Scott Gilbertson

The Future’s So Bleak I Gotta Wear Firewalls

Ten years from now identity theft will be the least of your worries. Or so says security guru and Wired Columnist Bruce Schneier. Schneier has posted a conversation with fellow security expert Marcus Ranum (who designed the first commercial firewall) where the two discuss what security threats might be and where they will come from […]

firewall.jpgTen years from now identity theft will be the least of your worries. Or so says security guru and Wired Columnist Bruce Schneier. Schneier has posted a conversation with fellow security expert Marcus Ranum (who designed the first commercial firewall) where the two discuss what security threats might be and where they will come from ten years from now. The full interview will be in the December issue of Information Security Magazine.

So what can you expect to panic about in 2017? Well neither Schneier or Ranum lays out any specific scenario, rather both point out that with Moore's law dictating that computer power in 2017 will be 100 times what it is now, security threats will likewise increase. Ranum rather bleakly suggests: “if you're right that crime remains a constant, and I'm right that our responses to computer security remain ineffective, 2017 is going to be a lot less fun than 2007 was.”

The problem, says Schneier, is complexity. “Complexity is the worst enemy of security, and the Internet — and the computers and processes connected to it — is getting more complex all the time… One could say those critical insecurities are another emergent property of the 100x world of 2017.”

But perhaps the most alarming thing about this vision of security in the future is how little control you will have over it. With software increasingly becoming a service, you may find your data exposed by insecurities that you can't patch. Schneier writes:

The free-wheeling days of general-use PCs will be largely over. Think of the iPhone model: You get what Apple decides to give you, and if you try to hack your phone, they can disable it remotely. We techie geeks won't like it, but it's the future. The Internet is all about commerce, and commerce won't survive any other way.

The two move on to talk about other “control” based scenarios like Microsoft's Trusted Computing platform, which Schneier argues simply makes it easier for an attacker to have unfettered access — once their software has breached to “trust” wall, it in effect becomes trusted.

I'm reminded of the post-9/11 anti-terrorist hysteria — we've confused security with control, and instead of building systems for real security, we're building systems of control. Think of ID checks everywhere, the no-fly list, warrantless eavesdropping, broad surveillance, data mining, and all the systems to check up on scuba divers, private pilots, peace activists and other groups of people. These give us negligible security, but put a whole lot of control in the government's hands.

Computing is heading in the same direction, although this time it is industry that wants control over its users. They're going to sell it to us as a security system — they may even have convinced themselves it will improve security — but it's fundamentally a control system. And in the long run, it's going to hurt security.

It's a depressing read quite frankly, but of course the central tenant operates on the premise that security will continue to progress as it is today, which isn't necessarily true. As with any prediction, take this scenario with a grain of salt. And keep in mind the quote Schneier starts out with from Roy Amara at the Institute for the Future, who once said: “We tend to overestimate the effect of a technology in the short run and underestimate the effect in the long run.”

Be sure to let us know what you think.

[Photo credit]

See Also: