[pyoung]

Although if you really think about it, what other option does yelp have. It's not like yelp is going to get the NSA to do a bunch of wiretapping, or hire sleuths to dig up the social security numbers of the irate business owners. If they think there are serious security risks, then it is prudent for them to be extra cautious, and they have to work within the means that are available to them (i.e. no NSA type stuff, just probably collecting a random list of names based on threats that they received). It sucks that the student didn't get to attend the event, but it would suck way more (from yelp's perspective) if someone managed to sneak in and destroy a bunch of stuff (or worse). I am not a huge fan of the obsession with security that has overrun our country, but I don't begrudge people for taking precautions to protect themselves.

[Vivtek]

Although if you really think about it, what other option does yelp have.

Have a competently professional security policy with recourse to appeal at the door if they're going to host events for people?

Or, you know, just look like amateurs.

[pyoung]

Yelp is not in the personnel security business, so I don't think they really care what you think about the security policy of their building (which is most likely supplied by a third party contractor anyway, as is the case in my building, and most others).

What it really comes down to if you don't like their policy, don't host your meetup there.

[Vivtek]

Similarly, Yelp isn't in the accounting business, so they have no obligation to pay taxes or payroll. (If employees don't like it, they shouldn't work there.)

By having a security policy, they are in the security business, and they're doing it wrong.

[jaredsohn]

>By having a security policy, they are in the security business

This is not true. A company should only be considered to be in the security business if their profit is driven or at least depends upon offering security to others.

By the logic of your post, any company that has computers that they have to manage would be in the 'IT' business.

The reality is that to run a company, a variety of things must be done to allow it to exist that do not define the business of the company.

[slurgfest]

This is absolute pedantry. Nobody claimed that Yelp is offering services within the security industry. They are "in the business" in the sense that they are concerning themselves with security to such an extent that they have a policy and are kicking people out of events based on a blacklist (after the fashion of an authoritarian government).

Since they are doing it they should be concerned with doing it right.

If computers are critically important to a company (as they are for many web companies) then they are expected to manage them in an intelligent way. That doesn't mean that web companies are all acting as ISPs, but it is absolutely routine and expected for them to take various measures to maintain their computing infrastructure correctly. It's irrelevant that they are not selling computers.

It is totally irrelevant that Yelp is not selling security services to other companies.

[Vivtek]

So if you're not in the IT business, does that mean you don't have to do backups? Or does it mean that if you have computers, you damn well better understand the IT business and do it the same way the professionals do?

In this case, Yelp's security policies are stupid. They're not making money from security, but that doesn't mean they get to be stupid.