Censorship, ChatGPT, and Baidu

The Wall Street Journal is reporting that Baidu will soon integrate ChatGPT into the company’s chat/search offerings. The company plans, however, to:

limit its chatbot’s outputs in accordance with the state’s censorship rules, one of the people said. OpenAI also applies restrictions to ChatGPT’s outputs in an effort to avoid toxic hate speech and politically sensitive topics.

While I have no doubt that Baidu will impose censorship, I wonder whether researchers will be able to leverage the learning properties of ChatGPT to gain insight into what is censored by Baidu. Side-channel research has been used to reveal how censorship is undertaken by companies operating in China; I’d expect using these AI models will offer yet another way of interrogating their censorship engines.


Doing A Policy-Oriented PhD

Steve Saideman has a good, short, thought on why doing a PhD is rarely a good idea for Canadians who want to get into policy work. Specifically, he writes:

In Canada, alas, there is not that much of a market for policy-oriented PhDs. We don’t have much in the way of think tanks, there are only a few govt jobs that either require PhDs or where the PhD gives one an advantage over an MA, and, the govt does not pay someone more if they have a PhD.

I concur that there are few places, including think tanks or civil society organizations, where you’re likely to find a job if you have a policy-related PhD. Moreover, when you do find one it can be challenging, if not impossible, to find promotion opportunities because the organizations tend to be so small.

That said, I do in fact think that doing a policy-related PhD can sometimes be helpful if you stay pretty applied in your outputs while pursuing your degree. In my case, I spent a lot of time during my PhD on many of the same topics that I still focus on, today, and can command a premium in consulting rates and seniority for other positions because I’ve been doing applied policy work for about 15 years now, inclusive of my time in my PhD. I, also, developed a lot of skills in my PhD—and in particular the ability to ask and assess good questions, know how questions or policy issues had been previously answered and to what effect, and a reflexive or historical thinking capacity I lacked previously—that are all helpful soft skills in actually doing policy work. Moreover, being able to study policy and politics, and basically act as an independent agent for the time of my PhD, meant I had a much better sense of what I thought about issues, why, and how to see them put into practice than I would have gained with just a master’s degree.

Does that mean I’d recommend doing a PhD? Well…no. There are huge opportunity costs you incur in doing them and, also, you can narrow you job market searches by appearing both over-educated and under-qualified. The benefits of holding a PhD tend to become more apparent after a few years in a job as opposed to being helpful in netting that first one out of school.

I don’t regret doing a PhD but, if someone is particularly committed to doing one, I think that they should hurl themselves into it with absolute abandon and treat it as a super-intensive 40-65 hour/week job, and be damn sure that you have a lot of non-academic outputs to prove to a future employer that you understand the world and not just academic journals. It’s hard work, which is sometimes rewarding, and there are arguably different (and less unpleasant) ways of getting to a relatively similar end point. But if someone is so motivated by a hard question that they’d be doing the research and thinking about it, regardless of whether they were in a PhD program? Then they might as well go and get the piece of paper while figuring out the answer.


What is Documentary Photography?

Black Tap Magazine has a helpful article that distinguishes between photojournalism, documentary photography, and street photography. I found it particularly helpful to see the author grapple with the differences (and commonalities) between documentary and street photography, with the former focusing more on projects and potentially posed/non-urban photography, and the latter being cast as more spontaneous and less project-driven. While I think good street photography should be emotive and tell a story over time, I appreciate that the core assertion is that documentary photography must tell (or try to tell) some story, often as a photo set, whereas street photography is not similarly bound by these conditions.


Economic Fundamentals Are Just That: Fundamental

In an opinion piece for the New York Time, Mihir A. Desai writes:

Embracing novelty and ambition in the face of huge problems is to be lauded, but the unhinged variety of these admirable traits that we have seen so much of in recent years is counterproductive. The fundamentals of business have not changed merely because of new technologies or low interest rates. The way to prosper is still by solving problems in new ways that sustainably deliver value to employees, capital providers and customers. Over-promising the scope of change created by technology and the possibilities of business and finance to a new generation will lead only to disaffection as these promises falter.1

A whole generation has seen exploding home prices, outrageous explosions in the costs of education, deeply challenging labour markets, and is facing down ecological catastrophe. These changes have taken place during a time of unprecedented financial gain for an older segment of the economy while the younger generations is, also, being routinely told that it is the first that will generally live a worse life than their parents.

