Can AI help you get your next job?

There is an increasing number of AI-based tools that are being used in the hiring and HR process. I am not sure whether this is a benefit to job seekers and to the employment business. Certainly, there are plenty of horror stories, such as this selection from 2020’s most significant AI-based failures such as deepfake bots, biased predictions of pre-criminal intent, and so forth. (And this study by Pew is also worth reading.)

I would argue that AI has more of a PR than HR problem, with the mother lode being traced back to the Terminator movies and Minority Report, with Asimov’s Three Laws of Robotics thrown in for good measure. In a post that I did for Avast’s blog last fall, I examined some of the ethical and bias issues around AI. Part of the issue is that we still need to encode human judgment into some digital form. And people aren’t as consistent as machines — which sometimes is a useful thing. I will give you an example at the end of this post.

But let’s examine what is going on with HR-related AI. In a study done last year by HRExaminer, identified a dozen hiring-based AI tools, with half of them focusing on the recruiting function. I would urge you to examine this list and see if any of them are being used at your workplace, or as part of your own job search and hiring process.

One of the ones on the list is HiredScore, which offers an all-purpose HR solution using various AI methods to rank potential job candidates, recommend internal employees for open positions, and measure inclusion and diversity. That is a lot of places where the doomsday “Skynet” scenario of the machines taking over could happen, and is probably one of the few plot lines that Philip K. Dick never anticipated. Still, the company claims they have trained their machine learning algorithms with more than 25M resumes and twice as many job postings.

There are other niche products, such as Xref’s online reference checking or the testing prowess of TestGorilla. The latter offers a library of more than 135 “scientifically validated tests” for job-specific skills like coding or digital marketing, as well as more general skills like critical thinking. That one struck another nerve for me. The reason I put that phrase in quotes is because I can’t validate its claim.

As many of you who have followed my work have found out, my first job in publishing was working for PC Week when it was part of the Ziff Davis corporation. ZD had a rule that required every potential hire to submit to a personality test before getting a job offer. I have no recollection of the actual test questions all these years later, but obviously I passed and so began my writing career.

In the modern era, we now have vendors that use AI tools to help screen applicants.  I am not sure I would have passed these tests if ZD had them available back in the day. That doesn’t make me feel better about using AI to help assist in this process.

Let me give you a final example. When I went to visit my daughter last month, I was given a specific time period that I was allowed to enter Israel. Only it wasn’t specific: the approval was granted for “two weeks” but not starting from any specific time of day. I interpreted it one way. The German gate agents at Frankfort interpreted another way. Ultimately, the Israeli authorities at the airport agreed with my point of view and let me board my final flight. If a machine had screened me, I would have probably not been allowed to enter Israel.

In my post for Avast’s blog last year, I mention several issues surrounding bias: in the diversity of the programming team creating the algorithms, in understanding the difference between causation and correlation, and in interpreting the implied ethical standards of the actual algorithms themselves. These are all tricky issues, and made even more so when you are deciding on the fate of potential job applicants. Proceed with caution.

Avast blog: Fighting unpredictable existential threats

Earlier in June, CogX Festival brought together representatives from business and government to discuss innovation. I watched a panel session on dealing with unpredictable existential threats. The panelists included Robert Hercock, the Chief Research Scientist at BT Security, Clarissa Rios Rojas, a research associate at the University of Cambridge’s Centre for the Study of Existential Risk, and Avast CISO Jaya Baloo. Rojas and her colleagues spend a lot of time looking at a wide range of global risks that could lead to human extinction and other dire circumstances. You can watch the session here and can read my synopsis of the conference session on Avast’s blog here.

The role of mutual trust when you resume international travel

I recently spent two weeks in Israel visiting my daughter’s family. Making the arrangements was an interesting exercise and exposed how broken our mutual trust relationships have become in the Covid era. There are several weak points, especially under the strain of crossing international borders:

— Crossing borders (customs and immigration procedures). Before the pandemic, there were fairly well-defined rules on how one could enter another country. Some places, such as the EU, had complete trust and no actual physical barrier between countries: it was more a line drawn on a map. But that trust has broken down, and now the rules are in flux, seemingly with daily changes.

In my previous visits to Israel, I didn’t need a visa as an American citizen. But I was interrogated by a customs official as to my purpose. That in-person conversation was replaced by a pre-flight application process that was maddening. I had to provide all sorts of documents to the Israeli embassy (in Miami, which covers my part of the US). My application was questioned several times before getting approval. Once I arrived at the Tel Aviv airport, I was able to gain entry to the country by just scanning my passport, and a quick conversation with a health ministry representative that wanted to see the documentation about my negative Covid PCR test. The passport scan had previously only been available to those holding Israeli passports, and is similar to our Global Entry process.

— Proof of vaccination. The issue for any American traveling abroad is that our cardboard proof of vaccination isn’t trustworthy. I had to get a blood test in Israel that proved it: the locals have an app that is tied to their HMO’s system that used to be a condition for entering public places like shopping malls and sports stadiums. While I was there the restrictions were removed: that is what happens when sufficient folks have gotten vaccinated. But without the blood test, I would have had to stay in isolation at my daughter’s home during my entire visit.

— Passenger behavior (inflight). The news media is filled with stories about misbehaving passengers who have been arrested and removed from flights. The vast majority of these cases were from domestic US flights. The international flights that I was on saw no trouble. And when I interviewed my flight attendants, they also said that the cases were overstated by the media.

— Passenger behavior (on the ground). The five airports that I was in (St. Louis, Houston, Frankfurt, Tel Aviv and Newark) all had vastly different experiences. The most crowded airport was Houston and most of the passengers were masked and the airport shops were open and busy. In Tel Aviv’s airport, few people wore masks and donned them just before boarding their flights. Frankfurt was a ghost town and few shops and airport lounges were open, although I did find one where I could take a shower. Newark was busy, and had frequent PA announcements that any passengers without masks would be subject to a $50 fine.

I am glad that I got an opportunity to see my family. The bottom line for those of you that want to travel internationally in 2021: plan ahead and be prepared to roll with sudden and inexplicable changes.

Avast blog: Should you just walk away from Amazon’s “Just Walk Out” tech

If you’ve been following Amazon’s move towards having physical storefronts, you probably have seen the news about a series of different types of retail stores they have created, including bookstores, grocery stores, general merchandise stores, and shops selling prepared food. Add to this along with the fact that they’ve owned Whole Foods Markets for the past four years. In my blog post for Avast, I take a closer look at the way that these Amazon outlets collect customers’ money, how they access their data, and some of the privacy implications tied to Amazon’s “Just Walk Out” technology. These stores and technology take the collection of shopper data to the next — and perhaps creepier — level.

Avast blog: How to add authentication to your Facebook and Google accounts

By now you have heard about the latest Facebook data breach that exposed private data from more than 500M accounts. You can follow the steps to take on my latest blog post for Avast here where you can walk through what you need to do to enable two-factor authentication on your accounts.

Unfortunately, Facebook (and Google) don’t make authentication particularly easy. And to make matters worse, both companies have the habit of changing their menu options to confound even those who have done it previously. My recommendation is to use a web browser, rather than mobile apps, for these activities. This is because you’ll want the additional screen real estate and some of the options are more difficult to find in mobile apps.


Vax passports update

I wrote about vaccine passwords for Avast’s blog back at the beginning of the year. Since then, we have some more clarity over where and how they will be used, and a lot more questions too. Here is a brief summary on their progress.

First, the passports have now entered the political arena. Several states (including Missouri and Florida) have actually issued rulings preventing them from being used by state agencies or by local businesses. Pennsylvania, Montana and Arkansas are close to passing similar prohibitions. The White House has stated that there will be no federal mandate for any vax credentials. This pretty much guarantees that Americans will be stuck with those postcards that are handed out when we got the Covid shots. Coming from the opposite direction is NY which has their own passport app. As Shelly Palmer documents, this has been a fiasco — even calling the app the NYS Wallet to confound usability and destroy what little trust users might have about this passport.

