Moore’s law really is dead this time

Moore’s law really is dead this time
The chip industry is no longer going to treat Gordon Moore’s law as the target to aim for.
By Peter Bright
Feb 10 2016

Moore’s law has died at the age of 51 after an extended illness.

In 1965, Intel co-founder Gordon Moore made an observation that the number of components in integrated circuits was doubling every 12 months or so. Moreover, as this site wrote extensively about in 2003, that the number of transistors per chip that resulted in the lowest price per transistor was doubling every 12 months. In 1965, this meant that 50 transistors per chip offered the lowest per-transistor cost; Moore predicted that by 1970, this would rise to 1,000 components per chip, and that the price per transistor would drop by 90 percent.

With a little more data and some simplification, this observation became “Moore’s law”: the number of transistors per chip would double every 12 months.

Gordon Moore’s observation was not driven by any particular scientific or engineering necessity. It was a reflection on just how things happened to turn out. The silicon chip industry took note and started using it not merely as a descriptive, predictive observation, but as a prescriptive, positive law: a target that the entire industry should hit.

Hitting this target didn’t happen by accident. Building a silicon chip is a complex process, and it uses machinery, software, and raw materials that are sourced from a number of different companies. To ensure that all the different players are aligned and working on compatible timetables to preserve Moore’s law, the industry has published roadmaps laying out the expected technologies and transitions that will be needed to preserve Moore’s law. The Semiconductor Industry Association, a predominantly North American group that includes Intel, AMD, TSMC, GlobalFoundries, and IBM, started publishing roadmaps in 1992, and in 1998 the SIA joined up with similar organizations around the world to produce the International Technology Roadmap for Semiconductors. The most recent roadmap was published in 2013.

Problems with the original formulation of Moore’s law became apparent at an early date. In 1975, with more empirical data available, Gordon Moore himself updated the law to have a doubling time of 24 months rather than the initial 12. Still, for three decades, simple geometric scaling—just making everything on a chip smaller—enabled steady shrinks and conformed with Moore’s prediction.

In the 2000s, it was clear that this geometric scaling was at an end, but various technical measures were devised to keep pace of the Moore’s law curves. At 90nm, strained silicon was introduced; at 45nm, new materials to increase the capacitance of each transistor layered on the silicon were introduced. At 22nm, tri-gate transistors maintained the scaling.

But even these new techniques were up against a wall. The photolithography process used to transfer the chip patterns to the silicon wafer has been under considerable pressure: currently, light with a 193 nanometre wavelength is used to create chips with features just 14 nanometres. The oversized light wavelength is not insurmountable but adds extra complexity and cost to the manufacturing process. It has long been hoped that extreme UV, with a 13.5nm wavelength, will ease this constraint, but production-ready EUV technology has proven difficult to engineer.

Even with EUV, it’s unclear just how much further scaling is even possible; at 2nm, transistors would be just 10 atoms wide, and it’s unlikely that they’d operate reliably at such a small scale. Even if these problems were resolved, the specter of power usage and dissipation looms large: as the transistors are packed ever tighter, dissipating the energy that they use becomes ever harder.

The new techniques, such as strained silicon and tri-gate transistors, took more than a decade to put in production. EUV has been talked about for longer still. There’s also a significant cost factor. There’s a kind of undesired counterpart to Moore’s law, Rock’s law, which observes that the cost of a chip fabrication plant doubles every 4 years. Technology may provide ways to further increase the number of transistors packed into a chip, but the manufacturing facilities to build these chips may be prohibitively expensive—a situation compounded by the growing use of smaller, cheaper processors.


UK politicians green-light plans to record every citizen’s internet history

UK politicians green-light plans to record every citizen’s internet history
But recommend that no encryption backdoors should be installed
By James Vincent

Surveillance legislation proposed by the UK last November has been examined in detail by the country’s politicians, with a new report recommending 86 alterations, but broadly approving the powers requested by the government. The parliamentary committee scrutinizing the draft Investigatory Powers Bill said that companies like Apple and Facebook should not be required to decrypt messages sent on their services, but approved plans to record every UK citizen’s browsing history for 12 months. The committee also gave a thumbs up to the bulk retention of data, and the targeted hacking of individuals’ computers, known as “equipment interference.”

The Investigatory Powers Bill will be the first legislation to fully codify digital surveillance in the UK, and has been dubbed the “snoopers’ charter” by critics (a name used to refer to similar laws rejected a few years ago). The Bill has been attacked by ISPs, privacy advocates, the UN, and the world’s largest tech companies, with critics agreeing that the Bill is being rushed into law and that its wording is confusing. Critics point to portions of the law like the statement that “data includes any information that is not data.” The UK’s home secretary and the Bill’s principal architect, Theresa May, later explained that this was supposed to refer to things like paper.

