Abstract
Introduction
The idea behind this article commenced in the wake of the Facebook scandal of March 17, 2018, produced by the revelations from The Guardian and other media, which reported that Cambridge Analytica (CA) was exploiting the private data of millions of people.
CA was described by its own former research director, Christopher Wylie, as a powerful “full service propaganda machine” 1 that would have used the science of data and algorithms to influence voting processes around the world “playing with the psychology of an entire nation.” As an example of this great power, Wylie affirms that CA played a decisive role in the digital strategy of the presidential election that resulted in the victory of Donald J. Trump.
Even with so much power and influence, CA disappeared due to a scandal—and the loss of its reputation—in only 45 days, when on May 2, 2018, it announced it would cease operations and file for bankruptcy.
The initial purpose of this article was to reflect on the CA case and identify possible risks that the use of private data through artificial intelligence (AI) technologies represents for the gaming industry, without the existence of a prior regulatory framework. We—as coauthors—never thought that in such a short time, not only would CA cease to exist, but also the “possible risks” that we had envisioned in March 2018 would become an unfortunate reality only a few weeks later.
On April 30, 2018, The Guardian published another article related to the use of AI, but this time centered on the betting sector: “Revealed: How Bookies Use AI to Keep Gamblers Hooked.” “Artificial intelligence is being used to predict behavior in ‘frightening new ways’ despite the condemnation from MPs [members of Parliament] and campaigners,” 2 in a few words suggests that AI could be used to further entice or entrap problem gamblers.
At the time the coauthors finished this article (beginning of May 2018), this accusation against the “bookies” had not had major consequences; however, considering how unbelievably fast things unraveled for CA, we would not be surprised to see one or more companies in the gaming industry affected by this new scandal published by The Guardian in the near future.
Throughout our research, we observed that most people believe that the use of AI through massive platforms such as Amazon, Google, Facebook, WhatsApp, and many others, would be limited to the use of private data for traditional marketing (i.e., analyzing consumer trends to boost sales). However, everything seems to indicate that AI is also processing people's data to predict future acts based on psychological and emotional profiles. Logically, we consider this to be an important risk because there is almost no regulation in this regard, and scandals of this nature—particularly on the Internet—are in vogue and spread around the world in a matter of minutes, regardless of whether they are real or not.
Due to the foregoing, we believe it is important to know what AI is, what its benefits and risks are, who is using it, how and for what reasons it is being used, and how is it regulated. These and other topics will be addressed in the following sections.
AI Is Not Science Fiction, but Reality
In 1950, Alan Turing astounded the world with one little question: “Can machines think?” 3 which construes itself as the very foundation of AI. More than half a century later, we are facing the consequences of not only having intelligent machines, but having machines able to think for us, while trying to fully understand the logic behind this concept.
When asked what AI is, John McCarthy, known as one of the founding fathers of AI, described it as “the science and engineering of making intelligent machines, especially intelligent computer programs. It is related to the similar task of using computers to understand human intelligence, but AI does not have to confine itself to methods that are biologically observable.” 4
Up to this point, there is nothing frightening about AI. An intelligent software program does not seem threatening because it is built by human intelligence and, supposedly, that should be its limit. Moreover, it was thought to make some tasks simpler, faster, and more accurate for humans so, in this scenario, people were the primary beneficiaries of AI.
However, as we have come to learn in the past few years, AI and the benefits of its daily basic uses, without the proper regulations, can rapidly become a menace to our privacy, our livelihood, and as some experts have pointed out, even to our existence as mankind.
Benefits and Dangers of AI
It would be naive to deny the improvement that AI has brought into our lives. From surgical procedures to self‐driving cars, AI has shown endless benefits to modern civilization. The virtuousness of artificial intelligence can be partly explained as a function of the limits inherent to human intelligence. These limits are determined by evolution, biology, and social standards imposed in every society. It is possible for the human brain to learn and to achieve perfectible outcomes, but the learning process is much slower in comparison with that of a machine.
