Locksmith Looks Forward (and back)

Locksmith Opinions that just didn't fit my usual newsletter/column format.

Satchel Page said, “Don’t look behind you,” but Santayana said,

“Those who don’t learn from the past are doomed to repeat it,” while Dr. Phil (pop

behavioral psychologist and not much of an original thinker) says, “The best

predictor of future behavior is past behavior.”

Over 45 years in the IT game I’ve found that the real trick

is to decide what recent events are predictive and which ones are just

background noise.

In IT security you need experience and technical skills but

you also need the right kind of education to see into the future – personally I

studied both quantum physics AND behavioral psychology. Before I began in

computer security I fleshed out that meager resume with several years working

for law enforcement and later a private detective firm. In fact, I was even a

real locksmith so, while I’m not always right about future trends, I’m seldom


I’ll leave it to you to decide which recent events were background

noise and which predict the future but I have my opinions and I bet you can

guess what they are.

>A few years ago Congress passed anti-spam laws (which did

little except to make spam from big businesses legal) but the same legislators

have failed to protect private data or pass any laws against phishing (it isn’t

even a federal crime to COLLECT someone’s private data, only to “misuse” it


The lesson – Don’t look to Congress

for protection in personal data matters. The old saying, “We’re from the government

and we’re here to help you,” is still a good reason to hide your wallet and run

for cover.

My reasoning – most people elected

to Congress are lawyers and their campaigns are paid for by businesses that

simply LOVE to collect data about customers and potential customers. Why would “their”

legislators vote against it?

>A number of serious vulnerabilities in the much-touted open

source Firefox browser surfaced soon after Rel. 1.0 appeared – this despite

years of development in the “superior” open source environment.

The lesson - although it is sometimes

patched more quickly, the open source model isn’t necessarily more secure

except to the extent that it is often smaller (smaller is always more secure).

My reasoning – useful software is far

too complicated to ever be perfect. As for the open source idea of fixing vulnerabilities

before they cause damage, why would malicious hackers share any bugs they had

found before they had a chance to exploit them? Only the honest testers report


> FBI Assistant Director Louis

Reigel, head of the agency's Cyber Division, said in December 2005, “Al-Qaida

and similar groups do not have the ability to disable power plants, airports

and other 'critical infrastructure' through the Internet."

The lesson – terrorists can

probably disrupt the Internet or at least some vital services whenever they

want to.

My reasoning – much as I respect

FBI work in some areas, outside the crime lab technology isn’t their strong point. It

took more than a decade for the FBI to really grasp that child predators were

actively prowling the Internet for victims; they routinely reject ideas and ignore

threats reported by non-FBI sources or even by agents outside HQ (remember Minneapolis

agent Coleen Rowley and 9-11?); and the bureaucrats quickly at the top dismiss

threats they aren’t really able to address adequately.

My evidence? Just a month before The

Assistant Director’s statement, the FBI’s own computer system almost collapsed under

the flood of emails triggered by the Sober worm. Most worms have been created

by individuals, so is it difficult to believe a well-funded terrorist

organization couldn’t do something a 17-year-old German hacker can do?

>President Bush gave secret orders allowing The National

Security Agency to spy on people in the U.S., including citizens, without

warrants either before or after the fact. Both the CIA and NSA are precluded by

law from conducting surveillance of people inside the U.S. For better or worse,

that job was specifically given to the FBI. Even worse, they could have done

the same surveillance legally by getting secret warrants.

The lesson is – if the president

can decide on his own to turn the NSA loose on anyone, then none of your data is

ever really safe, not even from the people who are required by The Constitution

to protect us and by their oath of office to protect The Constitution. If you

have really critical data, never transmit it electronically.

My reasoning – politicians will

always do whatever they think is in their best interest, even in violation

their own laws. Heads of state often do so. Why? They do it because they think they can get

away with it, even when if it is illegal. Several Senators, including Russ

Feingold (D) Wisconsin, have said

the White House activities are illegal. Sen. Feingold said on TV that President

Bush is just making up laws as he goes along.  In addition, US District Judge James

Robertson of the same Foreign Intelligence

Surveillance Court that would have had to pass on

wiretap requests recently resigned in protest. (Some in Washington are even whispering the dreaded 'impeach' word.)

>Open source advocates continue to ignore flaws in their favorite

software development and support methodology. They point out how bad Microsoft

is, while failing to explain why Microsoft continues to enjoy a massive

market share despite being so terrible. Open source advocates cite all the

reports of problems with Microsoft software but, until open source fanatics (as

opposed to those who, like me, are merely reasonable advocates of using open

source where appropriate) temper their rants and admit that the main reason

Microsoft flaws are so well known is simply because most people use Windows and


The lesson comes in two parts -

Microsoft is likely to remain the dominant force in business and home software

for years to come. Open source will never gain a real foothold until there is a

solid business model to make money off of it. Marx and Engels thought people

would work hard for the good of others without compensation – communism failed

because most people do what is in their own interest or benefits them.

