Saturday, March 26, 2016

Are we heading towards a singularity of crime?

On the 8th August 1963, a gang of fifteen men boarded the Royal Mail train heading from London to Glasgow. They were there to carry out a robbery. In the end, they made off with £2.6 million (approximately £46 million in today’s money). The robbery had been meticulously planned. Using information from a postal worker (known as “the Ulsterman”), the gang waylaid the train at a signal crossing in Ledburn, Buckinghamshire. They put a covering over the green light at the signal crossing and used a six-volt battery to switch on the red light. When one of the train’s crew went to investigate, they overpowered him and boarded the train. They used no firearms in the process, though they did brutally beat the train driver, Jack Mills. Most of the gang were arrested and sent to jail, but the majority of the money was never recovered. It was known as the ‘Great Train Robbery’.

In November and December 2013, the US-retailer Target suffered a major data breach. Using malware made by a 17 year-old Russian hacker, a criminal gang managed to steal data (including credit card numbers) from over 110 million Target customers. The total cost of the breach is difficult to estimate. Figures suggest that the criminals made up to $54 million selling the credit card data on the black market; the breach is likely to have cost financial institutions around $200 million in cancelling and reissuing cards (Target have themselves entered into settlements with credit card companies costing at least $67 million); it had a significant impact on Target’s year end profits in 2013; and they promised to spend over $100 million upgrading their security systems.

So in fifty years we went from a gang of 15 meticulously planning and executing a train robbery in order to steal £2.6 million, to a group of hackers using malware manufactured by a single Russian teen, stealing customer data without having to leave their own homes, with an estimated cost of over $350 million.

These two stories are taken from Marc Goodman’s eye-opening book Future Crimes. In the book, Goodman uses the dramatic leap in the scale of criminal activity — illustrated by these two stories — to make an interesting observation. He argues that the exponential growth in networking technology may be leading us toward a ‘crime singularity’. The phrase is something of a throwaway in the book, and Goodman never fully explains what he means. But it intrigued me when I read it. And so, in this post, I want to delve into the concept of a crime singularity in a little more depth. I’ll do so in three phases. First, I’ll look to other uses of the term ‘singularity’ in debates about technology and see if they provide any pointers for understanding what a crime singularity might be. Second, I’ll outline what I take to be Goodman’s case for the crime singularity. And third, I’ll offer some evaluations of that case.

1. What would a singularity of crime look like?
I’m going to start with the basics. The term ‘singularity’ is bandied about quite a bit in conversations about technology and the human future. It originates in mathematics and physics and is used in those disciplines to describe a point at which a mathematical object is not well-defined or well-behaved. The typical example from physics is the gravitational singularity. This is something that occurs in black holes and represents a point in space time at which gravitational forces approach infinity. The normal laws of spacetime breakdown at this point. Hence, objects that are represented in the central equations of physics are no longer well-behaved.

The physicist and science fiction author Vernor Vinge co-opted the term in a 1993 essay to describe something he called the ‘technological singularity’. He explained this as a hypothetical point in the not-too-distant human future when we would be able to create superhuman artificial intelligence. In this he was hearkening back to IJ Good’s famous argument about an intelligence explosion. The idea is that if we manage to create greater-than-human AI, then that AI will be able to create even greater AI, and pretty soon after you would get an ‘explosion’: ever more intelligent AI being created by previous generations of AI. Vinge suggested that at this point the ‘human era’ would be over: all the concepts, values and ideas we hold dear may cease to be important. Hence, the point in time at which we create the first superintelligence is a point at which everything becomes highly unpredictable. We cannot really ‘see’ beyond this point and guess what the world will be like. In this sense, Vinge’s singularity is akin to the gravitational singularity in a black hole: you cannot see beyond the event horizon of the black hole, and into the gravitational singularity, either.

