Skype has blamed its system-wide outage on Microsoft Patch Tuesday - all those computers being auto-patched and then restarted and then logging back into Skype consumed all the system’s resources.

There are so many Blindside issues there we can do them for you wholesale:

- single time of patching for billions of machines (Microsoft)

- software integrity issues (Skype)

- limits of self-healing ability of P2P when too many nodes out (supernodes, perhaps?)

- the road to service outage is paved with everyone’s best intentions

- increasing perception that patching can be dangerous, deterring users from doing it…

wg

Robots developed for war look set to move over to civilian police duties soon. We’d better get the rules of engagement straight, fast. From Wired

Armed robots — similar to the ones now on patrol in Iraq — are being marketed to domestic police forces, according to the machines’ manufacturer and law enforcement officers. None of the gun-toting ‘bots appear to have been deployed domestically, yet. Both cops and company officials say it’s only a matter of time, however.

“Other than some R&D with the shotgun mount, we haven’t used it operationally,” Massachusetts State Police Trooper Mike Rogowski tells DANGER ROOM. “But they’re on the way. They’re coming,”

Foster-Miller, maker of the armed SWORDS robot for military use, is also actively promoting a similar model to domestic, civilian police forces. The Talon SWAT/MP is a “robot specifically equipped for scenarios
frequently encountered by police SWAT [special weapon and tactics] units and MPs [military police],” a company fact sheet announces. It “can be configured with the following equipment:

• Multi-shot TASER electronic control device with laser-dot aiming.
• Loudspeaker and audio receiver for negotiations.
• Night vision and thermal cameras.
• Choice of weapons for lethal or less-than-lethal responses
- 40 mm grenade launcher - 2 rounds
- 12-gage shotgun - 5 rounds
- FN303 less-lethal launcher - 15 rounds.

See also this from Wired: the “surge” plus increasing military shortfall means war-robot procurement is being fast-tracked. I suspect anyone who thinks killing machines can win hearts and minds is going to be seriously blindsided. No doubt the technology is fantastic. We need to get our heads around the design and social aspects of this fast.

From Computer Weekly,

“Kent Police are pursuing a number of leads following a burglary at Sevenoaks-based Forensic Telecommunications Services (FTS) in which a server containing data on suspicious telephone calls over the past two years was stolen.

A police spokeswoman said, “The computer equipment contained evidence relating to telephone use linked to around 250 cases from police forces and law enforcement agencies across the UK, covering the last two years.

She declined to say whether the data was encrypted.

…A spokesman for FTS declined to provide any details beyond a prepared statement.

However, a Mail on Sunday report said the cases were related to counter-terrorism investigations.”

Okay, stay with me here. Lotta concern about open documents–being able to get content out of old formats no longer supported by vendors. Lotta concern about legacy applications and hardware–some of it mission critical. How are you going to get info off your floppy disk in five years?

The National Archives could have a digital division dedicated to supporting both issues, right? Their website has a section already about electronic records management, saying “The National Archives is looking to improve its processes and procedures with regard to appraisal, selection, transfer, storage, sustainability and delivery. It has instigated a programme of work under the Seamless Flow banner to bring increased automation to these areas.”

Would this be a viable solution to a pressing problem? It’d be nice to be talking about solutions instead of problems for a change.

Hi all. The third of our three featured areas in our upcoming report to the CSIA regarding nanotechnology. Here are excerpts, and the entire section is here on the wiki.

Are you comfortable with what we are telling government? Yesterday’s presentation on Convergence got exactly 1 comment. Is it that non-controversial? Here we are telling government ‘don’t worry about grey goo or evil artificial intelligence.’ Is that okay with you?

Nanotechnology

The subject is discussed in more detail here: http://www.blindside.org.uk/wiki/Nano-
The Royal Society uses this definition of nanotechnology: “Nanotechnologies are the design, characterization, production and application of structures, devices and systems by controlling shape and size at nanometer scale.”

Longer term, (and it must be emphasized this list is at the conservative end of possible applications), the Institute forecasts use of nanotechnology in the following ways:
• Miniaturised data storage systems with capacities comparable to whole libraries’ stocks
• PCs with the power of today’s computer centres
• Chips that contain movies with more than 1,000 hours of playing time
• Replacements for human tissues and organs
• Cheap hydrogen storage possibilities for a regenerative energy economy
• Lightweight plastic windows with hard transparent protective layers

Detailing possible applications moves very quickly into a realm that seems like science fiction. But other nanotechnology enthusiasts foresee the enabling of quantum computing, artificial intelligence and a complete re-ordering of economies and political systems. Currently in the U.S. there are 450 consumer products using nanotechnology approved by the EPA and 600 nano-based materials licensed for use in manufacturing products. The number of products and services used in industry is not known, but believed to exceed 1,000. Lux Research, a consultancy specializing in nanotechnology, estimates that, worldwide, nanotechnology was incorporated in $30 billion (USD) of manufactured goods in 2005, which more than doubled the amount in the previous year. It estimates that by 2014 the figure will be $2.6 trillion, a more-than-85-fold increase (Lux Research 2006, p. iii).
There are respected scientists, technologists and philosophers that fear nanotechnology, including Bill Joy, a former senior executive at Sun MicroSystems, who wrote the article ‘Why the Future Doesn’t Need Us’ for Wired magazine two years ago.

Key Findings

• The impact on information assurance issues may be dramatic, involving a redefinition of information, cryptography, memory (both human and computer) and system. If a young person wearing a tongue stud can carry in it the contents of the British Library, what physical security measures can prevent data theft? If nanotechnology enables neural networking and computer enhancement of human memory, what are the implications for identity management, or indeed for identity itself?
• Nanotechnology receives a lot of attention in the media, with a search on Google returning 1,846 newspaper articles and magazine stories for one day in June 2007. Because of the potential impact and because of its treatment in books and films, take-up of nanotechnology has the potential to be as controversial as genetically modified organisms, if not more so.
• Nanotechnology is essentially a cross-disciplinary enabler that will impact healthcare, manufacturing, information systems, transportation, computer science and micro-electro- mechanical devices (MEMS) and probably much more. Advances in the use of nanotechnology in one field will often be of immediate relevance to its use in other fields. Progress in nanotechnology is rapid, and is expected to increase. Patent filings have increased 40% annually for over a decade.
• Nanotechnology has the potential to be disruptive as well as beneficial. In addition to substituting current manufacturing and agricultural processes that employ large numbers of people, some speculative thinkers envisage what they call the Singularity, where nanotechnology enables artificial intelligence that can be tasked with self-improvement, which would happen extremely quickly. This will not happen soon, if at all. Should it actually occur, it would have a very high impact on society, and would probably render information assurance useless or redundant. Blindside covers this in a special topic called Rampancy: AI Gone Wrong, found at http://www.blindside.org.uk/wiki/Rampancy:_AI_gone_wrong.

Citizen Centric

Some of the questions citizens will be asking are already being posed by advocacy groups in the UK :
• Is nanotechnology safe?
• Will ‘grey goo’ (self-replicating nano-robots, or ‘nanobots’) destroy the world?
• Will the benefits of nanotechnology be available to all?
• Why isn’t government regulating this more?
• Why is government regulating this at all?

Implications for UK Government

Because nanotechnology is most frequently seen in healthcare and materials coating, the current interest in nanotechnology revolves around toxicity and tolerance.
The Royal Society of Chemistry wrote in 2003 that “The potential health, safety and environmental impacts of nanotechnology are comparable to the impact of the existing chemical, electronics and biotechnology industries and the potential hazards should be judged in the same way. Our understanding is that current legislation should be sufficient to control the risks from nanoparticles, however research into their potential toxicity should be funded, as it may differ from that of larger particles with respect to respiratory and genetic damage. Until we develop ‘self replicating machines’- artificial life, there are no issues of substance not covered by existing regulatory practices. The ethical and social issues raised are also not unique to nanotechnology and are comparable to issues raised by many existing technologies, such as the differential access to costly technology in the developed and developing worlds and issues of privacy and security. “ (Nanotechnology – The issues, The Royal Society of Chemistry, July 2003). We concur with the RSC recommendation and see nothing that has happened since 2003 that requires rethinking of current legislation.
However, it may serve government well to begin planning for the disruptive economic effects of nanotechnology used in manufacturing, agriculture and healthcare. Indeed, there may be political and social ramifications resulting from nanotechnology.
Lastly, regarding the possibility of the creation of self-replicating artificial intelligence, even the most enthusiastic proponents of ‘The Singularity,’ as it is known, do not see it happening before 2045. Government bodies can afford to take a ‘wait and see’ approach for now.

We will be giving a draft of our report forecasting the impact of emerging technologies to the CSIA next week, if we don’t collectively develop writer’s cramp. It is based on what you have told us on this blog and what’s been put up on our wiki. Since you did so much to build it, you get the chance to inspect it before it’s delivered.

We will post it in stages on the wiki and excerpt it here. In total, it is to be 20 pages in length. In a previous post, we told you which subjects would be covered in the report. We also took the decision to highlight 3 issues for more in-depth exploration, those issues being Identity Management, Convergence and Nanotechnology.

