• CRYPTO-GRAM, November 15, 2024 Part 3

    From Sean Rima@CAPCITY2 to All on Fri Nov 15 16:13:36 2024
    lowering their costs, increasing their scale, and increasing the SEC's
    reliance on a few seasoned, trusted firms. The SEC already, as Platt documented, relies on a few firms to prioritize their investigative agenda. Experienced firms like Thomas's might wield AI automation to the greatest advantage. SEC staff struggling to keep pace with tips might have less
    capacity to look beyond the ones seemingly pre-vetted by familiar sources.

    But the real effects will be on the conflicts of interest between whistleblowing firms and the SEC. The ability to automate whistleblower reporting will open new competitive strategies that could disrupt business practices and market dynamics.

    An AI-assisted data analyst could dig up potential violations faster, for a greater scale of competitor firms, and consider a greater scope of
    potential violations than any unassisted human could. The AI doesn't have
    to be that smart to be effective here. Complaints are not required to be accurate; claims based on insufficient evidence could be filed against competitors, at scale.

    Even more cynically, firms might use AI to help cover up their own
    violations. If a company can deluge the SEC with legitimate, if minor, tips about potential wrongdoing throughout the industry, it might lower the
    chances that the agency will get around to investigating the company's own liabilities. Some companies might even use the strategy of submitting minor claims about their own conduct to obscure more significant claims the SEC
    might otherwise focus on.

    Many of these ideas are not so new. There are decades of precedent for
    using algorithms to detect fraudulent financial activity, with lots of current-day application of the latest large language models and other AI
    tools. In 2019, legal scholar Dimitrios Kafteranis, research coordinator
    for the European Whistleblowing Institute, proposed using AI to automate corporate whistleblowing.

    And not all the impacts specific to AI are bad. The most optimistic
    possible outcome is that AI will allow a broader base of potential tipsters
    to file, providing assistive support that levels the playing field for the little guy.

    But more realistically, AI will supercharge the for-profit whistleblowing industry. The risks remain as long as submitting whistleblower complaints
    to the SEC is a viable business model. Like tax farming, the interests of
    the institutional whistleblower diverge from the interests of the state,
    and no amount of tweaking around the edges will make it otherwise.

    Ultimately, AI is not the cause of or solution to the problems created by
    the runaway growth of the SEC whistleblower program. But it should give policymakers pause to consider the incentive structure that such programs create, and to reconsider the balance of public and private ownership of regulatory enforcement.

    This essay was written with Nathan Sanders, and originally appeared in The American Prospect.

    ** *** ***** ******* *********** ************* No, the Chinese Have Not
    Broken Modern Encryption Systems with a Quantum Computer

    [2024.10.22] The headline is pretty scary: "China's Quantum Computer
    Scientists Crack Military-Grade Encryption."

    No, it's not true.

    This debunking saved me the trouble of writing one. It all seems to have
    come from this news article, which wasn't bad but was taken wildly out of proportion.

    Cryptography is safe, and will be for a long time

    EDITED TO ADD (11/3): Really good explainer from Dan Goodin.

    ** *** ***** ******* *********** ************* Are Automatic License Plate Scanners Constitutional?

    [2024.10.23] An advocacy groups is filing a Fourth Amendment challenge
    against automatic license plate readers.

    "The City of Norfolk, Virginia, has installed a network of cameras that
    make it functionally impossible for people to drive anywhere without
    having their movements tracked, photographed, and stored in an
    AI-assisted database that enables the warrantless surveillance of their
    every move. This civil rights lawsuit seeks to end this dragnet
    surveillance program," the lawsuit notes. "In Norfolk, no one can
    escape the government's 172 unblinking eyes," it continues, referring
    to the 172 Flock cameras currently operational in Norfolk. The Fourth
    Amendment protects against unreasonable searches and seizures and has
    been ruled in many cases to protect against warrantless government
    surveillance, and the lawsuit specifically says Norfolk's installation
    violates that."

    ** *** ***** ******* *********** ************* Watermark for LLM-Generated
    Text

    [2024.10.25] Researchers at Google have developed a watermark for
    LLM-generated text. The basics are pretty obvious: the LLM chooses between tokens partly based on a cryptographic key, and someone with knowledge of
    the key can detect those choices. What makes this hard is (1) how much text
    is required for the watermark to work, and (2) how robust the watermark is
    to post-generation editing. Google's version looks pretty good: it's
    detectable in text as small as 200 tokens.

    ** *** ***** ******* *********** ************* Criminals Are Blowing up
    ATMs in Germany

    [2024.10.28] It's low tech, but effective.

    Why Germany? It has more ATMs than other European countries, and -- if I
    read the article right -- they have more money in them.

    EDITED TO ADD (11/14): Blog readers commented that countries like the Netherlands have laws requiring ATMs to have better security features. One
    that I thought particularly clever is a small "glue explosion" inside the
    safe that's triggered when the ATM safe is breached. The glue renders the currency worthless.

    ** *** ***** ******* *********** ************* Law Enforcement Deanonymizes
    Tor Users

    [2024.10.29] The German police have successfully deanonymized at least four
    Tor users. It appears they watch known Tor relays and known suspects, and
    use timing analysis to figure out who is using what relay.
    ---
    * Origin: High Portable Tosser at my node (618:500/14.1)
    * Synchronet * CAPCITY2 * capcity2.synchro.net * Telnet/SSH:2022/Rlogin/HTTP