Category Archives: Privacy

AI / ML, Privacy, Social

What do we mean by “Artificial Intelligence”?

Leave a comment

The future is unwritten.

Original Joe strummer mural on the wall of the Niagara Bar in the East Village, NYC. Memorializes Joe Strummer (1952-2002) and quotes "the future is unwritten" and "know your rights"

Following on from my last post, and triggered by conversations I have had on the subject since then, it occurred to me that a lot of the confusion around “AI” is that almost everyone has a different understanding of the term. Which, of course, makes serious assessment of the subject difficult.

So, let’s define some parameters:

Broadly speaking, Artificial Intelligence is the ability of machines (computers) to simulate the processes usually associated with cognition or human intelligence. This is where the famous Turing Test comes into play – can a machine/computer respond to questions in such a way that the interrogator is unaware that the other party is not human?

However, a broader definition of AI encompasses the abilities to “learn, read, write, create, and analyze”. I think this is more valuable in terms of scope, because it is closer the common understanding of what is popularly termed “AI” today. So let’s break those tasks down a little:

  • Learn – machine learning (ML) is a subset of artificial intelligence. All ML is AI, but not all AI is ML (although most use it). ML is (broadly) statistical analysis on steroids – calculating and weighing patterns and relationships in large data sets. You need to input good data and you need to train the model on that existing data, and then test and refine against other subsets of the data. ML is great at pattern recognition within data and for images and text but it is very susceptible to the correlation = causation fallacy.
  • Read – machines don’t “read”, they have data input to them. However, in this sense, the task refers to ingesting large amounts of submitted content and breaking it down into sections, paragraphs, etc., discarding filler words or data noise, calculating relationships, tracking usage frequencies, etc. This capability is mature because it lies behind full text indexing and search which has been around for decades, but it is still far from perfect.
  • Write – again, machines don’t “write” but they can create somewhat novel assemblages of text (or images) based on statistical rules derived from their input data. This may be a simulacrum of human writing or it may be a word salad (or visual equivalent). Chat GPT and Claude AI are large language models (LLM) that output text based on input prompts and very large data sets based on analyses of a huge corpus of training information. This is where a lot of the hype around “AI” has been focussed in the past 6-9 months.
  • Create – creation overlaps with “write”. The models can present novel output based on their training data and rule sets but is this “creation”? That’s an epistemological discussion that I’m not qualified to judge, but I would point out that while machines can (and do) find relationships between data that humans have not, they are constrained by their training data and cannot “create” anything that has not been submitted to them as input. They can, and do, create new things from old components but currently there is no way for them to create something wholly original.
  • Analyze – this is the part that machines are really good at; and the area where I believe the greatest strides will be made. Humans have been wonderful at collecting data over the past millennia, but there are limits to the ability to retain enough to be able to draw interdisciplinary conclusions. It has been claimed that Sir Isaac Newton in the late 1600s and early 1700s was the last polymath able to be conversant in all aspects of human knowledge, and even then that was probably an exaggeration. Today we generate data way faster than anyone or any organization can track and AI will certainly help fund relationships between disparate aspects of human knowledge. Of course, this is where hubris creeps in – for instance, will we generate more CO2 from running massive GPU stacks and data stores trying to solve climate change? Will all the assembled data of human knowledge be used to manipulate and sell people things?

So, to return to the original question – what is AI? It’s a term that encompasses machine learning, large language models, advanced statistics, novel data collection and organization, natural language processing, and many other tools, approaches, and capabilities. I don’t think it’s productive to buy, sell, worry about, or legislate AI without being more precise in your terms.

  • Will “arm-wavy” AI solve all my business or science problems? No, it will not, but machine learning, natural language processing, and analysis of your internal documentation may provide actionable insights.
  • Will AI cure cancer or solve the climate crisis? No it will not, but the tools that are part of AI may generate novel approaches for research that have been overlooked in the past which could lead to these breakthroughs.
  • Will AI replace my job? In the short and medium term it is possible that some jobs will be replaced by AI processes, but care and feeding of those models will also generate new jobs. Of course, as is so often the case, the skill profiles of the replaced and replacees will be quite different, so this does merit public discussion.
  • Will AI make Skynet1 self aware and lead to the creation of killer robots that can travel back through time to destroy humanity’s last hope? Well, that depends on whether we let Cyberdyne Systems drive our defense allocations – that’s definitely a public policy question.

NOTE: the picture is of the original and best Joe Strummer memorial mural on the wall of the Niagara bar at 7th and A in the East Village. It was painted by Dr Revolt in 2003. It was unforgivably removed and replaced by a “cleaner” version in 2013 after the bar was renovated. Same artist, different vibe.

The full quote from Joe is “(a)nd so now I’d like to say – people can change anything they want to. And that means everything in the world. People are running about following their little tracks – I am one of them. But we’ve all got to stop just following our own little mouse trail. People can do anything – this is something that I’m beginning to learn. People are out there doing bad things to each other. That’s because they’ve been dehumanised. It’s time to take the humanity back into the center of the ring and follow that for a time. Greed, it ain’t going anywhere. They should have that in a big billboard across Times Square. Without people you’re nothing. That’s my spiel. The future is unwritten

  1. Can we talk about the NSA making a surveillance program after the Terminator antagonist? Is this horribly tone-deaf or is it some kind of inside joke? ↩︎
Mobile, Privacy, Security

Encryption – iOS8, Google, and OSX

Leave a comment

When Apple announced that iOS 8 would enable encryption of the on-device files by default, there was a lot of ill-informed outrage by various pundits and law enforcement types around the world.  After Google also announced plans to follow suit in the next release of Android, FBI director, James Comey, described this as allowing “people to place themselves above the law.” Predictably, various politicians, police, and spies complained that it would make their lives somewhat more difficult and trotted out the standard disinformation tactic that only terrorists and paedophiles would need this capability.