The politics of the passport go something like this: we don’t want to create a centralized health database, because chances are the gummint will screw that up and we would have a massive data privacy issue on our hands. (Perhaps almost as bad as what just happened recently with Facebook.) Yet the local health departments have been issuing paper vaccination records for decades without any controversy (for the most part), and schools and military use these paper documents to prove that you have gotten vaccinated.

Covid it seems requires something new and a more digital approach. And with a new system comes the challenges of being able to preserve privacy and yet allow people to have their individual freedom. The ACLU has weighed in with their opinion here. They warn, “we could see a rush to impose a COVID credential system built on an architecture that is not good for transparency, privacy, or user control. The devil is in the details.”

But there are some pretty significant efforts being done by open source folks, such as this one that is trying to work out these details to keep the vax record on an individual’s smartphone. We shall see whether these will pass muster and have the right controls when they are finally implemented. There are some pretty smart people working on this, but then because of politics anything could go awry. (I wrote about the anti-vax movement earlier this year here.) In the meantime, when we get our Covid vaccinations, we get a small postcard. But will that be sufficient proof?

Second, the pilot programs have begun but have very limited use. One series of trials has been happening at more than 20 different airlines that are using the IATA travel pass. These trials are typically on a couple of city pairs and a small number of flights, where passengers are notified they will either have to download an app or print out the certificate to prove they have been vaccinated. None of these are US-flag carriers, and probably the furthest along is Singapore Airlines, which is planning on rolling out this pass by summer.

Probably, the furthest along is the Israel Green Passport smartphone app. Israel has done the best job of almost any nation at getting vaccines distributed to people over 16. The app is required for numerous large social gatherings, although as this NYTimes article documents, it isn’t uniformly enforced. One interesting side note: another digital passport is being contemplated to be used by airlines and nearby-countries to allow Israelis passage and entry if they want to travel. It isn’t clear how this will work. One problem: given that children haven’t yet been vaccinated, families who want to eat or attend these activities together can’t, unless the kids get a Covid test ahead of time.

The enforcement issue brings up another point: who is going to authenticate the passport holder? Right now when we can actual cross an international border, there are trained professionals who look at your regular passport and any paper and digital visa stamps and approve your passage. Do we really want to have bar bouncers, part-time ticket takers and other assorted folks determining whether we can enter a concert venue, shopping mall, restaurant or whatever?

Israel has addressed this problem of controlled access a long time ago. If you want to attend university, go to a shopping mall, ride a train or go to a concert, you have to pass through the barrier that most Americans just associate with airport TSA checks. Granted, these checks were mainly for weapons, and to that effect similar controls were recently placed around the Capitol. Yet many members of Congress pay them no heed. That doesn’t bode well for US-based enforcement.

There are a lot of other issues about how to implement the vax passport apps, and solving these isn’t going to be easy. But at least getting your shots is getting better: we are approaching delivering 4M shots a day now.

Going against type: this Jewish liberal owns nine guns

I have a confession to make: I have never fired a gun. I don’t own any firearms, and the closest I came to having a gun was when I was growing up my brother was a member of the high school rifle team and we had some old thing. But a friend of mine, whom I will call Harry, is a gun owner. Indeed, he now owns nine different ones: a mixture of rifles and handguns, revolvers and semi-automatics. Given that he lives in New Jersey, he can’t easily carry them — either concealed or openly — and has to carefully transport them from his home to the various ranges that he shoots competitively.  Yes, he is a real gun advocate now.

And did I mention that he is your stereotypical Jewish liberal from the northeast? “For 50 years, I didn’t think anyone needed guns. But now I feel differently.” Harry is your typical suburbanite: has two adult children. Neither of whom — nor his wife– are very interested in using his guns, although his daughter has shot one of his weapons to impress her boyfriend, who is looking for a career in law enforcement.

