Biometrics are widely regarded by the public, and many developers, as heightened security. Their actual track record tells a very different story. Biometric technologies are systematically making the world a less safe place. We have an obligation to do something about that. And we can.
In this talk, you'll learn about the breathtaking range of biometrics being tracked and assessed. You'll learn about dangerously wrong conclusions being drawn. You'll learn about spurious underlying premises and untrustworthy training data, and widespread misuses that are determining life and death decisions in government, policing, and health monitoring.
Most importantly, you'll learn how to assess these technologies, and avoid contributing ito their development, misuse, and proliferation.
NOTE: Content Warnings.
==== META ====
Keynote Address at: DjangoCon Europe (Sept 4, 2020)
Session Talk at: PyconAU (Sept 18, 2020)
Author: Carina C. Zona
Email: cczona@gmail.com
Twitter: @cczona
Self authentication – is it possible or plausible?Katina Michael
Identification is changing rapidly today with the use of biometrics to facial recognition and other invasive technologies. We will explore if self-authentication is not only possible today but is it secure and safe?
Here, I will explore the whole idea of "self-authentication" which includes Biometrics, Facial Recognition, Microchip Implants and other sensory technology that banks are using and exploring. The session will explore the possibilities, and whether or not these possibilities are safe, secure and also ethical. Are they violating our privacy in ways we could never understand, inclusive of both intended and unintended consequences. Bitcoin and blockchain will come into the discussion.
We have ethical responsibilities when coding. We’re able to extract remarkably precise intuitions about an individual. But do we have a right to know what they didn’t consent to share, even when they willingly shared the data that leads us there? A major retailer’s data-driven marketing accidentially revealed to a teen’s family that she was pregnant. Eek.
What are our obligations to people who did not expect themselves to be so intimately known without sharing directly? How do we mitigate against unintended outcomes? For instance, an activity tracker carelessly revealed users’ sexual activity data to search engines. A social network’s algorithm accidentally triggered painful memories for grieving families who’d recently experienced death of their child and other loved ones.
We design software for humans. Balancing human needs and business specs can be tough. It’s crucial that we learn how to build in systematic empathy.
In this talk, we'll delve into specific examples of uncritical programming, and painful results from using insightful data in ways that were benignly intended. You’ll learn ways we can integrate practices for examining how our code might harm individuals. We’ll look at how to flip the paradigm, netting consequences that can be better for everyone.
SLIDES: http://www.slideshare.net/cczona/consequences-of-an-insightful-algorithm
VIDEO: http://confreaks.tv/videos/rubyconf2015-keynote-consequences-of-an-insightful-algorithm
REVIEWS: https://wakelet.com/wake/5758ef98-8e71-4854-9ea2-683e0b5c98a3
KEYNOTE: RubyConf, JSConfEU, PyConAU, GOTO Berlin, Lean Agile Scotland, CUSEC, Open Source Bridge
ADDITIONAL: ArrrrCamp, EuRuKo, DjangoCon, WDCNZ, SCNA
Converged Cloud Computing That's Secure, Fast, or Cheap: Pick ThreeCarina C. Zona
Abstract:
Containers are driving down the overhead that has been necessary for traditional virtualization. But there have been serious tradeoffs made with their adoption. Containerization's resource sharing approach is exposing more of the host system. We're choosing to compromise the isolation of executables from kernel, accepting it as an inevitable price for low overhead. In multi-tenant environments, that's a heck of a gamble.
Tightrope acts like that do not need to happen.
ZeroVM has taken an entirely distincive approach to lightweight virtualization: strong security, from the beginning. Processes are kept on lockdown, jobs are horizontally scalable, and they execute with such fine-grained accuracy that metering by the second is no problem. End the cost-inefficiencies of metering by minutes and hours.
ZeroVM provides a secure execution environment for untrusted code, by applying the Chromium project's proven Native Client (NaCl) technology for validation and sandboxing. Moreover, when paired with OpenStack Swift, the two become a unique platform for executing arbitrary queries within a datastore, using any language of one's choosing.
We'll walk through the basics of the ZeroVM open source project, compelling use cases, and opportunities to take advantage of ZeroVM + Swift -- for solving problems at scale without compromising on either security, speed, or affordability.
Author: Carina C. Zona
Video: https://www.youtube.com/watch?v=c5MblI28Oec
Conference: OpenStack Summit Paris
Date: November 4, 2014
Doctor, Lawyer, Poker Player, Physicist: The Best Engineers We're Not Competi...Carina C. Zona
"The team needs more engineers and we need them today."_
We talk about the engineer shortage. But the problem is not what we think it is. We'll explore how hiring for only CS degrees misses exceptional opportunities. Unconventional backgrounds breed great developers.
Homogeneity boxes us in. Diverse teams are more productive, more profitable, and more excited about what they're accomplishing. Diversity isn't just demographics. It's about benefitting from distinctly varied perspectives. Who better than the former philosopher, marine biologist, stage hand, or anthropologist? In this talk, we'll walk through why it's worth competing for them.
Forget the rock star; hire the opera singer.
Self authentication – is it possible or plausible?Katina Michael
Identification is changing rapidly today with the use of biometrics to facial recognition and other invasive technologies. We will explore if self-authentication is not only possible today but is it secure and safe?
Here, I will explore the whole idea of "self-authentication" which includes Biometrics, Facial Recognition, Microchip Implants and other sensory technology that banks are using and exploring. The session will explore the possibilities, and whether or not these possibilities are safe, secure and also ethical. Are they violating our privacy in ways we could never understand, inclusive of both intended and unintended consequences. Bitcoin and blockchain will come into the discussion.
We have ethical responsibilities when coding. We’re able to extract remarkably precise intuitions about an individual. But do we have a right to know what they didn’t consent to share, even when they willingly shared the data that leads us there? A major retailer’s data-driven marketing accidentially revealed to a teen’s family that she was pregnant. Eek.
What are our obligations to people who did not expect themselves to be so intimately known without sharing directly? How do we mitigate against unintended outcomes? For instance, an activity tracker carelessly revealed users’ sexual activity data to search engines. A social network’s algorithm accidentally triggered painful memories for grieving families who’d recently experienced death of their child and other loved ones.
We design software for humans. Balancing human needs and business specs can be tough. It’s crucial that we learn how to build in systematic empathy.
In this talk, we'll delve into specific examples of uncritical programming, and painful results from using insightful data in ways that were benignly intended. You’ll learn ways we can integrate practices for examining how our code might harm individuals. We’ll look at how to flip the paradigm, netting consequences that can be better for everyone.
