Good Intentions and Paving the Road To Hell

In recent blog comments, I made some comments about how the public sector works, and why it makes bad decisions. I was reading an essay on the TSA Secure Flight by Bruce Schneier, one of the members of the actual working group. This was the most telling comment:

Unfortunately, Congress has mandated that Secure Flight be implemented, so it is unlikely that the program will be killed. And analyzing the effectiveness of the program in general, potential mission creep, and whether the general idea is a worthwhile one, is beyond the scope of the working group. In other words, my first conclusion is basically all that they're interested in hearing.(Bruce Shneier, CryptoGram #502 Article 1)

This, I think, is the core problem of government. We have a legislative body, which is tasked with making decisions on everything. They are not security experts. They are not experts in anything except law. So they write their laws, they pass their budgets, and then, assign implementation to someone else.

As a technical engineer, I can tell you something: There is a huge flaw in that design. That is, there is nothing to mandate a review of the program. There is no check to be sure that it can accomplish what it intends to. There is no check to be sure it doesn't have unintended consequences. There is just "this is the project, here are the funds, make it happen".

This sort of project needs periods of review and re-review. It needs to have its issues looked at, and there needs to be some way that the call can be made that "Maybe this wasn't such a good idea" or "Maybe this can't feasibly be implemented" or even "Oh, this doesn't do what we want".

I don't think the TSA or working group are incompetent, or evil. I don't think congress has bad intentions. I would say that they have a very broken process. A process that sends out mandates before making sure that their mandate will actually have its intended effect.

It is pretty clear, from both my own cursory reading, and from the opinions of experts in the field, that this "Secure Flight" program is a waste of money, a waste of time, and just a bad idea.

The problem is that it looks good to people who don't understand security. That means congress and the public. Since it looks good to them, it gets the mandate. Since it has the mandate, it gets implemented. Opinions of experts and naysayers be damned.

Even though everybody has the best of intentions, broken process leads us to pave the road to hell. Wasted resources are a double waste. They are wasted because they bring back nothing valuable, and prevent those resources from being used where they would help.

This is just one project, in one area. It doesn't take much digging to find others. This is just a common problem with any and all organizations that are organized in this way. Its true of the government, its true of Universities, its true of an nonprofit that use grant money.

The Bottom line: Politics and non-technical committee are bad ways to make technical decisions. Letting technical decisions come down from "on high" without review and proper vetting leads us down this path.