" /> net.wars: June 2022 Archives

« May 2022 | Main | July 2022 »

June 24, 2022

Creepiness at scale

Thumbnail image for 2001-hal.pngThis week, Amazon announced a prospective new feature for its Alexa "smart" speakers: the ability to mimic anyone;s voice from less than on minute of recording. Amazon is, incredibly, billing this as the chance to memorialize a dead loved one as a digital assistant.

As someone commented on Twitter, technology companies are not *supposed* to make ideas from science fiction dystopias into reality. As so often, Philip K. Dick got here first; in his 1969 novel Ubik, a combination of psychic powers and cryonics lets (rich) people visit and consult their dead, whose half-life fades with each contact.

Amazon can call this preserving "memories", but at The Overspill Charles Arthur is likely closer to reality, calling it "deepfake for voice". Except that were deepfakes emerged from a Reddit group and requires some technical effort, Amazon's functionality will be right there in millions of people's homes, planted by one of the world's largest technology companies. Questions abound: who gets access to the data and models, and will Amazon link it to its Ring doorbell network and thousands of partnerships with law enforcement?

The answers, like the service, are probably years off. The lawsuits may not be.

This piece began as some notes on the company that so far has been the technology industry's creepiest: the facial image database company Clearview AI. Clearview, which has built its multibillion-item database by scraping images off social media and other publicly accessible sites, has fallen foul of regulators in the UK, Australia, France, Italy, Canada, and Illinois. In a world full of intrusive companies collecting mass amounts of personal data about all of us, Clearview AI still stands out.

It has few, if any, defenders outside its own offices. For one thing, unlike Facebook or Google, it offers us - citizens, consumers - nothing in return for our data, which it appropriates wholesale. It is the ultimate two-sided market in which we are nothing but salable data points. It came to public notice in January 2020, when Kashmir Hill exposed its existence and asked if this was the company that was going to end privacy.

Clearview, which bills itself as "building a secure world one face at a time", defends itself against both data protection and copyright laws by arguing that scraping and storing billions of images from what law enforcement likes to call "open source intelligence" is legitimate because the images are posted in public. Even if that were how data protection laws work, it's not how copyright works! Both Twitter and Facebook told Clearview to stop scraping their sites shortly after Hill's article appeared in 2020, as did Google, LInkedIn, and YouTube. It's not clear if the company stopped or deleted any of the data.

Among regulators, Canada was first, starting federal and provincial investigations in June 2020, when Clearview claimed its database held 3 billion images. In February 2021, the Canadian Privacy Commissioner, David Therrien, issued a public warning that the company could not use facial images of Canadians without their explicit consent. Clearview, which had been selling its service to the Royal Canadian Mounted Police among dozens of others, opted to leave the country and mount a court challenge - but not to delete images of Canadians, as Therrien had requested.

In December 2021, the French data protection authority, CNIL, ordered Clearview to delete all the data it holds relating to French citizens within two months, and threatened further sanctions and administrative fines if the company failed to comply within that time.

In March 2022, with Clearview openly targeting 100 billion images and commercial users, Italian DPA Garante per la protezione dei dati personali fined Clearview €20 million, ordered it to delete any data it holds on Italians, and banned it from further processing of Italian citizens' biometrics.

In May 2022, the UK's Information Commissioner's Office fined the company £7.5 million and ordered it to delete the UK data it holds.

All these cases are based on GDPR and find the same complaints: Clearview has no legal basis for holding the data, and it is in breach of data retention rules and subjects' rights. Clearview appears not to care, taking the view that it is not subject to GDPR because it's not a European company.

It couldn't make that argument to the state of Illinois. In early May 2022, Clearview and the American Civil Liberties Union settled a court action filed in May 2020 under Illinois' Biometric Information Privacy Act. Result: Clearview has accepted a ban on selling its services or offering them for free to most private companies *nationwide* and a ban on selling access to its database to any private or state or local government entity, including law enforcement, in Illinois for five years. Clearview has also developed an opt-out form for Illinois residents to use to withdraw their photos from searches, and continue to try to filter out photographs taken in or uploaded from Illinois. On its website, Clearview paints all this as a win.

Eleven years ago, Google's then-CEO, Eric Schmidt, thought automating facial recognition was too creepy to pursue and synthesizing a voice from recordings took months. The problem isn't any more that potentially dangerous technology has developed faster than laws can be formulated to control it. It's that we now have well-funded companies that don't care about either.

Illustrations: HAL, from 2001: A Space Odyssey.

Wendy M. Grossman is the 2013 winner of the Enigma Award. Her Web site has an extensive archive of her books, articles, and music, and an archive of earlier columns in this series. Stories about the border wars between cyberspace and real life are posted occasionally during the week at the net.wars Pinboard - or follow on Twitter.