So, in the face of ‘fundamentals’ falling apart a whole range of people—often though not always younger—have sought to find new ways of generating wealth in the face of the exploding challenges to living in Western society. Shockingly, the new companies that depend on exploiting regulatory blind spots to ‘find value’ (or, instead, just act illegally and dare governments to take the time and effort to rule that their operations are illegal) or that offer new lottery-like “currencies” have become popular as ways that may enable younger people to generate wealth and enjoy the (perceived) good life of their parents.

The fundamentals of businesses, and currencies and interest, however are just that: fundamental. The effect, however, is that while the promised wealth-generation opportunities may in fact be dead in the water, the explosion of costs and challenges to younger generations are not. Under-regulated capitalism has, also, become a fundamental of business with the effect that unless new regulations are developed and deployed we can expect further, and ongoing, attempts to evade the fundamentals of business if only so as to overcome the fundamental unfairness of capitalism and its logics of accumulation.

All of which is to say: sure, business fundamentals are just that. But an increasingly desperate and younger population will keep throwing fundamentals to the wind in the face of a business systems that is fundamentally and structurally designed to inhibit that same population from enjoying the Western ideal of the good life.

  1. 1: Emphasis not in original. ↩︎

Social Networks, Social Media, and Design Affordances

Ian Bogost has a good piece in The Atlantic that recalls the trajectory of social networking services and their transformation into social media services. He distinguishes between the two thusly:

The terms social network and social media are used interchangeably now, but they shouldn’t be. A social network is an idle, inactive system—a Rolodex of contacts, a notebook of sales targets, a yearbook of possible soul mates. But social media is active—hyperactive, really—spewing material across those networks instead of leaving them alone until needed.

I’m someone who obtains a vast amount of very valuable information from my social networks. People are always softly pushing information that is relevant to my specific interests, such as by RSS or through private email groups, with just enough extra stuff that I can learn about novel topics or issues. In all of these cases however I make the choice to interact with the content and in a pretty focused way. This approach is perhaps a bit more active than how Bogost frames social networks but is much closer to the earliest days of Web 2.0, prior to the advent of microblogging and image sharing becoming major things in my neck the Internet. Much of this information comes from people I have either strong or intermediate connections with.

Professionally, I have historically found Twitter to be a useful social media platform. I and other experts have used it to surface media and/or opinions that were meant to be helpful in better understandings parts of the world I engage with. This, of course, has changed for the worse in the past 2 months. Broadly, I and other experts have benefitted from the design affordances of the ‘megascale’ of Twitter.

Most social media, however, holds little or no value to me.1 And perhaps most dangerously even Twitter has the effect of sharpening language (gotta keep within those character or thread limits!) while also making it much harder, if not impossible, to find useful contributions at a later date in time. As experts have moved to Twitter and away from long-term content storage repositories (e.g., blogs, opinion articles, etc) their expertise has the effect of appearing briefly and then being lost to themselves as well as future audiences. Broadly, then, one question is what is the role of social media for professionals and experts who have a public communication role to their careers?

There is also some real value in social media platforms that move content quite quickly. I know for a fact that Twitter, as an example, is regularly useful for foreign policy observers who are trying to determine what is happening around the world. These observers are taking advantage of weak ties to obtain otherwise difficult to find information. Twitter is, also, helpful for crowdsourcing in the case of disasters. At the same time these networks can be, and have been, and are being used for harmful purposes. This includes targeted harassment, government abuse, and more. We often hear about these latter ills and, in response, some wish that very different or slower social media platforms existed on the presumption that they would reduce the harm while still enabling the good platforms. This is perhaps best captured by Bogost’s earlier article, “People Aren’t Meant to Talk This Much,” where he writes:

Imagine if access and reach were limited too: mechanically rather than juridically, by default? What if, for example, you could post to Facebook only once a day, or week, or month? Or only to a certain number of people? Or what if, after an hour or a day, the post expired, Snapchat style? Or, after a certain number of views, or when it reached a certain geographic distance from its origins, it self-destructed? That wouldn’t stop bad actors from being bad, but it would reduce their ability to exude that badness into the public sphere.

However, in assessing the properties of networks/media systems designers should consider the respective technologies’ affordances and what they, and their users, really want or need. I don’t subscribe to the position that Twitter is Evil™ or that a ‘new Twitter’ needs to do away with all the affordances of the current platform.

Real good has come from the ability of different parties to exploit or benefit from virality. But that virality is not something that all persons should have to deal with if they don’t want to, and users of viral-enabled platforms should be protected by rigorous trust and safety policies and teams. (Twitter is clearly moving away from their already-insufficient efforts to protect their users and, so, any replacement virality-platform should start with trust and safety as a top priority ahead of almost anything else.)

The ‘solution’ to the ills of social media shouldn’t be to wistfully look back to the earliest era of Web 2.0, or the last breaths of Web 1.0, and say that we should be restricted to tool and service equivalents of those times. Social technologies should not be permanently halted in the time and template of Livejournal, Orkut, Google+, or Blogger.

First, because we enjoy a lot of modern affordances in our technology and likely won’t want to abandon them!

Second, because such call-backs are often to times when the social networks were far less diverse than the social media platforms today. We should be wary of seeking the civility of the past on the basis that much of that same perceived civility was premised on the exclusive and privileged nature of the social networks.

Third, it’s important for any and all who look for different social networks or social media platforms to recognize that the affordances they are seeking may not be the affordances that everyone is seeking. To use Twitter as just one example we regularly hear about how the platform is used by its Western users but comparatively little about how it’s used by Japanese users, who have prolifically adopted the platform. We should not over generalise our own experiences (or issues with) platforms and should instead adopt a more inclusive approach to understanding the benefits and drawbacks of a given platform’s affordances and capabilities.

I think that when imagining the ‘next’ iteration of social networks and social media it’s helpful to recognize that different kinds of networks will serve different functions. Not everything needs to operate at megascale. Also, though, we should learn lessons from the current social media platforms and design affordances that provide individuals and groups with the ability to express control over how their networks and media can be used. Tim Bray offers some of those suggestions in his proposals for updating Mastodon. Key, to my eye, are that content-licensing should be a default thing that is considered with code (and, unstated, law) being used to reinforce how individuals and communities permit their information to be accessed, used, collected, or disclosed.

We’re in the middle of yet another reflection period about what role(s) should social networks and social media play in Western society, as well as more generally around the world. Regulatory efforts are moving along and laws are being passed to rein in perceived issues linked with the companies operating the various networks. But there’s also real appetite to assess what should, and shouldn’t, be possible writ large on the contemporary and future social networks and social media platforms. We should lean into this in inclusive ways to develop the best possible policy. Doing anything else means we’ll just keep having the same debate ad infinitum.

  1. There’s lots of broader value: it can be useful economically for some individuals, enable speech outlets that are otherwise denied to individuals who are historically discriminated against, and serve as a medium for creative expression. ↩︎

Cybersecurity and White Labelled Android Devices

Trend Micro has a nice short piece on the challenges of assessing the security properties of various components of Android devices. In short, white labelling incentivizes device manufacturers to invest the least amount possible in what they’re building for the brands that will sell devices to consumers. Trend Micro included this very nice little mention on the shenanigans that firmware developers can get up to:

Firmware developers supplying the OEM might agree to provide the software at a lower cost because they can compensate the lost profit through questionable means, for example by discreetly pre-installing apps from other app developers for a fee. There is a whole market built around this bundling service with prices ranging from 1 to 10 Chinese yuan (approximately US$0.14 to US$1.37 as of this writing) per application per device. This is where the risk is: As long as the firmware, packaged apps, and update mechanisms of the device are not owned, controlled, or audited by the smartphone brand itself, a rogue supplier can hide unauthorized code therein.1

While the authors suggest a range of policy options, from SBOMs to placing requirements on device transparency before administrators ‘trust’ devices, I’m not confident of these suggestions’ efficacy when taking a broader look at who principally uses white labelled devices. There are economics at play: should all devices have increased input costs associated with greater traceability and accountability then it will place financial pressures on the individuals in society who are most likely to be purchasing these devices. I doubt that upper-middle class individuals will be particularly affected by restricting the availability of many white labelled Android devices but such restrictions would almost certainly have disproportionate impacts on less affluent members of society or those who are, by necessity, price conscious. Should these individuals have to pay more for the computing power that they may depend on for a wide range of tasks—and in excess of how more affluent members of society use their devices?

