Having started my blog only in March 2023, here I’ve collected a few articles, etc. pre-2023 that caught and retained my attention.
Google Maps Hacks by Simon Weckert
99 smartphones are transported in a handcart to generate a virtual traffic jam in Google Maps.
The first thing that attracted me to this article was its headline quote from John le Carré,
When the world is destroyed, it will be destroyed not by its madmen but by the sanity of its experts and the superior ignorance of its bureaucrats.
And the authors then immediately went on to mention the Portuguese poet and writer Fernando António Nogueira Pessoa. In his life he assumed around 75 imaginary identities with the same ease that has become common in the cyber-social world. He would write poetry or prose using one identity, then criticise that writing using another identity, then defend the original writing using yet another identity.
Pessoa understood that identity costs little in the way of minting, forming, and maintaining, yet demands a high price for its timely and accurate attribution to physical agency.
Along with the low cost of minting and maintaining identities, a lack of constraints on using identities is a primary factor that facilitates adversarial innovations that rely on deception.
The authors of this article ask the question “Will it be possible to engineer a decentralised system that can enforce honest usage of identity via mutual challenges and costly consequences when challenges fail”?
For example, such a system should be able to reduce fake personæ in social engineering attacks, malware that mimics the attributes of trusted software, and Sybil attacks that use fake identities to penetrate ad hoc networks.
It’s worth recognising that there are number of physical situations where people can remain anonymous or use a short-term identity (especially in the networks that are ad hoc, hastily formed, and short lived) that remains uncoupled from a user’s physical identity and allows them to maintain a strong form of privacy control. How can this dichotomy, namely trading off privacy for transparency in identity, be reconciled? The emerging logic underlying identity (what types of behaviours are expected, stable, possible) will also be central to avoiding many novel and hitherto unseen, unanticipated, and unanalysed security problems.
The authors went on to outline their approach founded upon traditional mathematical game theory, but also inspired by several mechanisms that have evolved in biology.
The article was quite technical but I found their description of ant colonies interesting. Certain eusocial species have rather sophisticated strategies involving costly signalling and credible and non-credible threats. In ant colonies, each ant has a CHC profile (Cuticular Hydrocarbon Chemicals) in which diverse information about the ant itself and its environment can be encoded. For example, ants make use of pheromones to reinforce good paths between the nest and a food source and communicate via chemical substances to inform nestmates about these good paths. In addition to the use of pheromones for marking routes, auxiliary information is stored in an ant’s CHC profile, and includes information about diet, genetics, and common nesting materials. Thus, ants from a colony where members share a certain diet have a similar CHC profile that enables them to identify non-nest members. Since CHC profiles are thought to be impossible to fabricate (without active participation by the queen ant), their use in communication by ants is an example of costly signalling.
Nature, and its more fluid notion of identity, has evolved highly robust solutions to identity management, allowing colonies to survive even in dynamic and contested environments. Therefore, the CHC profile also suggests that a bio-inspired generalization could protect technological systems. To achieve this, several challenging problems must be worked out to ensure the essential physical properties of CHC profiles are retained in their synthesized digital counterparts. A combination of design techniques like crypto-coins (for example, M-coins) can be used to share identity information and to subject data to a variety of cryptographically guaranteed constraints (even if some work remains to ensure physically accurate constraints analogous to those involved in chemical signalling).
You are invited to read the article if you are interested to learning how the authors use a classical signalling game, a dynamic Bayesian two-player game, involving a Sender who (using a chosen identity, real or fake) signals a Receiver to act appropriately. I will conclude here with a quote from the article that might inspire readers to investigate further…
When a deceptive identity succeeds, it will be used numerous times as there is no reason to abandon it after one interaction. Moreover, it is precisely the repeated interactions that are needed to develop trust.
This is about a 100-year effort to study and anticipate how the effects of artificial intelligence will ripple through every aspect of how people work, live and play. The 2016 report noted that Artificial Intelligence (AI) is a science and a set of computational technologies that were already impressive, but were highly tailored to particular tasks.
Contrary to the more fantastic predictions for AI in the popular press, the report concluded that there was no cause for concern that AI was an imminent threat to humankind. No machines with self-sustaining long-term goals and intent had been developed, nor were they likely to be developed in the near future. At the same time, the report also concluded that many AI developments would spur disruptions in human labour markets, creating new challenges for the economy and society more broadly.
In the 2021 report it was noted that AI had made remarkable progress in the period 2016-2021 and was already having real-world impact on people, institutions and culture. The ability of computer programs to perform sophisticated language- and image-processing tasks, core problems that have driven the field since its birth in the 1950s, had advanced significantly.
The field’s successes had led to an inflection point, meaning that it was urgent to think seriously about the downsides and risks that the broad application of AI was revealing. The increasing capacity to automate decisions at scale was seen as a double-edged sword. Both intentional deepfakes or simply unaccountable algorithms making mission-critical recommendations can result in people being misled, discriminated against, and even physically harmed. Algorithms trained on historical data are disposed to reinforce and even exacerbate existing biases and inequalities.
