Who are your experts?

I noticed an ad recently for a diet book by Peter Greenberg. Greenberg is a travel journalist, and he is dieting. Apparently that qualifies him to be a travel diet expert -- or at least enough of an expert for his book publisher's purposes.

It's interesting but irrelevant that according to Greenberg, he started out 60 pounds overweight and is now 20 pounds overweight -- after all, the hard part of a diet is keeping the weight off, not losing it. Keep that total -- 40 pounds -- in mind as we look at the logistics of publishing a book.

My current book, Spies Among Us, was 90 percent complete when my publisher took the book on as a rush project, and it still took 6 months to get it released. My Computerworld.com editor's most recent book, a svelte 96-pager written for kids about using instant messaging, took nearly nine months from planning to print. Even tomes from technical publishers, which often handle very tight turnarounds, tend to take three to four months to hustle through the publishing practice.

Meanwhile, a sound diet can result in a weight loss of 2 pounds a week. The 40 pounds that it took Greenberg to lose should have therefore taken him 20 weeks, or 4.5 months. If you assume that Greenberg started with the idea that he wanted to lose weight and then wrote his book, it should have taken him nine months to get to the point at which the book was released. That means that he might have lost one pound a week on the diet if he started to write the book as he was losing the weight.

It's still not a bad weight loss, but going by the time frames I've given you, Greenberg may well have started writing as an expert on the subject long before he was an expert on the subject. Now think of the "experts" covering security issues. For instance, one of my pet peeves is when I see newspaper articles talking about "secure" Internet transactions. Inevitably they advise readers to "look for the lock on the Web browser, which means you are dealing with a secure server." It's a widely quoted "fact" that happens to be untrue. The "lock" means that you are using the SSL protocol, which specifically means that the data is encrypted in transmission. That has nothing to do with the security of the server; you could in fact be securely sending your credit card number to a phishing site. It's an expert-sounding factoid that's just not accurate.

We have seen data theft from servers described as "secure." I suspect there are a lot of people who are learning about security from people perceived to be experts -- including the technology editors at the newspapers that publish "facts" like those, whether in a ham-handed effort to simplify tech for the general population or because they simply don't have their facts right. There's a funhouse-mirror effect in place too, since many computer generalists get their information on subjects like computer security from articles written by other generalists, who researched their articles by looking at other articles by generalists. In that situation, not only do errors propagate indefinitely, but good information is often drowned out by the consensus of bad info.