This latest report repeats these complaints, stressing the need for clarity in the Bill’s language. However, it also gives its approval to a number of controversial items. The report’s authors says that the bulk interception and surveillance should be “fully justified” in a rewrite of the legislation, and notes that although these powers might contravene the EU’s right to privacy, “security and intelligence agencies would not seek these powers if they did not believe they would be effective.” This is despite the fact that this sort of mass surveillance (already in place, of course, just not officially legislated) has often proven to be ineffective, as with last year’s terrorist attacks in Paris.

Similarly, the committee found no faults with the government’s plans to force ISPs to store users’ web history for 12 months at a time. This information (known as Internet Connection Records or ICRs) would be available to police without a warrant, with the report noting: “We heard a good case from law enforcement and others about the desirability of having such a scheme. We are satisfied that the potential value of ICRs could outweigh the intrusiveness involved in collecting and using them.”

Evidence submitted to the committee pointed out that these records would reveal “sensitive information” about citizens’ political, religious, and sexual preferences, as well their health and daily activities, while ISPs noted that storing this data securely would be a “technical challenge.” Experts also testified to the difficulty of sorting this data, as many apps like Facebook and Twitter keep a near-constant connection to the internet, and internet users can access sites they’re not aware of. One expert noted that he created a blog with a “tiny one-pixel image in the corner” that showed up as on visitors’ internet history.


Climate change and urbanization are spurring outbreaks of mosquito-borne diseases like Zika

Climate change and urbanization are spurring outbreaks of mosquito-borne diseases like Zika
This outbreak is just the latest
By Loren Grush
Feb 10 2016

The recent Zika virus outbreak has alarmed public health officials by expanding its range — but it’s not alone. It’s just the latest in a number of mosquito-borne illness to spread beyond their endemic areas in recent years. Experts say that the combination of a number of factors have ignited their rapid spread: climate change, urbanization, and easy access to travel. That means outbreaks of this kind are here to stay, and could potentially get even worse.

For most of its existence, Zika was more or less isolated to Asia and Africa. Since its discovery in the 1940s through 2007, there are records of only 14 people with infections. Now, though, the virus is expanding at lightning speed throughout South and Central America; somewhere between 500,000 and 1.5 million have been infected in Brazil alone since early 2015.

The outbreak is reminiscent of dengue, which was once considered a mainly Asian disease; it has taken hold in the tropical Americas, becoming a big problem in the years since the 1990s. Incidences of dengue have increased 30-fold in the past 50 years, and the World Health Organization estimates there are 50 million cases worldwide each year. A state of emergency was just declared in Hawaii over a recent dengue outbreak. But it’s not just Zika or dengue — other mosquito-borne illnesses, including Chikungunya, West Nile, and Japanese encephalitis virus are gaining ground, too. And it’s thanks to rising temperatures and a growing population that’s more mobile than ever before. “Everyone is acting like Zika is new, but it’s just the latest in a series of similar events,” says Bill Reisen, a zoologist at UC San Diego.

Now these viruses, once foreign to the Americas, pose a substantial concern for developing nations in the region. (Developing nations have fewer resources to implement mosquito control initiatives, which might hinder the diseases’ spread in humans). That’s not the only problem, though. Doctors in the Americas are unfamiliar with these diseases. “The doctors we train in all the universities in the US are not exposed to these diseases, so there’s no research about it,” says Eliseo Eugenin, of the Public Health Research Institute Center at Rutgers University. But Eugenin and Reisen agree that these outbreaks are only going to continue, and soon scientists are going to have start paying attention.


US intelligence chief: we might use the internet of things to spy on you

US intelligence chief: we might use the internet of things to spy on you
James Clapper did not name specific agency as being involved in surveillance via smart-home devices but said in congressional testimony it is a distinct possibility
By Spencer Ackerman and Sam Thielman in New York
Feb 9 2016

The US intelligence chief has acknowledged for the first time that agencies might use a new generation of smart household devices to increase their surveillance capabilities.

As increasing numbers of devices connect to the internet and to one another, the so-called internet of things promises consumers increased convenience – the remotely operated thermostat from Google-owned Nest is a leading example. But as home computing migrates away from the laptop, the tablet and the smartphone, experts warn that the security features on the coming wave of automobiles, dishwashers and alarm systems lag far behind.

In an appearance at a Washington thinktank last month, the director of the National Security Agency, Adm Michael Rogers, said that it was time to consider making the home devices “more defensible”, but did not address the opportunities that increased numbers and even categories of connected devices provide to his surveillance agency.

However, James Clapper, the US director of national intelligence, was more direct in testimony submitted to the Senate on Tuesday as part of an assessment of threats facing the United States.

