SXSW 2018 Day 2 Session 6: 7 Non-obvious trends changing the future

Session page (including audio): https://schedule.sxsw.com/2018/events/PP77738

Rothit Bhargava: Trend Curator, The non-obvious company

If you can pay attention to what people need, you can see what others can’t.  What if you could observe what most people don’t see, what would that look like?
Non-obvious thinking: ability to spot patterns and trends that other people don’t.
To be able to see trends you first need to see the challenges in the world.
We are inundated with noise.  In a world filled with noise, curation is the way to get the meaning behind the noise.
Trend spotting does not exist; trend curation is what works.
A trend is a unique curated observation of the accelerating present.
How to identify trends?
First, collect ideas and aggregate together by things that unite them.  Then ideas start to elevate, at which point they are put together and named as a trend.  Then the trend is outlined and detailed.
The trends evolve quickly, so they have to be revisited yearly.  Every year we identify 15 trends.  For today, we’ll show the seven most impactful.

1. Manipulated outrage: media, algorithms and advertising that are designed to create perpetual anger.  The algorithms feed on the angry interactions and expand on it.  Takeaway – respect the outrage, but rise above it.
2. Ungendered: Shifting definition of traditional gender.  The definition of gender is expanding from two to unlimited (just create your own definition).  Takeaway: re-evaluate products, services and marketing to identify gender bias.
3. Human mode: As more automation happens, people look for more human interaction.  Takeaway: selectively add the human option.  For example, a Tesco “relaxed checkout” lane – a special checkout line for people who want to or need to take their time and don’t want to be rushed.
4. Light speed learning: We expect to learn any skill faster.  Learning is increasingly an incremental small-task job.  Youtube, online learning are providing new learning options for people at any skill level.  Takeaway: Need to re-invent the long experiences to better engage our audiences.
5. Enlightened consumption: Consumers are so empowered we can force companies through our purchasing behavior to take a stance.  Takeaway: Take a stand that demonstrates your values to customers and employees.
6. Disruptive distribution: Shifting business distribution models are disrupting entire businesses.  Example: Casper mattresses changed the way people buy mattresses; a camera company gives the camera away for free, and you only charges you for pictures you want them to touch up for you.  Takeaway: Rethink the business model, how you promote, how you partner.  Take advantage of the disruption rather than be disrupted.
7. Loveable unperfection: be strategically flawed.  It demonstrates humanity, which people are looking for.  Examples: Uggs or Crocks – ugly shoes, but comfortable. Or, the Hans Brinker hostel, who advertises itself as the worst hotel in the world.  They show you the reality of what they have, which people connect with.  Takeaway: Instead of focusing on being perfect, show reality, warts and all.

SXSW 2018 Day 2 Session 5: SkyHacking: Nose to tail on aviation cybersecurity

Session page, including audio: https://schedule.sxsw.com/2018/events/PP78088

Pete Cooper, Atlantic Council
Deborah Lee James, Atlantic Council, former secretary of the US Air Force
Alan Pellegrini, Thales Group
Elizabeth Wharton, City of Atlanta/Hartsfield Jackson Atlanta Intl. Airport

Pete: Planes are more interconnected than ever.  Wifi is not limited to the passenger section, it’s available in the pilot’s cabin as well.  What is being connected?

Alan: All tech to increase connectivity is very beneficial to the crew and passengers; but it creates another attack surface for hackers.  Pilots are increasingly communicating with air traffic controllers using data, which also increases attack vector.  The aircraft itself is becoming part of IOT, not just in the aircraft but actual sensors embedded in it.  For all of these there have been examples of hacking; but so far there have been no safety issues, only disruptions.

Elizabeth: The airports are becoming mini cities.  We are looking at advancements such as autonomous transit to the terminal, device based check-ins, facial recognition technology and others.  Technology is impacting all domains of the airport even beyond passenger processing: baggage sorting and delivery, retail, medical services and other systems are increasingly getting an IOT footprint.  The challenge is to sort out what is connecting to what?
Disruption happens not only by hacking; system failure can cause increasingly more havoc as well.

