Neither Band-Aids nor Silver Bullets: How Bug Bounties Can Help the Discovery, Disclosure, and Redress of Algorithmic Harms

Note: Presentation times are in Pacific Standard Time (PST).

Wednesday, February 02, 2022 - 2:20 pm2:50 pm

Camille Francois and Sasha Costanza-Chock, Algorithmic Justice League and Harvard Berkman-Klein Center for Internet and Society

Abstract: 

Bug bounty programs for security vulnerabilities have received a great deal of attention in recent years, accompanied by adoption from a wide variety of organizations and a significant expansion in the numbers of participants on major platforms hosting such programs. This talk presents the conclusions of a research effort by the Algorithmic Justice League, looking at the applicability of bug bounties and related vulnerability disclosure mechanisms to the discovery, disclosure, and redress of algorithmic harms. We present a typology of design levers that characterize these different programs in the information security space, and analyze their different tradeoffs. We scrutinize a recent trend of expanding bug bounty programs to socio-technical issues, from data abuse bounties (Facebook, Google) to algorithmic biases (Rockstar Games, Twitter). Finally, we use a design justice lens to evaluate what the algorithmic harms space could borrow from these programs, and reciprocally, what traditional bug bounty programs could learn from the burgeoning algorithmic harms community.

Camille Francois, Algorithmic Justice League and Harvard Berkman-Klein Center for Internet and Society

Camille François (she/her) serves as co-lead of the Algorithmic Justice League’s Community Reporting of Algorithmic Harms (CRASH) project, alongside Joy Buolamwini and Sasha Costanza-Chock. She was previously Chief Innovation Officer at Graphika, where she built and led a team dedicated to mitigating disinformation harms across platforms. Prior to that, she served as a Principal Researcher at Google. She has advised governments and parliamentary committees on both sides of the Atlantic and investigated Russian interference in the 2016 U.S. presidential election on behalf of the U.S. Senate Select Intelligence Committee. She was distinguished by the MIT Technology Review in the "35 Innovators Under 35" annual award for her work leveraging data science to detect and analyze deceptive campaigns at scale, is an affiliate of the Harvard Berkman-Klein Center for Internet & Society and a lecturer at the Columbia University School of International and Public Affairs.

Sasha Costanza-Chock, Algorithmic Justice League and Harvard Berkman-Klein Center for Internet and Society

Sasha Costanza-Chock (they/she/elle/ella) is a researcher and designer who works to support community-led processes that build shared power, dismantle the matrix of domination, and advance ecological survival. They are a nonbinary trans* femme. Sasha is known for their work on networked social movements, transformative media organizing, and design justice. Sasha is the Director of Research & Design at the Algorithmic Justice League (ajlunited.org), a Faculty Associate with the Berkman-Klein Center for Internet & Society at Harvard University, and a member of the Steering Committee of the Design Justice Network (designjustice.org). They are the author of two books and numerous journal articles, book chapters, and other research publications. Sasha’s latest book, Design Justice: Community-Led Practices to Build the Worlds We Need, was published by the MIT Press in 2020.
BibTeX
@conference {277396,
author = {Camille Francois and Sasha Costanza-Chock},
title = {Neither {Band-Aids} nor Silver Bullets: How Bug Bounties Can Help the Discovery, Disclosure, and Redress of Algorithmic Harms},
year = {2022},
address = {Santa Clara, CA},
publisher = {USENIX Association},
month = feb
}

Presentation Video