I went to a Humanity+ networking event at Zero1 Garage in San Jose this week.  It was organized by Humanity+ magazine editor Peter Rothman.  Presentations were given by seminal transhumanist Natasha Vita-More, media artist Jason Wilson, and writer Zoltan Istvan.  I missed the beginning of Vita-More’s talk (which was delivered via Skype) and had a hard time picking up the gist of it, but she seemed to be discussing ways in which people could promote the idea of transhumanism.  She mentioned some books that she recommends: Design of Everyday Things, Art of Innovation, and her own Transhumanist Reader.

I don’t really get the point behind advocating for transhumanism myself.  To me transhumanism is a misnomer.  Humans have always augmented themselves and always will.  To augment is essentially human.  It’s what technology is all about.  I guess one can imagine some significant thresholds where technology has been integrated into our bodies, like pacemakers or artificial hips or something.  Just kidding, a significant threshold would probably be something like the ability to perform Google searches by merely thinking about a query.  But we have crossed similar technology thresholds in the past like language, the written word, and the internet, without feeling the need to come up with new species classifications.  Nonetheless, I’d rather hang out with transhumanists than a bunch of sports fans or something.

I met Peter Rothman a couple of times and he is a cool guy.  He is more cultural than a lot of the computer people one is apt to meet.  I like how he invited Jason Wilson to speak at this event.  I have seen Wilson’s Outer Body Labs at various events like the Singularity Summit or DEF CON.  They provide technology assisted “out of body” experiences by putting you into video goggles that block your normal view of the world but give you a view of yourself transmitted from a nearby camera.  You are basically seeing yourself move around and perform tasks from outside of your body, which I imagine is very disorienting.  Wilson describes the experience as, “breaking the agency of eyesight.”  You can’t control where the camera points, and this helps to put your own subjectivity into perspective.  Given that humans seem better at judging others than judging ourselves, experiencing an outside view of yourself might increase your sense of objectivity.  I plan on heading over to Wilson’s studio one of these days to check it out firsthand.

Following Wilson, Zoltan Istvan gave a talk on his book, The Transhumanist Wager.  I guess it’s about a guy who takes over the world in order to live forever.  I didn’t read it, and from the various book reviews I have found online, I don’t think I will.  Istvan is basically arguing that transhumanists should form cells and start combating religious groups directly.  I’m not kidding; here is an excerpt from his interview with Serious Wonder:

Z: I’m currently creating networks of transhuman activists across America and beyond that will begin systematic confrontations against those that are hostile to life extension and human enhancement science. I plan to use aggressive tactics that will garner media attention for spreading transhumanism. Of course, I’m also using my novel, The Transhumanist Wager, as a tool for how passionate that activism should be …

Now you might be thinking, “Why are you bothering to dig into this madness?”  But the fact is that Istvan doesn’t come across as crazy in person.  I stayed and spoke with him after his presentation.  He is an intelligent and articulate person.  During his talk, Istvan lamented the lack of funding being applied to research into aging.  One hears the same point made at the Health Extension Salon, and this is a good point which I agree with.  Aging research should get more funding.  But Istvan seems to think that confronting religious people is the way to bring that about.  I told him that I don’t think any of the elites controlling policy in this country are actually religious, but he asserted that I am living in a Bay Area bubble.   He thinks the elites in this country are religious, and he pointed to the suppression of stem cell research by the Bush administration as an example of that.

My sense has always been that policy makers use the religious views of the population to craft wedge issues that can be used to distract the public from more important problems and to win elections.  Gay marriage is a good example, and I assume that stem cell research is just an unfortunate casualty of such a strategy.  I don’t believe that Bush or any of the elites running this country hold actual religious beliefs that affect their decision making.  The very idea seems ludicrous.  It seems clear that there is a negative correlation between intelligence and religious belief.  I also assume that that it takes smarts to operate in the ranks of policy makers.

So to me it’s deeply misguided to go picking fights with a bunch of poor, muddled religious folks and try to beat them into submission to their transhumanist overlords.  Because, you know, religious folks are probably more tolerant of dying for their beliefs than rationalists will tend to be.  Just saying.  I’m no activist, but if you want to get funding for life extension, focus on the billionaires that really pull the strings in society.  I’m sure some of those plutocrats would cough up some cash if you could convince them that there was some chance they could benefit directly.  But as I said, I’m not an activist.  People that adopt the technology characterized as transhumanist will simply outcompete those that don’t.  No one can stop this technology from being created.  Bush’s ban on embryonic stem cells might have just pushed more research into adult stem cells (iPSC), and it certainly didn’t stop stem cell progress.