Harry bought his first gun, a HK 9 mm, back in 2016, just after Trump started winning various primaries. “I figured if he got elected, he could set the country back 50 years. And with all his turmoil and racist language, I wanted to be able to defend my own home. I was afraid that my family would be one of the first targeted, since we are Jewish.” His first gun had a magazine for 15 rounds, but he had to give that up because New Jersey changed their law to restrict magazines to just 10 rounds. “There is a lot to know legally,” he told me. “And our state has a lot of restrictions, so the liberals who say we need more regulations don’t understand the wide variation in different states.” Exactly: here in Missouri, we have more liberal gun laws. He does have concealed carry permits for Virginia and Florida, and has a variety of reasons for obtaining those permits in these places.

The other issue for Harry is the amount of time it takes him to actually get a gun. “It took me a long time to register and obtain a permit — it was supposedly to be less than 30 days but now it takes longer because so many people want guns,” he told me. “And when I actually walk into a store and buy my gun, it used to take just a few minutes to do the background check, but now it takes as long as a week.” There are millions of new gun owners as a result of Biden’s election, interestingly. And if he were to go to an out-of-state gun show, many of the sellers don’t want to bother selling him anything, since it has to be shipped to a licensed gun dealer in New Jersey.

Harry has spent nearly $9000 over the years, on all of his weapons and on a stockpile of more than 15,000 rounds of various ammunition. You might think he is part Doomsday prepper, but he tells me that when he shoots at the range, he could easily go through 300 or so rounds, and because he is Jewish, he buys in bulk. (Sorry, just had to put that in there.) He has met plenty of other Jews on the range.

He is also an NRA member, but he doesn’t fully support their political positions. He became a licensed instructor. “I wish they would stick to their training — which is excellent — and did less of their political BS,” he told me.”But not all of us gun owners are planning to revolt against the government either.”

Harry is also a lifelong Democrat, and has never voted for a Republican presidential candidate. But he also decries the left-wingers that populate his party, and thinks they are off base. “I absolutely hate Trump, and can’t stand him as a person or as a candidate. I actually find him nauseating. But many of the press stories are just not true,” he told me.

Yes, we have more guns than people here in the US. And Harry is certainly an example of how that is possible. But you can’t paint every gun owner on the same canvas.

What doesn’t get backed up makes you stronger

I was just finishing off an article that will be posted on the Avast blog in a few days about ransomware-as-a-service. I was typing that one way to minimize the damage from ransomware is to “ensure that your backups are intact and accurate.” This was somewhat ironic, given that soon after disaster struck. And it had to do with the poor quality of my iPhone backup. As if this wasn’t bad enough, next week is the annual World Backup Day. Let’s rewind a bit to set the context.

For the past four or so years, I have been using an iPhone 7. Because I was a cheapskate, I bought the phone with only 32 GB of storage. Over the past several months, as I diligently kept the iOS version updated, I saw that it was having issues finding enough empty space to do the updates. Then last week I got tired of deleting apps or trying to fit my music and photos (the things that take up the most storage) and just said the heck with it and bought a new iPhone 12 and got the 128 GB model, which hopefully will last me a few years. This is my fourth or fifth iPhone (I think I had the 4 before the 7). Activating and moving my data over to the new phone was time consuming but mostly an automated transfer of data, and today I was ready to get down to working with the phone.

Just one problem. I am a big user of the Google Authenticator app to provide additional login security, and when I went to open the app on my new phone, there were no password codes installed. Now, I have about 25 different logins that use this app, and if I didn’t have access to these codes it meant that I couldn’t login to any of my apps. After I had been resuscitated seeing that empty Authenticator screen, I was ready to figure out how to get these login authentications back on my phone. One thing that I didn’t want to do was to have to authenticate each login separately by entering manually these logins to the app. Fortunately, I still have my old phone, and (after looking around) I found the way to transfer them manually. I had to do it 10 logins at a time (the Authenticator app produces a nifty QR code that you then use to restore the logins to the new phone), but problem solved. If my phone had been lost or stolen, I think I would still be in the local cardiac care unit.

