New APPS

Art, Politics, Philosophy, Science. Mostly Philosophy.

recent posts

about

    • New Paper: Epistemic Injustice in Machine Learning Systems

      From the Department of Shameless Self-Promotion, here is the abstract for my new paper, "Dirty Data Labeled Dirt Cheap: Epistemic Injustice in Machine Learning Systems:"

      "Artificial Intelligence (AI) and Machine Learning (ML) systems increasingly purport to deliver knowledge about people and the world or to assist people in doing so.  Unfortunately, they also seem to frequently present results that repeat or magnify biased treatment of racial and other vulnerable minorities, suggesting that they are “unfair” to members of those groups.  However, critique based on formal concepts of fairness seems increasingly unable to account for these problems, partly because it may well be impossible to simultaneously satisfy intuitively plausible operationalizations of the concept and partly because fairness fails to capture structural power asymmetries underlying the data AI systems learn from.  This paper proposes that at least some of the problems with AI’s treatment of minorities can be captured by the concept of epistemic injustice.  I argue that (1) pretrial detention systems and physiognomic AI systems commit testimonial injustice because their target variables reflect inaccurate and unjust proxies for what they claim to measure; (2) classification systems, such as facial recognition, commit hermeneutic injustice because their classification taxonomies, almost no matter how they are derived, reflect and perpetuate racial and other stereotypes; and (3) epistemic injustice better explains what is going wrong in these types of situations than does (un)fairness."

      The path from idea to paper here was slow, but I hope the paper is convincing on the point that the literature on epistemic injustice can offer some needed resources for understanding harms caused by (some kinds of ) AI/algorithmic systems.

    • Just because the computer talks to you about its feelings doesn’t make it sentient

      By Gordon Hull

      UPDATE: 6/14: Here's a nice takedown ("Nonsense on Stilts") of the idea that AI can be sentient.

      I don’t remember where I read about an early text-based chatbot named JULIA, but it was likely about 20 years ago. JULIA played a flirt, and managed to keep a college student in Florida flirting back for something like three days.  The comment in whatever I read was that it wasn’t clear if JULIA had passed a Turing test, or if the student had failed one.  I suppose this was inevitable, but it appears now that Google engineer Blake Lemoine is failing a Turing test, having convinced himself that the natural language processing (NLP) system LaMDA is “sentient.”

      The WaPo article linked above includes discussion with Emily Bender and Margaret Mitchell, which his exactly correct, as they’re two of the lead authors (along with Timnit Gebru) on a paper (recall here) that reminds everyone that NLP is basically a string prediction task: it scrapes a ton of text from the Internet and whatever other sources are readily available, and gets good at predicting what is likely to come next, given a particular input text.  This is why there’s such concern about bias being built into NLP systems: if you get your text from Reddit, then for any given bit of text, what’s likely to come next is racist or sexist (or both).  The system may sound real, but it’s basically a stochastic parrot, as Bender, Gebru and Mitchell put it.

      So point one: LaMDA is not sentient, any more than ELIZA and JULIA were sentient, but chatbots are getting pretty good at convincing people they are.  Still, it’s disturbing that the belief is spreading to people like Lemoine who really, really ought to know better.

      (more…)

    • Base Rate Tracking often can’t fix algorithmic fairness

      By Gordon Hull

      As a criterion for algorithmic assessment, “fairness” has encountered numerous problems.  Many of these emerged in the wake of ProPublica’s argument that Broward County’s pretrial detention system, COMPAS, was unfair to black suspects.  To recall: In 2016, ProPublica published an investigation piece criticizing Broward County, Florida’s use of a software program called COMPAS in its pretrial detention system.  COMPAS produced a recidivism risk score for each suspect, which could then be used in deciding whether someone should be detained prior to their trial.  ProPublica’s investigation found that, among suspects that did not have a rearrest prior to their trial, black suspects were much more likely to have been rated as “high risk” for rearrest than white suspects.  Conversely, among suspects who were arrested a second time, white suspects were more likely to have been labeled “low risk” than black ones.  The system thus appeared to be discriminating against black suspects.  The story led to an extensive debate (for an accessible summary with cites, see Ben Green’s discussion here) over how fairness should be understood in a machine learning context.

      The debate basically showed that ProPublica focused on outcomes and demonstrated that the system failed to achieve separation fairness, which is met when all groups subject to the algorithm’s decisions receive the same false negative/positive rate.  The system failed because “high-risk” black suspects were much more likely than white to be false positives.  In response, the software vendor argued that the system made fair predictions because among those classified in the same way (high or low risk), both racial groups exhibited the predicted outcome at the same rate.  In other words, among those classified as “high risk,” there was no racial difference in how likely they were to actually be rearrested.  The algorithm thus satisfied the criterion of sufficiency fairness.  In the ensuing debate, computer scientists arrived at a proof that, except in very limited cases, it was impossible to simultaneously satisfy both separation and sufficiency fairness criteria.

      In the meantime, on the philosophy side, Brian Hedden has argued that a provably fair algorithm could nonetheless be shown to potentially violate 11 of 12 possible fairness conditions.  In a response piece, Benjamin Eva showed the limits of the twelfth with a different test and proposed a new criterion:

      (more…)

    • Clearview settles Facial Recognition Case

      Luke Stark argues that Facial recognition should be treated as the “plutonium of AI” – something so dangerous that it’s use should be carefully controlled and limited.  If you follow  the news, you’ll know that we’re currently treating it as the carbon dioxide of AI, a byproduct of profit-making that doesn’t look too awful on its own until you realize its buildup could very well cause something catastrophic to happen.  Activists have worried about this pending catastrophe for a while, but lots of big money supports facial recognition, so they have thrown up a smokescreen of distractions – in one case, Facebook denied that its phototagging software in fact recognized faces (!) – in order to lull everyone into accepting it.

      One of the worst offenders is a secretive company called Clearview, whose business model is to scrape the web of all the pictures it can find and then sell the technology to law enforcement.  The company even has an international presence: in one disturbing instance, the Washington Post documents the use of its technology by Ukrainians to identify dead Russian soldiers by way of their Instagram and other social media accounts, and then sometimes to contact their families.  More generally, the Post revealed internal documents showing that the company' database is nearing 100 billion images and that "almost everyone in the world will be identifiable."  They're going all-in; the Post reports that "the company wants to expand beyond scanning faces for the police, saying in the presentation [obtained by the WP] that it could monitor 'gig economy' workers and is researching a number of new technologies that could identify someone based on how they walk, detect their location from a photo or scan their fingerprints from afar."

      Clearview is also one of a cohort of companies that has been sued for violating Illinois’ Biometric Information Privacy Act (BIPA).  BIPA, uniquely among American laws, requires opt-in assent for companies to use people’s biometric information (the Facebook case is central to my argument in this paper (preprint here); for some blog-level discussion see here and here).  Of course, BIPA is a state-level law, so its protections do not automatically extend to anyone who lives outside of Illinois.  That’s why yesterday’s news of a settlement with the ACLU is really good news.  The Guardian reports:

      Facial recognition startup Clearview AI has agreed to restrict the use of its massive collection of face images to settle allegations that it collected people’s photos without their consent.  The company in a legal filing Monday agreed to permanently stop selling access to its face database to private businesses or individuals around the US, putting a limit on what it can do with its ever-growing trove of billions of images pulled from social media and elsewhere on the internet. The settlement, which must be approved by a federal judge in Chicago, will end a lawsuit brought by the American Civil Liberties Union and other groups in 2020 over alleged violations of an Illinois digital privacy law. Clearview is also agreeing to stop making its database available to Illinois state government and local police departments for five years. The New York-based company will continue offering its services to federal agencies, such as US Immigration and Customs Enforcement, and to other law enforcement agencies and government contractors outside Illinois.

      Of course, the company denies the allegations in the lawsuit, and insists that it was just in the process of rolling out a “consent-based” product.  Ok, sure!  This is still a win for privacy and for one of the very few pieces of legislation in the U.S. that has any chance of limiting the use of biometric data.

