Ingrid Burrington | The Verge

A pioneer in predictive policing is starting a troubling new project

2018-04-26T13:36:05-04:00

Jeff Brantingham is as close as it gets to putting a face on the controversial practice of “predictive policing.” Over the past decade, the University of California-Los Angeles anthropology professor adapted his Pentagon-funded research in forecasting battlefield casualties in Iraq to predicting crime for American police departments, patenting his research and founding a for-profit company named PredPol, LLC.

PredPol quickly became one of the market leaders in the nascent field of crime prediction around 2012, but also came under fire from activists and civil libertarians who argued the firm provided a sort of “tech-washing” for racially biased, ineffective policing methods.

Now, Brantingham is using military research funding for another tech and policing collaboration with potentially damaging repercussions: using machine learning, the Los Angeles Police Department’s criminal data, and an outdated gang territory map to automate the classification of “gang-related” crimes.

Being classified as a gang member or related to a gang crime can result in additional criminal charges, heavier prison sentences, or inclusion in a civil gang injunction that restricts a person’s movements and ability to associate with other people. Generally, law enforcement determines gang links through a highly subjective, individualized assessment of criminal histories, arrests, interviews, and other intelligence. In recent years, activists in California, Illinois, and other states have pushed back against gang policing measures such as databases and gang injunctions, and in the case of California, succeeded in winning residents the right to review and appeal their gang classification.

Being classified as a gang member or related to a gang crime can result in additional criminal charges

But in a paper on “Partially Generative Neural Networks for Gang Crime Classification” presented in February at the inaugural Artificial Intelligence, Ethics, and Society (AIES) conference, Brantingham and his co-authors propose automating this complex and subjective assessment.

The paper attempts to predict whether crimes are gang-related using a neural network, a complex computational system modeled after a human brain that “learns” to classify or identify items based on ingesting a training dataset. The authors selected what they determined to be the four most important features (number of suspects, primary weapon used, the type of premises where the crime took place, and the narrative description of the crime) for identifying a gang-related crime from 2014–16 LAPD data and cross-referenced the crime incidents with a 2009 LAPD map of gang territory to create a training dataset for their neural network.

Researchers tested the accuracy of the network’s predictions by seeing how well it classified crime data without one key feature: the narrative text description of the crime, the most time-consuming data for police to collect. This is where the “partially generative” aspect in the title comes in. In the absence of a written description, the neural network generates new text — effectively, an algorithmically written crime report based on the three other features used in the training model. The generated text isn’t actually read by anyone, nor is it presumed to provide meaningful narrative context replacing a police report, but it is turned into a mathematical vector and incorporated into a final prediction of whether a crime is gang-related.

Effectively, an algorithmically written crime report

This paper is the first to be published by a research team co-led by Brantingham studying “Spatio-Temporal Game Theory & Real-Time Machine Learning for Adversarial Groups” at the University of Southern California’s Center for Artificial Intelligence and Society (CAIS). CAIS’ mission states a goal of “[sharing] our ideas about how AI can be used to tackle the most difficult societal problems.”

Funding for the USC research team that includes Brantingham’s project comes from the Minerva Initiative, a Pentagon research program intended to improve the military’s understanding of social, political, and behavioral drivers of conflict. According to the Minerva Initiative website, funding is provided to projects that address “specific topic areas determined by the Secretary of Defense.” Via email, CAIS co-founder and paper co-author Milind Tambe said that the Minerva grant for this project is “roughly” $1.2 million, to be distributed over three years.

The website for the research team’s efforts, including the gang classification paper, opens with references to ISIS and Jabhat al-Nusra before shifting to the terrain of Los Angeles street gangs, a conflation that echoes Brantingham’s earlier DOD-funded work that led him to co-founding PredPol. PredPol has sold its services to police everywhere from California to Georgia, as well as the United Kingdom. In 2015, PredPol unsuccessfully lobbied the Arizona legislature to approve a $2 million appropriation bill to use the firm’s forecasting technology to predict gang activity.

