Now meet Clause 10.7!
(We aren’t entirely sure that this story has a bona fide security angle, but if you don’t tell the Editor, we shan’t either, so we shall probably get away with it.)
Our story takes place in Apple’s App Store Review Guidelines.
The Guidelines start off in a surprisingly chatty (if not always strictly grammatical) sort of way:
We view Apps different than books or songs, which we do not curate.
We’d have gone for the adverb there, and said that we viewed things differently.
Not that we’re prescriptive grammarians, of course, but an adverb would look just as cool, and would have the advantage of being unexceptionably correct.
That would align a little more cleanly with what follows shortly:
If it sounds like we're control freaks, well, maybe it's because we're so committed to our users and making sure they have a quality experience with our products.
Here’s part of that vaunted “quality experience,” down in Clause 10.7 under User Interface:
10.7 Watch Apps whose primary function is telling time will be rejected
Whoa!
That pulled us up short, and had us asking, “Why?”
After a while, we thought we’d worked it out.
It’s about Apple’s desire for quality, consistency, usability and sounding like control freaks, isn’t it?
But then we realised it’s about facing reality: people just don’t use watches to tell the time any more.
Let’s be honest, that’s what mobile phones are for!
The security tilt
Actually, we’ve just thought of a way to tilt this story so it does assume a security angle.
We hereby introduce some new security slang: “To invoke Clause 10.7.”
For example:
I just tried to set up an anonymous account on the whistleblower site but I got Ten-Dot-Sevenned.
This service claims to be free but I think they're doing a Clause 10.7 on me.
We intend it as an ironic way of referring to a security rule or process that was probably intended to work for the greater good, but ended up sounding not only petty but also absurd.
A security oxymoron, like phrases that sound erudite but are self-contradictory: acutely foolish, nearly unique and uncrackable proprietary encryption algorithm.
Here are some made-up examples that we’d consider Ten-dot-Sevens:
To opt in to our Wi-Fi data collection system, please remove the text string _OPTOUT from the end of your network name.
To subscribe for free, just SMS "FREE" to shortcode 55555. (SMS cost: $0.99)
Your security is incredibly important to us. So, out of an abundance of caution, we are writing to tell you that your PII was stolen.
We’d love to collect some more Clause 10.7s.
Please share your own examples, real or hypothetical, in the comments below, or email us at tips@sophos.com.
By the way, as an incentive, we’re giving away three Naked Security T-shirts to the answers we like the most! (We’ve convinced ourselves that offering prizes in this context isn’t itself a Clause 10.7.)
→ Entries close at 23:59 British Summer Time (UTC+1) on 2015-05-07. You may enter anonymously, but you can’t win unless you give us an email address for us to let you know if you do. Sophos staff, those professionally connected to the company, and their families, are welcome to submit answers for fun, but can’t win. T-shirt styles may vary from those depicted. Sophos’s decision is final, and so on. Please read our official competition terms and conditions.