Here is the overview for the Identity Management section, followed by our thoughts on the implications for UK government. The entire section will be on the wiki’s Identity Management page. If you don’t think this is what we should be telling the Cabinet Office, tell us here or on the wiki, or email me at tom dot fuller at kable dot co dot uk.

Identity Management Overview

The topic is discussed in depth here:

Not truly an emerging technology, identity management is an emerging discipline growing out of IT security and password/certification authentication and communications. Of the relatively tiny number of academic publications and patent filings found at Scirus (a cross-disciplinary database of scientific publications), 89% of journal publications and 93% of patent filings with the phrase “identity management” in the title, abstract or text were published after 2002. It must be emphasized that little work has been done in this field; only 321 academic publications are found on Scirus and 597 patent applications in total. This compares with 17,833 academic publications and 8,309 patent applications for “biometrics.”

Identity management issues transition to information assurance issues, sometimes seamlessly. ID management has a tighter focus, concerning itself with the management of the identity life cycle. However, it should be noted that

if identity management fails, information assurance is impossible

Citizen-Centric

• Do I trust the system that holds the information used to authenticate my identity? Will they lose it, sell it or abuse it?
• Can I manage the multiple logins and passwords mandated by the numerous systems I interact with?
• Do I have to continuously re-enter the same information time after time, frustrating me and increasing the chances of an error on my part or on the system’s?

Implications for UK government

• Biometric information used in identity management should be encrypted prior to transmission. Encrypted biometrics enables a more robust data management programme
• The most successful systems rely on user input and verification of data.
o Amazon and eBay have systems that are more robust than banks, as they get information directly from the user alone, and prompt for updates with each transaction. Banks get information from customers too, but it is at the beginning of the relationship and they do not prompt for information change, and side inputs from other sources (credit rating agencies, etc.) are prone to much higher error rates.
o Information assurance programmes willing to accept private sector verification of identity might well consider using retailers that make home deliveries, looking for recency of successful interaction rather than length of relationship.
 The number of online shoppers was estimated at 14.5 million in 2005, including 2.7 million over age 55.
• Information assurance programmes that do not carefully vet every element of identity management procedures in sub-hierarchies should not rely on those organisations’ attestations of verified identity.
o An ongoing audit programme including attempts to defeat individual systems should be a vital part of any information assurance programme
o More importantly, the audit programme should try to construct false identities using information from a variety of systems to establish bona fides, with a goal of getting drivers’ licenses and passports. Information from these efforts should be shared only with system owners in efforts to improve system performance, to improve co-operation with affected organisations
• Of pressing current interest is the use of mobile wireless networks for Internet access. Laptop computers that use an unsecured network should not have confidential information on them, nor should they be permitted access to confidential information. Identity management protocols should identify the status of a user’s network connection and politely deny access until a secure connection can be established. Individual laptop computers that permit storage of or access to confidential information should be configured to prevent access to unsecured networks.
o As the physical security of laptop computers is not addressed elsewhere in this report, we take this opportunity to note that:
 laptops should have a proximity alarm installed to remind the user not to leave a laptop behind,
 a form-based permission mechanism should be used to minimise the loading and retention of confidential information on laptops. This could include automatic destruction of sensitive data after a date set by the user
 GPS tracking should be used to retrieve lost or stolen laptops
 Preparations should begin now for similar security protocols for mobile phones and PDAs to future-proof identity management systems prior to introduction of devices with capabilities much greater than present versions

Have at it!

Rupert Murdoch will soon be making decisions on satellite expenditures for the Sky television/internet/movie offerings his company takes to the world. A satellite launch costs about £1 billion, last time I looked. If he can ram the content down the Internet pipes, it could save him money, considering how many satellites he has to maintain in low orbit.

BT (I am reliably informed) would dearly love to shed its role as maintainer of copper connections to homes and business. Mobile access to the Internet might allow them to do so. The Beeb might choose to cease terrestrial broadcast. Apple Iphone is configured for wireless VOIP, which could… well, you get the picture.

At what point do we have too many eggs in one basket and become hostage to the infrastructure of the Internet? I well know the history and how and why it was built. But if all information everywhere goes through it, even if capacity issues never arise, isn’t that tempting fate a bit?

An information assurance scheme (Measures that protect and defend information and information systems by ensuring their availability, integrity, authentication, confidentiality, and nonrepudiation. These measures include providing for restoration of information systems by incorporating protection, detection, and reaction capabilities.) that doesn’t start with an inventory isn’t going to get very far.

What does the initial inventory consist of? It would be fairly easy to list the systems that need to be protected, but don’t you also have to count the following?

