- From: Adrian Gropper <agropper@healthurl.com>
- Date: Tue, 30 Apr 2024 21:26:05 -0400
- To: Joe Andrieu <joe@legreq.com>
- Cc: Daniel Hardman <daniel.hardman@gmail.com>, Golda Velez <gvelez17@gmail.com>, Drummond Reed <Drummond.Reed@gendigital.com>, Harrison <harrison@spokeo.com>, Manu Sporny <msporny@digitalbazaar.com>, "W3C Credentials CG (Public List)" <public-credentials@w3.org>
- Message-ID: <CANYRo8h7--x7WrGXFWwqV6+UxucDU3UGGkMvyz85FBucj-KcLA@mail.gmail.com>
I completely agree with Joe's framing of the issue. In particular, his final recommendation that we focus on accountability and liability is essential. His final sentence about cryptographic identifiers on the path is also a point of agreement but it's easy for it to be misunderstood as support for "digital identity". In my experience, digital identity has been treated as essential for accountability andI don't think that's helpful. Accountability has to be the focus of our designs and digital identity is interesting primarily to the extent that it enables accountability. Adrian On Tue, Apr 30, 2024 at 8:46 PM Joe Andrieu <joe@legreq.com> wrote: > daniel.hardman@gmail.com wrote: >> >> So, the two tests for which I would want proof during an interaction: >> >> 1. Am I dealing at this particular moment in time with a human or an AI >> agent? >> 2. In either case, whose interests does that human or AI agent represent? >> > > I think this can be reduced to a single question: > 3. Who is legally liable for the actions of the other party in the > interaction? > > If you understand the liability, you'll understand their interests. And if > you know who is liable, do you really care if it's an AI or a live human? > > If I actually know it is a "live" human, the liable party would be that > human (as a starting point: they may be able to shift liability to their > corporation or public role). > > If it's a synthetic entity, then the liable party would be the party who > holds the legal liability for its actions. Right now, most AI efforts fail > to acknowledge this necessary liability. SOMEONE, a legal entity, *will* be > deemed responsible by the courts. It might be the operator, treating it > like a drunk driver who causes an accident. Or it might be the > manufacturer, treating it like the gross negligence of the Ford Pinto, > whose exploding features were deemed Ford's problem. Right now, that's all > up to case law. > > Note: there is no way to answer #1 in any digitally intermediated > environment if the user is complicit. See Dave Longley's paper > https://ieeexplore.ieee.org/document/9031545 You can always proxy the > digital challenges to the complicit party in real-time. > > Without a common physical space within which your own sensors can observe > the alleged human, you can't be certain the respondent isn't just proxying > to the "real party". > > What you can do, however, is "require" the other party to > cryptographically sign an attestation of their legal accountability. It is > reasonable to accept that both individuals and organizations can maintain > keys and use those keys to secure interactions taken on their behalf. IMO, > this is our best option moving forward. > > The hard part is figuring out if it REALLY is a "live" person on the other > side of a digital interaction. If what you want is to avoid the voice mail > automation and deal with a real person... we don't really have a technical > way to prevent that. We are at the point where customer service *will* be > delivered by AI and eventually it will be indistinguishable from > entry-level customer support agents. All we can do is provide evidence that > the party on the other side has a known point of legal recourse. > > If you do... I think the best you can get is either > (1) The other party could satisfy liveness at an in-person proof site and > use a credential generated within a limited time, which would allow its > user-agents to present the party as "living". Then, at least you know that > the other party has proven liveliness recently (could be minutes, but > realistically 'days' is a more likely granularity), and it is the > recentness that gives you confidence it is still true. And you still have > the complicit conspirator problem. > > (2) The party on the other side of the interaction can satisfy a > cryptographic challenge demonstrating their authority to act on behalf of