Why DARPA is Funding an AI-Powered Bug-Spotting Challenge

Somewhere in America’s Defense Department, the DARPA R&D agency is running a two-year contest to write an AI-powered program “that can scan millions of lines of open-source code, identify security flaws and fix them, all without human intervention,” reports the Washington Post. [Alternate URL here.]

But as they see it, “The contest is one of the clearest signs to date that the government sees flaws in open-source software as one of the country’s biggest security risks, and considers artificial intelligence vital to addressing it.”

Free open-source programs, such as the Linux operating system, help run everything from websites to power stations. The code isn’t inherently worse than what’s in proprietary programs from companies like Microsoft and Oracle, but there aren’t enough skilled engineers tasked with testing it. As a result, poorly maintained free code has been at the root of some of the most expensive cybersecurity breaches of all time, including the 2017 Equifax disaster that exposed the personal information of half of all Americans. The incident, which led to the largest-ever data breach settlement, cost the company more than $1 billion in improvements and penalties.

If people can’t keep up with all the code being woven into every industrial sector, DARPA hopes machines can. “The goal is having an end-to-end ‘cyber reasoning system’ that leverages large language models to find vulnerabilities, prove that they are vulnerabilities, and patch them,” explained one of the advising professors, Arizona State’s Yan Shoshitaishvili…. Some large open-source projects are run by near-Wikipedia-size armies of volunteers and are generally in good shape. Some have maintainers who are given grants by big corporate users that turn it into a job. And then there is everything else, including programs written as homework assignments by authors who barely remember them.

“Open source has always been ‘Use at your own risk,'” said Brian Behlendorf, who started the Open Source Security Foundation after decades of maintaining a pioneering free server software, Apache, and other projects at the Apache Software Foundation. “It’s not free as in speech, or even free as in beer,” he said. “It’s free as in puppy, and it needs care and feeding.”
40 teams entered the contest, according to the article — and seven received $1 million in funding to continue on to the next round, with the finalists to be announced at this year’s Def Con, according to the article.

“Under the terms of the DARPA contest, all finalists must release their programs as open source,” the article points out, “so that software vendors and consumers will be able to run them.”

Read more of this story at Slashdot.

NFL to Roll Out Facial Authentication Software to All Stadiums, League-Wide

America’s National Football League “is the latest organization to turn to facial authentication to bolster event security,” reports the Record, citing a new announcement this week:

All 32 NFL stadiums will start using the technology this season, after the league signed a contract with a company that uses facial scans to verify the identity of people entering event venues and other secure spaces.

The facial authentication platform, which counts the Cleveland Browns’ owners as investors, will be used to “streamline and secure” entry for thousands of credentialed media, officials, staff and guests so they can easily access restricted areas such as press boxes and locker rooms, Jeff Boehm, the chief operating officer of Wicket, said in a LinkedIn post Monday. “Credential holders simply take a selfie before they come, and then Wicket verifies their identity and checks their credentials with Accredit (a credentialing platform) as they walk through security checkpoints,” Boehm added.

Wicket technology was deployed in a handful of NFL stadiums last year as part of a pilot program. Other stadiums will start rolling it out beginning on Aug. 8, when the pre-season kicks off. Some teams also have extended their use of the technology to scan the faces of ticket holders. The Cleveland Browns, Atlanta Falcons and New York Mets all have used the company’s facial authentication software to authenticate fans with tickets, according to Stadium Tech Report. “Fans come look at the tablet and, instantly, the tablet recognizes the fan,” Brandon Covert, the vice president of information technology for the Cleveland Browns, said in a testimonial appearing on Wicket’s website. “It’s almost a half-second stop. It’s not even a stop — more of a pause.”

“The Browns also use Wicket to verify the ages of fans purchasing alcohol at concession stands, according to Wicket’s LinkedIn page,” the article points out.

And a July report from Privacy International found that 25 of the top 100 soccer stadiums in the world are already using facial recognition technology.

Thanks to long-time Slashdot reader schwit1 for sharing the news.

Read more of this story at Slashdot.

