 All right, thanks, everyone, for waiting. Next up, we have Lauren on regulating AI and algorithms. Everybody, please give him a warm round of applause. Thank you, everybody. OK, this is all working now. That's excellent. So I'll quickly talk about myself before going into the talk. This is not just to tell you what I do, but to also kind of give a bit of context to what I'll be talking about. So I'm the cybersecurity fellow at the Center for Global Legal Challenges at Yale Law School. Things I do, not law. I do research to trust assurance evaluation. I deal with a lot of network analysis stuff. I did research into standard and regulation when it comes to IT security. And before I even finished high school, I worked as a system administrator and architect. So that's where I come from right now. I also do a lot of stuff with the DNS and ICANN. And at law school, I co-teach a course that helps lawyers understand technology by literally teaching them technical stuff. We pick them up at kind of a terminal interface and kind of lead them through a lot of security relevant topics. For this talk, this is why I kind of put this in here. I come from the perspective I just told you about. So I'm not an AI machine learning person in that I really work on developing algorithms or something like that. So my perspective is more that of someone who has built systems in the past and has done research into how we try to regulate security, standardize security, and mostly failing at doing so. Quick introduction. I don't think much is needed in this room. There's a lot of hype around machine learning, AI, et cetera. But something I'll just call automated decision making to get around the what is AI, what is not AI problem, is gaining importance. So there's a ton of stuff that's happening in the world where we use systems to help us. Identify, say, people walking in a certain direction, finding lumps when we do CT scans. And some of these systems are better at that than human professionals. So clearly, these systems can be extremely useful. On the other hand, we lack accountability. So a lot of stuff is run. There is very little oversight, very little insight into what's going on. It's for society, for regulators, et cetera, et cetera. It's a black box, as a lot of other things are too. But essentially, input, magic, output. No idea what happened in the middle. So we see calls for comprehensive regulation. So this has to be reined in. We need to make sure this is all dealt with appropriately. But from what I've done in the past research-wise, just regulating is not a solution and might lead to really bad outcomes. So just think about the lovely term compliance culture where you set up certain baselines, let's say, emissions, where it's like, oh, yeah, you have to go around that track and then be below that output. Well, the problem is, manufacturers will find a way to go around that track and stay under that CO2 output. For example, because the car notices, it is being tested. So yeah, that is a problem. So more generally, kind of going back to my research rate, why do we have this governance problem? So standard safety regulation in particular in the past has always been about reduced complexity, increased predictability. So this is how we dealt with deaths on the railways. We just make sure everything is very uniform. We define how interactions between people and systems work. And so you can make sure that the universe of cases you need to consider is being reduced considerably. And number one is if you think about air travel, we kind of do the same thing. We define rules on how pilots and ATC communicate with each other, how they read things back to each other, et cetera, et cetera. Now, both trains and air traffic are extremely complicated projects. So locomotive, I don't want to fix one. I don't think you want to either. However, what we were good at doing was to reduce the networked complexity of these systems. So if I control a train, I only look at a few key elements of that system. If I'm an ATC controller, same thing. If it's a Boeing 737 or an Airbus A320, if I tell them where to go, it doesn't really matter to me that much. So it is more predictable. I have reduced the issues I have. We do similar stuff when it comes to IT. We define protocols, TCP, IP, stuff like that. Try to reduce what's going on. However, if we go into IT and also AI solutions, this doesn't work as well anymore because we just take a complex thing and then plug it into a lot of other complex things to achieve very, very different goals. So that means AI uniformity goes away. And this also means our objectives change. So if I code something up for my own research to do some graph data analysis, I have very different objectives and also other risks than when I kind of do what I do in my other life, which is to build systems that actually deal with things like PII and PHI. Even though I might use the exact same building blocks to do that. So this kind of goes back to what I was saying about the complexity of the entity versus the complexity of the interaction. So we can have a very complex entity, but we can make sure that it's only used in a very specific way. And that means in IT security, our requirements and objectives become contingent. Depends on what we're doing. And as I already alluded to, this could have to do with our use. This could have to do with how we implement, with where we integrate it into a larger system, what our architecture is. So to give some examples here, talking about technical