-
I’m Sarah, it’s nice to meet you.
-
Pleasure.
-
Hi, I’m Elliot, nice to meet you.
-
Thank you.
-
Hi, I’m Nickson, pleasure to meet you.
-
Welcome.
-
Thank you.
-
Please take a seat. We don’t often use this meeting room because we’re quite far apart in this arrangement. [laughs]
-
But this is very good room for photo opportunities.
-
Yeah, for balance, yeah.
-
Trying to figure out where to sit.
-
How are you?
-
Pretty good.
-
How’s your day?
-
We had a press conference talking about OneWeb, SES, joint cyber resilience, and so on. The local press seems to really like the idea.
-
Okay, great. Cool.
-
Well, thank you for meeting with us. We’re so glad that Kirk was able to put us in touch. He’s a good friend.
-
So, I think you know a little bit about our project, but I’ll just give some brief introductions, and then we can get into it.
-
Sure.
-
So, our project, we’re a Stanford group of researchers and graduate students.
-
We’re working with the Doublethink Labs here in Taiwan to understand the ecosystem of Chinese disinformation both in Taiwan and globally, and specifically how the PRC uses private actors, including marketing firms both in Taiwan and outside of Taiwan, to carry out this disinformation here.
-
So, just by way of background, I’m Sarah. Before Stanford, I worked for the US government for the Department of Homeland Security, working on national security, cybersecurity, and influence operations issues. Elliot was the product owner of a social media analytics platform that had government clients, and Nickson is a staff officer in the Singapore Army.
-
So, all of us have worked on cyber operations and influence operations from sort of the different vantage points, so it’s very interesting to working on this project together.
-
So, I guess to start, we’d love to hear a little bit about how MoDA kind of fits into the Taiwanese government apparatus of countering disinformation.
-
We know there are several agencies that work on a different part of this, the NCC, the Ministry of National Defense, so on and so forth. So, what role does MoDA play and what are the initiatives that you’re currently moving?
-
Yeah, so, well, if you have talked with either Doublethink Lab or with IORG or with Kuma Academy or the Mark’s C-LAB (2:39) and so on, I think they’re all—and AI Labs, I must not forget them, Infodemic—they’re all pointing out now that disinformation may not even be the majority of information aggravation attempts by foreign adversaries now, because we’ve had, as you’ve mentioned, a quite robust disinformation defense, including the legal aspect of it and the ecosystem of it.
-
So, a lot of it is now focused on what the researchers call effective polarization, like polarizing people’s hate toward each other, but not necessarily false, and if it’s not a false message, then, by definition, it’s not mis- or disinformation.
-
So nowadays, I say FIMI, or foreign information manipulation interference, to include the non-dis or misinformation part of effective polarization, and, by far, I think that’s the norm now, that the majority of the operations are centered around this. So at the moment, MoDA is the competent authority for e-commerce vendors, for online gaming, for certain third-party payment systems, and we are part of this anti-fraud team to ensure what we call preventative measures of transnational fraud.
-
This means, for example, having a clearly attributable source of sending messages either from the gov.tw, the single short URL, or from 111, the short SMS code, so that people can know that if there’s an SMS purporting to be from Taiwater or Taipower, and it doesn’t come from 111, then that is fake.
-
So, in terms of the actor behavior content separation, we’re at the upstream. We’re the actor layer, ensuring that there are verified actors, attributable provenance and so on. We’re also the competent authority for the Digital Signature Act, and so we have proposed an amendment, currently in the legislature, hopefully to be passed soon. I think all three parties have endorsed it. The only competition now is how quickly to realize all its mandatory parts for the government institution to adopt digital signature.
-
So our version is three years variously. The parties want one year or two years, and so on, so like, race to digital signature. This is because we have seen, in terms of information manipulation, either a person impersonating a celebrity via deepfake or whatever interactive AI generative forms, or one person purporting to be like 10,000 different people. That’s so terrifying, right? Posting so-called organic advertisements that looks like they’re from a thousand different people. But actually, they’re all from a single person, right?
-
So within the Digital Signature Act, we now stipulate that we will have a stronger form of e-signature. We call it digital signature. The difference is that the digital signature is issued by a certificate authority that’s either the government itself, like our citizens’ digital certificate, or like recognized, approved by the government. So while anyone can sign an e-signature, a digital signature means that it is actually the real person.
