1. InfoconDB
  2. Black Hat
  3. Black Hat USA 2021
  4. Smashing the ML Stack for Fun and Lawsuits

Smashing the ML Stack for Fun and Lawsuits

Presented at Black Hat USA 2021, Aug. 4, 2021, 3:20 p.m. (40 minutes)

Adversarial machine learning research is booming. ML researchers are increasingly targeting commercial ML systems such as those used by Facebook, Tesla, Microsoft, IBM, or Google to demonstrate vulnerabilities. But what legal risks are researchers running? Does the law map onto expectations that vendors might have about how their systems should be used?

In this talk, we analyze the legal risks of testing the security of commercially deployed ML systems. Studying or testing the security of any operational system potentially runs afoul of the Computer Fraud and Abuse Act (CFAA), the primary United States federal statute that creates liability for hacking. Previously, our team analyzed common adversarial attacks under the United States law, summarizing the ways in which variability in legal regimes created uncertainty for researchers and for companies that might be interested in understanding the legal rules that apply to certain kinds of attacks.

Because the United States Supreme Court has, for the first time, taken up the scope of the authorization provisions from the Computer Fraud and Abuse Act in Van Buren v. United States, we will be able to provide more definitive answers as to the legal risks that adversarial machine learning researchers may take when performing attacks such as model inversion, membership inference, and poisoning attacks. We will also look at whether other legal regimes, such as copyright or contract law, map on more directly to defenders' expectations of what should be allowed.


Presenters:

  • Jonathon Penney - Assistant Professor, Osgoode Hall Law School at York University
    Jonathon Penney is Faculty of Law at Osgoode Hall Law School in Toronto. He is also a Visiting Scholar at Harvard Law School; a Senior Research Fellow on the Technology and Social Change Project at the Harvard Kennedy School's Shorenstein Center on Media, Politics, and Public Policy; and a Research Affiliate of Harvard's Berkman Klein Center for Internet and Society. He is also a long time Research Fellow at the Citizen Lab based at the University of Toronto's Munk School of Global Affairs and Public Policy.
  • Bruce Schneier - Fellow, Harvard Kennedy School
    Bruce Schneier is an internationally renowned security technologist, called a "security guru" by the Economist. He is the author of 14 books -- including the New York Times best-seller "Click Here to Kill Everybody" -- as well as hundreds of articles, essays, and academic papers. His influential newsletter "Crypto-Gram" and blog "Schneier on Security" are read by over 250,000 people. Schneier is a fellow at the Berkman Klein Center for Internet and Society at Harvard University; a Lecturer in Public Policy at the Harvard Kennedy School; a board member of the Electronic Frontier Foundation, AccessNow, and the Tor Project; and an advisory board member of EPIC and VerifiedVoting.org.
  • Kendra Albert - Clinical Instructor, Cyberlaw Clinic, Harvard Law School
    Kendra Albert is a clinical instructor at the Cyberlaw Clinic. They are a practicing attorney and teach students to practice technology law by working with pro bono clients. Along with Sunoo Park, Kendra is the author of "A Researcher's Guide to Some Legal Risks of Security Research", co-published by the Cyberlaw Clinic and the Electronic Frontier Foundation. They hold a law degree from Harvard Law School, serve on the board of the ACLU of Massachusetts, and are a legal advisor for Hacking // Hustling.<br>
  • Ram Shankar Siva Kumar - Data Cowboy, Microsoft
    Ram Shankar Siva Kumar is Principal Program Manager in the Azure Trustworthy ML initiative working towards empowering engineers to develop and deploy ML systems securely. His work has appeared in industry events like RSA, Defcon, BSidesLV, BlueHat, DerbyCon, MIRCon, Infiltrate, and academic venues like NeurIPS, ICLR, ICML, ACM-CCS, IEEE S&P, and Harvard Business Review. His work has been featured in Bloomberg, Wired, VentureBeat, Business Insider and GeekWire. He is the Founder of Security Data Science Colloquium where ML engineers from every major cloud security team congregate. He graduated with two master's degrees from Carnegie Mellon University and is currently an Affiliate at the Berkman Klein Center at Harvard University and Technical Advisory Board Member at the University of Washington.

Links:

Similar Presentations: