IN THE AGE of big data analytics, the proprietary algorithms web sites use to determine what data to display to visitors have the potential to illegally discriminate against users. This is particularly troublesome when it comes to employment and real estate sites, which could prevent users from having a fair crack at jobs and housing simply by failing to display certain listings to them based on their race or gender.

But four academic researchers who specialize in uncovering algorithmic discrimination say that a decades-old federal anti-hacking statute is preventing them from doing work to detect such discrimination. They say a provision of the Computer Fraud and Abuse Act could be used to criminally prosecute them for research that involves scraping publicly available data from these sites or creating anonymous user accounts on them, if the sites’s terms of service prohibit this activity.

The researchers, along with First Look Media Works, which publishes The Intercept, filed a lawsuit today against the Justice Department, asserting that opening fake profiles to pose as job and housing seekers constitutes speech and expressive activity that is protected under the First Amendment. They further argue that because sites can change their terms of service at any time without informing visitors, this can suddenly turn any speech or activity on the site into a criminal act—a violation, they say, of the Fifth Amendment right to due process, which requires proper notice to the public of what constitutes criminal behavior.

They’re asking the US District Court in the District of Columbia to enjoin the government from enforcing what they say is an unconstitutional provision that prevents them from doing meaningful research.

“Being able to run socially beneficial studies like ours is at the heart of academic freedom,” Christian Sandvig, an associate professor of information and communication studies at the University of Michigan and one of the plaintiffs, said in a statement. “We shouldn’t have to fear prosecution just because we’re doing our jobs.”

The case gets at the heart of what many consider to be a problematic provision in the anti-hacking law. Ordinarily, violations of a site’s terms of service should only allow a site to bring civil action against users who breach those terms. But under the CFAA, federal prosecutors have interpreted terms-of-service violations as exceeding a site’s authorized access, a criminal hacking violation that carries a maximum prison sentence of one year and a fine. Subsequent violations can result in a sentence up to ten years in prison and a fine.

 

The risk of prosecution for violating a site’s terms of service isn’t limited to academics, nor is it theoretical; the government has already done so at least twice. In 2008, federal prosecutors charged a Missouri woman named Lori Drew with three counts of violating the CFAA after she and two others created a fake Myspace profile to bully a classmate of Drew’s daughter, who subsequently committed suicide. Myspace’s user agreement requires registrants to provide factual information about themselves; in creating a fake profile for a nonexistent teenage boy in violation of those terms, federal prosecutors asserted that Drew obtained “unauthorized access” to MySpace’s servers.

The next year, the government prosecuted the owners of the ticket-scalping service Wiseguy Tickets for using a script and botnet to bypass Captcha protections on several ticket-selling sites—in violation of the sites’ terms of service—and purchase concert and sporting event tickets in bulk. The defendants pleaded guilty.

That these prior cases involve bullying and scalping, rather than important academic research, matters little next to the precedent they established for how the government can invoke the CFAA.

Algorithmic Hijinks
The complaint (.pdf) was filed by the American Civil Liberties Union on behalf of First Look, Sandvig, and three other academics: Karrie Karahalios, an associate professor of computer science at the University of Illinois; and Alan Mislove and Christo Wilson, associate and assistant professors of computer science at Northeastern University.

All four academics have a track record in researching algorithms for discrimination. Sandvig and Karahalios were part of a 2014 study looking at how to audit for algorithmic discrimination (.pdf). Mislove and Wilson are part of the Algorithmic Auditing Research Group at Northeastern University and have co-authored several papers about measuring discrimination online. First Look’s interest in the lawsuit stems around the media outlet’s interest in doing similar discrimination research for stories.

 

Web sites often use algorithms to analyze user profile information, web surfing habits—determined through tracking cookies that sites place on the computers of visitors—and other information collected by data brokers from public records, social media sites, and store loyalty programs. The algorithms, which are proprietary and therefore not transparent in how they work, can determine not only the ads a site serves to visitors but can also determine things like the job and housing listings a visitor sees on them. This can lead to discrimination that is illegal under the Fair Housing Act and Title VII of the Civil Rights Act.

