Friday, April 30, 2021

mutable biometric auth - the really useful MBA

 o here's a thought. 


we now have reliable and safe mRNA for people. 

how about we use mRNA to teach our cells how to generate protein keys (key pairs) for crypto. We then have chip based readers that can check to see who we are (and we can build secure protocols for doing this that avoid obvious replay attacks etc), but without committing to using your actual DNA (or other biometrics) which, once compromised, cannot be changed.

chips that decode proteins are around - all the pieces are there. 

also, you don't get locked in to one provider (there are lots of people doing mRNA stuff, and we could even open source the mRNA system)....


seems like the way to go - 

before anyone tries to patent it:-)

Wednesday, March 24, 2021

Why not look at Augmented Human Intelligence, ahead of Artificial General Intelligence?

 As part of the Turing's AI UK Conference I was thinking about where we should be in 5,10,30 years

I'd like to see if we can reverse Frank Zappa's observation about scientists' incorrect belief that Hydrogen is the most abundant substance in the Universe, and rather, it is far exceeded by Human Stupidty.


Given peoples' blatant lack of discernment in social media, voting, and generally outrageously dumb collective behaviour, e.g. in the face of existential threats like climate and nuclear weapons, this seems like an urgent matter. and building AI to mimic humans seems, at this point, like a bit of a seriously losing proposition.


So how could we use AI to augment human intelligence? The trick is not to democratise the writing of black-box AI (giving people visual programming languages for convolutional Neural Networks is an even worse idea than increasing the world's population of buggy C, Python coders.

The idea is to make existing work on AI legible. Not just explainable, but teachable. so when making a decision, an augmented human might use an AI method, and at the end, not just no why it recommended what it did, and not only why, but how to internalise the knowledge and skill to use that method herself.

This is akin to the idea of the mentat characters in the novel, Dune. Humans carry out computational tasks, and computers have long since been banned after the fictional Butlerian Jihad, on the basis that they are unethical. In my view, that is somewhat of a limited view - we need to retain the AIs, but they become mentors.

To this end, we need to concentrate on AI tools and techniques that are intelligible not just explainable. So while simple ML tools like regression and random forests are ok, you also need tools like generalised PCA and probablistic programming systems, and Bayesian inferencing that clarifies confounders, and, if  we must go on using neural nets, at least SHAP, path-specific counterfactual reasoning and energy landscapes, to illustrate the reason for relationship between inputs and outputs. GANs fit here fine too Ultimately all these systems should really be a pair - a model, that is self-explanatory (e.g. physics, engineering, biological cause/effect) coupled with the statistical system that embeds the empirical validation of that model, and, possibly a hybrid of symbolic execution and data-driven systems. Of course, people in guru/hacker mode writing the next gen AI need to document their processes, including their values, as this is all part of making the results teachable/legible/learnable too.

In the end, these systems will also likely be vastly more efficient (green cred), but also intellectually, will contribute to human knowledge by exporting the generalisable models they uncover and make more precise, and allow humans to individually, and collectively, stop behaving like a bunch eejits.


Then we can let the AIs all wither away, as we won't need them any more.

Tuesday, March 09, 2021

The Genies that probably won't go back in the Bottle

 One discovery made about people in organisations using video conferencing was in the early days of the Defense Simulation Internet - this was about 30 years back (DSINet started around 91) and made extensive use of the Mbone technology to provide many-to-many real time video, audio and shared applications. One of the UIs for this had a prototype of the "hollywood squares" that many Zoom users will nowadays be familiar with, 

Most of the real users of this system were wargaming (the shared apps included highly detailed battlefield maps with animations of army vehicles etc). At some point, the generals got really upset because they noticed the rank-and-file were talking directly to each other, rather than up-and-down the chains of command. Students of history will know that such a peer-to-peer organisation was also how the anarchist brigades operated in the Spanish civil war - it is highly effective as it is highly resilient (there's no leader to decapitate, and it is lower latency to get information to the people who need it to make decisions and take action).

This all applies to any overly hierarchical organisation, be it university, company or indeed, entire nation states. We cut out those annoying pointless "leaders" who make the wrong decisions because they are a bottleneck, and swamped with either too much advice, or too many filters, or too many lobbyists distorting the information, The Internet may finally actually democratise socieity, but not as previously envisaged.

By the same lockdown token, people have more time to consider content delivered by digital communication. Consideration may lead to more nuanced decision making (e.g. not responding to clickbait, or believing fake news, or even taking care to remember who was responsible for these things and mentally marking their future utterances as suspect, or at least "to be fact checked carefully when I have time after this".

Evidence for the increasing discernment by the broad public can also be seen in the search for relatively subtle explanations of what is happening (rules for lockdown, vaccine safety etc) - where people would dismiss experts, they now much choose an expert who explains about exponential increases in cases when R0 is above one, or the nature of false positives and false negatives in different tests. This is because after a year of hearing experts and politicians, it is increasingly obvious whose explanations and predictions are based in some sort of discipline, and whose are just self-serving attempts to maintain a wobbly power base. 

You can fool some of the people some of the time, but 12 months in, everyone starts to realise who the real fools are. Or indeed, crooks.

Wednesday, December 09, 2020

attention deficit misorder

 In The Attention Merchants by Tim Wu, we heard about the cycle of technology and content and advertising that takes each new medium, and drives a race to the bottom in terms of increasing levels of commercials, and decreasing revenue, leading to worse and worse actual content, and eventually, a rapid fall off the cliff edge in terms of actual audience, who then move to the next tech - the book contains a plethora of historical examples from 19th century newspapers, through radio, on via television (see also four arguments for the elimination of television plus for the impact on actual journalism, see Flat Earth News), and finally, today, several generations of social media (MySpace, Facebook, Twitter, Instagam, TikTok...next?).

So a new factor in this is not just the very poor quality of advertising / infotainment, which is incented to lie about products, but now we have the new players heavily involved in daily spread of misinformation:- governments. Governments (especially populist ones) are one of the main sources of peacetime lies. We expected the Ministry of Information to spread propaganda during wartime, but now we have arrant nonsense distributed directly from the desks of Trump and Johnson, casting doubt on election results, undermining democratic choice during referenda, and destroying confidence in public health measures during a pandemic.

What is to be done? We need platforms that deliver a reliability metric about sources, not just fact check their individual utterances. This would move the prominence of repeat-offenders, lower and lower in every readers' feed - taking away the effectiveness of polarized clickbait.

Time for the EU to regulate?

Identity and Currency - Trust and Implementation

 A discussion recently about national digital identity systems revealed that some stakeholders feel they need to own the implementation and the deployed operational system, as well as the legal authority for the root of foundational identity.


We can discuss separately, the idea of self-sovereign identity, and the use of the social net (parents, friends&family, colleagues, situation etc) to build a fully peer-to-pee digital id system, without any need for central government agency - indeed, you can imagine having this, as well as a more "traditional" system, with birth certificates, passports, national insurance numbers, biometric data etc etc

but for  now, for the latter case: who should build and run the digital id infrastructure?

well, the analogy I want to draw is with currency. The national bank (e.g. Bank of England) underwrites the value of the national currency (coin of the realm, sterling). They also participate in various mechanisms to maintain the relative value of different national currencies (i.e. exchange rate mechanisms or the Gold Standard, etc).

But who mints cons/notes? Could be anyone really. Who makes the machines that do that minting? Whoever wins the contract. Why should digital id infrastructure be any different? For example, british passports contain digital information about the holder and are issued by Her Majesty's passport office, but are physically made by  Gemalto, owned by French firm Thales. In the past, anyone could issue banknotes (up til early 20th century!), but now the physical currency in the UK iis a monopoly, but of course there is a wide range of digital ways to store and transmit value as well, run by credit and debit card companies, and fully virtual currencies are legal in some countries.

