Algorithmic Audits

From SI410
Revision as of 22:18, 6 April 2021 by Nfigue (Talk | contribs) (Reformatted some references)

Jump to: navigation, search

Currently Being Edited


visual of digital law on computer screen, image sourced from Google

Auditing Algorithms: Adding Accountability to Automated Authority is a group of events designed to produce a white paper that will help define and develop the emerging research community for "algorithm auditing." Algorithmic Auditing is a research design that has shown promise in diagnosing the unwanted consequences of algorithmic systems. [1]

Visualization of Algorithmic Audit, Image sourced from Google

Since developers established the internet, it has run on algorithms that most people don't understand; therefore, it can function relatively unchecked. A study conducted by the PEW research center in February of 2021 showed that 85% of adults in the U.S use the internet daily [2].

This behavior represents billions of people worldwide and emphasizes algorithms' persistence in our daily lives, despite the tremendous gap between the usage and the understanding of algorithms[3]. By looking at online platforms as a single entity and analyzing the results they're producing, we can learn more about algorithms and how they affect our society.

Background

The rapid progress that has been present in the tech industry has revolutionized the way humans work, interact, and communicate. A diverse array of practices are integrated into "smart" object applications and available instantaneously. At the core of all these real-time digital services lie algorithms that provide essential functions like sorting, segmentation, personalization, recommendations, and information management[4].

In the last decade, researchers have identified numerous ethical breaches of online platforms and published their findings. Countries worldwide have rolled out their regulations and laws over the years to keep the Internet safe for their citizens. However, the government's efforts do little to limit the international liberties afforded online, including access, anonymity, and privacy. Because technology and algorithms are heavily integrated into humanity, ethical issues arise because algorithms are opaque to public scrutiny and understanding. Since the 2000s, the regulation of algorithms has become a concern to governments worldwide due to its data and privacy implications, and legislation has made progress in essential areas[5].

Additionally, in higher education, computer science and similar degrees have seen an increase in undergraduate and graduate enrollment, proportional to the tech industry's growth[6]. Awareness about algorithms and digital platforms' infrastructure enables the public to identify ethical breaches in these systems' functionality. This awareness has sparked activism for ethics in technology. For example, Joy Buolamwini identifying the bias in facial recognition technologies or SABRE leveraging their recommendation algorithm to place airlines who paid, higher on the recommendation than their competitors[7].

Types of Audits

Code Audit[8]

Visual of code audit from Sandvig, Christian, et al. "Auditing algorithms: Research methods for detecting discrimination on internet platforms." pg 9

These audits use the idea of "Algorithm Transparency," where researchers acquire a copy of the algorithm and vet it for unethical platform behavior. This rarely happens because the program algorithm is considered valuable intellectual property, and tech companies are reluctant to release the code, even to researchers.

A major problem is that the public interest disclosure of just algorithms might be likely to produce serious negative consequences. On many platforms, the algorithm designers constantly operate a game of cat-and-mouse with those who would abuse or “game” their algorithm. These adversaries may themselves be criminals (such as spammers or hackers) and aiding them could conceivably be a greater harm than detecting unfair discrimination in the platform itself.

Noninvasive User Audit [8]

Visualization of code audit from Sandvig, Christian, et al. "Auditing algorithms: Research methods for detecting discrimination on internet platforms." pg 11

An audit where researchers approach users and ask users to share their search queries, results, and other data with them. However, this method is historically unreliable and has a small sample size that is not random, which makes it difficult to infer causality. This audit loses the benefit of any manipulation or random assignment to conditions this is not an experimental design, and it may be quite difficult to infer causality from any particular results. For instance, a finding that a disadvantaged demographic tended to receive search results that are inferior in some way might be the result of a variety of causes.

Scraping Audit [8]

Scraping audit visual from Sandvig, Christian, et al. "Auditing algorithms: Research methods for detecting discrimination on internet platforms." pg 12

In scaping audits, researchers issue repeated queries to a platform, then observe and record the results, employing programs that utilize API data mining and webpage scraping. This is effective because it can gather a large quantity of data that researchers can test. However, it is not ideal because if the audit isn't strictly for research purposes, one could serve 1-10 years in prison for a CFAA violation resulting from this auditing technique. Terms of service also present a problem. While a Terms of Service document on a Website may not have the force of law or even operate as a contract, some scholarly associations have taken the position that Internet researchers must not violate the Terms of Service agreements of Internet platforms, making many the results from designs like this one potentially impossible to publish in some venues.