    • Yet another terrible AI idea

      People make snap judgments about those they see the first time – mentally categorizing someone as friendly, threatening, trustworthy, etc.  Most of us know that those impressions are idiosyncratic, and suffused with cultural biases along race, gender and other lines.  So obviously I know what you’re thinking… we need an AI that do that, right?  At least that’s what this new PNAS paper seems to think (h/t Nico Osaka for the link).  The authors start right in with the significance:

      “We quickly and irresistibly form impressions of what other people are like based solely on how their faces look. These impressions have real-life consequences ranging from hiring decisions to sentencing decisions. We model and visualize the perceptual bases of facial impressions in the most comprehensive fashion to date, producing photorealistic models of 34 perceived social and physical attributes (e.g., trustworthiness and age). These models leverage and demonstrate the utility of deep learning in face evaluation, allowing for 1) generation of an infinite number of faces that vary along these perceived attribute dimensions, 2) manipulation of any face photograph along these dimensions, and 3) prediction of the impressions any face image may evoke in the general (mostly White, North American) population”

      Let’s maybe think for a minute, yes?  Because we know that people make these impressions on unsound bases!

      First, adversarial networks are already able to produce fake faces that are indistinguishable from real ones.  Those fake faces can now be manipulated to appear more or less trustworthy, hostile, friendly, etc.  When you make fake political ads, for example, that’s going to be useful.  Already 6 years ago, one “Melvin Redick of Harrisburg, Pa., a friendly-looking American with a backward baseball cap and a young daughter, posted on Facebook a link to a brand-new website,” saying on June 8, 2016 that “these guys show hidden truth about Hillary Clinton, George Soros and other leaders of the US. Visit #DCLeaks website. It’s really interesting!” Of course, both Melvin Redick and the site he pointed to were complete fabrications by the Russians.  Now we can make Melvin look trustworthy, and Clinton less so.

      Second, the ability to manipulate existing face photos is a disaster-in-waiting.  Again, we saw crude efforts with this before – making Obama appear darker than he is, for example.  But here news photos could be altered to make Vladimir Putin appear trustworthy, or Mr. Rogers untrustworthy.  This goes nowhere good, especially when combined with deepfake technology that already takes people out of their contexts and puts them in other ones (disproportionately, so far, women are pasted into porn videos, but the Russians recently tried to produce a deepfake of Zelensky surrendering.  Fortunately that one was done sloppily).

      Third, and I think this one is possibly the scariest, what about scanning images to see whether someone will be assessed as trustworthy?  AI-based hiring is already under-regulated!  Now employers will run your photo through the software and make customer-service hiring decisions based on who customers will perceive as trustworthy.  What could go wrong?

      All of this of course assumes that this sort of software actually works.  The history of physiognomic AI, which uses all sorts of supposedly objective cues to determine personality and which is basically complete (usually racist) bunk suggests that the science is probably not as good as the article acts like.  So maybe we’re lucky and this algorithm does not actually work as advertised.  Of course, the fact that AI software is garbage doesn't preclude its being used to make people's lives miserable.  Just consider the bizarre case of VibraImage.

      But don’t worry.  The PNAS authors are aware of ethics, noting that “the framework developed here adds significantly to the ethical concerns that already enshroud image manipulation software:”

      “Our model can induce (perceived) changes within the individual’s face itself and may be difficult to detect when applied subtly enough. We argue that such methods (as well as their implementations and supporting data) should be made transparent from the start, such that the community can develop robust detection and defense protocols to accompany the technology, as they have done, for example, in developing highly accurate image forensics techniques to detect synthetic faces generated by SG2. More generally, to the extent that improper use of the image manipulation techniques described here is not covered by existing defamation law, it is appropriate to consider ways to limit use of these technologies through regulatory frameworks proposed in the broader context of face-recognition technologies.” 

      Yes, the very effective American regulation of privacy does inspire confidence!  Also, “There is also potential for our data and models to perpetuate the biases they measure, which are first impressions of the population under study and have no necessary correspondence to the actual identities, attitudes, or competencies of people whom the images resemble or depict.”

