Slashdot Mirror

← Back to Stories (view on slashdot.org)

Is It Illegal to Trick a Robot? (ssrn.com)

Posted by ryuzaki0 on from the pranks-on-programmers dept.

An anonymous reader writes: Can you get into trouble under anti-hacking laws for tricking machine learning...? A new paper by security researchers and legal experts asks whether fooling a driverless car into seeing a stop sign as a speed sign, for instance, is the same as hacking into it.
The original submission asks another question -- "Do you have inadequate security if your product is too easy to trick?" But the paper explores the possibility of bad actors who deliberately build a secret blind spot into a learning system, or reconstruct all the private data that was used for training. One of the paper's authors even coded DNA that corrupts gene-sequencing software and takes control of its underlying computer, and the researchers ultimately warn about the dangers of "missing or skewed security incentives" in the status quo.

"Our aim is to introduce the law and policy community within and beyond academia to the ways adversarial machine learning alter the nature of [cracking] and with it the cybersecurity landscape."

36 of 82 comments (clear)

  1. Stop sign by religionofpeas · · Score: 4, Insightful

    Modifying a stop sign with the purpose of fooling a self-driving car is similar to someone tampering with a stop sign to fool human drivers, and can be handled with existing laws.

    1. Re:Stop sign by iggymanz · · Score: 1

      indeed manslaughter convictions have been made for tampering with or removing road signs; existing law covers this

    2. Re:Stop sign by michelcolman · · Score: 2

      Obligatory xkcd

      "Those things would also work on human drivers. What's stopping people now?

    3. Re: Stop sign by javaman235 · · Score: 3, Interesting

      AIs can be tricked with things way different than what would fool human mind:

      https://www.google.com/amp/s/w...

      --
      -The art of programming is the pursuit of absolute simplicity.
    4. Re: Stop sign by iggymanz · · Score: 1

      indeed that turtle looks like a certain model of crossbow not a firearm, if I saw its outline on a T-ray scanner at an airport that passenger would be up against the wall getting frisked

    5. Re:Stop sign by AmiMoJo · · Score: 1

      A few years back some lady painted her bird box yellow. It looked kinda like a speed camera from a distance. Pretty effective against human drivers.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    6. Re:Stop sign by mark-t · · Score: 1

      The effort required to do so.

      It happens to be a whole lot easier to trick machines than people.

      --
      File under 'M' for 'Manic ranting'
    7. Re:Stop sign by currently_awake · · Score: 2

      Attempts to teach a computer to spot military vehicles resulted in flagging all "Rainy" pictures as containing military vehicles, because all the learning photos had that. If you inserted a small christmas tree near every stop sign used to train the robot car, it might not recognize stop signs without one. That is not the same as disguising a stop sign, and probably not illegal under current law.

    8. Re: Stop sign by c6gunner · · Score: 1

      It happens to be a whole lot easier to trick machines than people.

      Millions of magicians and scam artists would beg to differ. Hell, there's a reason why the biggest weakness in computer security has always been the lump of meat sitting in front of the keyboard (aka "social engineering").

    9. Re:Stop sign by religionofpeas · · Score: 1

      That is not the same as disguising a stop sign, and probably not illegal under current law.

      Current law also considers intent of your actions. If you purposefully create a situation where people end up in danger, then it is illegal.

    10. Re: Stop sign by iggymanz · · Score: 1

      Wow,I didn't know we were driving cars for 1 million years. Damn. So that's how homo erectus spread over 3 continents so fast, they just went "ungah bungah.... ROAD TRIP!"

      Explains why we find so many of their teeth and bones too, since safety belts in automobiles weren't common until the mid 20th century.

  2. How far does the biology analogy really go? by DRJlaw · · Score: 3, Informative

    The answer is probably going to depend upon one word:

    Computer Fraud and Abuse Act (18 USC 1030):
    (a) Whoever--
    (5)
    (A) knowingly causes the transmission of a program, information, code, or command, and as a result of such conduct, intentionally causes damage without authorization, to a protected computer;

    Can you convince judges that "cause the transmission" should only mean active electronic transmission, or can prosecutors convince judges that "cause the transmission" should have the same epidemiological sense as causing the transmission of a virus, worm, etc, regardless of means.

