Proposed EU Rule Would Allow Citizens to Seek Restitution for Harmful AI
October 10, 2022
It looks like the European Commission is taking the potential for algorithms to cause harm seriously. The Register reports, “Europe Just Might Make it Easier for People to Sue for Damage Caused by AI Tech.” Vice-president for values and transparency V?ra Jourová frames the measure as a way to foster trust in AI technologies. Apparently EU officials believe technical innovation is helped when the public knows appropriate guardrails are in place. What an interesting perspective. Writer Katyanna Quach describes:
“The proposed AI Liability Directive aims to do a few things. One main goal is updating product liability laws so that they effectively cover machine-learning systems and lower the burden-of-proof for a compensation claimant. This ought to make it easier for people to claim compensation, provided they can prove damage was done and that it’s likely a trained model was to blame. This means someone could, for instance, claim compensation if they believe they’ve been discriminated against by AI-powered recruitment software. The directive opens the door to claims for compensation following privacy blunders and damage caused by poor safety in the context of an AI system gone wrong. Another main aim is to give people the right to demand from organizations details of their use of artificial intelligence to aid compensation claims. That said, businesses can provide proof that no harm was done by an AI and can argue against giving away sensitive information, such as trade secrets. The directive is also supposed to give companies a clear understanding and guarantee of what the rules around AI liability are.”
Officials hope such clarity will encourage developers to move forward with AI technologies without the fear of being blindsided by unforeseen allegations. Another goal is to build the current patchwork of AI standards and legislation across Europe into a cohesive set of rules. Commissioner for Justice Didier Reynders declares citizen protection top priority, stating, “technologies like drones or delivery services operated by AI can only work when consumers feel safe and protected.” Really? I’d like to see US officials tell that to Amazon.
Cynthia Murrell, October 10, 2022
The FCC Springs into Action Regarding IS Ps
October 10, 2022
The easiest way to describe the COVID-19 pandemic is that it sucked. People died, paychecks were cut, pandemic pets were returned to shelters, and now no one wants to leave their houses. An even worse side effect is that bad actors filed false claims with US government offices to receive relief funds. Light Reading explains how bad actors took advantage of of the Affordable Connectivity Program (ACP): “FCC Inspector General Says ‘Dozens’ Of ISPs Claimed Fraudulent ACP Funds.”
The FCC Office of Inspector General (OIG) noted that a dozen broadband providers (ISPs) fraudulently enrolled for ACPs. The bad-acting ISPs enrolled a single individual multiple times for ACP reimbursements amounting to thousands of dollars. The scams were conducted in Texas, Ohio, Alabama, and Oklahoma; the latter turned out to be the worst offender. ISPs are responsible for ensuring which households are eligible under the ACP rules. The government is cracking down on fraud:
“Following the release of the report, the Wireline Competition Bureau published a public notice outlining new steps it’s implementing to “limit opportunities for waste, fraud, and abuse” with the ACP. As per the notice, the Universal Service Administrative Company (USAC) is improving the measures it uses to verify BQPs [benefit qualifying person] as well as instituting processes to hold payments and de-enroll households that used the same BQP.”
A total of $14.2 billion was allotted to the ACP, but less than half of that amount is reaching those who truly need the assistance:
“According to an ACP dashboard from the Institute for Local Self-Reliance (ILSR) and Community Networks, just 13 million qualifying households in the US are enrolled out of an eligible 37 million, or 36.5% of the population. That includes 40% of eligible Oklahomans, where the FCC report cites its most egregious example of ACP fraud.”
ACP funding is predicted to run out by March 2025 and if enrollment is boosted by 50% that money is gone by April 2024.
The ACP needs more funds and needs to weed out fraudulent claims. At the rate the US government acts, it is going to take a long time to do either. It will probably be faster than Mexico’s, France’s, and India’s notoriously slow governments.
Whitney Grace, October 10, 2022
Open Source Intelligence: Tool Browsing One at a Time
October 8, 2022
The research team for my forthcoming monograph about the invisible Web uses a number of open source intelligence tools. The problem we are solving is reducing the difficulty associated with learning a new OSINT tool. Whenever you have a moment, click on the OSINTFix button, and take a look at what we consider a useful resource. When you spot a tool you like, just bookmark it.
I want to point out that one of the popular sections in our lectures is profiles of OSINT tools. One click displays a tool. What do these tools do? Some make it easy to find where an email address been used Others provide domain information. Some make it easy to automate certain queries or making it easier to search Google. There are more than 3,000 tools in our database.
