Paper:
Lasecki, W. S., Teevan, J., & Kamar, E. (2014). Information Extraction and Manipulation Threats in Crowd-powered Systems
Discussion Leader:
Lawrence Warren
Summary:
In automated systems there is sometimes a gap which machine learning has not had the ability to overcome as of current technology standards. Crowd sourcing seems to be the popular solution in some of these cases since tasking can become cumbersome and overwhelming for a single individual to handle. Systems such as Legion: AR or VizWiz use human intelligence to solve problems and can potentially share sensitive information. This could lead to several issues if a single malicious person is used in a session. They can have access to addresses, phone numbers, birthdays, and in some cases can possibly extract credit card numbers. There is also the possibility of a user attempting to sway results in a specific way in the event the session is not incognito. This paper describes an experiment to see how likely it is that a user would have malicious intent and how likely is it that a person will pass on information they should not and another to see how likely a user would be to manipulate test results using a few Mechanical Turk surveys.
Reflections:
This paper brought up a few good issues as far as information security involving crowd sourced information. My biggest criticism of this paper would be that there were no innovative mitigations created or even possibilities mentioned to protect against the attacks. Machine learning was mentioned as a method to blank out possibly sensitive information but other than that this paper makes it seem as if there is no way to stop it other than removing the information from the view of the user. Finding reliable workers was mentioned as a solution but that entails interviews and finding people which removes the benefits of crowd sourcing the work. This paper though informative, in my opinion did not make any headway in providing an answer, nor did it actually dig up any new threats, it just listed ones which we were already aware of and gave generic solutions which are in no way innovative.
Questions:
- This paper describes 2 different types of vulnerabilities to which a crowd powered system is vulnerable. Can you think of any other possible threats?
- Is there any directions crowd sourced work can take to better protect individual’s information?
- Crowd sourcing work is becoming increasingly popular in many situations, is there a way to completely remove either of the 2 two potential attack scenarios listed in this paper aside from automation?