First reported in Science, the paper met with significant concern over its ethical implications. However, reporting on the paper and its fallout made no mention of Brantingham’s business connections to PredPol or the military funding of his past and present research.

When asked in a phone interview about whether this research might inform future business endeavors, Brantingham said, “This is a separate project, and that’s how we’re thinking about it.” Pointing out that it took a decade for his previous military-funded research to become PredPol, Brantingham emphasized that the paper reflected very preliminary work. “It’s our job to do careful basic research and make sure we understand how and why things are the way they are, long before any thoughts of use in the field might be contemplated.”

However preliminary the research might be and however good its authors’ intentions are, the paper and Brantingham’s involvement raise eyebrows with critics of increasingly automated data-driven policing tech.

“Any time you take out the human perspective or interaction, I don’t believe there’s any positives.”

Aaron Harvey, a San Diego resident and activist who successfully fended off charges of gang conspiracy from the local prosecutor that could have landed him in prison for over a decade, has since become a prominent California activist pushing back against the state’s gang laws, which are the oldest and most severe in the United States.

“Any time you take out the human perspective or interaction, I don’t believe there’s any positives,” Harvey said of Brantingham’s research. Aside from removing human discretion from the process, Harvey believed that automating such decisions based on historical criminal data from police departments alone would only reinforce past allegations of gang involvement, whether they were true or not. “You’re making algorithms off a false narrative that’s been created for people — the gang documentation thing is the state defining people according to what they believe,” Harvey said. “When you plug this into the computer, every crime is gonna be gang-related.”

Christo Wilson, assistant professor in computer and information science at Northeastern University and a co-organizer of the Fairness, Accountability, and Transparency in Machine Learning conference, also has concerns about the model’s potential to reinforce errors and biases. “If I train a model to predict people’s height, we know how to interpret the output and gauge its accuracy.” But, Wilson noted, “gang-related” is a complex, subjective determination. “So the algorithm is accurate at predicting what? Whether LAPD officers would label a crime as gang-related. Now, maybe the LAPD is 100 percent objective in their determinations of what is and is not gang-related. But if they are not, then the algorithm is going to reproduce their errors and biases.”

“So the algorithm is accurate at predicting what? Whether LAPD officers would label a crime as gang-related”

There is ample evidence in the public record of widespread inaccuracies in gang data — a 2016 state audit of California’s CalGang database found rampant errors, files that should have been purged years earlier, and unsubstantiated claims of gang involvement.

Micha Gorelick, senior research engineer at machine intelligence research company Cloudera Fast Forward Labs, adds a further objection: the training data assumes gang territories haven’t shifted in at least five years. When asked about the use of the 2009 map with 2014-16 crime data, Brantingham said that it was the most recent one available to him and that “There is some movement of territories over time but not as much as you would think, actually.”

Harvey, who grew up in the Blood-affiliated neighborhood of Lincoln Park in southeast San Diego, pointed out that gang territories and allegiances are highly fluid, and five years is an eternity in street life. “You’re able to come up with a conclusion of something and never have that on-the-ground interaction with the community,” Harvey said of Brantingham’s research approach.

“Encoding racial bias.”

Gorelick says many of the technical decisions in the paper are overly simplistic and technically rudimentary, but he believes the gang territory map is “the most nefarious of the features used.” Evaluating the likelihood a crime is gang-related based on a blanket labeling of a neighborhood as a gang territory “is encoding geographic bias, which, especially in a place like LA, is encoding racial bias.”

Wilson also pointed out that the paper fails to incorporate documented approaches to evaluating biased outcomes in machine learning: “The authors could have [looked at] whether their algorithm achieves statistical parity across races and ethnicities … They also could have looked for so-called disparate mistreatment by looking to see if the classification errors are evenly spread across these groups. But they did none of this, even though the methods to do so are well-known in the fair algorithms and even the predictive policing literature.”

