Comment by xarope
3 days ago
This also does not bode well for the future.
"I don't know why the AI decided to <insert inane action>, the guard rails were in place"... company absolves of all responsibility.
Use your imagination now to <insert inane action> and change that to <distressing, harmful action>
This has been the past and present for a long at this point. "Sorry there's nothing we can do, the system won't let me."
Also see Weapons of Math Destruction [0].
[0]: https://www.penguinrandomhouse.com/books/241363/weapons-of-m...
I don't know if this case is in the book you cited, but in the UK they convicted many people of crimes just because the computer told them so: https://en.wikipedia.org/wiki/British_Post_Office_scandal
And Australia made the poorer and suicidal: https://en.wikipedia.org/wiki/Robodebt_scheme
Also “The Unaccountability Machine” https://press.uchicago.edu/ucp/books/book/chicago/U/bo252799...
Also elegantly summed up as "Computer says no" (https://www.youtube.com/watch?v=x0YGZPycMEU)
This already happens every single time when there is a security breach and private information is lost.
We take your privacy and security very seriously. There is no evidence that your data has been misused. Out of an abundance of caution… We remain committed to... will continue to work tirelessly to earn ... restore your trust ... confidence.
What else would you see them do or say beyond this canned response? The reason I am asking is because people almost always bring up how dissatisfied they are with such apologies, yet I’ve never seen a good alternative that someone would be happy with. I don’t work in PR or anything, just curious if there is a better way.
clear, direct description of what happened
exactly what data was exposed
what they failed to do (we used cheesy email, SMS as MFA, we do not monitor links in our internal emails)
concrete remediation commitments (we will stop using SMS for MFA, use hard tokens or TOTP or..., stop collecting data that is not explicitly needed)
realistic risk explanation (what can happen what was lost)
published independent external review after remediation/mitigation
board-level accountability (board pay goes for fix and customer protection, part of the audit results)
customer protection (3 - 5 years?), not just 'monitoring'
and most importantly, public shaming of the CxO and the board of directors
Not apologize if they don't actually care. An insincere apology is an insult.
Harvesting data and failing to even secure it should not be acceptable in society. It should be ruinous to the company and the people who run it.
Lose money accordingly - fines, penalties, recompense to victims, whatever... - so they then take the seriousness of security into account.
Unfortunately, the market seems to have produced horrors by way of naturally thinking agents, instead. I wish that, for all these years of prehistoric wretchedness, we would have had AI to blame. Many more years in the muck, it seems.
Change this to "smash into a barricade" and that's why I'm not riding in a self-driving vehicle. They get to absolve themselves of responsibility and I sure as hell can't outspend those giants in court.
I agree with you for a company like Tesla, not only examples of self driving crashes but even the door handles would stop working when the power was cut, people trapped inside burning vehicles... Tesla doesn’t care
Meanwhile, Waymo has never been at fault for a collision afaik. You are more likely to be hurt by an at fault uber driver than a Waymo
And if they are at fault, it's not going to be easy to get them to admit fault or pay for anything.