There is this interesting article about a talk Bruce Schneier gave about the value of security measures. He makes the great point about there is value in making people feel secure, but it must be balanced against the danger of complacency. From the article:
Schneier noted that despite the well known impact of emotional and psychological thinking on security decisions, information remains the greatest weapon that we have in creating good security solutions.The best security solution will fail if it doesn’t cater to both the reality and perceptions to do with security, Schneier warned.
“For most of my career I would insult ‘security theatre’ and ‘snake oil’ for being dumb. In fact, they’re not dumb. As security designers we need to address both the feeling and the reality of security. We can’t ignore one.
“It’s not enough to make someone secure, that person needs to also realise they’ve been made secure. If no-one realises it, no-one’s going to buy it,” Schneier said.
The goal must be to get the reality and perception matching up – so that security solutions aren’t lulling users into a false sense of security, or letting them exist in an unnecessary climate of fear.
This sounds like it was an interesting talk. It would be great if someone could point me to a transcript.