With great power comes great responsibility goes the phrase. In computing circles I would say that we’d be liable to think more along the lines of With great power comes great electricity bills or With great power comes great cooling problems. But should we also be more often considering the original intention? Should we as the engineers wielding the computer power be concerned with how this technology could be abused? A quick trawl of the internet shows precious little concern for such issues – we are almost all completely entranced by the rush of technical possibilities coming at us. If we give the matter any concern at all we tend to think in altruistic terms, of the great potential for a safer, more organized, more open, more equal, more efficient and faster world.
In 2011 there was a flood of news reports about how GPUs (Graphics Processing Units) could be used for more than pretty graphics and be used to target such tasks as decryption and password cracking. This of course was a good way to raise publicity for GPGPU (General Purpose GPU) and create a new market for the likes of NVIDIA and AMD. Programming tools such as CUDA and OpenCL made leveraging the massively parallel architectures of GPUs for non-graphics tasks much easier. Decrypting secure data and cracking passwords were apparently well suited to such devices. [1][2][3]
From an engineering point of view it is exciting to understand the challenges of cracking modern encryption methods and to see the effect of password length on complexity. Up to eight random characters is apparently quite straightforward and can be done within hours. Going to ten characters can suddenly take decades. Going beyond this can quickly take millennia. The mathematical theory behind all this is quite fascinating. [4]
Another area often mentioned in the same breath as GPUs is computational finance. This is the world of so-called quants. These chaps are attracted from the fields of science into the world of financial engineering. High performance computing is used to predict stock market movements, calculate pricing, quantify risk, etc. The more horsepower we have the more chance we have of outsmarting the competition. We learn of such things as high frequency trading where automated buying and selling are made so rapidly that sometimes the investment is held only for milliseconds. We learn that latency is critical and by locating a computer centre closer to the exchange and improving data throughput, we can get further advantage. [5]
If you attend a high performance computing conference you will be able to attend any number of talks given by academics or software engineers detailing the astonishing breakthroughs they have made in areas such as these. But while listening to such information should we not also use our well trained and agile minds to question the greater ramifications of what we are actually doing?
Is the cracking of passwords and accessing confidential information always good? Is being able to see finance as mathematical models devoid of a bricks and mortar, flesh and blood reality really of sound use? If we touch on such questions at all then we will hear about system administrators who lose access to vital company information. We hear about people losing access to personal, irreplaceable documents and photographs. We hear about security agencies needing access the communications of criminals and terrorists. In finance, we are told that we will get better liquidity, better market stability and that the competition will bring value.
But do we really believe all this? Does this kind of computing power really give us a more stable, more efficient financial sector? We can learn that high frequency trading skims off money from the transactions between investors and businesses, a form of unauthorized taxation as they pre-empt genuine trades. We witness phenomena such as the flash crash of 2010 as algorithms compound on errors to create chaotic spikes. [6] We can hide behind the maths of risk to the exclusion of real facts such as the unsustainable house of cards that was sub-prime. While the banking sector has pretty much recovered, there are legions of ordinary people with reduced pensions, bankrupt businesses, lost savings, without work and facing austerity measures cutting benefits and services. [7]
The impact of being able to break passwords, decrypt secure communication and monitor all internet traffic is altogether more sinister and raises questions about the kind of world we wish to live in. We naively assume that we have nothing to hide and that such technology is used for our collective safety. We can intercept terrorist plots and illegal business activities for example. It is now technically possible to monitor all internet traffic in a small to medium size country [8][9] and within a year or two it will be possible to affordably do so for any country. The cost of such processing power would apparently come in at less than one modern fighter jet. Scaling up from the systems already available this is quite believable. [10]
When discussing such issues with an engineer friend, he claimed he was not worried because likely it would not be possible to monitor the data in any useful way. This underestimates the ingenuity and rate of progress of the computing world. Google serves a significant proportion of the world’s internet users and already tracks a massive range of statistics of these people. Gmail scans emails and based on content displays adverts. Search history, links clicked and more are stored. Google have already showed that the theory works fine.
As people, as engineers, we like to assume that the technology we create will be used for good. We tout the so-called Twitter and Facebook revolutions as examples of how technology is opening up the world and allowing repressed peoples to overthrow corrupt despots[11], but we fail to see how the same technologies allow those same despots to monitor their own people. We do not hear often how the Iranian government used Facebook to identify the protestors and their families. [12] We do not also hear often about how easy it is to track the internet activities of our heroic freedom campaigners. And what should happen if we should become disillusioned with our own governments? Would we be allowed to democratically protest and oust them, or would the technological might and subsequent rule of law be used against us under a flimsy patriotic pretext?
And where will it all stop? If our on-line and mobile communications can be monitored what about our off-line personal discussions with our fellow freedom fighters / terrorists (delete depending on view point)? As Google Glass makes its entrance, backed with on-the-fly translation[13] and facial recognition [14] then we see that technically speaking we could also monitor everything we do, see, hear and say. If we are not careful we will find that we are engaged in a technology enabled race to the bottom of morality, a desperate fight to protect a way of life that we’d already lost.
References
1. https://securityledger.com/new-25-gpu-monster-devours-passwords-in-seconds/
2. http://erratasec.blogspot.nl/2011/06/password-cracking-mining-and-gpus.html#.UZ90kLVmh8E
3. http://www.cyint.in/products_decryptiontools.htm
4. http://en.wikipedia.org/wiki/Password_cracking
5. http://en.wikipedia.org/wiki/High_frequency_trading
6. http://en.wikipedia.org/wiki/2010_Flash_Crash
7. http://www.motherjones.com/mojo/2013/05/bank-record-profits-fdic-unemployment-housing
8. http://surveillance.rsf.org/en/amesys/
9. http://www.defenceweb.co.za/index.php?option=com_content&view=article&id=18932&catid=74&Itemid=30
10. “Freedom and the Future of the Internet”, Julian Assange, 2012. http://emilkirkegaard.dk/en/?p=3429
11. http://en.wikipedia.org/wiki/Twitter_Revolution
12. “The Net Delusion”, Evgeny Morozov, 2012, http://www.publicaffairsbooks.com/morozovch1.pdf, p10
13. http://www.huffingtonpost.com/2012/07/23/google-glass-inspired-specs-auto-translate_n_1695008.html
14. http://www.guardian.co.uk/technology/2013/jun/03/google-glass-facial-recognition-ban