Even the best backup plans can ignore certain scenarios. Look at the OVH data center that was on fire not too long ago. That brought down quite a few internet sites. that never thought they would see something like that happen. And I have had my own brushes with bad backups (or no backups, as the case may be), including a fire in my office building many years ago, or a flood in my provider’s basement. Both times things could have been catastrophic, and I did learn my lessons and improve my internal procedures. (Here is a post that I wrote many years ago about my own backup commandments. And for your own amusement, there is always the Tao of Backup.

But apparently there are still some lessons to be learned. So this whole experience with Google Authenticator made me think what else isn’t being backed up on my new phone? How about all the credit cards that I entered for my Apple wallet? Yup, MIA. A relatively easy one to fix. But still, ensuring your backups are complete isn’t a simple concept, even for a company of one. And there are still lessons to be learned, particularly as we do more computing on our mobiles.

Understanding the issues behind crypto art works

This week the art auction house Christie’s sold a work of art for $69M. What is noteworthy here is that the artist Mike Winkelmann had until last fall never sold any of his works for more than $100. Entitled Everydays: The first 5000 days, (a portion of it shown here) the artwork was entirely a digital work. The buyer got a digital record of the work, but not the graphics file itself. What was interesting about the sale was the bidding process, typical of a valuable eBay collectible: the auction had to be extended several minutes as dozens of hopeful buyers bid the price up in the last moments. You would think they were bidding on a “analog” DaVinci or a Degas. The piece, as you can see, is a digital file composed of a mosaic of other digital files. How meta!

This is the brave new world of what is being called non-fungible tokens (NFTs) or crypto art. This world is heavily into cryptocurrencies, blockchains, smart digital contracts and other totems of tech. Even if you think you understand what each of these things means in isolation, you might not be able to wrap your brain around this concept entirely. So you should start with this post on GitHub, which explains some of the movers and shakers, links to where you can purchase other crypto art works, how the various tech pieces fit together, and other components of this ecosystem. The NY Times documents some of the other crypto works that have recently sold for multiple millions of dollar-equivalents (the actual transactions typically happen via Ethereum), such as a digital copy of Jack Dorsey’s first Tweet. One analog art collector commented about the Christie’s sale that “Art is no longer about a relationship with an object. It’s about making money,” he said. “I feel bad for art.” As someone who has purchased a few analog pieces myself (more on that in a moment), I would tend to agree.

The site CryptoSlam keeps track of recent transactions and should convince you that this is now A Thing. Tim Schneider writes this excellent piece about the crypto art evolution and mentions four important and unresolved issues:

  • Who really owns what? As I mentioned, these works are really selling digital licenses and descriptions but not he bits of the digital art itself. The art is hosted elsewhere – what happens if the hosting provider disappears? Or if your digital wallet is compromised?
  • Will gatekeepers be the same old rich white boys club or have a chance to decentralize and diversify? Or put another way, is there an opportunity for grassroots and sustainable tech platforms to take hold that will encourage a more pluralist art world?
  • Will collectors be the same old RWBC, or worse –the rich tech bros from Silicon Valley? How the gatekeepers and collectors interact will be critical for the future success of the crypto art world.
  • The old system benefitted the collector on resale of the art. Can crypto-based systems benefit the artist since they can track ownership forever? But while using existing ETH-based smart contracts is a step in the right direction, it is just a small step. Most of these contracts don’t contain any resale/redistributions provisions. The Mint fund is trying to solve this in a different way by giving grants and getting new artists started and trying to diversify the creators beyond the US/EU RWBC axis.

This last point deserves further discussion. One crypto artist is Sara Ludy. She wrote smart contracts that lays out the revenue share arrangement, now and forever, for her works. She keeps half of any sale for herself, 15% goes to the crypto marketplace/platform she chooses to sell with, and then the remaining 35% to her gallery, where it is divided among the staff in equal portions. That means as the price of the art work escalates, everyone retains a piece of the action. That Christie’s sale only benefitted the last owner of the work — who wasn’t even the artist. Clearly the crypto world still has some major teething pains.

My first piece of art that I bought was a series of county courthouse photos taken by William Clift in 1976. I owned them for many years and they had supposedly appreciated in value. But when I couldn’t find a buyer, I decided to donate them to a museum instead. That points out that any auction requires both buyers and sellers.

