Category Archives: crime

The future of cleaning

I’ve been thinking a bit about cleaning for various customers over the last few years. I won’t bother this time with the various self-cleaning fabrics, the fancy new ultrasonic bubble washing machines, or ultraviolet sterilization for hospitals, even though those are all very important areas.  I won’t even focus on using your old sonic toothbrush heads in warm water with a little detergent to clean the trickier areas of your porcelain collectibles, though that does work much better than I thought it would.

I will instead introduce a new idea for the age of internet of things.

When you put your clothes into a future washing machine, it will also debug, back up, update and run all the antivirus and other security routines to sanitize the IoT stuff in them.

You might also have a box with thew same functions that you can put your portable devices or other things that can’t be washed.

The trouble with internet of things, the new name for the extremely old idea of chips in everything, is that you can put chips in everything, and there is always some reason for doing so, even if it’s only for marking it for ownership purposes. Mostly there are numerous other reasons so you might even find many chips or functions running on a single object. You can’t even keep up with all the usernames and passwords and operating system updates for the few devices you already own. Having hundreds or thousands of them will be impossible if there isn’t an easy way of electronically sanitizing them and updating them. Some can be maintained via the cloud, and you’ll have some apps for looking after some subgroups of them. But some of those devices might well be in parts of your home where the signals don’t penetrate easily. Some will only be used rarely. Some will use batteries that run down and get replaced. Others will be out of date for other reasons. Having a single central device that you can use to process them will be useful.

The washing machine will likely be networked anyway for various functions such as maintenance, energy negotiations and program downloads for special garments. It makes sense to add electronic processing for the garments too. They will be in the machine quite a long time so download speed shouldn’t be a problem, and each part of the garment comes close to a transmitter or sensor each time it is spun around.

A simple box is easy to understand and easy to use too. It might need ports to plug into but more likely wireless or optical connections would be used. The box could electromagnetically shield the device from other interference or security infiltration during processing to make sure it comes out clean and safe and malware free as well as fully updated. A common box means only having to program your preferences once too.

There would still be some devices that can’t be processed either in a box or in a washing machine. Examples such as smart paints or smart light bulbs or smart fuses would all be easier to process using networked connections, and they may well be. Some might prefer a slightly more individual approach, so pointing a mobile device at them would single them out from others in the vicinity. This sort of approach would also allow easier interrogation of the current state, diagnostics or inspection.

Whatever way internet of things goes, cleaning will take on a new and important dimension. We already do it as routine PC maintenance but removing malware and updating software will soon become a part of our whole house cleaning routine.

The future of beetles

Onto B then.

One of the first ‘facts’ I ever learned about nature was that there were a million species of beetle. In the Google age, we know that ‘scientists estimate there are between 4 and 8 million’. Well, still lots then.

Technology lets us control them. Beetles provide a nice platform to glue electronics onto so they tend to fall victim to cybernetics experiments. The important factor is that beetles come with a lot of built-in capability that is difficult or expensive to build using current technology. If they can be guided remotely by over-riding their own impulses or even misleading their sensors, then they can be used to take sensors into places that are otherwise hard to penetrate. This could be for finding trapped people after an earthquake, or getting a dab of nerve gas onto a president. The former certainly tends to be the favored official purpose, but on the other hand, the fashionable word in technology circles this year is ‘nefarious’. I’ve read it more in the last year than the previous 50 years, albeit I hadn’t learned to read for some of those. It’s a good word. Perhaps I just have a mad scientist brain, but almost all of the uses I can think of for remote-controlled beetles are nefarious.

The first properly publicized experiment was 2009, though I suspect there were many unofficial experiments before then:

There are assorted YouTube videos such as

A more recent experiment:

Big beetles make it easier to do experiments since they can carry up to 20% of body weight as payload, and it is obviously easier to find and connect to things on a bigger insect, but obviously once the techniques are well-developed and miniaturization has integrated things down to single chip with low power consumption, we should expect great things.

For example, a cloud of redundant smart dust would make it easier to connect to various parts of a beetle just by getting it to take flight in the cloud. Bits of dust would stick to it and self-organisation principles and local positioning can then be used to arrange and identify it all nicely to enable control. This would allow large numbers of beetles to be processed and hijacked, ideal for mad scientists to be more time efficient. Some dust could be designed to burrow into the beetle to connect to inner parts, or into the brain, which obviously would please the mad scientists even more. Again, local positioning systems would be advantageous.

Then it gets more fun. A beetle has its own sensors, but signals from those could be enhanced or tweaked via cloud-based AI so that it can become a super-beetle. Beetles traditionally don’t have very large brains, so they can be added to remotely too. That doesn’t have to be using AI either. As we can also connect to other animals now, and some of those animals might have very useful instincts or skills, then why not connect a rat brain into the beetle? It would make a good team for exploring. The beetle can do the aerial maneuvers and the rat can control it once it lands, and we all know how good rats are at learning mazes. Our mad scientist friend might then swap over the management system to another creature with a more vindictive streak for the final assault and nerve gas delivery.

So, Coleoptera Nefarius then. That’s the cool new beetle on the block. And its nicer but underemployed twin Coleoptera Benignus I suppose.


Technology 2040: Technotopia denied by human nature

This is a reblog of the Business Weekly piece I wrote for their 25th anniversary.

It’s essentially a very compact overview of the enormous scope for technology progress, followed by a reality check as we start filtering that potential through very imperfect human nature and systems.

25 years is a long time in technology, a little less than a third of a lifetime. For the first third, you’re stuck having to live with primitive technology. Then in the middle third it gets a lot better. Then for the last third, you’re mainly trying to keep up and understand it, still using the stuff you learned in the middle third.

The technology we are using today is pretty much along the lines of what we expected in 1990, 25 years ago. Only a few details are different. We don’t have 2Gb/s per second to the home yet and AI is certainly taking its time to reach human level intelligence, let alone consciousness, but apart from that, we’re still on course. Technology is extremely predictable. Perhaps the biggest surprise of all is just how few surprises there have been.

The next 25 years might be just as predictable. We already know some of the highlights for the coming years – virtual reality, augmented reality, 3D printing, advanced AI and conscious computers, graphene based materials, widespread Internet of Things, connections to the nervous system and the brain, more use of biometrics, active contact lenses and digital jewellery, use of the skin as an IT platform, smart materials, and that’s just IT – there will be similarly big developments in every other field too. All of these will develop much further than the primitive hints we see today, and will form much of the technology foundation for everyday life in 2040.

