Import AI: Issue 58: AI makes facial identification systems see through masks, creating Yelp-foolin’ fake reviews, and automated creativity with pix2pix

by Jack Clark

Donate your brains to a good cause:
…The AI Grant, an initiative run by Nat Friedman and Daniel Gross to dispense no-strings-attached AI grants (cash, GPUS via FloydHub, CrowdFlower credits, Google Compute Engine credits, data labeling from ScaleAPI) for purposes of  “doing interesting work that otherwise might not happen” is (reassuringly) inundated with applications. Go here to sign up to review applications for the grant and help spread resources into socially useful DIY AI projects. 
Sign up form here.  

Amazon and Microsoft’s virtual assistant’s team-up:
…Amazon and Microsoft are… playing nice? The two companies have teamed up so their personal assistants (Amazon: Alexa, Microsoft: Cortana) can access and summon their counterpart. The rough idea seems to be to create greater interoperability between the different assistants and therefore improve the experience of the individual user.
…(It’s made more interesting by the fact the companies actually compete with eachother quite meaningfully in the form of AWS versus Azure.) No word yet on whether we’ll see these systems integrate with Google’s Assistant as well.
…Read more here: Hey Cortana, Open Alexa (Microsoft blog).

New PyBullet environments, another reason to switch from MuJoCo:
…PyBullet is an open source physics simulator developed by Google Brain. The software serves as a free alternative to MuJoCo (and lacks a couple of performance tweaks and fidelity features that its proprietary sibling possesses). But it’s free! And getting better all the time. The latest release includes new (simulated) agents and environments, including a KUKA grasping robot, an MIT racecar, a Minitaur robot, and more..
…Read more:

Automated creativity with pix2pix:
…Fun project where artist Patrick Tresset trains pairs of images and human photographs (21,000 drawings depicting around ~3500 people), creating a system that lets you sketch in new faces of people, programmatically generating them on-the-fly.
…Check out the video here – a fantastic example of automated art.

A Mission Control-style checklist for neural network researchers:
Implementing neural networks can be very, very challenging, as it’s easy to introduce bugs into the process that disrupt the learning process without leading to a total failure. Since AI is mostly an empirical science (step 1. Come up with approach. 2. Test approach on a given domain. 3. Inspect results. 4. Test numerous variants of 2) to develop better intuitions about meaning of 3).) the process of finding and dealing with bugs is itself lengthy and reasonably unprincipled.
…So researchers may find it useful to be more proactive in writing up some of their tips and intuitions. Check out this blog post from Ubisoft Montreal developer Daniel Holden to get an idea of some of the common failure modes inherent to neural network development and what easy things you can check through to isolate problems.
Read more in:My Neural Network isn’t working! What should I do?
Similar: John Schulman (who works at OpenAI) has also been giving tips on how to train deep reinforcement learning systems.
Check out some of these tips here.

Balaclava no more – researchers develop facial identifier that works through (some) masks:
…Researchers with the University of Cambridge in the UK, the National Institute of Technology and Indian Institute of Science have developed a deep learning approach to solving the problem of ‘Disguised Facial Identification’, aka, how to identify people at protests who have covered their faces.
…The approach relies on the creation of two new datasets, both of which contain 2,000 images each, and which label the 14 key points essential for facial identification on each person’s face. A simple variant of the dataset has simple backgrounds, while the harder version has noisy, more complex backgrounds. Both datasets appear to consist of portrait-style photographs, and feature male and female subjects aged between 18 and 30, wearing a variety of disguises, including: ‘(i) sun-glasses (ii) cap/hat (iii) scarf (iv) beard (v) glasses and cap (vi) glasses and scarf (vii) glasses and beard (viii) cap and scarf (ix) cap and beard (x) cap, glasses, and scarf.’
…The results: The resulting Disguised Face Identification (DFI) framework can identify a person wearing a cap, face-covering scarf, and glasses, about 55% of the time in the simple dataset, and 43% of the time in the complex one. So don’t put down that protest wear just yet – the technology has a ways to go. In the long run, perhaps this will increase the likelihood of people using rigid masks – like the V for Vendetta one adopted by anonymous – instead of soft ones like scarves, balaclavas, and so on. I also think that the datasets and underlying machine learning techniques will need to get dramatically better and larger for this sort of approach to be tractable and practical – especially when dealing with diverse groups of protesters.
…Read more here: Disguised Face Identification (DFI) with Facial KeyPoints using Spatial Fusion Convolutional Network.

Think that Yelp review is real? Think again. RNNs create plausible fake reviews…
…Researchers with the University of Chicago have used recurrent neural networks (RNNs) to generate fake Yelp reviews that evade traditional statistical and human detection techniques while also being scored highly for ‘usefulness’ by users. This represents a new trend in AI – using off-the-shelf technologies for malicious purposes – that is already present in other fields. The community will need to become more cognizant of the ways in which this technology can and will be abused.
…The researchers find that some of their synthetic, generated reviews evade detection by a machine learning classifier designed to identify fake reviews, and even rank (in some cases) better than reviews written by real humans.
…Another eye-opening aspect of this study is how good neural networks have got at generating language under restricted circumstances. “Even trained on large datasets, RNNs have generally fallen short in producing writing samples that truly mimic human writing [50]. However, our insight is that the quality of RNN-generated text is likely more than sufficient for applications relying on domain-specific, short length user-generated content, e.g., online reviews.” (OpenAI observed a similar phenomenon recently, where we created a language model trained on a corpus of 82 million Amazon reviews, which could generate very plausible, detailed sentences.)
Example of a generated (5 star) Yelp review: “I love this place. I have been going here for years and it is a great place to hang out with friends and family. I love the food and service. I have never had a bad experience when I am there.”
…Datasets used: The Yelp Challenge dataset, which consists of 4.1 million reviews by around 1 million reviewers.
Defending against this: The authors come up with a credible approach to defend against such a system, which is based on the insight that due to how RNNs are trained they will develop some uniquely identifying characteristics in their resulting generated text that web operators can build classifiers to detect. “We observe that text produced naturally (e.g., by a human) diverges from machine generated text when we compare the character level distribution, even when higher level linguistic features (e.g., syntactic, semantic features) might be similar,” they write. This would naturally lead to an attacker trying to train even larger language models, so as to create text with enough subtlety and human-like traits to evade detection, but this imposes an ever-growing computational and skill-based cost on the attacker.
Unnecessary acronym of the week: Perhaps this leads to a world of attackers and defenders constantly trying to outwit eachother by building better and larger models, aka: MAID (Mutually Assured Intelligence Development).
…Read more here: Automated Crowdturfing Attacks and Defenses in Online Review Systems.

The humbling experience of deploying robots in reality:
…Famed roboticist-slash-lovable-curmudgeon Rodney Brooks has written an essay about why, despite having developed a range of consumer, industrial, and military robots, he still has such low expectations of what AI is and isn’t capable of when it is forced to work in the real world.
…”The robots we sent to Fukushima were not just remote control machines. They had an Artificial Intelligence (AI) based operating system, known as Aware 2.0, that allowed the robots to build maps, plan optimal paths, right themselves should they tumble down a slope, and to retrace their path when they lost contact with their human operators. This does not sound much like sexy advanced AI, and indeed it is not so advanced compared to what clever videos from corporate research labs appear to show, or painstakingly crafted edge-of-just-possible demonstrations from academic research labs are able to do when things all work as planned. But simple and un-sexy is the nature of the sort of AI we can currently put on robots in real, messy, operational environments,” he writes.
Bonus: Brooks is a good writer and it’s worth soaking in his (spooky) description of post-meltdown Fukushima.
Read more here: Domo Arigoto Mr Roboto

The Import AI ‘Everything Is Fine’ quote of the week award goes to…
….Vladmir Putin, talking about artificial intelligence: “The one who becomes the leader in this sphere will become the ruler of the world”.
…Putin also likes the idea of AI-infused drones fighting proxy wars.
…Miles Brundage has provided a handy meme illustration of how these sorts of quotes make some AI people feel.
…Read more in this Quartz writeup.