Governments were expected to play a critical role in shaping the development and application of AI, but they were still behind the curve, and sustained investment of time and resources was needed to meet the challenges posed by rapidly evolving technology. Governments needed to look ahead to ensure the creation of informed communities, and they also needed to include AI concepts and implications into school education.
I’ve added this article from 2016 as context to the AI100 study mentioned above.
At the time the author mentioned the ‘great excitement’ felt after the recent success of neural networks in applications such as speech recognition, vision and autonomous navigation.
Some people were suggesting that the automation of these tasks could soon reach human level intelligence.
The author asked if a system that does not require any explicit modelling or sophisticated reasoning, could be sufficient for reproducing human level intelligence.
The author described two distinct approaches for tackling problems that have been of interest to AI, the first approach model-based and the second function-based. Consider the object recognition and localisation task involving a dog wearing a hat.
To solve this recognition task, the model-based approach requires one to represent knowledge about dogs and hats, among other things, and involves reasoning with such knowledge. The main tools of this approach today are logic and probability (mathematical modeling more generally) and it can be thought of as the represent-and-reason approach originally envisioned by the founders of AI. It is also the approach normally expected, at some level, by the informed member of the scientific community.
The function-based approach on the other hand formulates this as a function-fitting problem, with the function inputs coming directly from the image pixels and its outputs corresponding to the high-level recognitions we are seeking (the function must have a form that can be evaluated efficiently). The main tool of this approach today is the neural network.
The main difference here is that functions are now employed that have multiple inputs and outputs. The structure of these functions can be arbitrarily complex, and the problems are associated with cognition, as opposed to, say, estimating the relationship between two variables in a engineered system.
The main observation in AI was that the function-based approach was quite effective at certain AI tasks, more so than the model-based approach. This surprised not only mainstream AI researchers, who mainly practiced the model-based approach, but also machine learning researchers who practiced various approaches, of which the function-based approach was just one. This has had many implications, some positive and some giving grounds for concern.
On the positive side is the increasing number of tasks and applications that are now within reach, using a tool that can be very familiar to someone with only a broad engineering background, particularly, those people who are accustomed to estimating functions and using them to make predictions. What is of concern, however, is the current imbalance between exploiting, enjoying and cheering this tool on the one hand, and thinking about it on the other hand. This thinking is not only important for realizing the full potential of this tool, but also for scientifically characterizing and understanding its potential reach. The lack of such characterisation, or at least the attempt to seek it aggressively enough, was seen as being responsible for current misconceptions about AI progress and where that may lead us in the future.
The author argued that what we are actually seeing is ‘automation‘ more than ‘AI’, as the latter is just a technology that happens to improve and speed up automation. As such, to address these concerns, the focus should be shifted towards policy and regulatory considerations for dealing with the new level of automation that our society is embarking on, instead of fearing AI.
The author also noted the change in how we measure success.
Consider machine translation for example, which received significant attention in the early days of AI. The represent-and-reason approach is considered to have failed on this task, with machine learning approaches being the state of the art now (going beyond function-based approaches). In the early days of AI, success was measured by how far a system accuracy was from 100%, with intelligence being a main driving application (a failure to translate correctly can potentially lead to a political crisis). The tests that translation systems were subjected to compared their performance to human translation abilities (e.g., translate a sentence from English to Russian then back to English). Today, the almost sole application of machine translation is to web content. Here, success is effectively measured in terms of how far a system accuracy is from 0%. If I am looking at a page written in French, a language that I don’t speak, I am happy with any translation that gives me a sense of what the page is saying. In fact, the machine translation community rightfully calls this ‘gist translation’. It can work impressively well on prototypical sentences that appear often in the data, but can fail badly on text drawn from a novel. This is still very valuable, yet it corresponds to a task that is significantly different from what was tackled by early AI researchers. Current translation systems will fail miserably if subjected to the tests adopted by early translation researchers. Moreover, these systems will not be suitable, or considered successful, if integrated within a robot that is meant to emulate human behavior or abilities.
The authors thoughts as expressed in the title of his article, is that it’s wrong to attributing human level intelligence to the tasks currently conquered by neural networks. The tasks barely rise to the level of abilities possessed by many animals. Eagles and snakes have vision systems that surpass what we can build today. Cats have navigation abilities that are far more superior to any of the ones possessed by existing, automatous navigation systems including self driving cars. Dogs can recognize and react to human speech and African grey parrots can generate sounds that mimic human speech to impressive levels. Yet none of these animals posses the cognitive abilities and intelligence typically attributed to humans.
If you have got this far, check out the article to see what the author thinks is the next step on the long road to understanding human cognitive functions.
The article from 2019 looks at the basics of blockchain, its individual components, how those components fit together, and what changes might be made to solve some of the problems with blockchain technology. Always remembering that the original objective of the blockchain system was to support “an electronic payment system based on cryptographic proof instead of trust”.
Firstly, this means ensuring the anonymity of blockchain’s users. The second goal is to provide a public record or ledger of a set of transactions that cannot be altered once verified and agreed to. The final core goal is for the system to be independent of any central or trusted authority.
