“Never make forecasts, especially about the future.”
— Sam Goldwyn
This is particularly good advice for those with the courage (temerity? foolhardiness?) to forecast trends in technology. We can safely predict that technologies will get better/faster/cheaper/smaller, but which ones? Who will use them? How? For what? Back in the days when fairly standard IT was just bought by organizations with cost-conscious and risk-averse CFOs, the only question was how much technology would be bought, which depended largely on the overall economy. Starting in the 1980s, when ordinary people began buying IT, much of it from brand-new companies, predicting consumers’ tastes and quantifying their demand presented a whole new challenge. Add in the Internet, and what technologies consumers use that matters to the companies from whom they obtain goods and services. Getting specific about which technologies will be game changers in the coming year is not a game for the faint-hearted, and I don’t pretend to know enough even to try to play.
That said, I have three predictions for 2016 that cut across existing technologies and how they’re used, managed, and protected:
1. WE WILL SEE MORE ACTION ON SECURITY
The increased frequency of hacking into company and government computers and the data theft we’ve been seeing will result in more and stronger actions on the security front. They will be driven from three directions:
a. The IT industry will make more of a full-court press in response to demand from both business customers and consumers, plus the threat of government intervention, especially now that terrorism is back on the front pages. Business opportunities should increase for startups and small companies offering clever and innovative tools and techniques.
b. Companies using IT will focus more on improving their own business practices and will spring for more effective technology, publicizing their investments for competitive advantage. They have a lot at stake. Companies in the business-to-consumer space depend on their customers’ continuing confidence in the safety of financial transactions. Companies in the business-to-business space maintain proprietary customer and product information of likely value to competitors.
c. Governments will increasingly demand better security for their data and equipment. The negative consequences of malicious hacking into, say, the US Department of Defense (DoD), Central Intelligence Agency (CIA), or Internal Revenue Service (IRS) stagger the imagination.
As an aside, this increased focus should spur some rationality in dealing with hackers. Clearly, those who hack into systems for personal gain — by stealing credit card information, for example, or wreaking havoc in critical systems (cyberterrorists) — should encounter the full harshness of the law. But those hackers who successfully break in solely for the intellectual gratification of proving it can be done are potentially national treasures and should be put to work for the good guys. Yes, they have trespassed, but…. Perhaps the latest reminders of the reality of terrorism will cause prosecutors and judges to think twice about taking critical talent out of circulation. (Then again, the US military drummed out a number of Arabic speakers for being gay even as the army was invading Iraq, so I suppose we shouldn’t get overly optimistic about the triumph of common sense.)
2. WE WILL BEGIN TO CURB THE EXCESSES OF SOCIAL NETWORKING
The Wild West of social networking will start to be tamed as concerns regarding its use by really bad people for really bad purposes, such as recruiting terrorists or planning attacks, will call into question the libertarian paradigm in which it has operated. Providers of platforms will have much more trouble making the case that they’re just like common carriers who have no responsibility for what passes through their servers. Unlike telephones, the data is digital and thus easily captured, stored, and analyzed. US Senator Diane Feinstein (D-CA) was only the first to announce plans to introduce legislation that moves in this direction. If such a thing happens, there will be a market for sophisticated approaches to text and picture analysis and pattern recognition.
Misuse of social networks is not just a national security and public safety issue, where legislation and executive orders are real possibilities. As more cases of cyberbullying with tragic consequences come to the surface, it would seem inevitable that victims would try to recover damages from social network operators (although to my knowledge this has not happened so far).
3. GOVERNMENTS WILL MOVE ON METADATA ANALYSIS AND DATA DECRYPTION
In the wake of the Paris and San Bernardino attacks, governments will have a stronger case to make for mass collection, storage, and analysis of metadata and their ability to decrypt actual data. The privacy concerns raised by Edward Snowden’s revelations will likely be overridden by here-and-now concerns about public safety. The reality of concrete threats usually trumps abstract principles, however noble.
In the decryption area, there’s tension between governments’ efforts to improve national security and industry’s efforts to improve system security. Governments may try to outlaw end-to-end encryption or force companies to deploy encryption with backdoors, all of which would increase the surface area for hackers to attack. We can expect a serious policy-related back-and-forth.
UPDATE: March 16, 2016
It should surprise nobody that this prediction has already come true with the standoff between Apple and the FBI over decryption of the content of a locked cellphone belonging to one of the San Bernardino perpetrators. Based on the ancient maxim that “the public has a right to every man’s evidence,” Apple initially elicited emotional reactions like “How can a company be so arrogant that they would deny law enforcement access to information that could prevent another San Bernardino or worse?” But it’s not that simple. Backdoors to break encryption increase the surface area for hackers to attack. Even a one-off opening for a specific case makes it clear to hackers that it can be done. Who wants to bet everything on the incorruptibility of the company employees when the potential rewards for breaking the encryption at a system level are so immense? Plus, the precedent that the government can make a company break its encryption is unlikely to be confined to high-profile terror cases. I will not attempt to enumerate the full list of considerations; a recent 18-minute segment on John Oliver’s Last Week Tonight, an HBO exposé program disguised as comedy, does the job well. We can expect litigation that perhaps reaches the Supreme Court (which may be unable to decide anything until it replaces Justice Scalia). Stay tuned.
However this specific case plays out, opportunities will emerge for inventors and purveyors of sophisticated algorithms and heuristics to analyze the metadata and whatever is decrypted. Expertise in search and pattern recognition in both test and images will be good to have. This is big data analysis on steroids. Advanced research and development funded by governments under the rubric of national security will provide lots of private sector benefits. (I hardly need to tell this audience that the Internet started out in the 1970s as ARPAnet, a US DoD program.)
People who make predictions often succumb to a bias in favor of predicting what they would like to see happen. Several months ago I argued strongly for better security in an article on technology backlash, so I hope I’m right there. I had no a priori position on social networking, but having thought about it, I would favor some change. My prediction about increased capability for government snooping was easy to make, given the emotional power of the recent scenes of carnage, yet I remain ambivalent about hoping I’m correct — though perhaps less ambivalent than before Paris.