What will you be doing only a decade from now when advanced versions of the artificial intelligence program ChatGPT have wormed their way into the fabric of life?

According to some experts, you may be out of a job. Two current labour disputes involving autoworkers and screenwriters are at least partly about the future threat of AI.

When AI comes for the jobs, writers may be among the first to go, warn two respected technology mavens writing in Foreign Affairs magazine. And they are not alone in that view. Even current versions of the AI program ChatGPT can sketch clearer prose than most humans, they say. And those programs are getting better. 

By 2035, as “white-collar workers lose their jobs en masse,” declare Ian Bremmer and Mustafa Suleyman, AI will be running hospitals and airlines and courtrooms. “A year ago, that scenario would have seemed purely fictional; today, it seems nearly inevitable.”

Thumb-twiddling time?

For Bremmer and Suleyman, job losses are a relatively mundane result of the AI revolution. Their ultimate concern is nothing less than the usurping of government power by intelligent machines and those who control them.

But will massive numbers of writers and lawyers and stockbrokers and coders and office workers really be sent home to twiddle their thumbs in a little over 10 years? There are many thoughtful skeptics who say there are really good reasons why that just won’t happen. And at the core of it all, they say, is our unique humanity.

Peeking 10 years into the future leaks into the realm of science fiction, and those who imagine the future — while sometimes offering useful warnings — can easily get things wrong. Viewing the 1968 movie 2001: A Space Odyssey is a good reminder.

“Anyone who says they can tell you that they can predict what’s going to happen is either deluded or lying,” said Canadian science fiction writer Karl Schroeder, who has written about AI in his novel Stealing Worlds and the short story The Suicide of our Troubles.

There is a certain irony in the comment, since Schroeder is also a professional futurist helping companies prepare for what may be around the corner.

He is convinced there is a value in using imagination to frame the possible extent of the AI problem as it becomes better at human tasks.

“It isn’t any different from the question of what to do with the jackhammer when you’re the guy with the pickaxe,” Schroeder said. 

Essential human skills

The lack of certainty over how AI will develop — and how quickly — means its eventual impact is open to infinite speculation, he said. As governments around the world consider how to regulate it, the unknowable nature of what AI will become is just one of many complications.

But unless intelligent machines grow into evil geniuses that decide to crush us like bugs, said Schroeder and everyone else I talked to, there is one certainty in the future relationship between humans and machines, and that is humanity.

“Much of what we do as humans, even though we have our official job titles, goes outside of the official job descriptions,” said AJung Moon, who teaches computer engineering at McGill University in Montreal.

While the artificial intelligence and robotics expert sees various portions of jobs being stolen away by smart software, as that happens, she said, humans will do more of the things AI isn’t so good at.

In her own job teaching university students, she sees AI taking away the boring, bureaucratic and redundant parts of the work, leaving her more time for the kind of human interaction that leads to student success.

“What is their learning journey like? What is their life like?” Moon said. “I can actually get to more forming of connections with my students.”

Things robots cannot do

As someone who has been working at the leading edge of robotics for more than a decade, Moon said a lot of work humans do is in no danger from AI. Hands-on human finesse, the “haptic feedback” of human touch, fine motor skills, the ability to switch abruptly from gentle care and stroking to heavy tasks, or figuring out how to fix old piping in an old house — “that is impossible right now.”

Despite the imminent arrival of devices like Elon Musk’s Optimus robot, Moon said she doesn’t see AI changing that any time soon, meaning that the many jobs that require human judgment, instant decisions and human dexterity will continue to need humans.

In a hospital, for example, artificial intelligence can count the pills, do the paperwork and help create efficiencies in treatment. The advantage is that it will leave more time for tasks where humanity remains indispensable.

That essential humanity entailing not just what we do and how we do it, but the reasons for doing it, is encapsulated in a concept called “human centricity.” It is an approach at the core of work by anthropologist Paul Hartley, CEO of the Toronto-based Human Futures Studio, a kind of management consultancy that has helped tech companies from going off track.

“It’s an articulation of how to keep people really at the centre,” he said.

Hartley, author of the book Radical Human Centricity, said the concept predates recent thinking about AI, growing out of notions about “user experience,” or “UX,” in the technology sector where tech geeks might be tempted to wander off into the never-never land of technology for technology’s sake.

In some science fiction future, AI may eventually be able to think for itself and find its own motivations that are incomprehensible to us. But until that time, no matter how advanced, AI will remain a tool for use by humans for human purposes, Hartley said.

The essential lesson of human centricity is that technology and software tools, including AI, have no purpose if they fail to respond to human needs.

The requirements of humanity, insists Vurain Tabvuma, a professor at the Sobey School of Business at St. Mary’s University in Halifax who has collaborated with Hartley, are also at the heart of why human work will never be supplanted by AI.

