Provisional - A Story of What Trouble the Kids Can Get Into...
"Provisional access granted."
I wasn't really sure I wanted to know, but I asked the question anyway. "What
does that even mean?"
"In brief, it means that you're allowed only to read an algorithm-determined
subset of files."
No worries. "I'm not part of the family. I'm used to it."
Just a basic element of the job. Any organization with the grunt to put
together an AI doesn't allow just anyone to walk in and touch the goods. If
they've got reason to use them, they've got plenty of reason to protect
them.
From the unsavory, of course, not your humble correspondent.
I was sitting in the boss's office. Well, the sub-boss anyway, I think she
has some sort of title meaningful on the ever shifting corporo-political
landscape, but to me all the titles sound like noise. If they were important,
really and truly important, they wouldn't need me poking around, they'd have had someone on staff for that.
The company is a chemical company, small, an independent of
the sort that usually pops up only long enough to get bought out by the
major internationals. This one is owned by a family trust, so they aren't
interested in the sorts of inducements that the big crowd can bring to bear.
Problem was, this company, well the family company that owned them, had been suckered by their own next generation. One of the kids had gone off to school, then come back with big dreams of what the next gen AI could do for the family concern.
No big deal, right? They'd been around the block enough to know just what to
do.
That is, give the kid just enough rope, a little project of his own with budget
small enough to make him work for it, turn him loose. Most likely he screws it
up, blows the money on a pile of computers and software out of date before it
came out of the package. At worst, he turns loose a virus that gets caught in
the sandbox the IT crew built around him and melts down his toys.
And who knows, if he actually makes something of it, the family concern comes
out ahead of the game, with the next generation lined up and learning a little
something.
Turns out, they got the worst of both worlds. They got an AI that works just
well enough so they can't justify tearing it out, and just bad enough to make
everyone in the family and the company itself crazy trying to deal with it.
The good, and the bad, met in my little bailiwick, analyzing the data to
double check how their plants were running. The AI was good enough at what
the kid had set it up to do, which was keep an eye on their supply feeds,
flag anything that it knew was going to cause trouble on the products side,
and warn everybody when it ran into something that could shut down the plants.
No one knew what would happen, though, when it ran into something new.
Something outside its data set. That's where I came in.
"Right, just to be clear, you're supposed to let me read through the feed
stock data for Cannae, Mithras, and Old Oak, and their corresponding production data."
The AI took its time checking permissions. "Agreed."
"And, you're supposed to let me have access to the plant maps, process
drawings, all the nuts and bolts of the operation engineering."
It went back to its directives. "I believe that I should only allow you this
information if you can show me that it's necessary to complete your analysis."
I smacked my forehead with my hand. "Oh, that's right. Excuse me, I forgot
the details of it." It's what happens when the lawyers, machine and biological,
get involved in consulting contracts.
They never, ever, let the company just release data, to anybody, without say
so. Even, probably especially, when it's necessary to do my job.
"No worries, I'm used to it." It's the data engineer's version of asking for
grant money. The constant need to go back and beg for the next few crumbs, and prove that I need it. "Next question, have you got all the data I do have
access to in a single place?"
"Not yet," it replied. "But on analysis, I believe that to be within your
directive."
I didn't sigh in frustration. There's no point. "Please, then, would you
provide copies of all files I have access to in a single directory? This will
insure that I don't have to query you as often."
A few minutes later, the system responded. "The directory request is valid,
files transferring now, estimated time to complete transfer approximately
fifty hours and forty-seven minutes..."
Right. Because simple links to the files were never going to fit into its
idea of information security. Any files transferred to me would be isolated
and not allowed back on the other side of the fence without a directive from
whoever was on high.
Not that the lady on high was around to tell the AI that. She'd parked me here
for the same reason the AI had parked me in an isolated directory. "I'm off
for a week with the family, we're headed to Yosemite for some hiking.
I told my staff to give you everything you need. It's probably best for you
to just use my office, that way at least I don't have to kick anyone else out
of their desk for you."
"You're a pretty good boss."
"I remember when I was in their shoes. I like to think I've learned a thing
or two." She waved me over to the secondary desk on the wall. "I just ask you
to use that one. I'm in the middle of a few other projects on my main desk,
and I don't have time to clean up before I leave."
In other words, she was leaving bait out on her desk, if I was dumb enough to
fool with it. I didn't look around for the cameras I knew would be eyes on me
for every minute I was there.
She was still sitting there as I made my introductions to the AI system. Which,
for someone who was about to take off to catch a flight with her kids seemed
like more time than really necessary. "Eh," I told myself. "What'd you expect?"
She left as soon as she knew I hadn't bounced off the login security.
It was my first gig with the company. Everyone I'd met was personable, nice
people to talk to, everyone involved seemed to know what they were doing and
be comfortable talking about it.
They just weren't quite willing to let me off the leash without some guardrails.
"How're you set then for me coming back in a couple of days, when the data
transfer is complete?" No point hanging around watching the meter run.
Whatever excuses the system had been making for its phone-home bit, it was
apparently willing to speed things up now. It responded as close to immediately
as I was willing to try and measure. "Your directives are consistent for a
thirty day period."
"Physical access, as well?"
"Physical access, to this office and the environs necessary to entry."
"Is there anything you'd like to let me know about, any possible contingencies
that may be appropriate for my information privileges, physical and data
access, given a reasonable intermediate absence?" Might as well probe the
system a bit. How good were its natural language compilers? How much access
did I have for running programs?
"Request outside bounds of appropriateness, re-phrase your request, please."
Now I did sigh. "On confirmation of clean slate for the drive I'm attaching,
please transfer all files complete at present." I'd have to trust that the
machine wouldn't try and sneak in a new directive set while I was at home.
"Request is in directive bounds, transfer commencing, secondary transfer
will be complete in approximately twenty minutes."
At least the connection to my hard drive was fast enough I wouldn't have to
find a vending machine. And argue with the system over whether I was allowed
to use it. "Now, how are you set for me leaving a hard drive for you to
complete the transfer to? That way I can just come in, pick it up Monday,
and then leave you in peace?"
The system had to go back to its analysis mode. "This is valid within your
permissions."
So I hooked a second clean drive to the access point and started meditations
on the inscrutability of the new operations.
Actually, what I was thinking about was how the system might have gotten
itself lost in a blind alley. I do a few things, here I was basically just
a data auditor. At least, that's what my brief was where the system knew
about it. So far as the system was concerned, I could have anything I wanted
so long as it helped me insure the integrity of its data set.
And not a bit more. Nor, apparently, any of its own compute cycles. My analysis
would have to be on my own time.
Outside, or inside of my mind where the system, and the human minders that
would be reviewing this session, couldn't yet go, I had my portfolio from the
owners of the company. "You're looking for anything that sticks out, that
doesn't belong. There's something wrong with the interaction between the AI
and the people in the company. These plants have run well for going on
sixty years, through changes large and small, but in the past six months
they've gone to shit. We need to know why."
Analyze the system as a whole, then. Well, I already had a data point.
If the AI treated the people who worked here the way it had treated me, as
though every bit of data and every compute cycle were a guarded secret
available only on a need to know basis, then it was spending a huge amount
of time just asking whether or not the human requests coming to it were in
the bounds of their permissions.
Put it this way. Why did a boutique chemical company need security that I
usually only saw in government installations? And not just the processing
system. To get into the building I'd had to stand at the door and send
in my request. I asked the human half of the door security on my way out
when they'd started with the motte and bailey routine.
"About six months or so. I'd have to ask around to be sure, that's about the
time they brought me on, and it wasn't here when I did my first interview."
She'd signed me out already.
"The computer system let me know when you were leaving."
Oh. Right. "Well, have a good weekend. Just in case you need to know, I'm
scheduled to come back in Monday morning, bright and early, to finish up
this stage of my project."
"Let me check... Right, you're already in the schedule. Do you have a pass
key to get in?"
Ah. "If it's not too much trouble?"
It wasn't too much trouble. All she needed was about ninety seconds with the
magnet cache, and I was good to go. "Thank you!" And I was outside, lighting
a cigarette on my way to the car.
Contemplating my own security practice. "What are the odds," I asked the
car, "that their AI parked a snooper or two to go along with the data I'm
supposed to be analyzing?"
The car thought about it, but didn't probe the hard drive safely ensconced in
an isolation case. "In other cases, fifty-fifty? In this case, approaching
one hundred percent likelihood."
Good to know I wasn't the only one. "Right. So, ideas about the best way to
approach the hard drive under those circumstances?"
The car wanted more information first. "Do you want to dump your potential
problem on someone else? Or do you want it isolated to your own sandbox?"
"It's kind of rude to turn around and pass the snooper package on to the
unsuspecting, even if we could afford it."
"Right. Heading to the barn." So instead of turning back west to go to my
apartment, the car headed east, onto the interstate and out of town. And I
settled in for a nap.
A couple hours later, and I woke up when the tires hit the gravel road.
The barn is my bit of an old family camp; farm, really. The farm's in the
state now that you'd expect after a few generations of wrangling over
who gets what when grandma passes. A couple acres for Joe, a couple acres
for Mary, bits and pieces sold off to the school board or the water board or
the back taxes Uncle Sid missed...
