Entries Tagged "crime"

Page 7 of 39

When Thinking Machines Break the Law

Last year, two Swiss artists programmed a Random Botnot Shopper, which every week would spend $100 in bitcoin to buy a random item from an anonymous Internet black market…all for an art project on display in Switzerland. It was a clever concept, except there was a problem. Most of the stuff the bot purchased was benign­—fake Diesel jeans, a baseball cap with a hidden camera, a stash can, a pair of Nike trainers—but it also purchased ten ecstasy tablets and a fake Hungarian passport.

What do we do when a machine breaks the law? Traditionally, we hold the person controlling the machine responsible. People commit the crimes; the guns, lockpicks, or computer viruses are merely their tools. But as machines become more autonomous, the link between machine and controller becomes more tenuous.

Who is responsible if an autonomous military drone accidentally kills a crowd of civilians? Is it the military officer who keyed in the mission, the programmers of the enemy detection software that misidentified the people, or the programmers of the software that made the actual kill decision? What if those programmers had no idea that their software was being used for military purposes? And what if the drone can improve its algorithms by modifying its own software based on what the entire fleet of drones learns on earlier missions?

Maybe our courts can decide where the culpability lies, but that’s only because while current drones may be autonomous, they’re not very smart. As drones get smarter, their links to the humans that originally built them become more tenuous.

What if there are no programmers, and the drones program themselves? What if they are both smart and autonomous, and make strategic as well as tactical decisions on targets? What if one of the drones decides, based on whatever means it has at its disposal, that it no longer maintains allegiance to the country that built it and goes rogue?

Our society has many approaches, using both informal social rules and more formal laws, for dealing with people who won’t follow the rules of society. We have informal mechanisms for small infractions, and a complex legal system for larger ones. If you are obnoxious at a party I throw, I won’t invite you back. Do it regularly, and you’ll be shamed and ostracized from the group. If you steal some of my stuff, I might report you to the police. Steal from a bank, and you’ll almost certainly go to jail for a long time. A lot of this might seem more ad hoc than situation-specific, but we humans have spent millennia working this all out. Security is both political and social, but it’s also psychological. Door locks, for example, only work because our social and legal prohibitions on theft keep the overwhelming majority of us honest. That’s how we live peacefully together at a scale unimaginable for any other species on the planet.

How does any of this work when the perpetrator is a machine with whatever passes for free will? Machines probably won’t have any concept of shame or praise. They won’t refrain from doing something because of what other machines might think. They won’t follow laws simply because it’s the right thing to do, nor will they have a natural deference to authority. When they’re caught stealing, how can they be punished? What does it mean to fine a machine? Does it make any sense at all to incarcerate it? And unless they are deliberately programmed with a self-preservation function, threatening them with execution will have no meaningful effect.

We are already talking about programming morality into thinking machines, and we can imagine programming other human tendencies into our machines, but we’re certainly going to get it wrong. No matter how much we try to avoid it, we’re going to have machines that break the law.

This, in turn, will break our legal system. Fundamentally, our legal system doesn’t prevent crime. Its effectiveness is based on arresting and convicting criminals after the fact, and their punishment providing a deterrent to others. This completely fails if there’s no punishment that makes sense.

We already experienced a small example of this after 9/11, which was when most of us first started thinking about suicide terrorists and how post-facto security was irrelevant to them. That was just one change in motivation, and look at how those actions affected the way we think about security. Our laws will have the same problem with thinking machines, along with related problems we can’t even imagine yet. The social and legal systems that have dealt so effectively with human rulebreakers of all sorts will fail in unexpected ways in the face of thinking machines.

A machine that thinks won’t always think in the ways we want it to. And we’re not ready for the ramifications of that.

This essay previously appeared on Edge.org as one of the answers to the 2015 Edge Question: “What do you think about machines that think?”

EDITED TO ADD: The Random Botnet Shopper is “under arrest.”

Posted on January 23, 2015 at 4:55 AMView Comments

Loitering as a Security System

In Kyoto, taxi drivers are encouraged to loiter around convenience stores late at night. Their presence reduces crime.

In Kyoto about half of the convenience stores had signed on for the Midnight Defender Strategy. These 500 or so shops hung posters with slogans such as “vigilance strengthening” written on them in their windows. These signs are indicators to taxi drivers that they are allowed to park there as long as they like during breaks. The stores lose a few parking spaces in the process but gain some extra eyes which may be enough to deter a would-be bandit from making their move.

Since the program started in September 2013 the number of armed robberies among participating stores dropped to four compared to 18 in the previous year. On the other hand, the shops which were not in the Midnight Defender Strategy saw an increase in robberies, up from seven to nine incidents compared to the year before. Overall the total number of robberies was nearly halved in the prefecture.

Hacker News thread.

Posted on January 5, 2015 at 7:10 AMView Comments

More Crypto Wars II

FBI Director James Comey again called for an end to secure encryption by putting in a backdoor. Here’s his speech:

There is a misconception that building a lawful intercept solution into a system requires a so-called “back door,” one that foreign adversaries and hackers may try to exploit.

