Management Toolkit

Stupid Security prize relaunched

Graeme Wearden ZDNet.co.uk

Published: 22 Aug 2006 13:30 BST

A civil rights organisation wants to hear examples of security measures that are so ill-advised, impotent or irritating that they should be named and shamed.

Privacy International (PI) announced on Monday that it is holding the "Stupid Security Awards" in an attempt to highlight the absurdities of the security industry.

These awards were first held by PI in 2003. They are being staged again, according to PI director Simon Davies, in response to a sharp rise in "pointless, intrusive, stupid and self-serving" security measures.

"The situation has become ridiculous," said Davies in a statement. "Security has become the smokescreen for incompetent and robotic managers the world over".

Prizes that will be awarded include, Most Egregiously Stupid Award, Most Inexplicably Stupid Award, Most Annoyingly Stupid Award, Most Flagrantly Intrusive Award and Most Stupidly Counter-productive Award.

As an example, Davies cited the North London school which had been fingerprinting pupils without their parents' consent, and Network Rail's decision, back in 2003, to ban train-spotters from its stations as they were potential terrorists.

The rise of organised cybercriminals means that many IT managers are wrestling with the challenge of tightening up security. PI argues, though, that companies who introduce new security measures unthinkingly can cause more harm than good.

The competition closes on 31 October 2006. Nominations can be emailed to stupidsecurity@privacy.org.