Cambridge Professor Huw Price 5 has warned that “we face the prospect that designed non‐biological technologies, operating under entirely different constraints in many respects, may soon do the kinds of things that our brain does, but very much faster, and very much better, in whatever dimensions of improvement may turn out to be available.” 6
However, does AI's fast development pace still remain under human control? For various reasons, many think it does not.
During the 2017 Web Summit Technology Conference in Lisbon, Portugal, the famous and recently deceased Professor Stephen Hawking alerted the public to the downside of AI. He recognized the greatness in technological advances and how useful they have become in this modern era, even embracing the possibility that AI could put an end to world poverty and reverse the ecological damage caused to Earth. Yet he shows concern about the scope of it, precisely due to a lack of understanding and clear boundaries.
Hawking's stance could be summarized in this idea: “We cannot know if we will be infinitely helped by AI, or ignored by it and side‐lined, or conceivably destroyed by it.” 7
Elon Musk, founder of Tesla, Inc., SpaceX, OpenAI, and other cutting‐edge technology enterprises, gave a very similar opinion at the U.S. National Governors Association Meeting in 2017. 8 While addressing a room full of American lawmakers, Musk spoke about the dangers of AI. For him, AI constitutes one of the biggest risks we are facing today and the best recommendation to everyone who actively contributes in an AI field is to learn about it and to direct AI to the social benefit. In other words, to not let AI escape from human control, we must act within a clear regulatory framework pursuant to a right‐minded purpose.
These opinions are examples of different thinkers calling out the need to take action to establish control measures to ensure AI remains at the service of mankind. One of the latest attempts to create awareness on this matter is the documentary called “Do You Trust This Computer?” 9 (released a few days after Hawking's passing). In it, filmmaker Chris Paine explores every side of AI through a series of interviews from experts, users, and developers while questioning the current ethical use of technology.
Indeed, nowadays, trust seems to be the most controversial aspect of AI. Are people capable of trusting their electronic devices with the safety of their personal data and the privacy of their communications and content creations? Because of its complexity, the knowledge of AI and the algorithms behind it escapes the grasp of most of the population. This translates into an absence of verifying processes and control systems.
The documentary also expounds on the velocity in which AI systems can learn and perfect new tasks such as, for instance, online gaming. In 2014, Google acquired DeepMind, a company specializing in the research and development of AI. DeepMind designed a poker program that was able to defeat the best poker player in the world within a few weeks. The most concerning part of this is that, particularly in a poker match, the intellect of the player and the chance of the cards are not the only factors implicated; it is also about perception and misleading the opponents. Thus, if a machine can beat a human in a poker game, it means that AI not only exceeds human intelligence, but it is also capable of surpassing human emotions with tremendous speed.
Without assuming a position in favor or against AI, we must accept an absolute fact: AI has positive as well as negative effects and the challenge is to figure out how to maximize the first whilst reducing the second. The only consensus resides on the need to approach AI from an interdisciplinary standpoint.
The Unknown Role of AI in the Facebook Situation
As mentioned at the beginning of this article, the authors were inspired by the Facebook case, which is now publicly known around the world due to the huge data leakage. What role did AI play in the scandal? We will detail our findings of what we consider to be the “blind spot” of this whole plot.
In 2015, a technology developer, Aleksandr Kogan, allegedly sold the personal information contained within nearly 90 million Facebook profiles of users residing in the U.S. to CA. Three years later, news broke that CA used this information to influence their votes during the 2016 U.S. presidential election.
But can this really be feasible? Is it possible to actually manipulate the decisions of almost one hundred million people based upon mere data stored within the systems of a social network? Some in the U.S. Congress feel it is.
During his recent hearing before the Judiciary and Commerce Committees of the Senate 10 on April 10, and before the Energy and Commerce Committee of the House of Representatives 11 on April 11, Facebook CEO Mark Zuckerberg was queried by a hundred lawmakers with regard to the breach against the data security and privacy policies implemented by the social network.