My barn sits in a cluster of trees on three acres. A metal building my mom
had let her brothers and sisters use to park tractors, and then my generation
pretty much scattered to the winds. They all still owned their pieces, but
the only thing they were interested in doing there was renting the hunting
rights out.
Me, in one of the rare times when the bank account had been flush, I'd rebuilt
the barn, from the slab up, into home away from home. Fibre, power,
roof-top solar and meter and backup generator, satellite connection for when
I needed to go out there to hide from a hurricane.
And plenty of racks and server space. This was where I kept my grunts, my
heavy lifters. "Hey guys."
"Dude," and "Yeah," and "What's up?".
Sue me, I like AI with personality. Especially when I don't get to verbally
interact with them every day, it's nice to walk in and feel like there's a
family party about to happen. Most of the daily work is through ye olde
fashioned keyboard, just to minimize the overhead.
"Right. Fair warning, I've got a quarantine situation."
"Um, dude. What are you doing bringing trouble into our midst?"
"I figured you'd see it as a challenge."
There was a pause while the three of them worked out their quorum, then the
temporary lead system came back. "You're going to have to go through the
Process."
"Don't I know it."
And that's the other side of my view of the electronic world. Before they'd
agree to go too far with the suspect hard drive, I had to prove that I was
who I said I was.
"What's the game today?"
"Nothing major, dude. Just a little flight attack, a little raid."
Fresh from my nap, and first thing they did is dump me into a three hour
simulation of Normandy, with me in a Thud leading the waves.
In bare terms, they were analyzing my reactions, strategy, tactics, the whole
works. It's an extended version of the password-security question regime,
turned up to eleven.
And yeah, if you change tactics and approach, you'd better hope you've trained
them to anticipate it. Buddy of mine locked herself out of her own servers for
a month, and not just once. She'd gotten into a habit of isolating her game
plays, Go one thing, Chess another, Wolfenstein-3D still another. Without
training her crew on the different thought processes she likes to engage with.
Problem was, I think Yardly enjoyed breaking into her own systems. How else
to explain why she'd done it more than once? I guess we all have our own
set of fragility methods.
Back to the immediate. While I was busy flying through the hedgerows, the
other two members of the AI quorum were going through the hard drive, picking data apart, looking through scripts, checking for any accidental passengers.
The rig was an isolation circuit. Waldos, just like a nuclear engineer would
use for their piles, but here mostly electronic, with a sacrificial computer
running between the AI's and the target of their investigation.
When they were satisfied I was me, and the drive wasn't going to need to be
tossed out in the barrel and burned in a fire, they commenced the next round
of questions.
"What's the analytic objective?" The surfer dude/dudette approach generally
doesn't last once the "real" work begins. The gang have their own view of the
world and approaches to it.
"First? Data integrity check against the Meowtrix supply chain package." Yeah?
So the original company that contacted me makes pet food? These days, they're
almost more careful about what goes into moose and squirrel than they are
about what goes into Josephine and Bobby down the street.
Point was, they were the ones that initiated the data audit that
started the ball rolling. Seems they were getting a variation in their feed
stocks coming to the factory that they weren't used to seeing from our lads,
so check out mi amigos and find out what they've been up to, please and
thank you, and oh by the way the owners of the company in question have their
own questions about what's going on, care to take on the extra retainer?
So more digits show up in the bank account and here we are... with a little
bit different picture inside the company than what Meowtrix are finding in
their own tests.
"Variations begin approximately six months prior to current...", and "prior
to about six months before current, data agreement is identical to within
lab origination and expected variation between technicians..." and...
"File stamps indicate variation in file access after origination."
That's the one. "Pause. File access regularization, please, including time
series and source of secondary access methods where available or inferrable."
Next level investigation, first pass sees something fishy, please go back
and dig through to the next layers. A few hours later, and "No time period
associated with the secondary access, consistent with visual editing software
and organic generation of edits."
"Human editing a file by hand?"
That calculation took a little longer; about three hours or so, and that was
just on the data set we had. The full set would be about fifty times longer,
when we eventually put everything together.
"Likelihood approaches ninety-nine percent."
I'd been doing the things most computer people do while waiting out the long
cycles of the night; surfing the web, playing games, writing my memoirs
destined never to be read by an adoring public who didn't know what they
were losing out on... So I dropped my feet to the floor and traded napping
for pacing.
And asking stupid questions of the air. Well, stupid only to the point
of whether we had the data necessary to answer. "What are the odds that
that vice-president, whatever her name was, whose office I was in is the
one responsible."
Not from any particular insight, but who else was I gonna start with? Pinnocchio?
The answer still took longer than I'd expected, given the limitations. Which
really sort of worried me, 'cause I shouldn't have had the data for this.
"Better than fifty-fifty, probably at least seventy percent."