For me the most exciting trend will be the convergence of man and machine, as our nervous system becomes just another IT domain, our brains get enhanced by external IT and better biotech is enabled via nanotechnology, allowing IT to be incorporated into drugs and their delivery systems as well as diagnostic tools. This early stage transhumanism will occur in parallel with enhanced genetic manipulation, development of sophisticated exoskeletons and smart drugs, and highlights another major trend, which is that technology will increasingly feature in ethical debates. That will become a big issue. Sometimes the debates will be about morality, and religious battles will result. Sometimes different parts of the population or different countries will take opposing views and cultural or political battles will result. Trading one group’s interests and rights against another’s will not be easy. Tensions between left and right wing views may well become even higher than they already are today. One man’s security is another man’s oppression.

There will certainly be many fantastic benefits from improving technology. We’ll live longer, healthier lives and the steady economic growth from improving technology will make the vast majority of people financially comfortable (2.5% real growth sustained for 25 years would increase the economy by 85%). But it won’t be paradise. All those conflicts over whether we should or shouldn’t use technology in particular ways will guarantee frequent demonstrations. Misuses of tech by criminals, terrorists or ethically challenged companies will severely erode the effects of benefits. There will still be a mix of good and bad. We’ll have fixed some problems and created some new ones.

The technology change is exciting in many ways, but for me, the greatest significance is that towards the end of the next 25 years, we will reach the end of the industrial revolution and enter a new age. The industrial revolution lasted hundreds of years, during which engineers harnessed scientific breakthroughs and their own ingenuity to advance technology. Once we create AI smarter than humans, the dependence on human science and ingenuity ends. Humans begin to lose both understanding and control. Thereafter, we will only be passengers. At first, we’ll be paying passengers in a taxi, deciding the direction of travel or destination, but it won’t be long before the forces of singularity replace that taxi service with AIs deciding for themselves which routes to offer us and running many more for their own culture, on which we may not be invited. That won’t happen overnight, but it will happen quickly. By 2040, that trend may already be unstoppable.

Meanwhile, technology used by humans will demonstrate the diversity and consequences of human nature, for good and bad. We will have some choice of how to use technology, and a certain amount of individual freedom, but the big decisions will be made by sheer population numbers and statistics. Terrorists, nutters and pressure groups will harness asymmetry and vulnerabilities to cause mayhem. Tribal differences and conflicts between demographic, religious, political and other ideological groups will ensure that advancing technology will be used to increase the power of social conflict. Authorities will want to enforce and maintain control and security, so drones, biometrics, advanced sensor miniaturisation and networking will extend and magnify surveillance and greater restrictions will be imposed, while freedom and privacy will evaporate. State oppression is sadly as likely an outcome of advancing technology as any utopian dream. Increasing automation will force a redesign of capitalism. Transhumanism will begin. People will demand more control over their own and their children’s genetics, extra features for their brains and nervous systems. To prevent rebellion, authorities will have little choice but to permit leisure use of smart drugs, virtual escapism, a re-scoping of consciousness. Human nature itself will be put up for redesign.

We may not like this restricted, filtered, politically managed potential offered by future technology. It offers utopia, but only in a theoretical way. Human nature ensures that utopia will not be the actual result. That in turn means that we will need strong and wise leadership, stronger and wiser than we have seen of late to get the best without also getting the worst.

The next 25 years will be arguably the most important in human history. It will be the time when people will have to decide whether we want to live together in prosperity, nurturing and mutual respect, or to use technology to fight, oppress and exploit one another, with the inevitable restrictions and controls that would cause. Sadly, the fine engineering and scientist minds that have got us this far will gradually be taken out of that decision process.

The future of drones – predators. No, not that one.

It is a sad fact of life that companies keep using the most useful terminology for things that don’t deserve it. The Apple retina display, which makes it more difficult to find a suitable name for direct retinal displays that use the retina directly. Why can’t they be the ones called retina displays? Or the LED TV, where the LEDs are typically just LED back-lighting for an LCD display. That makes it hard to name TVs where each pixel is actually an LED. Or the Predator drone, as definitely  not the topic of this blog, where I will talk about predator drones that attack other ones.

I have written several times now on the dangers of drones. My most recent scare was realizing the potential for small drones carrying high-powered lasers and using cloud based face recognition to identify valuable targets in a crowd and blind them, using something like a Raspberry Pi as the main controller. All of that could be done tomorrow with components easily purchased on the net. A while ago I blogged that the Predators and Reapers are not the ones you need to worry about, so much as the little ones which can attack you in swarms.

This morning I was again considering terrorist uses for the micro-drones we’re now seeing. A 5cm drone with a networked camera and control could carry a needle infected with Ebola or aids or carrying a drop of nerve toxin. A small swarm of tiny drones, each with a gram of explosive that detonates when it collides with a forehead, could kill as many people as a bomb.

We will soon have to defend against terrorist drones and the tiniest drones give the most effective terror per dollar so they are the most likely to be the threat. The solution is quite simple. and nature solved it a long time ago. Mosquitos and flies in my back garden get eaten by a range of predators. Frogs might get them if they come too close to the surface, but in the air, dragonflies are expert at catching them. Bats are good too. So to deal with threats from tiny drones, we could use predator drones to seek and destroy them. For bigger drones, we’d need bigger predators and for very big ones, conventional anti-aircraft weapons become useful. In most cases, catching them in nets would work well. Nets are very effective against rotors. The use of nets doesn’t need such sophisticated control systems and if the net can be held a reasonable distance from the predator, it won’t destroy it if the micro-drone explodes. With a little more precise control, spraying solidifying foam onto the target drone could also immobilize it and some foams could help disperse small explosions or contain their lethal payloads. Spiders also provide inspiration here, as many species wrap their victims in silk to immobilize them. A single predator could catch and immobilize many victims. Such a defense system ought to be feasible.

The main problem remains. What do we call predator drones now that the most useful name has been trademarked for a particular model?


The Future of IoT – virtual sensors for virtual worlds

I recently acquired a point-and-click thermometer for Futurizon, which gives an instant reading when you point it at something. I will soon know more about the world around me, but any personal discoveries I make are quite likely to be well known to science already. I don’t expect to win a Nobel prize by discovering breeches of the second law of thermodynamics, but that isn’t the point. The thermometer just measures the transmission from a particular point in a particular frequency band, which indicates what temperature it is. It cost about £20, a pretty cheap stimulation tool to help me think about the future by understanding new things about the present. I already discovered that my computer screen doubles as a heater, but I suspected that already. Soon, I’ll know how much my head warms when if think hard, and for the futurology bit, where the best locations are to put thermal IoT stuff.

Now that I am discovering the joys or remote sensing, I want to know so much more though. Sure, you can buy satellites for a billion pounds that will monitor anything anywhere, and for a few tens of thousands you can buy quite sophisticated lab equipment. For a few tens, not so much is available and I doubt the tax man will agree that Futurizon needs a high end oscilloscope or mass spectrometer so I have to set my sights low. The results of this blog justify the R&D tax offset for the thermometer. But the future will see drops in costs for most high technologies so I also expect to get far more interesting kit cheaply soon.

