Superconductor

Have you heard this joke? Two men are out backpacking. In the middle of the night, they hear a bear rummaging around their campground. They decide to make a run for saftey. One man immediately starts running, barefoot. The other puts on his boots. The barefoot man gets a head start, but the man with boots quickly catches up. The barefoot man asks, "Why did you waste valuable running time putting on your boots? Even with boots on you'll never outrun the bear." To which the boot man replies, "I don't need to outrun the bear, I only need to outrun you."

We all know that security is often simply making yourself a more difficult target than someone else. Even though you might not be 100% protected, the criminals won't attack you because they're busy with easier targets.

I think enforcers are similar. Whether it is the police or the SEC, the people in charge of reining in or catching the rule violators go after easier targets. If the target is too difficult, they don't even bother trying. It may seem that big crimes are the exception. That is, when someone is murdered or raped or beaten, or a bank is robbed, the police will make an attempt, even if it is a difficult case. Part of the reason is probably that if the enforcers did not attempt to catch them, the political fallout would be too great and they would be out of jobs. However, I also believe those are the types of crimes for which there is often plenty of evidence available. Those violators are easier targets.

Here are some stories.

On Oct. 9, 2002, the San Francisco Chronicle (among others) reported on the capture of a thief. The man (Julian Torres) was part of a ring that would "steal mail left in boxes or public bins, searching the envelopes for credit card and bank records..." What makes the story interesting, is that the police did not find him, a private citizen did. Despite complaints, police did almost nothing. In fact, the article reports that, "Torres himself was arrested in San Francisco [in 2001] with a fraudulant check and a stack of stolen mail, but prosecutors declined to file charges..." It was Jill Maggio, a small business owner who suffered losses at the hands of Torres, who collected enough evidence that would finally convince San Jose, CA, Police to move ahead. The enforcers did nothing until someone else did their work for them.

Possibly the police forces and prosecutors that could have gone after the thieves were just so overwhelmed by crime that they had to make difficult choices on which crimes to investigate. But in this case, the thieves were not particularly talented nor careful. It was not difficult to find them nor collect the evidence. It would seem this is an example of an easy target. But it wasn't. It looks like an easy target, but it was actually difficult. Think of it, if this was a difficult target, imagine if the thieves were experienced, professional, and kept a low profile.

There's the SEC. I worked for a company that was investigated by the SEC. The investigators spent lots of money but found nothing (they found nothing because the company did nothing wrong). Despite finding nothing, they kept at it, planning to keep at it until finding something, anything. Finally, their bosses told them to quit, so to save face, they got the company to promise never to do what it did again, even though it was shown to be in accordance with SEC rules.

It was during this episode that our chief lawyer pointed out that the SEC does not go after big companies. They don't have the budget. Most big companies can out-lawyer them. So the SEC goes after smaller, easier targets, hoping they can make examples of the smaller fish in order to keep others in line. So Enron, Worldcom, Tyco, and so on, are the ones doing the really bad things, but the SEC won't try to prevent those types of messes.

So let's say the point is you often have to be responsible for your own security, the authorities are not going to do it.