Slashdot Mirror
Is It Illegal to Trick a Robot? (ssrn.com)
An anonymous reader writes:
Can you get into trouble under anti-hacking laws for tricking machine learning...? A new paper by security researchers and legal experts asks whether fooling a driverless car into seeing a stop sign as a speed sign, for instance, is the same as hacking into it.
The original submission asks another question -- "Do you have inadequate security if your product is too easy to trick?" But the paper explores the possibility of bad actors who deliberately build a secret blind spot into a learning system, or reconstruct all the private data that was used for training. One of the paper's authors even coded DNA that corrupts gene-sequencing software and takes control of its underlying computer, and the researchers ultimately warn about the dangers of "missing or skewed security incentives" in the status quo.
"Our aim is to introduce the law and policy community within and beyond academia to the ways adversarial machine learning alter the nature of [cracking] and with it the cybersecurity landscape."
The original submission asks another question -- "Do you have inadequate security if your product is too easy to trick?" But the paper explores the possibility of bad actors who deliberately build a secret blind spot into a learning system, or reconstruct all the private data that was used for training. One of the paper's authors even coded DNA that corrupts gene-sequencing software and takes control of its underlying computer, and the researchers ultimately warn about the dangers of "missing or skewed security incentives" in the status quo.
"Our aim is to introduce the law and policy community within and beyond academia to the ways adversarial machine learning alter the nature of [cracking] and with it the cybersecurity landscape."
Pretty sure this was a plot of a Star Trek episode. If it's good enough for Capt. Kirk, it's good enough for anyone else.
Someone has to die before anything is taken seriously. Or just write an obnoxious memo that reveals who you really are.
Modifying a stop sign with the purpose of fooling a self-driving car is similar to someone tampering with a stop sign to fool human drivers, and can be handled with existing laws.
Is it illegal to replace a "Danger: Alligators" sign with "Designated Swimming Area" to trick gullible tourists?
The answer is probably going to depend upon one word:
Computer Fraud and Abuse Act (18 USC 1030):
(a) Whoever--
(5)
(A) knowingly causes the transmission of a program, information, code, or command, and as a result of such conduct, intentionally causes damage without authorization, to a protected computer;
Can you convince judges that "cause the transmission" should only mean active electronic transmission, or can prosecutors convince judges that "cause the transmission" should have the same epidemiological sense as causing the transmission of a virus, worm, etc, regardless of means.
Messing with street signs are NOT legal in the first place.
Faking or modifying your apearance, gender, or voice to get access, discounts ect. is probably not elegal as long as it is within certain limits without actually comitting identity fraud.
Because then, ALL of marketing, sales, for-profit business, PR, lobbyism, propaganda, lying / malicious concealment, etc is a crime. As is all malicious communication.
Iâ(TM)d say: Obviously yes.
But then again, would normal life even be possible without it? And how would that look like?
There's going to be kids that are going to see videos and attempt to recreate any flaw - just like there's plenty of pennies smashed on train tracks over the years (not really dangerous, but if kids could be jailed for intent...), there's going to be flaws in any automated system by random folks you can't "teach a lesson to."
One of the biggest purposes of having an automated system approaching computerization ("robot", if that's what gets clicks), is that you can spot flaws, and ALTER the system to better adapt to changing needs, rather than rely on pure punishment to cover faults.
Related Obligitory XKCD:
https://xkcd.com/1958/
Folks can use the power of misleading information to kill eachother in a lot of ways, poison and war being classic examples - and yeah, those should be punished, but they should also be used to make systems that work better.
Overall, these things still make the world better, and less randomly susceptible to harm. The analogue equivalent has more holes in virtually every case, we're just more used to them. From almost all past technology (non-weapon) , we're better off after going through the learning process than if we feared it forever, or remained only conservative in our approach.
So yeah - punish folks that have actual intent to harm just like anything, but you can't stop folks from playing with the world around them, and the new stuff in it.
Ryan Fenton
Is cutting the brake lines on a car a security issue? Of course not. But it is a crime.
*if any of that technology actually existed outside of science fiction*. Calling this legitimate query should probably carry some kind of penelaty though, at least a smack in the head and some kind of clown prize.
That definition will decide where all of the issues fall, really.
A food delivery service in our area offered a 25% discount for first time users.
A friend of mine discovered that one could obtain the discount by using a different email and an invented phone number.
It worked until the deliveries had a problem and they had to ring the (non-existent) number.
When they rang him for a third time, the food delivery service realised what was going on and threatened my friend with legal consequences.
Not sure what the law is actually allowed to do here.
1. pick a secluded road
2. wait for driverless deliverytruck to come.
3. put up a fake stopsign or tutn on a fake red light.
4. empty out al the "free stuff".
5. switch to green and see it drive of in to the sunset...
Comment removed based on user account deletion
In my state, embarrassment is being made illegal.
Just because you don't do harm, doesn't make it legal.
But if you "hack" into a device by accessing a public interface that the org doesn't know about and report that to a newspaper, they want jail time if you didn't get prior, written, approval, by everyone and GOD before hand. Even if there isn't any financial gain or any real damages.