Zuckerberg mentioned that, aside from the networking benefits of the platform, the business model of Facebook is the sale of advertising space within its website at a more accessible cost than other media. This business model has been constantly evolving along with AI development. In the case of Facebook, AI has enabled the creation of algorithms that help the platform better target advertisements by showing users “relevant” ads based upon their direct feedback. It is also based on the analysis made by these same algorithms of the user's preferences, interests, and behaviors to make their mandatory advertising experience more relevant while using the platform.
These algorithms have been programmed to analyze the personal data available, as well as all the information stored on each user's Facebook profile (uploaded by the same users). Based upon that analysis, which can be reasonably presumed to represent the user's preferences and interests, it places the most relevant advertisements on their timelines for them to see. In a nutshell, Facebook uses data scraping programs for their advertising space to show relevant ads to its users.
A massive Internet platform of this nature not only knows who the friends and family of its users are, but also what they like to read, to eat, what their hobbies are, what their relationship status is, which events they attend, which places they visit regularly, and even how they feel emotionally, as well as their physical location at any moment. While Facebook's apparently harmless tools are used to create and improve communications between businesses and customers, the lack of proper care may drive other more Machiavellian purposes, such as influencing the decision of a vast number of voters in order to manipulate a presidential election, as CA allegedly did.
The biggest concern regarding this specific case is the supposed manipulation of internal U.S. politics by foreign countries (i.e., Russia) by using data scraping and assumption algorithms programmed with the information from Facebook users. Furthermore, by creating content designed to spread misinformation (recently named “fake news”) among specific users determined by these algorithms, these “bad actors” created fake profiles to support them, which caused the necessary political, religious, and racial division that eventually influenced the results of the presidential election. By the time Facebook was aware of this alleged manipulation, it was too late.
The Facebook Aftermath: Self‐Regulation or Independent Regulation?
That late awareness from Facebook was used by several lawmakers to support their conclusions for the need to establish specific rules for the various scopes of the business of Internet companies, as well as standards for certification required under those rules. Moreover, on many occasions, U.S. senators tried to force Zuckerberg to commit, both personally and on behalf of Facebook, to assist in drafting these new regulations. In order to convince him, they used many arguments, from the personal feelings of the CEO towards the overall situation, to the reflection on the fact that these kinds of situations have huge negative impacts on the reputation of a company, causing financial costs much greater than those necessary for compliance with external regulations. Nonetheless, whilst Zuckerberg agreed with the general principles argued by the senators and representatives for new regulations, he only mentioned that his team would follow up later with regards to such assistance and subject to the analysis of the specific details of the intended regulation.
In parallel to legislative workshop discussions, the measure that Zuckerberg insisted upon the most for the enforcement of privacy and content policies was the use and improvement of AI, which has come a long way since the early times of Facebook. In the beginning, there was no AI technology that could look up the content that people were sharing, so they “had to enforce their content policies reactively”; meaning that people could share what they wanted and if other users deemed it to be offensive or contrary to Facebook policies, they would flag it to be reviewed. Nowadays, thanks to constantly evolving AI, it seems possible for Facebook to identify and ban these types of content—in most cases before it reaches the users.
But, the programming to identify malicious content still needs to be perfected, especially concerning the lack of filters for advertising in regulated industries. In particular, the U.S. Congress queried Zuckerberg on advertisements placed by illegal pharmacists that promote sales of opioids and other controlled drugs without a prescription. They were not being banned by Facebook's AI nor were they being flagged by users, so they would still appear on the site. The CEO replied that they would be improving their AI so it could identify this content and ban it immediately, before it reached users, so there would not be the need to flag them.
