Originally published at: https://boingboing.net/2019/12/04/fundamental-critique.html
Second wave Algorithmic Accountability: from "What should algorithms do?" to "Should we use an algorithm?"
Originally published at: https://boingboing.net/2019/12/04/fundamental-critique.html
Can someone write an algorithm to answer this question.
If 1=1 THEN
ALGORITHM = BAD
SHOULD_USE = FALSE
My compiler says that you can’t assign a value to a const.
“Why would we ask if this is a good idea? We barely check to see if this is going to work.”
(I’m thinking of machine learning here, which I’m certain we’re going to see applied to numerous sets of data where it doesn’t even make sense.)
I wish people who write articles like this would find out what the word “algorithm” means, or at least stop using it as a synonym for “computer program.” They have very different meanings.
For example, a facial recognition program is not an algorithm. It is, at best, a heuristic – sometimes it works, sometimes it doesn’t. A program that calculates the square root of a number is an algorithm.
This misuse of “algorithm” is becoming, at least for me, one of the markers of ignorance about computers. A good Computer Science degree program will include at least one semester course about algorithms.
I have an (honorary) doctorate in Computer Science and I’m perfectly aware of the formal definition of “algorithm.” I’m also a writer who is aware of the colloquial meaning of the word. Finally, I’m a commentator who is capable of navigating both.
Algorithms can (and often do!) rely on heuristics and/or randomness. What’s being discussed is “We have problem x, should x be solved algorithmically by a computer (which may involve a heuristic algorithm or a random algorithm or machine learning which generally implies some degree of both,) or should a human be involved here.” A perfectly cromulent time to use the word.
What sort of aesthetic algorithm would cause a person to value gray text over the more conventional black?
Your use of the word is misleading, maybe even a bit dishonest. “Algorithm” implies a higher level of reliability, a hope that the code will produce a correct result for all possible inputs and will halt. A facial recognition system does not meet any of the criteria that distinguish algorithms from other computer programs.
The canonical textbook on algorithms was written by Prof. Robert Sedgewick, founder and first chairman of the Princeton Computer Science Department. Sedge was a student of mine at Brown. His PhD. advisor at Stanford was Don Knuth. (You use your honorary PhD. to borrow authority, I use my 50 years as a computer scientist and software engineer.) The textbook is available as a PDF here. The first five pages make it clear what an algorithm is and how it differs from a general computer program.
I’ve not seen the word “algorithm” used with the colloquial meaning you ascribe to it anywhere but in headlines and articles in the popular literature. Many of them are by lawyers who know nothing of the field. I don’t think that such a limited use qualifies it as “colloquial.” Moreover, I would like very much to make our field understandable to the educated layman, and your article’s misuse of that word doesn’t help. A facial recognition system will never be an algorithm; the high error rate caused by the physical characteristics of the problem will discourage anyone from trying to make the code sufficiently reliable to meet the definition. You are raising expectations unreasonably. I remember your description of ways to spoof facial recognition quite some time ago in your books, and would note that some of those ways are being used by students in Hong Kong today.
Might I suggest a global replacement of the word “algorithm” (in its various forms) with “software”? I believe that would preserve the meaning you intended.
Then you haven’t been paying attention. It’s used in policy circles, in technological/critical circles (e.g. within the AI Now Institute, or Data & Society). It’s used in course titles and syllabi. It’s used in the names of conferences and in conference sessions.
This is a ridiculous hill to die on. Language has colloquial as well as technical usages. If you want people to “make our field understandable to the educated layman” then you need to meet them where they are, not where you’d like them to be. If one were to go through the linked article or my writeup of it and replace instances of “algorithm” with “heuristic” you not only wouldn’t have something that was more comprehensible to laypeople – you also wouldn’t have something that was more comprehensible to anyone.
How about an on-topic response?
Source code certifications are constant and ever-changing. How about centralizing software labeling and certifications to achieve greater accountability? How about making NIST or HITRUST more than a suggestion?
What we’re seeing is a software and algorithm based takeover of other functions and processes, for which there is no software-based regulations. Since software is doing something in a regulated industry, should it also be regulated? I say yes.
It’s tough to come up with a solid suggestion for how to regulate algorithm use, so I would say a nationwide certification exchange marketplace is in order, where software vendors seeking to publish or use their software on large numbers of users can certify their software against regulatory frameworks. Facebook for example, would then have to have their source code reviewed against communications regulations to validate they’re not breaking laws or inciting riots and what not. Think of the motion detection algorithms in the RING cameras … are they not breaking the laws against video/filming consent of minors if kids walk by? It’s not the neighbor doing the filming, it’s a big company that the saudis invest in. This requires consent does it not?
If a big company wants to use a big algorithm on lots of people, they would have to certify this algorithm as legal before using it is what I would propose.
It’s used in policy circles, in technological/critical circles (e.g. within the AI Now Institute, or Data & Society). It’s used in course titles and syllabi. It’s used in the names of conferences and in conference sessions.
Not in the computer science or software engineering fields, it’s not. Have you ever used “algorithm” this way before this article? If not, why are you taking writing notes from a lawyer?
This is a ridiculous hill to die on. Language has colloquial as well as technical usages. If you want people to “make our field understandable to the educated layman” then you need to meet them where they are, not where you’d like them to be.
Consider the problems we’ve had in the world because the word "theory" means something very different, almost contradictory, to scientists and non-scientists. I think it’s worthwhile to attempt to nip another such dichotomy in the bud.
If one were to go through the linked article or my writeup of it and replace instances of “algorithm” with “heuristic” you not only wouldn’t have something that was more comprehensible to laypeople – you also wouldn’t have something that was more comprehensible to anyone.
I think you may have read what I wrote slightly carelessly. I certainly agree that “heuristic” would be confusing, but I don’t think that “software” would be. “It’s an ordinary word, something found around the house every day.” (Well, our house. My wife wrote the operating system for the Patriot Missile System; I have software sitting in Chryse Planitia on Mars.)
Programs are designed by people but they are meant for tasks which are wholly boring and easy to replicate. Algorithms as applied to problems with significant ambiguity or otherwise undefined parameters are doomed to fail in solving them. At best, you can solve a very small but possibly important set of problems but you can never ever depend on them as a universal solution. It’s wild that SV bros have forgotten this, it’s like all those years in college were wasted. And here I am, the C grade CS undergrad haver explaining all this.
Isn’t it better to let them be judged by their effects instead of the code itself?
I cannot see this regulatory body being able to deal with all the cases it would have to judge.
It will either to be too permissive, taking the company word without any critic, or it will be too strict, for example, if your program is made to share files, does it has enough protection against copyright infringement? Pedophilia? Vengeance pornography? …?
In the end, it will at most work to lock-in the current dominant players against new competitors.
I also wonder how it would deal with code made outside the US.
You can get an uncovered area, where the product works but it is not legal in the US.
How does you deal with those foreign unregulated services? Block them until they conform with the regulations while they can do an uber to force the regulations to capitulate?
It would work at most as a protectionist barrier where most of the cost is imposed on US consumers.
The power imbalance is too big, and without a competitor offering an alternative service it is shifted automatically to the company.
Aren’t you describing a privacy law?
They either don’t exist or are antiquated in the US. Also, think of it this way. When you wanna bottle water or a beverage, you send a sample of it to get tested for poison, annually. Companies that interface with large amounts of people via code should have that code tested for “poison” annually. Sure any regulatory body is going to flounder when reviewing these, but even agencies have the capability to grow, change, transform and adapt and reallocate funding for helping to tame this type of thing.
taxpayer should pony up sometimes, right? No industry is going to regulate itself effectively in present state.
I see it easily becoming as awful as a patent office than a working body.
I’m not from the area, but something that crossed my mind was that it might be exactly the opposite with software.
I know that security by obscurity doesn’t work, but I think it can get worse if the code gets available, specially if it is not available for everyone to test it, and I guess that the NSA would be able to hoard more zero-day bugs this way.
I prefer it being done afterwards, and including some jail time for the c-suite and/or easily dismantling the companies.
Shifting the burden to require an action before the product is on the market looks excessive because I’m not sure if it has to be applied to everything since the potential dangers not always manifest themselves and the worst ones come from unexpected factors.
This topic was automatically closed after 5 days. New replies are no longer allowed.