They are trying to make it illegal to embarrass someone.
The law is being proposed so the state doesn't look stupid when they leave interfaces online and don't properly secure it. And while they are doing this, other large financial companies are pushing for it because embarrassment about their poor security causes real impacts.
6. Enjoy a free anal cavity search after the authorities check the footage from the dozens of cameras festooned all over the truck.
Hell, I'm still waiting for robots that will trick. Life is sex. If life isn't sex for you, you're already downslope on the way to dead.
Anything other than sexbots is just noise.
Both are just machines.
Existing laws cover such behavior. Expect charges ranging from Malicious Mischief to Vandalism to Terrorism depending on how vindictive the prosecutor feels.
"You want to know how to help your kids? Leave them the fuck alone." -George Carlin
yes it's illegal to cause traffic accidents. be it by defacing signs, stealing stop signs, or screwing with the road markers. this is not even a question.
What if you cause it by wearing a custume looking like a stop sign to a computer, but like a custome to a human?
Intentionally causing death is murder and not hacking particularly, so is covered by existing law. Intentionally causing property damage is vandalism. Letting your car crash into a signpost that says "road "on it has to have some liability attached to it as well I would think.
First offense, you'd probably be charged with misdemeanor "Impeding the flow of traffic" and you'd probably have to pay at least a few hundred dollars.
Second offense, you'd probably see the inside of a jail cell for at least a few weeks.
Third offense, they're probably find some way to call it a felony (domestic terrorism?) and send your ass to prison.
That will work great until you piss off the redneck stuck behind the automated cars that you're messing with.
Comment removed based on user account deletion
What are you talking about? They'll be pissed off anyway because SDCs won't ever go 1 mile per hour above the posted speed limit, so they'll probably pass it, legal or not. Oh and by the way that'll be one of the great failings of SDCs that will kill the whole market for them anyway: they'll all drive like grannies on their way to church on Sunday, even if you're late for work or an appointment, and there will be NOTHING the passengers will be able to do about it. People will try to return them, be told they can't, then they'll either sue or they'll sell them and get a regular car instead. So between killing people and fucking up people's lives the whole idea will kill itself off, LOL.
It is very often the trivial, blatant, facepalm-worthy bugs that do happen.
So yeah, I fully expect the system to come apart because that light is neither off nor on and in a state, but constantly changing between a state and off. Shit like that WILL happen.
Due to the simple fact that an AI-like algorithm dies not have a human lifeâ(TM)s experience at his disposal. (Nor do teh programmers, probably ;) ... nobody is perfect.
And even if
Are we talking about robots that are going to kill you?
Harmfulness mist be a prerequisite. There is good manipulation too.
The hard part is, to define what is harmful and what is good, as every person sees that differently.
And I'm not am.egoistical gasshole, so everyone's view is equally valid to me. Even though I might not agree.
The only nearly perfectly fair.solution I've found, is to separate people with disagreeing views. E.g. if all murderer got together and formed a murderer-only country on som uninhabited island, that would be their right. (And it would be my right to embargo them, or stop them.from entering mine.)
The catches are, that somebody might see THAT as getting harmed and that not every person is a full individual, and who decides what is harm for them? (E.g. imagine the murderer society having childreen and mentally disabled people.)
We have plenty if non-AI robots now. Let's say you fool a speed camera by altering your vehicle or plate. Is that a crime? It certainly is. The State takes a dim view of circumventing traffic control devices. What about smart power meters? If you hack that meter even by non-invasive means to read less than your real power consumption is that a crime? Yes, it's actually fraud.
"bad actors who deliberately build a secret blind spot" - Reminds me of Robocop's "Directive 4". I dunno why.
It is pitch black. You are likely to be eaten by a grue.
If you were designing a system to deal with unserviceable or intermittent traffic lights, what would you do?
Are you saying you can't think of a way too deal with it?
Or are you saying that you can, but you're so stuck up that you think none of the people working on this stuff are as smart as you?
well skimasks are quite popular i guess.
i guess its like when people steal amazon deliveries. how many get caught?
/. lacks a preview function on mobile, and touchscreen keyboards are cancer.
* someone knowingly and intentionally circumventing security, and
* when the robot has a flaw and behaves unexpectedly.
I can see some companies maknig accusations of malicious interference as a way to save face.
The woman killed by Uber is guilty of tricking the robot into believing she was a stationary bush at the side of the road.
As a wealthy white liberal who employs thousands of illegal immigrants every year to pick my crops, I can say there is a correlation between immigrant rights and robot rights. I don't want a bunch of rednecks beating up my illegal immigrants whom I need to keep me wealthy, just as I don't want a bunch of ludites breaking my robots that I need to replace my expensive illegal labor with. Remember if you live in the states the government works not for the masses but the campaign donors. My money is being funneled into the political system to ensure that being anti robot is just as racist as being anti immigrant.
Better empty the truck fast. When it detected your robbery it called in a drone strike.
Gulag FTW!