1. All physical locations where access to the systems is permitted
2. All physical points of entry to the systems (not just desktops and laptops, but also their associatedUSB ports, CD ROM/DVD drives, wireless networks and devices with wireless access). One should also now include Blackberries, PDAs and mobile phones, indeed all Bluetooth enabled devices operating near networks. All printers, scanners, copiers and fax machines.
3. All email accounts that can attach files from the system, including web-based email systems.
4. Number, identity and some history of all human resources with access to any of the above.

Okay, what have I missed so far?

Here’s our preliminary assessment of the main categories of emerging technology issues, along with an impact rating. Each is discussed in more preliminary detail on the Blindside Wiki. We will be reporting to the Cabinet Office in mid-July on those that assessed as having an impact level of 3, and need full expert descriptions by that date.

This is your chance to tell us we’re on the wrong track: to add stuff; to argue that somethings missing, over-rated or under-rated. Don’t miss it!

Category Impact (from 3/high to 1/low)
————————
CCTV 3
Convergence 3
Location-based services 3
Mobile and Pervasive Computing 3
Open Standards 3
Anonymity 3
Data breaches 3
E-Voting 3
Human rights (intersection with emerging technology) 3
Identity management 3
NHS IT 3
Non-bank payment service providers 3
People and IT 3
Mission Critical Legacy Systems 3
Rampancy: AI gone wrong 3
Surveillance society effects 3
Semantic Web 3
Self-reproducing technologies: the “GRINs” 3
- *Geno- 3
- *Robo- 3
- *Info- 3
- *Nano- 3
Social media 3
APIs 2
Bandwidth - massive wireless and cable bandwith to the home 2
Shared Service Management 2
Ultraportable devices 2
Automated number-plate recognition (ANPR) 2
Bad sysadmin procedures 2
Bad procedures - other 2
Changes to daylight saving time in the US 2
Public sector databases on children 2
Keyloggers 2
Phishing 2
Phones as bugs 2
Technologies for Non-Repudiation 2
Underground economy servers 2
Unencrypted email 2
Biometrics - unencrypted 2
Windows Vista and other operating systems 2
Government IT projects 2
DNA terrorism 2
On demand computing (ODC) 2
Grid Computing 2
Quantum Computing 2
plus in the lower impact categories (please use the search box if you want to add to these):
Aeronautical cabin services 1
OpenDocument 1
Service-oriented architecture 1
APIs that change without warning 1
Cybercrime 1
Electronic banking 1
Fraud Websites 1
Search Engine Logs 1
Spam 1
Computing Monoculture 1
DRM and its side-effects 1
Environmental side-effects 1
Exploding Batteries 1
Optical Computing 1
User-generated content 1
Virtualisation 1
Generation C - the knowledge nomads 0

Thank you for any help, comments, suggestions.

My day is slightly brighter because I found out there are five manufacturers of robots specifically for milking cows, and six manufacturers dedicated to building robots for cleaning sewers.

However, a cloud passed in front of the sun when I read the Economist article of two weeks ago (yes, I’m having trouble staying au courant) about the use of robots in the military.

This is what I’ve put up on our wiki–would appreciate informed comment, as always.

However, the greatest IT risk, discussed below, is that robots are a) portable and can be stolen and b) will tend to have more and more sensitive information loaded into them.

The Pentagon is spending millions of dollars on research into autonomous fighting machines which might according to Georgia Tech “find, intercept and destroy a moving enemy tank on the battlefield”. The June 9 issue of the Economist reports that the Pentagon, in an attempt to give these robots more autonomy (including the ability to decide when to use lethal force)is working with the Georgia Institute of Technology to develop a software based rules of engagement set of rules. Dr. Ronald Arkin of the Georgia Institute of Technology is currently surveying policymakers, members of the public, researchers and military personnel regarding this.

1 year Information security issues are still around the corner in the civilian world, but are now being addressed by the military, using UAVs and robotic gun mounts and installing software rules of engagement and visual recognition systems to drive the rules of engagement.

5 years Every other militarty technology advance has ended up in the hands of the police. Again, a robotic water cannon in and of itself is probably not somethng to worry about. But if loaded with a database of pictures of criminals, activists, troublemakers, it may constitute a threat to civil liberties. From the Blindside point of view, what would be almost as bad as a robotic vehicle with such a database being stolen.

5-25 years

As advances continue in robotics, micro electo mechanical systems, nanotechnology and software, robots will dramatically increase their capabilities, in business, the home and perhaps most especially in the public sector, in hospitals and chronic care facilities, etc. As their capabilities increase, they will need more information to do their tasks. Because of the portable nature of robots, that information will almost always be at risk, unless it is piped into their systems in real time. Whether this information is stored or transmitted, there will be risk.