Steve Riley is a security expert at Microsoft; John Mueller holds the Woody Hayes Chair in National Security Studies at Ohio State.


I know and like John Mueller (who is also a leading expert on Fred Astaire), and in my Atlantic article "Declaring Victory" one year ago I talked about his argument that America's over-reaction to the threat of future terrorist attack had damaged it more deeply than attacks themselves were ever likely to. He laid out this theory at length in his book Overblown.


I don't know Riley but was intrigued by this report, on the Australian tech website APCMAG, of his saying that the unthinking attempt to remove all possible security threats often destroys the efficiency, value, and integrity of the thing you are trying to "protect." What's intriguing is that Riley, unlike many tech officials, drew the explicit comparison: too many security features can make software unusable, and too much security can make free societies unrecognizable. (Or just hopelessly inefficient, as with the recent impossible legislative requirement that every single shipping container entering the United States be scanned before it leaves a foreign port.)


This leaves only two questions: Did the report accurately reflect Riley's views? I emailed him via his site to ask. And if so, why did he let his company include in Windows Vista something called "User Account Control," which exemplifies the overkill approach to security that he so astutely warns about?


Actually, there's one more question: Who will be the first historian to say of America in the years after 9/11: they had to destroy the country in order to save it?

We want to hear what you think about this article. Submit a letter to the editor or write to letters@theatlantic.com.