Security has long been a property that individuals with more money can more easily ‘acquire’, and those who are less affluent have been less able to possess similar quantities or qualities of security in the services and products that they own. I understand and appreciate (and want to agree with) the Trend Micro analysts on how to alleviate some of the worse security properties associated with white labelled devices but it seems as though any such calculation needs to undertake a broader intersectional analysis. It’s possible that at the conclusion of such an analysis you still arrive at similar security-related concerns but would, also, include a number of structural social change policy prescriptions as preconditions that must be met before heightened security can be made more equitably available to more members of society.

  1. Emphasis added. ↩︎

Postal Interception Coming to Canada?

The Canadian Senate is debating Bill S-256, ‌An Act to amend the Canada Post Corporation Act (seizure) and to make related amendments to other Acts. The relevant elements of the speech include:

Under the amendment to the Customs Act, a shipment entering Canada may be subject to inspection by border services officers if they have reason to suspect that its contents are prohibited from being imported into Canada. If this is the case, the shipment, whether a package or an envelope, may be seized. However, an envelope mailed in Canada to someone who resides at a Canadian address cannot be opened by the police or even by a postal inspector.

To summarize, nothing in the course of the post in Canada is liable to demand, seizure, detention or retention, except if a specific legal exception exists in the Canada Post Corporation Act or in one of the three laws I referenced. However, items in the mail can be inspected by a postal inspector, but if it is a letter, the inspector cannot open it to complete the inspection.

Thus, a police officer who has reasonable grounds to suspect that an item in the mail contains an illegal drug or a handgun cannot be authorized, pursuant to a warrant issued by a judge, to intercept and seize an item until it is delivered to the addressee or returned to the sender. I am told that letters containing drugs have no return address.

The Canadian Association of Chiefs of Police, in 2015, raised this very issue (.pdf). They recognised “that search and seizure authorities granted to law enforcement personnel under the Criminal Code of Canada or other criminal law authorities are overridden by the [Canada Post Corporation Act], giving law enforcement no authority to seize, detain or retain parcels or letters while they are in the course of mail and under Canada Post’s control.” The result was the Association was resolved:

that the Canadian Association of Chiefs of Police requests the Government of Canada to amend the Canada Post Corporation Act to provide police, for the purpose of intercepting contraband, with the ability to obtain judicial authorization to seize, detain or retain parcels or letters while they are in the course of mail and under Canada Post’s control.

It would seem as though, should Bill S-256 pass into law, that seven or eight years later some fairly impressive new powers that contrast with decades of mail privacy precedent may come undone.


Who Benefits from 5G?

The Financial Times (FT) ran a somewhat mixed piece on the future of 5G. The thesis is that telecom operators are anxious to realise the financial benefits of 5G deployments but, at the same time, these benefits were always expected to come in the forthcoming years; there was little, if any, expectation that financial benefits would happen immediately as the next-generation infrastructures were deployed.

The article correctly notes that consumers are skeptical of the benefits of 5G while, also, concluding by correctly stating that 5G was really always about the benefits that 5G Standalone will have for businesses. This is, frankly, a not great piece in terms of editing insofar as it combines two relatively distinct things without doing so in a particularly clear way.

5G Extended relies on existing 4G infrastructures. While there are theoretically faster speeds available to consumers, along with a tripartite spectrum band segmentation that can be used,1 most consumers won’t directly realise the benefits. One group that may, however, benefit (and that was not addressed at all in this piece) are rural customers. Opening up the lower-frequency spectrum blocks will allow 5G signals to travel farther with the benefit significantly accruing to those who cannot receive new copper, coax, or fibre lines. This said, I tend to agree with the article that most of the benefits of 5G haven’t, and won’t, be directly realised by individual mobile subscribers in the near future.2

5G Standalone is really where 5G will theoretically come alive. It’s, also, going to require a whole new way of designing and securing networks. At least as of a year or so ago, China was a global leader here but largely because they had comparatively poor 4G penetration and so had sought to leapfrog to 5G SA.3 This said, American bans on semiconductors to Chinese telecoms vendors, such as Huawei and ZTE, have definitely had a negative effect on the China’s ability to more fully deploy 5G SA.