Pete: So we have not had a safety issue yet, but will it be targeted?

Deborah: Yes, the whole ecosystem is interconnected, and aircraft are becoming flying computers.  As to what to do, I identify four “D”s and one “S”: Deny, Disrupt, Degrade, Destroy and Steal.  The potential attackers range from individual hackers through disgruntled employees and all the way up to nation states.

Alan: Aircraft manufacturers are beginning to put a lot of effort into penetration testing, however, there isn’t enough of a holistic view.

Elizabeth: Airline carriers and airports reach out to the security community to get more information.

Pete: The airline industry is highly trusted, due to its very consistent record of safety.  How can that be maintained?

Deborah: The security area must be constantly reviewed, always looking at the periphery for attack vectors.  There need to be multiple layers of defense.

Alan: Part of the problem is that many of the systems that are put on the plane for entertainment and customer service have been selected because of their “coolness”, with security being secondary. These are not as rigorously tested and hardened for security.

Pete: Airlines can demonstrate an aircraft is safe, but how can they show it’s secure?

Elizabeth: They need to be answering multiple questions: for any attack vector they consider, are there alternative attack routs B and C, and have those been vetted?  What lessons-learned activities were taken?  How well are existing issues and past incidents responded to, and how do you improve on the response?

Pete: When you consider airplane software is written for dedicated airplane hardware, and that it needs to be distributed to a global fleet of airplanes, and when you consider the cost of taking an airplane out of circulation (even for a short time) to install a fix, the cost of changing even a single line of code across an entire airplane model can reach a million dollars.  How do you address threats fast enough and in an economic way?

Alan: These statistics are improving through the connectivity that is being put into the airplanes.  New data pipes are being built to enable things like bug fixes – but again the trick is to make these secure.  Nowadays a code change can be distributed across the entire fleet in a single day.

Pete: If there’s an aircraft accident, the aircraft is rebuilt from the wreckage, so that investigators can study what went wrong.  That level of detailed lessons-learned is not done with cyber attacks.

Deborah: There may not be enough sense of urgency yet.  Unfortunately, it may take a cyber “Pearl Harbor” to get sufficient focus on the matter.

Pete: How do you break down the barriers among the organizations that need to work together on this?

Alan: It’s getting better – airlines are paying more attention to the issue.

Deborah: Top leaders of arilines and government are not necessarily educated enough about the issue, and that it’s an ongoing effort, not a one-and-done fix.

Pete: While we are talking, adversaries are advancing.  What do in preparation?

Alan: We need airlines to adopt security standards and hold vendors accountable to them.  Today security is built into new systems, but not necessarily into the old systems, which are still vulnerable.

Elizabeth: We need a way to find a happy medium, because the government does not move fast enough.

Pete: There is a culture of safety in the industry, but there isn’t yet a culture of security.

Q: What is the impact of consolidation of airlines on cyber security?

Alan: It’s positive.  It increases attention, provides larger IT teams and larger budgets.

Q: What are the risks and vulnerabilities of automation taking over pilot functions on an airplane?

Pete: Automation is not yet an issue, the pilot is still in control.  However, there is a danger of changing the information displayed to a pilot, that can be dangerous.

SXSW 2018 Day 2 Session 4: Blockchain and the decentralization of finance

Session page, including audio: https://schedule.sxsw.com/2018/events/PP73420

Paul Veradittakit, Pantera Capital
Dan Kahan, Morrison & Foerster LLP
Nick Chirls, Notation Capital
Emma Channing, Satis Group

Dan: So what is blockchain?

Nick: A new kind of database that has interesting properties – it is a database where a distributed group of people can verify transactions and data in a way that doesn’t need a centralized third party and doesn’t require them to trust one another.  The data sits permanently and publicly on the blockchain.

Dan: What’s the connection between blockchain as a technology and cryptocurrency and tokens?

Paul: The blockchain is a decentralized immutable transparent ledger that enables peer to peer transactions of value or tokenized digital assets.  There are two types of tokens emerging:

• Utility token, which is a token required to use a certain technology or product.  Bitcoin is an example of a utility token.
• Security token, which represents equity or profit in a company.  ICO coins are an example of a security token.