“In the future, intelligence services might use the [internet of things] for identification, surveillance, monitoring, location tracking, and targeting for recruitment, or to gain access to networks or user credentials,” Clapper said. 

Clapper did not specifically name any intelligence agency as involved in household-device surveillance. But security experts examining the internet of things take as a given that the US and other surveillance services will intercept the signals the newly networked devices emit, much as they do with those from cellphones. Amateurs are already interested in easily compromised hardware; computer programmer John Matherly’s search engine Shodan indexes thousands of completely unsecured web-connected devices.

Online threats again topped the intelligence chief’s list of “worldwide threats” the US faces, with the mutating threat of low-intensity terrorism quickly following. While Clapper has for years used the equivocal term “evolving” when asked about the scope of the threat, he said Tuesday that Sunni violent extremism “has more groups, members, and safe havens than at any other point in history”.

The Islamic State topped the threat index, but Clapper also warned that the US-backed Saudi war in Yemen was redounding to the benefit of al-Qaida’s local affiliate. 

Domestically, “homegrown extremists” are the greatest terrorist threat, rather than Islamic State or al-Qaida attacks planned from overseas. Clapper cited the San Bernardino and Chattanooga shootings as examples of lethal operations emanating from self-starting extremists “without direct guidance from [Isis] leadership”.

US intelligence officials did not foresee Isis suffering significant setbacks in 2016 despite a war in Syria and Iraq that the Pentagon has pledged to escalate. The chief of defense intelligence, Marine Lt Gen Vincent Stewart, said the jihadist army would “probably retain Sunni Arab urban centers” in 2016, even as military leaders pledged to wrest the key cities of Raqqa and Mosul from it. 

Contradicting the US defense secretary, Ashton Carter, Stewart said he was “less optimistic in the near term about Mosul”, saying the US and Iraqi government would “certainly not” retake it in 2016.


Google computers qualify as drivers in automated cars, US government says

Google computers qualify as drivers in automated cars, US government says
Alphabet convinces federal transportation safety board that the software in its self-driving cars is considered the driver, not the human inside
By Danny Yadron in San Francisco
Feb 9 2016

Google has managed to persuade the US government that the tech company’s computers – rather than humans – should be defined as the “drivers” of a growing fleet of autonomous vehicles.

In a significant precedent for Google and other companies developing autonomous car technology, the National Highway Transportation Safety Administration (NHTSA) has ruled that the software behind some automated cars should be considered the driver.

The decision was contained in a letter that was sent from the federal agency to Google, now a unit within a wider company named Alphabet. 

For automakers, the agency’s ruling is a key step in being able to mass-produce self-driving vehicles and sell them to consumers. And on a philosophical level, it’s the most high-profile instance in which a federal agency has said a computer fits the legal definition of a human.

The lengthy document was in response to a request submitted in a November by Google to see how federal safety regulations – such as rules about seats, mirrors and brake pedals – would apply to a self-driving car. The government agency sets and enforces safety standards for US vehicles. 

Google wanted to know, for example, if its autonomous vehicles had to abide by a rule that requires vehicles to have an “occupant seat for the driver”.

The government agency responded that, because it interprets the term “driver” as the self-driving system, “the ‘driver’ in this provision would not need an occupant seat”.

Google’s cars “will not have a ‘driver’ in the traditional sense that vehicles have had drivers during the last more than one hundred years,” the NHTSA wrote in the letter, which was sent last week and unearthed by Reuters on Tuesday. “If no human occupant of the vehicle can actually drive the vehicle, it is more reasonable to identify the ‘driver’ as whatever (as opposed to whoever) is doing the driving.”

Tech firms and automakers have been experimenting with self-driving cars for years. They can often be seen on the roads around Google’s Silicon Valley campus – though usually with a human ready to take the controls if needed.

But these vehicles have operated in a patchwork of state, local and federal regulations. If any automaker wanted to mass produce a driverless car to sell to consumers, it would need approval from the NHTSA.

Google in many ways has led a race among tech firms and automakers to bring driverless cars to the masses. Other competitors include Tesla, General Motors and Toyota. Uber, the ride-hailing app, has a research facility in Pittsburgh, Pennsylvania, working on technology that could replace its fleet of human drivers.

Google says its cars have self-driven more than 1m test miles, with trips in California, Texas and Washington state. Its latest model lacks a steering wheel and a brake lever.


Obama wants you to join CyberCorps Reserve to help feds get their act together

Obama wants you to join CyberCorps Reserve to help feds get their act together
A full scholarship comes with multi-year commitment to battle entrenched bureaucracy. 
By Sean Gallagher
Feb 9 2016

Today, the Obama administration released the president’s Cybersecurity National Action Plan (CNAP), a set of executive actions and budget requests that seeks to fix federal agencies’ information security woes. The plan aims to spur broader efforts to protect citizens’ privacy and the security of the nation’s businesses and infrastructure from criminals and other threats. And it starts off by creating a commission to figure out how to do that.

