Secret sauce and sentencing? Say it isn’t so!

Could you spend a long time in prison due to a software bug and not have the right to examine the software? Possibly.

One of the things that we in technology understand is that we make mistakes, a truth we don’t like to admit to customers.  What happens, however, when a mistake can lead to tragic consequences?

Yesterday’s New York Times reports about a case that the U.S. Supreme Court may soon hear, involving a man who received a six year jail sentence, in part due to a computer program.  The software known as Compas was supposedly developed by Northpointe Inc. (although a search seems to redirect to a Equivant) to provide a risk assessment of a person’s reentry into society.  Such a data-driven analysis is vaguely reminiscent of the movie, Minority Report.  In this case, the defendant Eric L. Loomis was not allowed to examine the software that assessed that he was a significant risk to the community, even though at least one analysis showed that the software may be programmed with some form of racial bias.  The company argues that the algorithm used to make the sentencing recommendation is proprietary, and so should not be subject to review, and that if they release their algorithm to scrutiny they will essentially be giving away their business model, and they may have a point.  Patents on such technology may be flimsy, and they eventually do come to a halt.  To protect themselves, they make use of another legal tool, the trade secret, which has no fixed term of protection.

One can’t say that a mistake is being made in the case of Mr. Loomis, nor can one authoritatively state that the program is formally correct.  The Wisconsin Supreme Court argued creatively that much like college admissions, so long as the software is one input combined with others, the software can be used.  Is it, therefore, any different from a potentially flawed witness giving evidence?  The question here is whether those who wrote the software can be cross-examined, to what extent they may be questioned, and whether the software itself can be examined.  Mr. Loomis argues that to deny his legal team access to the source is a violation of his 14th Amendment right to due process.

We know from recent experience that blind trust in technology, and more precisely, those who create and maintain it, can lead to bad outcomes.  Take for instance the over 20,000 people whose convictions were overturned because a chemist falsified hair analysis results, or other examples where the FBI Crime Lab just flat got it wrong.  Even Brad D. Schimel, the Wisconsin attorney general, conceded before the appeals court that, “The use of risk assessments by sentencing courts is a novel issue, which needs time for further percolation.”  But what about Mr. Loomis and those who may suffer tainted results if there is a software problem?

While the Supreme Court could rule soon on the matter, they will only have very limited avenues, such as permitting or prohibiting its use.  Congress may need to get involved in order to provide other alternatives.  One possibility would be to provide the company some new intellectual property protection, such as an extended patent with additional means of enforcement (e.g., higher penalties against infringement or lower thresholds for discovery) in exchange for releasing the source.  Even if they do, one question would be whether or not defendants could then game the system so as to score better on sentencing.  How great a risk that is we can’t know without knowing what the inputs to the algorithm are.

It is probably not sufficient for the defendant and his legal teams to have access to the source, precisely because more research is needed in this field to validate the models that software like Compas uses.  That can’t happen unless researchers have that access.

Removal of privacy protections harms service providers

Removing privacy protections harms consumer security AND service provider business prospects.

As the media is reporting, the administration has removed privacy protections for American consumers, the idea being that service providers would sell a consumer’s browsing history to those who are interested.  Over time, service providers have looked for new and novel (if not ethical) ways to make money, and this has included such annoyances as so-called “supercookies”.

Why, then, would I claim that removing consumer privacy protections will harm not only consumers, but telecommunications companies as well?

In the new world that is coming at us, our laptops, cell phones, and tablets will be a minority of the devices that make use of our home Internet connection.  The Internet of Things is coming, and will include garage door openers, security systems, baby monitors, stereos, refrigerators, hot water heaters, washing machines, dishwashers, light bulbs, and lots of other devices.  Many of these systems have been shown to have vulnerabilities, and the consumer does not have the expertise to protect these devices.  The natural organization to protect the consumer is the telco.  They have the know-how and ability to scale to vast quantities of consumers, and they are in the path of many of communications, meaning that they are in a position to block unwanted traffic and malware.

The consumer, on the other hand, has to be willing to allow the service provider to protect them.  Why would would consumers do that if they view the service provider as constantly wanting to invade their privacy?  Rather it is important the these companies enjoy the confidence of consumers.  Degrading that confidence in service providers, therefore, is to degrade security.

Some people say to me that consumers should have some choice to use service providers who afford privacy protections.  Unfortunately, such contractual choices have thus far not materialized because of all the small print that such contracts always entail.

What is needed is a common understanding of how consumer information will be used, when it will be exposed, and what is protected.  The protections that were in place went a long way in that direction.  The latest moves reverse that direction and harm security.

Trump and Ryan’s healthcare failure doesn’t mean they will fail in the future

Just because President Trump and and Speaker Ryan lost the Healthcare battle doesn’t mean they’ll lose the coming tax overhaul battle.