SLIDES: http://www.slideshare.net/cczona/consequences-of-an-insightful-algorithm
VIDEO: http://confreaks.tv/videos/rubyconf2015-keynote-consequences-of-an-insightful-algorithm
REVIEWS: https://wakelet.com/wake/5758ef98-8e71-4854-9ea2-683e0b5c98a3
KEYNOTE: RubyConf, JSConfEU, PyConAU, GOTO Berlin, Lean Agile Scotland, CUSEC, Open Source Bridge
ADDITIONAL: ArrrrCamp, EuRuKo, DjangoCon, WDCNZ, SCNA
Converged Cloud Computing That's Secure, Fast, or Cheap: Pick ThreeCarina C. Zona
Abstract:
Containers are driving down the overhead that has been necessary for traditional virtualization. But there have been serious tradeoffs made with their adoption. Containerization's resource sharing approach is exposing more of the host system. We're choosing to compromise the isolation of executables from kernel, accepting it as an inevitable price for low overhead. In multi-tenant environments, that's a heck of a gamble.
Tightrope acts like that do not need to happen.
ZeroVM has taken an entirely distincive approach to lightweight virtualization: strong security, from the beginning. Processes are kept on lockdown, jobs are horizontally scalable, and they execute with such fine-grained accuracy that metering by the second is no problem. End the cost-inefficiencies of metering by minutes and hours.
ZeroVM provides a secure execution environment for untrusted code, by applying the Chromium project's proven Native Client (NaCl) technology for validation and sandboxing. Moreover, when paired with OpenStack Swift, the two become a unique platform for executing arbitrary queries within a datastore, using any language of one's choosing.
We'll walk through the basics of the ZeroVM open source project, compelling use cases, and opportunities to take advantage of ZeroVM + Swift -- for solving problems at scale without compromising on either security, speed, or affordability.
Author: Carina C. Zona
Video: https://www.youtube.com/watch?v=c5MblI28Oec
Conference: OpenStack Summit Paris
Date: November 4, 2014
Doctor, Lawyer, Poker Player, Physicist: The Best Engineers We're Not Competi...Carina C. Zona
"The team needs more engineers and we need them today."_
We talk about the engineer shortage. But the problem is not what we think it is. We'll explore how hiring for only CS degrees misses exceptional opportunities. Unconventional backgrounds breed great developers.
Homogeneity boxes us in. Diverse teams are more productive, more profitable, and more excited about what they're accomplishing. Diversity isn't just demographics. It's about benefitting from distinctly varied perspectives. Who better than the former philosopher, marine biologist, stage hand, or anthropologist? In this talk, we'll walk through why it's worth competing for them.
Forget the rock star; hire the opera singer.
Debugging Tech’s Socioeconomic Class Issues [Madison+ Ruby Conf 2014]Carina C. Zona
As developers, we have power to be constructors of social justice. If we are members of tech community, then we inherit a chain of responsibility for addressing intersections between our work and its sometimes profoundly local effects on communities.
We can choose to engage in debugging and fixes.
We start by engaging in introspection about the inequities that our industry imposes on groups who have fewer privileges than we have access to. We’re going to walk through some of these issues, and review methods for implementing change.
Date: August 22, 2014
Author: Carina C. Zona
Video: https://youtu.be/aRf9w0UJPTM
Conference: Madison+ Ruby
Location: Madison, WI
ZeroVM is a secure execution environment for untrusted code in multi-tenant cloud. It's lightweight, fast, horizontally scalable, and can run arbitrary applications inside a datastore. More info about this open source project is available at http://zerovm.org
Schemas for the Real World [Software Craftsmanship North America 2013]Carina C. Zona
Social app development challenges us how to code for users’ personal world. Users are giving push-back to ill-fitted assumptions about their identity — including name, gender, sexual orientation, important relationships, and other attributes they value.
How can we balance users’ realities with an app’s business requirements?
Facebook, Google+, and others are grappling with these questions. Resilient approaches arise from an app’s own foundation. Discover schemas’ influence over codebase, UX, and development itself. Learn how we can use schemas to both inspire users and generate data we need as developers.
--
META
Where: Software Craftsmanship North America 2013 (Chicago, Illinois, USA)
Date: November 8, 2013
Author: Carina C. Zona
Schemas for the Real World [Madison RubyConf 2013]Carina C. Zona
Social app development challenges us how to code for users’ personal world. Users are giving push-back to ill-fitted assumptions about their identity — including name, gender, sexual orientation, important relationships, and other attributes they value.
How can we balance users’ realities with an app’s business requirements?
Facebook, Google+, and others are grappling with these questions. Resilient approaches arise from an app’s own foundation. Discover schemas’ influence over codebase, UX, and development itself. Learn how we can use schemas to both inspire users and generate data we need as developers.
--
META
Where: Madison Ruby Conference 2013 (Madison, Wisconsin, USA)
Date: August 23, 2013
Video: http://www.confreaks.com/videos/2627-madisonruby2013-schemas-for-the-real-world
Schemas for the Real World [RubyConf AU 2013]Carina C. Zona
VIDEO: https://vimeo.com/61172068
Social app development challenges us how to code for users’ personal world. Users are giving push-back to ill-fitted assumptions about their identity — including name, gender, sexual orientation, important relationships, and other attributes they value.
How can we balance users’ realities with an app’s business requirements?
Facebook, Google+, and others are grappling with these questions. Resilient approaches arise from an app’s own foundation. Discover schemas’ influence over codebase, UX, and development itself. Learn how we can use schemas to both inspire users and generate data we need as developers.
[NOTE: links to Resources are on slide 112. Cheers!]
---
META:
Conference: RubyConf AU
Date: February 21, 2013
Location: Jasper Hotel
Session length: 45 minutes
Video: https://vimeo.com/61172068
Full Stack & Full Circle: What the Heck Happens In an HTTP Request-Response C...Carina C. Zona
Presented at Confident Coding III, San Francisco, CA. October 20, 2012.
Flying in from 10,000 foot view (“Hey, browser, show me this”, “Okay, here it is”), we’ll take thoughtful overview of the HTTP request/response cycle. Its essence is simply a series of questions & answers, accumulating portions of content to be gracefully assembled for the user.
We’ll hone in on some key players amidst the “full stack” of communications, with special attention to how an understanding of the HTTP lifecycle endows any developer or designer with the power to optimize for performance, cost, and UX
This presentation's supplementary materials are at http://pinterest.com/sexwonk/kink-for-all-sf-2012-06-16/. Meta: June 16, 2012 at Kink for All Unconference (Noisebridge, San Francisco).
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™UiPathCommunity
In questo evento online gratuito, organizzato dalla Community Italiana di UiPath, potrai esplorare le nuove funzionalità di Autopilot, il tool che integra l'Intelligenza Artificiale nei processi di sviluppo e utilizzo delle Automazioni.
📕 Vedremo insieme alcuni esempi dell'utilizzo di Autopilot in diversi tool della Suite UiPath:
Autopilot per Studio Web
Autopilot per Studio
Autopilot per Apps
Clipboard AI
GenAI applicata alla Document Understanding
👨🏫👨💻 Speakers:
Stefano Negro, UiPath MVPx3, RPA Tech Lead @ BSP Consultant
Flavio Martinelli, UiPath MVP 2023, Technical Account Manager @UiPath
Andrei Tasca, RPA Solutions Team Lead @NTT Data
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Enhancing Performance with Globus and the Science DMZGlobus
ESnet has led the way in helping national facilities—and many other institutions in the research community—configure Science DMZs and troubleshoot network issues to maximize data transfer performance. In this talk we will present a summary of approaches and tips for getting the most out of your network infrastructure using Globus Connect Server.
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionAggregage
Join Maher Hanafi, VP of Engineering at Betterworks, in this new session where he'll share a practical framework to transform Gen AI prototypes into impactful products! He'll delve into the complexities of data collection and management, model selection and optimization, and ensuring security, scalability, and responsible use.
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...SOFTTECHHUB
The choice of an operating system plays a pivotal role in shaping our computing experience. For decades, Microsoft's Windows has dominated the market, offering a familiar and widely adopted platform for personal and professional use. However, as technological advancements continue to push the boundaries of innovation, alternative operating systems have emerged, challenging the status quo and offering users a fresh perspective on computing.
One such alternative that has garnered significant attention and acclaim is Nitrux Linux 3.5.0, a sleek, powerful, and user-friendly Linux distribution that promises to redefine the way we interact with our devices. With its focus on performance, security, and customization, Nitrux Linux presents a compelling case for those seeking to break free from the constraints of proprietary software and embrace the freedom and flexibility of open-source computing.
Debugging Tech’s Socioeconomic Class Issues [Madison+ Ruby Conf 2014]Carina C. Zona
As developers, we have power to be constructors of social justice. If we are members of tech community, then we inherit a chain of responsibility for addressing intersections between our work and its sometimes profoundly local effects on communities.
We can choose to engage in debugging and fixes.
We start by engaging in introspection about the inequities that our industry imposes on groups who have fewer privileges than we have access to. We’re going to walk through some of these issues, and review methods for implementing change.
Date: August 22, 2014
Author: Carina C. Zona
Video: https://youtu.be/aRf9w0UJPTM
Conference: Madison+ Ruby
Location: Madison, WI
ZeroVM is a secure execution environment for untrusted code in multi-tenant cloud. It's lightweight, fast, horizontally scalable, and can run arbitrary applications inside a datastore. More info about this open source project is available at http://zerovm.org
Schemas for the Real World [Software Craftsmanship North America 2013]Carina C. Zona
Social app development challenges us how to code for users’ personal world. Users are giving push-back to ill-fitted assumptions about their identity — including name, gender, sexual orientation, important relationships, and other attributes they value.
How can we balance users’ realities with an app’s business requirements?
Facebook, Google+, and others are grappling with these questions. Resilient approaches arise from an app’s own foundation. Discover schemas’ influence over codebase, UX, and development itself. Learn how we can use schemas to both inspire users and generate data we need as developers.
--
META
Where: Software Craftsmanship North America 2013 (Chicago, Illinois, USA)
Date: November 8, 2013
Author: Carina C. Zona
Schemas for the Real World [Madison RubyConf 2013]Carina C. Zona
Social app development challenges us how to code for users’ personal world. Users are giving push-back to ill-fitted assumptions about their identity — including name, gender, sexual orientation, important relationships, and other attributes they value.
How can we balance users’ realities with an app’s business requirements?
Facebook, Google+, and others are grappling with these questions. Resilient approaches arise from an app’s own foundation. Discover schemas’ influence over codebase, UX, and development itself. Learn how we can use schemas to both inspire users and generate data we need as developers.
--
META
Where: Madison Ruby Conference 2013 (Madison, Wisconsin, USA)
Date: August 23, 2013
Video: http://www.confreaks.com/videos/2627-madisonruby2013-schemas-for-the-real-world
Schemas for the Real World [RubyConf AU 2013]Carina C. Zona
VIDEO: https://vimeo.com/61172068
Social app development challenges us how to code for users’ personal world. Users are giving push-back to ill-fitted assumptions about their identity — including name, gender, sexual orientation, important relationships, and other attributes they value.
How can we balance users’ realities with an app’s business requirements?
Facebook, Google+, and others are grappling with these questions. Resilient approaches arise from an app’s own foundation. Discover schemas’ influence over codebase, UX, and development itself. Learn how we can use schemas to both inspire users and generate data we need as developers.
[NOTE: links to Resources are on slide 112. Cheers!]
---
META:
Conference: RubyConf AU
Date: February 21, 2013
Location: Jasper Hotel
Session length: 45 minutes
Video: https://vimeo.com/61172068
Full Stack & Full Circle: What the Heck Happens In an HTTP Request-Response C...Carina C. Zona
Presented at Confident Coding III, San Francisco, CA. October 20, 2012.
Flying in from 10,000 foot view (“Hey, browser, show me this”, “Okay, here it is”), we’ll take thoughtful overview of the HTTP request/response cycle. Its essence is simply a series of questions & answers, accumulating portions of content to be gracefully assembled for the user.
We’ll hone in on some key players amidst the “full stack” of communications, with special attention to how an understanding of the HTTP lifecycle endows any developer or designer with the power to optimize for performance, cost, and UX
This presentation's supplementary materials are at http://pinterest.com/sexwonk/kink-for-all-sf-2012-06-16/. Meta: June 16, 2012 at Kink for All Unconference (Noisebridge, San Francisco).
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™UiPathCommunity
In questo evento online gratuito, organizzato dalla Community Italiana di UiPath, potrai esplorare le nuove funzionalità di Autopilot, il tool che integra l'Intelligenza Artificiale nei processi di sviluppo e utilizzo delle Automazioni.
📕 Vedremo insieme alcuni esempi dell'utilizzo di Autopilot in diversi tool della Suite UiPath:
Autopilot per Studio Web
Autopilot per Studio
Autopilot per Apps
Clipboard AI
GenAI applicata alla Document Understanding
👨🏫👨💻 Speakers:
Stefano Negro, UiPath MVPx3, RPA Tech Lead @ BSP Consultant
Flavio Martinelli, UiPath MVP 2023, Technical Account Manager @UiPath
Andrei Tasca, RPA Solutions Team Lead @NTT Data
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Enhancing Performance with Globus and the Science DMZGlobus
ESnet has led the way in helping national facilities—and many other institutions in the research community—configure Science DMZs and troubleshoot network issues to maximize data transfer performance. In this talk we will present a summary of approaches and tips for getting the most out of your network infrastructure using Globus Connect Server.