The Federal government’s information security posture, as demonstrated by the Office of Personnel Management breach last year, is at best antiquated and at worst horrific in its inadequacy. The CNAP looks to rapidly infuse money into efforts to modernize the decrepit information security systems at agencies such as the Social Security Administration, which as President Obama wrote in an op-ed piece published today by the Wall Street Journal, “uses systems and code from the 1960s. No successful business could operate this way.”

To make the fixes, the Obama administration is asking for over $19 billion in spending scattered across the proposed 2017 budget and is making a number of immediate moves that require funding now—$3.1 billion for an Information Technology Modernization Fund and to pay a new Federal Chief Information Security Officer (with a salary of between $123,175 and $185,100 a year, Top Secret/SCI clearance required—apply by February 26 if interested).

But getting anything directed by a new Federal CISO to actually stick will require a culture change within government and actual internal proficiency in a field that the government has relied heavily upon contractors to provide over the past two decades. It will take an army. To that end, buried within the more than $19 billion in overall spending is something called the CyberCorps Reserve program: a scholarship program for cyber-warriors.

The $62 million educational fund is a sort of Reserve Officer Training Corps program for “for Americans who wish to obtain cybersecurity education and serve their country in the civilian Federal government.” An extension of the already-established National Science Foundation’s and Department of Homeland Security’s CyberCorps Scholarship for Service program, students can get full scholarships and stipends for cybersecurity undergradute or graduate programs in exchange for an agreement to work for the feds for a period equal to the length of the scholarship.

Already got your degree? If you’re a cybersecurity expert and you come to work for the government, under Obama’s proposal, you’ll get any federal student loans forgiven. Technically, the government already does this for anyone under the Public Service Loan Forgiveness plan–it’s not clear whether the CNAP goes further than that program, which requires 10 years of service.


House bill would kill state, local bills that aim to weaken smartphone crypto

House bill would kill state, local bills that aim to weaken smartphone crypto
Bi-partisan legislation likely to be thorn in law enforcement’s “Going Dark” side.
By Cyrus Farivar
Feb 10 2016

On Wednesday, Rep. Ted Lieu (D-Calif.) and Rep. Blake Farenthold (R-Texas) introduced a new bill in Congress that attempts to halt state-level efforts that would weaken encryption.

The federal bill comes just weeks after two nearly-identical state bills in New York state and California proposed to ban the sale of modern smartphones equipped with strong crypto that cannot be unlocked by the manufacturer. If the state bills are signed into law, current iPhone and Android phones would need to be substantially redesigned for those two states.

Lieu and Farenthold’s federal bill would need to pass both the House of Representatives and the Senate as well as be signed by the president in order to take effect. If that happens before the state bills are enacted, it would pre-empt them.

Lieu told Ars late Tuesday night by phone that the introduction of those two state bills got his attention, especially the one in his home state.

“When the New York state legislator introduced the bill, I was somewhat concerned—but he was a Republican in a Democratic legislature,” he said. “But when a Democratic state legislator introduced a similar bill then I got very concerned. I’m very aware that it’s controlled by Democrats, and he could very easily get his bill passed.”

Lieu, himself a former California state senator, noted that while he respects his law enforcement colleagues and their interest in solving crimes, recent events solidify his argument.

“It’s very clear to me that the people who are asking for a backdoor encryption key do not understand the technology,” he added. “You cannot have a backdoor key for the FBI. Either hackers will find that key or the FBI will let it get stolen. As you saw it the [Department of Justice] just got hacked. The [Office of Personnel Management] got hacked multiple times. If our federal government cannot keep 20 million extremely sensitive security records, I don’t see how our government can keep encryption keys safe.”

Short and sweet

The “Ensuring National Constitutional Rights for Your Private Telecommunications Act of 2016” (“ENCRYPT Act”) reads, in its entirety, as follows:

A State or political subdivision of a State may not mandate or request that a manufacturer, developer, seller, or provider of covered products or services—

(1) design or alter the security functions in its product or service to allow the surveillance of any user of such product or service, or to allow the physical search of such product, by any agency or instrumentality of a State, a political subdivision of a State, or the United States; or

(2) have the ability to decrypt or otherwise render intelligible information that is encrypted or otherwise rendered unintelligible using its product or service.

Privacy advocates largely applauded the new bill.
“I think we have lawmakers at both the state and federal levels who are listening to the experts when they say that it’s not possible to force providers and manufacturers to provide access to encrypted data without simultaneously undermining encryption,” Andrew Crocker, an attorney at the Electronic Frontier Foundation, told Ars.