Self‐regulation is very useful because it allows the experience acquired by different entities belonging to the same industry to establish certain basic guidelines, especially regarding consumer protection. However, it is general knowledge that no matter how much the private sector issues limits based on ethics and good practices, the reality is that self‐regulation will never have the weight of government or independent regulation. To ensure compliance—and especially to control and sanction “bad actors”—the preexistence of an independent regulator is necessarily required. Companies cannot be judge and jury, especially when a technology that is as complex and unknown as AI is added to this whole equation.
Indeed, the evolution of AI has raised concern from many experts. They seem to be unsure about whether it can evolve by itself without the intervention of a human software programmer and whether it can autonomously alter its tasks beyond initial configuration. Zuckerberg himself seemed to be unsure whether the AI used by Facebook could have various apps communicating between themselves beyond their configuration. The specific example used was whether the platform could also show banner ads to users based upon the contents of messages sent over WhatsApp (owned by Facebook). The direct answer from Zuckerberg in connection with privacy was that “Facebook systems do not see the content of messages being transferred over WhatsApp.” When the senator extended his query and asked “whether these systems talk to each other without a human being touching it,” after looking hesitant for a moment, the Facebook CEO refused to provide a direct answer to that question and only reaffirmed that the messages in WhatsApp “would not inform any ads.”
On the other hand, when queried on the measures Facebook adopted upon discovering the CA data breach, Zuckerberg replied that they had demanded both Kogan and CA to delete all the information in their possession immediately and hired a firm (without mentioning its name) to formally certify that such deletion had been made. Zuckerberg was also queried on the accuracy of this audit since the CA data breach was not disclosed after audits practiced under an arrangement with the Federal Trade Commission (FTC) in 2011. This raised the consideration that the auditing standards used were unclear and questions about the trustworthiness and reliability of self‐regulation, in retrospect and in connection with the new audits that Facebook would be conducting henceforth for apps that previously had access to a huge amount of data before the privacy policy changes made by the platform back in 2014.
In connection with the previous discussion and based on what we have observed in the development of the gaming industry over the years, we can state without any doubt that no private company or entity has the authority to unilaterally establish standards and certifications that are reliable and will effectively guarantee the safety of consumers. Likewise, when a newly created technology develops in a new market or industry, sooner or later, people and entities that seek to evade the rules emerge. Hence, the intervention of the respective authority or regulator will always be required to guarantee the consumer's protection.
Privacy Laws Are Missing the AI Component
The recent scandals arising from misuse of personal information collected by Internet companies from their users seem to have a constant origin: non‐existent, lenient, or outdated legislation. The lack of enforcement, which may be a direct consequence of obscure legislation, has also contributed to the dubious handling of personal data that clients and users have been forced to endure all around the world. These scandals have proven that laws and regulations currently applicable to data privacy are insufficient for the digital era.
Nonetheless, new efforts are being made to strengthen digital privacy laws. The European Union (EU) has taken the lead with the General Data Protection Regulation (GDPR) that became effective as of May 25, 2018. The vanguard element of this regulation is the empowerment of individual users, under the principle of respect to “private and family life,” through the inclusion of a series of rights, such as the right to both remove and correct any personal information about them online, and the right to forbid a company to transfer their personal data to other companies.
The GDPR differentiates itself from other legislation, such as U.S. laws, in various manners. For example, the GDPR is a uniform regulation that provides a uniform enforcement organ for all member states of the EU. The United States has its privacy regulations and their enforcement disseminated throughout various laws and organisms like the Federal Communications Commission (FCC), which is in charge of the rules concerning what data Internet service providers can and can't sell; or the Federal Trade Commission (FTC) which enforces the Children's Online Privacy Protection Act. On the other hand, health data is protected under the Health Insurance Portability and Accountability Act. Moreover, each state has its own rules 12 and due to the polarization of states' data protection, rules and regulations change with every different administration, so the general overview may be a bit cloudy for individuals in the U.S.
The foregoing results in individuals not having enough ownership rights over their personal data, which has been used by Internet companies to exploit and obtain profits from it. Unlike this situation, the GDPR provides that individuals in the EU shall have full control of their information by establishing strict norms for companies to obtain informed and detailed consent from users, including the specific details of which information will be used and how, so only strictly necessary information may be collected.
