Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
×
The Courts Software Politics

New Bill Would Let Defendants Inspect Algorithms Used Against Them In Court (theverge.com) 47

Lauren Feiner reports via The Verge: Reps. Mark Takano (D-CA) and Dwight Evans (D-PA) reintroduced the Justice in Forensic Algorithms Act on Thursday, which would allow defendants to access the source code of software used to analyze evidence in their criminal proceedings. It would also require the National Institute of Standards and Technology (NIST) to create testing standards for forensic algorithms, which software used by federal enforcers would need to meet.

The bill would act as a check on unintended outcomes that could be created by using technology to help solve crimes. Academic research has highlighted the ways human bias can be built into software and how facial recognition systems often struggle to differentiate Black faces, in particular. The use of algorithms to make consequential decisions in many different sectors, including both crime-solving and health care, has raised alarms for consumers and advocates as a result of such research.

Takano acknowledged that gaining or hiring the deep expertise needed to analyze the source code might not be possible for every defendant. But requiring NIST to create standards for the tools could at least give them a starting point for understanding whether a program matches the basic standards. Takano introduced previous iterations of the bill in 2019 and 2021, but they were not taken up by a committee.

This discussion has been archived. No new comments can be posted.

New Bill Would Let Defendants Inspect Algorithms Used Against Them In Court

Comments Filter:
  • by thegarbz ( 1787294 ) on Friday February 16, 2024 @08:31PM (#64246584)

    The validation of Truecrypt took what, nearly two full years by a team of experts? It's nice to have the option, but the reality is you're not going to be able to fund a campaign to fully investigate the software or algorithms used against you.

    • The validation of Truecrypt took what, nearly two full years by a team of experts?

      If it's even possible any more. The algorithms are going to be neural nets like LLMs. "Here's a 100 billion weights. Knock yer socks off deciphering why they computed to not make you a job offer."

      • Using an ANN to analyze evidence and identify suspects is reasonable.

        Allowing their output to be admitted as evidence in court is certainly not.

        ANNs are nearly as unreliable as humans.

        ANN= Artificial Neural Network

        • ANNs are nearly as unreliable as humans.

          This.

          Some (many?) people have a profoundly delusional belief in the ability of humans, and that is a straw man which is eventually going to fail.

          I saw telly adverts for an upcoming programme where two different "juries" will be presented with the same evidence in a (made up) criminal case ... with access to the "juries" decision-making processes. That is going ot pierce some delusions of competence, and is going to up set a lot of people. I didn't note which channel

      • by flink ( 18449 )

        That's easy then. Don't use it. If you can't explain the algorithm, or if it can't output its reasoning in a human-interpretable manner, then it should be forbidden.

      • Here's a 100 billion weights. Knock yer socks off deciphering why they computed to not make you a job offer

        So then maybe we shouldn't allow technologies we can't control, or even understand, to play a role in making life altering decisions

    • The validation of Truecrypt took what, nearly two full years by a team of experts? It's nice to have the option, but the reality is you're not going to be able to fund a campaign to fully investigate the software or algorithms used against you.

      Just one bug that could give a false positive related to your case, that would be enough to give reasonable doubt. No need to review the entire program.

      • No it wouldn't. Causality applies. You'd need to find a bug and demonstrate the the outcome is affected. Also it's not a given that you find X bugs in Y amount of review hours. To keep with my example, Truecrypt went through 1.5 years of validation without finding a bug, and then a year later a bug was discovered in a Windows DLL related to drive mounting.

        If bugs were so easy to find we wouldn't have bugs. It takes serious time and effort.

    • This is about standards and also the threat of exposure by people selling bunk products to law enforcement.

      Right now they’re selling field drug test kits that have been well known to show positive on a random assortment of common materials and plants. They’re still accepted by the courts even though a simple wikipedia search would tell you they’re snake oil.

      There was also the joke golf ball detector rebranded as a bomb and drug detecting device. That was big hit throughout the law enforc

    • by AmiMoJo ( 196126 )

      In practice it will take only one wealthy suspect or one interested philanthropic party to intervene and do a complete investigation. Even if the results are not ready for the trial, once they have the source code they can keep looking for issues.

      Besides, most of this software is crap, so it will only take a few minutes with an automated source code scanner to find enough flaws to discredit them.

      Didn't that happen with laser speed guns some years back? Once they had the source code, it was shown to be horri

    • by Sique ( 173459 )
      It is not so much about the algorithm itself, but in many cases the parameters fed to the machine. The COMPASS program, which is supposed to predict the recidivism rate of convicts, uses more than 100 weighted parameters. Apparently, it put too much emphasis on socioeconomic factors, so it overestimates the recidivism rate of perpetrators from a precarious background, while it vastly underestimates the recidivism of well-off criminals from stable families. Basically, it was saying: If your parents are rich,
  • by alvinrod ( 889928 ) on Friday February 16, 2024 @08:33PM (#64246590)
    Even the companies who sell these products would benefit from people finding issues with their algorithms. What business would turn down free testing? Also, this is largely pointless since most defense teams have no expertise to do this themselves and an expert is going to be expensive as hell. Jurors aren't going to have any more of a clue about any of this any more than they understand testimony regarding DNA evidence, etc.
    • Re: (Score:2, Insightful)

      by xlsior ( 524145 )
      All it means is that dead guilty people with deep enough pockets can basically evade consequences forever, because they can drag these kind of proceedings out indefinitely.
    • by CaptQuark ( 2706165 ) on Saturday February 17, 2024 @01:59AM (#64246922)

      Example: I'm a suspect in a murder trial. They found titanium dioxide on the murder weapon and I was apprehended wearing white sun screen. If this becomes a law, I can subpoena the source code and algorithms for the mass spectrometer and x-ray fluorescence machines used to identify the titanium dioxide.

      The prosecutors would need to contact the manufacturers of the test equipment, negotiate a release of the source code and algorithms used by the devices, and provide it to the defense team. Every piece of equipment used by the forensics team would have to have a point of contact at the manufacturer to handle these requests. If the manufacturer does not agree to release than information (trade secrets) does that mean the forensics team cannot use that equipment any more?

      While having access to the source code and algorithms sounds good on paper, in real life it would just give those trying to game the justice system another tool to confuse and drag out criminal proceedings.

      • by jvkjvk ( 102057 )

        >in real life it would just give those trying to game the justice system another tool to confuse and drag out criminal proceedings.

        Doesn't it do both? Or are you saying there aren't shady devices (lie detectors, anyone) or algorithms out there that are just bunk?

      • by AmiMoJo ( 196126 )

        Shouldn't it be the norm for these tools to be open source, or at least subject to continual security review under NDA?

        Many forensic techniques have been shown to be bunk or at least deeply flawed, and to have resulted in numerous false convictions. By now we really should have realized that when a new one comes along, we need to be extremely sceptical.

      • by RedK ( 112790 )

        > If the manufacturer does not agree to release than information (trade secrets) does that mean the forensics team cannot use that equipment any more?

        What is there to agree with ? There's a court case going, and he's being subpoenaed. If they don't agree, they get held in contempt and go to jail.

        This isn't a negotiation.

      • That's not how it works. You would have to convince the judge that there is sufficient cause for the subpoena*. If you can't show the probability of the resultant information having a material effect on the outcome of the trial, the judge will likely not grant it.

        * Technically, your lawyer can simply submit the paperwork to the court clerk and the subpoena is issued as a matter of course, but the manufacturers and/or the prosecution would likely object, and then the judge would have to rule.

        Judges are not

      • Imagine they claim that the sunscreen on the murder weapon matches the specific bottle of sunscreen the found in your room because their instrument is sensitive enough to distinguish the small variations in composition not just batch to batch, but bottle to bottle. Wouldn't it make sense for you to have access to testing data, code and anything else that that is needed to reach that phenominal level or accuracy?

        In the past (maybe still) juries were told that the probability if a false DNA match was
        Th
    • by thegarbz ( 1787294 ) on Saturday February 17, 2024 @03:51AM (#64247058)

      What business would turn down free testing?

      Errr most of them, if it involves handing over source code and algorithms.

    • What business would turn down free testing?

      Simple question. Simply answered : one which knows their product is utter crap. That includes people who have tried to make a good product, and fucked up - and those who tried to make a profitable product without any regard to evidence in the case. And that sort of fraud does go on. We've had enough people selling snake oil here (outside America) that I'm sure it happens in America too. Plenty of racist cops and judges with prejudices that can be profitably pandere

  • Subpoena the source code to the radar gun if I get a speeding ticket?
    • you want the calibration logs.

      • The calibration logs don't mean anything if you don't know how the thing actually works.

        It could easily have code that makes it more accurate when it detects it's being tested.

        • > The calibration logs don't mean anything if you don't know how the thing actually works.

          AIUI those calibration logs usually don't exist.

          And you can subpoena the person who ran the calibration to testify.

          They really hope you won't flex your rights.

          • by Lehk228 ( 705449 )
            30 years ago, it was common for radar guns to not be calibrated right in a lot of podunk jurisdictions, even then, state police/highway patrol/whatever would always be on top of it, same with big city departments.
    • There were a series of posts about people trying to get the source code for the breath analyzer machines for DUI cases about 15 years ago.... Same thing.

  • I have been a juror while expert witnesses engaged in penis length contests in front of the court. This sort of expert testimony is something I already know I do not want to witness.
  • they will just use per crime and keep you in jail forever where you don't event get to the court room.

  • Machine learning (Score:4, Insightful)

    by CNeb96 ( 60366 ) on Friday February 16, 2024 @09:52PM (#64246694)

    I feel like the logic will be hidden in a machine learning model - the authors don't even understand.

    • by lordlod ( 458156 )

      I feel like the logic will be hidden in a machine learning model - the authors don't even understand.

      If you are being convicted based on the use of a system that nobody understands and nobody can prove works... maybe that's a problem.

      • Agreed. And that's why the company selling the software wouldn't want it examined. Their marketing material won't match reality. It's only "correct" for it's exact training set - every thing else is a guess. It should only be used as one data point in a larger argument.

  • by dragonturtle69 ( 1002892 ) on Saturday February 17, 2024 @02:06AM (#64246930)

    I think everyone on /. has at least heard of a data-driven bug. If software is the witness, it should be questioned.

  • Check out the Post Office scandal relating to sub post offices, and the Horizon software. There is a dramatization coming soon on PBS.

    In UK courts, "evidence" provided by computers is (or was) presumed correct, leading to a huge number of convictions that should never have happened.

    The scandal continues to this day: the government and Fujitsu (the software vendor, formerly ICL) are dragging their feet on compensation and on reversing the convictions.

  • Source code obfuscation is easy enough.

  • Malicious compliance (Score:4, Informative)

    by stikves ( 127823 ) on Saturday February 17, 2024 @02:30PM (#64247844) Homepage

    I have actually worked in "explainable AI" for a while, and yes even for the "deepest" deep neural networks that are supposed to be black boxes there are techniques to explain "why" a recommendation was made.

    However, it requires additional engineering effort, also usually along with preparation of the training for this task.

    What is more? Most "Machine Learning Engineers" do not actually understand how the model works in the first place. Yet alone tackle this additional task ("I downloaded this sample model from Github, ran it on Google cloud with Colab on our CSV file, and yes it is working with 80% accuracy")

    The question is, which one will a "lowest bidding contractor" for software do:

    a. Spend time and effort, and also hire capable engineers to make their algorithms and AI explainable?
    b. Dump a gigabyte of data in random floating points and say "that is all we can do"?

  • #1 : If the company refuses to supply source-code then it is assumed to be wrong ...

    #2 : If the company cannot show it is correct, as most machine learning systems cannot be shown to be correct, then it is assumed to be wrong ..

    watch as most cases where the evidence is based on AI systems just fall apart ...

We are Microsoft. Unix is irrelevant. Openness is futile. Prepare to be assimilated.

Working...