Click on the button, and the service will open a new tab in your browser showing the OSINT tool, software, resource, or service. Note that some tools are not free. Please, notice that there are no ads, no embarrassing Guardian- and Vox-like pleas for for money, and no dark patterns.
Stephen E Arnold, October 10, 2022
The Confessions of Saint Ad-gustine
October 7, 2022
I read an interesting and at times amusing “confession.” A crime? No, more like soft fraud.
The write up is called “A Lot of Waiting, Watching and Partying while Rome burns’: Confessions of an Ad Tech Exec on the Third-Party Cookie Delay.”
I learned:
Ad tech is probably the least customer empathetic industry… it seems like there are a lot of agencies not asking pointed questions because they don’t want pointed answers. It’s kind of like, “I didn’t hear that,” like they want to take things at face value out of either ignorance or self preservation.
Perhaps the fraud is not that soft: Less Charmin and more casino. The players are the house (co-owned by some well known Big Tech outfits), the middle facilitators (the anonymous ad tech expert perhaps), and the people with money to buy ads stuffed in front of the users who presumably will buy something).
The write up presents:
But it feels like you’re in the middle of a river with a very strong current heading in a very specific direction. At best, you’ll be able to hold on to this rock for a while. It’s not like where it was before. You’re never going to be able to get to where you were before. Anyone that tells you they can get you there is probably lying or doing something illegal. It’s only a matter of time before you fall asleep and let go of the rock.
I think this means people or something will die or just smash a leg or jaw. Death of injury. Nice.
Is there a bright spot in online advertising? Sure, it wouldn’t be an anonymous revelation without some hope. Saint Augustine counted on a higher power, maybe a bit like a Google-type outfit?
Here’s the cloud with the silver lining:
It’s not all doom and gloom. There are people doing interesting things, working to incrementally fix stuff. But it’s only a matter of time. People aren’t going to be like, “You know what? Less privacy is a great idea!” Consumers are never going to do that. No one is ever going to be happy about that. I would like the industry to get over its own delusions and meaningfully embrace something that works for publishers, works for ad tech companies, works for advertisers and level-set expectations as a new norm.
Moving. Will the confessions of Saint Ad-gustine be studied for centuries? Sure, ad tech wizards are into centuries as long as the inventory is sold and replenished in seconds.
Stephen E Arnold, October 7, 2022
The New York Times Discovers Misinformation
October 7, 2022
Fake news, misinformation, and conspiracy theories are never going to stop. In the past, fake news was limited to rumors, gossip, junk rags at the grocery store check-out counter, and weird newsletters. Now this formerly niche “news” industry is a lucrative market with the Internet and constant need to capture audiences. The New York Times braved the media trenches to discover new insights about this alluring and dangerous field in: “A Journey Into The Misinformation Fever Swamps.”
Several New York Times writers make their living tracking news fraudsters, such as Tiffany Hsu, Sheera Frenkel, and Stuart A. Thompson. The conversation between the author and these three centers around hot topic issues. When it comes to the new 2022 election cycle, the same misinformation spread during the 2016 election is circling. The topics include voter fraud and how foreign powers are interfering with the election process.
What the three interviewees and the author found alarming is how predominant misinformation is and how bad actors exploit it for profit. It is alarming how much power misinformation yearly gains:
“America’s own disinformation problem has only gotten much worse. About 70 percent of Republicans suspect fraud in the 2020 presidential election. That’s millions and millions of people. They are extremely devoted to these theories, based on hardly any evidence, and will not be easily swayed to another perspective. That belief created a cottage industry of influencers, conferences and organizations devoted to converting the conspiracy theory into political results, including running candidates in races from election board to governor and passing laws that limit voting access.
And it’s working.’
There is mutual agreement that social media companies are not in a good place with misinformation, but they should be responsible for moderating information posted on their platforms. Social media platforms assisted the spread of misinformation during COVID and the past two elections. They should invest in content moderation programs to keep facts clear.
Content moderation programs walk the fine line between freedom of speech and censorship, but the old example of crying wolf is apt. It would be great if loudmouth Karens and Kevins were shut down.
Whitney Grace, October 7, 2022
ISPs: The Tension Is Not Resolved
October 7, 2022
The deck is stacked against individual consumers, but sometimes the law favors them such as in a recent case in Maine. The Associate Press shared the good news in the story, “Internet Service Providers Drop Challenge Of Privacy Laws.” Maine has one of the strictest Internet privacy laws and it prevents service providers from using, selling, disclosing, or providing access to consumers’ personal information without their consent.
Industry associations and corporations armed with huge budgets and savvy lawyers sued the state claiming the law violated their First Amendment rights. A judge rejected the lawsuit, protecting the little guy. The industry associations agreed to pay $55,000 the state accrued protecting the law. The ACLU helped out as well:
“Supporters of Maine’s law include the ACLU of Maine, which filed court papers in the case in favor of keeping the law on the books. The ACLU said in court papers that the law was ‘narrowly drawn to directly advance Maine’s substantial interests in protecting consumers’ privacy, freedom of expression, and security.’
Democratic Gov. Janet Mills has also defended the law as “common sense.”
Maine is also the home of another privacy law that regulates the use of facial recognition technology. That law, which came on the books last year, has also been cited as the strictest of its kind in the U.S.”
This is yet another example of corporate America thinking about profits over consumer rights and protections. There is a drawback, however: locating criminals. Many modern criminal cases are solved with access to a criminal’s Internet data. Bad actors forgo their rights when they commit crimes, so they should not be protected by these laws. The unfortunate part is that some people disagree.
How about we use this reasoning: the average person is protected by everyone that participates in sex trafficking, pedophilia, and stealing tons of money are not protected by the law. The basic black and white text should do to the truck
Whitney Grace, October 7, 2022
Russia: Inconsistent Cyber Attack Capabilities
October 7, 2022
Do you remember that Microsoft’s president Brad Smith opined that the SolarWinds’ misstep required about 1,000 engineers? I do. Let’s assume those engineers then turned their attention to compromising Ukraine as part of a special military operation.
“Failure of Russia’s Cyber Attacks on Ukraine Is Most Important Lesson for NCSC” presents information I found interesting about Mr. Smith’s SolarWinds’ remark. [The NCSC is the United Kingdom’s National Cyber Security Council.’
Here’s the key passage from the write up:
Ukrainian cyber defences, IT security industry support and international collaboration have so far prevented Russian cyber attacks from having their intended destabilising impact during Russia’s invasion of Ukraine.
The write up also points out that a cyber content marketing campaign designed to undermine Ukraine’s leadership was also not effective.
Okay, but, Mr. Smith said that Russia was able to coordinate the efforts of 1,000 individuals to breach SolarWinds’ security and create considerable distress among some in commercial enterprises and other organizations.
How could Ukraine resist this type of capable force? I have no idea. I prefer to flip the information around and ask, “Why did SolarWinds’ security yield so easily?” Did Russia put more effort into breaching SolarWinds than fighting a kinetic war? Yeah, sure it did.
Maybe the 1,000 programmer idea was hand waving and blame shifting? Microsoft cannot make printers work. Why would Microsoft security be much better?
Stephen E Arnold, September 2022
LinkedIn: What Is the Flavor Profile of Poisoned Data?
October 6, 2022
I gave a lecture to some law enforcement professionals focused on cyber crime. In that talk, I referenced three OSINT blind spots; specifically:
- Machine generated weaponized information
- Numeric strings which cause actions within a content processing system
- Poisoned data.
This free and public blog is not the place for the examples I presented in my lecture. I can, however, point to the article “Glut of Fake LinkedIn Profiles Pits HR Against the Bots.”
The write up states:
A recent proliferation of phony executive profiles on LinkedIn is creating something of an identity crisis for the business networking site, and for companies that rely on it to hire and screen prospective employees. The fabricated LinkedIn identities — which pair AI-generated profile photos with text lifted from legitimate accounts — are creating major headaches for corporate HR departments and for those managing invite-only LinkedIn groups.
LinkedIn is a Microsoft property, and it — like other Microsoft “solutions” — finds itself unable to cope with certain problems. In this case, I am less interested in “human resources”, chief people officers, or talent manager issues than the issue of poisoning a data set.
LinkedIn is supposed to provide professionals with a service to provide biographies, links to articles, and a semi-blog function with a dash of TikTok. For some, whom I shall not name, it has become a way to preen, promote, and pitch.
But are those outputting the allegedly “real” information operating like good little sixth grade students in a 1950s private school?
Nope.
The article suggests three things to me:
- Obviously Microsoft LinkedIn is unable to cope with this data poisoning
- Humanoid professionals (and probably the smart software scraping LinkedIn for “intelligence”) have no way to discern what’s square and what’s oval
- The notion that this is a new problem is interesting because many individuals are pretty tough to track down. Perhaps these folks don’t exist and never did?
Does this matter? Sure, Microsoft / LinkedIn has to do some actual verification work. Wow. Imagine that. Recruiters / solicitors will have to do more than send a LinkedIn message and set up a Zoom call. (Yeah, Teams is a possibility for some I suppose.) What about analysts who use LinkedIn as a source information?
Interesting question.
Stephen E Arnold, October 6, 2022
The Push for Synthetic Data: What about Poisoning and Bias? Not to Worry
October 6, 2022
Do you worry about data poisoning, use of crafted data strings to cause numerical recipes to output craziness, and weaponized information shaped by a disaffected MBA big data developer sloshing with DynaPep?
No. Good. Enjoy the outputs.
Yes. Too bad. You lose.
For a rah rah, it’s sunny in Slough look at synthetic data, read “Synthetic Data Is the Safe, Low-Cost Alternative to Real Data That We Need.”
The sub title is:
A new solution for data hungry AIs
And the sub sub title is:
Content provided by IBM and TNW.
Let’s check out what this IBM content marketing write up says:
One example is Task2Sim, an AI model built by the MIT-IBM Watson AI Lab that creates synthetic data for training classifiers. Rather than teaching the classifier to recognize one object at a time, the model creates images that can be used to teach multiple tasks. The scalability of this type of model makes collecting data less time consuming and less expensive for data hungry businesses.
What are the downsides of synthetic data? Downsides? Don’t be silly:
Synthetic data, however it is produced, offers a number of very concrete advantages over using real world data. First of all, it’s easier to collect way more of it, because you don’t have to rely on humans creating it. Second, the synthetic data comes perfectly labeled, so there’s no need to rely on labor intensive data centers to (sometimes incorrectly) label data. Third, it can protect privacy and copyright, as the data is, well, synthetic. And finally, and perhaps most importantly, it can reduce biased outcomes.
There is one, very small, almost miniscule issue stated in the write up; to wit:
As you might suspect, the big question regarding synthetic data is around the so-called fidelity — or how closely it matches real-world data. The jury is still out on this, but research seems to show that combining synthetic data with real data gives statistically sound results. This year, researchers from MIT and the MIT-IBM AI Watson Lab showed that an image classifier that was pretrained on synthetic data in combination with real data, performed as well as an image classifier trained exclusively on real data.
I loved the “seems to show” phrase I put in bold face. Seems is such a great verb. It “seems” almost accurate.
But what about that disaffected MBA developer fiddling with thresholds?
I know the answer to this question, “That will never happen.”
Okay, I am convinced. You know the “we need” thing.
Stephen E Arnold, October 6, 2022
High-Speed Internet in Rural America? No, the Map Is Not the Territory
October 6, 2022
One would expect the United States government to have a detailed map of the country’s broadband services. A map of this nature provides valuable information and insights for many federal departments. Ars Technica reports differently in the article: “FCC Has Obtained Detailed Broadband Maps From ISPs For The First Time Ever.”
The Federal Communications Commission Chairwoman Jessica Rosenworcel stated that her organization has conducted a years-long process of collecting the necessary information to create an exhaustive broadband map. This map contains extensive location-by-location information on precisely where all broadband services are available.
Past broadband service maps were based on the Form 477 data-collection program that counted one census block as broadband accessible even if only one location was served. The new maps will help distribute funds from the Broadband Equity, Access, and Deployment program that Congress established in the Infrastructure Investment and Jobs Act.
Rosenworcel is determined to close the availability gap for Internet services, especially in rural and under-serviced areas. The first edition of the map will then be constantly updated based on new data:
“The FCC is continuing to improve the location dataset’s accuracy ‘through additional data sources, such as LIDAR data and new satellite and aerial imagery sources, as they become available,’ Rosenworcel wrote. The FCC also set up a process for broadband providers to submit new data as they upgrade and expand networks. ‘When the first draft is released, it will provide a far more accurate picture of broadband availability in the United States than our old maps ever did,’ Rosenworcel wrote. ‘That’s worth celebrating. But our work will in no way be done. That’s because these maps are iterative. They are designed to be updated, refined, and improved over time.’”
It is almost the end of 2022, the Internet has been around since the mid-1990, and the US government is finally getting around to a detailed ISP map? Why did it take so long? It makes sense that when the technology was new it was hard to collect data, but it could still have been done. They could have used telephone records when the Internet was still on dial-up, then when it transitioned to other services they could have asked companies to submit their data. If companies refused to share their data, that is when the government would impose fees and subpoena the information.
The information could have been overlaid, then with big data, all these algorithms could have been used to analyze the information. Automation might have been installed to keep the map updated. Surely it would have been cheaper compared to other federal programs. I bet they have detailed broadband maps in other countries, especially the smaller ones with high standards of living. Or not. Bureaucracy is notoriously slow everywhere.
Whitney Grace, October 6, 2022
-
- Subscribe to Beyond Search
Feature archive
News archive
-