      Do you think?  As Luke Stark put it, facial recognition is the “plutonium of AI:” very dangerous and with very few legitimate uses.  This algorithm belongs in the same category, and should similarly be regulated like nuclear waste.  For example, as Ari Waldman and Mary Anne Franks have written, one of the problems with deepfakes is that the fake version gets out there on the internet, and it is nearly impossible to make it go away (if you even know about it).  Forensic software gets there too late, and those without resources aren’t going to be able to deploy it anyway.  Lawsuits are even less useful, since they're time-consuming and expensive to pursue, and lots of defendants won't be jurisdictionally available or have pockets deep enough to make the chase worth it.  In other words, not everybody is going to be able to defend themselves like Zelensky, who both warned about deepfakes and was able to produce video of himself not surrendering.  In the meantime, faked and shocking things generally get diffused faster and further than real news.  After all, “engagement” is the business model of social media.  Further, to the extent that people stay inside filter bubbles (like Fox News), they may never see the forensic corrections, and they probably won’t believe the real one is real, even if they do.

      And as for reinforcing existing biases, Safiya Noble already wrote a whole book on how algorithms that guess what you’re probably thinking about someone can do just that.

    • Copyright Office gets this right…

      in refusing to grant copyright registration to an AI creation.  I suspect this one to be litigated for a while, since the person who has been trying to get protection for the picture has declared limiting copyright to human authors as something that would be unconstitutional (I also think it would be pretty entertaining to watch somebody try to float that argument in front of the current Supreme Court).  A good article on why this sort of thing is going to be a problem, and an interesting way of parsing law's traditional 'mental state' requirement, is here.

    • AI Colonialism

      First read this piece by Abeba Birhane, who warns about neocolonial exploitation of people in Africa by AI and big tech.

      Then read this detailed account of content moderation for Facebook in Kenya and abuse of the workers involved.

    • IRS to start using Facial Recogntion Technology

      If you want to use their website; WaPo has the story here.  But it's one of those public/private partnerships where data leaks and hacks and thefts happen.  To their credit, the Post went to Joy Buolamwini, whose work proved that facial recognition systems work best on white men and worst on Black women.  But even a perfectly functioning system is frightening.  First, it would unquestionably worsen the divide between those who have good Internet and those who don't, making convenient access to tax records contingent on having a sufficient income and computing skills.  Also, of course, facial recognition is bad – the potential for misuse is so great, and the record is so permanent, that Woody Hartzog and Evan Selinger argue it ought to be legally impossible to consent to. (for an overview of the debate, see Selinger and Leong here).

      One of the biggest problems with data is that it gets leaked and hacked, of course, but another big problem is that companies sell it to pretty much whoever arrives with cash.  The company handling IRS facial recognition claims they'll turn it over to law enforcement, but the Post says there's no federal law proscribing what they can do with it.  And they're switching companies and authentication strategies because of a massive data breach at Equifax a few years ago. So its not like nobody has ever heard of a data breach.

      Oh, and ID.me, the company getting the contract, totally wants to sell you stuff:

      "But advertising is a key part of ID.me’s operation, too. People who sign up on ID.me’s website are asked if they want to subscribe to “offers and discounts” from the company’s online storefront, which links to special deals for veterans, students and first responders. Consumer marketing accounts for 10 percent of the company’s revenue."

      What could possibly go wrong? Well, if you look up the ID.me privacy policy, you discover that most of the usual things can go wrong.  For example, they don't police 3rd party use of the data, which they encourage you to opt-in to:

      "To avoid any confusion, Users should understand that, while we own and operate the Service and Website, we do not own or operate websites owned and operated by third parties who may avail themselves of the ID.me Service (collectively referred to hereafter as the “Third-Party Websites”). This Privacy Policy is intended to inform Users about our collection, use, storage, and disclosure, destruction and disposal of information that we collect or record in the course of providing the Website and the ID.me Service. Please note, we are not responsible for the privacy practices of Third-Party Websites and they are under no obligation to comply with this Privacy Policy. Before visiting Third-Party Websites, and before providing the User’s ID.me or any other information to any party that operates or advertises on Third-Party Websites, Users should review the privacy policy and practices of that website to determine how information collected from Users will be handled. Please further note, depending on a User’s particular interaction with us (e.g., Users who solely navigate the Website versus Users who create an account and use the ID.me Service at Third-Party Websites), different portions of this policy may apply to Users at different times."

      Also, they reserve the right to change their privacy policy at any time, and it's your job to read it frequently to see:

      "If we decide to change this Privacy Policy, we will post those changes to this page so that you are aware of what information we collect, how we use it, and under what circumstances, if any, we disclose it. We reserve the right to modify this Privacy Policy at any time, so please review it frequently. If we make material changes to this policy, we will notify you here, by email, or by means of notice on our home page."

      That's item 1 on the policy.  Nothing else matters.  This is typical corporate privacy boilerplate that lets them do whatever they want with your facial biometric information.  Good job IRS!

       

       

    • SCOTUS and Social Murder

      The SCOTUS decision yesterday striking down OSHA’s vaccine mandate is based on some of the most sophomoric reasoning the Court has issued in a long time.  And I am aware of what Court I’m talking about.  The gist of the argument is that OSHA is only authorized to enact safety rules that protect someone’s at their place of occupation.  But this is a public health rule because Covid also occurs outside the workplace, ergo etc.

      But of course work is one of the main places that you can get Covid, as Justin Feldman documents (he also shows that the predominance of workplace transmission helps to explain the disproportionate impact on non-white folks).  The fact that vaccination also protects you outside of work is nice but not the point.  I have a ladder at home.  I don’t know the OSHA rules, but I bet there’s some covering the construction and use of ladders at work.  If those rules cause ladder manufacturers to make a safer product, that also protects me at home.  But it’s a little hard to explain how that standard doesn’t meet the statutory mandate of protecting people who use ladders in their occupation (the dissent cites several more such examples).   What’s wrong with positive externalities?

      The Court opines:

      “It is telling that OSHA, in its half century of existence, has never before adopted a broad public health regulation of this kind—addressing a threat that is untethered, in any causal sense, from the workplace.”

      Well, duh.  We haven’t had a global pandemic like Covid during the existence of OSHA!  In the meantime, if you read court opinions very often, you learn to expect documentation of bold factual assertions like that one.  But there is no footnote explaining how there is no causal relation between the threat of Covid and the workplace.  That’s because a credible such footnote cannot be written.  As the dissent points out, “because the disease spreads in shared indoor spaces, it presents heightened dangers in most workplaces,” citing OSHA’s documentation of the risks and reminding that majority that Courts are supposed to be deferential in cases like this.  Congress even allocated money to OSHA  to address workplace hazards (dissent, p. 8).  In short,

      “The agency backed up its conclusions with hundreds of reports of workplace COVID–19 outbreaks—not just in cheek-by-jowl settings like factory assembly lines, but in retail stores, restaurants, medical facilities, construction areas, and standard offices.” (dissent, p. 9)

      We also know that SCOTUS doesn’t even believe its own rhetoric about workplace risk: the justices are all vaccinated, all but Gorsuch wore masks to oral arguments on this case (prompting Sotomayor to participate from her chambers), and court policy is that arguing attorneys have to take a Covid test the day before, and argue remotely if positive.  Attorneys are also supposed to wear KN95 masks when in the Courtroom except when actually speaking.  One of the attorneys arguing against the mandate even had to appear remotely because he had Covid!  So workplace safety is apparently a thing that SCOTUS has heard of – it’s just not one they deem fit to extend to workers who have less control over their environment.

      In the meantime, Gorsuch took the time to write a concurrence tediously saying that states might have authority for public health, and that the nondelegation doctrine “ensures democratic accountability by preventing Congress from intentionally delegating its legislative powers to unelected officials.”  Perhaps now is the time to remember that SCOTUS is unelected, and seems to enjoy its own antidemocratic powers quite a bit: this the Court that ordered the Biden administration to reinstate the Remain in Mexico policy, even though that’s foreign policy, traditionally the province of the democratically elected executive (remember, the Court kept trying to greenlight Trump’s border wall with the fake border Caravan emergency, even though Congress specifically withheld funding for it).  This is also the same Justice Gorsuch who was appointed by the minoritarian Senate at the invitation of Donald Trump because Mitch McConnell refused to consider the nomination of the person who was democratically-elected president at the time of the vacancy. (Gorsuch also pontificates about the “major questions doctrine,” which is supposed intervene when an “agency may seek to exploit some gap, ambiguity, or doubtful expression in Congress’s statutes to assume responsibilities far beyond its initial assignment.”  But since the Court made no effort to prove that a vaccination mandate would not improve workplace safety and instead tries to show that the mandate improved safety everywhere, this rhetoric should be filed under the ‘I’m going to cite myself in anti-regulatory rulings in the future” dept).

      There is one bit of hope in the opinion, in this paragraph:

      “That is not to say OSHA lacks authority to regulate occupation-specific risks related to COVID–19. Where the virus poses a special danger because of the particular features of an employee’s job or workplace, targeted regulations are plainly permissible. We do not doubt, for example, that OSHA could regulate researchers who work with the COVID–19 virus. So too could OSHA regulate risks associated with working in particularly crowded or cramped environments. But the danger present in such workplaces differs in both degree and kind from the everyday risk of contracting COVID–19 that all face. OSHA’s indiscriminate approach fails to account for this crucial distinction—between occupational risk and risk more generally—and accordingly the mandate takes on the character of a general public health measure, rather than an “occupational safety or health standard.” 29 U. S. C. §655(b) (emphasis added).” (slip op, p. 7)

      The Biden administration should immediately institute revised standards mandating vaccination in places with disproportionately high Covid rates.  There’s been research on that; as CNBC reports of the study:

      “The top five occupations that had higher than a 50% mortality rate increase during the pandemic include cooks, line workers in warehouses, agricultural workers, bakers and construction laborers.”

      Feldman links to some other high risk groups.  But the Biden administration needs to immediately call the Court’s bluff.   Will SCOTUS reverse itself here and go full-on Lochner and declare that the baking profession is unregulable?

      Marx had lots of words for how the capitalist class treated the lives of workers as disposable.  Engels had the better expression: “social murder.”  How many workers did the right-wing majority in SCOTUS kill yesterday?  “OSHA estimated that in six months the emergency standard would save over 6,500 lives and prevent over 250,000 hospitalizations” (dissent, p. 11), and that number was derived before Omicron emerged. As the dissent sums it up:

      “Underlying everything else in this dispute is a single, simple question: Who decides how much protection, and of what kind, American workers need from COVID–19? An agency with expertise in workplace health and safety, acting as Congress and the President authorized? Or a court, lacking any knowledge of how to safeguard workplaces, and insulated from responsibility for any damage it causes?”

      There’s definitely a separation of powers problem emerging, but it’s not the one the Court’s conservatives want you to think about.

    • Can Datasets be Governed Like Public Utilities?

      By Gordon Hull

      Machine Learning (ML) applications learn by repetition.  That is, they come to recognize what, say, a chair looks like, by seeing lots of images of chairs that have been correctly labeled as such.  Since the machine is trying to figure out a pattern or set of characteristics that distinguish chairs from other objects, the more chairs it sees, the better it will perform at its task.  This collection of labeled chairs is the algorithm’s “training data.”   There are notorious problems with bias in training data due to underrepresentation of certain groups.  For example, one study found that datasets designed to train ML to recognize objects performed poorly in developing countries, most likely due to underrepresentation of images from those places; when combined with pictures labeled in English, and the fact that standard Western commodity forms of household objects might look very different in the developing world, the ML was stumped.  Most famously in this country, facial recognition software performs best at identifying white men and worst at identifying Black women.  ImageNet, which is widely used for object recognition purposes, employees a hierarchy of labels that include calling a child wearing sunglasses a “failure, loser, non-starter, unsuccessful person” but also differentiates between assistant and associate professors.  Despite these and many other problems, massive datasets are essential for training ML applications.

      For this reason, datasets have been called “infrastructural” for machine learning, defined as follows:

      “Infrastructure is characterized, we argue, by a set of core features: it is embedded into, and acts as the foundation, for other tools and technologies; when working as intended for a particular community, it tends to seep into the background and become incorporated into routines; the invisibility of infrastructure, however, is situated – what is natural or taken for granted from one perspective may be highly visible or jarring from another; though frequently naturalized, infrastructure is built, and thus inherently contextual, situated, and shaped by specific aims.”

      If AI is cars and buses and trains that do what we want, the datasets it trains on shape the roads and paths where those roads go, provide their material basis, become thereby incorporated into higher level routines like search, and tend to disappear into the background when not actively used.  But just like other examples of infrastructure – say, the bridges over the Long Island Freeway – infrastructure can embed priorities and affordances.  In this sense, dataset infrastructures have a politics, and serve as platforms on which applications are built.

      (more…)