-
So, soon, we will become also the competent authority of online advertisement platforms, which includes Facebook, Google, TikTok, the usual suspects. And so we are going to require all advertisers to use digital signature as a KYC process, meaning that it will no longer be possible for someone whose name isn’t Xie Jinhe to impersonate Xie Jinhe in posting advertisements.
-
And also, it will become very difficult for one person to impersonate 10 different people or 10,000 different people. So that is another part. And finally, specifically for TikTok, because it’s the only platform that’s both a significantly sized online advertisement platform, while simultaneously being a “harmful product” according to our Cyber Security Management Act.
-
In the upcoming draft, we define “harmful product” as a product, either software, hardware or service, that is under de facto control of an entity whose de facto control is in the hands of a foreign adversary.
-
So basically, the foreign adversary can have indirect control on a product, which makes it a harmful product, which I understand is very similar to the current US House bill about TikTok. And so using that definition, we’ve already banned TikTok as a harmful product in public service, as well as in high school and primary school networks.
-
But soon, with the new amendments currently in the cabinet, the Cyber Security Management Act, we’re going to extend that to also, like, government devices issued to government employees, or even in specific non-governmental institutions if they’re deemed to be part of the either critical infrastructure or state-owned enterprises, institutions that are deemed to be of cyber security significance.
-
We will also extend the measures on countering harmful products, because that clause was done in reaction to when Pelosi, the former US House Speaker, visited Taiwan. The signboards outside of Taiwan rail stations were displaying paid messages, and although we know it’s not part of the government service network, it’s not a cyber security threat, nevertheless, it’s an information manipulation threat. And so that is one example of a public display operating in a government facility, right?
-
So for things like this, the traditional parameter of cybersecurity management has been extended. We care about the integrity of information systems, but now information integrity outside of information systems is also something that we are concerned about, and we recently just had an online deliberative assembly about this very topic.
-
With a microcosm of 450 Taiwanese citizens statistically represented in the population, and by and large, I think specifically for advertisement or other ways to use money to gain influence, they are in favor of both digital signature and also additional oversight of those large platforms.
-
So that’s kind of overarching description. Feel free to ask questions.
-
Yeah. I know that’s super fascinating. And it sounds like you’re doing a lot on the provenance issue.
-
Yes.
-
And also on authenticity, which I think we’ve thought a lot about as sort of the future of determining what is true. You talked a little bit about preventative measures for society and resilience building among societies, so I’m wondering if you could talk a little bit about what you see as the rules in supporting those others?
-
I think in pre-bunking, certainly. Right. So pre-bunking is, for example, two years ago, I deepfaked myself posting an advertisement to the nation saying that it’s now possible for anyone with a MacBook with 12 hours of computation to deepfake me. Well, now, it’s like 12 milliseconds. [laughter]
-
But still, I mean, it’s good to let people know that these things are coming, so that when they actually do see it, as we actually did leading up to the January election, by and large, it had no effect.The deepfake accounts, people see it as what it is, deepfakes. Nobody actually believed that they are in any way real.
-
Because if you debunk way after the fact, then that actually causes conspiracy theories, and people want to push back and things like that. But if we pre-bunk, that is to say either debunk even before the information manipulation or right after information manipulation, like within one hour or so, that actually reaches the most people before they even install the manipulation, then it has an inoculating effect.
-
And so, this fast response is also something that we are quite proud that we’ve been doing for quite a while, and we will continue to pre-bunk. And I would include deliberative assembly as a part of pre-bunking because talking very deeply for an entire day about such issues also has an inoculating effect.
-
I want to ask a question about working with platforms, and I know that you’ve spoken about this in the past, and it’s actually very interesting, given the legislation that you’re referring to about digital comments when it comes to ads. So one part of this ecosystem that we are investigating is the PRC’s use of marketing firms and then contract out to influencers.
-
That’s right.
-
Right, through the pipeline.
-
They’re just normal advertisers.
-
Yes, exactly. They’re normal advertisers but it’s not an ad and it’s not sponsored content. It’s very hard for platforms to take it down if it’s not considered CID or coordinated online behavior, and to a layperson, it looks like organic content. So is that relevant or does that intersect with the legislation that you’re talking about?
-
Do you mean that it’s using an organic account in the sense that it doesn’t even promote its own posts? Or do you find that to be quite rare?
-
No, I’m talking about the use of influencers who are in a particular niche. They talk about gardening or something. They don’t have a ton of followers. But they will be contracted out through these internet marketing agencies, who are contracted by parts of PRC to read from script or otherwise push a narrative or pay to do so on one specific narrative that’s beneficial to the PRC.
-
Yeah. So first of all, even if they’re individuals, like not a firm or anything, as long as they pay for a boost of their post, according to our definition, that’s an advertisement.
-
Okay.
-
So, we care about end-user-facing internet advertisement platforms.
-
And although we’re not competent authority of it today, we’re working with the Ministry of Economy on that. Hopefully, within a couple months, we will become the competent authority.
-
And so the digital signature requirements is mandatory; it doesn’t matter whether they’re a firm or an individual. And the other thing is for foreign platforms such as TikTok, which doesn’t currently have a local representing entity.
-
If it’s significantly sized, perhaps touching 10% of Taiwanese eyeballs or something like that, then we’re going to make it mandatory so that it registers a local presence so that we can do notice and delivery, and things like that.
-
So you’re conceptualizing a threshold by which it touches or interacts with a certain segment of Taiwanese society that would be able to.
-
Exactly. Yes.
-
Can I follow up on this? So if an influencer pays for a boost on a social media platform to be algorithmically sent…
-
…they’ll have to sign it.
-
They have to sign it, right. So that identifies who the influencer is, but not necessarily who’s paying for them, right? Which is still a separate problem.
-
Yeah, but the text records and everything is then linked, right?
-
The text records.
-
Right. So if they digitally sign it with their real name.
-
Yes.
-
It means that for other laws, for other laws that takes effect, not necessarily our laws, right? It’s not necessarily the Anti-Fraud Act or the Digital Signature Act. It could be the Anti-Infiltration Act. At least the Anti-Infiltration Act now has a real trail to work with.
-
Okay. So you’re confident that just getting a digital signature on their activity will enable existing laws to be more effective.
-
Exactly. Because previously that is not a hard requirement.
-
Right.
-
So we saw a lot of, like, maybe they’re registering in another jurisdiction. And although Google, for example, on YouTube, they already have this KYC, but it’s not a real digital signature, so that you saw a lot of famous people like Xie Jinhe and so on, you still see their likeness on YouTube.
-
Right.
-
And if you look at a poster, you see Xie Jinhe with a simplified character, Xie, or with a sound-alike character or something. But it means that somewhere in another jurisdiction, somebody is using an e-signature that was forged.
-
Right.
-
Because it’s unlikely there’s so many people who happens to have the same name. And so just by requiring the signature issued by us or by the certificate of authority that we approve, a whole class of impersonation and astroturfing is eliminated.
-
Okay. And the social media platforms are…
-
Okay with that.
-
Okay.
-
Yes.
-
Including Meta for…
-
Yeah, we’ve talked with Meta and Google and Line. And because they all signed on this anti-synthetic content, Munich AI accord, right, leading up to elections. So they need to do some sort of C2PA or provenance or whatever anyway.
-
Yeah.
-
And so, it’s not as far-fetched as even just two years ago.
-
Okay.
-
Right. But everybody sees Sora, and everybody saw that.
-
Yeah.
-
You know, you cannot tell by content alone whether it is a real person anymore. So kind of the epistemic backstop is gone.
-
Right.
-
So we need a new backstop, and that might as well be digital signatures.
-
Okay. That’s very interesting. Did you have a question?
-
We’ve covered a lot.
-
Yeah.
-
You talked about how you’ve spoken to Meta and Google and some of these other platforms that now because they’ve signed on to this synthetic, and I forget the name of it.
-
Munich AI accord.
-
And C2PA and all of that. Could you talk a little bit more about working with these platforms, both the big platforms, like Meta and Google, whatnot, and perhaps smaller platforms, like PTT? I know there are tinier ones.
-
Yeah.
-
And they all very much serve a different purpose but are all kind of within this very broad…
-
Yeah, yeah, I think we intentionally in the Anti-Fraud Act and in the definition of internet advertisement platforms exclude PTT or Wikipedia because they do not offer such a service as boosting an ad — via accepting money and increasing the viewership by either pushing or listing content. And so, I think it’s quite important for us to get here this time to say that, you know, we’re just targeting advertisers. We’re not targeting like general speech.
-
And it is also, like, legally a gray area whether a robot or synthetic poster should enjoy some sort of anonymous speech, right? That’s a gray area. But most people in Taiwan, and specifically from our deliberative assembly, nobody think robots should enjoy freedom of speech in an anonymous way. This is just absurd, right? So, if we target just the… internet advertisement, both it’s more focused and also it’s more proportional.
-
So, I have a question. So, this Digital Signatures Act, is that a starting point of a broader effort to…
-
Yes.
-
And where do you see that evolving from this Digital Signatures Act?
-
Yes. Already, we’re getting a lot of interest from C2C sites like online auction and online selling, and so on. Because that was also a big problem that those sellers were individuals. So, just like individual poster that pay for a boost, they’re also doing a lot of promotional listing and so on. And it can look like a very, well, competitive and saturated market, but it’s actually the same person, right?
-
So, nobody likes these scammers. Once they’re taken down, they can just reincarnate with one of the 100 other seller accounts they have. An old KYC, again, is very easily gained.
-
So, like, on the most basic level, it is just a photo of your passport or something like that, which is easily gained, even on the more advanced level where you have to video and turn your head left and right or whatever. That is actually also very easily gained now.
-
So, again, I think that epistemic-based stocks got to be digital signature, and there’s already, because some of them are also third-party payment handlers.
-
And at the moment, because of anti-money laundering, they have to collect a lot of personal ID, photocopies, or things like that, which is both a risk of security breaches to get personal data, but also it’s not a real proof because maybe I use my photo ID to prove myself to you, and then you turn around or you get hacked.
-
And somebody used that to establish a merchant ID somewhere else. But for digital signature, there’s no such issue because it’s always associated with a single timestamp and a single document. So if I sign for me to be listed on an e-auction site or something, that signature cannot go around and sign some other 10,000 different accounts.
-
I like a photo ID copy. So we are getting quite a bit of interest from e-commerce merchants, specifically for the C2C modality.
-
And so, yeah, I think a lot of this extends to many places. Like you can think about online ticket selling, right? The so-called “huang niu”, you know, mass resellers, right? If a new class of non-transferable tickets is invented based on digital signatures, a whole class of this kind of not-quite-legal market is gone, right? So, yeah, I think there’s a lot of downstream applications. My main worry is, that it will compromise freedom of speech, especially anonymous ones like whistleblowing and so on.
-
But we’re also working on the so-called DID wallet, a decentralized wallet, that works with our Digital Signature Act by using, you know, verified by credentials and zero-knowledge proofs to ensure that one can prove one’s personhood or uniqueness without compromising any other personal data about oneself. So this kind of zero-knowledge application already saw a lot of use on blockchain, because if you ID yourself and it’s on-chain, it’s forever, right?
-
So they have to invest in a lot of those zero-knowledge technologies. And so, we’re also making those ZK tech a priority in our digital public infrastructure.
-
And where would you say that technology… that sounds like a very…I mean, that’s a breakthrough technology, right?
-
Yeah, we’ve got a demo working already. So if you have a citizen digital certificate, you can already today link that to your, I think, Ethereum, like, account.
-
And using ZK, it can then use to authenticate in a way that doesn’t ping back, doesn’t phone home to the state. And also it can be used for, like, a composable zero-knowledge proof of personhood.
-
And this is just something you’re programming in your free time?
-
Yeah, in my spare time with the help of a new Taiwanese resident named Vitalik Buterin. No, he’s really a Taiwanese resident now. Right, so, yeah, like the C2PA stuff, at some point, I think this whole chain of generating, editing, and curation, and things like that, is going to be the norm, and everything else will be assumed a bot.
-
And whether we can get a zero-knowledge, right, for this particular scenario, determine whether we just lose anonymity and pseudonymity completely, or whether we can recover some of it, and maybe in a stronger form.
-
And how do you make that secure? Because I assume that when you put all of these on this technology, does that make the system vulnerable to cyber-attacks, cyber breaches?
-
Yeah, we, of course, will talk with our counterparts like NIST, to ensure that we adopt strong enough cryptography, especially post-quantum, when there’s an international standard on that, and so on. That goes without saying. And also, I think just… a good cyber hygiene helps a lot to mentally separate the act of just authenticating versus a binding contract digital signature. That is very important.
-
And I think the digital signature in particular, the ones that are issued by certificate authorities, either the state or vetted by the state, is important. And in our new version, our amended digital signature, I would stipulate that one can assume that this is the same as a personal seal or personal signature, and so people will treat it much more seriously.
-
Because if people say, you know, it was impersonated, actually it falls on them to provide evidence that their CDC card was stolen or things like that. But normally you can assume that this is the same legal person acting. And previously, our e-signature act didn’t have that, and so people take it less seriously, about the same seriousness as authenticating over the internet.
-
So it sounds like the direction you’re going in general, you talk a lot about authenticity, transparency, anti-fraud measures, and it’s really interesting because we’ve sort of adopted almost a similar approach in thinking about this issue through a deceptive business practices, consumer protection angle. We, at least our initial thinking, is that that is perhaps a healthier way, that avoids the freedom of speech implications, to go after some of these things.
-
We’re protecting information integrity.
-
Exactly.
-
We’re not, you know, playing whack-a-mole.
-
Right. And especially they’re not content-based measures, because they’re after the user.
-
Exactly.
-
So I’m curious, because we’ve been thinking about this, not just Taiwan specific, but more broadly in the US context, in the European context, through a deceptive business practices lens, where, for instance, in the United States, the FTC has started to… there was a landmark case a few years ago called the Devumi case, where they went after a firm that was selling likes, followers, whatever, to different businesses and individuals and celebrities to defraud people, essentially.
-
We know there isn’t really an analogous case here, but the Taiwanese FTC had a case a few years ago where they went after, I think it was Samsung, for doing fake reviews.
-
So I’m curious, and it’s not one-to-one, right? The authorities of the US and the Taiwanese FTCs are not exactly the same. So I’m curious in the Taiwanese context whether you think that there is any opportunity there in the deceptive business practice angle.
-
Audrey Tang Yeah, and I read recently that the fake calls are also local calls. So, very good, President. I think these are important, exactly as you put it, because none of this changes the fundamental protections of online speech or association, or any of those rights, right?
-
It just ensures that robots who don’t enjoy freedom of association shouldn’t, in the first place.
-
It just sounds facetious, but anyway, at the current moment, it stays that way, instead of confusing the two categories. And this is, I think, why the analogy of robocalls and so on are so good, because there are already established practices in both the US and Taiwan about robocalls. And nobody wants to speak with the phone for quite a while just to realize they are all pre-recorded or scripted or things like that.
-
So I think we will continue to work with our Fair Trade Commission here, and, of course, the NCC for online communication in general. But I think the main change here is that we are assuming the competent authority mantle for online advertising and platforms, because with it comes the personal and the application authorities, comes the Consumer Protection Act authorities, and so on. These are all defined so that it goes to the competent authority of that particular trade.
-
And by saying that, okay, previously there’s only the advertisement trade belonging to the economy minister, there’s no separate online advertisement. But, you know, the bus or the combo or whatever, all that, the so-called kanban advertisement, are nothing like those precision persuasion stuff that we were just talking about. And so saying that these two are qualitatively different and while this is still under the economy minister, this is now under the digital minister, already says a lot about the best code of practice and conduct.
-
And so this also gives us another pathway toward whether to direct some of the revenue they earn from internet advertisement into democratic resilience or into journalism or things like that, which is another highly debated area. Maybe not as much in the US, but certainly in Australia and Canada. And while they do it in a way that’s more like collective bargaining or adjacent writing, copyright, like in Europe, we think that the largest advertisement platforms no longer really depend on the news content anymore.
-
Now they’re more and more saying, you know, using organic content and large language models or multi-models, that they’re no longer even copying the news anymore, and if they’re not copying copyright or copyright adjacency, adjacency doesn’t count. And so by us becoming a competent authority, we can then shape it to say, you know, this is like a general pollution on the fabric of trust, and we can actually measure it on the effective polarization and so on. And so because of the negative externalities, we can either reassign that liability internally, like if somebody gets conned by a fake advertisement on Facebook, after Facebook refusing to take it down or to label it significantly, then that person may be conned for $1 million, and so we can reassign that and say, Facebook now assumes that $1 million of liability to…
-
This is already true for investment schemes, but we’re looking to extend it to… to more cases, or we can say, you know, there’s this general pollution on the fabric of trust, which can be cured through, like, journalism, through deliberation, through democratic resilience activities, and so your earnings part of it should fund such activities. We can also do that without directly linking it to copyright adjacency.
-
So I think a lot of what we’ve been talking about is behavior, especially like the Anti-Fraud Act is going to be able to go after behavior, right?
-
Exactly.
-
Because that’s deceptive.
-
Yes.
-
But like you said at the top, the majority, you said, of activity is just meant to effectively polarize people, and it’s not necessarily false, right?
-
The content is not necessarily false, because if it’s false, then it falls into the existing laws, which can actually deal with them.
-
Right, so if people are engaging in what appears to be just political speech, free speech, right?
-
Yeah. Mm-hmm.
-
This, the fraud, Anti-Fraud Act, probably wouldn’t apply there, right?
-
Mm-hmm.
-
But if they’re upstream, there’s an actor involved that is, you know, China, or another foreign adversary, how do we get at that activity? Like, is there, how do we, especially when it’s very difficult to make the connection?
-
Yeah, I mean, if there’s no money transfer…
-
Exactly.
-
… Inbound, and there’s no paying for a boost outbound, then of course it’s hard to link any causation, right? Maybe this person really, really, truly believes in the CCP narratives, and I’m prompted, right? And so, and I think if there is no, like, boost using, you know, financial precision persuasion, if it is truly organic, I’m inclined to believe it’s speech.
-
Yeah.
-
Yeah.
-
So, just to follow up on that, we, one of the things we discovered kind of throughout our work this year, we’ve been in Taiwan for a few days now, is the idea that — putting the influencers and individual people aside — there are Taiwanese marketing firms, based here in Taiwan.
-
They are essentially, via several layers of laundering payments, working for foreign adversaries, possibly including China, and that specifically if they are engaging in marketing, that you would perhaps consider PRC propaganda, depending on the income stream, that that might not be legal.
-
Yeah, and then it matters a lot whether the platform they operate on is itself a harmful product, controlled by foreign adversaries. Because, you know, we also read the independent reports, they may be analyzed using hashtags or using other TikTok features, and the day it’s published, that feature is gone, right? You no longer have API access to that particular thing that the report cited, right? And so, which makes rigorous academic checking impossible.
-
So, if you have a kind of adversarial to transparency platform, that itself is, according to us, a harmful product, none of the monitoring transparency measures we just talked about would work, because the platform would just camouflage it, right?
-
On the other hand, I have reasons to believe that when we go to YouTube or when we go to Instagram and say that, you know, independent research shows that this is actually 10,000 accounts by one single person and so on, they usually behave quite reasonably. And so, I think these two classes need to be separated.
-
This internet advertisement for all their drawbacks, once we become their competent authority and wield the new Personal Data Protection Act and the Consumer Protection Act authorities, I fully expect they will comply to the extent that is written in the law. I’m less sure about TikTok, which is why it now falls on them, if the anti-fraud law is passed, to set up local presence and then prove that they’re not under indirect control for an adversary, which they’re probably also going to prove to the US this year. So, we will see. Yeah.
-
We’ll see about that. [laughs] Do you have any other questions?
-
Yeah, I was going to ask, you talked a lot about, you know, the potential dangers of AI-generated content and the dangers it presents.I was wondering if there have been any avenues of collaborating with companies like OpenAI and Anthropic, and can you share a little bit more about…
-
Oh yeah, yeah, we’re in constant talks with the Frontier Labs. I think, and a lot of them are in public transcripts. So, I think the current frontier labs, because they all have signed on that anti-synthetic content thing, they at least provide a baseline norm on either C2PA or some sort of KYC for their API users, and if the API is used for abuse, then they have some way of sounding a red alarm and things like that. So, this is like part of a quite healthy norm.
-
Nowdays, there are inference-time alignment techniques for language models, that can be extended to multimodal as well. It’s basically saying instead of doing alignment, that’s to say making sure the output fits a reward model on pre-training or right after pre-training, it can be done at inference time, meaning that it can use your own GPU, maybe on your phone, to tune a video so that it’s maximally, effectively polarizing for you, and using the reward model that you help train.
-
So, one video can look at like 10 different captions, or 10,000 or 10 million different captions, depending on how many people are viewing that video, and each generated caption would fit that person’s reward model to maximize effect on any axis, really. So, this is the kind of interesting research that they publish publicly, because then it removes a kind of centralizing compute cap on how many people that they can meaningfully tune to effectively affect.
-
Which is why I think this kind of amplification, we might see it more and more. And so, whether a platform is bona fide adhering to those transparency and accountability laws, or whether they sign on it, but like a reserved capability to do like this kind of strike, will be a large concern, especially leading up to election. Because a lot of these tuning can go undetected, even with the best monitoring.If they just do it in a chronic fashion, not in an acute fashion, then maybe it just flies under the radar.
-
So, these are the main things that worries me. But for OpenAI, Anthropic and so on, we’re part of this Alignment Assemblies project, and so, including info integrity, Alignment Assemblies, which was run last Saturday, is just to draw boundaries, so that people can surface new harms, or new potential of harm, very quickly, and for us to, just as we quickly legislated the deepfake harms, around investment scams, around non-consensual intimate images, about impersonating candidates leading up to election, including voice phoning them, and so on.
-
And now, with the online fraud also defrauding people, as soon as new harm is surfaced or speculated, we will move very quickly to amend that part of the law, instead of waiting on a comprehensive AI act to anticipate all harms, which is probably not going to be possible.
-
I guess I have a big picture question.
-
Yes.
-
So, before we came, and really the reason why we came here is because Taiwan is often portrayed as kind of a model of resilience.
-
Yes. And for 10 years, the top target for disinformation attacks, according to V-Dem.
-
Right. So, quite an achievement. And I think there’s rankings out there that put it, you know, Taiwan’s resilience at like 9 out of 10.
-
Yeah, of course.
-
But then, so then we came here, and we heard that story again by talking to various stakeholders within the ecosystem that are actually doing that stuff.
-
But in addition to that, everyone seems to think that there’s additional work to be done.
-
Very much so.
-
Right.
-
Because the threat landscape has changed dramatically.
-
Okay.
-
Yeah.
-
And I think most of those people that we’ve talked to think that government has to play a role in that. There’s some disagreement about what that role needs to be. Free speech comes up in this, and what we’ve talked about.
-
So, I guess I would just, I wonder if everything we’ve talked about here that you’ve mentioned that MoDA is doing right now, does it meet the demands of those actors?
-
Well, according to the… I think it’s a microcosm of 450 people… we sent to 170,000 random SMS accounts. And of the people who wanted to attend, I think 600 people we chose based on this microcosm statistic representativeness, and more than 580 said that they wanted to participate.
-
This is the deliberative?
-
This is the deliberative, the deliberative polling.
-
We work with Stanford on that. And I think around 500 actually did show up that day. 450 stayed for the entire session, which is amazing in terms of engagement rates anywhere in the world.
-
And so I’m reasonably sure that the measures that we have, because it’s partly drawn from their consensus, meets this microcosm of people. On the other hand, I also fully understand there are people of stronger views, like, they may not be statistically representative of Taiwanese, but they see dangers well before other people do, and so they want to know that we have this last resort capability if we underestimate the threat.
-
They want to make sure that we can, for example, block entire domain names, block entire apps, and so on.And to these people, there’s part of it that we are already doing, the DNS RPZ mechanism, which does allow us to block entire Internet domains if that entire domain is scamming in nature. What it doesn’t allow us to do is to, of course, censor facebook.com slash this, slash that, slash that, a specific page, because it works on a domain name service level.
-
But I think there’s a limit of doing things this way. We had to complement the RPZ capability with radical transparency, with publishing as open data, where the request came from, with the appeal process. If you connect to the blocked website, you can see this email that you can begin an appeal process on. And at the end of the day, if you switch to the Google DNS or a Cloudflare DNS, you just bypass them. So it’s not like a great firewall kind of thing.
-
But the Taiwanese people are very sensitive to anything like this. Now, all this is in the cabinet and soon will be for the legislature to deliberate.
-
Okay. Specifically…
-
This capability that I just mentioned.
-
Okay. Yeah, the blocking capability. Fascinating.
-
Anything else? I think that’s all we have for you.
-
Thank you.
-
We really appreciate your time.
-
Awesome questions.
-
Incredibly informative.
-
Great.
-
Thank you.