Dan: There are a lot of distributed databases that came out over the last 40-50 years, which you don’t hear about in public media. What is it about blockchain specifically that is exciting in the world of finance?

Nick: Blockchain is a pretty bad database in many ways; for example, it’s not very scalable, has low throughput of transactions.  Its good in areas where there is poor trust among different parties.  There are very few use cases that need this type of capabilities

Dan: So censorship resistance is considered a big plus to some groups, but are there other groups that see this as a bug, and not a feature – perhaps regulartory groups?

Emma: We’re seeing a very diverse approach.  The EU commission is coming with guidelines for what they find acceptable tokens and security systems.  For example, German regulators mandate an income source to approve a security token.  It’s important to get legal advice if you’re thinking about it.

Dan:  What are some of the features of a security token vs a utility token?

Emma: The utility token is something that is inherent to the blockchain technology, that is at the heart of the project.  It can be a form of payment, or a discount, but a clear function in the project.  In Swiss law, to count as a utility token the platform has to be fully functional at the time of the ICO.

Dan: On utility tokens, looking at them as items that have non-investment purposes, what do you see the types of projects out there using them?

Paul: We look to see what the problem the company is trying to solve, and see if the token will enable the company to open a new market or gain market share in an existing market.  We’ve been investing more into new projects, because we see that a lot of projects that add tokens into existing projects are really just bolting on tokens with no real need for them.  We want to see a real problem is solved, like fraud prevention.

Nick: We treat blockchain projects like traditional startups when we come to analyze them.  We look at the founding team, its technical ability to get a project to market (not just raise an ICO).  We look for market opportunity, and is the blockchain technology critical to the technology.  We can see a lot of projects that add blockchain to the name of the project, when in 99% of the time it’s not relevant or critical to the project.

Dan: How do you measure when a project has achieved success?

Paul: Where blockchain is today there’s really early days for this type of technology.  The technology is not really ready for the applications we want to use with it.  We measure success by seeing actual real value to people.  Most of it today isn’t.

Emma: We define success as going live, with actual users on the system, and regular updates to the GITHUB repository.  Only about 2-4% actually succeed; 80% of ICOs can be considered scams.  This noise is something we hope the regulatory bodies will dampen down.

Paul: Timewise we’re on the first half inning of a baseball game.  The technology is still being worked out.  It’s like working on a 56K modem.  It will take time.

Dan: Are there any protocol level things or products on blockchain that you would like to see coming down the line?

Nick: Scalability is obviously a major problem that needs to be solved, and we’re seeing lots of different approaches to that.  There are lightning networks, that allow some activities to be done off chain.  Proof of work is another big item.  We’re looking for infrastructure layer stuff that would make blockchain more usable.

Paul: The potential around security tokens have not yet been fully realized.  For example, being able to use the transparency and trust features of the blockchain to participate in fractional real-estate ownership; that will open up a lot of possibilities. There is a problem of liquidity – which exchanges are licensed to support and exchange security tokens.

Dan: There’s a lot of discussion in media about blockchain disrupting banking; when you have token that are potentially purchaseable by anybody, could anybody be a venture capitalist, or is there still room for institutions?  What role is there for asset managers when the asset purchase is democratized?

Nick: Some VCs are thinking about new models for Crypto, and some discussion of raising tokenized funds; so there’s significant interest from traditional agencies in the topic.  But it still represents a very small percentage of the available funds.  The traditional VC business will not change and convert to crypto funds on mass.  The discussion about the disruption of the venture business has been going on for a long time, but the reality is there a set of services that VCs provide beyond just money, and people will still need that.

Paul:  There’s the ability to be able to filter out noise, to understand the new technologies, and to do reference checks and all the groundwork required; as an individual person that’s hard to do, but a VC fund or an ICO fund has this experience and the access to the information, so we’re better positioned to succeed in this.

Dan: What other opportunities are there that blockchain offers?