Istvan’s cognitive framework is fraught with inconsistencies.  He’s a big proponent of individual freedom, but then advocates a global law enforcing secular education.  That’s just incoherent from any angle you look at it.  I would expect an individual freedoms guy to go for Sudbury style schooling (free schooling, in which kids teach themselves) or something.  Certainly the top-down, global law approach is inconsistent with individual liberty.  Also this intense advocation for the primacy of the individual offends my embedded cognition sensibilities.  Consider Nicholas Christakis’ work, which shows that human behavior is deeply influenced by the behavior of those around us.  I am sympathetic to those monarchists who point out the shortcomings of decision by committee.  I see that there are some inherent coordination costs that impact group decision making.  But I will still assert that advanced cognition is impossible in the absence of social interaction.  Cognitive agents cannot be formed without social interaction and cannot operate for extended periods of time in isolation.  So it seems that cognition is a network dependent process.

My Less Wrong friends may tell me that this empirical “outside view” is susceptible to the Black Swan effect; you can’t predict a new thing by examining the things you have seen already.  It may be that Artificial General Intelligence (AGI) agents will not be constrained by network limitations and will have a totally different sort of cognition.  Go on Less Wrong and you will find much talk of utility functions.  But there is a wide gulf to cross between the natural language utility function of “maximize paper clips” and the computer code that describes that function and can actually act on it in the real world.  This gulf is only crossed by much handwaving.  I’m not trying to beat up on Yudkowsky et al, I actually like and admire those folks.  I will leave the LW bashing to Alexander Kruel who has some bug in his rear about them.  I just remain unconvinced of the viability of agents that are not network constrained.  Thus, hard individualism is invalid.

Another one of Istvan’s inconsistencies showed itself when he complained that the older generation was holding back progress toward immortality.  Now this strikes me as somewhat ironic.  If immortality is so great, I asked him how he imagined that society would progress in the absence of successive generations.  Istvan declined to speculate about that and made some vague reference to AI changing how progress would occur, which isn’t such a bad cop out.  Sure, AI will do the thinking for us, no problem.  But this very point was brought up by a young woman at a recent East Bay Futurist meetup.  She pointed out that each generation is uniquely positioned to understand the era they matured in.  This is not a concern that I readily dismiss.

It may be true that immortal humans will be more flexible than the crystallized old folks of today.  However, I suspect that they will tend to hold on to core aspects of their identity.  Why live forever if the entity that exists isn’t in some way recognizably you?  A sense of identity is that which we develop over time as we draw a border around what is and is not within ourselves.  It is probably a function of synaptic pruning.  It may be that a society of immortals will be less evolvable and less able to address changing conditions as I discussed previously.  I am sympathetic to the view that AI or Intelligence Amplification (IA) can mitigate this risk, but it’s a real risk posed by immortality that futurists should take into consideration.

I have other problems with Istvan, like the way he holds the radical views of his book at arm’s length, claiming that he doesn’t fully subscribe to the views of his characters.  I would accept that if he was just another fiction author and not promoting the same basic agenda as his book does.  At the end of the day though, Istvan seems like a starry eyed idealist unaware of the political realities of the real world.  This is hard to reconcile with the fact that he is a world traveller and person of action.  Nonetheless, I am glad that I met him because at least it helped me to clarify my own position.  I just hope he doesn’t go triggering some huge public backlash against transhumanists by doing something rash.  Because if that happens, I want the religious police to notice that I have publicly disavowed the word transhumanist many times.  I am just a regular human who likes tools, ok?

I attended Black Hat and DEF CON USA 2013 this year in Las Vegas.  These two computer  security conferences were both founded by hacker Jeff Moss aka The Dark Tangent.  The Dark Tangent sold Black Hat for $14 million in 2005, but retained control of DEF CON.  He chairs the Black Hat conference, sits on the DHS Security Advisory Council, and is the chief security officer for ICANN, so he is pretty hardcore.  Black Hat, owned by UBM, costs thousands to attend and is supposedly more corporate, while DEF CON costs only $180, has cooler badges, and is more, uh, cultural.  This was my second year attending BH/DC, but next year I might skip Black Hat and try out the even more underground security conference, BSides.