Ray Kurzweil took Vinge’s idea and expanded upon it greatly in his 2006 book The Singularity is Near. He linked it to exponential improvements in information technology (originally identified by Gordon Moore and immortalised in the eponymous Moore’s Law). Using graphs that depicted these exponential improvements, he tried to predict the point in history when we would reach the prediction horizon, settling on the year 2045. Kurzweil’s imagined singularity involved the fusion of man with machine as well as the creation of superhuman artificial intelligence. One of his infamous graphs is depicted below.

Culling from the work of Vinge and Kurzweil, I think it is fair to say that the term ‘singularity’, when used in debates about technology, appeals to one or both of the following:

Exponential Growth: The improvements in some technology (or related phenomenon) are exponential, i.e. they proceed relatively linearly at first but then enter a phase of rapid takeoff (e.g. the doubling in the thickness when you repeatedly fold a piece of paper in half). This may eventually be followed by a leveling-off or plateau, resulting in an ’S-curve’. The classic example in technology is Moore’s law which describes the doubling in the number of transistors that can be put on an integrated circuit every 2 years.

Prediction/Control Horizon: Once the improvements enter their rapid takeoff phase, it becomes almost impossible to predict, understand or control some phenomenon of interest. In the intelligence explosion case, the oft-expressed fear is that it will become impossible to control the superintelligent AI and that this AI may act in a way that is contrary to what we value.

I take it that references to a ‘crime singularity’ must involve similar appeals. In particular, I take it that there must be some reference to the exponential growth in a technology or related pheomenon (though the ‘exponential’ nature of this growth may be more metaphorical than real), and that this must lead to some unpredictability or lack of control when it comes to criminal activity. Is this actually the case? Let’s look at Goodman’s claims.

2. The Case for a Crime Singularity
Crime is a tricky concept. There are many theories about what makes something criminal and debates about whether certain activities should be criminalised. I’ve explored some of them in my previous work. I want to keep things simple here and so I’ll stick to two main categories of crime: theft (i.e. the stealing of property and identity) and violent attack (including terrorist acts, murder and so forth). Goodman’s case for the crime singularity focuses on these types of activity so limiting ourselves to these two categories is not too debilitating.

What then is the crime singularity? The technological basis for it seems reasonably clear. It is the rapid growth in networked technology or, more simply, connectivity. Every computer in the world is now, ostensibly, capable of communicating with every other computer. We rely on computer-based systems to carry out many day-to-day transactions: financial and credit card records are stored on the systems held by major banks and retailers. We also rely on computerised control systems to manage much of the critical infrastructure in society, from electricity to water to public transport. If the internet of things (IOT) takes off, there will be an even more rapid increase in connectivity. Every ‘thing’ in the world will become connected to internet. This growth in connectivity may or may not be exponential (I haven’t plotted it mathematically) but it certainly seems like it is. I discussed this in a previous post on the internet of things.

What are the actual implications of this exponential growth in connectivity for criminal activity? Two are highlighted in Goodman’s work. The first is the impact on the scale of criminal activity. With near-total connectivity it becomes possible for relatively small criminal gangs to target more and more people. This is highlighted by the opening stories contrasting the Great Train Robbery with the Target data breach. In fifty years the scale of theft increased dramatically. A single attack can affect hundreds of millions of people. The Target breach is far from being the largest in history. There have been larger breaches since 2013. The second implication has to do with vulnerability to crime. Goodman doesn’t define this concept precisely in the book, but I think it could be defined to mean ‘lifetime risk of being a victim of crime’. The claim in this respect is that once “everything is connected, everyone is vulnerable” (2015, 69). The lifetime probability of being a victim effectively approaches 1.

You can plot these two consequences of increased connectivity on graphs similar to those used by Kurzweil. I have done this below. These are very rough-and-ready. They are not intended to actually represent any real data or to predict when we will reach the crime singularity. Rather, they are intended to give a sense of the relationship between the variables that seems to be animating Goodman’s concerns (connectivity and scale; and connectivity and vulnerability).

Assuming the relationships depicted on these graphs is accurate does it point to a crime singularity? Do we reach some sort of prediction/control horizon when connectivity crosses a certain threshold? Maybe. Once connectivity is absolute, it may become almost impossible to predict when and where criminal activity is taking place, and to stop it from happening. We might all be permanent and potential victims of crime. We might then live in a radically different world. The era of criminality we have grown to know and love will have come to an end.