Nick: Micropayments were one of the original advantages considered using blockchain; but in the world of bitcoin, the per transaction cost is still too high to make micropayments viable.  We’d need to see scalability improve and cost per transaction go down substantially to make micropayments a reality.

Paul: In terms of usecases, there are microtasks, such as mechanical turk type of tasks, where people around the world can perform small jobs for tiny payments.  Right now in the traditional network there’s a minimum of transaction size of $0.27, but if we can get the cost per transaction we could enable micropayments across boarders.  Another use case, what if you could be paid a small amount to watch a small amount of content online, that could open up new business opportunities.

Dan: Everyone talks about the positive aspects of blockchain, are there any negative implications to blockchain?

Nick: the energy usage is a major issue, blockchain uses an incredible amount of compute and energy power to verify transactions.  Governance is still in question as well, in regard to many different types of blockchains.  You could consider each blockchain as a mini-financial system, which has its own governance system, and there are a lot of challenges around governing these systems and will need to be solved as well.

SXSW 2018 Day 2 Session 3: Alien Worlds: NASA’s quest for life

Session page (including audio): https://schedule.sxsw.com/2018/events/PP76837

Robert Hurt: Caltech, astronomer
Tiffiny Kataria: Exo-planetarian, NASA jet propulsion laboratory
Morgan Cable: Astrochemist, NASA jet propulsion laboratory
Cynthia Phillips: Planetary Geologist, NASA NASA jet propulsion laboratory

Cynthia: The first candidate for finding life is Europa, Jupiter’s moon.  Its surface temperature is 100 degrees Kelvin (-173 Celsius), and it is covered in ice, but below it has more water than all of Earth’s oceans.  Liquid water with the right chemical elements for life, and possibly chemical energy source at its bottom from Europa’s core.  Alternatively, radiation from Jupiter can provide an energy source.  Also, it has time on its side – Europa’s ocean is liquid from the start of the universe, so that gives a lot of time for the formation of life.

There are two missions planned to Europa:

• The Europa Clipper, which will do a fly-by, set to launch in 2022-2025
• The Europa Lander, which will land on the surface and sample the ground.  It has a suggested launch date of 2024.

Morgan: Another good candidate is Enceladus, Saturn’s moon.  It also has a liquid ocean beneath a crust of ice.  It may be geologically active, and plumes of icy particles were spotted over its south pole.  These could be sampled with a satellite doing a fly-by.  There may be hydro-thermal vents at the bottom of Enceladus, which could support life.

Titan is another moon of Saturn that is considered a candidate for finding life – it has an atmosphere, and there is liquid on its surface.  Titan has rivers and lakes of liquid methane.  These may support life, although if they do, it will be a very different form of life than the one we know.

Tiffiny: Beyond our solar system we are looking at the stars for planets.  We look for changes of light (which tells us if it is a rocky planet, like Earth or a gas giant, like Jupiter), radial velocity, and recently we’ve been taking pictures through direct imaging, where we block out the star’s light to catch the orbiting planet. Until now we’ve discovered over 3000 exoplanets.  We found desert planets, planets orbiting two stars, and others.  We use spectroscopy to look for signatures of molecules that would indicate life – water, methane, ozone, and other signatures we know.  We are mapping for athmosphere.  For example the trapper star system with seven Earth-sized planets.

Robert: What I do is try to engage the audience by trying to add imagery behind the exoplanets – giving them color and graphics.  Take queues from Hollywood, who are very good at making space engaging to the mass audience.  Try to provide images based on as much scientific information as possible while still keeping it interesting.  So for example if a planet is known to be covered by water, but also has a thick cloud layer, we would perhaps draw some space between the clouds to show the surface and make the image more compelling to the public, even at the expense of some scientific accuracy.

Cynthia: What about intelligent life?  SETI looked for this by looking for radio telescopy signals.  Right now we are looking for both intelligent life as well as “stupid” life – single cell life, animal life, any life not building radio telescopes.  Scientists will be satisfied with finding even microbes.