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionAggregage
Join Maher Hanafi, VP of Engineering at Betterworks, in this new session where he'll share a practical framework to transform Gen AI prototypes into impactful products! He'll delve into the complexities of data collection and management, model selection and optimization, and ensuring security, scalability, and responsible use.
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...SOFTTECHHUB
The choice of an operating system plays a pivotal role in shaping our computing experience. For decades, Microsoft's Windows has dominated the market, offering a familiar and widely adopted platform for personal and professional use. However, as technological advancements continue to push the boundaries of innovation, alternative operating systems have emerged, challenging the status quo and offering users a fresh perspective on computing.
One such alternative that has garnered significant attention and acclaim is Nitrux Linux 3.5.0, a sleek, powerful, and user-friendly Linux distribution that promises to redefine the way we interact with our devices. With its focus on performance, security, and customization, Nitrux Linux presents a compelling case for those seeking to break free from the constraints of proprietary software and embrace the freedom and flexibility of open-source computing.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
A tale of scale & speed: How the US Navy is enabling software delivery from l...sonjaschweigert1
Rapid and secure feature delivery is a goal across every application team and every branch of the DoD. The Navy’s DevSecOps platform, Party Barge, has achieved:
- Reduction in onboarding time from 5 weeks to 1 day
- Improved developer experience and productivity through actionable findings and reduction of false positives
- Maintenance of superior security standards and inherent policy enforcement with Authorization to Operate (ATO)
Development teams can ship efficiently and ensure applications are cyber ready for Navy Authorizing Officials (AOs). In this webinar, Sigma Defense and Anchore will give attendees a look behind the scenes and demo secure pipeline automation and security artifacts that speed up application ATO and time to production.
We will cover:
- How to remove silos in DevSecOps
- How to build efficient development pipeline roles and component templates
- How to deliver security artifacts that matter for ATO’s (SBOMs, vulnerability reports, and policy evidence)
- How to streamline operations with automated policy checks on container images
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
2. Biometric Unsecurity
Carina C. Zona
@cczona
Domination,Abuse, and Exploitation
surveillance and stalking
human rights violations
and genocide
policing and
carceral systems
immigration and
border control
religious bias and
persecution
refugees
famine
wildfires
transphobia
ableism
psychological abuse
sexual abuse
(censored) NSFW images
(cens**d & uncensored)
slurs
Content Warning
6. Biometric Unsecurity
Carina C. Zona
@cczona
Absolute
Authentication Authorization
This exactly matches that This is permitted
Probabilistic
Verification & Identification Categorization
This seems akin to that Attributes of this seem to be
7. Biometric Unsecurity
Carina C. Zona
@cczona
Identification Is Not Identity
Identification Compare credential data
Data comparison. Username/password,
security token, passport, key.
Biometric
identification
Compare physical trait data.
Sensor data comparison. Face, gait,
heartbeat.
Identity
Who we know ourselves to be,
individually and collectively.
Culture, groupings. Race, gender,
religion, ethnicity.
8. Biometric Unsecurity
Carina C. Zona
@cczona
UNSECURITYUNDOINGOFSAFETY
UNSECURITY UNRAVELSAUTONOMY, FUNDAMENTAL SAFETY, HUMAN RIGHTS, EXISTENTIAL THREATS
13. Biometric Unsecurity
Carina C. Zona
@cczona
Unreusability
(January2018-May2020)https://informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/
PASSWORDRESET
14. Biometric Unsecurity
Carina C. Zona
@cczona
Unreusability
(January2018-May2020)https://informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/
PASSWORDRESET
“BODYRESET”
15. Biometric Unsecurity
Carina C. Zona
@cczona
BODIESARE
MUTABLE
BIOMETRICS CHANGE
Naturally Or Accidentally. Unconsciously Or Deliberately. Temporarily Or Permanently
18. Biometric Unsecurity
Carina C. Zona
@cczona
Probabilistic
DETECT Person RECOGNIZE Trait ANALYSIS
Verify (1:1)
Classify (label)
DATA Record Identify (1:M)
"74.2% Hostile"
"94.6% Activist"
"67.9% Queer"
19. Biometric Unsecurity
Carina C. Zona
@cczona
• ECG
• ECG
• EKG
Sensors
• Optical
• Thermal
• Infrared
• Microphone
• Camera
• Accelerometer
• CCTV
• Webcam
• Body camera
20. Biometric Unsecurity
Carina C. Zona
@cczona
Data Sources
• Smart speaker
• Smart doorbell
• Smart appliance
• Arrest records
• Watchlists
• Body cameras
• National ID
• School ID
• Drivers license
• Passport & visa
• Work permit
• Refugee registration • Ghost workers
• Smart glasses
• Wearables
• Stock photos
• Paparazzi
• Social media
• Generated
photos
• Drone
• Activity tracker
21. Biometric Unsecurity
Carina C. Zona
@cczona
UNIQUEA MEASURABLE STABLE BODY TRAIT THAT'S UNIQUE.
EXACTLY ONE PERSON, PERIOD.
UNIQUENESS IS ABSOLUTE.
22. Biometric Unsecurity
Carina C. Zona
@cczona
UNIQUEA MEASURABLE STABLE BODY TRAIT THAT'S UNIQUE.
EXACTLY ONE PERSON, PERIOD.
UNIQUENESS IS ABSOLUTE.
23. Biometric Unsecurity
Carina C. Zona
@cczona
Traits
• Apparel
• Accessories
• Tatoos
• Cardiac signature
• Gestures
• DNA
• Skin temperature
• Internal temperature
• Skin color
• Skin tone
• Skin reflectance
• Skin texture
• Brain activity
24. Biometric Unsecurity
Carina C. Zona
@cczona
Traits • Head cover
• Iris
• Eye movement
• Gaze direction • Face geometry
• Earlobe geometry
• Voice
• Periocular geometry
• Laughter
• Face cover
• Eye cover
• Facial veins
• Retina
• Head movement
• Facial expression
• Head pose
25. Biometric Unsecurity
Carina C. Zona
@cczona
• Fingerprint
• Palm print
Traits
• Finger veins
• Palm veins
• Blood flow pulse
• Cardiac electric activity
• Hand geometry
• Typing speed
• Typing cadence
• Handwriting speed
• Handwriting stroke order
31. Biometric Unsecurity
Carina C. Zona
@cczona
Its collector
comes only
after harm has
been inflicted
https://www.wired.com/story/opinion-ethical-tech-starts-with-addressing-ethical-debt/
33. Biometric Unsecurity
Carina C. Zona
@cczona
"What makes us think
that A.I. won’t be
mobilized to work
toward anything but
the detriment, rather
than the interests of,
Black people, anyway?"
—Charlton McIlwain,
"Black Software: The Internet & Racial Justice,
From the AfroNet to Black Lives Matters”
https://slate.com/technology/2020/08/algorithms-artificial-intelligence-racism-reparations-history.html
34. Biometric Unsecurity
Carina C. Zona
@cczona
"
We never
thought about
misuse" is the
precursor to
ethical debt.
https://www.wired.com/story/opinion-ethical-tech-starts-with-addressing-ethical-debt/
35. Biometric Unsecurity
Carina C. Zona
@cczona
https://www.nbcnews.com/tech/internet/facial-recognition-s-dirty-little-secret-millions-online-photos-scraped-n981921
CREATIVE
COMMONS
Copyright
X Model
consent to be
defamed
36. Biometric Unsecurity
Carina C. Zona
@cczona
• Diversity in Faces
• ImageNet: slurs
• Tiny Images
(MIT): slurs,
NSFW
Labels
Datasets
VinayUdayPrabhu&AbebaBirhane
https://deepai.org/publication/large-image-datasets-a-pyrrhic-win-for-computer-vision
46. Biometric Unsecurity
Carina C. Zona
@cczona
Name-calling. Lazy, suspicious,
liar, worthless, failure, stupid.
Monitoring whereabouts.
Know where you are at all
times.
Intimidation.Threatening to
take away something important,
belittling accomplishments,
humiliation.
Isolation. From assistance,
support, neutral observers.
Digital spying. Browser
history, keystrokes, app
launches, window movements.
More: violating boundaries,
invading privacy, financial
control, etc.
https://www.medicalnewstoday.com/articles/325792
Control Via Fear
Psychological Abuse
47. Biometric Unsecurity
Carina C. Zona
@cczona
"Children who had been psychologically abused
suffered from anxiety, depression, low self-esteem,
symptoms of post-traumatic stress and suicidality at
the same rate and, in some cases, at a greater rate
than children who were physically or sexually abused.
Among the three types of abuse, psychological
maltreatment was most strongly associated with
depression, general anxiety disorder, social anxiety
disorder, attachment problems and substance abuse."
—"Psychological Trauma: Theory, Research, Practice, and Policy" review,
American Pediatric Association
https://www.apa.org/news/press/releases/2014/10/psychological-abuse
48. Biometric Unsecurity
Carina C. Zona
@cczona
• Racial bias of photo exposure algos*
• Religious head coverings
• Neurodiversity
• Disabilities
• Class differences
• Homeless
• Privacy of thoughts, interests
• Privacy of home, family, roommates
• Bullying
• Stalking
Proctoring
Psychological Unsecurity
https://www.slideshare.net/cczona/consequences-of-an-insightful-algorithm
https://www.youtube.com/watch?v=YRI40A4tyWU(32:00-35:00)
49. Biometric Unsecurity
Carina C. Zona
@cczona
Once you’ve shown the whole space, you’re able to take the exam. For the
duration of the exam, the camera and microphone are on recording the test-
taker. Not only are sounds picked up by the microphone flagged, but it also
flags every time the test-taker looks away from the screen. In the least
problematic cases it flags for looking away while thinking—in the worst, it flags
folks with physical disabilities as cheating.
https://twitter.com/Angry_Cassie/status/1301360994044850182
50. Biometric Unsecurity
Carina C. Zona
@cczona
Proctoring/Invigilation
Phenotypical Behavioral Non-biometric Other
Proctorio
ProctorTrack
ProctorU
Examity
Face (3D)
Finger knuckle patterns
Head movements
Mouth movements
Eye movememts
Voice & vocalizations
Keystroke patterns
Name
Address
Phone number
Parent name
Drivers license
Birthdate
360 scan of room
Scan of desk
No sound/voices
Real-time surveillance
Computer & browser control
Record screen, webcam, audio
No head covering, ear covering,
jewelry, or accessories
No CDs, glasses, mirror, toaster
Mac or Windows. System administration privileges. Chrome or Firefox.
3rd party application (not via app store), Applet, browser extension, or Flash Player.
Webcam, headphones, and microphone. Broadband. Private room. Well-lit.
52. Biometric Unsecurity
Carina C. Zona
@cczona
• Detect: eyes, face, angle
• Identify: gaze direction, movements relative to fixed point
• Assumption: not maintaining gaze is meaningful.
• interpretation: inattention (a mental state), non-compliance, underproductive, distracted
• personal consequences: grades, income, trust
• Insititional consequences: underestimate people (including implied judgement of intelligence), loss of talent
• Socioeconomic consequences: fail, loss of financial aid or diploma, unemployment, incarceration
• Expense consequences: equipment, personnel, training, subscriptions, technical support, updates
Gaze Tracking Students & Workers
Thought Stalkery
56. Biometric Unsecurity
Carina C. Zona
@cczona
https://www.cbsnews.com/news/job-hunting-ai-is-judging-you-but-critics-say-its-snake-oil/
Hiring
HireVue
57. Biometric Unsecurity
Carina C. Zona
@cczona
Vocabulary, word choices, expressions, more…
“In a 20-minute interview, we can
collect a lot of data. We have no
idea who the candidate is, but
we can collect a lot of data about
vocal variation, personal
pronouns” and other information
to make an assessment.
https://www.cbsnews.com/news/job-hunting-ai-is-judging-you-but-critics-say-its-snake-oil/
Hiring
HireVue
58. Biometric Unsecurity
Carina C. Zona
@cczona
https://twitter.com/random_walker/status/1195347349427687425
Hiring
8 and Above
59. Biometric Unsecurity
Carina C. Zona
@cczona
• Stress
• Emotions
• Thoughts
• Honesty
• Criminality
• Employability
• Wakefulness
• Attentiveness
Affectmetrics Is Mind-Reader B.S.
Mental State Physiognomy
63. Biometric Unsecurity
Carina C. Zona
@cczona
"Amazon says Halo uses “multiple advanced sensors” to provide “highly accurate information,” but
Halo isn’t a medical device. Unlike the Apple Watch and some other devices, Halo’s functions
haven’t been cleared by the Food and Drug Administration."
Amazon Halo
Pseudomedical Biometrics
https://onezero.medium.com/want-a-free-amazon-halo-wearable-just-hand-over-your-data-to-this-major-insurance-company-56b6430b0749
64. Biometric Unsecurity
Carina C. Zona
@cczona
1. leverages our deep expertise in artificial intelligence (AI)
2. help customers understand how they sound to others
3. helping improve their communication and relationships
4. analyze the positivity and energy of your voice
5. positivity is measured by how happy or sad you sound,
and energy is how excited or tired you sound
6. you might see that in the morning you sounded calm,
delighted, and warm
Extraordinary Claim—
Junk Science
https://blog.aboutamazon.com/devices/a-new-tool-to-help-you-understand-and-improve-your-social-wellbeing
not psychology
basis for psychological claim?
evidence of causality?
