The cybersecurity QA trifecta of fail that may burn down the world

The road to hell...

If AI/ML is to identify and relatively de-promote or entirely eliminate invective and divisive opinions, and make the internet a calmer, better place, that's a worthy aspiration. It's also at risk of being a form of censorship. Clearly it's already happening when algorithms make a choice to de-promote calmer and less emotive voices, and they are being partially censored. You can use the term "moderation" because it sounds better, but it's the same thing.

If the proposal is to formalise this to moderate the internet to be a better place, that's a worthy aspiration. It does however beg some questions, such as who makes the rules, what are the rules, and what if these rules are at odds with democracy at the ballot box, or indeed with the way decisions are made in those cultures who don't see much benefit from Western-style democracy?

Some more pragmatic concerns would be to ask where's the emergency stop button for when algo's suddenly start producing outcomes that weren't intended, and how performance will be maintained when state forces seek to manipulate them?

Loony bin in the bagging area

It looks like our modern Plug & Pray tech is tremendously effective at the algorithmic fostering of batshit crazyness, especially for extremes and "outliers" in the spectrum of human psychoses IMHO. To the schizo-loner it seems to offer: You're out of it weirdo, go murder some kids or something (Sandy Hook, Southport). And to the mindless hormonal herdster: You're in, join our beastly mob violence of outrage and aggression (Charlottesville, Southport).

One can only hope that folks in-between remain less damaged by these species-leaping blood-thirsty malwares (for the survival of the species!).

Rage against the subjective machine

A few weeks ago I was having a lovely chat with someone about how they were fundraising to help homeless people. Suddenly it switched and they went off on a rant about immigration, shoot them before they get off the boats they were saying, no apparent awareness whether I might not agree or share their view. Perhaps they just assumed I would.

Last week a similar thing happened with another person I don't see very often, seemed like they were permanently plugged in to twitter. Their phone would ping and they'd be making comments condemning far right violence, then suddenly celebrating violence against Israel. Then we had an airing of views about supposed trans boxers in the Olympics, and "the trans agenda". They'd be upset if they knew what pronouns I was using for them here... ;) Again, no apparent thought to what I might think or feel about any of it. It was just awkward.

I believe it's healthy when we talk about our beliefs and values with people who have different beliefs and values, and I get into that kind of conversation occasionally with people I know. It doesn't have to be heated and it challenges you to examine ideas which might not be immediately intuitive to you. I think there's a societal norm now that we avoid those discussions to avoid awkwardness, which I understand. It's not always appropriate. But a hallmark of someone caught in an echo chamber has to be obliviousness to the views of others.

That said, I don't think having conviction is a bad thing, because some things are right and some things are not. But that is subjective, and I find myself considering the things which make me angry, even the music I listen to, and wondering where my own blind spots are.

FWIW

There is already a non-trivial amount of work trying to understand radicalization & social networks: notably, I just happened to see this, but there is older work out there.

Quantifying the vulnerabilities of the online public square to adversarial manipulation tactics

Truong et.al, PNAS Nexus 3(7), 258 (2024).

https://doi.org/10.1093/pnasnexus/pgae258

Abstract: Social media, seen by some as the modern public square, is vulnerable to manipulation. By controlling inauthentic accounts impersonating humans, malicious actors can amplify disinformation within target communities. The consequences of such operations are difficult to evaluate due to the challenges posed by collecting data and carrying out ethical experiments that would influence online communities. Here we use a social media model that simulates information diffusion in an empirical network to quantify the impacts of adversarial manipulation tactics on the quality of content. We find that the presence of hub accounts, a hallmark of social media, exacerbates the vulnerabilities of online communities to manipulation. Among the explored tactics that bad actors can employ, infiltrating a community is the most likely to make low-quality content go viral. Such harm can be further compounded by inauthentic agents flooding the network with low-quality, yet appealing content, but is mitigated when bad actors focus on specific targets, such as influential or vulnerable individuals. These insights suggest countermeasures that platforms could employ to increase the resilience of social media users to manipulation.

A problem for us isn't a problem for them

Various social media platforms get better engagement through outrage. Detecting and removing outraging material is against their interests, and expecting them to come up with an effective means of doing so isn't reasonable in their view.

Then of course there's the way that many very rich people find the culture wars useful to prevent action against their growing fortunes, or outright agree with the reactionary nutcases (Lachlan Murdoch, Elon Musk).

Basically 'challenging' AI/ML to solve the problem is up against a lot more problems than technical ability to do so. If you come up with a way then the people in charge of implementing it have incentives to undermine it.

Why expect them to?

The idea that we should give capitalists all the power, and expect them to act in the best interests of society is completely naive.

The only answer is for us all to run the algorithms to block this stuff, eg. by training our own AIs from Hugging Face on what we want want blocked. Or we could take the power from the capitalists in a more direct way.

The article is good - but it fails to draw the final conclusion.

AI is currently unreliable. The article reports several blunders. More are reported every day. This appears to be an intrinsic feature of the technology, and fixing it seems unlikely.

Poor quality in cybersecurity can cause serious problems. The article mentions this clearly. Everyone has tales of antiviruses doing more damage than viruses.

Given those two facts, is AI feasible as the equivalent of good cybersecurity for our social communication?

Isn't it more likely that it would be the equivalent of poor cybersecurity? With all the false positive, false negatives, and miscellaneous annoyances?

IMHO, that's the conclusion that the article should draw.

Personally, I prefer to screen incoming memetic malware at my brain.

My main firewall rule involves discarding, or quarantining for careful examination, anything that appears to be created with the intent of making me angry about something. Also, anything where the content creator is assuming that anyone who disagrees must be either stupid or corrupt.

That alone gets rid of most attacks on my mind.

I'd start at banning algorithmic social media feeds then see how things go from there. Maybe it wouldn't be enough but I think it would make the problem a lot smaller.

Time to re-evaluate what's really important?

Software has two fundamental properties. One is that its complexity is optional, the other is that it never wears out. A piece of code that runs reliably now will continue to run in the indefinite future, it only starts to become unreliable because the conditions that it runs in change. These changes could be due to hardware deterioration but most of the time they're due to updates to other software running on the same machine. All too often these updates are not improving the functionality of the machine, they're just there to provide armies of programmers something to do and companies something to sell. Its this spiral of often unnecessary fixes on fixes that's killing us, consuming huge amounts of productive effort but not actually getting anything done.

This, with more detail, should be a Black Hat presentation.