Morgan: Another overlap of science fiction and real life is the Star Trek concept of the Prime Directive, which protects from harming other under developed life forms; NASA has a similar guiding principle called “Planetary Protection”, designed to prevent bringing contamination back to Earth from space, and prevent contaminating other planets.  That is why the Cassini craft was purposefully crashed on to Saturn, to avoid its accidentally contaminating one of Saturn’s moods.

Robert: We can’t do statistics on a sample size of one, and in regard to life, that’s our sample size.  So we really have no possibility to extrapolate as to the chance of life on other planets.
What would it take to find life?  Do we have the technology?

Morgan: We do have this, and it is essentially the methods we are taking now.

Tiffany: Voyager took 40 years to get to the edge of the solar system, but it would take 40,000 years to get to the nearest found planet – Proxima.  So we will need to focus on observation.

Question: Plate tectonics is important for life on Earth, are we looking for that in other planets?

Tiffany: We don’t really know how to detect that.

Question: How critical is radiation for life?

Morgan: Radiation is harmful to life, but it can create conditions for life by breaking up material.

Question: How do you sanitize the Europa lander?
Morgan: We did learn a lot more about sterilizing since the Cassini days.
Cynthia: To get permission from the planetary protection body you need to show very stringent standards for protecting the landed planets.

SXSW 2018 Day 2 Session 2: Quantum Computing: Science fiction to science fact

Session page, including audio: https://schedule.sxsw.com/2018/events/PP79118

Jerry Chow, IBM

Bo Ewald, D-Wave systems

Andrew Fursman, 1Qbit

Antia Lamas-Linares, Texas Advanced Computing Center at University of Texas

Antia: The first concept of quantum computing was detailed by Prof. Feynman in 1981.  The quantum computer uses three principles of quantum mechanics:

• Superposition – a bit can be 0 and 1 simultaneously
• Entanglement
• Quantum tunneling

Quantum mechanics application is found in multiple areas – quantum sensors, quantum communication, and quantum computing, which is the focus of this discussion.  There is a lot of attention on quantum computing, due to its promise.  The EU has created a $1B program to advance quantum computing and China is spending $11B on the topic.

Quantum computers come in two architectures: Gate architecture and annealing architecture.  Basically the two are different ways to represent a Qbit.

Quantum computers are good at finding the probability to the best answer – they do not provide certainty.  So, they are good for optimization problems.  For example, routing traffic; placing satellites, some machine learning problems.

Jerry: Quantum computing has grown from a concept only understood by physicists, to something that is more popular in the computing circles.  As hardware has progressed, we are learning what quantum processors can do.

IBM Launched IBM QX (Quantum eXperience), which is a 5 Qbit processor that’s available online and accessible for the public.  IBM also released an SDK and a Python API set to help users write code more easily and experiment with the quantum processor and simulators.  There’s also a user’s guide for beginners.

Andrew: There are still very complex problems that can’t be solved in traditional computing methods, for which quantum computing is more suited.

Anita: Where are we in terms of the hardware?  Why do we see it in the news so much now?

Bo: Our technology now is probably at a similar stage to the level regular computers were in the 50s – just as we transitioned from vacuum tubes to transistors, and before the development of Fortran, the first computer language that made computers somewhat accessible.

On the other hand, we are dealing with very advanced hardware, and are progressing very quickly.  Large companies are buying ever bigger machines – Google bought a 500 Qbit machine, and Lost Alamos and NASA bought 2000 Qbit machines.  So the hardware is advanced, but the software and application are 50s era.

Jerry: With circuit model, we need to have large numbers of perfect Qbits to achieve meaningful usage, but the physics of the domain are such that large numbers of Qbits increase the likelihood of errors in calculations, in which case strong error correction is needed.  Right now we can build tens or hundreds of physical Qbits, but those would generate a lot of noise, and we’d need to find the right applications for them.

Andrew: We need to think about what types of things are not possible with classical computers and how we would build quantum computers to solve these types of problems.  Regular computers and quantum computers are not in competition; they enhance each other.  It’ll likely have a model similar to CPU and GPUs – the CPU farms out certain types of operations to a GPU, which is better suited for them.