My reasoning also has two aspects –

First, most people using computers don’t understand them and will continue to

use what is shipped pre-installed on their computers – they will also continue

to demand Microsoft because that is the brand name they know. Second, many open

source fans fail to grasp what Newton demonstrated and every sailor knows in

their bones, it takes a very, very long time to turn a supertanker and there

needs to be a very good reason to start the process.

Quick snippets

Some trends I intend to watch in 2006 include:

>The threat from bird flu (if it hits some government plans call for drastic

quarantines of large areas, including closing national borders); increasing

world-wide terrorism; and especially the end of the age of oil (world oil

production may already have peaked, see will continue to

push e-commerce and e-business activities including teleconferencing,

telecommuting, and online collaboration, while reducing the need for big

companies to have centralized management in large cities. Bet New Yorkers have

some special thoughts on that just now!

>Outsourcing from industrialized countries, especially to China

and India will continue and accelerate. While the number of U.S.

engineering graduates

continues to drop, China and India are graduating a vast number of


engineering students each year and will soon host most of the world’s


work hours. In the past many of the top foreign students studied in the

U.S. and stayed here to work. With today’s improved communications they

are now training

at home or heading back because they can live like kings on relatively


incomes within their familiar cultures.

>The real pocket book threat to average computer users is

identity theft and that is mostly due to social engineering, not worms or flaws

in browsers. Social engineers don’t care what OS or browser people are using.

Far too much is made of technical threats and far too little attention is given

to the human threat. More people and companies will realize that in 2006.

>Some sophisticated users are beginning to move from

Google to, a search site which does a far superior job of sorting

and displaying “hits.” Clusty’s superior interface will soon force other search

engines to make it easier to locate just the information you want.


passes cyber and privacy laws which force Congress into taking action - that almost

always weakens state cyber laws. Look to your state for legal cyber protection but

realize that you stand to loose protection when Congress steps in if there is

any business anywhere which benefits from weaker laws and has a lobbyist in Washington.

>Look for China to take piracy much more seriously in ten years when their engineers are

responsible for most new inventions. A sign of the times? Chinese could always

buy Marlboro cigarettes, but they were counterfeit – Altria (Philip Morris) is about

to license the cigarette in China.

Can movies and software be far behind?

Final word

I’ve been doing this a very long time – too long according

to my wife (GRIN) but I’ve always been fascinated by computers and constant

advances in the IT field have always kept my interest fresh.

Never before in history has any new technology had such a massive immediate impact on society so quickly as PCs have in the past quarter of a century.

Automobiles essentially governed social changes in the 20th

century and personal computers will do so in the 21st.

It is already hard to imagine a world without computers but

the first PCs were sold only 25 years ago. This technology is still in its

infancy. Comparing a Pentium computer to a Model T isn’t far fetched.

Gottlieb Daimler and Carl Benz were born before the American

Civil War. The first Benz was sold in 1894 and Steinway (the piano people) built

Daimlers on Long Island before WWI. Ford was selling Model T’s in 1909 but most

roads in the United States were still unpaved in the 1930’s and the car didn’t

radically change life in the U.S. until after WWII (motor vehicles also

radically changed the way wars were fought) – that was essentially 60 years from

the initial product to major societal changes.

By contrast, the first microcomputer kit (the Altair 8800)

appeared on the cover of Popular Electronics in January 1975 (the magazine cost

75-cents and also carried a story about a $90 pocket calculator – more powerful

ones are now given away as advertising premiums.)

But while computers are making information available even in

rural China, I am concerned that the United States is falling far behind in the

technological race. In terms of scientific and mathematical literacy the U.S.

is rapidly becoming a third-world country seriously debating Darwin.

Computers were essentially invented in England and became a massive

agent of change when IBM built the first PC. Most computer components now come

from overseas and “IBM” labeled computers are built and sold by a Chinese


But that is only a concern to me because I live in the U.S. and,

anyway, I really work on the Internet so it has little major effect on

me. I mention it because it is a major power-shift in the world of

technology, not because I think it is either bad or good. For


countries, the growth of businesses which don’t consume massive amounts


natural resources and export knowledge while keeping workers (and their

incomes) at home is probably the greatest single advance in society

since the

end of Feudalism.

I may be wrong, but I'm not uncertain - 2006 will be an interesting year.