- William Grzeskowiac smuggles coins out of the Royal Australian Mint. [Sidney Morning Herald, Bruce Schneier, Chandler Howell.
- Vasily Nikitich Mitrokhin smuggles scraps of paper out of the KGB archive. [Wikipedia, Mitrokhin's book, Johannes Ernst]
Chandler makes a useful point about motivation, which probably applies to both examples.
"When assessing security, never assume that people share your priorities or value assessments–if anything, you would probably be better-served to assume they don’t."And Johannes adds a comment on
"how professionals go about undermining whatever technologies and organizational models we are putting in place".
The security implications of these two cases should not be muddled by value judgements of the two situations. Many people might (exceptionally) approve of stealing from an organization if they disapprove of the organization, or if they think the organization has no ownership rights over the items being taken. But it's still the same physical act.
There is an additional trust issue in the Mitrokhin case. The CIA disbelieved the authenticity and value of the scraps of paper, but MI6 thought it worth protecting him and preserving his material. Why did he steal these documents? Because he had an attitude against his employer? Does this call their accuracy into question?
Meanwhile, the low-denomination coins stolen by Grzeskowiac were of limited value (to him), because they could not be used in such large quantities. Most of the coins were recovered from his mother's garage. Why did he steal them? Because he could.
Technorati Tags: security trust