So it seems that even a national, government approved or mandated or supported identity system could be outsourced. Indeed, many components of functional id based on some notional national id already are implemented and run (e.g. DVLA for driving licenses) by 3rd parties.

This also argues for why one needs to consider at least some level of federation for digital id systems to allow for moving provider, inter-operating, and even comprehending how  extreme federation such as self-sovereign systems can co-exist with more traditional centralised registeries and the vouchsafing of who you are.

Thursday, November 26, 2020

identity is not property - so how can you "steal" it?

 another poor metaphor (as with security theater, which isn't even poor stand-up), identity theft.

as with music piracy (aka p2p file sharing), you copy, you don't  take. but in this case, the metaphor of theft is even less apt, as identity has some deep roots (e.g. biometric attributes) and some more shallow (notarised documents like birth cerrtificates, passports) and some social contextual attributes (people vouch for you)


mistaken idenity (the mcguffin of many a fine play, film, book, but perhaps not song) is apt


but identity theft just isn't.

Thursday, November 19, 2020

Computational Thinking Considered Harmful.

 I was a big fan of Jeanette Wing's initiative on computational thinking - it came at a time when we were developing the computing at schools initiative and the Raspberry Pi and so on, and fitted in well with our optimism about how anyone could pretty much get to grips with the core ideas of reasoning in the style computer science has developed (not just logic/algorithmic, but also systems and many other sub-disciplines).

I'm now worried that what has happened is to enable people with the capacity to adopt the technology, much as with  nuclear and biological weapons (or going back further, gunpowder, TNT, or even just any projectile weapon, crossbow, longbow, slingshot etc) and now we have asymmetric warfare, but it is really asymmetric warfare by the few against society. Now we have people hacking on democracy, on trust in science, on social cohesion. 


I'm not talking about the PRC or the Kremlin.  I am talking about the unpleasant, sociopathic power-hungry in our midst. People that were put in their box by long fights to improve everyone's lot over since the enlightenment or even since the renaissance  (or whatever equivalent there was in your non European part of  the world).

People who have adopted the ways of thinking about problems in manners that let them scale-out,, rapidly. Crucially, for  which  we  as yet  have no effective defence (computationally thought out  or otherwise).

I think we need a Pugwash or Asilomar, or even a Butlerian Jihad against computational thinking without appropriate checks and balances.

Now this  is a very tricky proposition as it is quite different  from proposing ethical controls of dangerous technologies. It is about modes of thought. This hasn't been something people outside of ancient Mesopotamia or modern totalitarian states a la 1984  have considered. How to modulate computational  thinking so that it is inherently a moral  framework would be, for me, the thing we need urgently to do. 

Sunday, November 15, 2020

when people say Security Theater, just what do they think they mean?

Security Theater is a  terrible metaphor.

In theater, you suspend disbelief, sure, but that's so you believe  the characters are real, and  that the  characters are subject to true motives and actions are  in reaction too circumstances in  the universe of the play.

So when Macbeth falls for his personal initerpretation of the 3 witches predictions, this is true. and when Burnham Wood is come to Dunsinane, the attack/deception works.

Even the  twist at the end of a whodunnit like the venerable Mousetrap, or the   clever Sleuth (or indeed Whodunnit) catch you by surprise. 

If security  operatives employed techniques like this, they  would essentially be carrying out a mix of

a) real security

b) social engineering on the adversary.

No,  what people really mean is like the well-meaning uncle who says he'll entertain a room full of 9 year  old kids full of sugary drinks with a very  bad conjuring show that  they immediately see through. Not tragic or comic, not even really bathetic or pathetic. Just bad.

People go to the theater to be taken out of themselves. What people call security theater is stressful because it is transparently useless and incredibly boring at the same time. 

When you go parachute jumping or scuba diving and check your equipment, it is quite interesting. That's because theatrics only happen if you don't.

Blog Archive

About Me

My photo
misery me, there is a floccipaucinihilipilification (*) of chronsynclastic infundibuli in these parts and I must therefore refer you to frank zappa instead, and go home