“Big data enables behavioral targeting, meaning that websites can steer individuals toward different homes or credit offers or jobs—including based on their membership in a class protected by civil rights laws,” the plaintiffs state in their complaint. Because of this, “[b]ehavioral targeting opens up vast potential for discrimination against marginalized communities, including people of color and other members of protected classes.”

Sandvig and Karahalios are currently researching popular housing and real estate sites like Zillow.com, Trulia.com, Redfin.com, and Homes.com to determine if they offer different property listings to users based on race and other characteristics. Mislove and Wilson are conducting similar research of job sites like Monster.com and CareerBuilder.com to determine if their algorithms assign lower rankings to people based on gender or color. Job recruiting algorithms often rank job seekers for employers based on relevance, which can have an effect on who employers contact and who gets a job. If an algorithm consistently gives certain classes of people a low ranking, this could cause them to miss out on potential jobs.

Similar types of auditing in the offline world has long been considered a critical tool by courts and the government for uncovering racial discrimination in housing and employment practices. Past tests, for example, have consistently found that Caucasian job applicants receive about twice as many callbacks or job offers as African-American ones.

For the online equivalent, researchers must audit algorithms for evidence of discrimination using scripts to scrape publicly available data on the web sites, and create fake user profiles. Sandvig and Karahalios, for example, plan to generate multiple fake user accounts, known as “sock puppets,” that exhibit behavioral characteristics associated with different racial groups to see if the housing sites discriminate against them.

But Zillow.com, Trulia.com, Realtor.com, Redfin.com, Homes.com, and Apartments.com all prohibit scraping in their terms of service, and many of these sites also prohibit users from providing false information. Job sites like LinkedIn, Monster.com, CareerBuilder.com, and TheLadders.com also prohibit this activity, raising the potential for the researchers to be criminally prosecuted.

Chilling Effects
The concern is that by threatening researchers who violate service terms with criminal prosecution, web sites could effectively chill research that helps determine if the web sites themselves are breaking laws. And because it’s the web sites that draft the terms of service, “the recipe for avoiding Fair Housing Act and Title VII liability for algorithmic discrimination is straightforward,” the plaintiffs write. “[M]erely employ terms of service that preclude subsequent speech about such discrimination, and it can continue unchecked.”

Indeed, the plaintiffs say, some web site terms of service specifically require researchers to obtain advance permission to conduct research on their site, making it easy for gatekeepers to refuse access to researchers who might portray the site in a negative light. Other companies include blatant non-disparagement clauses in their terms that prohibit site visitors—including researchers—from speaking negatively about them.

 

“The work of our clients has a clear social benefit and is protected by the First Amendment,” says Esha Bhandari, staff attorney with the ACLU’s Speech, Privacy, and Technology Project. “This law perversely grants businesses that operate online the power to shut down investigations of their practices.”

The plaintiffs say that by delegating power to companies to determine what constitutes criminal conduct, the government has essentially relinquished control of the lawmaking process to private companies, which they say is unconstitutional.

In 2008, that didn’t matter to the jury in Lori Drew’s case. Although they acquitted Drew of the three CFAA felonies with which the government charged her, they convicted her on lesser misdemeanor charges of unauthorized access, setting a dangerous precedent for others who violate a site’s terms of service. US District Judge George Wu served as the voice of reason, however, when he overturned the conviction on grounds that the government’s interpretation of the CFAA was unconstitutionally vague and set a dangerous precedent. The ACLU says that there’s ambiguity as to whether that ruling could have meaningful influence on future cases.

In giving federal authorities the power to criminally prosecute anyone who violated a site’s terms of service, the conviction, if allowed to stand, essentially converted “a multitude of otherwise innocent internet users into misdemeanant criminals,” Wu said.

That danger still looms today. The researchers’ lawsuit aims to change that.

Source:  https://www.wired.com/2016/06/researchers-sue-government-computer-hacking-law/

 

 

 

 

Categorized in Internet Privacy

The future of the internet is at risk from multiple scenarios, and quick action is needed to protect it, says the Internet Governance Commission.The internet has reached a crossroads in its history, and concerted and immediate action is needed to preserve the openness, transparency, security and inclusivity that have made it such an important factor in global social and economic improvement over the past two and a half decades.

