-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathAIPrivacyTalk.html
More file actions
89 lines (52 loc) · 4.61 KB
/
AIPrivacyTalk.html
File metadata and controls
89 lines (52 loc) · 4.61 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
<!DOCTYPE HTML>
<html>
<head>
<title>AI and Privacy Talk: EFF, April 27 2017</title>
</head>
<body>
<p>
<h2>Things I Learned: "Some Unaswered Questions About AI, Computer Security, and Privacy" </h2>
AI:
Narrow AI = mostly machine learning, convolutional neural nets (giant pile of matrices being multiplied)-->search through space of possible programs to implement desired functions. Needs data sets to train/inform algorithms that are employed.
Original AI= roba da fantascienza, impossibile.
Ci soffermiamo sul primo (tanto parlare di una combinazione/confusione fra i due tipi dell'IA)
NAI Application-->Searching for cats on Google, l'algoritmo sa determinare cos'e' un gatto, dato un'immagine
Google translation of Baidu text on Privacy-->Neural Machine Translation leagues better
Training neural network on Github to copy style of picture-->Program "extracts" stile per applicarlo a una foto del ponte.
Neural network compression versus metodo tradizionale di compressione delle immagini (JPEBG)---Ridiculously good if use NCODE
US of AI in mass surveillance-->Running a police state is labor intensive, if a NAI can be trained to look for patterns, mass surveillance way easier.
Cfr. the Online Advertising Ecosystem.
Facebook is getting really good at predicting/analyzing/anticipating our behavior. We give up data without our knowledge or consent.
2. Privacy, bias, algorithmic decision-making--> criminal justice and risk scores... False positive rate: higher for blacks (see Julia Angwin)
Source data for these systems might be biased (flawed assumptions). Omitted variabile bias-->true cause is not
Partying and drinking predict car crashes. Car insurance firms cannot measure that, but they can measure when people drive. Ergo, let's penalize who drives at night. Unfair premiums for nightshirt workers.-->You can see where this is headed.
Google Research on Loan Decisions-->You might be able to debias these things and reduce false postive rate.
How do all these algorithmic biases relate to privacy?
Algorithms expect people to make relevant information available through various data sources-->If you prefer to be private, you might get screwed. How do you protect yourself if you do not want to share. --> Denying insurance to people who use fake birthdays on Facebook.
DARPA Cyber Grand Challenge (see Def Con last year)
How does federal involvement affec the ballance between offense and defense?-->Adage: attacker always wins long run, Clausewitz: idea of the position of interior
More Optimistic Interpretation: Some of your defenses may be penetrated some of the time-->How is automated exploit and detection going to change the equilibrium?
Automated tools replace scarse expert auditing with cheap fuzzer coverage (robot hackers can be great at finding flaws/bugs)
How do we ensure that all the programs or devices we use (IOT) we have get "fuzzer coverage"?
-Historical Warning Story: Morris Internet Worm. Today one thing won't upset that much, too much system diversity
-What if you have something which can find exploits itself, a worm or virus that is sufficiently intelligent to do things. Can Malware evolve itself?
-Cryptoviral Malware: holding people's data hostage for bitcoin.
-Use of NAI to anticipate/inspect incoming traffic
Open Source Community: what can they do?
What about security agents on endpoints? Placement problem
A Bit About AGI:
Artificial General Intelligence-->Futurology is hard. If AGI ever exists, it will not be human-like. It may not exhibit agency and personality, but if it did, it might care a lot about privacy-->Their memories and intentions could be copied, stolen, modified--Groundhog day on an AGI (reset an AI if it does not want to do what we want-->an intelligent AGI would realize this and live in "dread")
Soul Steal-->MtG
Maybe build hardware to prevent copying, memory cannot be copied without permission. DRM for memories.
-
How can we avoid unbiased data or biased algorithms without resorting to invading privacy?
Also, many systems can be easily gamed. In the case of "risk score", in prison, there were seminars on how to game the system. Humans are once again problematic creatures.
Policy Decisions Related to NAI:
-European Union has an explaniability criterion-->You have to be able to explain how the hell your algorithm is making decisions in a simple way. De-biasing requirements.
-Privacy Issues (Thanks, GOP)
-Balacing innovation with invasion of privacy-->How do we protect privacy but not kill off potential new innovations like Google Translate?
Blocking JS as means of saving privacy
Node.js and privacy
</p>
</body>
</html>