Niels Bohr was right about predictions
There’s been much talk of predictions lately, for some reason. Since I don’t sell anything, I almost never make them, but I did offer two predictions early in 2010, during the germination phase of a project a colleague was working on. Since these sort of meet Adam’s criteria by having both numbers and dates, I figured I’d share.
With minor formatting changes, the following is from my email of April, 2010.
Prediction 1
Regulation E style accountholder liability limitation will be extended to commercial accountholders with assets below some reasonably large value by 12/31/2010. Why: ACH and wire fraud are an increasingly large, and increasingly public, problem. Financial institutions will accept regulation in order to preserve confidence in on-line channel.
WRONG!
Prediction 2
An episode of "state-sponsored SSL certificate fraud/forgery" will make the public press. Why: There is insufficient audit of the root certs that browser vendors innately trust, making it sufficiently easy for a motivated attacker to "build insecurity in" by getting his untrustworthy root cert trusted by default. The recent Mozilla kerfuffle over CNNIC is an harbinger of this[1]. Similarly, Chris Soghoian's recent work[2] will increase awareness of this issue enough to result in a governmental actor who has done it being exposed.
Right!
But only because for this one I forgot to put in a date (I meant to also say “by 12/31/2010”, which makes this one
I was motivated to make this post because I once again came across Soghoian’s paper just the other day (I think he cited it in a blog post I was reading). He really nailed it. I predict he’ll do so again in 2012.
“But only because for this one I forgot to put in a date (I meant to also say “by 12/31/2010?, which makes this one WRONG! too.”
I’m not so sure that it didn’t happen before the end of 2010 but was unreported. So give yourself 5/10 at least!