June 17, 2022

Level two

Tesla-crash-NYTimes-370.pngThis week provided two examples of the dangers of believing too much hype about modern-day automated systems and therefore overestimating what they can do.

The first is relatively minor: Google employee Blake Lemoine published his chats with a bot called LaMDA and concluded it was sentient "basd on my religious beliefs". Google put Lemoine on leave and the press ran numerous (many silly) stories. Veterans shrugged and muttered, "ELIZA, 1966".

The second, however...

On Wednesday, the US National Highway Traffic Safety Administration released a report (PDF) studying crashes involving cars under the control of "driver-assist" technologies. Out of 367 such crashes in the nine months after NHTSA began collecting data in July 2021, 273 involved Teslas being piloted by either "full self-driving software" or its precursor, "Tesla Autopilot".

There are important caveats, which NTHSA clearly states. Many contextual details are missing, such as how many of each manufacturer's cars are on the road and the number of miles they've traveled. Some reports may be duplicates; others may be incomplete (private vehicle owners may not file a report) or unverified. Circumstances such as surface and weather conditions, or whether passengers were wearing seat belts, are missing. Manufacturers differ in the type and quantity of crash data they collect. Reports may be unclear about whether the car was equipped with SAE Level 2 Advanced Driver Assistance Systems (ADAS) or SAE Levels 3-5 Automated Driving Systems (ADS). Therefore, NTHSA says, "The Summary Incident Report Data should not be assumed to be statistically representative of all crashes." Still, the Tesla number stands out, far ahead of Honda's 90, which itself is far ahead of the other manufacturers listed.

SAE, ADAS, and ADS refer to the system of levels devised by the Society of Automotive Engineers (now SAE International) in 2016. Level 0 is no automation at all; Level 1 is today's modest semi-automated assistance such as cruise control, lane-keeping, and automatic emergency braking. Level 2, "partial automation", is now: semi-automated steering and speed systems, road edge detection, and emergency braking.

Tesla's Autopilot is SAE Level 2. Level 3 - which may someday include Tesla's Full Self Drive Capability - is where drivers may legitimately begin to focus on things other than the road. In Level 4, most primary driving functions will be automated, and the driver will be off-duty most of the time. Level 5 will be full automation, and the car will likely not even have human-manipulable controls.

Right now, in 2022, we don't even have Level 3, though Tesla CEO Elon Musk keeps promising we're on the verge of it with his company's Full Self-Drive Capability, its arrival always seems to be one to two years away. As long ago as 2015, Musk was promising Teslas would be able to drive themselves while you slept "within three years"; in 2020 he estimated "next year" - and he said it again a month ago. In reality, it's long been clear that cars autonomous enough for humans to check out while on the road are further away than they seemed five years ago, as British transport commentator Christian Wolmar accurately predicted in 2018.

Many warned that Levels 2 and 3 are would be dangerous. The main issue, pointed out by psychologists and behavorial scientists, is that humans get bored watching a computer do stuff. In an emergency, where the car needs the human to take over quickly, said human, whose attention has been elsewhere, will not be ready. In this context it's hard to know how to interpret the weird detail in the NTHSA report that in 16 cases Autopilot disengaged less than a second before the crash.

The NHTSA news comes just a few weeks after a New York Times TV documentary investigation examining a series of Tesla crashes. Some it links to the difficulty of designing software that can distinguish objects across the road - that is, the difference between a truck crossing the road and a bridge. In others, such as the 2018 crash in Mountain View, California, the NTSB found a number of contributing factors, including driver distraction and overconfidence in the technology - "automation complacence", as Robert L. Sumwalt calls it politely.

This should be no surprise. In his 2019 book, Ludicrous, auto industry analyst Edward Niedermeyer mercilessly lays out the gap between the rigorous discipline embraced by the motor industry so it can turn out millions of cars at relatively low margins with very few defects and the manufacturing conditions Niedermeyer observes at Tesla. The high-end, high-performance niche sports cars Tesla began with were, in Niedermeyer's view, perfectly suited to the company's disdain for established industry practice - but not to meeting the demands of a mass market, where affordability and reliability are crucial. In line with Nidermeyer's observations, Bloomberg Intelligence predicts that Volkswagen will take over the lead in electric vehicles by 2024. Niedermeyer argues that because it's not suited to the discipline required to serve the mass market, Tesla's survival as a company depends on these repeated promises of full autonomy. Musk himself even said recently that the company is "worth basically zero" if it can't solve self-driving.

So: financial self-interest meets the danger zone of Level 2 with perceptions of Level 4. I can't imagine anything more dangerous.

Illustrations: One of the Tesla crashes investigated in New York Times Presents.