Jerry: Quantum chemistry is an example of a domain that’s best tackled with quantum computers.  It would be too hard to have large scale simulations of quantum chemistry on traditional computers.

Andrew: If you must use 30% of a supercomputer cluster for a relatively simple chemical simulation, that’s a hint we’re not using the right tool for the problem.  We will be building quantum computers to solve specific types of problem: a computer optimized for matter manipulation, one optimized for quantum material science analysis, and so on.

We need to increase the exposure and availability of quantum computing to better expand and speed up potential development.

Jerry: We’re still not in the level of maturity that we would have compilers, operating systems on Quantum computers.  It’s still very early days here.

Bo: There are only about ten companies in the world who can build quantum computers, and we need to get them into the hands of millions to accelerate the field.

Anita: What are the drivers of quantum investment?  Is it still mostly government and education sector?

Andrew: Once we start seeing results the corporate sector will enter the field.  The government should be encouraging businesses to invest in the field.

Jerry: We’re starting to see rapid development of technology with academic advancement.

Bo: We’re still in the R&D phase, which makes the users mostly big operators like governments.  The first killer app will change that.

Andrew: We need to ramp up the talent now, not when the first killer app hits.

Jerry: In the past, we would be primarily hiring physicists, because only they were able to understand the domain.  But now we see more and more computer scientists available.

Question: What should we be concerned about in terms of security and what is overblown?

Jerry: Breaking encryption comes up a lot, but I wouldn’t be worried about it – the technology to support this is still not available.  It’s important to start thinking about transitioning away from traditional encryption, but it’s not an immediate problem.

Bo: It’s probably another 10 years before Shor’s algorithm can be used.

Anita: This is something we’re thinking about, but there’s also quantum encryption – that will likely take replace the common encryption algorithms we use today.

Question: What are consumer applications of Quantum computing?

Andrew: Probably in the financial world, solving optimization problems.  For example, how can I get the most X by investing the least Y.  Other than that, it’s currently hard to tell what types of usage there will be.  The field will innovate once access becomes more available and knowledge spreads more.

SXSW 2018 Day 2 Session 1: Who takes the wheel on self-driving car safety?

Session link, including audio: https://schedule.sxsw.com/2018/events/PP80321

David Friedman, consumers report

Cathy Chase, Advocate for Highway Auto Safety

Bryan Reimer, MIT

David Strickland, Self-driving coalition for safer streets

Friedman: To start, some background info: US Drivers drive 3 trillion miles per year.  Americans spend a sixth of their annual income on cars, a billion dollars a day on gas and 7 billion hours in traffic.  This is besides the 37,461 people who died in 2016, and an average of 2.5 million injured a year.

Safety is key in adoption of self-driving cars; bad safety record for self-driving cars can substantially delay in adoption of autonomous cars.

The current state of automation is as follows:

Automation level	Responsibility for safety	Driver control	SAE level	Sold today?
Partial	Driver	Yes	1,2	Yes
Conditional	Depends on the situation	Yes	3	No
Self-driving	Car	No	4,5	No

David F.: What is the future of self-driving car safety?

Cathy: We’re at an interesting point – fatalities from driving are high, but there is an optimism that the problem will be solved by the arrival of self-driving cars.  A few points to consider, though:

1.     There’s still a lot to be done to improve safety with technology before the cars are fully autonomous

2.     There is a lot of improvement that can be achieved just by enacting better safety laws

3.     There’s a slowing down in the timelines.  Car execs are more cautious about target timelines, which is good because if we get them too soon before we can prove their safety it’ll delay the adoption, delaying the reduction in accidents with it.

4.     There is a problem with issue fatigue: we are forgetting that car manufacturers have a long record of misbehavior and outright fraud, and now they are asking us to just trust them with self-driving cars and without regulation.

Bryan: the road to self-driving cars is an evolutionary one that will take time.  Meanwhile, the excitement over self-driving car is going down due to media saturation.  Also, self-driving cars have to pass a higher safety bar: being safer than humans is not enough, because media will pounce on any accident that’s the fault of the vehicle, so even a much lower rate will get higher attention.  The Tesla case is a good example.

In the interim period, humans and computers will be having a joint role in the car.

David S.: We have to work together – manufacturers, governments and consumers.  Our issue is 50 year old regulation that is not keeping up with the technology.  We need to find ways to accelerate the modernization of regulation.  Technology advancements are currently added not through standardization but voluntarily.  For example, ESC was introduced in 1990, but only made standard through regulation in 2012.  This is a long delay; many lives would have been saved if this would have been put in place earlier.

We need to be able to test new technology on the road, on mass; you can’t just test it on a few thousand cars.

Bryan: Fully self-driving cars (with no steering wheels) will not be ubiquitous for 100 years – the complexities of solving the last few problems will just not be economical.  Plus, people will not be willing to give up driving, so we are looking at a mixed environment for the foreseeable future.

Cathy: Why can’t we answer the “when” question? One of the reasons is that we’re not seeing the test data that companies have; if companies were to share the test data we’d be better positioned to assess how mature the technology really is.

David S.: There will always be human drivers.  Some people will just want to drive by themselves.

David F.: Surveys conducted show that 60-80% of Americans are uncomfortable or even afraid to share the road with self-driving cars.  How safe is safe enough? Who gets to decide that?

Cathy: When your computer or phone crashes, you walk away uninjured; when your autonomous car crashes, not so much.  I heard a quote from the head of Duke Robotics that resonated with me – we’ll know the cars are safe enough when the car executives put their families in them.  Google uses some of their self-driving cars with employee families, but they are keeping the information about those tests secret; so when the public has more information it’ll be easier to assess.

It’s also crucial that consumers have a certain sense of safety about self-driving cars as they do with regular cars: show the safety information up front, like you do with standard features.

David S.:  We need to do vigorous self-assessment to determine that safe is safe enough; but we have to be able to deploy.

Bryan: Need to think about safety as a continuum; need to build trust in the system, see a more gradual, slower approach.  It’s hard to define official performance indicators: what, for example, is considered a crash, for the purpose of measurement?  What is a near crash?  These parameters are hard to define.  Instead we need to make any incident public – even a dent must be disclosed.

David F.: Will the public accept a small reduction in the number of accidents?

Cathy: Would we accept this in an airplane?  No, so why would we accept these numbers in cars?  If we have comparable numbers of accidents between self-driving cars and regular cars people will freak out.

Bryan: Aviation provides a good comparison point.  We are still in early days of the technology, like aviation was in the 50s or 60s.  It has to be managed over the long haul.

David S.: People are all bad at risk assessment.  People tend to be unrealistic about driving risks.  Everyone thinks they’re a great driver, while everyone else is a bad driver.  This notwithstanding, every incident with a self-driving car will be pounced upon by the media.  For example, airbags – in the beginning they were unsafe for kids.  We could have said that airbags are unsafe and discarded the technology, which would have probably resulted in hundreds of thousands of deaths over the years; however, we did not stop using airbags or slow their adoption, we just moved the kids to the back until we could solve the problem.

Cathy: And indeed, there were some calls to get rid of airbags, but it was regulation that kept them in.

David F.: The National Highway Traffic Safety Administration (NHTSA) is an agency with a $900M budget, 2/3 of which go to states, with over 37,000 fatalities annually; in comparison, the Federal Aviation Administration (FAA), $16 Billion budget, covering fewer vehicles travelling fewer miles.  Can NHTSA handle this?

David S.: Eventually yes.  Certainly, NHTSA needs to be better funded.  The aviation industry is tightly regulated – you can’t make even small changes to aircraft without FAA approval.  The FAA has 57,000 employees to take care of this, while NHTSA has only 575.  It’ll be incumbent on the manufacturers to keep safety and NHTSA will need to watchdog that.

Cathy: 99% of accidents and 95% of fatalities happen on the road, and NHTSA only gets 1% of the Department of Transportation’s budget.

