Algorithms and software governments make and use should be available for public inspection and reuse
# 17 Dec 2017, 11:02AM: Bill 1696 and Learning Old Systems:
A very amended version of Councilmember Vacca's algorithmic transparency bill has now passed the City Council and is headed for the Mayor's desk to sign.*
This follows the October 16th hearing (which was moved to a larger hearing room at City Hall due to huge attendance) -- the video recording is available now and is a little over two hours long, as are PDFs for Hearing Testimony (pre-written) and the hearing transcript. One attendee live-tweeted practically the whole hearing (sometimes the threading broke a bit) and another shared rough notes as a GitHub gist. Several people spoke for a few minutes each from, e.g., the New York Civil Liberties Union, The Brennan Center for Justice, Legal Aid Society, BetaNYC, Brooklyn Defender Services, Princeton's Center for Information Technology Policy, and various other institutions, and some spoke just as individuals. I testified for a few minutes, starting at about 1:53 in the video, and got quoted in Civicist.
The amended bill, approved by the Council's Technology Committee and then by the City Council earlier this month, is a compromise. It creates a task force, and they'll have 18 months to write up a report with recommendations, and that report will be made public. The bill specifically says that "Nothing herein shall require compliance with the task force's recommendations". Who appoints the members of the task force? "Such task force and the chair thereof shall be appointed by the mayor or a designee thereof" with no particular mandate that, say, the Council has a voice in who's placed on the task force. The bill says nothing about whether the task force will perform any of its hearings in public.
So those of us who want to keep momentum going on this issue will have to note who's been appointed, submit testimony when the opportunity arises, and find a way to sustainably pay attention to it.
The Mayor could allow the bill to lapse into law without signing it, could sign it into law, or could veto it (and then probably have the Council override his veto with a two-thirds majority). What I hear is that it'll almost certainly be the first or the second of those three. Legistar says there'll be a hearing tomorrow, Monday the 18th, but what I've heard is that this will be kind of a formality in which 20+ bills are being "heard" but no substantive discussion is expected.
So I tried to find out when on Monday this hearing will be. I looked around the Mayor's chunk of nyc.gov and found nothing. My Council contact told me that the daily Sked in the daily First Read in City & State and Gotham Gazette's Week Ahead sections would tell me these kinds of schedule details -- once Monday rolled around.** Ahhh. New York City is a very old system, like sewing or software packaging,*** and way before there existed a municipal website, there was a rich ecosystem that depended on knowing this information, and so niche publications emerged. Right.
And today, while writing this, I found the City Record Online (every day the City Record puts out notices of city hearings, court notices, etc. and you can look at recent daily editions as PDFs or search electronically), and figured out: 4:30 pm, in the Blue Room at City Hall, as announced on December 13th.
So I'll probably be there, even though it probably isn't substantively important, as I learn this system, as I learn how to pay attention. Maybe I'll see you there too.
* Legistar, the application that NYC uses to track bills as they move through the City Council, has email and RSS notification, but the email alerts have not been functioning for me, and the RSS option is pretty uninformative and (I think) slow to update. Councilmatic is an open source alternative that had to use screen scraping to get bill and event data (the comments in the bills scraper elucidate some stuff I'd been unsure about). I'm glad to hear that, thanks to NYC open data advocates, there's now a proper Legistar API available for civic developers like us.
** Indeed, the First Read now includes a sked for Monday that mentions a Mayoral hearing and bill signing -- but doesn't specify or link to the list of bills.
*** I'm improving various skills and learning multiple systems right now. In rough order of how old our systems/skills are, as humans, here are some of them:
- Time management (regular)
- New York City governance
- Sewing (electric)
- Time management (with mass media)
- Bicycling (in car-heavy urban environments)
- Time management (with email)
- Python packaging
- Time management (in attention-casino electronic environment)
# 18 Sep 2017, 01:35PM: Supporting Int 1696-2017 for Source Code Transparency in New York City:
The principle at stake in California v. Johnson: due process requires that we be able to examine the evidence used to convict someone. Kern County got a $200,000+ grant and started using closed-source software to perform a new kind of DNA testing for criminal forensics. You are not allowed to audit the software to check for bugs, but the company founder will fly in and testify in court to say he attests to the validity of the results it finds. Uh, no, we need to check, and the ACLU and EFF have just filed amici curiae* briefs before California's Court of Appeal for the Fifth District, saying so.
