- October 19, 2016
- Posted by: Kerry Tomlinson, Archer News
- Categories: Archer News, Data Breach, Posts with image, Privacy
Why you, too, will end up talking with government bots now or in the future.
Have a question about your Social Security? Want to tell something to your congressperson? Want to know how to reserve a camping spot at your nearest national park?
Soon, you could end up talking to a bot, if the White House’s chatbot plan takes hold. You’d hook up with a digital operator who takes your question and may get you an answer, or direct you (hopefully) to the right person.
The White House announced it’s opening up access to the code behind its new Facebook Messenger chatbot so other government agencies and developers can set up their own.
Get ready to start chatting with government bots. They’re coming!
What is a chatbot?
The name chatbot sounds like a robot might be on the other end of the line, a life-sized Chatty Cathy saying, “How can I help you?” rather than the talking doll’s original message, “Will you play with me?”
But a chatbot is digital, not physical.
“The chatbot’s just an automated program that tries to answer the questions, comments and things that are posted,” said Doug Jacobson, director of the Iowa State University Information Assurance Center. “It’s a little bit like you see it in the movies–AI [artificial intelligence], the computers interacting with you.”
“It parses key words and gives back answers,” he added.
The White House bot allows you to ask the President a question through Facebook Messenger.
Chatting with the White House bot
We tried out the White House bot ourselves.
“Hi, it’s great to hear from you—and we’re excited to learn what’s on your mind,” the bot says. “(Fun fact: the President reads ten of these messages every night).”
“Ready to get started?” the bot asks. “Great! Now what would you like to say to President Obama?”
But after we ask our question—“How will the President decide which ten messages to read?—the bot delivers a surprise.
Saying it wants to make sure people get responses if possible, the bot asks for our name, mailing address, e-mail address and phone number.
“I’d rather not share that,” we say. “Do I have to give that to you?”
But the bot keeps pushing.
“Whoops! Doesn’t look like that was an email address,” White House bot repeats multiple times. “We’re looking for something like this: firstname.lastname@example.org.”
It won’t answer our question, and it won’t let us go forward without it.
The White House bot pushes the user for an e-mail address.
You can enter a fake e-mail address and continue. But for some people, the bot’s demands—with seemingly no way to opt out—may be a deal-breaker.
“It’s probably perfectly normal and a smart idea if you are the person in charge of making the bot and handling the requests. It legitimizes the bot conversation,” said John Brandon in a post on Computerworld.
But the request for personal info raises his hackles.
“Yet, who has access to this information? The White House? The tech team running the bot? Facebook itself? The Democratic party so they can now start sending me mailings and calling me to support Hillary Clinton this November? Hackers who can easily intercept these messages and steal my identity and break into my bank account now that they have collected so much personal information? Anyone who happens to have access in any way?” he asked. “How do we know it won’t be abused?”
He is not the only one with questions about the safety of your data after you hand it over to the White House chatbot—or any chatbot, for that matter.
“It does beg the question of ‘How are they protecting it on the back end? What are they doing with that information? Is it stored? Is it correlated back to your message?’” Jacobson said to Archer News.
Some information is indeed stored, according to the policy.
In addition, it says your activity on a White House page on a third-party site, like Facebook, is governed by the third-party site, and you should read its privacy policies.
But, it says, the White House does retain some of your information, using it to contact you, to see if you have contacted the White House before, or to messages and comments for making policy decisions.
It could also end up in the hands of law enforcement.
“In some cases, we may share information you have provided or automatically generated information with other government agencies in response to lawful law enforcement requests or to protect WhiteHouse.gov from security threats,” the policy says.
“Additionally, if you seek assistance on a matter within the jurisdiction of a federal agency, we may share your information with that agency for the limited purpose of addressing your request for assistance,” it adds.
The White House says 1.5 million people have messaged the President since it first launched the Facebook bot in August.
Some cybersecurity experts suspect the information could end up somewhere else.
“If the data is not being added to the existing database that the White House uses for collecting other contact info to develop a political contact tool, I would be sorely disappointed in President’s staff,” said Patrick Coyle with Chemical Facility Security News.
The database will leave with President Obama in January, Coyle added.
“It will not be left for the next administration—even if it is Clinton,” he said. “I would suspect that the Obamas will use it to help find contributors to support the Obama library.”
The White House says it takes “reasonable precautions” to protect your info, like restricting access to certain employees, contractors and vendors.
“We also utilize commonly used practices and technical controls to protect the information in our possession or control, along with WhiteHouse.gov itself,” the policy says.
That includes using some encryption, firewalls and intrusion detection systems and maintaining “strict technical controls and procedures,” according to the policy.
“The security for that database is probably as good as any in the White House,” Coyle said. “It is too valuable a political tool not to be well protected.”
“That does not mean that extracts of that database are not shared with other political organizations—like the Clinton campaign,” Coyle said. “I would not make any bets on the adequacy of the security protections being employed by the Clinton people.”
You don’t know if the government agency behind your chatbot is following their own policy, or if that policy is enough to keep your info safe.
After all, attackers hacked into the Office of Personnel Management’s data in 2014, uncovering very sensitive background check information for millions of people.
The thought may give you pause.
But Jacobson says people who hesitate to give the government information often freely hand off their info to businesses, which can also be hacked—or can sell your info to the highest bidder.
“You want to talk about surveillance,” Jacobson said. “Half the planet doesn’t know that Pokemon GO collects who they are, what they are doing.”
“We’ll gladly give all this info to a private company,” he said. “It’s okay because it’s a private company, right?”
Pokemon GO collects data about the user.
More government bots
The White House bot may be the first of many in government use.
The North Carolina Innovation Center is working on a government chatbot project, starting with a helpline for employees who have forgotten their passwords or usernames, according to GCN.
And government agencies discussed how to make chatbots streamline public services this summer, reported FCW.
“AI [artificial intelligence] solutions don’t forget. They don’t have a bad night’s rest,” said Neal Goffman of IBM in the article.
Now that the White House is giving access to its chatbot code, the process could move more quickly.
Bots in action
You have probably already chatted with a company bot, asking questions about a product online.
It’s convenient for both you and the business.
Bots can also make it easier for companies to grab your information and either aggregate it, or create a profile about you, according to Jacobson.
Not just for business
Maybe you’ve talked to a bot without knowing it.
A security researcher deployed a bot to trick spammers into thinking they were dealing with a live victim, thus wasting the spammers’ time and energy.
And security experts discovered a chatbot on Tinder that posed as a possible fling, then tried to trick users into “verifying” themselves with a credit card number.
The bot @arguetron tries to bait people into frustrating Twitter conversations.
A bot of your own
We’ve already run into some of the benefits and limitations of a government chatbot.
We were able to submit our question fairly easily, but the bot left other questions about the process unanswered. Compare that to your latest experience in trying to contact your government. Better, or worse?
Either way, you will eventually find yourself face-to-digital-face with a government bot.
And you may even end up with a bot of your own.
“I want one of those for my e-mail,” Jacobson said. “I wouldn’t mind having a chatbot to answer some of the questions that people ask, students, etcetera.”
Even better, he said, his own phone bot.
“Let it loose against the phone bots that call me,” Jacobson said.