Wendy M. Grossman is the 2013 winner of the Enigma Award. Her Web site has an extensive archive of her books, articles, and music, and an archive of earlier columns in this series. Stories about the border wars between cyberspace and real life are posted occasionally during the week at the net.wars Pinboard - or follow on Twitter.

June 10, 2022

Update needed

In public discussions or Internet governance, only two organizations feature much: the Internet Corporation for Assigned Names and Numbers, founded in 1998, and the Internet Governance Forum, set up in 2005. The former performs the crucial technical role of ensuring that the domain name system that allow humans to enter a word-like Internet address and computers to translate and route it to a numbered device continues to function correctly. The second...well, it hosts interesting conferences on Internet governance.

Neither is much known to average users, who would probably guess the Internet is run by one or more of the big technology companies. Yet they're the best-known of a clutch of engineering-led organizations that set standards and make decisions that affect all of us. In 2011, the Economist described the Internet as shambolically governed (yet concluded that multistakeholder "chaos" is preferable to the alternative of government control).

In a report for the Tony Blair Institute, journalist and longstanding ICANN critic Kieren McCarthy considers that much of Internet governance as currently practiced needs modernization. This is not about the application-layer debates such as content moderation and privacy that occupy the minds of rights activists and governments. Instead, McCarthy is considering the organizations that devised and manage the technical underpinnings that most people ignore. These things matter; the fact that any computer can join the Internet and set up a service without asking anyone's permission or that a website posted in 1995 is remains readable is due to the efforts of organizations like the Internet Engineering Task Force, the Internet Architecture Board, the Internet Society, the World Wide Web Consortium (W3C), and so on. And those are just part of the constellation of governance organizations, well-known compared to the Regional Internet Registries or the tiny group of root server operators.

As unknown as these organizations are to most people (even W3C is vastly less famous than its founder, Tim Berners-Lee), they still have decisive power over the Internet's development. When, shortly after February's Russian invasion, a Ukrainian minister asked ICANN to block Internet traffic to and from Russia. ICANN, prioritizing the openness, interconnectedness, and unity of the global network, correctly said no. But note: ICANN, whose last ties to the US government were severed in 2016, made its decision without consulting either governments or a United Nations committee.

McCarthy's main points: these legacy organizations do not coordinate their efforts; they lack strategy beyond maintaining and evolving the network as it stands; they are internally disorganized; and they are increasingly resistant to new ideas and new participants. They are "essential to maintaining a global, interoperable Internet" - yet McCarthy finds a growing list of increasingly contentious topics and emerging technologies that escape the current ecosystem: censorship, content moderation, AI, web3 and blockchain, privacy and data protection, If these organizations don't rise to those occasions, governments will seek to fill the gap, most likely creating a more fragmented and less functional network. Even now this happens in small ways: four years after the EU's GDPR came into force many US media sites still block European readers rather than find a compliant way to serve us.

From the beginning, ensuring that the technical organizations remain narrowly focused has been seen as essential. See for example the critics who monitored ICANN's development during its first decade, suspicious that it might stray into enforcing government-mandated censorship.

The guiding principles of new governments are always based on a threat model. The writers of the US Constitution, for example, feared the installation of a king and takeover by a foreign country (England). Internet organizations' threat model also has two prongs: first, fragmentation), and second, takeover by governments, specifically the ">International Telecommunication Union, the United Nations agency that manages worldwide telecommunications and which regards itself as the Internet's natural governor. Internet pioneers still believe there could be no worse fate, citing decades of pre-Internet stagnation in the fully-controlled telephone networks.

The ITU has come sort-of-close several times: in 1997 ($), when widespread opposition led instead to ICANN's creation, in the early 2000s, when the World Summit on the Information Society instead created the IGF, and in 2012, when a meeting to update the ITU's regulations led many, including the Trade Union Congress, to fear a coup, Currently, concern that governments will carve things up surrounds negotiations over cybersecurity,

The approach that created today's multistakeholder organizations is, however, just one of four that University of Southampton professors Wendy Hall and Kieron O'Hara examine in their 2021 book, The Four Internets and find are being contested. Our legacy version they dub the "open Internet", and connect it with San Francisco and libertarian ideology. The other three: the "bourgeois Brussels" Internet that the EU is trying to regulate into being with laws like the Digital Services Act, the AI Act, and the Digital Market Act; the commercial ("DC") Internet; and the "paternalistic" Internet of countries like China and Russia, who want to ringfence what their citizens can access. Any of them, singly or jointly, could lead to the long-feared "splinternet".

McCarthy concludes that the threat now is that Internet governance as practiced to date will fail through stagnation. His proposal is to create a new oversight body which he compares to a root server that provides coordination and authoritative information. Left for another time: who? And how?