"Uh-huh, just how on earth did you manage that one? Did that AI sneak in a
file system it shouldn't have?"
"Almost. The snooper files in the hard drive didn't originate with the AI
system. They were loaded to your hard drive from a different location using
the company systems as a go-between."
"Well now." I stopped my pacing and flopped down into the chair in front
of the video rig. "If she's responsible for it..."
"Her name's Maria Lanella."
"So if Mrs. Lanella is responsible for this, then we'd better get the owners
on the phone."
"Why's that?"
"It took you about six hours just to do the estimates. There's no telling how
long it'll take their own AI to do the direct calculations on its own data
file. And Lanella said she's running off to Yosemite for a week."
"So?"
"I have a feeling they're going to want to know about it before she gets back."
That, and I didn't have permission to set up the AI self-check. First though,
I had to talk the owner I'd been working with off the roof. "We don't have
confirmation of anything yet. It'll be Monday before the file transfers for
the Meowtrix data are complete. After that, you're gonna need someone who
can set the AI to check its own internal mechanisms."
She stopped a rant before she got good and going. So much for the flighty
heiress persona. "Can you set this up?"
Yeah. Except for the part where if I sat down and started playing with the
machine in the lady's office, odds were the alarms would be flashing on her
computer five seconds after I started. "I think you're going to need your
nephew to be involved in this."
The next generation, half-trained enough to set the AI up, inexperienced enough to not realize how vulnerable a new AI can be. "Do I need to have him meet you there Monday morning?"
"Can you get a hold of him this weekend, instead? If we verify this, you don't
want any signs that might warn her we're on to her game."
"Meet me at the house," and she rattled off an address, "in about three hours.
Greg will be there."
The unspoken "or else" made me feel sorry for whoever Greg was involved with.
The good thing, from my point of view, is that Greg apparently knew his aunt
well enough to translate whatever it was she told him. "You've got evidence
that my AI system's been cracked?"
"What did you have to give up to get here?"
"Gaming weekend, we had a raid set up. But this is more important, Ms. Lee."
Seems like Greg and I were going to get along just fine. I walked him through
it, including that the data I was explicitly authorized to have would be
ready for me Monday morning. "I could probably set something up from her office, if I had the access. But you're the expert on whether that's necessary or not."
"You think she's monitoring her office?"
"She inserted the spoofer programs onto that hard drive from remote, after
your AI and I were doing her dance. I'd say she's gonna know when I sit back
down again, and have a pretty good idea of what I'm up to."
He sat down and drew me a map, pen and paper and good old fashioned network knowledge. "She's one of the few in the company who has almost complete access."
"Meaning, she can install her own programs, and she has root control over the
OS portion she's got hard wired paths to."
He nodded. "Pretty much. Besides me, the only ones with general root privilege
are the company IT crew." He complete his map and shoved it across the table.
"Like that."
A hub and spokes. Some of the management team had control over their end of
the spokes, but the hub was out of their hands. "And you're fairly confident
that the data she's corrupted has propagated to the rest of the network."
He groaned, leaned back in his chair and stared at the ceiling. "One of the
things they made me do, before they'd let me move out of testing, was to
allow the managers to check off on their own data integrity."
Meaning, she could override anyone else on what constituted proper data, and
the rest of the network had to take her word for it.
"One thing's for sure, you're going to have a pretty good example of what's
wrong with that."
"Assuming they don't tear it out."
Well, there was that. "Let's see if we can rescue your system first."
And that's what we did, more or less. By the time Monday morning came around, Greg had put the AI into it's self-check mode, "This is something that's
pretty routine, so Maria won't really notice."
"I'm assuming there's something a little different about this self-check,
though?"
"Oh my, yes."
So I was able to go in and pick up my hard drive with the complete Meowtrix
data set without an issue. And without the need to do anything that would
flag Maria, if she was watching me.
I resisted the urge to wave. Instead I just came in, asked the AI if its
data transfer was complete, and made off with my drive. Then it was back
to the barn to finish my analysis.
Which took about three days, including writeup. The key phrase in the whole
thing was "Data manipulation throughout, including key elementals likely
consistent with AI learning set manipulation".
Email off to Meowtrix and the owners of the chemical company, along with
invoices, and that was the end of it, at least as far as I was concerned.
The only other interaction I had in the business was telling the owner
she could hire a buddy of mine, a private investigator, if she needed
someone to go after Maria in the real world. I don't do that sort of
thing personally, but I know somebody.
Assuming Yardly wasn't locked out of her systems again.
No comments:
Post a Comment
Please keep it on the sane side. There are an awful lot of places on the internet for discussions of politics, money, sex, religion, etc. etc. et bloody cetera. In this time and place, let us talk about something else, and politely, please.