But that isn’t true. We aren’t seeking a back-door approach. We want to use the front door, with clarity and transparency, and with clear guidance provided by law. We are completely comfortable with court orders and legal process—front doors that provide the evidence and information we need to investigate crime and prevent terrorist attacks.

Cyber adversaries will exploit any vulnerability they find. But it makes more sense to address any security risks by developing intercept solutions during the design phase, rather than resorting to a patchwork solution when law enforcement comes knocking after the fact. And with sophisticated encryption, there might be no solution, leaving the government at a dead end—all in the name of privacy and network security.

I’m not sure why he believes he can have a technological means of access that somehow only works for people of the correct morality with the proper legal documents, but he seems to believe that’s possible. As Jeffrey Vagle and Matt Blaze point out, there’s no technical difference between Comey’s “front door” and a “back door.”

As in all of these sorts of speeches, Comey gave examples of crimes that could have been solved had only the police been able to decrypt the defendant’s phone. Unfortunately, none of the three stories is true. The Intercept tracked down each story, and none of them is actually a case where encryption foiled an investigation, arrest, or conviction:

In the most dramatic case that Comey invoked—the death of a 2-year-old Los Angeles girl—not only was cellphone data a non-issue, but records show the girl’s death could actually have been avoided had government agencies involved in overseeing her and her parents acted on the extensive record they already had before them.

In another case, of a Louisiana sex offender who enticed and then killed a 12-year-old boy, the big break had nothing to do with a phone: The murderer left behind his keys and a trail of muddy footprints, and was stopped nearby after his car ran out of gas.

And in the case of a Sacramento hit-and-run that killed a man and his girlfriend’s four dogs, the driver was arrested in a traffic stop because his car was smashed up, and immediately confessed to involvement in the incident.

[…]

His poor examples, however, were reminiscent of one cited by Ronald T. Hosko, a former assistant director of the FBI’s Criminal Investigative Division, in a widely cited—and thoroughly debunked—Washington Post opinion piece last month.

In that case, the Post was eventually forced to have Hosko rewrite the piece, with the following caveat appended:

Editors note: This story incorrectly stated that Apple and Google’s new encryption rules would have hindered law enforcement’s ability to rescue the kidnap victim in Wake Forest, N.C. This is not the case. The piece has been corrected.

Hadn’t Comey found anything better since then? In a question-and-answer session after his speech, Comey both denied trying to use scare stories to make his point—and admitted that he had launched a nationwide search for better ones, to no avail.

This is important. All the FBI talk about “going dark” and losing the ability to solve crimes is absolute bullshit. There is absolutely no evidence, either statistically or even anecdotally, that criminals are going free because of encryption.

So why are we even discussing the possibility to forcing companies to provide insecure encryption to their users and customers?

The EFF points out that companies are protected by law from being required to provide insecure security to make the FBI happy.

Sadly, I don’t think this is going to go away anytime soon.

My first post on these new Crypto Wars is here.

Posted on October 21, 2014 at 6:17 AMView Comments

These Pickpocket Secrets Will Make You Cry

Pickpocket tricks explained by neuroscience.

So while sleight of hand helps, it’s as much about capturing all of somebody’s attention with other movements. Street pickpockets also use this effect to their advantage by manufacturing a situation that can’t help but overload your attention system. A classic trick is the ‘stall’, used by pickpocketing gangs all over the world. First, a ‘blocker’, walks in front of the victim (or ‘mark’) and suddenly stops so that the mark bumps into them. Another gang member will be close behind and will bump into both of them and then start a staged argument with the blocker. Amid the confusion one or both of them steal what they can and pass it to a third member of the gang, who quickly makes off with the loot.

I’ve seen Apollo Robbins in action. He’s very good.

Posted on July 8, 2014 at 6:22 AMView Comments

Creating Forensic Sketches from DNA

This seems really science fictional:

It’s already possible to make some inferences about the appearance of crime suspects from their DNA alone, including their racial ancestry and some shades of hair colour. And in 2012, a team led by Manfred Kayser of Erasmus University Medical Center in Rotterdam, the Netherlands, identified five genetic variants with detectable effects on facial shape. It was a start, but still a long way from reliable genetic photofits.

To take the idea a step further, a team led by population geneticist Mark Shriver of Pennsylvania State University and imaging specialist Peter Claes of the Catholic University of Leuven (KUL) in Belgium used a stereoscopic camera to capture 3D images of almost 600 volunteers from populations with mixed European and West African ancestry. Because people from Europe and Africa tend to have differently shaped faces, studying people with mixed ancestry increased the chances of finding genetic variants affecting facial structure.

Kayser’s study had looked for genes that affected the relative positions of nine facial “landmarks”, including the middle of each eyeball and the tip of the nose. By contrast, Claes and Shriver superimposed a mesh of more than 7000 points onto the scanned 3D images and recorded the precise location of each point. They also developed a statistical model to consider how genes, sex and racial ancestry affect the position of these points and therefore the overall shape of the face.

