From Bot to Robot: How Abilities and Law Change with Physicality

Presented at Black Hat USA 2018, Aug. 8, 2018, 11:15 a.m. (50 minutes)

Online bots and real-world robots are both capable of manipulating people and communities. Online bots are part of attacks on human belief systems that range in scale from nation-states to smaller communities, aimed at disrupting, causing division and forcing group opinion. Current bot developers have shown good results with relatively unsophisticated programs, but algorithms exist to make these bots much more effective. Embodying these online bots into physical hardware bodies changes both the social dynamics and legal implications regarding their action.; Embodied bots, (ie. robots), can be used to socially engineer people by gaining their trust, and manipulating them into doing or saying something they otherwise might not. Increasingly sophisticated, free-roaming bots and robots also bring questions of responsibility, personhood, privacy rights and liability: we need to develop legal and policy frameworks to address AI, robots, and their interplay with our society now.

We discuss the mechanisms by which bots and robots manipulate people, the mitigations available, and the legal implications of such behaviours. We cover how to manipulate people online at scale, who's doing it (and why), why it works and how to defend yourself. We talk about the interplay between large-scale data collection and embodied robot manipulation of humans, how emotions are used, and how data collected by robots can be even more privacy invading because people form social bonds and attachments with robots. We also cover robot policy and law, and expected issues as bots become more sophisticated and ubiquitous. We finish with recommendations for attendees wanting to counter potential attacks.


  • Wendy Knox Everette - Senior Security Advisor, Leviathan Security Group
    Wendy Knox Everette (@wendyck) is a hacker lawyer who began her career as a software developer at and Google, before going to law school, where she focused on national security law and computer security issues. She interned with the FTC, FCC, and several other three letter agencies, and completed a fellowship with ZwillGen in Washington, D.C. During her fellowship she assisted with vendor cybersecurity reviews, drafted data breach incident reports and assisted with incident response, as well as working with clients in responding to law enforcement requests for customer data. Currently, she lives in Washington State where she advises companies on risk and security regulations.
  • Sara-Jayne Terp - Data Scientist, Bodacea Light Industries
    Sara-Jayne Terp is a data scientist, strategist and community builder, focussing on complex business and social problems. She's currently working on misinformation and auction algorithms at an online advertising exchange; her previous work covers belief systems and situation awareness across many disciplines (including autonomous systems,intelligence analysis, crisis data, journalism, online advertising and political data science).
  • Brittany Postnikoff - Researcher, University of Waterloo
    Brittany Postnikoff is a graduate student in the Cryptography, Security, and Privacy Lab at the University of Waterloo. She researches the interplay between robots and social engineering to predict and mitigate the negative impact of social robots on security and privacy. Brittany holds a diploma in Business Administration from Red River College, an Honours Bachelor of Computer Science degree from the University of Manitoba, and will be completing her Master of Mathematics degree at the University of Waterloo this year.


Similar Presentations: