CEO will boost operating budget of team tasked with evaluating code and product to avert discrimination.
3 min
Alphabet Inc.’s Google plans to double the size of its team studying artificial-intelligence ethics in the coming years, as the company looks to strengthen a group that has had its credibility challenged by research controversies and personnel defections.
Vice President of Engineering Marian Croak said at The Wall Street Journal’s Future of Everything Festival that the hires will increase the size of the responsible AI team that she leads to 200 researchers. Additionally, she said that Alphabet Chief Executive Sundar Pichai has committed to boost the operating budget of a team tasked with evaluating code and product to avert harm, discrimination and other problems with AI.
“Being responsible in the way that you develop and deploy AI technology is fundamental to the good of the business,” Ms. Croak said. “It severely damages the brand if things aren’t done in an ethical way.”
Google announced in February that Ms. Croak would lead the AI ethics group after it fired the division’s co-head, Margaret Mitchell, for allegedly sharing internal documents with people outside the company. Ms. Mitchell’s exit followed criticism of Google’s suppression of research last year by a prominent member of the team, Timnit Gebru, who says she was fired because of studies critical of the company’s approach to AI. Mr. Pichai pledged an investigation into the circumstances around Ms. Gebru’s departure and said he would seek to restore trust.
In addition to straining the existing team, those personnel changes have frayed Google’s relationship with external groups focused on AI such as Black in AI and Queer in AI, which released a joint statement Monday criticizing Google for setting a “dangerous precedent for what type of research, advocacy, and retaliation is permissible in our community.” The statement was earlier covered by Wired.
Ms. Croak called those exits a tragedy and said she agreed to fill the position because she thought she could help provide some stability in what has been a distressing time. A Princeton University graduate, she has a doctorate in social psychology and quantitative analysis and said she plans to bring her user-focused approach to engineering and concern about societal issues to the role.
“I thought, maybe, I could make a difference and carry on the work and have a larger impact,” Ms. Croak said.
Health will be one area of focus for the group, she said. The AI team recently assisted in the development of an algorithm that can detect abnormal heart rhythms by scanning fingertips on an Android phone. During its development, she said the ethics team helped determine that darker-skinned people had more variabilities and errors in testings, which had to be addressed before the product’s release.
Ms. Croak is one of very few senior Black executives at Google, where Black women account for 1.2% of the workforce. She has served as chair of Google’s Black Leadership Advisory Group and has been active in calling for Silicon Valley companies to improve their diversity.
“They’re disappointing numbers and I think that’s true for so many companies in Silicon Valley,” Ms. Croak said of the percentage of Black employees in Google’s workforce. “Fortunately, in the last year or so, we’ve made a more concerted effort in attracting Black talent, but those numbers are pretty dismal.”
She said that Google has been more proactive in providing mentorship to young Black staffers and said that it would take changing the culture across Silicon Valley to improve opportunities for people of color in tech.
“Sometimes I think it’s the mind-set where you’re very competitive and individualistic in your pursuits in the workplace and that sometimes can foster, not racism, but at least exclusion,” Ms. Croak said.
Reprinted by permission of The Wall Street Journal, Copyright 2021 Dow Jones & Company. Inc. All Rights Reserved Worldwide. Original date of publication: May 11, 2021.
Copyright 2020, Dow Jones & Company, Inc. All Rights Reserved Worldwide. LEARN MORE
What a quarter-million dollars gets you in the western capital.
Alexandre de Betak and his wife are focusing on their most personal project yet.
CIOs can take steps now to reduce risks associated with today’s IT landscape
3 min
As tech leaders race to bring Windows systems back online after Friday’s software update by cybersecurity company CrowdStrike crashed around 8.5 million machines worldwide, experts share with CIO Journal their takeaways for preparing for the next major information technology outage.
IT leaders should hold vendors deeply integrated within IT systems, such as CrowdStrike , to a “very high standard” of development, release quality and assurance, said Neil MacDonald , a Gartner vice president.
“Any security vendor has a responsibility to do extensive regression testing on all versions of Windows before an update is rolled out,” he said.
That involves asking existing vendors to explain how they write software, what testing they do and whether customers may choose how quickly to roll out an update.
“Incidents like this remind all of us in the CIO community of the importance of ensuring availability, reliability and security by prioritizing guardrails such as deployment and testing procedures and practices,” said Amy Farrow, chief information officer of IT automation and security company Infoblox.
While automatically accepting software updates has become the norm—and a recommended security practice—the CrowdStrike outage is a reminder to take a pause, some CIOs said.
“We still should be doing the full testing of packages and upgrades and new features,” said Paul Davis, a field chief information security officer at software development platform maker JFrog . undefined undefined Though it’s not feasible to test every update, especially for as many as hundreds of software vendors, Davis said he makes it a priority to test software patches according to their potential severity and size.
Automation, and maybe even artificial intelligence-based IT tools, can help.
“Humans are not very good at catching errors in thousands of lines of code,” said Jack Hidary, chief executive of AI and quantum company SandboxAQ. “We need AI trained to look for the interdependence of new software updates with the existing stack of software.”
An incident rendering Windows computers unusable is similar to a natural disaster with systems knocked offline, said Gartner’s MacDonald. That’s why businesses should consider natural disaster recovery plans for maintaining the resiliency of their operations.
One way to do that is to set up a “clean room,” or an environment isolated from other systems, to use to bring critical systems back online, according to Chirag Mehta, a cybersecurity analyst at Constellation Research.
Businesses should also hold tabletop exercises to simulate risk scenarios, including IT outages and potential cyber threats, Mehta said.
Companies that back up data regularly were likely less impacted by the CrowdStrike outage, according to Victor Zyamzin, chief business officer of security company Qrator Labs. “Another suggestion for companies, and we’ve been saying that again and again for decades, is that you should have some backup procedure applied, running and regularly tested,” he said.
For any vendor with a significant impact on company operations , MacDonald said companies can review their contracts and look for clauses indicating the vendors must provide reliable and stable software.
“That’s where you may have an advantage to say, if an update causes an outage, is there a clause in the contract that would cover that?” he said.
If it doesn’t, tech leaders can aim to negotiate a discount serving as a form of compensation at renewal time, MacDonald added.
The outage also highlights the importance of insurance in providing companies with bottom-line protection against cyber risks, said Peter Halprin, a partner with law firm Haynes Boone focused on cyber insurance.
This coverage can include protection against business income losses, such as those associated with an outage, whether caused by the insured company or a service provider, Halprin said.
The CrowdStrike update affected only devices running Microsoft Windows-based systems , prompting fresh questions over whether enterprises should rely on Windows computers.
CrowdStrike runs on Windows devices through access to the kernel, the part of an operating system containing a computer’s core functions. That’s not the same for Apple ’s Mac operating system and Linux, which don’t allow the same level of access, said Mehta.
Some businesses have converted to Chromebooks , simple laptops developed by Alphabet -owned Google that run on the Chrome operating system . “Not all of them require deeper access to things,” Mehta said. “What are you doing on your laptop that actually requires Windows?”
