Let's deliver some mail.
First, let's devise a system for delivering mail within your household. There are three generations in your house: your parents, you and your wife, and your four kids. When I say within the household, I mean within the household. The letters in this first scenario are sent and received among the eight people living under this one roof. And if you're having trouble imagining a household where people routinely correspond with each other via the written word, imagine there are emojis involved.
In this situation, there are no security concerns. The volume of letters being exchanged is small.
The simple brute force solution? A basket.
Want to send someone a letter? Write their name on it and drop it in the basket. Need to see if you have any mail? Rifle through the basket looking for letters with your name on them. Running late for the annual neighborhood Easter egg hunt? Dump all the mail on the floor and grab the basket as you run out the door.
Anything more complicated than a basket is a complete waste of resources.
Next, let's consider a school. An elementary school office delivers massive amounts of paper to individual students. A flyer for this, a permission slip for that--I'm convinced that schools are contractually obligated to sacrifice one tree's worth of paper every year for each student.
There are no security concerns for this mail. But there is an issue of scale. You'd need a pretty big basket to hold all the papers being distributed to each classroom.
Let's improve on our basket approach by setting up an organizer with one slot for each teacher:
We'll put labels on each slot to make things easier for the teachers to find their papers when they stop by the office. We won't worry about trying to prevent teachers from taking papers from another teacher's slot. Security is not a concern in this system; the organizer's sole purpose is to improve the system's efficiency.
Next, imagine a large business with multiple departments. When one department wants to send mail to another, the letter gets put into an interoffice envelope and placed in the department's outbox. A few times a day, a courier comes through. He drops off envelopes from other offices in the department's inbox. He takes any envelopes sitting in the department's outbox.
With this solution, we've instituted a division of responsibilities. The couriers pick up and deliver envelopes. Departmental employees add documents to empty envelopes, write the recipient's name on the envelope, then put the envelope in the outbox. They can also open envelopes addressed to their department that the courier has delivered to their department's inbox.
The system lends a superficial sense of security. The couriers are not allowed to open the envelopes. The departmental employees are only allowed to open envelopes addressed to their respective departments.
Of course, the security is not all that robust. To read the contents of the envelope, the courier need only unwind the string, slide out the papers, read them/photograph them/transmit the images to his handler in Moscow, slide them back in the envelope, then rewind the string. The "security," as it were, is merely a guardrail. Nothing is really stopping the courier from reading the contents of the mail, other than his own honor and a desire not to get caught and fired.
Despite this lack of security, the envelope makes it much easier for employees with good intentions to act honorably. If mail was addressed with sticky notes instead of envelopes, it would be difficult for even a well-meaning employee to avoid looking at the letters he was delivering.
Office Building Mail
Everything I know about mail delivery in a large office building I learned from watching Elf, so I feel highly qualified to discuss this analogy.
In this scenario, there are multiple companies leasing space within a commercial skyscraper. The scale of the mail delivery problem is much higher in this environment than the others. Writing department names by hand and delivering via Sneakernet is not feasible.
Also, the security requirements are much stricter. Companies that rent commercial space in a high-rise office building are not likely to rely on an employee honor system when it comes to the security of their correspondence.
To address these concerns, we'll use a series of pneumatic tubes to quickly and securely deliver the mail. We'll have to hire mail room staff to administer the system. These "system administrators" will need to be carefully vetted to ensure that no inebriated elves infiltrate the operation. While it's an admittedly small sample size, my research tells me that this is the single biggest security risk of this particular system affecting some 100% of the pneumatic mail operations I studied.
National Mail Delivery Service
At this scale, we need something ruthlessly efficient. And nothing says ruthless efficiency like the United States Postal Service.
All joking aside, receiving and delivering mail at a national scale requires a completely different approach than everything we've done previously. It's unrealistic to have several hundred million people interact directly with a single processing facility. Instead, we need to set up multiple levels of processing.
Postal customers will interact with the service at a series of small buildings called post offices. (One might also call these buildings "clients," if one was trying to torture a metaphor into a full blown allegory.) The post office employees will collect letters from customers and send them on to one or more dedicated regional sorting facilities. These facilities will exist to serve the client locations, so let's call them "servers."
Once the mail is sorted at one of these server facilities, it is then sent back to the client location for final delivery to the customers. The customers never interact with the sorting facility directly. This complete separation makes it impossible for customers to intercept mail not addressed to them.
To further enhance security, customers will seal their letters inside tamper-evident conveyances (envelopes) before bringing them to the post office. By simply inspecting the intact seal, recipients would be assured that the contents had not been altered in transit.
Moral of the Story
Each of the situations above has its own set of requirements, both in terms of security and scale. Generally speaking, as those two requirements increase, so too does the cost of the solution.
Many professional mail deliverers might scoff at the idea of implementing anything less than a mail delivery system capable of providing the security and scale of the nationwide solution. But
no very few school districts in America have the budget to implement something like that.
Don't let the perfect be the enemy of the good.
What many of these so-called professionals fail to appreciate is that those responsible for implementing the local mail delivery system are constrained by budgets.
The choice is not between the national system and the courier system.
The choice is between the couriers and the basket.
And that should be no choice at all: