The simultaneous rise and convergence of key technologies is finally accelerating the development of capabilities we dreamed about decades ago: virtual reality (VR) and artificial intelligence (AI).
Mobile computing, advances in battery technology and new displays such as 0rganic light-emitting diodes (OLEDs) have put supercomputers in the palm of our hand. When that isn’t enough, we simply reach for cloud services and elastic computing from vendors like Microsoft Azure.
Both the promotion and accessibility of software development education through open source is giving rise to a whole new generation of developers who have relatively limitless computing resources to bring their ideas to fruition. It’s truly a great time to be a software engineer with an idea.
We’re already seeing critical mass in the computing industry. In 2014 Facebook acquired VR company Oculus VR and identified it as a key platform for its future. Facebook also released a number of AI tools with capabilities ranging from image processing to deriving the meaning of text. These tools are released as open source, and public contributions are encouraged.
Google has been experimenting with VR for a while, introducing a consumer-targeted VR viewer called Google Cardboard in 2014. A Google Cardboard VR viewer costs between $15 and $30, and with a smartphone, users can have a relatively satisfying VR experience. Again, its continued growth is fueled in part by the open-source community of software engineers and has brought VR to the masses.
Google’s AI ventures also have progressed at an aggressive pace. Its DeepMind AlphaGo program leveraged its AI capabilities to beat a human player at the board game go, which is recognized as being more fluid and complex than chess. Obviously, Google’s AI research is far richer than gaming (research.google.com), and is being integrated into all of its services, including self-driving cars.
Google also recently released one of its machine-learning tools, TensorFlow, as open source, and it is being adapted for use on mobile devices, such as iPhones.
As a geek at heart and hobbyist software developer, I find this extremely exciting. As an information security professional, I’m apprehensive about this accelerated growth and rapid pace of adoption. I’m reminded of vulnerabilities only recently identified in software that initially was developed decades ago.
For example, the Shellshock vulnerability, which affected most Unix-based systems, was publicly identified and reported in 2014 but is suspected to have existed since 1989. The Heartbleed vulnerability affected the open-source encryption software OpenSSL, which has been used by most computing systems for nearly 20 years to securely transmit banking and other sensitive information over the internet.
Due to its wide adoption, when Heartbleed was publicly reported in 2014, millions of servers and core software applications that service millions of users had to be upgraded because sensitive information was at risk. Of course, without these less than perfect technologies, we wouldn’t have had the economic, technological and societal benefits we enjoy today.
VR systems and AI are driven by software written by humans, and humans have yet to master the ability to write and implement perfect software code that’s 100 percent secure and incorruptible. History has shown us that one small bug or an inadvertent coding mistake can have an impact 20 years later, costing businesses millions of dollars, creating risk and requiring substantial man-hours to resolve.
This is not a call to stop progress. Rather, this is a reminder to demand security diligence as VR and AI begin to take over technology mind-share in all our products and services.
How is the source code for these technologies being scrutinized for security flaws and protected from hackers? Are the computer networks and data centers secure? Are the AI open-source projects moderated and vetted properly before being integrated into production systems? What are the testing criteria?
AI, in particular, has raised concerns prompting science and technology leaders including Stephen Hawking, Elon Musk and Bill Gates to publicly call for cautious approaches to research to ensure that society holistically benefits, and to avoid the pitfalls of relying on machine-based decision-making and rationality.
As consumers of these software technologies, we should continue to require security assurances and be deliberate when and how we use them.
Michael Miranda, director of information security at Hawaiian Telcom, holds current Global Information Assurance Certification (GIAC) and is a Systems and Network Auditor (GSNA), a Certified Intrusion Analyst (GCIA) and Certified Forensic Analyst (GCFA). Reach him at michael.miranda@hawaiiantel.com.