3rd Party
Consent
sound to who?
threshold for assigning labels?
validated axes? for stress?
comm? relationships?
65. Biometric Unsecurity
Carina C. Zona
@cczona
Points 1 & 2 aren't about
"voice tone", "voice
positivity", or "voice energy".
Citations 1 & 2 link to the
page's own URL.
There is no citation 3.
Amazon has cited no study,
no evidence, no psychologist.
Let alone rigorous
independent science.
...Extraordinary Lack of Evidence
Junk Science
https://blog.aboutamazon.com/devices/a-new-tool-to-help-you-understand-and-improve-your-social-wellbeing
67. Biometric Unsecurity
Carina C. Zona
@cczona
Projection casts images onto a
blank screen. Psychological
projections are external
representations that may bear
little to no relationship with the
person they are ascribed to.
https://narcissistfamilyfiles.com/2017/10/03/the-narcissists-funhouse-of-mirroring-and-projection
68. Biometric Unsecurity
Carina C. Zona
@cczona
Abusers Love Projection
Section Title
https://psychcentral.com/lib/narcissists-and-abusers-use-this-to-target-empaths (image)
Positive Projections Negative Projections
1. Support grandiose
assertions
2. Control through
favoritism
3. Take credit for
others
4. Show an idealized
face to the world
1. Escape accountability
2. Expel self-doubt and
self-hatred
3. Justify manipulation
and exploitation
4. Blame others for their
own abusive
behavior
72. Biometric Unsecurity
Carina C. Zona
@cczona
Aadhaar Identification
Number
Face
Irises
Fingers
Economic Unsecurity
"Inclusion."
"Ease."
"Voluntary."
74. Biometric Unsecurity
Carina C. Zona
@cczona
AnkitaAggarwal(research)&JessicaPudussery(animation)
Biometric Unsecurity
Carina C. Zona
@cczona
Nearly 3 hundred thousand people
cutoff from their pensions by biometric
identifier system’s shortcomings.
75. Biometric Unsecurity
Carina C. Zona
@cczona
https://rethinkaadhaar.in/testimonials/2018/1/17/i-do-not-get-rations-they-say-machine-does-not-recognise-your-fingerprints
Biometric Unsecurity
Carina C. Zona
@cczona
76. Biometric Unsecurity
Carina C. Zona
@cczona
As of January 2020,
1.2 billion Indians –
including 95% of adults –
have an Aadhaar
https://timesofindia.indiatimes.com/blogs/toi-edit-page/aadhaar-at-10-taking-stock-the-unfinished-work-lies-with-the-most-vulnerable-sections-of-society/
77. Biometric Unsecurity
Carina C. Zona
@cczona
“Over 2/3 of the 4.7% whose
biometrics failed during
authentication were still able to
get rations.
The remaining one-third remain
an urgent action item for India.”
https://timesofindia.indiatimes.com/blogs/toi-edit-page/aadhaar-at-10-taking-stock-the-unfinished-work-lies-with-the-most-vulnerable-sections-of-society/
78. Biometric Unsecurity
Carina C. Zona
@cczona
AnkitaAggarwal(research)&JessicaPudussery(animation)
Biometric Unsecurity
Carina C. Zona
@cczona
Mission creep
Design for privileged bodies
Income unsecurity
Food unsecurity
Trust and safety unsecurity
80. Biometric Unsecurity
Carina C. Zona
@cczona
"At every step there
were police present,
and drones being
flown overhead
constantly. 10am in
the morning till
11-12pm at night."
COVID-19https://twitter.com/inetdemocracy/status/1300743592281923586?s=21
— Muslim woman living in predominantly
Muslim neighbourhood in Jharkhand, India
81. Biometric Unsecurity
Carina C. Zona
@cczona
https://www.theverge.com/2020/8/26/21402978/clearview-ai-ceo-interview-2400-police-agencies-facial-recognition
"Clearview AI was used at least once to identify
protesters in Miami."
"Facial recognition was also used by the New York
Police Department to arrest an activist during the
Black Lives Matter uprising this summer."
89. Biometric Unsecurity
Carina C. Zona
@cczona
OVER1MILLIONMUSLIM ROHINGYA IN
WORLD'S LARGEST REFUGEE CAMP
https://www.vice.com/en_us/article/dyzjqy/for-the-last-three-years-more-than-a-million-rohingya-muslims-have-been-stuck-in-bangladesh
90. Biometric Unsecurity
Carina C. Zona
@cczona
https://www.rfa.org/english/news/myanmar/rohingya-children-08242020213342.html
91. Biometric Unsecurity
Carina C. Zona
@cczona
U
nited Nations investigators
detailed atrocities committed by
the Myanmar military against the
Rohingya during the 2017 crackdown
and called for those responsible to be
prosecuted for “genocidal intent.”
https://www.rfa.org/english/news/myanmar/rohingya-refugees-protest-strike-11262018154627.html
92. Biometric Unsecurity
Carina C. Zona
@cczona
https://www.wired.co.uk/article/united-nations-refugees-biometric-database-rohingya-myanmar-bangladesh
Rohingya Refugees
96. Biometric Unsecurity
Carina C. Zona
@cczona
"The Rohingya are fleeing violence
and persecution on the basis of
their identities. Now their most
intimate information is being
collected and stored in a database
over which they have no control."
https://www.wired.co.uk/article/united-nations-refugees-biometric-database-rohingya-myanmar-bangladesh
97. Biometric Unsecurity
Carina C. Zona
@cczona
https://www.unhcr.org/uk/550c304c9.pdf#zoom=95
UNHCRThailand/ Karenni
A refugee provides his iris scan
and fingerprints as part of a
verification exercise jointly
conducted by UNHCR and
the RoyalThai Government
in January 2015 regarding
the identities of 120,000
persons of concern inWestern
Thailand. (UNHCR/ S. Jefferies/
January 2015).
Through its Key Initiatives series, UNHCR’S Division of Programme Support and Management
(DPSM) shares regular updates on interesting projects that produce key tools, practical
guidance and new approaches aimed at moving UNHCR operations forward.
In February 2015, DPSM and the
Division of Information Systems and
Telecommunications (DIST) completed
development of UNHCR’s new biometric
identity management system (BIMS),
building on the successful use of biometrics
across a number of UNHCR operations
globally. When rolled out, BIMS will
support all standard registration activities
and help to better register and protect
people, verify their identity and target
assistance for the forcibly displaced in
operations around the world.
Re-establishing and preserving identities is key to
ensuring protection and solutions for refugees. By
linking new technologies, such as biometrics to
existing registration data, UNHCR can strengthen
the integrity of existing processes and significantly
improve efficiency for operations. Being able to
verify identities is extremely important and a matter
of human dignity.