In the Canadian case we can see investments by our major telecoms into 5G SA applications. Telus, Rogers, and Bell are all pouring money into technology clusters and universities. The goal isn’t to learn how much faster consumers’ phones or tablets can download data (though new algorithms to better manage/route/compress data are always under research) but, instead, to learn how how to take advantage of the more advanced business-to-business features of 5G. That’s where the money is, though the question will remain as to how well telecom carriers will be able to rent seek on those features when they already make money providing bandwidth and services to businesses paying for telecom products.

  1. Not all countries, however, are allocating the third, high-frequency, band on the basis that its utility remains in doubt. ↩︎
  2. Incidentally: it generally just takes a long, long time to deploy networks. 4G still isn’t reliably available across all of Canada, such as in populated rural parts of Canada. This delay meaningfully impedes the ability of farmers, as an example, to adopt smart technologies that would reduce the costs associated with farm and crop management and which could, simultaneously, enable more efficient crop yields. ↩︎
  3. Western telecoms, by comparison, want to extend the life of the capital assets they purchased/deployed around their 4G infrastructures and so prefer to go the 5G Extended route to start their 5G upgrade path. ↩︎

Generalist Policing Models Remain Problematic

From the New York Time’s opinion section, this piece on“Why the F.B.I. Is so far behind on cybercrime?” reinforces the position that American law enforcement is stymied in investigating cybercrimes because:

…it lacks enough agents with advanced computer skills. It has not recruited as many of these people as it needs, and those it has hired often don’t stay long. Its deeply ingrained cultural standards, some dating to the bureau’s first director, J. Edgar Hoover, have prevented it from getting the right talent.

Emblematic of an organization stuck in the past is the F.B.I.’s longstanding expectation that agents should be able to do “any job, anywhere.” While other global law enforcement agencies have snatched up computer scientists, the F.B.I. tried to turn existing agents with no computer backgrounds into digital specialists, clinging to the “any job” mantra. It may be possible to turn an agent whose background is in accounting into a first-rate gang investigator, but it’s a lot harder to turn that same agent into a top-flight computer scientist.

The “any job” mantra also hinders recruitment. People who have spent years becoming computer experts may have little interest in pivoting to another assignment. Many may lack the aptitude for — or feel uneasy with — traditional law enforcement expectations, such as being in top physical fitness, handling a deadly force scenario or even interacting with the public.

This very same issue plagues the RCMP, which also has a generalist model that discourages or hinders specialization. While we do see better business practices in, say, France, with an increasing LEA capacity to pursue cybercrime, we’re not yet seeing North American federal governments overhaul their own policing services.1

Similarly, the FBI is suffering from an ‘arrest’ culture:

The F.B.I.’s emphasis on arrests, which are especially hard to come by in ransomware cases, similarly reflects its outdated approach to cybercrime. In the bureau, prestige often springs from being a successful trial agent, working on cases that result in indictments and convictions that make the news. But ransomware cases, by their nature, are long and complex, with a low likelihood of arrest. Even when suspects are identified, arresting them is nearly impossible if they’re located in countries that don’t have extradition agreements with the United States.

In the Canadian context, not only is pursuing to arrest a problem due to jurisdiction, the complexity of cases can mean an officer spends huge amounts of time on a computer, and not out in the field ‘doing the work’ of their colleagues who are not cyber-focused. This perception of just ‘playing games’ or ‘surfing social media’ can sometimes lead to challenges between cyber investigators and older-school leaders.2 And, making things even more challenging is that the resources to train to detect and pursue Child Sexual Abuse Material (CSAM) are relatively plentiful, whereas economic and non-CSAM investigations tend to be severely under resourced.