Of course, I am no hacker; I am just a sysadmin, but I like to see what hijinks the hackers are up to these days.  Whether we are talking about the builders or the breakers,  hackers are having more and more impact.  Software is eating the world after all.  Look at China siphoning off intellectual property from US companies.  Look at the way hacking has branched out into organized crime.  If Snowden is to be believed, NSA analysts can hack anyone at will.   It’s also sobering to consider the impact that hacking will have on implantable medical devices.¹  If I have learned anything from my interest in computer security, it is that many, if not most, of the electronic systems we rely on today were not designed with security in mind.  (I’m looking at you IP spoofing.)  This is true of internet protocols, industrial control systems, and yes, medical devices as well.

I am a computer consultant, so I do attend these things in that capacity as well, but I won’t bore everyone with how depressing it is to see my poor Windows systems continuing to get pwned by pass-the-hash and other exploits.  STILL!  After all these years.  Ugh!

One of the first talks that I attended was by Matthew Cole, who talked about a case in which the Italians convicted a bunch of CIA agents for kidnapping a Muslim cleric (aka extraordinary rendition) in Italy.  I had never heard of this case or of Cole, but this event from a couple of years ago is relevant today because, ironically, the Italians also used cell phone metadata² to piece together their case against the CIA.  Cell phone metadata is the stuff that the NSA is gathering on each and every one of us Americans right now.  Also, Hezbollah supposedly used metadata analysis to arrest some CIA operatives back in 2011.  So Cole is calling out the CIA for sloppy tradecraft (spying) and failure to learn from past mistakes.  But it’s interesting to see some specific examples of how this supposedly innocuous metadata can be used against Americans.  This whole Third Party Doctrine thing needs to get reigned in.

I noticed that several of the presentations at Black Hat and DEF CON this year focused on machine learning algorithms.  One interesting project called CrowdSource was even funded by DARPA.  Their goal was to apply machine learning to the problem of malware analysis.  As any coder knows, Stack Overflow is one of the most useful forums for finding answers, and the creators of CrowdSource reasoned that malware authors are no different.  So they downloaded Stack Overflow, yes, the entire site, and used it to create semantic mappings between function calls and their natural language descriptions.  They then applied some machine learning math to help them predict just what their decompiled malware was trying to do.  I love this approach.  As the authors point out, it will stay up-to-date as long as Stack Overflow stays relevant, and they can even link back to the relevant Stack Overflow pages to show how conclusions were reached.  Clever.

Another example of machine learning being applied in the computer security domain was presented by Brazilian security expert Alexandre Pinto.  One problem that many companies face in computer security is realizing when they have been hacked.  Gone are the days of flashy hacker vandals making their exploits known to the world.  Malicious actors these days strive for stealth, and it is remarkably difficult to separate their footprints from the riotous chaos that constitutes “normal” network behavior.  Alex Pinto started out by lamenting that these SIEM systems that corporations use to log activity on their networks are incredibly difficult to configure and are remarkably ineffective.³

So Pinto went on sabbatical and started brushing up on machine learning.  He figured that the only way to address this big data problem was to enlist the help of robots.  He whipped up a neat little proof of concept example using a support vector machine to cluster IP addresses in his firewall logs.  This is sort of a trivial example, since IP blacklists are widely available and frontal attacks on firewalls don’t pose as much of a threat as the users with their browsers.  Nonetheless, the technique Pinto demonstrated could be adapted to cluster all manner of logged events on a network.  If he threw in some  heuristics (rules of thumb) such as the  “kill chain” event grouping suggested by John “Four” Flynn at Black Hat last year, it would add some codified human intelligence into the machine learning process and contribute to stronger computer security.

This is interesting because we are starting to see rudimentary AI being publicly discussed in the realm of computer security.  I assume of course that the NSA has had plenty of computer science PhDs working on more advanced AI based computer attacks and defenses for some time.  Yep, attacks.  Where the story gets more interesting is with this presentation at DEF CON by Soen Vanned:

Evolving Exploits Through Genetic Algorithms
SOEN HACKER FOR TEAM VANNED

This talk will discuss the next logical step from dumb fuzzing to breeding exploits via machine learning and evolution. Using genetic algorithms, this talk will take simple SQL exploits and breed them into precision tactical weapons. Stop looking at SQL error messages and carefully crafting injections, let genetic algorithms take over, and create lethal exploits to PWN sites for you!