Cool AI Policy Job alert:
…The Future of Life Institute is hiring for an AI policy expert – a new type of job made possible by the recent gains in AI research. Activities will include developing policy strategies for FLI (which will likely have a significant AI safety component) and reading&synthesizing the tremendous amounts of things that are published and relate to AI policy.
…From experience, I can also say that AI policy includes one key skill which seems (at least to me) non-obvious – 1) Reporting: You spend a lot of time trying to figure out who knows who who knows what and why. Then you talk to them.
Read more about the role here.

Number of the week: 5.1 petaflops:
…That is how much computation power just-uncloaked AI translation startup DeepL claims to have access to in a data center in Iceland. 5.1 petaflops is roughly equivalent to the world’s 23 most powerful supercomputer (though this is a somewhat wobbly comparison as the underlying infrastructure, network, and general architecture topology will be totally different).
…Read more here on DeepL’s website.

OpenAI Bits&Pieces:

OpenAI Baselines update: John Schulman has refactored some of the code for OpenAI Baselines, our repository of high-quality implementations of reinforcement learning algorithms.
Check out the repo here.

Tech Tales:

[2023: Portland, Oregon, USA.]

“Anyone in here it’s your last chance we’re coming in!” they said, all at once, the words accordion-compressed.
“Breaching,” an intake of breath then the swing of the doorbreaker.
A soldier goes first, scanning the room. “Clear!”
Then in walks the detective. They inspect the space – a workshop, electronics overflowing the boxes on the walls, oily yellow lights with a film of dust over the bulbs, the smell of something gone moldy in a mug, somewhere. As they walk there’s the occasional crunching sound – potato chips, fresh enough to crackle. They were just here, the detective thinks.
…They were in so much of a hurry they left their drone, though. The detective walks over and takes out a USB key, then fishes out a tangle of electronic adapters from another pocket, finds the drone port, and boots in. Within a couple of minutes the drone’s innards are spilling out onto one of the police computers, telling a story in commented-out code and sneakily added patches.
…Geofencing: Disabled.
…Computer Vision Auditing: Circuitboard re-wired to jump over the auditor chip.
…Planning: Custom software, replacing a phone-home cloud AI system.
…Drone-to-drone communications module: Augmented with custom software.
…”Oh, shit,” the detective says. He’s barely finished the second word when one of the policemen’s radio crackles. They lean their head into it. Speak. Frown. Come over to the detective.
“Sir,” they say. “We’ve got numerous reports of drones falling out of the sky.”
Another crackle.
“Correction sir,” the policeman says, “A fraction of the drones in the forest area are now deviating from their pre-cleared flight courses.”

Post-Event Report / Author Detective Green / TOPSECRET /:

At approximately 0800 hours a computer virus developed by REDACTED was injected into the control software of approximately REDACTED drones. At 0820 hours seven of these REDACTED drones began flight operations, rapidly integrating into the main routes used by parcel, utility, medical, and REDACTED drones in the greater Portland metropolitan area. At 0825 hours forces assaulted a property believed to belong to REDACTED and upon entrance located one drone not yet flight operational. Entrance to the property triggered a silent alarm which beamed a series of encrypted control commands over to a set of REDACTED servers spread across REDACTED compromised data centers across the northwest. At 0830 the REDACTED flying drones phoned home to this control server. Following connections the drones deviated from their pre-assigned courses and began an areawide scan for REDACTED. Any drone that came within REDACTED meters of an affected drone was targeted by drone-to-drone carried computer virus(s) which led to a 82% compromise rate of other drones. 40% of these drones deviated from own rates. The rest become nonfunctional and ceased flight operations. At 0845 REDACTED drones converged on location codename JUNE BLOOM. 0846 detonation of an improvised device occurred. 0847 drones in JUNE BLOOM vicinity self-destruct. 0850 drones begin to return to normal flight paths.

Post-Incident Cost Report: Finding and analyzing drone fleet in greater Portland metropolitan area is an ongoing process with full clean room protocols adopted during analysis. So far we believe we have located REDACTED of a total assumed number of REDACTED compromised drones. Next update in 24 hours.

Technologies that inspired this story: Botnets, off-the-shelf vision classifiers where the top layer is retrained, Quadcopter Navigation in the Forest using Deep Neural Networks, software verification,