Security Theater: The Latest Buzz Phrase


The term "security theater" may have been around for a while, but it seems to be on everyone's lips since the failed terrorist attack on Christmas Day.


Security theater is the intention to make it appear that improved security measures have been put in place when there have actually been little to no improvements at all. It's a term that can just as easily apply to IT security as TSA security.


Social media sites are under scrutiny right now for their own version of security theater. Users believe their privacy is protected, but when users link to a quiz or game, most don't realize that their personal information, like e-mail and password, is now available to that third party.


A company called RockYou, which developed some popular applications used on Facebook, is being sued for a data breach. According to the PC World article, the confidential data of the 30 million users who share pieces of flair was stored in plain-text files and was recently hacked. As Brennon Slattery wrote:


"RockYou's failure to protect its customers and its 12-day wait before informing anyone of the hack exposes a strain of negligence that simply should not exist in this Internet age."


In a TechCrunch blog, Rohit Khare wrote:


"I would agree that users voluntarily consented to type their passwords into RockYou's forms. I assume that both users and RockYou's developers actually only intended to share some particular bits of information: a contact list, a user photo, a friend's gender; but the bottom line is that instead of sharing that specific data, RockYou retained enough secrets to impersonate those users at will."


Khare explains in detail how RockYou failed its users, both before and after the breach, by blaming the victims, its partners and security technology itself. These actions, Khare added, are creating a false sense of security.


"Our major social networks' privacy theater is distracting us from ongoing, large-scale identity theft and misuse of private and personally-identifiable information."