Thank you, your DNA data will help secure your… oh dear, we've lost that too

Er, do you have your original password written down somewhere?

Bouncer photo via Shutterstock

Something for the Weekend, Sir? I have been propositioned at midnight at a hotel door. "What's your room number?"

Tired, tipsy and momentarily surprised at being accosted at the threshold of my two-night, three-star lodging, I fail to conjure an immediate answer. Am I on the third floor? Something about turning right when exiting the lifts, five or six doors on the left. The room number itself eludes me.

So I ask Mme D who, as luck would have it, is just a few feet away.

I turn back to the night porter: "Three-three-eight. Can we come in now?"

It has been a long while since I last had to ring a bell for re-admittance to a hotel after a late night out. Back in the day, a night porter would arrive with a key and let you in. Tonight, however, we are required to undergo interrogation to establish our guest credentials. One false move or evasive response and we might be wrestled to the faux-marble floor, handcuffed and hauled away to the dungeons beneath the Office of Bottom Correction.

There are no more night porters, you see. The man barring our entrance is night security.

Security, we can all agree, is an ever-growing problem that needs to be taken more seriously than in the past. This hotel's night security is someone who certainly looks serious. Or grim. Or glum. Anyway, judging from his expression, you don't want to mess with him if you hope to be permitted to stagger towards the lifts before sunrise.

Unfortunately, this isn't really security, is it? It's just a hotel equivalent of a nightclub bouncer who's looking to enliven his uneventful shift with a little light banter at the door to demonstrate how important he is. Gruffly demanding my room number and then accepting my response didn't make the hotel any safer from riffraff than if he'd just opened the door and waved us in with a cheery hello.

That said, a cheery hello can be used as an opening gambit to catch the fibber off-guard. For a masterclass in subtle lie detection, I give you Dr Younan Nowzaradan, the Houston-based surgeon at the well-padded centre of hit daytime TV series about overweight burger munchers trying to live beyond their twenties, My 600 lb Life.

He walks into the consulting room, poker-faced and singing "Hello, how y'all doin'?" with a tonal resonance pitched halfway between Mini Mouse and Spongebob Squarepants. Silly man, you think to yourself, I'll dispense with him in no time. But three minutes later, Dr Now's verbal scalpel is at your roly-poly throat and he's surgically removing your bullshit that you weigh 270kg because you snack on the occasional grape.

Since hotels can't afford to hire highly skilled plastic surgeons to take charge of night security, they make do with blue-collar grumpy men whose expertise lies in being able to clip a large bunch of keys to their belt.

You'd think a hotel's front door would be more secure overnight if it replaced the human bouncer altogether with a swipe- or touch-card reader at the front door along with a keypad prompt to enter my room number as confirmation. OK, that's a little bit securer, but not much. Maybe add a 12-character password as well? And a QR Code to generate Authenticator PINs, perhaps? Fingerprint recognition might help too. Oh, and let's add a retina scan, polygraph test, DNA comparison with the top 10 Most Wanted, armpit temperature check, fine-comb check for nits and a cough-and drop.

The problem with all these measures is that as they incrementally improve the quality of security, they exponentially compound the Bully Factor. Just as the nightclub doorman insists that the next dude in the queue should produce their passport, birth certificate and letters of dispensation from Pope Francis and Patriarch Kirill, it all seems unnecessarily tiresome for the customer. I've witnessed bouncers ordering prospective clubbers to recite their birthdate in reverse numbers, pat their head while rubbing their stomachs, and touch their toes three times – no doubt a trick they themselves learnt in prison.

Those of you who suffer plenty of international air travel will be aware that the airport security industry, if we can call it that, underwent a major upheaval a couple of years ago. Realising that almost everybody regarded them not as public protectors so much as voyeuristic bullies with a penchant for rummaging through your pockets while you're still wearing the trousers, the crotch-probing profession did some soul-searching. This has led to swifter, politer, less humiliating and more expert security processing of humans as they pass into the international departures lounge.

It won't last: it will have to change again, simply to keep pace with the perps. In our own industry, recent data security scares include reports that show how half of all phishing attacks now take place on websites that feature the browser padlock icon. Increasingly, malicious JavaScript are infecting authentic sites with fake login forms, watering-hole style.

This suggests that there is nothing so suspicious as an outward appearance of security. Paranoia ahoy! The customer puts up with all the bullying for passwords and IDs and shit, only to have their personal info lifted behind the scenes anyway. Or, much much worse (and much much more likely over the next few years), your data is maliciously associated with someone else's, not to steal your money but to cover their tracks.

This week's story about alleged farcical facial unrecognition as practised by overconfident Apple Store detectives in the US is a taste of what's to come. Don't be surprised if your Gran has her door kicked in at 4:00am by anti-terror police looking for her heroin lab and stash of Islamic State literature. We'll be reading stories like this as frequently as we do now about massive personal customer data breaches.

I'm not sure that ownership of a flag is illegal, by the way. What matters with a flag is where you put it.

Donald Trump flag on a dog turd

Patriotic flag-waving Chicago-style, as photographed by Mme D this month

I get the impression that the architects of IT security systems continue to model themselves on nightclub bouncers. They present a preening cosmetic shell of security at the front door while the real perps are clambering through the toilet windows round the back and are already roaming the dance floor looking for someone's data to bottle.

Effective security can no longer be achieved by shaking a fist at the front door. It has to be a continuous process, constantly checking your behaviour once you enter the building. CCTV. Body language. Cultural profiling. Automatic lie-detecting of whatever you type on your keyboard.

Did I mention paranoia?

Youtube Video

Alistair Dabbs
Alistair Dabbs is a freelance technology tart, juggling tech journalism, training and digital publishing. He has now worked himself up into a state of terror, worrying that everything he writes here will be recorded, probed and analysed. We have assured him that there is nothing to worry about, since nobody is likely to read it. @alidabbs



Biting the hand that feeds IT © 1998–2019