Sock Puppet Audit [8]

Sock Puppet Audit visual from Sandvig, Christian, et al. "Auditing algorithms: Research methods for detecting discrimination on internet platforms." pg 13

Sock puppet audits essentially use computer programs to impersonate users by creating false accounts. This method effectively investigates sensitive topics in difficult-to-access domains, and sock puppets can investigate features of systems that are not public and penetrate groups that are difficult to pinpoint and acknowledge. A large number of sock puppets are required to derive significant findings from the audit. However, this method is still susceptible to CFAA violations requiring the audit's purpose to be strictly for research.

Collaborative or Crowdsourced Audit [8]

Collaborative or Crowdsourced Audit visual from Sandvig, Christian, et al. "Auditing algorithms: Research methods for detecting discrimination on internet platforms." pg 15

A sock puppet audit and a crowdsourced audit only differ in one respect: in the latter design, the tester is a human. While it seems absurd that it would be illegal to use a computer program to act as a user yet legal to hire a person to act like a computer program, indeed this appears to be the case. The CFAA restrictions on unauthorized use are unlikely to be triggered by a genuine human user interacting with an online platform, especially a platform that accepts new user accounts from anyone on the Internet. A great deal of effort goes into preventing automated use of free Internet platforms by malicious bots and computer programs, and these are expressly prohibited in the Terms of Service given by platform providers. Yet an actual human being who is paid to do something with an Internet platform is unlikely to trigger any of these prohibitions.

An example of this is Amazon's Mechanical Turk which allows a large enough testers group to produce significant results through semi-automated crowdsourcing. The only setback is this audit requires a large budget to pay the participants.

Legislation

Image of CFAA text, sourced from Google

Since the internet became a public commodity, the value of information has increased significantly. The US justice system has seen numerous cases involving digital privacy, ownership, plagiarism, hacking, fraud, and more. In response, laws have developed to categorize and respond to common disputes.[9]

Display of Information[10]

In 1984 USCAB declared that the airline sorting algorithm created by SABRE must be known to participating airlines under the Display of Information in the Code of Federal Regulations. This regulatory provision resulted from a bias identified by airlines using SABRE's software, which involved "screen science." and recommending airlines based on privatized criteria and capital incentives. The airlines noticed that American Airlines received prioritization in SABRE's algorithms search results, which led to an investigation by the USCAB and DOJ.

The Communications Decency Act[11]

Section 230 of the Communications Decency Act states that "No provider or user of an interactive computer service shall be treated as the publisher or speaker of any information provided by another information content provider." This section is one of the most potent active legislative acts concerning the internet and digital communications and one of its defining limitations. This provision protects service providers from the legal implications of removing content deemed obscene or offensive, even of constitutionally protected speech, as long as it is done in good faith.

US Computer Fraud and Abuse Act[12]

The United states CFAA is an act that attaches sentences to digital behaviors deemed illegal or unlawful and has clearly stated the repercussions for committing such an offense.

The Act states: “The CFAA prohibits intentionally accessing a computer without authorization or in excess of authorization but fails to define what ‘without authorization’ means. With harsh penalty schemes and malleable provisions, it has become a tool ripe for abuse and uses against nearly every aspect of computer activity.”

Crime/ Offense Years In Prison
Obtaining National Security Information 10
Accessing a Computer and Obtaining Information 1-5
Trespassing in a Government Computer 1
Accessing a Computer to Defraud and Obtain Value 5
Intentionally Damaging by Knowing Transmission 1-10
Recklessly Damaging by Intentional Access 1-5
Negligently Causing Damage and Loss by Intentional Access 1
Trafficking in Passwords 1
Extortion Involving Computers 5
Attempt and Conspiracy to Commit such an Offense 10

Photo Sharing Law

A law put in place by U.S. Legislation. The Photo Sharing Law outlines the general regulation for photography in the U.S. This resulted from the potential security implications internally and the privacy of citizens. The law mainly outlines these regulations:

  1. Private property is protected and established by the owner of the property, it is illegal to refuse to abide by the owner's requests concerning photographing activity.
  2. Photographing private property from within the public domain is not illegal.
  3. taking pictures of public places objects and structures are legal unless explicitly prohibited.
  4. Outer space requires a license to be issued by the National Oceanic and Atmospheric Administration in advance.
  5. Commercial photography will likely require a permit and proof of insurance.
  6. Photographing accident scenes and law enforcement activities is legal, as long as it doesn't hinder the operations of law enforcement, medical, emergency, or security personnel by filming.
  7. Any filming with the intent of doing unlawful harm against a subject may be a violation of the law in itself.