Over the last twenty-four hours many people have been talking about who should take the “blame” for the failure of the Republican healthcare bill.  Some say it is President Trump, others say it is Speaker Ryan, others say it is the so-called Freedom Caucus and yet others astonishingly others blame Democrats.  They are all wrong.

It is the American people who did not want the Republican healthcare plan.  According to at least one poll, only 18% of Americans wanted the bill to pass.  Many of the rest of us were vocal in our opposition on the Internet, in town halls, writing letters, and calling our Congresspeople because the bill would directly affect us and those who we love.

The pundits are saying that the failure President Trump’s and Speaker Ryan’s plan will complicate their agenda, moving forward.  They say this because the healthcare plan was supposed to pay for the massive tax overhaul that the president has in mind.  These people who say these things are underestimating both the president and the speaker, and in particular Steve Bannon.

There are two forces in play.  Speaker Ryan and many Republicans want to see the tax system overhauled.  While Speaker Ryan would like to see overhaul come in revenue neutral, when push comes to shove, he will be willing to deficit spend in the short term, and make cuts later, with the logic being that the government has swam in red ink before, and a little more for a bit longer won’t hurt; and that Republicans will eventually stem the bleeding by simply forcing the issue.

Steve Bannon has a different logic.  He would just assume see the government bleed to death.  If destruction of the federal government is brought about faster due to the tax overhaul, that would be more than fine with him.  Those same Republicans in Congress who nearly caused the government to default might play this game.

The reason this is likely to work is that the tax overhaul will be a gigantic give-away, and everyone will make money in the short term.  Nobody will be screaming at Congressmen in town halls.  Nobody will be worried about how this will hurt them personally.

It will be our children and theirs who pay for this policy.

Finding REAL News as Opposed to Fake News

Here are three simple tests to determine whether a site is a trustworthy news outlet. Are there multiple sections? Does it have multiple news bureaus? Does the site post corrections?

The great New York Senator Daniel Patrick Moynihan famously said that everyone is entitled to his own opinion, but not his own facts.  Unfortunately, our democracy is being undermined by a combination of an epidemic of fake news and people being willing to believe the drivel.

What, then, are trustworthy news outlets?  To start with, they have to have paid reporters.  Determining the truth requires investigation with feet on the ground.  It requires document searches, interviews, and research.  That costs money.

Still, a well funded propaganda outfit could pay (or claim to pay) for “reporters”.  How to tell the difference?  Be suspicious of any site is primarily focused on national politics or any single issue.

Here are a three tests to guide someone as to whether a news outlet is likely legitimate for daily consumption.  The tests themselves aren’t perfect, but they’re pretty good.

1. Does the outlet have many news bureaus?

A real newspaper will have at least one regional bureau for the region they are covering, and will often have an additional bureau for a state capital or for Washington.  Fake news sources may not have any bureaus.  A simple test is to type the name of the site and then “news bureaus” into a search engine and examine the results.  Note that a regional paper will tend to have only a few bureaus outside their region.  That’s okay, so long as they stick to news where they have those bureaus and more importantly reporters.

2. Does the outlet have multiple unrelated sections?

Real news sources will have sections such as weather, sports, obituaries, arts, finance, and region, as opposed to just politics.  They may not have all of these sections: for instance, the Wall Street Journal doesn’t have a weather section, but their finance section is unparalleled.

3. Does the outlet ever publish corrections?

Even if the answer to the first two questions is “yes”, no one is perfect.  But a good news outlet will recognize their imperfections and always seek to report the truth, no matter how embarrassing it may be.  A good measure of an outlet’s trustworthiness is how regularly they correct themselves.

Let’s Test

Given these parameters let’s see whether a web site is a good source for news.

Source Multiple Bureaus? Unrelated Sections? Corrections?
The New York Times Multiple, throughout New York, US, and the world NY region, sports, weather, obits, arts Regularly at the bottom of an article online, or in a section in paper.
Fox News Multiple affiliates Sports, weather, numerous regions Not too often.
Breitbart Four bureaus no Very rarely
Wikipedia No Yes (vast) Entries are continually edited
The Daily Caller No No Never
NPR Many regional affiliates along with international bureaus Numerous Regularly online and on radio
The Wall Street Journal Strong presence in financial capitals Finance, Travel, even some Sport Regularly at the bottom of articles
Politico Primarily national, with a few state and international bureaus No Very Rarely

Trust, of course, is not a binary.  That’s why it’s important to get information from multiple sources, maybe not every day, but regularly.  Also, just because something is not marked as a trustworthy news outlet doesn’t mean their lying.  It does however, mean, that they’re something other than a trustworthy news outlet.  A blog, perhaps, or an analysis site.  Wikipedia is an interesting case because nobody gets paid, but the information tends to be reasonably trustworthy (or at least transparent).

All of this doesn’t get people off the hook from using their common sense.  RT would easily pass the above tests, and yet they are a well known and well funded propaganda arm of Vladimir Putin.  Probably not a good news source.  Most blogs aren’t so well funded.