Biometric Identity
Management System
Enhancing Registration and Data Management
Malawi / A young girl is having her irises
scanned in order to be enrolled in the
biometrics registration exercise at the
Dzaleka refugee camp. She sits against
a grey background, as it has been found
early on in the pilot that either grey or blue
backgrounds allow for improved quality
facial recognition scanning. / UNHCR /
T. Ghelli / December 2013)
USING BIOMETRICS TO SAFEGUARD
IDENTITIES
The use of biometrics provides an accurate way
to verify identities using unique physiological
characteristics, such as fingerprints, iris and facial
features. In accordance with UNHCR’s Policy on
Biometrics in Refugee Registration and Verification
(2010), biometrics should be used as a routine
part of identity management to ensure that
refugees’ personal identities cannot be lost,
registered multiple times or subject to fraud or
identity theft.
FIELD TESTING OF BIOMETRIC
IDENTITY MANAGEMENT
Since 2013, UNHCR has been developing a new
global Biometric Identity Management System
(BIMS). During initial pilot testing in Malawi, 17,000
refugees were enrolled into the system and a variety
of field conditions were tested.
“I can be someone now. I am registered globally
with the UN and you’ll always know who I am,”
said 43-year-old Congolese refugee Olivier Mzaliwa,
registered through biometrics in Malawi’s Dzaleka
refugee camp.
In January 2015, with essential support from UNHCR
Thailand, a joint DIST – DPSM team conducted final
field testing of BIMS in Thailand. The new system
permits the much faster and accurate verification of
identities than the manual search for records in
UNHCR’s database that was previously required. This
allows UNHCR to assist large volumes of refugees
and others of concern more quickly and efficiently.
MORE INFORMATION
For more information, please contact UNHCR’s Field Information and Coordination Support Section at:
FICSS@unhcr.org
contact info: FICSS@unhcr.org
WHAT COMES NEXT?
Following the rollout of BIMS to Thailand, the UNHCR BIMS team will undertake a number of
activities in preparation for the further rollout across operations globally, further enhancing
UNHCR’s registration and data management.
Development:
Resolve development bugs in BIMS identified during the exercise in Thailand to be ready for the
next deployment;
Make biometric identity verification an integral part of assistance distribution where required;
Work to ensure that BIMS can be integrated with proGres - UNHCR’s registration and case
management tools;
Deployment:
DPSM field support team and regional registration teams to plan and prepare for upcoming
BIMS roll outs through 2015 and 2016; including:
Supporting exercises to verify identities of refugees and others of concern in Chad and India;
Maintaining communications with UNHCR operations globally to plan and prepare for BIMS
global roll-out;
Support:
Developing a support model that ensure a sustainable use of BIMS after its deployment;
Establishing network of qualified and experienced BIMS users, reinforcing capacity and ensuring
correct system use.
Thailand / Multiple fingerprints
are recorded simultaneously with
the new BIMS system. / UNHCR /
S. Jefferies/ January 2015
Thailand / Iris scans are quickly and easily
recorded during Biometric enrolment. /
UNHCR / S. Jefferies / January 2015
INNOVATIVE SYSTEM DESIGN
BIMS operates under a wide range of infrastructure
conditions and can provide numerous operational
and protection benefits to existing identity
management practices.
Better coverage
Unlike previous UNHCR biometric systems, BIMS
captures and stores all fingerprints and iris scans
from refugees and others of concern. Capturing
these multiple characteristics, rather than relying for
example only on finger-prints, allows for more
complete coverage of the population and, thus,
more accurate identification.
Operational in various contexts
Though benefiting from an online system
architecture, BIMS has been designed to also work
seamlessly when no internet connection is available
due to weak connectivity. BIMS also comes in a
portable, mobile configuration using a conventional
laptop and requiring no extra source of power to
use the USB driven fingerprint scanners, iris scanners
and webcams.
“During our recent pilot in Thailand, we had
20 operators working full-time, and not one of
them was affected by the fact that the satellite
connection was dropping out for several hours
a day. The system automatically queued their
operations. That kind of service offers some real
opportunities for UNHCR”
– BIMS Infrastructure Architect Pat Kartas.
Quick processing
Identifying a person using BIMS is quick and simple.
After enrolment, refugees and others of concern
need only to present two or more biometric
elements (e.g., two fingers, two eyes, or a
combination thereof) for BIMS to be able to
ascertain their identity within seconds. The
matching time for identity checks during the roll
out in Thailand was on average five seconds.
refugees were e
of field conditions were tested.
“I can be someone now. I am registered globally
with the UN and you’ll always know who I am,”
said 43-year-old Congolese refugee Olivier Mzaliwa,
registered through biometrics in Malawi’s Dzaleka
refugee camp.
In January 2015, with essential support from UNHCR
Thailand, a joint DIST – DPSM team conducted final
field testing of BIMS in Thailand. The new system
permits the much faster and accurate verification of
identities than the manual search for records in
HCR’s database that was previously required. This
umes of refugees
captures and stores a
from refugees and ot
these multiple chara
example only on fin
complete coverage
more accurate iden
Operational in v
Though benefitin
architecture, BIM
seamlessly when
due to weak con
portable, mobi
laptop and req
dr
105. Biometric Unsecurity
Carina C. Zona
@cczona
https://www.buzzfeednews.com/article/meghara/china-new-internment-camps-xinjiang-uighurs-muslims
268NEWLYBUILT
COMPOUNDS
108. Biometric Unsecurity
Carina C. Zona
@cczona
“The largest-scale
detention of ethnic
and religious
minorities since
World War II” —Buzzfeed
https://www.buzzfeednews.com/article/meghara/china-new-internment-camps-xinjiang-uighurs-muslims
109. Biometric Unsecurity
Carina C. Zona
@cczona
Muslims in Xinjiang — half
its population of about 25
million —are under
perpetual surveillance
—Buzzfeed
https://www.buzzfeednews.com/article/meghara/china-new-internment-camps-xinjiang-uighurs-muslims
110. Biometric Unsecurity
Carina C. Zona
@cczona
Architecture in which everyone is
under continuous potential
surveillance.
One guard, but impossible to know
when it’s you being watched.
Uncertainty ensures universal self-
policing.
How to Panopticon
Panopticonic Gaze
https://en.wikipedia.org/wiki/Panopticon
111. Biometric Unsecurity
Carina C. Zona
@cczona
• Face
• Fingerprint
• Palm
• Iris
• Voice
• Speech pattern
• Gait
• Blood type
• DNA
• Emotions
Sources:
• Mandatory “physicals”
• Police
• CCTV
Ethnic & Religous Minorities in China
Panopticonic Gaze
HumanRightsWatchhttps://www.hrw.org/news/2017/12/13/china-minority-region-collects-dna-millions
https://www.hrw.org/news/2017/10/22/china-voice-biometric-collection-threatens-privacy
113. Biometric Unsecurity
Carina C. Zona
@cczona
https://venturebeat.com/2020/08/23/the-term-ethical-ai-is-finally-starting-to-mean-something/
https://venturebeat.com/2020/08/23/the-term-ethical-ai-is-finally-starting-to-mean-something/
114. Biometric Unsecurity
Carina C. Zona
@cczona
PHILOSOPHICAL
Principles
Fairness
Accountability
Transparency
“AI will help
solve problems”
TECHNICAL
Fixed It!
