Friday, December 14, 2007
Is God in the machine?
This week Radio 4's science show Leading Edge kindly asked me to record a short opinion piece. It was broadcast on last night's programme. You can listen to the audio, and read below my cheery Christmas message.
We are living in the middle of an information revolution. In 1965 Intel founder Gordon Moore first noted the doubling of the number of transistors per integrated circuit roughly every 24 months . Raw computer power has since increased a million-fold. Hard disk capacity and Internet bandwidth are increasing at an even faster pace. Disk information density is doubling annually . We can now fit 160 wavelengths down one fibre cable, with photonic integrated circuits capable of carrying 1.6 terabits per second  — the equivalent of over 10,000 television channels.
Surely the UK government must be correct to think this explosion in computing capability can solve some of society's most pressing problems? National databases of 60m citizens' health records, biometrics and children's details are now possible. You could be data matched against the profiles of alcoholics, suicide bombers and delinquent dads before breakfast. Even the estimated £70bn budgeted by the governments of Tony Blair and Gordon Brown on major IT projects and consultancy  would seem small change if their promises of a substantially healthier and safer society were fulfilled.
Unfortunately our capacity to design, build and securely operate information systems has not progressed quite so rapidly. In the last decade alone we have seen severe IT problems at the Child Support Agency, Passport Office, Criminal Records Bureau, HM Revenue & Customs, National Air Traffic Services and the Department for Work and Pensions . Revenue & Customs have recently demonstrated the problems of systems that allow 25m child benefit records to be downloaded by junior officials — and who knows how many criminal gangs had already trodden this path before two discs were so unfortunately lost in the post.
The Information Commissioner told Parliament last week he had recently seen a whole stream of top businessmen and civil servants who revealed on a "confessional basis" that many more spectacular data breaches remain to be discovered .
We have heard from the prime minister that biometric security based on fingerprints and iris scans would reduce the problems caused by criminal plundering of personal data. This claim is not based on a realistic understanding of the technology . We have recently seen fingerprint scanners fooled by prints reconstructed using gummi bear sweets. Trials have found problems in recording biometrics from several groups such as Asian women and manual workers. And once your biometrics are compromised, you have no way to change your fingers or irises.
In building widely accessible databases describing tens of millions of citizens, it seems that our government is trying to run at the speed of Moore's law rather than walk at the much slower pace of our developing understanding of secure and privacy-protective systems. Rather than risk a continuing stream of Revenue & Customs-scale breaches, the government might be wiser to listen to the computer scientists  who recommend a slower and more considered path towards information nirvana.
 Gordon E. Moore. Cramming more components onto integrated circuits. Electronics Magazine 38(8), 19/4/1965
 E. Grochowski and R. D. Halem. Technological impact of magnetic hard disk drives on storage systems. IBM Systems Journal 42(2), 21/4/2003
 Fred A. Kish et al. Ultra High Capacity WDM Photonic Integrated Circuits. Optical Fiber Communication and the National Fiber Optic Engineers Conference 2007
 David Craig and Richard Brooks. Plundering the Public Sector. London: Constable, 10/4/2006
 Parliamentary Office of Science and Technology. Government IT projects, July 2003
 Patrick Wintour. Information chief calls for review of ID card plans. The Guardian, 5/12/2007
 Ross Anderson, Richard Clayton, Ian Brown, Brian Gladman, Angela Sasse and Martyn Thomas. Biometrics are not a panacea for data loss. Letter to the Joint Committee on Human Rights, 26/11/2007
 Brian Randell. A computer scientist's reactions to NPfIT. Journal of Information Technology (2007) 22, 222–234