Sunday, February 25, 2007

The (Criminal) Singularity is Near

Most of my recent weekends and plane flights have been spent reading "The Singularity is Near", Ray Kurzweil's excellent book on the exponential rise of technological progress. I have very much enjoyed the ride, and I believe that he is correct with respect to his predictions about where many of the world's engineering efforts are headed.

However, like too many visionaries and engineers, Kurzweil falls victim to the fallacy that "the good will outweigh the bad", and dismisses the idea that criminals will make use of technology in ways that may or may not be controllable. Take this quote from page 413:

"The fact that computer viruses are not usually deadly to humans only means that more people are willing to create and release them. The vast majority of software-virus authors would not release viruses if they thought they would kill people."

This is naive. Fifteen years ago, your typical virus writer was a student time-sharing on some university computer somewhere. While it is probably true that this kind of person can probably be assumed to be uninterested in causing physical harm, this view (and the view that all criminal efforts may ultimately be controllable) is years out-of-date.

Today, virus-writing is firmly under the influence of criminal gangs motivated by potentially massive financial gains (and, probably real soon now, by potentially massive military or political gains). And while many current threats may seem relatively benign, it is only a matter of time before the scales tip and criminals start regularly aiming hostageware and similar technologies at medical and military equipment, SCADA systems, and other critical pieces of infrastructure, in return for financial and military gains.

Let me argue by extension for a moment here. In the late nineteenth century, well-meaning scientists in Germany produced two promising new drugs. The first, cocaine, was first isolated (and named) by Albert Niemann at the University of Gottingen in 1859 (and later made famous by Sigmund Freud, among other medical practitioners). The second, heroin, first discovered in London, was commercialized by Bayer in 1898 ("heroin" was Bayer's trademarked brand name for the drug).

Both technology advances were predicted to advance civilization. The world applauded the arrival of cocaine and heroin - and, as with so many scientific advances, only good was predicted to come from these engineered developments.

However, mention either drug today and the feelings generated are almost universally negative. In both cases, criminals co-opted the technology and went on to create industries based entirely on criminal activity that generate untold billions today - industries that kill or maim an extraordinary number of human beings each year, and continue to prosper in the face of all attempts to eradicate them.

Maybe this is an unfair analogy. But at the close of writing my recent blog detailing the myriad ways in which malware creators make money, I drew a deep breath. With so much at stake financially and politically and militarily, it is becoming clear to me that we are just at the very beginning, not the end, of the malware-creation cycle.

The criminals are just getting started. As they become better educated, and better at engineering and targeting and distributing their creations - and we move towards the world of implanted software in our homes, our bodies, and even our minds, that Kurzweil describes - the financial stakes are going to become astronomical - on both sides.

Though-bubble: it isn't terribly hard to imagine that within a few years we will see a scenario involving a major world-leader being kept alive by a medical device running on software that receives updates via a network of some kind. What would a terrorist pay to upload their code to that device? Who, with access to that device, could be corrupted?

Let's not fool ourselves that software-based criminals will care anymore about human life than the crime lords involved in the drug trade do - at the end of the day, criminals care only about their own ends (money, power), not about the greater human good.

And it's not just the crime lords we need to keep in mind - let's not forget that many "good" citizens - pillars of the community; doctors, policemen, politicians, soldiers, lawyers among them - have been co-opted into drug-related criminal activities that cause human suffering and death, all because of money.

On page 107, Kurzweil quotes US Department of Commerce, Economics and Statistics Administration data that shows IT now accounts for 10% of domestic GDP spending. Let's hope that the "good citizens" of this fast-growing IT industry do better that the "old economy" industries when it comes to preventing assets from being co-opted by criminals.

No comments: