Auditing Auditing Algorithms From the Outside: Methods and Implications

scholarscan
Tags: #<Tag:0x00007f08e1461810>

#1

Title taken from a 2015 workshop with another ‘Auditing’ prepended.

Workshop rationale abstract:

An emerging area of research we call “algorithm auditing” allows researchers, designers, and users new ways to understand the algorithms that increasingly shape our online life. This research investigates algorithms “from the outside,” testing them for problems and harms without the cooperation of online platform providers. So far, researchers have investigated the systems that handle recommendations, prices, news, commenting, and search, examining them for individually and societally undesirable consequences such as racism or fraud. In this workshop we treat this new area as a development of the traditional social science technique—the audit study—that creates new ways of investigating the function and relevance of algorithms. Through a cumulative set of activities designed by a group of multidisciplinary organizers, participants will create, document, trick, interrogate, and propose revisions to social media and other algorithms, leaving the attendees with an appreciation of both the ethical and methodological challenges of studying networked information algorithms, as well as a chance for the development of new research designs and agendas to guide future work in this area.

This is without a doubt super interesting and important work. I’ve been watching it loosely (including watching a recent talk by researchers using these methods to study the Facebook news feed) for the last few years. But several things about it give me pause:

  1. It takes the opacity and centralization of platforms like Facebook, Amazon, and Google as a given.
  2. Critique always runs risk of veering into homage (to those platforms).
  3. It’s creating an interest group with competitive advantage in studying platforms from the outside, subtly favoring the continued dominance of such platforms.
  4. Hyperbole alert! Better Kremlinology doesn’t help open societies solve their own problems. Yes this is easily disputed, as surviving in a world with dictatorships is a problem faced by open societies.

Black box testing of software systems is a valuable technique, even if all software were open source and all data available publicly, and probably is an easier application of existing social science techniques than actual code auditing. There aren’t so many open systems of obvious interest to social scientists studying how software intermediates human experience (Wikipedia is an exception, and has a research community around it). Excitement about auditing algorithms from the outside is entirely understandable.

But I hope more social scientists (a new generation? people I just haven’t heard of?) also take to:

  • Studying socially mediating algorithms from the inside
  • Help design socially mediating algorithms with more beneficent impacts

What can the free/open source software community do to make this more likely? Perhaps:

  • Create more social software (not necessarily ‘social networking’ but anything mediating human relationships) aiming for mass adoption and thus of interest to social scientists
  • Make government software procurement favoring and then mandating open source the top political goal, as software mediating government processes is inherently social, political, and of interest to study
  • Read relevant literature and reach out to researchers when designing and demanding systems in the two previous points?

#2

software mediating government processes is inherently social, political, and of interest to study

A tiny example http://web.archive.org/web/20150611220259/http://www.sarasotasheriff.org/icr.html?Inmate= discussed in Sheriff’s website showing PHP code, preferential treatment for county employees?

A tiny bit of code revealed through a bug. Shouldn’t all of the code running this or any other government website be available to the public for inspection?

There’s no way to prove that a website or other service is actually running any particular code, though it takes work and risk to run different code, and there will be revealing bugs if an organization takes on that work and risk. The more difficult to find revealing bugs would still take auditing from the outside to find.