    1. Re:How far does the biology analogy really go? by DRJlaw · · Score: 1

      I think you could easily argue, in the case of a fake stop sign, that the computer was not so protected.

      I think that you'd lose that argument in a heartbeat.

      Per 1830(e)(2)(B), a "protected computer" means one "which is used in or affecting interstate or foreign commerce or communication, including a computer located outside the United States that is used in a manner that affects interstate or foreign commerce or communication of the United States."

      Self-driving cars engage in interstate travel just like human-driven cars.

    2. Re:How far does the biology analogy really go? by RhettLivingston · · Score: 1

      As others have stated, there are many better criminal statutes that would apply to this situation. There are laws specifically protecting street signs, and it seems like other much more serious crimes against persons would be provable if the worst were to happen. But,

      A stop sign is a command input that is transmitted to the cameras. I would think that intentionally changing that command input in a manner designed to cause any problem with the computer is no different than exploiting any other exposed interface of a computer. How is it different from a man-in-the-middle network attack? Or sending an RF signal (technically just a different band) to the car to break into its network and command it to accelerate?

      In the bigger picture, I believe we went the wrong way with this and other computer-related law. The necessary laws were already in place and just needed some clarification. We should have made it clear that electronically trespassing on and damaging property or interfering with services provided from that property is no different than physically doing so. Then we could just apply existing B&E, theft, burglary, vandalism, trespassing and other laws to the virtual world.

    3. Re:How far does the biology analogy really go? by Bing+Tsher+E · · Score: 1

      My swiss army knife 'engages in interstate travel' if I carry it in my pocket into another state.

    4. Re:How far does the biology analogy really go? by parkinglot777 · · Score: 1

      My swiss army knife 'engages in interstate travel' if I carry it in my pocket into another state.

      Does your swiss army knife drive itself through states? Or you are carrying it through? How about self driving car, does it drive itself? Or it is being carried through states? Please don't try giving nonsensical comparison. Your knife has no direct relation to traveling on a road. If you want to make a joke, be more direct.

    5. Re:How far does the biology analogy really go? by Bing+Tsher+E · · Score: 1

      My swiss army knife is directed through state borders under my control.

      Sometimes I might also have a box of oranges in the back of my car as I travel across a state border.

      I can't recall ever traveling to another state without being on a road, though I do remember in my youth that we hiked into Canada once.

  3. At some point, it can't be... by RyanFenton · · Score: 1

    There's going to be kids that are going to see videos and attempt to recreate any flaw - just like there's plenty of pennies smashed on train tracks over the years (not really dangerous, but if kids could be jailed for intent...), there's going to be flaws in any automated system by random folks you can't "teach a lesson to."

    One of the biggest purposes of having an automated system approaching computerization ("robot", if that's what gets clicks), is that you can spot flaws, and ALTER the system to better adapt to changing needs, rather than rely on pure punishment to cover faults.

    Related Obligitory XKCD:
    https://xkcd.com/1958/

    Folks can use the power of misleading information to kill eachother in a lot of ways, poison and war being classic examples - and yeah, those should be punished, but they should also be used to make systems that work better.

    Overall, these things still make the world better, and less randomly susceptible to harm. The analogue equivalent has more holes in virtually every case, we're just more used to them. From almost all past technology (non-weapon) , we're better off after going through the learning process than if we feared it forever, or remained only conservative in our approach.

    So yeah - punish folks that have actual intent to harm just like anything, but you can't stop folks from playing with the world around them, and the new stuff in it.

    Ryan Fenton

  4. Not a security issue by tomhath · · Score: 2

    Is cutting the brake lines on a car a security issue? Of course not. But it is a crime.

  5. Re: Is it illegal trick a neural net? by javaman235 · · Score: 3, Interesting

    Exactly. Just saw this article on advertisers and behavior control. It cited how people respond to the smell of disinfectant by keeping a room cleaner, cited it as a sort of mental weakness. Of course non-sociopathic people, on smelling disinfectant, will take it as a sign someone really wants the room clean, and thus keep it clean as a courtesy and possible medical safety thing...But advertisers see this sort of thing as a behavioral switch, and would feel free to place disinfectant smells in a businesses just to get that behavior. The whole mode of thinking behind advertising is the kind of manipulation that could lead AI astray.