The trouble with the argument that only people of bad intent would need to encrypt their phones or computers is that there is clear evidence in recent history of who considers themselves to be “above the law”. Hint: it’s not consumers. Could it be the FBI illegally searching call records for years without warrants? Perhaps the NSA’s illegal surveillance of US citizens? Even the Daily Mail was driven to report that over 25% of searches by UK police were illegal. There are similar stories in Canada, Australia, and New Zealand, not to mention all the countries we were supposed to be better than because their police and government undertook this kind of surveillance.

Not content with state actors breaking the law, we find that companies are also stealing data and information from individuals.  Not Chinese state authorities, but stalwarts like Verizon who were hijacking and tracking all traffic using a “perma-cookie”, LinkedIn illegally slurping users email contacts against their express wishes, Google illegally collecting wifi network info, and AT&T illegally copying all internet traffic and passing that traffic to the NSA.

So who are the bad people in this equation? I have to add the various police and security forces of most of the countries in the world to the list of people who will break the law to steal my personal data and files.  Faced with overwhelming evidence of illegal activity going on all around me, I’m currently in the process of encrypting all my external and internal hard drives (using FileVault on OS X).  I’m very happy to see that this is default behavior in the latest Yosemite release of OS X – although I’m holding off upgrading for other reasons.  I will happily embrace two factor authentication wherever offered and encryption of all traffic and stored files as far as practical.

If the police or legal authorities of whichever country I am in at the time wish to follow the laws of that land and swear a warrant for lawful access to my machines, I will respect that process. Until then I’ll be using 256-bit encryption as widely as possible.

As an interesting aside, the RIPA (Regulation of Investigatory Powers) Act  in the UK makes it a criminal offence, punishable by up to two years in prison, to refuse to provide encryption keys to police. Many other countries have similar laws, but the USA appears to be currently upholding the 5th amendment.

Privacy, Security

Two factor security challenges

Leave a comment

<Updated> Clarification of specific issues with 2-factor authentication by vendor:

Apple – two factor authentication becomes three factor when Apple disables your password and refuses to re-enable or change it. The Recovery Key then becomes the only factor in single factor auth.

Microsoft – two factor authentication with your MS Account (live? not sure what they brand it as this week) is not supported for Office365 accounts – so you have to generate a new one time application password each time you reboot your computer.

Ebay/PayPal – handoff from Ebay to Paypal (with 2 factor auth) doesn’t work on iPad. Prompts for password and then redirects prompting for SecureID token.  Does appear to work on Safari for Mac.

Dropbox – does appear to work, but I’m sure I’ll find flaws

Google – do they even have two factor? I don’t use their spying stuff.

 

Those of you who follow me on twitter will know that earlier in the year Apple’s poor excuse for two-factor security and support frustrated me for months (literally) and ended with me losing everything I had ever paid for with that account and having to create another account from scratch.

I’m now finding out that Microsoft has implemented two factor security in a similarly half-assed way.  I just switched to a personal MS365 subscription for Office 2011. Since installing Office 2011 I had been annoyed by the 365 login screen each time I rebooted my computer.  But now I’m using my own account with 2 factor auth, it’s even worse. I get prompted for a login, but my password doesn’t work – I then have to login to account.live.com, authenticate, generate an app password, copy that and then paste it into the prompt screen.  After talking to 9 different MS support people, none of whom even understood the issue, I have to assume it’s working as designed.  Their only advice was to turn off two factor authentication.

Add to that my experience last week where the handoff between eBay and PayPal (also with 2 factor auth) was completely broken on the iPad and my conclusion is that for normal users the overhead and annoyance associated with security is untenable.

We are surrounded by news of security breaches on a daily basis and yet the largest software companies in the world can’t implement two-factor security properly. Password management is a mess because web pages prevent you from copying passwords into the login screens or because apps on your mobile devices forget the password at every update and again don’t support pasting of username and passwords.

I’m a technical person that has been using these systems since the mid 1980s. I understand the importance of password management, secure authentication, etc. and I’ve even experienced the outcome of hacked passwords and lost accounts. But to expect “normal” users to manage these broken and difficult to use tools is ridiculous.  People will just throw up their hands and go back to 1234 or password because trying to do the right thing is too hard and ends up with you locked out of your account.

I’m not sure how this is going to improve.  The burden for these insecure systems is still placed fairly and squarely on the shoulders of people with lithe to no interest or training in technology. There’s no clear competitive advantage in more secure and easy to use logins because nobody at the companies pays any price for their failures.

  • Two-factor authentication (as it is implanted by almost every tech company) is broken.
  • Username / password is broken.
  • There is no clear alternative currently out there.
  • We will continue to get daily reports of “hacking”, “cracking”, and online theft.