While blockchain was originally proposed as a mechanism for trustless digital currency, the proposed uses have expanded well beyond that particular use case. Indeed, the emphasis seems to have bifurcated into companies that emphasize the original use for currency (thus the explosion of initial coin offerings, which create new currencies) and the use of the ledger as a general mechanism for recording and ordering transactions.
The article looks at the components and some of the problems encountered at the time. However, for me the really valuable idea is the public, nonrefutable, unalterable ledger for transactions, and not the coin application.
This article becomes quite technical, quite quickly, but the important point for me was the question about the trustworthiness of the input data.
Machine learning, a subfield of artificial intelligence, has advanced radically over the past 10 years, and machine learning algorithms now achieve human-level performance or better on a number of tasks, including face recognition, optical character recognition, object recognition, and playing the game Go. Machine learning is already used for many highly important applications and will be used in even more of even greater importance in the near future. Search algorithms, automated financial trading algorithms, data analytics, autonomous vehicles, and malware detection are all critically dependent on the underlying machine learning algorithms that interpret their respective domain inputs to provide intelligent outputs that facilitate the decision-making process of users or automated systems.
As machine learning is used in more contexts where malicious adversaries have an incentive to interfere with the operation of a given machine learning system, it is increasingly important to provide protections, or ‘robustness guarantees’, against adversarial manipulation.
Most modern machine learning can essentially be understood as applied function approximation. That is when there is some mapping from an input x to an output y that is difficult for a programmer to describe through explicit code, a machine learning algorithm can learn an approximation of the mapping by analysing a dataset containing several examples of inputs and their corresponding outputs.
To get an idea of what this means we can look at Google’s image-classification system which has been trained with millions of labeled images. It can classify images as cats, dogs, airplanes, boats, or more complex concepts on par or improving on human accuracy. Increases in the size of machine learning models and their accuracy is the result of recent advancements in machine learning algorithms, particularly to advance deep learning. The accuracy of the system varies greatly with the choice of the dataset used to train it.
Machine learning has traditionally been developed following the assumption that the environment is benign during both training and evaluation of the model. Specifically, the inputs x are usually assumed to all be drawn independently from the same probability distribution at both training and test time. This means that while test inputs x are new and previously unseen during the training process, they at least have the same statistical properties as the inputs used for training. Such assumptions have been useful for designing effective machine learning algorithms but implicitly rule out the possibility that an adversary could alter the distribution at either training time or test time.
Herein, is the topic of this article. What happens when an adversary chooses a distribution at test time that is designed to be exceptionally difficult for the model to process accurately. For example, an adversary might modify an image (slightly) to cause it to be recognised incorrectly or alter the code of an executable file to enable it to bypass a malware detector.
The study of adversarial examples is in its infancy, and the article is an overview of the foundations and advancements of this research field and some predictions of where it might lead.
This is an article on digital permanence, but what does that mean? In it simplest form it means “what you read is what was written”. So in its most basic form it is actually about data integrity.
Data integrity is the maintenance of the accuracy and consistency of stored information. Accuracy means that the data is stored as the set of values that were intended. Consistency means that these stored values remain the same over time, so they do not unintentionally waver or morph as time passes.
Digital permanence refers to the techniques used to anticipate and then meet the expected lifetime of data stored in digital media. Digital permanence not only considers data integrity, but also targets guarantees of relevance and accessibility, that is the ability to recall stored data and to recall it with predicted latency and at a rate acceptable to the applications that require that information.
To illustrate the aspects of relevance and accessibility, consider two counter examples. Journals that were safely stored redundantly on Zip drives or punch cards may as well not exist if the hardware required to read the media into a current computing system isn’t available. Nor is it very useful to have receipts and ledgers stored on a tape medium that will take eight days to read in when you need the information for an audit on Thursday.
I am a particular fan of this article because it describes well a problem that most people ignore. Below I’m quoting directly from the article…
Information storage in the digital age has evolved to fit the scale of access (frequent) and volume (high) by moving to storage media that record and deliver information in an almost intangible state. Such media have distinct advantages, for example, electrical impulses and the polarity of magnetised ferric compounds can be moved around at great speed and density. These media, unfortunately, also score higher in another measure, that is fragility. Paper and clay can survive large amounts of neglect and punishment, but a stray electromagnetic discharge or microscopic rupture can render a digital library inaccessible or unrecognizable.
It stands to reason that storing permanent records in some immutable and indestructible medium would be ideal, something that, once altered to encode information, could never be altered again, either by an overwrite or destruction. Experience shows that such ideals are rarely realised, for example, with enough force and will, the hardest stone can be broken and the most permanent markings defaced.
In considering and ensuring digital permanence, you want to guard against two different failures, firstly the destruction of the storage medium, and secondly a loss of the integrity or ‘truthfulness’ of the records. Once you accept that no ideal medium exists, you can guard against both of these failures through redundancy. You can make a number of copies and isolate them in different ways so some of them can be counted on to survive any foreseeable disaster. With sufficient copies kept under observation through frequent audits and comparison, you can rely on a quorum of those copies to detect and protect the record from accidental or deliberate alteration.
The article goes on to look at how failures can be categorised, how risks can be mitigated, how accessibility can be maintained, and how you can still recover from ‘bitrot‘.