Telegram designs the ideal hate platform

Last week the Parler social network went back online, after several weeks of being offline. Its return got me thinking more about what the ideal hate platform is. I think there are two essential elements: the ability to recruit new followers to hate groups, and the ability to amplify their message. The two are related: you ideally need both. Parler, for all the talk about its hate-mongering, really isn’t the right technical solution, and I will explain why Telegram has succeeded.

This blog post comes out of email discussions that I have had with Megan Squire who studies these groups for a living as a security researcher and CS professor. She gave me the idea when we were discussing this report from the Southern Poverty Law Center on how Telegram has changed the nature of hate speech. It is a chilling document that tracks the rise of these groups over the past year. But the SPLC isn’t the only one paying attention: numerous other computer science researchers have tracked the explosive growth in these pro-hate groups since the Capitol January riots and other seminal events in the hate landscape.

Telegram’s rise in numbers doesn’t tell the complete story. Telegram has crafted a more complete social platform for distributing hate speech and recruiting new followers. Certainly, Facebook still has the largest user base, but their tech hate stack (if you want to give it a name) is nowhere near as well developed as Telegram’s, and Parler’s is a distant third. Compare the three networks below in terms of both amplification and recruitment elements:

Criteria Parler Facebook Telegram
Type of service Microblog Social network Messaging+
Coherent and transparent reporting process for hate speech No Mostly and improving No
Support email inbox No Yes No
Content moderation team It depends Yes It depends (see below)
Appeals process Yes Yes No
Encrypted messaging No Separate app Built-in
Corporate HQ location USA (for now) USA Dubai
Growth in English-speaking hate group followers Unknown Unknown Huge growth (SPLC report)
Group cloud-based file storage No No < 2 GB
Group-based sticker sets No No Yes
Bot infrastructure and in-group payment processing No No Yes

“Telegram is absolutely the platform of choice right now for the harder-edged groups. This is for technical reasons as well as access/moderation reasons,” says Squire. You can see the dichotomy in the table above: most of the moderation features that are (finally) part of Facebook are nowhere to be found or are implemented poorly on Telegram, and Parler is pretty much a no-show. Telegram’s file-sharing feature, for example, “allows hate groups to store and quickly disseminate e-books, podcasts, instruction manuals, and videos in easy-to-use propaganda libraries.” I have put links in the chart above to descriptions on why the bot infrastructure and sticker creation features are so useful to these hate groups.

What about moderating content? Here we have conflicting information. I labeled the boxes for Parler and Telegram as “it depends.” Telegram has said that their users do content moderation. In their FAQ they claim to have a team of moderators. For Parler, their community guidelines document says in one place that they don’t moderate or remove content, and in another that they do. My guess is that they both do very little moderation.

The picture for Parler is pretty bleak. If they do succeed in keeping their site up and running (which isn’t a foregone conclusion), they have almost none of the elements that I call out for Facebook and Telegram. Using the Twitter micro-blogging model doesn’t make them very effective at amplification of their messages (at least, not until some of their personalities can bring over huge crowds of followers) or in recruitment, especially now that their mobile apps have been neutered.

There are two technical items that are both useful for Telegram: its encrypted messaging feature and the difference between its mobile app and web interfaces. Much has been written about the messaging features between the different social networks (including my own blog post for Avast here). But Telegram does a better job both at protecting its users’ privacy (than Facebook Messenger) and has much better integration into its main social network code.

The second item is how content can be viewed by Telegram users. To get approval for its app on the iTunes and Google Play app stores, Telegram has put in place self-censorship “flags” so that mobile users can’t view the most heinous posts. But all of this content is easily viewed in a web browser. Parler could choose to go this route, if they can get their site consistently running.

As you can see, defining the tech hate stack isn’t a simple process, and evolving as hate groups figure out how to attract viewership.

N.B.: If you want to read more blogs about the intersection with tech and hate, there is this post where I examine the evolution of holocaust deniers and this post on fighting online disinformation and hate speech.