Next the researchers tested each of the volunteers for 76 genetic variants in genes that were already known to cause facial abnormalities when mutated. They reasoned that normal variation in genes that can cause such problems might have a subtle effect on the shape of the face. After using their model to control for the effects of sex and ancestry, they found 24 variants in 20 different genes that seemed to be useful predictors of facial shape (PLoS Genetics, DOI: 10.1371/journal.pgen.1004224).

Reconstructions based on these variants alone aren’t yet ready for routine use by crime labs, the researchers admit. Still, Shriver is already working with police to see if the method can help find the perpetrator in two cases of serial rape in Pennsylvania, for which police are desperate for new clues.

If I had to guess, I’d imagine this kind of thing is a couple of decades away. But with a large enough database of genetic data, it’s certainly possible.

Posted on March 28, 2014 at 6:22 AMView Comments

Brian Krebs

Nice profile of Brian Krebs, cybersecurity journalist:

Russian criminals routinely feed Mr. Krebs information about their rivals that they obtained through hacks. After one such episode, he began receiving daily calls from a major Russian cybercriminal seeking his files back. Mr. Krebs is writing a book about the ordeal, called “Spam Nation,” to be published by Sourcebooks this year.

In the meantime, hackers have been competing in a dangerous game of one-upmanship to see who can pull the worst prank on Mr. Krebs. They often steal his identity. One opened a $20,000 credit line in his name. Admirers have made more than $1,000 in bogus PayPal donations to his blog using hacked accounts. Others have paid his cable bill for three years with stolen credit cards.

The antics can be dangerous. In March, as Mr. Krebs was preparing to have his mother over for dinner, he opened his front door to find a police SWAT team pointing semiautomatic guns in his direction. Only after his wife returned home from the grocery store to find him handcuffed did the police realize Mr. Krebs had been the victim of “swatting.” Someone had called the police and falsely reported a murder at their home.

Four months after that, someone sent packets of heroin to Mr. Krebs’s home, then spoofed a call from his neighbor to the police. But Mr. Krebs had already been tipped off to the prank. He was tracking the fraud in a private forum—where a criminal had posted the shipment’s tracking number ­- and had alerted the local police and the F.B.I.

Posted on February 20, 2014 at 4:09 PMView Comments

What Information Are Stun Guns Recording?

In a story about a stolen Stradivarius violin, there’s this:

Information from a stun gun company, an anonymous tip and hours of surveillance paved the way for authorities to find a stolen 300-year-old Stradivarius violin in the attic of a Milwaukee home, police said Thursday.

[…]

Taser International, the maker of the stun gun used in the attack, “provided invaluable information” that the FBI tracked down in Texas and ultimately led police to Universal Allah, a Milwaukee resident, Police Chief Edward Flynn said Thursday.

The criminals stunned a musician as he was leaving a show at church, and drove off with his multimillion-dollar violin. What information could the stun gun company give the police that would be invaluable? Is it as simple as knowing who purchased the weapon, which was dropped at the scene? Or something weirder?

EDITED TO ADD (2/18): This may be it:

As the Milwaukee Police and the FBI began to conduct the investigation they reached out to us at TASER in order to identify possible suspects in the case. This was accomplished thanks to our Anti-Felon Identification tags (AFID). The AFID program enforces accountability for each use of a TASER device. This system releases dozens of confetti-sized markers upon discharge of a CEW cartridge. Each AFID contains a serial number that tracks back to the original purchaser of the cartridge. The large number of AFIDs and their small size makes it impractical to clean up. Therefore, law enforcement can pick up one AFID and contact TASER International for a complete trace on the serial number.

At the time of purchase, we verify the identity and background of the prospective buyer with the understanding that we will not release the information and it will be kept confidential unless a TASER device is used in the commission of a crime. This information proved invaluable during the investigation on the Stradivarius violin. “We worked very closely with TASER International who provided us invaluable information that the FBI was able to track down for us in Texas,” said Chief Flynn, “That information led us to an individual who had purchased this device.”

Posted on February 18, 2014 at 8:30 AMView Comments

1971 Social Engineering Attack

From Betty Medsger’s book on the 1971 FBI burglary (page 22):

As burglars, they used some unusual techniques, ones Davidon enjoyed recalling years later, such as what some of them did in 1970 at a draft board office in Delaware. During their casing, they had noticed that the interior door that opened to the draft board office was always locked. There was no padlock to replace, as they had done at a draft board raid in Philadelphia a few months earlier, and no one in the group was able to pick the lock. The break-in technique they settled on at that office must be unique in the annals of burglary. Several hours before the burglary was to take place, one of them wrote a note and tacked it to the door they wanted to enter: “Please don’t lock this door tonight.” Sure enough, when the burglars arrived that night, someone had obediently left the door unlocked. The burglars entered the office with ease, stole the Selective Service records, and left. They were so pleased with themselves that one of them proposed leaving a thank-you note on the door. More cautious minds prevailed. Miss Manners be damned, they did not leave a note.

Posted on February 5, 2014 at 6:02 AMView Comments

1 5 6 7 8 9 39

Sidebar photo of Bruce Schneier by Joe MacInnis.