Though there is some hope coming for Canadian investigators, by way of CLOUD agreements between the Canadian and American governments, and the updates to the Cybercrime Convention, both will require updates to criminal law as well as potentially provincial privacy laws to empower LEAs with expanded powers. And, even with access to more American data that enables investigations this will not solve the arrest challenges when criminals are operating out of non-extradition countries.

It remains to be seen whether an expanded capacity to issue warrants to American providers will reduce some of the Canadian need for specialized training to investigate more rudimentary cyber-related crimes or if, instead, it will have a minimum effect overall.

  1. This is also generally true to provincial and municipal services as well. ↩︎
  2. Fortunately this is a less common issue, today, than a decade ago. ↩︎

National Security Means What, Again?

There have been any number of concerns about Elon Musk’s behaviour, and especially in the recent weeks and months. This has led some commentators to warn that his purchase of Twitter may raise national security risks. Gill and Lehrich try to make this argument in their article, “Elon Musk Owning Twitter is A National Security Threat.” They give three reasons:

First, Musk is allegedly in communication with foreign actors – including senior officials in the Kremlin and Chinese Communist Party – who could use his acquisition of Twitter to undermine American national security.

Will Musk’s foreign investors have influence over Twitter’s content moderation policies? Will the Chinese exploit their significant leverage over Musk to demand he censor criticism of the CCP, or turn the dials up for posts that sow distrust in democracy?

Finally, it’s not just America’s information ecosystem that’s at stake, it’s also the private data of American citizens.

It’s worth noting that at no point do the authors provide a definition for ‘national security’, which causes the reader to have to guess what they likely mean. More broadly, in journalistic and opinion circle communities there is a curious–and increasingly common–conjoining of national security and information security. The authors themselves make this link in the kicker paragraph of their article, when they write

It is imperative that American leaders fully understand Musk’s motives, financing, and loyalties amidst his bid to acquire Twitter – especially given the high-stakes geopolitical reality we are living in now. The fate of American national security and our information ecosystem hang in the balance.1

Information security, generally, is focused on dangers which are associated with true or false information being disseminated across a population. It is distinguished from cyber security, and which is typically focused on the digital security protocols and practices that are designed to reduce technical computer vulnerabilities. Whereas the former focuses on a public’s mind the latter attends to how their digital and physical systems are hardened from being technically exploited.

Western governments have historically resisted authoritarian governments attempts to link the concepts of information security and cyber security. The reason is that authoritarian governments want to establish international principles and norms, whereby it becomes appropriate for governments to control the information which is made available to their publics under the guise of promoting ‘cyber security’. Democratic countries that emphasise the importance of intellectual freedom, freedom of religion, freedom of assembly, and other core rights have historically been opposed to promoting information security norms.

At the same time, misinformation and disinformation have become increasingly popular areas of study and commentary, especially following Donald Trump’s election as POTUS. And, in countries like the United States, Trump’s adoption of lies and misinformation was often cast as a national security issue: correct information should be communicated, and efforts to intentionally communicate false information should be blocked, prohibited, or prevented from massively circulating.

Obviously Trump’s language, actions, and behaviours were incredibly destabilising and abominable for an American president. And his presence on the world stage arguably emboldened many authoritarians around the world. But there is a real risk in using terms like ‘national security’ without definition, especially when the application of ‘national security’ starts to stray into the domain of what could be considered information security. Specifically, as everything becomes ‘national security’ it is possible for authoritarian governments to adopt the language of Western governments and intellectuals, and assert that they too are focused on ‘national security’ whereas, in fact, these authoritarian governments are using the term to justify their own censorious activities.

Now, does this mean that if we are more careful in the West about our use of language that authoritarian governments will become less censorious? No. But being more careful and thoughtful in our language, public argumentation, and positioning of our policy statements we may at least prevent those authoritarian governments from using our discourse as a justification for their own activities. We should, then, be careful and precise in what we say to avoid giving a fig leaf of cover to authoritarian activities.

And that will start by parties who use terms like ‘national security’ clearly defining what they mean, such that it is clear how national security is different from informational security. Unless, of course, authors and thinkers are in fact leaning into the conceptual apparatus of repressive governments in an effort to save democratic governance. For any author who thinks such a move is wise, however, I must admit that I harbour strong doubts of the efficacy or utility of such attempts.

  1. Emphasis not in original. ↩︎