As I've written and even testified, we need more auditability, transparency, and security in software governments use in laboratories and field tests. Heck, we need it in software governments use to make decisions more generally -- lotteries for visas, school assignments, parole and prison sentencing, and so on.
So I was delighted to learn of bill Int 1696-2017, currently before New York City's City Council. Summary:
This bill would require agencies that use algorithms or other automated processing methods that target services, impose penalties, or police persons to publish the source code used for such processing. It would also require agencies to accept user-submitted data sets that can be processed by the agencies' algorithms and provide the outputs to the user.
I applaud James Vacca, chair of the council's Committee on Technology, for introducing and sponsoring this bill, and for citing/shouting out to danah boyd, Kate Crawford, and Cathy O'Neil as people whose work has shaped this legislation. The New York Times says: "As a committee chairman, he plans to convene hearings before he leaves office in December." I'm looking forward to attending those hearings.
If you live in New York City, you can contact your councilmember and suggest they cosponsor this bill. If you live elsewhere, consider telling your local elected officials that they oughta introduce legislation like this. When writing or calling, if you're a programmer or other technology expert, say so -- our voice matters.
I have more links in the algorithmictransparency tag on Pinboard.
* Many years ago, Seth Schoen made me an illustration that we still have somewhere. Reconstructed from memory:
[one smiling stick figure, male, near a courthouse] Sum amicus curiae.
[one smiling stick figure, female, near a courthouse] Sum amica curiae.
[many smiling stick figures of various genders, near a courthouse] Sumus amici curiae.
[one stick figure, male, holding a finger to his mouth as though shushing you, near a courthouse] Tacit! Sum inimicus curiae!
Edited Tuesday Sept. 19th to add: The Committee on Technology is holding a public hearing to discuss Int 1696-2017 on Monday, October 16th.
# (2) 13 Jun 2017, 10:41AM: Transparency And Accountability In Government Forensic Science:
In February, I learned that the New York State Assembly was planning a public hearing on government oversight of forensic science laboratories, and then was invited to offer ten minutes of testimony and then answer legislators' questions. This was a hearing held jointly by the Assembly Standing Committees on Codes, on Judiciary, and on Oversight, Analysis and Investigation and it was my first time speaking in this sort of capacity. I spoke on the importance of auditability and transparency in software used in devices the government uses in laboratories and field tests, and open source as an approach to improve these. And I testified to the efficiency, cost savings, security, and quality gains available by using open source software and by reusing and sharing open source software with other state governments. Here's a PDF of my testimony as written, and video and audio recordings are available as is a transcript that includes answers to the legislators' questions. It is a thrilling feeling to see my own words in a government hearing transcript, in that typeface and with those line numbers!
As I was researching my testimony, I got a lot of help from friends who introduced me to people who work in forensics or in this corner of the law. And I found an article by lawyer Rebecca Wexler on the danger of closed-source, unauditable code used in forensic science in the criminal justice system, and got the committee to also invite her to testify. Her testimony's also available in the recordings and transcript I link to above. And today she has a New York Times piece, "How Computers Are Harming Criminal Justice", which includes specific prescriptions:
Defense advocacy is a keystone of due process, not a business competition. And defense attorneys are officers of the court, not would-be thieves. In civil cases, trade secrets are often disclosed to opposing parties subject to a protective order. The same solution should work for those defending life or liberty.
The Supreme Court is currently considering hearing a case, Wisconsin v. Loomis, that raises similar issues. If it hears the case, the court will have the opportunity to rule on whether it violates due process to sentence someone based on a risk-assessment instrument whose workings are protected as a trade secret. If the court declines the case or rules that this is constitutional, legislatures should step in and pass laws limiting trade-secret safeguards in criminal proceedings to a protective order and nothing more.