    --
    -The art of programming is the pursuit of absolute simplicity.
  6. Re:Same as with people by Rei · · Score: 1, Offtopic

    Trying again...

    --
    "99 dead duelists of Dios on the wall. 99 dead duelists of Dios! Take one's ring, pass it around..."
  7. Re:Same as with people by Paradise+Pete · · Score: 1

    Add some gator-misspellings to that sign and it would be a Far Side comic.

  8. Comment removed by account_deleted · · Score: 1

    Comment removed based on user account deletion

  9. Re: Like all things by c6gunner · · Score: 1

    I'm honestly curious as to how these self driving or driverless cars handle traffic light outages or intersections that just have blinking yellow lights in small towns like where i live.

    Same way as human drivers. Road rules are a pretty simple system; do you honestly imagine that the engineers behind the technology managed to "teach" the car to recognise traffic lights, but somehow forgot to include programming on what to do if they're out?

  10. Re: well i can see this taking off as a new nation by c6gunner · · Score: 1

    6. Enjoy a free anal cavity search after the authorities check the footage from the dozens of cameras festooned all over the truck.

  11. Existing laws cover it by Local+ID10T · · Score: 1

    Existing laws cover such behavior. Expect charges ranging from Malicious Mischief to Vandalism to Terrorism depending on how vindictive the prosecutor feels.

    --
    "You want to know how to help your kids? Leave them the fuck alone." -George Carlin
  12. Re:yes by Carewolf · · Score: 1

    yes it's illegal to cause traffic accidents. be it by defacing signs, stealing stop signs, or screwing with the road markers. this is not even a question.

    What if you cause it by wearing a custume looking like a stop sign to a computer, but like a custome to a human?

  13. Comment removed by account_deleted · · Score: 1

    Comment removed based on user account deletion

  14. Killbot by dohzer · · Score: 1

    Are we talking about robots that are going to kill you?

  15. Directive 4 by TheDarkener · · Score: 1

    "bad actors who deliberately build a secret blind spot" - Reminds me of Robocop's "Directive 4". I dunno why.

    --
    It is pitch black. You are likely to be eaten by a grue.
  16. Re: Yes. That is exactly the kind of bugs we see h by c6gunner · · Score: 1

    If you were designing a system to deal with unserviceable or intermittent traffic lights, what would you do?

    Are you saying you can't think of a way too deal with it?

    Or are you saying that you can, but you're so stuck up that you think none of the people working on this stuff are as smart as you?

  17. but is it "knowingly" by Mozai · · Score: 1
    How will a court tell the difference between:
    * someone knowingly and intentionally circumventing security, and
    * when the robot has a flaw and behaves unexpectedly.

    I can see some companies maknig accusations of malicious interference as a way to save face.

  18. Re: Is it illegal trick a neural net? by Reverend+Green · · Score: 1

    It's a little worrying that some of the companies with the most advanced AI research are actively hostile to privacy and freedom. Everyone knows this is going to end in a horrific disaster - it's kinda obvious. Yet seemingly many people consider the prospect of slightly cheaper taxi rides to be totally worth the risk.

  19. Re: well i can see this taking off as a new nation by Reverend+Green · · Score: 1

    Better empty the truck fast. When it detected your robbery it called in a drone strike.

  20. Re: In my state, embarrassment is being made illeg by Reverend+Green · · Score: 1

    Gulag FTW!

  21. Re:yes by parkinglot777 · · Score: 1

    yes it's illegal to cause traffic accidents. be it by defacing signs, stealing stop signs, or screwing with the road markers. this is not even a question.

    What if you cause it by wearing a custume [sic] looking like a stop sign to a computer, but like a custome [sic] to a human?

    Remember, intention is the key. If you were going to a costume party, dress up like that, and on the way to the party, then it is not your fault but rather the AI. On the other hand, if you just dress up like that and stand along a road/street where self driving cars often time go by, then it could be illegal depending on how they interpret your intention (and likely you would be at fault).