Even starting with the frequent assumption that in the future you can do anything, you still have to think what you want to do. I can get instant temperature readings now. In the future, I may also want a full absorption spectrum, color readings, texture and friction readings, hardness, flexibility, sound absorption characteristics, magnetic field strength, chemical composition, and a full range of biological measurements, just for fun. If Spock can have one, I want one too.

But that only covers reality, and reality will only account for a small proportion of our everyday life in the future. I may also want to check on virtual stuff, and that needs a different kind of sensor. I want to be able to point at things that only exist in virtual worlds. It needs to be able to see virtual worlds that are (at least partly) mapped onto real physical locations, and those that are totally independent and separate from the real world. I guess that is augmented reality ones and virtual reality ones. Then it starts getting tricky because augmented reality and virtual reality are just two members of a cyberspace variants set that runs to more than ten trillion members. I might do another blog soon on what they are, too big a topic to detail here.

People will be most interested in sensors to pick up geographically linked cyberspace. Much of the imaginary stuff is virtual worlds in computer games or similar, and many of those have built-in sensors designed for their spaces. So, my character can detect caves or forts or shrines from about 500m away in the virtual world of Oblivion (yes, it is from ages ago but it is still enjoyable). Most games have some sort of sensors built-in to show you what is nearby and some of its properties.

Geographically linked cyberspace won’t all be augmented reality because some will be there for machines, not people, but you might want to make sensors for it all the same, for many reasons, most likely for navigating it, debugging, or for tracking and identifying digital trespass. The last one is interesting. A rival company might well construct an augmented reality presence that allows you to see their products alongside ones in a physical shop. It doesn’t have to be in a properly virtual environment, a web page is still a location in cyberspace and when loaded, that instance takes on a geographic mapping via that display so it is part of that same trespass. That is legal today, and it started many years ago when people started using Amazon to check for better prices while in a book shop. Today it is pretty ubiquitous. We need sensors that can detect that. It may be accepted today as fair competition, but it might one day be judged as unfair competition by regulators for various reasons, and if so, they’ll need some mechanism to police it. They’ll need to be able to detect it. Not easy if it is just a web page that only exists at that location for a few seconds. Rather easier if it is a fixed augmented reality and you can download a map.

If for some reason a court does rule that digital trespass is illegal, one way of easy(though expensive) way of solving it would be to demand that all packets carry a geographic location, which of course the site would know when the person clicks on that link. To police that, turning off location would need to be blocked, or if it is turned off, sites would not be permitted to send you certain material that might not be permitted at that location. I feel certain there would be better and cheaper and more effective solutions.

I don’t intend to spend any longer exploring details here, but it is abundantly clear from just inspecting a few trees that making detectors for virtual worlds will be a very large and diverse forest full of dangers. Who should be able to get hold of the sensors? Will they only work in certain ‘dimensions’ of cyberspace? How should the watchers be watched?

The most interesting thing I can find though is that being able to detect cyberspace would allow new kinds of adventures and apps. You could walk through a doorway and it also happens to double as a portal between many virtual universes. And you might not be able to make that jump in any other physical location. You might see future high street outlets that are nothing more than teleport chambers for cyberspace worlds. They might be stuffed with virtual internet of things things and not one one of them physical. Now that’s fun.


The future of prying

Prying is one side of the privacy coin, hiding being the other side.

Today, lots of snap-chat photos have been released, and no doubt some people are checking to see if there are any of people they know, and it is a pretty safe bet that some will send links to compromising pics of colleagues (or teachers) to others who know them. It’s a sort of push prying isn’t it?

There is more innocent prying too. Checking out Zoopla to see how much your neighbour got for their house is a little bit nosy but not too bad, or at the extremely innocent end of the line, reading someone’s web page is the sort of prying they actually want some people to do, even if not necessarily you.

The new security software I just installed lets parents check out on their kids online activity. Protecting your kids is good but monitoring every aspect of their activity just isn’t, it doesn’t give them the privacy they deserve and probably makes them used to being snooped on so that they accept state snooping more easily later in life. Every parent has to draw their own line, but kids do need to feel trusted as well as protected.

When adults install tracking apps on their partner’s phones, so they can see every location they’ve visited and every call or message they’ve made, I think most of us would agree that is going too far.

State surveillance is increasing rapidly. We often don’t even think of it as such, For example, when speed cameras are linked ‘so that the authorities can make our roads safer’, the incidental monitoring and recording of our comings and goings collected without the social debate. Add that to the replacement of tax discs by number plate recognition systems linked to databases, and even more data is collected. Also ‘to reduce crime’, video from millions of CCTV cameras is also stored and some is high enough quality to be analysed by machine to identify people’s movements and social connectivity. Then there’s our phone calls, text messages, all the web and internet accesses, all these need to be stored, either in full or at least the metadata, so that ‘we can tackle terrorism’. The state already has a very full picture of your life, and it is getting fuller by the day. When it is a benign government, it doesn’t matter so much, but if the date is not erased after a short period, then you need also to worry about future governments and whether they will also be benign, or whether you will be one of the people they want to start oppressing. You also need to worry that increasing access is being granted to your data to a wider variety of a growing number of public sector workers for a widening range of reasons, with seemingly lower security competence, meaning that a good number of people around you will be able to find out rather more about you than they really ought. State prying is always sold to the electorate via assurances that it is to make us safer and more secure and reduce crime, but the state is staffed by your neighbors, and in the end, that means that your neighbors can pry on you.

Tracking cookies are a fact of everyday browsing but mostly they are just trying to get data to market to us more effectively. Reading every email to get data for marketing may be stretching the relationship with the customer to the limits, but many of us gmail users still trust Google not to abuse our data too much and certainly not to sell on our business dealings to potential competitors. It is still prying though, however automated it is, and a wider range of services are being linked all the time. The internet of things will provide data collection devices all over homes and offices too. We should ask how much we really trust global companies to hold so much data, much of it very personal, which we’ve seen several times this year may be made available to anyone via hackers or forced to be handed over to the authorities. Almost certainly, bits of your entire collected and processed electronic activity history could get you higher insurance costs, in trouble with family or friends or neighbors or the boss or the tax-man or the police. Surveillance doesn’t have to be real time. Databases can be linked, mashed up, analysed with far future software or AI too. In the ongoing search for crimes and taxes, who knows what future governments will authorize? If you wouldn’t make a comment in front of a police officer or tax-man, it isn’t safe to make it online or in a text.

Allowing email processing to get free email is a similar trade-off to using a supermarket loyalty card. You sell personal data for free services or vouchers. You have a choice to use that service or another supermarket or not use the card, so as long as you are fully aware of the deal, it is your lifestyle choice. The lack of good competition does reduce that choice though. There are not many good products or suppliers out there for some services, and in a few there is a de-facto monopoly. There can also be a huge inconvenience and time loss or social investment cost in moving if terms and conditions change and you don’t want to accept the deal any more.

On top of that state and global company surveillance, we now have everyone’s smartphones and visors potentially recording anything and everything we do and say in public and rarely a say in what happens to that data and whether it is uploaded and tagged in some social media.

Some companies offer detective-style services where they will do thorough investigations of someone for a fee, picking up all they can learn from a wide range of websites they might use. Again, there are variable degrees that we consider acceptable according to context. If I apply for a job, I would think it is reasonable for the company to check that I don’t have a criminal record, and maybe look at a few of the things I write or tweet to see what sort of character I might be. I wouldn’t think it appropriate to go much further than that.

Some say that if you have done nothing wrong, you have nothing to fear, but none of them has a 3 digit IQ. The excellent film ‘Brazil’ showed how one man’s life was utterly destroyed by a single letter typo in a system scarily similar to what we are busily building.

Even if you are a saint, do you really want the pervert down the road checking out hacked databases for personal data on you or your family, or using their public sector access to see all your online activity?

The global population is increasing, and every day a higher proportion can afford IT and know how to use it. Networks are becoming better and AI is improving so they will have greater access and greater processing potential. Cyber-attacks will increase, and security leaks will become more common. More of your personal data will become available to more people with better tools, and quite a lot of them wish you harm. Prying will increase geometrically, according to Metcalfe’s Law I think.

My defense against prying is having an ordinary life and not being famous or a major criminal, not being rich and being reasonably careful on security. So there are lots of easier and more lucrative targets. But there are hundreds of millions of busybodies and jobsworths and nosy parkers and hackers and blackmailers out there with unlimited energy to pry, as well as anyone who doesn’t like my views on a topic so wants to throw some mud, and their future computers may be able to access and translate and process pretty much anything I type, as well as much of what I say and do anywhere outside my home.

I find myself self-censoring hundreds of times a day. I’m not paranoid. There are some people out to get me, and you, and they’re multiplying fast.




Estimating IoT value? Count ALL the beans!

In this morning’s news:

£1.6M investment by UK Technology Strategy Board in Internet-of-Things HyperCat standard, which the article says will add £100Bn to the UK economy by 2020.

Garnter says that IoT has reached the hype peak of their adoption curve and I agree. Connecting machines together, and especially adding networked sensors will certainly increase technology capability across many areas of our lives, but the appeal is often overstated and the dangers often overlooked. Value should not be measured in purely financial terms either. If you value health, wealth and happiness, don’t just measure the wealth. We value other things too of course. It is too tempting just to count the most conspicuous beans. For IoT, which really just adds a layer of extra functionality onto an already technology-rich environment, that is rather like estimating the value of a chili con carne by counting the kidney beans in it.

The headline negatives of privacy and security have often been addressed so I don’t need to explore them much more here, but let’s look at a couple of typical examples from the news article. Allowing remotely controlled washing machines will obviously impact on your personal choice on laundry scheduling. The many similar shifts of control of your life to other agencies will all add up. Another one: ‘motorists could benefit from cheaper insurance if their vehicles were constantly transmitting positioning data’. Really? Insurance companies won’t want to earn less, so motorists on average will give them at least as much profit as before. What will happen is that insurance companies will enforce driving styles and car maintenance regimes that reduce your likelihood of a claim, or use that data to avoid paying out in some cases. If you have to rigidly obey lots of rules all of the time then driving will become far less enjoyable. Having to remember to check the tyre pressures and oil level every two weeks on pain of having your insurance voided is not one of the beans listed in the article, but is entirely analogous the typical home insurance rule that all your windows must have locks and they must all be locked and the keys hidden out of sight before they will pay up on a burglary.

Overall, IoT will add functionality, but it certainly will not always be used to improve our lives. Look at the way the web developed. Think about the cookies and the pop-ups and the tracking and the incessant virus protection updates needed because of the extra functions built into browsers. You didn’t want those, they were added to increase capability and revenue for the paying site owners, not for the non-paying browsers. IoT will be the same. Some things will make minor aspects of your life easier, but the price of that will that you will be far more controlled, you will have far less freedom, less privacy, less security. Most of the data collected for business use or to enhance your life will also be available to government and police. We see every day the nonsense of the statement that if you have done nothing wrong, then you have nothing to fear. If you buy all that home kit with energy monitoring etc, how long before the data is hacked and you get put on militant environmentalist blacklists because you leave devices on standby? For every area where IoT will save you time or money or improve your control, there will be many others where it does the opposite, forcing you to do more security checks, spend more money on car and home and IoT maintenance, spend more time following administrative procedures and even follow health regimes enforced by government or insurance companies. IoT promises milk and honey, but will deliver it only as part of a much bigger and unwelcome lifestyle change. Sure you can have a little more control, but only if you relinquish much more control elsewhere.

As IoT starts rolling out, these and many more issues will hit the press, and people will start to realise the downside. That will reduce the attractiveness of owning or installing such stuff, or subscribing to services that use it. There will be a very significant drop in the economic value from the hype. Yes, we could do it all and get the headline economic benefit, but the cost of greatly reduced quality of life is too high, so we won’t.

Counting the kidney beans in your chili is fine, but it won’t tell you how hot it is, and when you start eating it you may decide the beans just aren’t worth the pain.

I still agree that IoT can be a good thing, but the evidence of web implementation suggests we’re more likely to go through decades of abuse and grief before we get the promised benefits. Being honest at the outset about the true costs and lifestyle trade-offs will help people decide, and maybe we can get to the good times faster if that process leads to better controls and better implementation.

Switching people off

A very interesting development has been reported in the discovery of how consciousness works, where neuroscientists stimulating a particular brain region were able to switch a woman’s state of awareness on and off. They said: “We describe a region in the human brain where electrical stimulation reproducibly disrupted consciousness…”

The region of the brain concerned was the claustrum, and apparently nobody had tried stimulating it before, although Francis Crick and Christof Koch had suggested the region would likely be important in achieving consciousness. Apparently, the woman involved in this discovery was also missing some of her hippocampus, and that may be a key factor, but they don’t know for sure yet.

Mohamed Koubeissi and his the team at the George Washington university in Washington DC were investigating her epilepsy and stimulated her claustrum area with high frequency electrical impulses. When they did so, the woman lost consciousness, no longer responding to any audio or visual stimuli, just staring blankly into space. They verified that she was not having any epileptic activity signs at the time, and repeated the experiment with similar results over two days.

The team urges caution and recommends not jumping to too many conclusions. They did observe the obvious potential advantages as an anesthesia substitute if it can be made generally usable.

As a futurologist, it is my job to look as far down the road as I can see, and imagine as much as I can. Then I filter out all the stuff that is nonsensical, or doesn’t have a decent potential social or business case or as in this case, where research teams suggest that it is too early to draw conclusions. I make exceptions where it seems that researchers are being over-cautious or covering their asses or being PC or unimaginative, but I have no evidence of that in this case. However, the other good case for making exceptions is where it is good fun to jump to conclusions. Anyway, it is Saturday, I’m off work, so in the great words of Dr Emmett Brown in ‘Back to the future':  “Well, I figured, what the hell.”

OK, IF it works for everyone without removing parts of the brain, what will we do with it and how?

First, it is reasonable to assume that we can produce electrical stimulation at specific points in the brain by using external kit. Trans-cranial magnetic stimulation might work, or perhaps implants may be possible using injection of tiny particles that migrate to the right place rather than needing significant surgery. Failing those, a tiny implant or two via a fine needle into the right place ought to do the trick. Powering via induction should work. So we will be able to produce the stimulation, once the sucker victim subject has the device implanted.

I guess that could happen voluntarily, or via a court ordered protective device, as a condition of employment or immigration, or conditional release from prison, or a supervision order, or as a violent act or in war.

Imagine if government demands a legal right to access it, for security purposes and to ensure your comfort and safety, of course.

If you think 1984 has already gone too far, imagine a government or police officer that can switch you off if you are saying or thinking the wrong thing. Automated censorship devices could ensure that nobody discusses prohibited topics.

Imagine if people on the street were routinely switched off as a VIP passes to avoid any trouble for them.

Imagine a future carbon-reduction law where people are immobilized for an hour or two each day during certain periods. There might be a quota for how long you are allowed to be conscious each week to limit your environmental footprint.

In war, captives could have devices implanted to make them easy to control, simply turned off for packing and transport to a prison camp. A perimeter fence could be replaced by a line in the sand. If a prisoner tries to cross it, they are rendered unconscious automatically and put back where they belong.

Imagine a higher class of mugger that doesn’t like violence much and prefers to switch victims off before stealing their valuables.

Imagine being able to switch off for a few hours to pass the time on a long haul flight. Airlines could give discounts to passengers willing to be disabled and therefore less demanding of attention.

Imagine  a couple or a group of friends, or a fetish club, where people can turn each other off at will. Once off, other people can do anything they please with them – use them as dolls, as living statues or as mannequins, posing them, dressing them up. This is not an adult blog so just use your imagination – it’s pretty obvious what people will do and what sorts of clubs will emerge if an off-switch is feasible, making people into temporary toys.

Imagine if you got an illegal hacking app and could freeze the other people in your vicinity. What would you do?

Imagine if your off-switch is networked and someone else has a remote control or hacks into it.

Imagine if an AI manages to get control of such a system.

Having an off-switch installed could open a new world of fun, but it could also open up a whole new world for control by the authorities, crime control, censorship or abuse by terrorists and thieves and even pranksters.



Time Travel: Cyberspace opens a rift in the virtual time-space continuum

Dr Who should have written this but he didn’t so I have to. We keep seeing those cute little tears in space-time in episodes of the BBC’s Dr Who, that let through Daleks and Cybermen and other nasties. (As an aside, how come feminists never seem to object to the term Cybermen, even though 50% of them are made from women?). Dr Who calls them rifts, and it allegedly needs the energy of entire star systems to open and close them. So, not much use as a weapon then, but still a security issue if our universe leaks.

Sci-fi authors have recognized the obvious dangers of time-space rifts for several decades. They cause problems with causality as well. I got a Physics degree a long time ago (well, Applied Mathematics and Theoretical Physics, but all the maths was EM theory, quantum mechanics and relativity, so it was really a physics degree), but I have never really understood fully why causality is such a big deal. Sure it needs a lot of explaining if it fails, but why would an occasional causal error cause such a huge problem? The Daleks are far more worrying. **Politically incorrect joke censored**

I just wrote about time travel again. All competent physicists rightly switch on their idiot filters automatically on hearing any of the terms ‘cold fusion’, ‘telekinetic’, ‘psychic’, ‘perpetual motion machine’, ‘time travel’ or ‘global warming catastrophe’. Sorry, that last one just sort of crept in there. Time travel is not really possible, unless you’re inside a black hole or you’re talking about a particle shifting atoseconds in a huge accelerator or GPS relativistic corrections or something. A Tardis isn’t going to be here any time soon and may be impossible and never ever come. However, there is a quite real cyberspace route to quite real time travel that will become feasible around 2075, a virtual rift if you like, but no need to activate idiot filters just yet, it’s only a virtual rift, a rift in a sandbox effectively, and it won’t cause the universe to collapse or violate any known laws of physics. So, hit the temporary override button on your idiot filter. It’s a fun thought experiment that gets more and more fun the more you look at it. (Einstein invented thought experiments to investigate relativity, because he couldn’t do any real experiments with the technology of his time. We can’t verify this sort of time travel experimentally yet so thought experiment is the only mechanism available. Sadly, I don’t have Einstein’s brain to hand, but some aspects at least are open to the rest of us to explore.) The hypothesis here is that if you can make a platform that stores the state of all the minds in a system continuously over a period from A to B, and that runs all those minds continuously using a single editable record, then you can travel in time freely between A and B.  Now we need to think it through a bit to test the hypothesis and see what virtual physics we can learn from it, see how real it would be and what it would need and lead to.

I recognized on my first look at it in

that cyberspace offers a time travel cheat. The basic idea, to save you reading it now that it’s out of date, is that some time soon after 2050 – let’s take 2075 as the date that crowd-funding enables its implementation – we’ll all be able to connect our brains so well to the machine world that it will be possible to share thoughts and consciousness, sensations, effectively share bodies, live electronically until all the machines stop working, store your mind as a snapshot periodically in case you want to restore to an earlier backup and do all sorts of really fun things like swapping personalities. (You can see why it might attract the required funding so might well become real).  If that recording of your mind is complete enough, and it could be, then, you really could go back to an earlier state of yourself. More importantly, a future time tourist could access all the stored records and create an instance of your mind and chat to you and chat and interact with you from the future. This would allow future historians to do history better. Well, that’s the basic version. Our thought experiment version needs to go a bit further than that. Let’s call it the deluxe version.

If you implement the deluxe version, then minds run almost entirely on the machine world platform, and are hosted there with frequent restore points. The current state of the system is an interactive result of real-time running of all the minds held in cyberspace across the whole stored timeline. For those minds running on the deluxe version platform, there isn’t any other reality. That’s what makes up those future humans and AIs on it. Once you join the system, you can enjoy all of the benefits above and many more.

You could actually change old records and use the machines to ripple the full system-wide consequences all the way through the timeline to whenever your future today is. It would allow you to go back to visit your former self and do some editing, wouldn’t it? And in this deluxe version, the edits you make would ripple through into your later self. That’s what you get when you migrate the human mind from the Mk1 human brain platform into the machine world platform. It becomes endlessly replicable and editable. In this deluxe version, the future world really could be altered by editing the past. You may reasonably ask why we would allow any moron to allow that to be built, but that won’t affect the theoretical ability to travel in time through cyberspace.

It is very easy to see how such a system allows you to chat with someone in the past. What is less obvious, and what my excuse for a brain missed first time round, is that it also lets you travel forwards in time. How, you may reasonably ask, can you access and edit records that don’t exist yet? Well, think of it from the other direction. Someone in the future can restore any previous instance of you from any time point and talk to them, even edit them. They could do that all in some sort of time-play sandbox to save money and avoid quite a few social issues, or they could restore you fully to their time, and since the reality is just real-time emulation all rippled through nicely by the machine platform, you would suddenly appear in the future and become part of that future world. You could wander around in a future android body and do physical things in that future physical world just as if you’d always lived there. Your future self would feel they have travelled in time. But a key factor here is that it could be your future self that makes it happen. You could make a request in 2075 to your future self to bring you to the future in 2150. When 2150 arrives, you see (or might even remember) the request, you go into the archives, and you restore your old 2075 self to 2150, then you instruct deletion of all the records between 2075 and 2150 and then you push the big red button. The system runs all the changes and effects through the timeline, and the result is that you disappear in 2075, and suddenly reappear in 2150.

There would be backups of the alternative timeline, but the official and effective system reality would be that you travelled from 2075 to 2150. That will be the reality running on the deluxe system. Any other realities are just backups and records on a database. Now,so far it’s a one way trip, far better if you can have a quick trip to the future and come back. So, you’re in 2150, suppose you want to go back again. You’ve been around a while and don’t like the new music or the food or something. So before you go, you do the usual time mischief. You collect lots of really useful data about how all the latest tech works, buy the almanacs of who wins what, just like in Back to the Future, just in case the system has bugs that let you use them, and you tweak the dials again. You set the destination to 2075 and hit the big red button. The system writes your new future-wise self over your original 2075 entry, keeping a suitable backup of course. The entry used by the deluxe system is whatever is written in its working record, and that is the you that went to 2150 and back. Any other realities are just backups. So, the system ripples it all through the timeline. You start the day in 2075, have a quick trip for a week’s holiday in 2150, and then return a few minutes later. Your 2075 self will have experienced a trip to 2150 and come back, complete with all the useful data about the 2150 world. If you don’t mess with anything else, you will remember that trip until 2150, at which time you’ll grab a few friends and chat about the first time you ever did time travel.

All of the above is feasible theoretically, and none of it violates any known physics. The universe won’t collapse in a causality paradox bubble rift if you do it, no need to send for Dr Who. That doesn’t mean it isn’t without issues. It still creates a lot of the time travel issues we are so familiar with from sci-fi. But this one isn’t sci-fi – we could build it, and we could get the crowd-funding to make it real by 2075. Don’t get too excited yet though.

You could have gone further into the future than 2150 too, but there is a limit. You can only go as far as there exists a continuous record from where you are. You basically need a road that goes all the way there. If some future authority bans time travel or changes to an incompatible system, that represents a wall you can’t pass through. An even later authority could only remove that wall under certain circumstances, and only if they have the complete records, and the earlier authority might have stopped storing them or even deleted earlier ones and that would ruin any chances of doing it properly.

So, having established that it is possible, we have to ask the more serious question: how real is this time travel? Is it just a cyberspace trick with no impact on the real world? Well, in this scenario, your 2075 mind runs on the deluxe system using its 2075 record. But which one, the old one or the edited one? The edited one of course. The old version is overwritten and ceases to exist except as a backup. There remains no reality except the one you did your time travel trip in. Your time trip is real. But let’s ask a few choice questions, because reality can turn out to be just an illusion sometimes.

So, when you get home to 2075, you can print off your 2150 almanac and brag about all the new technologies you just invented from 2150. Yes?

Yes… if you implement the deluxe version.

Is there a causality paradox?


Will the world end?


But you just short-circuited technology development from 2075 to 2150?


So you can do real time travel from 2075? You’ll suddenly vanish from 2075, spend some time in 2150, and later reappear in 2075?

Yes, if you implement the deluxe version.

Well, what happens in 2150?

You’ll do all the pushing red button stuff and have a party with your friends to remember your first time trip. If you set the times right, you could even invite your old self from 2075 as a guest and wave goodbye as you* goes back to 2075.

Or you* could stay in 2150 and there’d be two of you from then on?


OK, this sounds great fun.  So when can we build this super-duper deluxe version that let’s you time travel from 2075 to 2150 and go back again.


And what happens to me between 2075 and 2150 while I wait for it to be built?

Well, you invest in the deluxe version, connect into the system, and it starts recording all its subscribers’ minds from then on, and you carry on enjoying life until 2150 arrives. Then you can travel from 2075 to 2150, retrospectively.


Well, you can travel from 2075 to whatever date in the future the deluxe system still exists. And your 2075 self will fully experience it as time travel. It won’t feel retrospective.

But you have to wait till that date before you can go there?

Yes. But you won’t remember having to wait, all the records of that will be wiped, you’ll just vanish in 2075 and reappear in 2150 or whenever.

What *insert string of chosen expletives here* use is that?

Erm…. Well…. You will still have enjoyed a nice life from 2075 to 2150 before it’s deleted and replaced.

But I won’t remember that will I?

No. But you won’t remember it when you’re dead either.

So I can only do this sort of time travel by having myself wiped off the system for all the years in between after I’ve done it? So the best way of doing that is not to bother with all the effort of living through all those years since they’re going to be deleted anyway and save all the memory and processing by just hibernation in the archives till that date arrives? So I’ll really vanish in 2075 and be restored in 2150 and feel it as time travel? And there won’t be any messy database records to clean up in between, and it will all be nice and environmentally friendly? And not having to run all those people years that would later be deleted will reduce storage and processing costs and system implementation costs dramatically?


OK, sounds a bit better again. But it’s still a fancy cyberspace hibernation scheme really isn’t it?

Well, you can travel back and forth through time as much as you like and socialize with anyone from any time zone and live in any time period. Some people from 2150 might prefer to live in 2075 and some from 2075 prefer to live in 2150. Everyone can choose when they live or just roam freely through the entire time period. A bit like that episode of Star Trek TOS where they all got sent through a portal to different places and times and mixed with societies made of others who had come the same way. You could do that. A bit like a glorified highly immersive computer game.

But what about gambling and using almanacs from the future? And inventing stuff in 2075 that isn’t really invented till 2150?

All the knowledge and data from 2150 will be there in the 2075 system so you won’t have anything new and gambling won’t be a viable industry. But it won’t be actually there until 2150. So the 2075 database will be a retrospective singularity where all of the future knowledge suddenly appears.

Isn’t that a rift in the time-space continuum, letting all the future weapons and political activists and terrorists and their plans through from 2150 to 2075? And Daleks? Some idiot will build one just for the hell of it. They’ll come through the rift too won’t they. And Cyberpersons?

It will not be without technical difficulties. And anyway, they can’t do any actual damage outside the system.

But these minds running in the system will be connected to android bodies or humans outside it. Their minds can time travel through cyberspace. Can’t they do anything nasty?

No, they can only send their minds back and connect to stuff within the system. Any androids and bodies could only be inhabited by first generation minds that belong to that physical time. They can only make use of androids or other body sharing stuff when they travel forwards through time, because it is their chosen future date where the android lives and they can arrange that. On a journey backwards, they can only change stuff running in the system.

 And that’s what stops it violating physics?


So let’s get this straight. This whole thing is great for extending your mind into cyberspace, sharing bodies, swapping personalities, changing gender or age, sharing consciousness and  some other things. But time travel is only possible for your mind that is supported exclusively in the system. And only that bit in the system can time travel. And your actual 2075 body can’t feel the effect at all or do anything about it? So it’s really another you that this all happens to and you start diverging from your other cyber-self the moment you connect. A replica of you enjoys all the benefits but it thinks it is you and feels like you and essentially is you, but not in the real world. And the original you carries on in parallel.

Correct. It is a big cyberspace bubble created over time with continuous timeline emulation, that only lets you time travel and interact within the bubble. Like an alternative universe, and you can travel in time in it. But it can only interact with the physical universe in real time at the furthermost frontier of the bubble. A frontier that moves into the future at the same speed as the rest of the local space-time continuum and doesn’t cause any physics problems or real time paradoxes outside of the system.

So it’s not REAL time travel. It’s just a sort of cyber-sandbox, albeit one that will be good fun and still worth building.

You can time travel in the parallel universe that you make in cyberspace. But it will be real within that universe. Forwards physical time travel is additionally possible in the physical universe if you migrate your mind totally into cyberspace, e.g. when you die, so you can live electronically, and even then it is really just a fancy form of hibernation. And if you travel back in time in the system, you won’t be able to interact with the physical stuff in the past, only what is running on the system. As long as you accept those limitations, you can travel in time after 2075 and live in any period supported after that.

Why do all the good things only ever happen in another universe?

I don’t know.

No physics or mathematics has knowingly been harmed during this thought experiment. No responsibility is accepted for any time-space rifts created as a result of analytical error.



The future of biometric identification and authentication

If you work in IT security, the first part of this will not be news to you, skip to the section on the future. Otherwise, the first sections look at the current state of biometrics and some of what we already know about their security limitations.


I just read an article on fingerprint recognition. Biometrics has been hailed by some as a wonderful way of determining someone’s identity, and by others as a security mechanism that is far too easy to spoof. I generally fall in the second category. I don’t mind using it for simple unimportant things like turning on my tablet, on which I keep nothing sensitive, but so far I would never trust it as part of any system that gives access to my money or sensitive files.

My own history is that voice recognition still doesn’t work for me, fingerprints don’t work for me, and face recognition doesn’t work for me. Iris scan recognition does, but I don’t trust that either. Let’s take a quick look at conventional biometrics today and the near future.

Conventional biometrics

Fingerprint recognition.

I use a Google Nexus, made by Samsung. Samsung is in the news today because their Galaxy S5 fingerprint sensor was hacked by SRLabs minutes after release, not the most promising endorsement of their security competence.

This article says the sensor is used in the user authentication to access Paypal. That is really not good. I expect quite a few engineers at Samsung are working very hard indeed today. I expect they thought they had tested it thoroughly, and their engineers know a thing or two about security. Every engineer knows you can photograph a fingerprint and print a replica in silicone or glue or whatever. It’s the first topic of discussion at any Biometrics 101 meeting. I would assume they tested for that. I assume they would not release something they expected to bring instant embarrassment on their company, especially something failing by that classic mechanism. Yet according to this article, that seems to be the case. Given that Samsung is one of the most advanced technology companies out there, and that they can be assumed to have made reasonable effort to get it right, that doesn’t offer much hope for fingerprint recognition. If they don’t do it right, who will?

My own experience with fingerprint recognition history is having to join a special queue every day at Universal Studios because their fingerprint recognition entry system never once recognised me or my child. So I have never liked it because of false negatives. For those people for whom it does work, their fingerprints are all over the place, some in high quality, and can easily be obtained and replicated.

As just one token in multi-factor authentication, it may yet have some potential, but as a primary access key, not a chance. It will probably remain be a weak authenticator.

Face recognition

There are many ways of recognizing faces – visible light, infrared or UV, bone structure, face shapes, skin texture patterns, lip-prints, facial gesture sequences… These could be combined in simultaneous multi-factor authentication. The technology isn’t there yet, but it offers more hope than fingerprint recognition. Using the face alone is no good though. You can make masks from high-resolution photographs of people, and photos could be made using the same spectrum known to be used in recognition systems. Adding gestures is a nice idea, but in a world where cameras are becoming ubiquitous, it wouldn’t be too hard to capture the sequence you use. Pretending that a mask is alive by adding sensing and then using video to detect any inspection for pulse or blood flows or gesture requests and then to provide appropriate response is entirely feasible, though it would deter casual entry. So I am not encouraged to believe it would be secure unless and until some cleverer innovation occurs.

What I do know is that I set my tablet up to recognize me and it works about one time in five. The rest of the time I have to wait till it fails and then type in a PIN. So on average, it actually slows entry down. False negative again. Giving lots of false negatives without the reward of avoiding false positives is not a good combination.

Iris scans

I was a subject in one of the early trials for iris recognition. It seemed very promising. It always recognized me and never confused me with someone else. That was a very small scale trial though so I’d need a lot more convincing before I let it near my bank account. I saw the problem of replication an iris using a high quality printer and was assured that that couldn’t work because the system checks for the eye being alive by watching for jitter and shining a light and watching for pupil contraction. Call me too suspicious but I didn’t and don’t find that at all reassuring. It won’t be too long before we can make a thin sheet high-res polymer display layered onto a polymer gel underlayer that contracts under electric field, with light sensors built in and some software analysis for real time response. You could even do it as part of a mask with the rest of the face also faithfully mimicking all the textures, real-time responses, blood flow mimicking, gesture sequences and so on. If the prize is valuable enough to justify the effort, every aspect of the eyes, face and fingerprints could be mimicked. It may be more Mission Impossible than casual high street robbery but I can’t yet have any confidence that any part of the face or gestures would offer good security.


We hear frequently that DNA is a superbly secure authenticator. Every one of your cells can identify you. You almost certainly leave a few cells at the scene of a crime so can be caught, and because your DNA is unique, it must have been you that did it. Perfect, yes? And because it is such a perfect authenticator, it could be used confidently to police entry to secure systems.

No! First, even for a criminal trial, only a few parts of your DNA are checked, they don’t do an entire genome match. That already brings the chances of a match down to millions rather than billions. A chance of millions to one sounds impressive to a jury until you look at the figure from the other direction. If you have 1 in 70 million chance of a match, a prosecution barrister might try to present that as a 70 million to 1 chance that you’re guilty and a juror may well be taken in. The other side of that is that 100 people of the 7 billion would have that same 1 in 70 million match. So your competent defense barrister should  present that as only a 1 in 100 chance that it was you. Not quite so impressive.

I doubt a DNA system used commercially for security systems would be as sophisticated as one used in forensic labs. It will be many years before an instant response using large parts of your genome could be made economic. But what then? Still no. You leave DNA everywhere you go, all day, every day. I find it amazing that it is permitted as evidence in trials, because it is so easy to get hold of someone’s hairs or skin flakes. You could gather hairs or skin flakes from any bus seat or hotel bathroom or bed. Any maid in a big hotel or any airline cabin attendant could gather packets of tissue and hair samples and in many cases could even attach a name to them.  Your DNA could be found at the scene of any crime having been planted there by someone who simply wanted to deflect attention from themselves and get someone else convicted instead of them. They don’t even need to know who you are. And the police can tick the crime solved box as long as someone gets convicted. It doesn’t have to be the culprit. Think you have nothing to fear if you have done nothing wrong? Think again.

If someone wants to get access to an account, but doesn’t mind whose, perhaps a DNA-based entry system would offer good potential, because people perceive it as secure, whereas it simply isn’t. So it might not be paired with other secure factors. Going back to the maid or cabin attendant. Both are low paid. A few might welcome some black market bonuses if they can collect good quality samples with a name attached, especially a name of someone staying in a posh suite, probably with a nice account or two, or privy to valuable information. Especially if they also gather their fingerprints at the same time. Knowing who they are, getting a high res pic of their face and eyes off the net, along with some voice samples from videos, then making a mask, iris replica, fingerprint and if you’re lucky also buying video of their gesture patterns from the black market, you could make an almost perfect multi-factor biometric spoof.

It also becomes quickly obvious that the people who are the most valuable or important are also the people who are most vulnerable to such high quality spoofing.

So I am not impressed with biometric authentication. It sounds good at first, but biometrics are too easy to access and mimic. Other security vulnerabilities apply in sequence too. If your biometric is being measured and sent across a network for authentication, all the other usual IT vulnerabilities still apply. The signal could be intercepted and stored, replicated another time, and you can’t change your body much, so once your iris has been photographed or your fingerprint stored and hacked, it is useless for ever. The same goes for the other biometrics.

Dynamic biometrics

Signatures, gestures and facial expressions offer at least the chance to change them. If you signature has been used, you could start using a new one. You could sign different phrases each time, as a personal one-time key. You could invent new gesture sequences. These are really just an equivalent to passwords. You have to remember them and which one you use for which system. You don’t want a street seller using your signature to verify a tiny transaction and then risk the seller using the same signature to get right into your account.

Summary of status quo

This all brings us back to the most basic of security practice. You can only use static biometrics safely as a small part of a multi-factor system, and you have to use different dynamic biometrics such as gestures or signatures on a one time basis for each system, just as you do with passwords. At best, they provide a simple alternative to a simple password. At worst, they pair low actual security with the illusion of high security, and that is a very bad combination indeed.

So without major progress, biometrics in its conventional meaning doesn’t seem to have much of a future. If it is not much more than a novelty or a toy, and can only be used safely in conjunction with some proper security system, why bother at all?

The future

You can’t easily change your eyes or your DNA or you skin, but you can add things to your body that are similar to biometrics or interact with it but offer the flexibility and replaceability of electronics.

I have written frequently about active skin, using the skin as a platform for electronics, and I believe the various layers of it offer the best potential for security technology.

Long ago, RFID chips implants became commonplace in pets and some people even had them inserted too. RFID variants could easily be printed on a membrane and stuck onto the skin surface. They could be used for one time keys too, changing each time they are used. Adding accelerometers, magnetometers, pressure sensors or even location sensors could all offer ways of enhancing security options. Active skin allows easy combination of fingerprints with other factors.


Ultra-thin and uninvasive security patches could be stuck onto the skin, and could not be removed without damaging them, so would offer a potentially valuable platform. Pretty much any kinds and combinations of electronics could be used in them. They could easily be made to have a certain lifetime. Very thin ones could wash off after a few days so could be useful for theme park entry during holidays or for short term contractors. Banks could offer stick on electronic patches that change fundamentally how they work every month, making it very hard to hack them.

Active skin can go inside the skin too, not just on the surface. You could for example have an electronic circuit or an array of micro-scale magnets embedded among the skin cells in your fingertip. Your fingerprint alone could easily be copied and spoofed, but not the accompanying electronic interactivity from the active skin that can be interrogated at the same time. Active skin could measure all sorts of properties of the body too, so personal body chemistry at a particular time could be used. In fact, medical monitoring is the first key development area for active skin, so we’re likely to have a lot of body data available that could make new biometrics. The key advantage here is that skin cells are very large compared to electronic feature sizes. A decent processor or memory can be made around the size of one skin cell and many could be combined using infrared optics within the skin. Temperature or chemical gradients between inner and outer skin layers could be used to power devices too.

If you are signing something, the signature could be accompanied by a signal from the fingertip, sufficiently close to the surface being signed to be useful. A ring on a finger could also offer a voluminous security electronics platform to house any number of sensors, memory and processors.

Skin itself offers a reasonable communications route, able to carry a few Mbit’s of data stream, so touching something could allow a lot of data transfer very quickly. A smart watch or any other piece of digital jewelry or active skin security patch could use your fingertip to send an authentication sequence. The watch would know who you are by constant proximity and via its own authentication tools. It could easily be unauthorized instantly when detached or via a remote command.

Active makeup offer a novel mechanism too. Makeup will soon exist that uses particles that can change color or alignment under electronic control, potentially allowing video rate pattern changes. While that makes for fun makeup, it also allows for sophisticated visual authentication sequences using one-time keys. Makeup doesn’t have to be confined only to the face of course, and security makeup could maybe be used on the forearm or hands. Combining with static biometrics, many-factor authentication could be implemented.

I believe active skin, using membranes added or printed onto and even within the skin, together with the use of capsules, electronic jewelry, and even active makeup offers the future potential to implement extremely secure personal authentication systems. This pseudo-biometric authentication offers infinitely more flexibility and changeability than the body itself, but because it is attached to the body, offers much the same ease of use and constant presence as other biometrics.

Biometrics may be pretty useless as it is, but the field does certainly have a future. We just need to add some bits. The endless potential variety of those bits and their combinations makes the available creativity space vast.