a > specific legal entity, whether human or not. > > What you can't really do anymore is trust the non-cryptographic evidence: > the video, the photo, the voice check. All of these sensor-based "liveness" > checks are merely the front line pawns in an escalating arms race between > AI deep fakes and AI deep fake detectors. > > Unfortunately, AI liveness spoofing has already outstripped the detection > capabilities of modern systems. Positive attestations signed by trustable > parties is likely the only way through the purely digital use case. > > IMO, the good news is that for most of the use cases where you might think > "liveness" helps, especially wrt AI, it is usually not a matter of whether > or not a party in an interaction is human, but rather on whose behalf is > that entity acting? > > In particular, we don't concern ourselves with the separation between our > browser and us when it comes to legal liability when we use the web. What > matters isn't whether or not an action by my user-agent might be perceived > as "me" (it is). When I take actions through my user-agent (the browser), > it is understood by everyone that I'm liable for the actions of the browser > (unless I can prove some other actor misled me about functionality so badly > that it constitutes a hack on my machine such as XSS attacks or bad actor > extensions). > > So, I'd caution about "liveness" and "humanness" checks. They are often > the wrong framing for the social quandary. Instead, I'd recommend finding > the right balance of accountability and liability for actions taken by our > digital agents. Cryptographic identifiers provide a path forward for that. > > -j > > > > <http://www.avg.com/email-signature?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail> > Virus-free.www.avg.com > <http://www.avg.com/email-signature?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail> > <#m_8365566719407305515_DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2> > > On Tue, Apr 30, 2024 at 12:33 PM Daniel Hardman <daniel.hardman@gmail.com> > wrote: > >> Sure, I'm happy to receive github issues. But if people just want to copy >> the general idea and go run with it in different contexts, that is also >> fine with me. What I care about most is figuring out how to socialize the >> idea of face-to-face interactions between ordinary humans being an untapped >> but valuable source of trust. >> >> On Tue, Apr 30, 2024 at 8:31 PM Golda Velez <gvelez17@gmail.com> wrote: >> >>> thanks for pushing this forward in a structured and meaningful way >>> Daniel - how do you want feedback, as github issues? I will share this in >>> my small circles >>> >>> On Mon, Apr 29, 2024 at 11:38 PM Daniel Hardman < >>> daniel.hardman@gmail.com> wrote: >>> >>>> I want to acknowledge Adrian's concern. AI is yet another way that >>>> power imbalances between individuals and institutions could be retrenched, >>>> and we cannot allow institutions to impose "no AI" requirements on ordinary >>>> individuals in unfair ways. I editorialized a while ago about big desks and >>>> little people; I think we share the same concern. >>>> >>>> Having said that, I think it is crucial that we in the identity >>>> community set a standard for clarity in our thinking about the relationship >>>> between the identity of a human and the identity of a proxy for a human. >>>> Precision will matter. Oskar's excellent point is an example. >>>> >>>> I created a schema for what I call "face-to-face" credentials, and I >>>> invite everyone in the community to implement support for these or for >>>> something like them. My writeup about the details is here: >>>> https://github.com/provenant-dev/public-schema/blob/main/face-to-face/index.md >>>> . >>>> >>>> The schema itself is published in JSON Schema format and could be >>>> implemented by any credential technology, You will notice in 2 or 3 places >>>> an assumption that ACDCs are in use, but that is only because of the way I >>>> was trying to facilitate graduated disclosure and chaining, and is a bit >>>> beside the point. >>>> >>>> On Tue, Apr 30, 2024 at 2:15 AM Drummond Reed < >>>> Drummond.Reed@gendigital.com> wrote: >>>> >>>>> Harrison, I like your characterization of a human being able to treat >>>>> an AI agent similar to a real estate agent or an attorney because it points >>>>> how important it is that you, as the person interacting