As for Brantingham’s and his co-authors’ insistence of how preliminary this research is, Wilson noted a similar defense was used for controversial research using AI to identify sexual orientation or criminality. Like Brantingham’s paper, “both of these studies also had fundamental methodological problems. But that doesn’t obviate the essential ethics of the research itself: should we be doing this research at all?”

“Should we be doing this research at all?”

Milind Tambe of USC’s Center for Artificial Intelligence and Society emphasized that his research center, which houses Brantingham’s new research and collaborates with the university’s school of social work, “focuses on AI for Social Good”, and that this preliminary research contributes to improving domain understanding to facilitate said social good. But the number of criticisms of the technical and ethical shortcomings of the paper raises questions about whose version of social good is being served by this research.

For years, PredPol has been plagued with criticisms over the paucity of depth, richness, and rigor the software brings to policing. This new line of research suggests that Brantingham has not taken critiques of his research methodology to heart and is pressing forward with a project that is founded on incomplete data, dubious methods, and a premise that, if applied in the field, could result in more people of color behind bars.

Correction: An earlier version of this report quoted Hau Chan, one of the researchers involved in the 2018 AIES paper, as responding to ethical concerns by saying “I’m just an engineer,” which he did not say. The erroneous quote was based on a transcription error in the Science report that originally reported the remarks. Chan’s remarks are more accurately quoted as “as a researcher I don’t know what’s the appropriate answer for that question.” The erroneous quote has been removed, and copy has been updated with accurate context. The Verge regrets the error.

The internet apocalypse map hides the major vulnerability that created it

2016-10-24T10:10:35-04:00

During Friday’s massive distributed denial of service (DDoS) attack on DNS service provider Dyn, one might be forgiven for mistaking the maps of network outages for images of some post-apocalyptic nuclear fallout. Screenshots from sites like downdetector.com showed menacingly red, fuzzy heat maps of, well, effectively just population centers of the United States experiencing serious difficulty accessing Twitter, Github, Etsy, or any of Dyn’s other high-profile clients. Aside from offering little detail and making a DDoS literally into a glowing red menace, they also obscured the reality of just how centralized a lot of internet infrastructure really is. DNS is ground zero for the uneasy tension of the internet’s presumed decentralized resilience and the reality that as of now, translating IP addresses into domain names requires some kind of centralized, hierarchical platform, and that’s probably not going to radically change anytime soon.

Other maps provided by various business to business network infrastructure companies weren’t much more helpful. These maps seem to exist mostly to signal that the companies in question have lots of cool data and that it can be made into a flashy map — which might impress potential customers, but that doesn’t offer a ton of insights for the layperson. For example, threat intelligence company Norse’s map appears to be mostly a homage to the Matthew Broderick movie War Games: a constant barrage of DDoS attacks beaming like space invader rockets across a world map. Akamai has an impressive 3D visualization that renders traffic as points beaming into the atmosphere. And website monitoring service Pingdom offers a dot map at such a far-out zoom level that it’s essentially useless for seeking out more meaningful patterns than “outages happen in population centers, also there are a lot of outages.”

Internet outage maps don’t necessarily show where the infrastructure lives

That being said, those population centers are only one piece of reading the patterns of outage maps. A lot of those higher-density population areas also happen to be home to a lot of internet exchanges (in industry parlance, IXes) — buildings where different internet providers connect their networks to one another. When you type twitter.com into a browser, your computer’s request for content from twitter.com has to eventually leave your ISP’s network, go to Twitter’s network, and then return to your network. An internet exchange is basically where that handoff happens. Telegeography has a really nice map of all of them.

The locations of internet exchanges tend to follow population hubs because the routes of internet connectivity often follow older routes of telephone connectivity (which themselves often follow telegraph routes, railways, and highways). In turn, internet exchanges attract data centers and more network infrastructure. For dense coastal areas, some internet exchanges are also key switch points for data traveling across transoceanic submarine cables, as in the case of Manhattan’s 60 Hudson Street or Los Angeles’ One Wilshire. In all likelihood, devices used for Friday’s DDoS attack located across the Atlantic or Pacific probably passed through or possibly connected to Dyn’s network through these buildings.