Japan Mandates App To Ensure National ID Cards Aren’t Forged

The Japanese government has released details of an app that verifies the legitimacy of its troubled My Number Card — a national identity document. From a report: Beginning in 2015, every resident of Japan was assigned a 12 digit My Number that paved the way for linking social security, taxation, disaster response and other government services to both the number itself and a smartcard. The plan was to banish bureaucracy and improve public service delivery — but that didn’t happen.

My Number Card ran afoul of data breaches, reports of malfunctioning card readers, and database snafus that linked cards to other citizens’ bank accounts. Public trust in the scheme fell, and adoption stalled. Now, according to Japan’s Digital Ministry, counterfeit cards are proliferating to help miscreant purchase goods — particularly mobile phones — under fake identities. Digital minister Taro Kono yesterday presented his solution to the counterfeits: a soon to be mandatory app that confirms the legitimacy of the card. The app uses the camera on a smartphone to read information printed on the card — like date of birth and name. It compares those details to what it reads from info stored in the smartcard’s resident chip, and confirms the data match without the user ever needing to enter their four-digit PIN.

Read more of this story at Slashdot.

Suno & Udio To RIAA: Your Music Is Copyrighted, You Can’t Copyright Styles

AI music generators Suno and Udio responded to the lawsuits filed by the major recording labels, arguing that their platforms are tools for making new, original music that “didn’t and often couldn’t previously exist.”

“Those genres and styles — the recognizable sounds of opera, or jazz, or rap music — are not something that anyone owns,” the companies said. “Our intellectual property laws have always been carefully calibrated to avoid allowing anyone to monopolize a form of artistic expression, whether a sonnet or a pop song. IP rights can attach to a particular recorded rendition of a song in one of those genres or styles. But not to the genre or style itself.” TorrentFreak reports: “[The labels] frame their concern as one about ‘copies’ of their recordings made in the process of developing the technology — that is, copies never heard or seen by anyone, made solely to analyze the sonic and stylistic patterns of the universe of pre-existing musical expression. But what the major record labels really don’t want is competition.” The labels’ position is that any competition must be legal, and the AI companies state quite clearly that the law permits the use of copyrighted works in these circumstances. Suno and Udio also make it clear that snippets of copyrighted music aren’t stored as a library of pre-existing content in the neural networks of their AI models, “outputting a collage of ‘samples’ stitched together from existing recordings” when prompted by users.

“[The neural networks were] constructed by showing the program tens of millions of instances of different kinds of recordings,” Suno explains. “From analyzing their constitutive elements, the model derived a staggeringly complex collection of statistical insights about the auditory characteristics of those recordings — what types of sounds tend to appear in which kinds of music; what the shape of a pop song tends to look like; how the drum beat typically varies from country to rock to hip-hop; what the guitar tone tends to sound like in those different genres; and so on.” These models are vast stores, not of copyrighted music, the defendants say, but information about what musical styles consist of, and it’s from that information new music is made.

Most copyright lawsuits in the music industry are about reproduction and public distribution of identified copyright works, but that’s certainly not the case here. “The Complaint explicitly disavows any contention that any output ever generated by Udio has infringed their rights. While it includes a variety of examples of outputs that allegedly resemble certain pre-existing songs, the Complaint goes out of its way to say that it is not alleging that those outputs constitute actionable copyright infringement.” With Udio declaring that, as a matter of law, “that key point makes all the difference,” Suno’s conclusion is served raw. “That concession will ultimately prove fatal to Plaintiffs’ claims. It is fair use under copyright law to make a copy of a protected work as part of a back-end technological process, invisible to the public, in the service of creating an ultimately non-infringing new product.” Noting that Congress enacted the first copyright law in 1791, Suno says that in the 233 years since, not a single case has ever reached a contrary conclusion.

