ACM

Communications of the ACM

Home/Magazine Archive/June 2014 (Vol. 57, No. 6)/FUD: A Plea For Intolerance/Abstract

Privacy and security

FUD: A Plea For Intolerance

By Dinei Florêncio, Cormac Herley, Adam Shostack
Communications of the ACM, June 2014, Vol. 57 No. 6, Pages 31-33
10.1145/2602323
Comments (1)

View as: Print Mobile App ACM Digital Library In the Digital Edition Share:

FUD: A Plea for Intolerance, illustration

Even a casual observer of computer security must notice the prevalence of FUD: non-falsifiable claims that promote fear, uncertainty, or doubt (FUD). We are bombarded with warnings of digital Pearl Harbors, the unstoppability of online hackers, and accounts of a cyber-crime problem that is said to rival the drug trade.

FUD sometimes masquerades as useful information though it is often "not even wrong," in the sense of making no clear claim that can be checked: exact figures for undefined quantities, dollar estimates based on absurd methodology, and astonishing facts that are traceable to no accountable source. FUD provides a steady stream of factoids (for example, the raw number of malware samples, activity on underground markets, or the number of users who will hand over their password for a bar of chocolate) the effect of which is to persuade us that things are bad and constantly getting worse. While the exaggeration of threats hardly began with computer security, the field has certainly made FUD its own.

Comments

CACM Administrator

February 03, 2015 04:07

The following letter was published in the Letters to the Editor of the September 2014 CACM (http://cacm.acm.org/magazines/2014/9/177939).
--CACM Administrator

Although Dinei Florncio et al. made several rather grand claims in their Viewpoint "FUD: A Plea for Intolerance" (June 2014), including "The scale of the FUD problem is enormous," "While security is awash in scare stories and exaggerations," and "Why is there so much FUD?," they offered no evidence to support them. Odd, given that they also said, "We do not accept sloppy papers, so citing dubious claims (which are simply pointers to sloppy work) should not be acceptable either."

Alexander Simonelis
Montral, Canada

AUTHORS' RESPONSE:

We offered many examples but could not include references for everything. Typing "digital Pearl Harbor," "trillion-dollar cybercrime," or other terms into a search engine will easily produce examples of who has been saying and repeating what.

Dinei Florncio
Cormac Herley
Adam Shostack

Displaying 1 comment

Log in to Read the Full Article

Sign In

Sign in using your ACM Web Account username and password to access premium content if you are an ACM member, Communications subscriber or Digital Library subscriber.

Need Access?

Please select one of the options below for access to premium content and features.

Create a Web Account

If you are already an ACM member, Communications subscriber, or Digital Library subscriber, please set up a web account to access premium content on this site.

Join the ACM

Become a member to take full advantage of ACM's outstanding computing information resources, networking opportunities, and other benefits.

Subscribe to Communications of the ACM Magazine

Get full access to 50+ years of CACM content and receive the print version of the magazine monthly.

Purchase the Article

Non-members can purchase this article or a copy of the magazine in which it appears.