This was the key conclusion of the Global Commission on Internet Governance’s final report and recommendations on the future of the internet, One Internet, which was released at the OECD Ministerial Meeting on the Digital Economy in Mexico.Set up two years ago, the commission was chaired by former Swedish prime minister Carl Bildt, and included among its members Wendy Hall, professor of electronics and computer science at the University of Southampton.

Speaking to Computer Weekly at the time of the commission’s launch in 2014, Hall said the internet was finely balanced between “controlled spaces” and “utter anarchy”, and an international approach to governance was vital, hence her decision to join the commission.

“We need to understand what we can expect when it comes to companies and governments accessing our data. The founders of the internet didn’t set it up for governments to gather data on us – that was never the intention, and we must explore this,” she said.

In the wake of the commission’s final report, Hall said the fundamental question that now had to be answered is how to meet the governance challenges the internet creates, without undermining those aspects that make it a powerful platform for social and economic growth around the world.

“The choice of not making a choice is, in itself, a choice – one that could lead to harsh consequences. We risk a world where the internet is closed, insecure and untrustworthy – a world of digital haves and have-nots,” said Hall.

“The action outlined by the report must be taken soon so that we can create an environment of broad, unprecedented progress where everyone can benefit from the power of the internet.”

Bildt added: “The threats to privacy and the risk that the internet will break apart are real.”

“If we want a future where the internet continues to provide opportunities for economic growth, free expression, political equality and social justice then governments, civil society and the private sector must actively choose that future and take the necessary steps to achieve it,” he said.

Recommendations for governments and companies

The One Internet report contained a number of recommendations for both national governments and IT companies.Among the most important of these recommendations are that governments should only intercept, collect and analyse communications data for legitimate, open and legal purposes, which does not include gaining a domestic political advantage, industrial espionage or repression.

Governments should not force the industry to compromise the security of their products through hidden backdoors, and should refrain from making companies their enforcement arms.It also suggested the private sector act to establish a system of transparency reporting that showed what content was being restricted or blocked by state-level actors, and why.

National governments should also collaborate to provide mutual assistance to deter and limit the damage inflicted by cyber attacks, and refuse shelter to those who commission or carry them out. Governments should also collaborate to create a list of off-limits targets.

When it came to the online security of the general public, the commission recommended consumers be free to choose what services they use and be given greater say in how their personal data was used by these services.It added that no user should be excluded from using an online service on the basis that they were worried about their security.

For industry, the commission recommended that the developers of new technologies ensure their creations remain compatible and open standards-based. It also suggested innovators ensure their creations conform to principles of openness to provide a platform for future innovators.

The commission also set out goals around ensuring the internet was as inclusive as possible, saying governments should act to provide public access where possible, do more to improve digital literacy through education in schools and ensure accessibility to disabled people and others more likely to be excluded.

Importantly, the report also suggested that refugees – of whom there are now 65.3 million in the world, according to the United Nations High Commission for Refugees (UNHCR) – be provided with access to the internet by host governments, NGOs, or a combination of both.

It added that the IT sector needed to come together with both governments and wider society to help understand the effects of online algorithms on what content is made available to users online.

Finally, it said, the process of international, multi-stakeholder internet governance should be open to evolution to ensure the ongoing presence of a single, unified internet.“The internet is the most important infrastructure in the world. It is the world’s most powerful engine for social and economic growth. To realise its full potential, the internet of the future must be open, secure, trustworthy and accessible to all,” said Hall.

“The commission has built a roadmap towards ensuring the future of the internet. If the roadmap is adopted, the internet will continue to be civilisation’s most important infrastructure. If the roadmap is ignored, the internet’s power to build a better world will erode. The time to choose is now.”

Source:  http://www.computerweekly.com/news/450298950/Act-now-to-save-the-open-internet-says-Internet-Governance-Commission

Categorized in Internet Privacy

Get Exclusive Research Tips in Your Inbox

Receive Great tips via email, enter your email to Subscribe.
Please wait

airs logo

Association of Internet Research Specialists is the world's leading community for the Internet Research Specialist and provide a Unified Platform that delivers, Education, Training and Certification for Online Research.

Newsletter Subscription

Receive Great tips via email, enter your email to Subscribe.
Please wait

Follow Us on Social Media

Book Your Seat for Webinar GET FREE REGISTRATION FOR MEMBERS ONLY      Register Now