with the agent, >>>>> know unambiguously whose interests the AI agent is representing. >>>>> >>>>> >>>>> >>>>> The key difference (as has already been pointed out in this thread) is >>>>> that interacting with an AI agent may have completely different dynamics >>>>> than interacting with a human agent precisely because it is not a human. >>>>> So, the two tests for which I would want proof during an interaction: >>>>> >>>>> >>>>> >>>>> 1. Am I dealing at this particular moment in time with a human or >>>>> an AI agent? >>>>> 2. In *either* case, whose interests does that human or AI agent >>>>> represent? >>>>> >>>>> >>>>> >>>>> =Drummond >>>>> >>>>> >>>>> >>>>> *From: *Harrison <harrison@spokeo.com> >>>>> *Date: *Monday, April 29, 2024 at 10:01 AM >>>>> *To: *Adrian Gropper <agropper@healthurl.com> >>>>> *Cc: *Drummond Reed <Drummond.Reed@gendigital.com>, Daniel Hardman < >>>>> daniel.hardman@gmail.com>, Manu Sporny <msporny@digitalbazaar.com>, >>>>> W3C Credentials CG (Public List) <public-credentials@w3.org>, Golda >>>>> Velez <gvelez17@gmail.com> >>>>> *Subject: *Re: [EXT] personal AI (was: Meronymity) >>>>> >>>>> Couldn't we treat AI like an agent representing an individual or >>>>> client (like a real estate agent or attorney)? If so, then I think there >>>>> are a lot of existing social norms in regards to how we treat and interact >>>>> with agents. >>>>> >>>>> >>>>> >>>>> Thanks, >>>>> >>>>> >>>>> >>>>> *Harrison Tang* >>>>> CEO >>>>> >>>>> LinkedIn <https://www.linkedin.com/company/spokeo/> • Instagram >>>>> <https://www.instagram.com/spokeo/> • Youtube >>>>> <https://bit.ly/2oh8YPv> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> On Mon, Apr 29, 2024 at 8:22 AM Adrian Gropper <agropper@healthurl.com> >>>>> wrote: >>>>> >>>>> Two people have every right to interact without impersonation. That >>>>> can be enforced through mutual trust and social norms. I think Daniel's >>>>> point falls mostly in this category. >>>>> >>>>> >>>>> >>>>> The issue being raised by Golda and Drummond seems more directed to >>>>> strangers where trust itself is impersonal and institutionally mediated. In >>>>> those cases, I see no role for Proof of Humanity. I don't want any >>>>> corporation to insist on my live attention as long as I'm accountable for >>>>> the outcome. That's a violation of my right to free association and whether >>>>> I delegate to my spouse or my bot is none of their concern as long as I >>>>> remain legally accountable in either case. How to hold me legally >>>>> accountable is a separate issue that has everything to do with biometrics. >>>>> >>>>> >>>>> >>>>> As for my conversations with human or AI delegates of the corporation, >>>>> that's just a matter of branding. >>>>> >>>>> >>>>> >>>>> Adrian >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> On Mon, Apr 29, 2024 at 10:44 AM Drummond Reed < >>>>> Drummond.Reed@gendigital.com> wrote: >>>>> >>>>> “I believe human beings have the right to know whether they are >>>>> interacting with other human beings directly, or merely with a piece of >>>>> technology that's doing another human's bidding and can pass the Turing >>>>> test.” >>>>> >>>>> >>>>> >>>>> Well put, Daniel. That’s the essence of what I was trying to say >>>>> earlier. I think this “right to know” becomes even more important when >>>>> humans are dealing with AI that is acting on behalf of an organization. >>>>> Firstly, because I believe that will be the most common case (we are >>>>> frequently dealing with AI customer service chatbots representing >>>>> organizations today and it drives me nuts when I can’t figure out when I’m >>>>> talking to the AI and when I’m actually dealing with a human). Secondly, >>>>> because knowing whose interest an AI represents—is it a person or an >>>>> organization?