Praise then darkness, and creation unfinished

A thoughtful friend of mine who would prefer to remain anonymous writes:

Don't get me a pile of pseudo legalese to sign about how it's my responsibility to keep personal data safe—and then give me a hard time because I ask you questions like…

"What the hell does that mean?" and

"If I'm responsible for maintaining physical security for an area and that area does not actually LOCK—what do I have to do?"

Because it means I'm actually looking at the crap you wrote and actually consider such issues.

I have a new credit card. (The physical object is new; the account is not.) Having called the automated service to activate the card (that's a plausible security thing: it checks that you're calling from the registered home phone number [1], and doesn't take a lot of time or effort), I turned the card over, picked up a ballpoint pen, and signed in the usual place.

After doing so, I realized that my signature was hard to read, and thus to check, because it's blue ballpoint (one of the two standard colors) on a strip that has, for reasons that I am inclined to classify as security theatre, the word "VISA" printed, over and over, in alternating blue and orange [2]. If I'd looked first, I might have used a black pen, which would have made it hard for me to read the three-digit security code, which is printed on that strip in black. The strip itself is long enough for my name (my surname is ten letters long), but anyone signing a name longer than "Kim Oh" or maybe "Pat Lee" is likely to be writing on or below the security code. (A longer first name, or a letter like "t" or "l" in the surname would increase the chance of collision.)

The easy fix for this would have been to move the security code all the way to the right edge of the signature strip. Or to use, say, green and orange if they felt they had to print "VISA VISA VISA" all over the signature strip.

Looking at the card it replaced, and my other credit card, I see that the blue and orange seems standard. The location of the security code is not; my other card does in fact have it flush right.

[1] Yes, there are ways to spoof your outgoing number, but it at least requires a hypothetical thief to know what that number is.

[2] Even if cashiers are still checking signatures, as few do, they're probably not going to be looking for that design (note that cashiers in most places are pressured to check people out as fast as possible), so it doesn't actually prevent a thief from peeling off and replacing the signature strip. It certainly wouldn't be difficult to get a color printer to produce something close enough to fool a casual observer.

I flew from Montreal to New York yesterday. Montreal's airport [Dorval for many years, now officially Trudeau, still and forever YUL] is set up so travelers to the U.S. clear U.S. customs and immigration at the Canadian end. After doing so, and going through security, you're in a long corridor with fifteen or so gates, a couple of shops, and three restaurants (counting the Starbucks). We went to the newsstand, figuring we'd get some chewing gum, and a bottle of water to drink while we waited to board the plane (since the current round of "we'll scare and annoy you so the terrorists don't have to" means we couldn't carry it on board).

The woman behind the counter explained that even though they had a cooler full of juice, soda, and bottled water, she couldn't sell it to us, because she was out of cups, and they weren't letting her sell drinks in bottles, she had to pour them into cups for the customers. Airport newsstands don't normally pour drinks of any sort, so they don't stock cups. Another customer had just returned from asking Starbucks for a cup, and she poured most of his bottle of water into the cup, and he drank the rest before walking out of the newsstand. (I don't know if Starbucks charged him for the cup.)

The woman, who thought even less of this idea than we did, told us to complain to our government—she said this was the U.S. government being annoying, not the Canadian.

Now, there's no sane reason to say "we're going to search everything coming past the gates, but you still can't take the pre-inspected bottle of water onto the plane," but even if I stipulate that they're concerned about someone subverting the search procedure, if an airline terminal is in danger from a bottle of water in a random passenger's hands, it's not going to be safe from the same water and same passenger in a cup, let alone from that passenger carrying a cup of coffee that, as the cup notifies us, is hot enough to be potentially dangerous.