1
Computer Security in the Real World
Butler Lampson
What people want from computer security is to be as secure with computers as they are in the real
world. Real-world security is about value, locks, and police. When it works, you get good enough
locks (not too many break-ins), good enough police (so break-ins aren't a paying business), and
minimum interference with daily life. Computer security is hard because people don’t trust new
things (especially when they don’t understand them), and computers are fast and complicated. The
kind of computer break-ins most people care about are vandalism or sabotage that damages
information or disrupts service, theft of money or information, and loss of privacy. Some people
think that because computers are precise, perfect computer security should be possible. I'll explain
why this is wrong, and talk about what kind of security is practical and how to get it.