Finally, one of the main differences between data privacy in the EU and the U.S. is the possibility for EU users to request the deletion of absolutely all of their personal data, known as the “right to be forgotten,” compared against the lenient rule in the U.S. that companies may keep the information indefinitely, pursuant to their respective privacy policies.
However, the self‐evolution of AI is still an underlying issue that may elude the strictest regulation. Whilst programmers may design data collection algorithms to comply punctually with each statutory provision on data privacy, it is important to bear in mind that computers always seek a more efficient way to fulfill tasks without the awareness of legal and moral limits that an average human being would have. The possibility of AI evolving and altering its tasks beyond initial configuration by itself or autonomously communicating with other systems that had not been authorized by users is something that needs to be carefully revised. Mindful and comprehensive regulations need to be set to establish clear boundaries for AI functions and to establish proper accountability in case this results in a breach.
Can AI Help Reduce the Risk of Problem Gambling?
We have learned so far that AI can be used to easily obtain personal data and to interpret that information to influence someone's choices, and as Mattha Busby 13 has pointed out, AI has already reached the gambling industry.
Busby affirms that “[p]ublicly, gambling executives boast of increasingly sophisticated advertising keeping people betting, while privately conceding that some are more susceptible to gambling addiction when bombarded with these type of bespoke ads and incentives.” 14
Apparently, some gambling operators are using personal data to target gamblers by pushing their products through various digital platforms. This practice is not illegal and does not fall outside the purpose of advertising, which was designed to create needs and exploit human emotions to sell products. However, since the scope of AI is not yet truly comprehended or regulated, it can become a sophisticated and dangerous tool to promote gambling. Again, we are facing the problem of a lack of regulations to prevent the misuse of technological advances.
As some of the aforementioned experts have indicated, AI is not good or evil itself, it is the use we give to it that can harm or benefit users. Therefore, we perceive a silver lining: AI can be used to promote responsible gambling.
An AI that is able to detect addictive behaviors or identify those at risk of developing a gambling problem would definitely be good news. An utmost difficult task could be fulfilled because, other than the persons willing to participate in self‐exclusion programs, there are currently no simple ways to identify and keep this vulnerable segment from gambling. The development of such AI may be presented as a breakthrough for the gaming industry by setting forth the technological mechanisms that can automatically control and ensure an appropriate use of both gaming and gambling activities.
Conclusions
AI is one of the most sophisticated tools for development available to present and future generations. However, due to its complexity and the absence of regulation, its effects on mankind may vary. Competent regulatory bodies must establish trustworthy certification and other risk control practices to guarantee the safe use of AI. Trust is a crucial element for the proper development of our industry, which is in part generated through ethical and licit use of technology. Therefore, reputation, ethics, and laws play an essential role in the involvement of AI in the gaming sector.
The Facebook situation sets a clear example of how thin the line has been drawn with regard to the safe use of AI. Whilst it can help businesses reach a larger number of potential customers via the marketing leverage it affords, it can also be used to spread malicious content by assisting “bad actors” that manipulate and create risks among the population. And there is underlying doubt about whether AI would stay restricted to its configuration or if it can autonomously alter such configuration itself without programmers knowing about it. Not even AI developers are sure that this is not happening.
It is not viable to continue exploring AI without the proper understanding of its infinite possibilities and without establishing clear boundaries to its uses. Developers, leaders, thinkers, lawmakers, and society in general must work together to create proper regulations for AI to become a positive element in everyday life. Privacy regulations should establish the necessary mechanisms to determine and set clear boundaries for the use of AI in the overall processing of data. Instead of enticing people with gambling problems or other vulnerable conditions to visit betting sites, AI can be used to restrict these people from betting once they are identified. This constructive use of AI is a new way in which the gaming industry can comply with responsible gambling guidelines.