That being said, some of the overlaps between population centers and network outages are more a reflection of the number of connections in an area than the number of humans living there. The Portland, Oregon metro area has six IXes. So does Manhattan, which is surrounded by nine additional IXes in the surrounding metro areas of New Jersey and Long Island. Dallas, Silicon Valley, and Seattle were all areas that were subsumed by the grim red cloud of No Tweets For You in outage maps yesterday.

What the maps don’t show are anomalies of history

What the maps don’t show are the anomalies of history that, today, are deeply entrenched network geography. Ashburn, Virginia, which lies about 45 minutes outside of DC and not exactly what most would call a major population hub (less than 50,000 people) has eight IXes. Suburban northern Virginia is a major chokepoint for internet traffic in part due to an accident of internet history, one that perpetuates itself because of that tendency of networks to follow other networks.

Looking at Dyn’s own highly stylized map of the locations of its DNS servers, the company also followed the existing infrastructure, placing its equipment in proximity to major IX regions and infrastructure hubs.

Ironically, the company that offers some of the more legible visualizations and comprehensive analysis of where internet outages start and how they proliferate across a network is actually Dyn itself; since 2014, Dyn has maintained a research arm exclusively dedicated to studying internet performance data and observing global events and trends online. If you’ve seen a story pass through your timeline about internet outages in Turkey or Syria in the past year, the data behind that story very likely came from Dyn Research. And that data about network traffic is one of the reasons so many companies come to Dyn: they have, essentially, one of the most detailed maps of the internet, and they help massive companies navigate that map efficiently, whether through DNS services or helping companies figure out where to locate their data centers.

And it’s not clear that such an attack would have been less devastating if Dyn were a smaller actor or its clients were rolling their own domain name servers. DNS is annoying and tedious and arguably the least sexy technical problem on the internet. “DNS is a 30-year-old protocol. We just manage it,” Kyle York, chief strategy officer at DNS service provider Dyn, noted via phone. They happen to manage it really, really well, which is in part what made yesterday’s DDoS so significant. “We’re the best in the world at this and it brought us to our knees,” York said. Not to downplay the significance of the attack, but Dyn “at its knees” in this context means “resuming normal operations in less than 24 hours.” How many other companies could say the same? If Twitter, Github, AWS, and all of Dyn’s other clients were separately, simultaneously hit with the same scale of DDoS attack on their nameservers, would they have done any better at fending it off than a single company that specializes in this stuff?

A day of cyberwar infamy?

October 21st, 2016 is a day that may or may not not live in cyberwar infamy, but the DDoS was unexpectedly successful in uniting the community of mostly unnoticed and often forgotten people who work on maintenance of core internet infrastructure. It certainly united the 430-some employees at Dyn. York, sounding pretty tired (although, he apologetically informed me during the call, he also was wrangling a four-year-old on a Saturday morning), described the day as an “emotional rollercoaster” in which everyone was on deck. “Accountants were volunteering to help the customer service team, sales people were cheering on our NOC [network operations center] team,” York said. It’s not quite the thrilling war story of generations past, but it echoes the general uniting of voices from infrastructure, standards, and the security community, who have been concerned about the possibility of attacks like this for years.

But Dyn’s not especially interested in being a cyberwar hero or a household name. As Dyn’s founder Jeremy Hitchcock tweeted last night, “We like to just run the Internet and stay out of the news.” Perhaps fortunately for Hitchcock, most of the media attention on this attack is turning more and more toward its source, an Internet of Things botnet orchestrated by unknown actors. Unfortunately for Hitchcock and for Dyn, based on reports about the attack itself, it doesn’t sound like IoT-based botnets are going to be a one-time thing in DDoS attacks of this scale, and that might make it a lot harder for Dyn to just run the internet and stay out of the news.