—is crucial to addressing the rest of the concerns Daniel >>>>> raises. >>>>> >>>>> >>>>> >>>>> =Drummond >>>>> >>>>> >>>>> >>>>> *From: *Daniel Hardman <daniel.hardman@gmail.com> >>>>> *Date: *Monday, April 29, 2024 at 2:21 AM >>>>> *To: *Adrian Gropper <agropper@healthurl.com> >>>>> *Cc: *Drummond Reed <Drummond.Reed@gendigital.com>, Manu Sporny < >>>>> msporny@digitalbazaar.com>, W3C Credentials CG (Public List) < >>>>> public-credentials@w3.org>, Golda Velez <gvelez17@gmail.com> >>>>> *Subject: *[EXT] personal AI (was: Meronymity) >>>>> >>>>> I feel like we are not yet pondering deeply enough how an AI alters >>>>> the social texture of an interaction. What is an AI's social and emotional >>>>> intelligence, not just its ability to get work done -- and what is the >>>>> social and emotional intelligence of us ordinary humans, vis-a-vis these >>>>> tools? >>>>> >>>>> >>>>> >>>>> Per se, an AI has no human rights and triggers no social obligations >>>>> on the part of those who interact with it. If I hang up the phone on an AI, >>>>> or never respond to their messages, I don't believe I am being rude. And an >>>>> AI has no right to privacy, no right to a fair trial, cannot be the victim >>>>> of doxxing, etc. >>>>> >>>>> However, associating an AI strongly with a human that it represents >>>>> introduces a social quandry that has never existed before, which is how to >>>>> impute rights to the AI because of its association with a human. True, the >>>>> AI has no standing in the social contract that would lead one to respond to >>>>> its messages -- but if that AI represents a real human being, it is in fact >>>>> the human being we are ignoring, not just the AI that does the human's >>>>> bidding. >>>>> >>>>> >>>>> >>>>> Is lying to an AI that does Alice's bidding ethically the same as >>>>> lying to Alice herself? Would it depend on the degree and intent of the >>>>> AI's empowerment? What if Alice terminates her relationship with the AI -- >>>>> does the grievance stay with Alice or with the AI? >>>>> >>>>> If I am a therapist who happens to have a really fabulous AI that can >>>>> conduct remote therapy sessions over chat, is it ethical for me to go on >>>>> vacation and leave my AI to counsel people about their deepest personal >>>>> sorrows and perplexities, without telling them -- even if they can't tell >>>>> the difference? >>>>> >>>>> >>>>> I believe human beings have the right to know whether they are >>>>> interacting with other human beings directly, or merely with a piece of >>>>> technology that's doing another human's bidding and can pass the Turing >>>>> test. This allows interpersonal and social judgments that are crucial to >>>>> how we get along with one another. I am excited about the good that AI can >>>>> do, and about the prospect of personal AIs, but I am categorically opposed >>>>> to hiding the difference between people and AIs. The difference is real, >>>>> and it matters profoundly. >>>>> >>>>> >>>>> >>>>> Alan said: >>>>> > Do we ask for proof of humanity of other software running on behalf >>>>> of a person? What if a personal AI carries out its task using an >>>>> application? Isn't the human who determines what the software, AI or >>>>> otherwise, supposed to do the responsible party? >>>>> >>>>> >>>>> >>>>> Adrian said: >>>>> >The group could not think of a single reason to make a distinction >>>>> between me and an AI that I control as my delegate. To introduce such a >>>>> "CAPTCHA on steroids" is to limit technological enhancement to corporations >>>>> and "others". Will we treat personal technological enhancement the way we >>>>> treat doping in sports? Who would benefit from imposing such a restriction >>>>> on technological enhancement? How would we interpret the human right of >>>>> Freedom of Association and Assembly (Article 20) to exclude open source >>>>> communities creating open source personal AI that an individual can take >>>>> responsibility for? Certifying the vendor, provenance, and training data of >>>>> a personal AI seems like the last thing we would want to do. I hope what >>>>> Drummond is suggesting applies to AI that is not transparent and controlled >>>>> by an individual or a community of individuals in a transparent way. How do >>>>> we see a world where two kinds of AI, personal and "certified" interact? >>>>> >>>>> >>>>> >>>>> Drummond said: >>>>> > Manu has a good point. I have no problem interacting with an AI bot >>>>> as long as I can be sure it’s an AI bot—and ideally if I can check its >>>>> vendor, provenance, trained data sets, etc. >>>>> >>>>> Manu said: >>>>> > Another interesting aspect here is that "the bots" are, probably >>>>> within the next decade, going to legitimately exceed the level of >>>>> expertise of 99.9% of the population on most subjects that could be >>>>> discussed in an online forum. I, for one, welcome our new robot troll >>>>> overlords. :P >>>>> >>>>>
Received on Wednesday, 1 May 2024 01:26:22 UTC