In addition to addressing allegations unique to their individual cases, the AI companies accuse the labels of various types of anti-competitive behavior. Imposing conditions to prevent streaming services obtaining licensed music from smaller labels at lower rates, seeking to impose a “no AI” policy on licensees, to claims that they “may have responded to outreach from potential commercial counterparties by engaging in one or more concerted refusals to deal.” The defendants say this type of behavior is fueled by the labels’ dominant control of copyrighted works and by extension, the overall market. Here, however, ownership of copyrighted music is trumped by the existence and knowledge of musical styles, over which nobody can claim ownership or seek to control. “No one owns musical styles. Developing a tool to empower many more people to create music, by scrupulously analyzing what the building blocks of different styles consist of, is a quintessential fair use under longstanding and unbroken copyright doctrine. “Plaintiffs’ contrary vision is fundamentally inconsistent with the law and its underlying values.” You can read Suno and Udio’s answers to the RIAA’s lawsuits here (PDF) and here (PDF).

Read more of this story at Slashdot.

iPad Sales Help ‘Bail Out’ Apple Amid a Continued iPhone Slide

Apple reported a new June quarter revenue record of $85.8 billion, up 5 percent from a year ago, fueled largely by new iPad sales. iPad “saw the biggest category increase for the quarter, up from $5.8 billion to $7.2 billion year-over-year,” reports TechCrunch. It helped counter slowed iPhone revenue, “which dropped from $39.7 billion to $39.3 billion year-on-year.” From the report: In spite of a drop for the quarter, iPhone remained Apple’s most important category by a wide margin, followed by service, which includes software offerings like iCloud, Apple TV+ and Apple Music. That category continued to grow, up to $24.2 billion from $21.2 billion over the same three-month period last year. Much of the iPhone slowdown can be attributed to the greater China region. Overall, the region dropped from $15.8 billion to $14.7 billion for the quarter. Canalys figures from last week show a marked decline in iPhone sales, down 6.7% from 10.4 million to 9.7 million for the quarter, Reuters reported.

The drop in Apple’s third-largest region (behind the Americas and Europe) had a clear impact on the company’s bottom line. The company aggressively discounted iPhone prices in China starting in May, as competition intensified from domestic rivals. The strategy resulted in strong iPhone sales that month, up close to 40% from a year prior. […] Q3 marked the second consecutive quarter decline for global iPhone sales. The news puts additional pressure on the generative AI strategy that the company laid out at WWDC in June.

Read more of this story at Slashdot.

Microsoft Dynamics 365 Called Out For ‘Worker Surveillance’

Microsoft Dynamics 365’s “field service management” tools enable employers to monitor mobile workers via smartphone apps — “allegedly to the detriment of their autonomy and dignity,” reports The Register. From the report: According to a probe by Cracked Labs – an Austrian nonprofit research group — the software is part of a broader set of applications that disempowers workers through algorithmic management. The case study [PDF] summarizes how employers in Europe actually use software and smartphone apps to oversee field technicians, home workers, and cleaning staff. It’s part of a larger ongoing project helmed by the group called “Surveillance and Digital Control at Work,” which includes contributions from AlgorithmWatch; Jeremias Adams-Prassl, professor of law at the University of Oxford; and trade unions UNI Europa and GPA.

Mobile maintenance workers used to have a substantial amount of autonomy when they were equipped with basic mobile phones, the study notes, but smartphones have allowed employers to track what mobile workers do, when they do it, where they are, and gather many other data points. The effect of this monitoring, the report argues, means diminished worker discretion, autonomy, and sense of purpose due to task-based micromanagement. The shift has also accelerated and intensified work stress, with little respect to workers’ capabilities, differences in lifestyle, and job practices. “Field service workers travel to multiple locations servicing different products every day,” a Microsoft spokesperson told The Register. “Dynamics 365 Field Service and its Copilot capabilities are designed to help field service workers schedule, plan and provide onsite maintenance and repairs in the right location, on time with the right information and workplace guides on their device to complete their jobs.”

“Dynamics 365 Field Service does not use AI to recommend individual workers for specific jobs based on previous performance. Dynamics 365 Field Service was developed in accordance with our Responsible AI principles and data privacy statement. Customers are solely responsible for using Dynamics 365 Field Service in compliance with all applicable laws, including laws relating to accessing individual employee analytics and monitoring.”

Read more of this story at Slashdot.