Wendy M. Grossman is the 2013 winner of the Enigma Award. Her Web site has an extensive archive of her books, articles, and music, and an archive of earlier columns in this series. Stories about the border wars between cyberspace and real life are posted occasionally during the week at the net.wars Pinboard - or follow on Twitter.

June 3, 2022

Nine meals from anarchy*

Kate-Cooper.jpgThe untutored, asked how to handle a food crisis, are prone to suggest that everyone grow vegetables in their backyards. They did it in World War II!

I fell into this trap once myself, during the 2008 financial crisis, when I heard a Russian commentator explain on US talk radio that Americans could never survive because we were too soft and individualistic, whereas Russians were used to helping each other out in hard times, living together in cramped conditions, and working around shortages. Nonsense, I thought. Americans are quite capable of turning off their TVs, getting up off their couches, and doing useful stuff when they need to. Wishing for a Plan B, I thought of the huge backyard some Pennsylvania friends had, which backed onto three more similarly-sized backyards, and imagined a cooperative arrangement in which one family kept chickens and another grew some things, and a third grew some complementary things...and they swapped and so on.

My Pennsylvania friends were not impressed. "Is this a joke?"

"It's a Plan B! It's good to have a Plan B!"

It's not a Plan B.

A couple of years ago, at the annual conference convened by the Cybernetics Society, I learned it wasn't even a Plan Y.

"It's subsistence farming," Kate Cooper explained as part of her talk on food security. The grueling full-time unpredictability of that is is what most of us gave up in favor of selecting items off grocery store shelves once or twice a week.

The point about subsistence farming is that it's highly unreliable, highly individual, and doesn't scale to the levels required for a modern society, still less for a densely populated modern British society that imports almost all its food. Yes, people were encouraged to grow vegetables in World War II, but although the net effect was good for morale and for helping people better understand the foods they eat, it doesn't help anyone understand the food system and its scale and complexity. Basically, in terms of the problem of feeding the nation, it was a rounding error. Worth doing, but not a solution.

Cooper is the executive director of the Birmingham Food Council, a community interest company that grew out of efforts to think about the future of Birmingham. "It's our job to be an exemplar of how to think about the food system," she explained.

Two years later, with stories everywhere about escalating food prices and dangerous shortages, the interdependencies that underlie our food supply are being exposed by the intermingling of three separate crises, each of which would be bad on its own: the pandemic, Russia's invasion of Ukraine, and climate change. A source I can't recall calls this constellation a "polycrisis" - multiple simultaneous crises that interact to make them all worse. Plus, while the present government doesn't admit it, *Brexit* has added substantially to the challenges of maintaining the UK's increasingly brittle, highly complex system that few of us understand by fracturing trade relationships and pushing workers out of the industry.

As part of its research, the Council created The Game, a scenario-based role-playing game for decision makers, food sector leaders, researchers, and other policy influencers in which teams of four to six are put in charge of a city and must maintain the residents' access to enough safe and nutritious food.

I felt better about my own level of ignorance when I learned that one player's idea for combating shortages was to grow potatoes along the A38, a major route that runs from Bodmin, Cornwall, to Mansfield, Nottinghamshire. No idea of scale, you see, or the toxins passing automobiles deposit in the soil. (To say nothing of the inefficiencies of trying to farm a plot of land that's 292 miles long and a few hundred yards wide...) Another player wanted to get the national government to send in the army. Also not helping...but they were not alone, as many players found it difficult to feed their populations. People who had played it when the pandemic began forcing lockdowns and hourly changes to the food system. "Nothing had surprised [the people who had played The Game]", she said. Even so, the lockdowns showed the fragility of the food system and how powerless local officials are to do anything about it.

There are options at the national level. If you are lucky enough to have a government that has both the resources and the will to plan for the future, you can create buffer stocks to tide you through a crisis. You need a plan to rotate and resupply since some things (grain) store much better than others (fresh produce). Cooper has a simple plan for deciding which foodstuffs should be stored and which not: is it subject to VAT? That would lead to storing essentials - the healthy, nutritious stuff - and not candy, alcohol, caffeine, sugar, potato chips. Cooper calls those "drug foods", and notes that over 50% of most household budgets are spent on them, 6% of the potato crop goes to making Walker's potato chips, and a 2012 estimate found that Coca Cola's global consumption of water was enough to meet the annual daily needs of more than 2 billion people.

"Is this a sensible use of increasingly scarce land and water?" she asked.

Put like that, what can you say?

Illustrations: Kate Cooper. *Quote attributed to Alfred Henry Lewis, 1906.

Wendy M. Grossman is the 2013 winner of the Enigma Award. Her Web site has an extensive archive of her books, articles, and music, and an archive of earlier columns in this series. Stories about the border wars between cyberspace and real life are posted occasionally during the week at the net.wars Pinboard - or follow on Twitter.