I'll add here something I said during the questions-and-answers with the legislators:
And talking about the need for source code review here, I'm going to speak here as a programmer and a manager. Every piece of software that's ever been written that's longer than just a couple of lines long, that actually does anything substantive, has bugs. It has defects. And if you want to write code that doesn't have defects or if you want to at least have an understanding of what the defects are so that you can manage them, so that you can oversight them (the same way that we have a system of democracy, right, of course there's going to be problems, but we have mechanisms of oversight) -- If in a system that's going to have defects, if we don't have any oversight, if we have no transparency into what those instructions are doing and to what the recipe is, not only are we guaranteed to have bugs; we're guaranteed to have bugs that are harder to track down. And given what we've heard earlier about the fact that it's very likely that in some of these cases there will be discriminatory impacts, I think it's even more important; this isn't just going to be random.
I'll give you an example. HP, the computer manufacturer, they made a web camera, a camera built into a computer or a laptop that was supposed to automatically detect when there was a face. It didn't see black people's faces because they hadn't been tested on people with darker skin tones. Now at least that was somewhat easy to detect once it actually got out into the marketplace and HP had to absorb some laughter. But nobody's life was at stake, right?
When you're doing forensic work, of course in a state the size of New York State, edge cases, things that'll only happen under this combination of combination of conditions are going to happen every Tuesday, aren't they? And the way that the new generation of probabilistic DNA genotyping and other more complex bits of software work, it's not just: Okay, now much of fluid X is in sample Y? It's running a zillion different simulations based on different ideas of how the world could be. Maybe you've heard like the butterfly effect? If one little thing is off, you know, we might get a hurricane.
# 07 Feb 2017, 11:18AM: Upcoming Talks:
I happened upon the New York state Assembly's website last week,* and noticed an upcoming hearing about "Government oversight of forensic science laboratories" (PDF), hearing oral testimony by invitation only. I wondered: Who's on the list of witnesses? And will any of them talk about the danger of closed-source, unauditable code used in forensic science in the criminal justice system?
I followed up, and we got me, plus Rebecca Wexler, the author of that piece, invited to speak. We're testifying tomorrow, Wednesday, February 8th, in New York City. In preparation, I'm conferring with Karen Sandler of Software Freedom Conservancy (who was slotted to speak but now can't) and with acquaintances who work in government forensic labs.
I did speech and debate in high school so in some sense I have been preparing for this for twenty years.
A little further off:
Next week, I will participate in the WONTFIX Cabal (Maintainerati) unconference for open source maintainers on February 15, 2017, in San Francisco, California, USA.
I will give the closing keynote address at LibrePlanet, a free software conference, March 25-26, 2017, in Cambridge, Massachusetts, USA. Tentative title: "Lessons, Myths, and Lenses: What I Wish I'd Known in 1998."
I will be one of the Guests of Honor at Penguicon, an open source and science fiction convention, April 28-30 2017, in Southfield, Michigan, USA.
* via Lauren Sperber's blog post about "the New York State Reproductive Health Act to get abortion removed from New York State's Penal Code"
# 30 Apr 2016, 02:21PM: Entertainment Benefits of IDNYC Card:
The new IDNYC card is free, government-issued photo ID for New York City residents. "Immigration status does not matter." That is to say, people who are came to NYC from abroad, and currently don't have legal documentation to support that, can get this card. Which is great -- it gives everyone, including them, a way to start banking, get access to schools and have something to show to hospital receptionists. It also works as a library card, and has a bunch of other benefits. Also, the application's gender options are:
- Not designated
Friends of mine are getting their cards for the free memberships at the New York Botanical Garden, American Museum of Natural History, MoMA, Museum of the Moving Image, and dozens of other museums.
I was curious about the entertainment benefits, specifically, cheaper movie and theater tickets ("Movie Tickets as low as $8.00"). In order to get those benefits, you have to register at MemberDeals.com, a for-profit website run by Entertainment Benefits Group, Inc. And the site does not give you specifics about what you can expect if you register; you have to register in order to browse deals. The IDNYC site is pretty specific about the other benefits, and I'd like to know more before I register. So, in another installment of "I make phone calls to closemouthed organizations and then blog the results", I phoned up their customer service line.
