most Stupidly Counter Productive Award

Want some inspiration? Privacy International are only too pleased to help. How about an airport that just last month emptied an entire, packed, airplane because a passenger was drinking from a lemonade bottle. Or maybe the British schools fingerprinting children to stop the theft of library books. But you only have to look back to the inaugural awards back in 2003, a runaway success with no less than 5000 entries, for some real stooopid nominations.

  • US soldiers heading to Iraq on commercial airliners had their knives confiscated due to ‘security regulations’ but were allowed to keep their firearms.
  • T-Mobile required users of ‘pay-as-you-go’ mobile phones to send two credit card bills and full details of the phone service provider, through the mail, before they would allow a user to top up their phone using a credit card. Apparently, this was to prevent anyone else from covertly topping up the phone.
  • The University of Texas employed campus guards, but only between the hours of 8am and 4pm after which anyone could drive right into campus as they pleased. Secure until 4pm is a great stupid security nomination methinks.

"The situation has become ridiculous" said Privacy International Director Simon Davies. "Security has become the smokescreen for incompetent and robotic managers the world over".

This I cannot argue with, unworkable and idiotic security measures only serve to make the public less likely to take security seriously. What does worry me somewhat is the lack of IT security stupidity in those 2003 awards nominations, there just were not any really goofy ones at all. This is surprising, considering the pigs ear half the corporations across the world are making of it.

So let us redress the balance and ensure that IT security stupidity gets named and shamed by nominating the worst offenders. Entries need to be submitted by 31st October so there is plenty of time, and anyone can make them. This includes you. Simply send an email to stupidsecurity@privacy.org.

I have already nominated the Norton Confidential ID protection tool which pops up a dialogue box warning that the site you are trying to visit is a potentially fraudulent phishing operation but has an option to ‘continue to web page’ anyway. Doh!

As Editorial Director and Managing Analyst with IT Security Thing I am putting more than two decades of consulting experience into providing opinionated insight regarding the security threat landscape for IT security professionals. As an Editorial Fellow with Dennis Publishing, I bring more than two decades of writing experience across the technology industry into publications such as Alphr, IT Pro and (in good old fashioned print) PC Pro. I also write for SC Magazine UK and Infosecurity, as well as The Times and Sunday Times newspapers. Along the way I have been honoured with a Technology Journalist of the Year award, and three Information Security Journalist of the Year awards. Most humbling, though, was the Enigma Award for 'lifetime contribution to IT security journalism' bestowed on me in 2011.

Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.