Regular readers will know that we here at the Center for the Future of Work like to brand ourselves as “thinkers of the unthinkable”. This post however focuses on a topic where the vast majority of people are “unthinking the thinkable” – namely that our computers are not secure.
George Orwell’s famously said that “to see what is in front of one’s nose needs a constant struggle”; as of June 2017 it appears that most people have stopped struggling with what I would suggest is the most vexing issue of our day, namely how do we stop the Information Age imploding on itself in the wake of bad actors running amok?
In What to Do When Machines Do Everything http://www.whenmachinesdoeverything.com/ we argue that we are on the cusp of a “great digital buildout”, in which technology becomes embedded in, and central to, every aspect of modern society; in the next 20 years (but staring this afternoon at 1:28 pm ET) banking, education, healthcare, government, transportation, and housing – all areas where technology is used, but in still somewhat marginal, supporting, low key ways – will be fundamentally re-imagined and re-wired, leveraging AI, robotics, Blockchain, A/VR, platforms, quantum computing, and new human/machine interfaces (voice and then neural). By the time I’m a greeter at the Falmouth, MA, AmazonFoods http://money.cnn.com/2017/06/16/investing/amazon-buying-whole-foods/index.html software won’t have just eaten the world, software will be the world.
This perspective though rests on one fundamental assumption; that the technology on which everything is predicated is safe.
One would have to be a very good advocate to argue that today. Consider;
- The 2016 US election was hacked https://www.theguardian.com/technology/2017/jun/05/russia-us-election-hack-voting-system-nsa-report
- North Korea’s missile launch program is repeatedly hacked http://nypost.com/2017/04/16/ex-british-foreign-minister-thinks-us-hacked-north-korea-missile/
- Film studios are forced to pay ransoms to stop criminals releasing movies before their official launch https://www.wired.com/2017/05/high-profile-extortion-hacks-arent-paying-off/
- Pentagon satellites are hacked http://www.washingtontimes.com/news/2017/jun/15/sean-caffrey-british-hacker-pleads-guilty-breachin/
- Pacemakers are hacked http://www.azcentral.com/story/news/local/phoenix/2017/06/12/hacking-pacemaker-isnt-science-fiction-movie-plotline-but-reality/378176001/
- Cars are hacked https://www.wired.com/2015/07/hackers-remotely-kill-jeep-highway/
The list could go on and on. See this site for more of the gory detail (artfully presented) if you’re so inclined; http://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/.
As an aside, this list clearly doesn’t reference “fake news” and other activity that though technically not illegal is clearly a scam and undermines confidence in the virtual world. Also, the list doesn’t reference terrorist activity on-line, which is highly illegal and profoundly troubling for the continuance of the “open” Internet, as it is currently constructed.
It is clear that the computer technology we are using today is entirely unsafe. Fortunes and fates rest on the most flimsy of foundations; even the most blue-chip of corporations (and the most deep-pocketed) admit (off the record) that they have been (and continue to be) repeatedly hacked.
Our ability to function amidst this truth stems from our individual and collective ability to ignore and deny it - abilities hardwired into us from time immemorial. No one and nothing is really safe. If high-class hackers want to hack you, they probably can. Personally, most of us take comfort in “security through obscurity”. Collectively, most of us take comfort in “that’s John - or Vivek’s - problem, not mine”.
But these thoughts take us back to where I started this blog; that most of us are not struggling to think about this stuff anymore. It’s too scary and too difficult. Life is too short, it’s Friday afternoon, it’s summertime and the living is easy.
So, if we do pause and think about it this for a moment, what should we think?
Well, this is why we don’t think about it, because when we do we quickly realize that knowing what to think about all this is very, verydifficult ... https://www.youtube.com/watch?v=evlrs5Bi_6E
On the one hand I think, and have repeatedly commented on, how amazing our modern technology marvels are http://www.futureofwork.com/article/details/the-blas-index. But on the other, I worry deeply that a la Oppenheimer we (e.g. the collective “we” of the tech army, and me personally as a mere foot soldier) are becoming the destroyer of worlds http://www.independent.co.uk/news/world/asia/my-god-what-have-we-done-the-commander-of-the-enola-gay-303774.html.
