Disruptive Proactivity

I had a ticket for Max Tegmark’s lecture in Cambridge last night, and then comments by Vasili Arkhipov’s family on being awarded the Future of Life prize. Hopefully we will get through the week without CSER needing to award another one…

A new version of AlphaGo has demonstrated that without any training data, in only 4 days, it can learn to beat every other human and machine ever.

As such Google DeepMind is now close to demonstrating something important: any system can be learnt by a machine to the extent that it is simulated. Given a desire, go takes less than a week on Google’s publicly available TPUs (for free – and if you don’t want to use google, Amazon rent GPU access at $0.90/hour – pocketmoney prices).

Every gambling machine in places where you can point a mobile phone camera at them can turn into a profit centre (for players, not owners)…  Throw enough iterations at a simulator, and you can game the whole thing.

The law is designed to be entirely predictable, especially tax law and loopholes.

What else in society collapses when someone who cares can simulate it enough to know they can optimise for themselves? In hardware time, it will cost pennies to simulating how to minimise your taxes next year, with the ability to add/remove items (goats!) for benefits.

As a result, everything purely rule based is close to being being gamed on a massive automated scale – by anyone who cares to do it (or, after a while, just install an app built by someone else for immediate gain). Processing purely by brute force – as spam was to email – it is just a matter of time. How much time is possibly guessable from how long it takes the DeepMind AIs to go from an AI that plays chess with no knowledge of the rules, to discovering castling.

For existential risk friends, given the published bans on certain DNA sequences being synthesised directly, what is the most likely to pass regulations but when combined can turn into something banned? Rules that should never be gamed must be tested against such things.

I would hope Google’s Project Zero has a copy of the tools to run across packets and data structures to find remotely executable bugs. If they don’t, someone else will. (and if they are, I’ve got an idea you may want to try).

Every set of rules that are written down can fail, which includes both computer code and law.  AI has finally got institutions to understand data, but it’s unclear what all the consequences of that will be (for the data, and the institutions, and the AIs).

A digital economy and the next mySpace

The Data Protection Act (1998) underlies the whole of our digital economy. It is entirely clear that it is not necessarily going entirely well. While GDPR protects EU citizens from a range of things, action using data can be regulated differently – we choose what facebook is able to advertise not through data protection law.

The wide concern is not that facebook sold socially divisive ads to the Russians to sow discord, it’s that they lie about their own effectiveness. It’s not that YouTube’s algorithms promote videos claiming the Las Vegas shooting was a hoax, it’s that they sell so many ads against it that they don’t want to fix it. It’s not that Google DeepMind screwed up with 1.6 million people’s medical records, it’s that they haven’t publicly said what they did do with them. It’s not that twitter abuse is targeted by a tiny majority at a vast swathe of informed voices, it’s that twitter’s metrics value an abusive automated voice more than the real human that made twitter what it was. The examples continue.

If this is how the big public tech companies screwed up (in a week), why would we expect any more of any other bit of tech?

As the flaws in data protection, “privacy shield”, and advertising becomes entirely apparent, the failure of the current behemoths to protect data subjects will be the competitive advantage for the next round of comparison. By 2021, will facebook be remembered as the second myspace?

Too rich to fall is true, until it is no longer true.

To all things, there comes a time. There will be a facebook competitor which makes facebook as irrelevant as myspace.  We may not know whom, or what, yet, but we can set standards for what responsible data processors and networks do. Therein lies a competitive advantage when someone develops the next iteration of a cultural tool. And the mechanisms we have to develop tools are very different to what they were.

Facebook and Google have no sense of corporate ethos to appeal to. (That is not to say that some/many individuals within those companies do not – they most certainly do).  Their institutional paranoia removes all humanity – it will be up to another organisation to do better.

Age Verification is just months away from becoming the law and, for all the criticisms to date, opposition to it has been ineffective. When the ‘cookie law’ was introduced in 2011, it was expected by regulators and others that a good design would supplant the initial one, which is merely compliant. That did not happen. To avoid Age Verification becoming the new cookie law, there needs to be a design pattern that offers privacy as a benefit, not as a burden.

Age Verification is a narrow form of ‘identity assurance’ – where only one attribute (age) need be defined. The method by which this is done is not prescribed, but it would be perverse were the desire for privacy and protection to create more new databases and even more risk. And these issues have been solved before, replacing the ID card and scheme with Verify; that infrastructure is rolling out EU-wide, and can be reused.

Given GDPR, the patterns should be as shown to the right:

Users get a choice of skipping verification this time – and being asked against next time – or the ability to verify their age with a separate service which will provide the website with a single attribute of confirmation:

“The user is over the age you need them to be” (i.e. 13 / 16 / 18 / 21 / 65).

There is nothing else a site needs to store in order to be completely compliant with this requirement of the GDPR: when a site sends a user to a verification service, the user only comes back with a token signed by the service if they are of the required age. Simple!

Such services should follow the EU’s eIDAS Regulation and the UK’s GOV.UK Identity Assurance standards, i.e. reusing credentials that already exist (also providing an incentive for countries to finish deployment). Whether an adult is approving a site for themselves, or for a child for whom they are responsible, would be a record held by the verification service.

If facebook and Google want to get into the ID assurance game, then that’s OK too; but they must also only provide the same answer, and no provider can be preferred over any other. Each assurer must, of course, be insured.

While we suggest the “GDPR_Age_Verification” as an HTML button ID, we suggest W3C and browser vendors agree a standard name.

If you provide a service that can validate age or parental responsibility internally, where you simply need to know that parental permission has been asserted for the child, the second button can link to a page with a unique reference code – so the URL for that page can be sent to the parent or carer, who can log in on a different device. When the parent then logs in using their credentials, they are asked to confirm responsibility, approval, and (optionally) any other parental-control settings you wish to offer. The child should not be expected to know their parent’s username.

As better prototypes emerge, we’ll link to them from here. (If you are a company looking for changes in order to implement this, our friends at Projects By IF are the design house to talk to.)

In the UK, we also have PornID

While GDPR is EU-wide, the UK is also requiring Age Verification for adult sites from 2018. The same privacy-preserving design above also applies here.

The Verify programme has had no permanent lead for over a year – it is managed only “temporarily” – which means GDS has no coherent view on a critical technology policy inside Government; this is a failing that can be laid solely at the feet of the current GDS leadership.

The Manifesto on which the UK Government was elected in 2017 is clear. Multiple political policies are now interacting with clear political will – ‘PornID’, GDPR, Verify – yet there is no leadership to deliver services that meet the stated and legally-mandated need.

There is rightly concern at the creation of a vast database of porn habits; yet the Verify model protects privacy throughout, such that no party knows too much about any other party. The service need know only one thing: if it sends a browser session to a Verify service, it will only come back verified if the user is of the required age.

Given the punitive fines for failures, any such infrastructure and all assertions should be insured, and re-insurable. Verify was designed to meet such standards; anything else providing such a service must also do so.

Verify was also designed for commercial reuse, so why not re-use it? (And thereby meet the usage targets that GDS has set itself.) The only reason appears to be lack of political desire, despite the fact it was political desires that decided this should be done.

• This post also appears on Phil Booth’s blog.