Why addressing algorithmic bias is the future of cybersecurity
All machine learning is a kind of “program synthesis”—people let the computer write a program instead of writing it themselves. The resulting program isn’t human-readable; it’s an opaque model that maps inputs to outputs. But those models can, in turn, write programs in human-readable languages.
Just as GPT-3 can generate text, modern AI models can and, eventually will write most programs. As modern compilers moved humans from punchcards to Assembly to C to Python, machine learning will provide an even higher-level abstraction: one where you can just describe what you want the program to do.
In the future, machines will mostly do the work we think of today as software engineering. In that future, software engineering as a practice will have mostly to do with specification and evaluation. Specifying the problem domain, seeing how the program works—making the thing, cleaning up the mess. Broadly, design and security.
Algorithmic justice is about to become central to security
Machine learning fairness, accountability, explainability, and transparency6—to borrow Joy Buolamwini’s term, algorithmic justice—is about to become central to security, even when security is defined narrowly as the confidentiality, integrity, and availability of data. Once you expand that definition to include the rich, social contexts of technology use and non-use, it’s clear that the communities like FAccT, CSCW, CHI, and DIS are going to start playing an enormous role in every aspect of (what we today call) “cybersecurity.”
The good news: the communities I listed above are, broadly speaking, way ahead of traditional security communities in centering concepts of diversity, equity, inclusion, and belonging. As these communities bring their rich, situated notions of technical harm to bear on issues in security, I expect it will usher in a new era of socio-technical concern (concerns that span the technological and the social) in the discipline. That will be a wonderful thing.
Also, design and security are deeply entwined. They always have been. Shifts to software engineering may make that more apparent. Work like Diane Freed’s and the Reconfigure Network’s testifies to these communities’ readiness to weave together the threads of specification and evaluation, design and security.
The bad news is: we have a lot of work to do when it comes to training students.
Amplifying algorithmic justice in pedagogy
For students and teachers, we need to radically increase the prominence of machine learning fairness, transparency, and accountability in our curricula. Many technical students learn about ML bias, but how many can tell you whether the algorithm in front of them exhibits an anti-Black or anti-AAPI bias? If we expect students to “clean up the mess” from AI-generated programs, they better understand these issues—not just that they exist but also what to do about them.
Our MLFailures mini-bootcamp was a tiny piece of this puzzle. These labs teach students how to identify and address bias in supervised learning algorithms. Soon-to-be-posted lectures will help contextualize the labs with an introduction to fairness. All of these labs are freely available, and creative-commons licensed—teachers worldwide are welcome to use and modify them.
That work expanded into this practice, which takes pedagogy out of higher education and expands it much more broadly to practitioners across policy, government, industry, nonprofit, and technical practice. Education is paramount in making change—only people who understand algorithmic justice will be able to enact it.
Get in touch
If you're ready to train your organization to handle algorithmic bias (and amplify algorithmic justice), get in touch for a free consultation.