systems, this includes AI, machine learning, et cetera, is it assisted or unassisted for example? Is this something I just use in addition to a human professional? Or does this have an input into, for example, which human professional is called to help you in a hospital setting? So essentially, is there someone in the loop or not? Is this to support decisions or making quasi-final decisions? When it comes to that, we also have to consider that research already shows that if you have an expert system of some sort, we are extremely likely to take that for granted, maybe adjusting things a little bit, but we usually go with what comes out and what is displayed on our screen. So how do we try to deal with our security objectives in IT security? So predominantly we have two things, right? High level rather general, or we go extremely specific. So I have some examples here, right? So we have the ISO 2700X family, we have something like common criteria, which is here for a reason I'll talk about in the next slide. We have vendor certification, so it's very specific. What can you do, right? You can set up this firewall, you can do X, you can do Y, or we have something like the CISSP, which is like ocean wide and roughly that deep. So they tell you about everything, but about nothing in depth. And what's the problem with this? Right now when we look at security, the high level stuff is flexible. So with ISO you start with the risk analysis of your whole organization. That's really complex and really involves a lot of thinking, involves a lot of expertise, that's necessary to actually do that. And then say you have your AI or machine learning system somewhere in that structure, that's pretty tough to figure things out. We have specific approaches for certain things, formal verification comes to mind, and they can be extremely helpful, but you have the inverse problem. As we all know, it's usually the implementation that's the problem, not the standard per se, right? So it's just, oh, you have an HSM, that's great, but then you do a few things that are not exactly ideal and then, well, it doesn't actually help you that this thing really has been designed well. And what's kind of missing is the major level goals and standards. So kind of something in the middle that supports professionals, at least according to my research. So with that background, right? So as I kind of described, I feel that AI and machine learning are pretty similar to security in a lot of ways, right? So they're objectives, they're use, how they're put into an architecture or a larger system, it's always contingent, there are a lot of complexities involved, and a little change can lead to, an extreme difference in how something would be seen. So I guess the first issue is how do we define objectives? So if we go back to, let's say, an airplane, and if there are any aerospace enthusiasts, please excuse my simplification of the complex matter of air travel. But if you look at a plane, we essentially say, well, okay, it should take off, it should stay in the air, even if there's a storm, and most of all, come back down in one piece. And if possible, with everyone alive. So, you know, hard to achieve, maybe, but simple objective. When it comes to like AI and machine learning, it becomes a bit more difficult. What do we wanna get out of a system? How, what are our risks? And which are the risks that we really need to mitigate? But I think generally we see the issue that we first have to think about, okay, what do we actually wanna define as objectives? What's our starting point here? And we might end up with this similar thing where we have like the high level goals resting on top, okay? We don't want discrimination, but then obviously the question becomes, what is discrimination? What does it mean? How do I, as someone who's trying to build a system, deal with such, you know, high level concepts? We might, again, have in-depth technical requirements, right? Where we just know, okay, doing X is a really bad idea as we have demonstrated, so that's why we do Y instead. And the question is, will we also arrive at a point where we can actually support practitioners who kind of work in the middle, who kind of have to integrate this stuff into a larger system? So as you've seen, this talk was asking a lot of questions. I am an empirical person usually, so I usually communicate findings. And this one was much more about, okay, these are some questions that come up. I'm obviously not sure how to solve them. So this final slide, I'll talk a bit about what might happen, what might not happen, and what I think the issue space is here. So essentially the question is, is this network complexity, as I call it, too high in the space of AI and machine learning so that we will never arrive at a point where we can define clearly sets of requirements or objectives? And the next question really comes down to, is there a will to do it? In the aerospace industry, planes crashing and people dying is something you want to avoid for a variety of reasons. Not least the fact that you will get in a lot of trouble financially if you're unlucky and we have seen recently that the regulation system we have in that area is not particularly great with multiple hundred people having died. The 737 max still being grounded and the co-regulation regime that has long dominated this space not having worked out properly. So it doesn't mean that just because I'm saying these objectives are more simple to define that the problem goes away completely. So, and so my last point here is essentially, is this just economics, right? Do the players, and by that I don't mean people like I'm sure somebody in the room who work on this at an academic or developer level and think about how to do great things with different types of learning but more so the organizations that control it. Do they have the will and the wish to actually tie themselves down to actually make sure that people are not hurt? And the thing here is in a lot of cases when it comes to machine learning, AI, and the same as security, people do not usually die. There are, you might lose a lot of data, a lot of people might be economically hurt, et cetera, et cetera, but it's not the same as a flaming plane crash. And we also see in IT security that you can have terrible security, you are getting breached and you will walk away. It's not a problem. So with a lot of systems that go into direction of machine learning and AI, we might see similar things where if we don't think about the smaller issues per individual that have a huge societal impact, we might just not bother, right? So that means we might think a lot about the car recognizing people on the road, so you don't run anyone over because that's really bad press, but if you badly score people when they apply for a rental and they don't get an apartment, maybe because of some data pointers in their profiles that are being kind of used wrongly in your model or being used in a way that kind of puts too much weight on it for whatever reason that may happen, that might just get ignored, but still this might affect thousands, 10,000, 100,000 of people. So as I said, this is a kind of think about this talk, so I'm happy to take questions because I think I still have about five minutes left. Thank you very much. 40,000 people on Americans are killed by cars every year, like we don't take all the cars off the road, so what's kind of the difference in terms of the scale or are we gonna have to wait for AI to unfortunately kill some people before we see any action and what might that look like? So I'm not sure if everyone could hear the question, so I'll just repeat it. I would say, correct me if I'm wrong, it can be boiled down to what has to happen for a real conversation about regulation to start, is that? Yeah, okay, so you mentioned the airplanes, right? Things like the 737 MAX crashes, it's in everyone's head still, I believe, there's tons of reporting, right? They show you pictures of burning debris and the families rushing in, et cetera, et cetera. When there's a car accident that you also mentioned, that's a statistic, right? That affects a few people, so that kind of comes back to my kind of last point, right? Is this just economics? So right now, if a Tesla runs over someone, that's a news story. If we have a million, it will happen from time to time, it will become a statistic. So I think that's the key issue, essentially, that probably there have to be a few events that make people wake up about what is going on, and because of the types of system we're looking at, it is far more unlikely that we see an event like a plane crash that will be featured in the news everywhere and that will kind of garner that level of attention. So the question was essentially about, if we look at things like the YouTube algorithm that points people into somewhat questionable directions at times and also other projects that just have outcomes that seem very uncomfortable. And what I think about that, so I think that could be well described as the kind of outcome of the things I'm talking about, because we're not thinking about, what are we actually doing, right? We're developing something, it works somehow, but there is very little testing often going on in terms of what it does. So to give you a security example, is the typical, oh, we're getting a new system by a vendor, which is super fancy and super cool, but no one goes back to the drawing board and thinks about, okay, how does this actually work in context of our existing IT systems and in context of what we actually do as a company or organization and what for us at that kind of very high level actually matters. And this happens a lot, right? You don't rethink these kind of things and I think that's what is happening here, right? It's not that these things are inherently bad, it is more that they're being developed and then this link between this kind of meso level of, oh, how am I doing the system? How can I do, say, very cool predictions into, okay, what are we actually looking at and in what kind of larger system are we integrating this technology? Yeah, any more? So essentially the question was about, would open source essentially help? Yeah, as an analogy, okay. So what the analogy of open source help in a machine learning and AI? So I assume what you mean there is, what if we published the way we make decisions? What's our algorithm? That is roughly the idea? Okay, so I think that could be extremely helpful because it kind of deals with the accountability and insight problem I was kind of mentioning in my introduction. But it will only help to a certain degree if my other assumptions were to be correct because it's only one building block in the system. So I'm not saying it wouldn't help and I would be all for it. I just think that again, I use the same thing which is usually great in two different contexts with extremely different outcomes, but still I would be totally in support of doing that. And now I'm getting told no more questions. Thank you very much.