Genetic algorithms basically try to mimic evolution by interbreeding and mutating potential solutions to evolve the fittest specimens.  In Soen’s case, of course, the “solutions” were SQL injection attack strings used to compromise web applications.⁴

So we have machine learning on the defense side trying to identify and analyze attacks, and we have it on the offense side trying to evolve exploits to bypass signature based filters.  This is starting to look like high frequency trading.  Have we had duelling AI’s going at each other behind the scenes between nation states for years already?  Maybe Peter Rothman is right and the Singularity already happened.

With the recent Snowden revelations, there was much talk about privacy.  Hackers are way ahead of the curve in these matters.  NSA whisteblower William Binney revealed details about NSA spying programs targeting Americans last year at DEF CON 2012.  This year, DEF CON featured a presentation by some folks from Montana who are working on privacy legislation at the state level.  Eric Fulton, a computer security specialist, worked with Montana state representative Daniel Zolnikov to prepare privacy bill HB 400 that ultimately died in a Montana state legislature committee.  But they are not giving up.  This bill was killed a few months prior to the Snowden revelations, so the public was less aware of privacy concerns at that time.  Fulton and Zolnikov plan to revise and break up HB 400 into smaller privacy bills that can be introduced in the future.

Here are the main points of HB 400:

(a) data subjects must be given notice when their personal information is being collected;
(b) personal information may be used only for the purpose stated and not for any other purposes;
(c) personal information may not be collected or disclosed without the data subject’s consent;
(d) personal information that is collected must be kept secure from any potential abuses;
(e) data subjects must be informed as to who is collecting personal information;
(f) data subjects must be allowed to access their personal information and make corrections to any inaccurate data;
(g) data subjects must have a method available to them to hold data collectors accountable for following the principles contained in this section.

These all seem fairly reasonable to me.  Maybe it’s a good idea to have states start enforcing privacy rights.

This question of privacy and who owns your personal data has been on my mind for some time.  Some guy promoting this Open-Source Everything idea gave a rambling, disjointed talk about hacking capitalism which was disappointingly bad.  He reiterated Lanier’s idea that people should own the data they create.  The problem is that most interesting data is created by interacting with services.  So you don’t in fact own your data, because the service providers control it on their servers.  But I would go farther and say you shouldn’t assert full ownership of this data as intellectual property, because it wouldn’t exist without the service you interacted with.  If phone services didn’t exist, phone call metadata wouldn’t exist.  So that’s a problem I hadn’t really thought through before.  Aside from the fact that it’s incredibly difficult to assert ownership of data in the first place, we can’t really claim exclusive ownership of so called “personal” data even in theory.  So we should go create something without using a service and assert ownership of that.

On the other hand, it would be nice to have something akin to privacy continue to exist in this world. Noah Schiffman and Skydog gave a talk called the Dark Arts of OSINT (OSINT = Open Source Intelligence), in which they showed how math can be applied to harvest publicly available data about anyone.  It is really amazing how much can currently be learned about you with only a couple of pieces of information.  SkyDog highlighted some of his favorite tools such as: Maltego, Search Diggity, and even Recorded Future⁵.  Schiffman then went on to lay out the math that can be used to do deep correlation between disconnected sets of information.  He cited the simple example of US Census data:

87% of the US population can be uniquely identified by gender, ZIP code, and full date of birth.

So that’s a tough attack to protect against.  Privacy really is dead.  The only solution that seemed even remotely plausible for maintaining anonymity was to spread misinformation about yourself to increase the noise to signal ratio and make it harder for malicious actors to build a profile of you.  I think Vinge talks about a service to provide this in Rainbow’s End.  Also, some guy at DEF CON told me about a service that is starting up to provide false information to various service providers on your behalf, but I think I lost his card.  I will look into that more.  If anyone knows about a service that does this, please post in comments.

Information systems are becoming more and more important in the real world every day.  Bits are taking control of atoms.  The people that can actually access and control these systems wield incredible power.  Some hackers do sell their work to oppressive governments and criminals.  However, hackers are inherently defiant and unpredictable.  I actually take consolation from this.  If a global information police state does emerge, we can trust that there will always be some hacker out there to throw a wrench in the works.  If for no other reason than the lulz.