Ethical Implications

Due to the scale of technology companies, regulation cannot keep pace. As a result, general guidelines and laws for digital interactions. However, as the infrastructure continues to grow, there are new ways for the system to be leveraged in new ways. As a result, Algorithm Audits have become the most efficient way to assess digital platforms and providers' ethical impact on their consumers and users. These Audits have formulated direct ways to check digital platforms and create protections for auditors. However, these methods are difficult to employ and fall short in many areas of regulation. [13]

Research Protections

Because researchers attempting to audit a platform or provider can be targeted by these large tech companies, legislation has been put in place through the CFAA and U.S. Department of Justice to protect the researchers from lawsuits. This resulted from the 2018 court ruling in SANDVIG et al. V. SESSIONS, where four university researchers attempted to scrape information on discrimination in the housing department.

Image of Sadvig Sessions ruling, sourced from Google
SANDVIG et al V. SESSIONS[14]

"On Mar. 27, the United States District Court of D.C. ruled that such actions should not be viewed as criminal under the statute, though it declined to weigh in on whether the professors' conduct would be protected under the First Amendment. Without reaching this constitutional question, the Court concludes that the CFAA does not criminalize mere terms-of-service violations on consumer websites and, thus, that plaintiffs' proposed research plans are not criminal under the CFAA," U.S. District Judge John Bates wrote in his opinion.[15]

Privacy Policies & Anonymity

If attempting to do a code, scraping, or sock puppet audit requires researchers to engage with the digital platform directly. This can be dangerous because technology companies have outlined in their privacy policies restrictions on how users can engage on the forum. Researchers can be flagged for breaking these policies and banned from the platform. This can inhibit researchers' abilities to audit large developed tech companies if they're detected and can lead to lawsuits and further complications when the research is published. These large companies deal with data and can identify a user based on their access point or device metadata, and this can make it hard even to attempt many of the audit types.

References

  1. https://auditingalgorithms.science/?page_id=89#:~:text=Auditing%20Algorithms%3A%20Adding%20Accountability%20to,in%20diagnosing%20the%20unwanted%20consequences
  2. Perrin, Andrew, and Sara Atske. About Three-in-Ten U.S. Adults Say They Are 'ALMOST Constantly' Online. 26 Mar. 2021, www.pewresearch.org/fact-tank/2021/03/26/about-three-in-ten-u-s-adults-say-they-are-almost-constantly-online/.
  3. Sandvig, Christian, et al. "An algorithm audit." Data and Discrimination: Collected Essays. Washington, DC: New America Foundation (2014): 6-10.
  4. Kotras, Baptiste. "Mass personalization: Predictive marketing algorithms and the reshaping of consumer knowledge." Big Data & Society 7.2 (2020): 2053951720951581.
  5. Goldsmith, J. (2007), "Who Controls the Internet? Illusions of a Borderless World", Strategic Direction, Vol. 23 No. 11. https://doi.org/10.1108/sd.2007.05623kae.001
  6. U.S. Department of Education, National Center for Education Statistics, Higher Education General Information Survey (HEGIS), "Degrees and Other Formal Awards Conferred" surveys, 1970-71 through 1985-86; Integrated Postsecondary Education Data System (IPEDS), "Completions Survey" (IPEDS-C:87-99); and IPEDS Fall 2000 through Fall 2011:https://nces.ed.gov/programs/digest/d12/tables/dt12_349.asp
  7. Copeland, D.G., Mason, R.O., and McKenney, J.L. (1995). Sabre: The Development of Information-Based Competence and Execution of Information-Based Competition. IEEE Annals of the History of Computing, vol. 17, no. 3: 30-57.
  8. 8.0 8.1 8.2 8.3 8.4 Sandvig, Christian, et al. "Auditing algorithms: Research methods for detecting discrimination on internet platforms." Data and discrimination: converting critical concerns into productive inquiry 22 (2014): 4349-4357. pg. 9-15
  9. upcounsel (2020). Internet Law: Everything You Need to Know.
  10. Code, U. S. US Code of Federal Regulations.
  11. Ardia, D. S. (2009). Free speech savior or shield for scoundrels: an empirical study of intermediary immunity under Section 230 of the Communications Decency Act. Loy. LAL Rev., 43, 373.
  12. Griffith, D. S. (1990). The computer fraud and abuse act of 1986: a measured response to a growing problem. Vand. L. Rev., 43, 453.
  13. O'neil, C. (2016). Weapons of math destruction: How big data increases inequality and threatens democracy. Crown.
  14. Lee, A. (2019). Online Research and Competition under the CFAA. Available at SSRN 3259701.
  15. https://cases.justia.com/federal/district-courts/district-of-columbia/dcdce/1:2016cv01368/180080/24/0.pdf?ts=1522488415