Registered members can expect special offers emails about biweekly, and can always unsubscribe.
The customer service rep did not give any examples of specific amounts in current discounts EBG offers its members, e.g., "$50 for such-and-such a ski ticket." But she said that the EBG membership includes "countless" offers to various different things, including discounted hotel rates (not mentioned on their website). The sports teams they offer discounted tickets to see include the New York Yankees. And they have deals with several movie theater chains, including Regal, AMC, and United Artists (UA), to offer discounted movie tickets to their movies in general -- it's not just "special offer: see the new Zappa documentary for $6". (I assume that there are exceptions, e.g., you can't use the discounted tickets to see certain blockbusters on opening weekend; when I've gotten discounted movie passes in the past, that's how it's worked.)
I think my cell phone glitched and ended the call before I could probe further. I am kinda averse to deliberately signing up for a for-profit marketing-centric organization's services in the hopes of ill-defined rewards, so I poked around a bit more.
EBG owns a bunch of sites (why not? "Our Technology Delivers Fun Most Efficiently") so I decided to poke around those on the theory that they're probably giving all the members access to mostly the same experiences, just branded differently and segmented at slightly different price points. Like, their site NewYork.com (available to the public) has Les Misérables tickets for $83 and up, while Working Advantage (companies contract with EBG for member-only discounts) mentions Les Mis orchestra seats for $73 on their front page right now.
Some specific prices and offers: a video urging companies to sign up mentions The Lion King, Walt Disney World, Universal Studios, and Kennedy Space Center as attractions for your employees, and promises prices "up to 50% off what the public is paying". The Tickets At Work blog promises 50% off select Yankees games, or 20% off a luxury suite at a Yankees game. The Broadway shows NewYork.com handles have a lot of overlap with what you'd get at TKTS at (to my eyeballs) vaguely similar prices, so the member-only prices would probably also be fairly good. And the Working Advantage home page mentions several specific attractions, rental car companies, etc. It also enumerates movie chains they cover:
- AMC Theatres
- Regal Entertainment
- Cinemark Theatres
- Showcase Cinemas
- Century Theatres
- Edwards Theatres
- Bow Tie Cinemas
- Hollywood/Wallace Theatres
- Harkins Theatres
- Malco Theatres
- Marcus Theatres
- Pacific Theatres
- United Artists Theatres
- Angelika Film Center
- Reading Cinemas
- Landmark Theatres
(That's on the front page, under the "Movie Tickets" hover-to-display menu; not super accessible.)
So overall, I think most IDNYC cardholders who have a bit of disposable income, and who enjoy sports/theater/theme parks/etc. but would like to save a bit of money on those things, would find it useful enough to go ahead and register to get the discounts, despite the privacy/spam implications. Hope this helps others make the decision!
# (1) 28 Aug 2009, 09:10PM: Vis-a-Vis a Visa:
As I was applying for the Points Based System Tier 1, General Migrant visa to the United Kingdom, I had a number of questions that the UK Border Agency website and UK visa application site (a.k.a. Visa4UK) did not clearly answer. The UK Consulate in New York City does not allow personal visits from visa applicants and will not take phone calls with questions about visas; they delegate this sort of stuff to the private firm Worldbridge, a division of Computer Sciences Corporation (CSC). Worldbridge charges money to answer questions via phone and does not offer in-person advice.
If the consulate thinks you're missing a document, or have something else wrong with your application, they usually just reject the application rather than phone you to get it cleared up. So I wanted to get everything right the first time. I ponied up to get a person on the phone to answer some of these questions, so I wanted to put the answers up where anyone could read them for free. All this information is courtesy Carolina of Worldbridge.
- Can I submit my documents in person at the British Consulate in Manhattan? No, they only accept visa applications from applicants via mail. But the Consulate does accept overnight packages, and accepts packages via DHL, FedEx, and UPS in addition to US Postal Service.