The president made a morally bankrupt decision in banning refugees

Someone asked me on Facebook what my problem was with the “Temporary Ban” that President Trump imposed. I thought I would go into some detail.

What Has Happened?

First, how does the President have this authority in the first place?  Federal law states that he may suspend travel of entire classes of people that he may state and for a period of time such as he may determine.  Here’s what 8 USC § 1182(f) states:

Whenever the President finds that the entry of any aliens or of any class of aliens into the United States would be detrimental to the interests of the United States, he may by proclamation, and for such period as he shall deem necessary, suspend the entry of all aliens or any class of aliens as immigrants or nonimmigrants, or impose on the entry of aliens any restrictions he may deem to be appropriate.

The courts will determine if this is sufficient power, and President Trump’s order does quote other laws.  The key point is that Congress envisioned the need for the president to act quickly.

The meat of the order that has caused all the chaos is as follows:

I hereby proclaim that the immigrant and nonimmigrant entry into the United States of aliens from countries referred to in section 217(a)(12) of the INA, 8 U.S.C. 1187(a)(12), would be detrimental to the interests of the United States, and I hereby suspend entry into the United States, as immigrants and nonimmigrants, of such persons for 90 days from the date of this order (excluding those foreign nationals traveling on diplomatic visas, North Atlantic Treaty Organization visas, C-2 visas for travel to the United Nations, and G-1, G-2, G-3, and G-4 visas).

For clarity,  C-2 and G-1, G-2, G-3, and G-4 visas are used by diplomats and their families (you can find all the visa categories here). In other words, excluding those visas, in the general case, all other non-citizens who hold passports from the seven countries in question are barred from entering the United States, whether they are visitors or resident aliens.

There are a few exceptions:

(g) Notwithstanding a suspension pursuant to subsection (c) of this section or pursuant to a Presidential proclamation described in subsection (e) of this section, the Secretaries of State and Homeland Security may, on a case-by-case basis, and when in the national interest, issue visas or other immigration benefits to nationals of countries for which visas and benefits are otherwise blocked.

This means that the Secretaries of State and Homeland Security can update the rules.  There is no Secretary of State at the moment.  This leaves the Secretary of Homeland Security John Kelly.  This apparently happened over the weekend, according to some reports.

The text of the order then has several references to people fleeing religious persecution, such as the following:

Upon the resumption of USRAP admissions, the Secretary of State, in consultation with the Secretary of Homeland Security, is further directed to make changes, to the extent permitted by law, to prioritize refugee claims made by individuals on the basis of religious-based persecution, provided that the religion of the individual is a minority religion in the individual’s country of nationality.

The majority religion of each of the countries listed in the ban is Islam.  What this rule states is that if you are a woman persecuted for wearing not wearing a head scarf and happen to be Christian or Jewish or Buddhist, you get priority.  If you are Muslim you are out of luck.

I have, then, three objections to the presidential order.

1. Callous Disregard for Human Life

The way it was implemented stranded many people thousands of miles away from their homes and loved ones, and in some cases leaving some who were visiting a foreign country in a position where they would be forcibly returned to a “home” country that would put their lives at risk.  How might this happen? Imagine a man who was born in one of the countries “of concern” (say, Iran) but departed as a political refugee to England.  Then he moved to the United States, because he married an American woman.  His home, his wife, and perhaps children are in the United States.  If he went back to England, or worse, to some other country, last week to visit a sick friend or relative, he would not have permission to return to the United States, and he wouldn’t have permission to remain in the UK.  That means that he would be at risk of being sent back to Iran.  The original order did not take people like this man into account.  Even to this moment, if he does not yet have a green card (that takes a year or two), he would not be able to get back home.  Even at relatively low probabilities of this happening with any one individual, The Law of Large Numbers means that a case like this has almost assuredly happened.  Perhaps many.

2. Made Up Threat

President Trump wasn’t responding to a real threat. The Wall Street Journal (no liberal bastion) analyzed this in depth and found that of  “180 people charged with jihadist terrorism-related crimes or who died before being charged, 11 were identified as being from Syria, Iraq, Iran, Libya, Yemen, Sudan or Somalia”.  Moreover, in the past 24 hours, it’s become clear that the president acted without proper input from his Secretary of Homeland Security. And so, this was, as my friend and columnist Bruce Schneier coined the term years ago, Security Theater.

A decision that has no upside tradeoff that harms others is, by definition, morally bankrupt. I conclude that Trump is therefore morally bankrupt.

3. Religious Bigotry

I wrote at the top that I had three objections. The third objection is that the ban, as written, has the tinge of bigotry, because one religion in particular is disfavored – Islam.

Conclusions

There may be times when we need to suspend travel to the United States in a hurry. Imagine what would happen if there were a rampant and dangerous pandemic. The president needs to have the authority to protect the country in those sorts of circumstances. We need to be able to trust that the president will use his authority in a moral and responsible way. He didn’t do that here. Far from it. In this case he acted in callous disregard for human life.  The president abused his authority.