We love technology but some of it will go wrong. Some aspects might even get out of control, says Kevin Kelly.

I don’t worry about most new inventions, but there are four technologies I think are worth worrying about. These are the emerging technologies of geno-, robo-, info-, nano- stuff. Geno includes gene warfare, gene therapies, and drastic genetically modified organisms, and drastic genetic engineering of the human line. Robo is of course robots. Info concerns digital intrusions, artificial minds, cyberware, and virtual personas built from data accumulation. Nano are super tiny machines as small as bacteria that do all kinds of things, sort of like dry life. The initials of these four worries are combined into the ironic acronym of GRIN. The common element among the techniques of GRIN – and the reason they are worrisome – is that they are all self-reproducing…

No-one summarises the scale of the information age change as well as Kelly, and for me nobody states the moral challenge we face as clearly. He once spent many months living with the Amish to understand how religion affected their policy on technology, and describes himself as a “blue-state Christian”.

The GRINs are bullying, rogue technologies, he says. To handle them we’ll need the analogy of parents that discipline unruly children:

If we can train our children – who are the ultimate power-hungry autonomous generational rogue beings — to be better than ourselves, then we can train our GRINs.Like raising our children the real question – and disagreement – lies in what values do we want to transmit over generations?

The BBC reports…

The technique uses photons of light as decoys

British scientists have found a way to fix a vulnerability in quantum cryptographic systems.

If left unpatched the flaw would make it possible to grab information about the keys used to scramble information without being detected.

The flaw emerges because of the way that laser diodes emit the photons of light used to carry quantum key data.

Using decoy photons the researchers can spot when attackers are eavesdropping on secure communication channels.

One thing that will go wrong and unsettle everybone is broken crypto: the cracking of more and more complex keys. There are two strange aspects for me. One is that I just dont begin for the life of me to understand the cryptography on which the safety of my on-line business life depends. The second is that only a small proportion of the people who crack these security systems are good enough to say so (eg Ben Laurie on PGP) and we have have to assume that those who are secretive about it (of whatever variety) are more numerous, more highly motivated and generally ahead of the honest hobbyists to whom I can more easily relate.

We live in an age of unprecedented vast databases and a future of exponential further growth in database size. What are the biggest today? The possibly US-centric Business Intelligence Lowdown, sticks its neck out and claims the top 10 is:

10. Library of Congress
9. Central Intelligence Agency
8. Amazon
7. YouTube
6. ChoicePoint
5. Sprint
4. Google
3. AT&T
2. National Energy Research Scientific Computing Center
1. World Data Centre for Climate

They offer some interesting stats, but no source, methodology or suggestion about how comprehensive they think it is. Picked up by Digg, the article cops a string of protesting comments (they need an “offensive?” button). Thought-provoking, though. I wonder how EMC, CERN and the world’s Googlezons see the long-term future of massive databases? Does sheer size and scale bring new issues?

Just to be short-term for a moment, here’s the top 10 threat list of Richard Stiennon, who does the ThreatChaos blog for ZDNet. for the current year

1. 100% growth in revenue for cyber crime. …the quest for financial gain will spur cyber criminals to a banner year, at least doubling their overall take…
2. DDoS in support of phishing attacks. ….an attack against a banking or ecommerce site along with a barrage of emails that claim the site is “down for maintenance, please log in here to access your account”…
3. Successful DDoS attack against a financial services firm. …2007 will be the year of the first high profile attack against a large US or UK bank or trading desk.
4. Attacks against DNS are the threat of the year. …the collateral damage could be devastating if an attack took our one of the root domain name servers….
5. No abatement in identity theft. …Markets are developing that make it easier to monetize stolen identities thus increasing the value of stolen IDs while decreasing the cost of “moving” them.
6. More attacks against wireless networks. ..text message urging you to call a particular premium phone number (vishing), and malware that infects phones…
7. MySpace grows up and gets secure. …the number of attacks from predators, criminals and hackers will get to the point that MySpace will tighten up its controls and monitoring…
8. YouTube abuse threatens site. …video sharing will succumb to spammers who post ads, ad backed videos, and stealth marketing exploits, ruining the experience for everybody.
9. Network infrastructure shows signs of overloading. …outages, slowdowns, and a mad scramble to lay more fiber in 2007…
10. Spread of Windows Vista will have zero impact on the overall threatscape. …Reportedly you can already purchase Vista zero day exploits on the web.

Sobering stuff, even with mixed metaphors (”The cat is out of the bag. Pandora’s box is open.”). But the man was flying to Maui and back just to get frequent flyer points when he wrote this. Does he have his priorities right about imminent global catastrophes?

The hardcore Chaos Computer Club points to a Sept 05 article by D Calvin Andrus of the CIA called The Wiki and the Blog: Toward a Complex Adaptive Intelligence Community. The abstract reads

US policy-makers, war-fighters, and law-enforcers now operate in a real-time worldwide decision and implementation environment. The rapidly changing circumstances in which they operate take on lives of their own, which are difficult or impossible to anticipate or predict. The only way to meet the continuously unpredictable challenges ahead of us is to match them with continuously unpredictable changes of our own. We must transform the Intelligence Community into a community that dynamically reinvents itself by continuously learning and adapting as the national security environment changes.

Says it all really. We think of a conservative security community, struggling perhaps in the chaos of an increasingly online world, but somehow solid, predictable, reliable.

What happens when they become as wired, chaotic and creative as online artists, designers and gamers? And can they do that without coming out of the isolation that is hard-wired into their culture? How could politicians hold accountable a security service that is constantly reinventing itself?

A security service that engages online, as opposed to just listening, would be a very different bunch of people with a different set of skills.

Bruce Schneier has a piece on the psychology of security, and our ability to make tradeoffs.

The truth is that we’re not hopelessly bad at making security trade-offs. We are very well adapted to dealing with the security environment endemic to hominids living in small family groups on the highland plains of East Africa. It’s just that the environment in New York in 2006 is different from Kenya circa 100,000 BC. And so our feeling of security diverges from the reality of security, and we get things wrong.

One thing that’s bound to go wrong is the sheer concatenation of human error - forgotten passwords and PINs, lost ID cards, poor data entry.

According to this BBC piece we have around 20 passwords each, growing at 20% a year.

With all the promise data mining holds for counterterrorism Congress is having a good look it, posts Jeff Jonas
.

This session again proved that what data mining means depends on whom you ask. And, as such, this poses a real problem for those trying to have a rational conversation on the subject. And I worry that if lawmakers get this wrong … poor laws will follow.

Like ID management, if we don’t start with clear definitions then we won’t understand what we’re talking about. Because we need to work out
- what is feasible
- what should we realistically expect
- what are the social consequences

Jonas lists several defiinitions from other data-mining submissions, and makes the point we need to settle on one if were going to regulate it.