What to do, what to do, what to do, the outlook was decidedly grey ... https://www.youtube.com/watch?v=Wjuxx8BH4yI
I see three scenarios ahead;
1 the “white hats” win – all is well; the great digital build out proceeds and though there are bumps in the night society is upgraded and we all sleep well at night
2 the “black hats” win – society retreats from a technology mediated world; owners of pigeons and quills become the new masters of the universe
3 victory in the battle between white and black hats is ambiguous – the cat and mouse between good and bad actors carries on ad-infinitum; bad things continue to happen; we – a la frogs – learn to live with them; because there are no “real” solutions we (i.e. society) continue to reside on the banks of denial and make the most of the view and the bathing.
Scenarios 1 and 2 seem unlikely, non? Crime has existed since before recorded time (or least since before the establishment of the Daily Express http://www.express.co.uk/news/world/580365/first-recorded-murder-victim-revealed) and will (pre-crime notwithstanding https://www.youtube.com/watch?v=lG7DGMgfOb8) presumably be with us until the last human walks the earth (The final crime? Murdered by an AI?). That we would retreat entirely from technology also seems unlikely. Though perhaps The Walkaways will grow in number https://www.amazon.com/Walkaway-Novel-Cory-Doctorow/dp/0765392763. Certainly, any significant M&A deal is now conducted behind an “Internet airlock” in a Manhattan hotel room or lawyers office.
Which leaves us with scenario 3 aka “The Muddling Through” scenario, in which the battle continues to rage, both sides finding new ways to attack and defend, leveraging systems of intelligence https://hbr.org/2017/05/ai-is-the-future-of-cybersecurity-for-better-and-for-worse until we begin to sense a taste of Armageddon https://en.wikipedia.org/wiki/A_Taste_of_Armageddon. A scenario in which the benefits of technology just about outweigh the costs but in which nobody is really sure that this is true; or sure about anything else either. In which there are identifiable “White Hats” and “Black Hats” but the real damage is done by “Grey Hats” – franchised freelancers whose very “rouge-ness” got them the gig in the first place (recruited in Las Vegas https://www.blackhat.com/us-17/defcon.html) – who nobody really understands or can control.
Maybe the perspective of scenario 3 is too pessimistic; maybe quantum security https://phys.org/news/2017-06-physicists-quantum-memory.html will bring about scenario 1; maybe a Digital Geneva Convention https://blogs.microsoft.com/on-the-issues/2017/02/14/need-digital-geneva-convention/#sm.001hj4x4igtge7710c6182kwlki3r will bring an end to the cyber arms race that escalates, and escalates, and escalates. Maybe Edward Snowden’s revelations about the extent of governments’ (plural) involvement (talking of Grey Hats) in these domains will break the, ahem, denial (distributed, of service).
Maybe. Not holding my breath.
As Aaron Levie, CEO of Box, put it, “If you want a job in 5 years, study computer science. If you want a job for life, study computer security” https://twitter.com/levie/status/547234465198526464?lang=en. Clearly, every IT service provider of note (including Cognizant) has fired up every recruiter on speed-dial to load up on security talent. Fixing “insecurity” may make fixing Y2K look like a hors d’oeuvre. Making them safe = making lots of money.
Hopefully our connected homes, cars (particularly of the flying variety http://www.cnn.com/videos/cnnmoney/2017/04/24/larry-page-google-kitty-hawk-flying-car-cnnmoney.cnnmoney), buildings, planes (definitely of the flying variety), operating theatres, parliaments, bank vaults, classrooms, and VR environments, will be safe and secure. They’d better be; stuff will hit the (connected) fan if they’re not.
As someone once said (provenance uncertain; ping me if you know), “If you’re not thoroughly confused, you’re not adequately informed”. If you’re not thoroughly insecure about the state – and future of – computer security you’re either inadequately informed, or more likely, just like the rest of us; having too much fun watching the slow motion nervous breakdown in Washington D.C.
Enjoy. While you can. The problems ahead may make our current ones seem far from huge. https://www.youtube.com/watch?v=EEA33bAXyNM