- Is there any way to expedite the process? Yes. You can pay commercial expediting agencies such as A Briggs. They, unlike regular applicants, are allowed to submit applications in person, and often promise same-day processing. The Consulate doesn't guarantee anything about these agencies, except that Worldbridge can provide a list of expediters who have "registered" with the Consulate. Carolina wasn't really clear on what that meant, or how one registers with the Consulate and what the criteria for registration are, or why I couldn't become an expediting agency myself, register with the Consulate, and thus walk in for same-day service.
- The Consulate is closed for Labor Day, 7 September 2009.
- Should I use paperclips or staple the documentation together? Use a paper clip.
- Should I include a table of contents, listing what documents I've enclosed? There's no need to do that, but it's fine if you do.
- The visa application instructions say I should include a copy of each supporting document; does it need to be a color photocopy, or is black and white okay? Black and white is fine.
- Should I include a copy of relevant pages of my passport? No, you don't need to do that.
- If you are applying from the US, you applied via a web-based form. When you competed the application, you got a printable webpage. Include one copy of that printout of your application. This is instead of printing the VAF9 "Personal Details" PDF and filling it out by hand. But you do have to print out that Self-Assessment Appendix PDF and fill it out by hand and include one copy of that with the application.
- What kind of information does the officer want to see in response to "Is there any other information you wish to give in support of your application?" Worldbridge won't advise you on how to fill out your application and that includes explaining what the officer might like to see here, or find relevant. My job history, my family here in the States, my job in the UK, my travel plans? No advice.
- The self-assessment appendix includes a space for you to detail your earnings: source, dates, amount, applicable exchange rate, and so on. There's barely any space there, so it's okay to note in that space that you're doing it on a separate sheet, and then attach a separate spreadsheet or letter with all those details.
- As documentation of your earnings, or of your maintenance funds, personal printouts from the online-banking website of a brick-and-mortar bank aren't good enough, even if they have the bank logo on them. You need official bank statements, either originally printed by the bank (with color logos and so on), or signed & stamped by a bank employee. You are not required to circle or highlight the relevant deposits or balance numbers, but you aren't prohibited from doing so, either.
- It is okay to attach a separate letter with additional information you want the officer to consider, but there's no guarantee it'll be looked at.
In Sumana's opinion, your safest bet is to think hard while you're filling out the online application so that you can put as much as you need to into the Is there any other information you wish to give in support of your application? space near the end of the form. Maybe that's the best place to put the "please post-date the visa by 2 months" note; I don't know.
- How many passport-sized photos do you need, and how should I attach them? Include two passport-sized photos, and paperclip them on. They might get damaged if I paperclip them directly; how about in a little envelope? Yeah, sure, that's fine.
Worldbridge also takes questions by web form and returns answers via email, but I'm glad I spent the $12 to get half an hour of live chat. Sample dialogue in the phone call included:
"How should I attach the passport photos?"
"All photos should measure 45mm by 35mm; and be in colour; and be taken against a grey or cream background..." [basically reading from the rather frightening photo guidelines PDF]
"I know that. I'm asking how you want me to attach them. Is it okay to put them in an envelope and paperclip it on?"
"You can just paperclip the photos directly to the application."
"But that seems like it'll damage the photos. Is it okay to put them in a little envelope and paperclip the envelope to the application?"
"Yes, that's okay."
I can only imagine how maddening it would be to ask all these questions via email and then battle a response-bot that spouted vaguely-related boilerplate off websites I'd already found inadequate. As it was, Carolina was astonished when I suggested I might highlight or circle relevant bits of my bank statements to make the important numbers easier to find. Yeah, Worldbridge, I can see how thinking ahead to make the user's experience easier wouldn't come naturally to you.
Obviously I'm not a lawyer or expert, all the tips above are my paraphrasing of advice I got on one occasion from one Worldbridge employee in late August 2009, and I can only wish future applicants luck. Hope this helps.
You can hire me through Changeset Consulting.
This work by Sumana Harihareswara is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.
Permissions beyond the scope of this license may be available by emailing the author at firstname.lastname@example.org.