Interventions
Re-training
Tuning
“The right data +
unbiased
algorithm =
ethical”
SOCIETAL
Impact
Power
Equity
Action
“Expose, critique,
and change
systems of power”
What can we do?
1 2 3
What should we do? Whose power
are we
reinforcing?
Whose vulnerability
are we
exacerbating?
What threats
do our
(in)actions
contribute to?
Whose problems
are we
solving?
Whose solutions
might we be
unraveling?
115. Biometric Unsecurity
Carina C. Zona
@cczona
PHILOSOPHICAL
Principles
Fairness
Accountability
Transparency
“AI will help
solve problems”
TECHNICAL
Fixed It!
Interventions
Re-training
Tuning
“The right data +
unbiased
algorithm =
ethical”
SOCIETAL
Impact
Power
Equity
Action
“Expose, critique,
and change
systems of power”
What can we do?
1 2 3
What should we do?
are we
reinforcing?
Whose vulnerability
are we
exacerbating?
What threats
do our
(in)actions
contribute to?
Whose problems
are we
solving?
Whose solutions
might we be
unraveling?
116. Biometric Unsecurity
Carina C. Zona
@cczona
“The narrow focus on technical
fairness is insufficient…it confines
us to thinking only about whether
something works, but doesn’t
permit us to ask whether it should
work. “
— Ruha Benjamin
“Race After Technology: Abolitionist Tools for the New Jim Code”
118. Biometric Unsecurity
Carina C. Zona
@cczona
Military Biometrics
https://twitter.com/william_fitz/status/1293976563940126721
Drones
119. Biometric Unsecurity
Carina C. Zona
@cczona
PAX Pledge
http://reprogrammingwar.org/tech
Lethal Autonomous Weapons
Public commitment to not contribute to
development or production.
Clear policy on that commitment.
Commitment to keep workers well-
informed about what they work on.
Allow open discussions on any related
concerns.
120. Biometric Unsecurity
Carina C. Zona
@cczona
https://www.theatlantic.com/technology/archive/2020/07/defund-facial-recognition/613771/
https://www.theatlantic.com/technology/archive/2020/07/defund-facial-recognition/613771/
123. Biometric Unsecurity
Carina C. Zona
@cczona
HANDBACK
POWERTHAT
WASN'TOURS
TOGIVEAWAYhttps://twitter.com/zeynep/status/1301192357463941125
124. Biometric Unsecurity
Carina C. Zona
@cczona
•Fires
•Heat
•Hurricane
•Fire Tornados
•Siberia
•Arctic Shelf
Climate Change
Existential Unsecurity
125. Biometric Unsecurity
Carina C. Zona
@cczona
BASELINE MINIMUM CARBON IMPACT OF TRAINING A RESEARCH-QUALITY NLP
https://arxiv.org/abs/1906.02243v1 &https://calculator.carbonfootprint.com/calculator.aspx
126. Biometric Unsecurity
Carina C. Zona
@cczona
300.000KGCO2BASELINE MINIMUM CARBON IMPACT OF TRAINING A RESEARCH-QUALITY NLP
https://arxiv.org/abs/1906.02243v1 &https://calculator.carbonfootprint.com/calculator.aspx
300 OPO-DEL FLIGHTS
127. Biometric Unsecurity
Carina C. Zona
@cczona
We cannot wait for regulations. Around the world,
legislatures and courts are still dithering over whether
even 1st wave basics like fairness, accountability, and
transparency are necessary. Let alone whether, and how,
biometrics violate civil rights or human rights. When they
do consider biometrics, they are preoccupied foremost
with facial recognition; as if it is the only one—or the only
one posing threats. Their concern focuses on threats
posed by privacy, and by inaccuracy in policing. They
show little interest in threats imposed by precision. And
they disregard the role of consumers, including
individuals and NGOs.
128. Biometric Unsecurity
Carina C. Zona
@cczona
They neglect to invite tech workers to the table in
these crucial discussions. They greet billionaires as
spokepeople for every person in our industry. They
take for granted that C-levels and academics
understand applied technology better than the
people who build and use it. They do not ask us
whether we want our industry to center the self-
interests of VCs, or would rather our labor be used to
prioritize humanity. We cannot wait for them to draw
lines in the sand. They are too far behind, and always
will be.
129. Biometric Unsecurity
Carina C. Zona
@cczona
It's up to us.
To make choices,
take stands,
do concrete actions.
What will you do next?
136. Biometric Unsecurity
Carina C. Zona
@cczona
Books
recommendations
Simone Browne
On the Surveillance of Blackness
Dark Matters
137. Biometric Unsecurity
Carina C. Zona
@cczona
Books
recommendations
Ruja Benjamin
Abolitionist Tools for the New Jim Code
Race After Technology
https://docs.google.com/document/d/
1mVOVN0V9l8jSNc3YZw1TLs4pm4FGw6
kj402hjoUv0LU/mobilebasic
+ Reading Group Guide
138. Biometric Unsecurity
Carina C. Zona
@cczona
Books
recommendations
Virgina Eubanks
How High Tech Tools
Profile, Police, and Punish the Poor
Automating Inequality
139. Biometric Unsecurity
Carina C. Zona
@cczona
Books
recommendations
Btihaj Ajana The Biopolitics of Identity
Governing Through
Biometrics
140. Biometric Unsecurity
Carina C. Zona
@cczona
Books
recommendations
Keith Breckenridge
The Global Politics of Identification and
Surveillance in South Africa, 1850 to the Present
Biometric State
141. Biometric Unsecurity
Carina C. Zona
@cczona
Books
recommendations
Shoshana Zuboff
The Fight for a Human Future
at the New Frontier of Power
The Age of
Surveillance Capitalism
142. Biometric Unsecurity
Carina C. Zona
@cczona
Books
recommendations
The Strategic Alliance Between Nazi Germany and
America's Most Powerful Corporation
IBM & the Holocaust
143. Biometric Unsecurity
Carina C. Zona
@cczona
Deep Dives
recommendations
https://www.nature.com/articles/s42256-020-0219-9
The Carbon Impact of Artificial Intelligence
144. Biometric Unsecurity
Carina C. Zona
@cczona
Film
recommendations
Shalini Kantayya
(screenings schedule: https://www.codedbias.com/screen)
Coded Bias