3. Evaluating the Case for the Crime Singularity
I find the idea of crime singularity fascinating. I think it is plausible to believe that connectivity leads to the kinds scale and vulnerability problems Goodman mentions, and I think this does lead to a different reality. But I’m not sure how radically different it is and I’m not sure if the analogy with the technological singularity holds. I want to close with three critical comments.

First, let’s deal with an obvious point. Connectivity has already brought considerable benefits to our lives, mainly in terms of convenience, access to knowledge/goods/services/expertise, and efficiency. Many tout the benefits of increased connectivity through the internet of things. The question is going to be whether these benefits outweigh the putative costs of increased vulnerability and scale. I think we’re already voting with our feet (or our actions) in this regard. Although Target may have suffered some reputation damage in the aftermath of the 2013 data breach, I doubt that it has stopped people from shopping there or from continuing to share their personal information via computer networks. That may not mean too much — one of the central lessons of Goodman’s book is that we don’t really appreciate how vulnerable we are — but this lack of appreciation is itself significant. It suggests that people are continuing on as they were in the face of these threats. People may simply adapt to the constant threat. They may treat it like any other mundane risk.

Second, some people may wonder why we can’t simply build greater security into our connected technologies in order to combat the problems of vulnerability and scale. They might argue that these technologies are a double-edged sword. They make us more vulnerable but they also increase our ability to detect and respond to crime. Better surveillance and monitoring via sensory devices will allow us to identify and respond to likely threats with greater ease. Better firewalls will allow us to keep the hackers out. There may be some room for optimism on this front, but two important caveats should be issued. The first is simply that building better security systems is exceptionally difficult. As Goodman points out, there is a serious asymmetry of power when it comes to the relationship between the system designers who are building the defences and the hackers:

Asymmetry problem: ‘[T]he defender must build a perfect wall to keep out all intruders, while the offense need find only one chink in the armor through which to attack.’ (Goodman 2015, 44)

And, of course, it is essentially impossible to build a perfect wall. This is exacerbated by the increasing complexity of the underlying technology. Goodman illustrates this vividly by reference to the number of lines of code (LOC) needed to build modern software systems. The software used in the Apollo moon missions contained only 145,000 LOC; Microsoft Office 2013 contained 45 million LOC. Each new line of code represents a new potential site for a hack. In other words, the asymmetry problem grows with the complexity of the technology.

The other problem with those who put their faith in better security is that this will come at a cost. We could indeed use the machinery of the IOT to surveil and respond to crime, but this comes at a significant cost to our privacy and autonomy. Are we willing to incur that cost? That’s a question we are currently asking ourselves.

This brings me to the final critical comment. Some people might be pretty sceptical of everything that has been said in this article. While they may accept that we are heading towards greatly increased connectivity, they may doubt that this changes things all that much. Surely we are already always potential victims of crime? Every time I leave my house (or stay in it) I am a potential victim of crime. Someone could attack me, break into my property, steal my stuff and so on. Does anything really change with increased connectivity? Similarly, the scale issues that Goodman mentions are nothing new. Since the dawn of the atomic bomb we have had technology with the potential to dramatically alter the future of life for all of humanity. Is anything different now?

I think the answer is ‘yes, sort of’. I agree that we are already always vulnerable; and I agree that the scale of potential damage has been high for quite some time. What seems to be different with the advent of increased connectivity is that the means and opportunity for criminality have increased. If everything is connected to everything else; and hacking techniques and malware are readily shared online; then everyone (in theory) has the potential to commit a crime on everyone else.

1 comment:

  1. Hi John, Im a Criminologist based in the US (Georgia State University). This is a very interesting take. I work with a number of other scholars on the topic of future crime. I have recently written (with a colleague) a paper on the notion of "crime exponentiation". I'd appreciate hearing your thoughts. You can read it here:

    We are putting together a conference in London next year. Might be a good opportunity to meet up.