Bryan: NHTSA has its hands full managing regular cars, with the automation put into those.  When looking at autonomous car, we’re talking about a software world that has a different problem profile than the mechanical one has.  It is much closer to a pharmaceutical industry, so the model we should be looking for is closer to the FDA’s process for drug approval.

Question: What about liability?

David S.: It depends on the level of autonmy the car has.  If there is a human in control, the driver is responsible.  If it is fully autonomus, the manufacturer is liable.

Bryan: We will get to a situation where sensor data will be used in courts to determine responsibility.

David F.: And there is different thinking about this even inside the government.  For example in the case of the Tesla crash, NHTSA ruled that Tesla was not liable, while the National Traffic Safety Board concluded that both the driver and the manufacturer were equally responsible.

Question: Will human drivers be banned in 30 years time?

Bryan: Not in the US – possibly places like Singapore

David S: No.

Cathy: No.  You can’t even get helmet laws passed in some places in the US, there’s no way drivers will be banned.

Question: Will you be out of a job?

Bryan: No.

David S: Hopefully.

Cathy: It’s my job to put myself out of a job.

SXSW 2018 Day 1 Session 5: Hacking and Journalism for Good

Session page, including audio: https://schedule.sxsw.com/2018/events/PP99420

Hakon Hoydal: Journalist, Verdens Gang (VG)
Nataly Remoe Hansen: Journalist, Verdens Gang (VG)
Otto Stangvik: Computer programmer

Otto Stangvik: I was a software developer for several years, and I felt my life was in a rut.  I had a crisis and needed a change.  I started playing around in the internet and got interested in tracking and following people on darknet who engage in abusive behavior, especially child pornography.  This way I met with Nataly and Hakon, who were investigating this as journalist, and we decided to work together to expose participants in online child pornography rings.
Hakon: The first results of the collaboration was in 2015, with the publishing of “the downloaders”, publishing 95,000 IP addresses downloading 430,000 images of child porn.
Nataly: Further analysis led us into the dark web, where we discovered we could find formulas linking forums in open internet to ones in the darkweb, that lead to forums that have paid subscriptions. The money going into the forums goes into funding the infrastructure of the forum and for new content.

Otto: The method was to sift through logs in the public internet to look for patterns and links.  I built tools to sort through the 46 million log records we gathered and create links of files.  From this we isolated 95 downloaders.
Nataly: But all of these were people who primarily used regular internet as a gateway into the dark web.  Our challenge was to go after people completely operating in the darkwave.  Specifically, one of the posters in a darkweb forum dismissed the exposure by saying this was just possible due to the mistakes those users made by using regular web.  He said that those who work solely on the darkweb were not in danger.  We took this as a challenge and accepted it.

Otto: So how did we go about this?  Our first step was to get to know the topology of the dark web forums, specifically one called “Child’s play”, the largest darkweb forum for child pornography.  We studied the forum and its infrastructure.  One of the things that helped us was that although these forums were on the dark web, they were still using opensource software to run and administer the site.  So we were able to get a lot of information and find investigation approaches by just examining the opensource software itself, including some known vulnerabilities.  Also, we found out that even though all the content was on the darkweb, some of these software systems used regular internet for metadata, which we could track.
We were careful to use only browsers that don’t show images, so as not to be exposed to the content.  Also, we never stored images – we created a hasher that generated a hash for each image, so we could identify duplicates of it without having to store the actual image.  We also had an enormous amount of data to sift through – we collected over 18GB of plaintext information; we had to create dashboards and search interface to track users across forums.

Hakon: We would track users across different forums.  For example, we found that one user used the same user ID for skype.  Some of the image data and posts contained GPS locations from people using their phones, so we could use this as well.
Eventually, we used all this information to track the origination servers to three countries – France, Germany and Australia.  The server hosts in France and Germany refused to cooperate, but the ones in Australia did, and through them we were able to get the contact details of the person leasing the server computers – the Australian police department.
It turned out that the Australian police had been able to apprehend the original two creators of the site, which we were tracking, had them arrested, and transferred the site to themselves and continued running it as a sting operation.  Once we discovered it, they shared some additional information about the people who ran it previously, and eventually shut down the server a year after we discovered it.