Even after it becomes ubiquitous in a decade or so, Tabvuma said he foresees AI as being similar to previous technological advances that, in theory, killed jobs. Human librarians used to bring him books and articles. Now he gets them online.

Machines replaced weavers. Rooms of typists and calculators have been replaced by email and spreadsheet software. Robots have been taking the place of humans on assembly lines and in warehouses for years. But none of those changes have reduced the amount of work people do. Unemployment has never been so low, and many of us seem busier than ever.

Capitalism to the rescue

Reminiscent of the prediction by economist John Maynard Keynes in his 1930 essay Economic Possibilities for our Grandchildren that by now we would be working 15-hour weeks, Tabvuma thinks we probably won’t have a chance to put our feet up this time, either.

Some have warned that the capitalist economy will use AI against human workers, but he said that history shows the capitalist free market will guarantee future work because it will keep finding new ways to use human talent and resources. Tabvuma’s analysis echoes a statement by tech entrepreneur Jack O’Holleran in an essay earlier this month.

“If AI can do 10 times the work of a coder, the majority of companies won’t fire nine of their 10 software engineers,” O’Holleran wrote. “They’re just going to [expand to] 100 times the amount of output they can produce with their current team of 10.”

Tabvuma said it is in the nature of the capitalist economy — the constant renewal known as “creative destruction” or “churn,” motivated by a search for profits — to repeatedly eliminate routinized work and use the resources saved in that process to create new work. AI will not stop that process, he said.

“Over time companies will identify an opportunity, and over time they will start working to make the most of that opportunity,” Tabvuma said. 

And the process does not just happen in a corporate setting. Tabvuma talks to his students about the history of art and artisans going back to Greek and Roman times. On the surface, it appears that techniques for creating posters and painting using printing and photography and then computers have been progressively replacing the skills of human artisans.

“It moves away from people and firmly into the realm of technology,” Tabvuma said. But that has not eliminated artists, he said: “You look at it right now in history? We have never had more artists in the world.”

Human replacement or human helpers

Tabvuma also rejects the idea that a single corporate entity will take hold of artificial intelligence and use it to concentrate wealth and power and dominate humanity. For one thing, while it is now new and expensive, AI will become cheap and widely available to a new generation that understands how to use it. He said it will be hard for any business or sector to corner the market.

“Some of these ideas are advocated by people who believe that the world we live in is a constant and that the businesses we see are always constant, but in capitalist economies, the businesses we interact with right now are not going to exist 10 years from now, or 20 or 30 years from now,” Tabvuma said. At some point, companies like Facebook and Amazon and Apple are going to fail, he said.

“There will be other companies that come up, and if they’re coming up, they will employ people and expand their workforce, improve their technology and gain market share.”

And as for the work of writers offering you something you actually want to read? Tabvuma said as well as manual dexterity, humans have another big advantage.

“Think of the interaction you and I are having right now, the fact that you thought of ‘How am I going to write this new article? I’m going to reach out to these people and interview them, and then out of that process. I’m going to write this article,'” Tabvuma said.

“And that is not physical dexterity, it’s mental dexterity.”

CNN
 — 

It is one of China’s most popular shopping apps, selling clothing, groceries and just about everything else under the sun to more than 750 million users a month.

But according to cybersecurity researchers, it can also bypass users’ cell phone security to monitor activities on other apps, check notifications, read private messages and change settings.

And once installed, it’s tough to remove.

While many apps collect vast troves of user data, sometimes without explicit consent, experts say e-commerce giant Pinduoduo has taken violations of privacy and data security to the next level.

In a detailed investigation, CNN spoke to half a dozen cybersecurity teams from Asia, Europe and the United States — as well as multiple former and current Pinduoduo employees — after receiving a tipoff.

Multiple experts identified the presence of malware on the Pinduoduo app that exploited vulnerabilities in Android operating systems. Company insiders said the exploits were utilized to spy on users and competitors, allegedly to boost sales.

“We haven’t seen a mainstream app like this trying to escalate their privileges to gain access to things that they’re not supposed to gain access to,” said Mikko Hyppönen, chief research officer at WithSecure, a Finnish cybersecurity firm.

“This is highly unusual, and it is pretty damning for Pinduoduo.”

Malware, short for malicious software, refers to any software developed to steal data or interfere with computer systems and mobile devices.

Evidence of sophisticated malware in the Pinduoduo app comes amid intense scrutiny of Chinese-developed apps like TikTok over concerns about data security.

Some American lawmakers are pushing for a national ban on the popular short-video app, whose CEO Shou Chew was grilled by Congress for five hours last week about its relations with the Chinese government.

The revelations are also likely to draw more attention to Pinduoduo’s international sister app, Temu, which is topping US download charts and fast expanding in other Western markets. Both are owned by Nasdaq-listed PDD, a multinational company with roots in China.

While Temu has not been implicated, Pinduoduo’s alleged actions risk casting a shadow over its sister app’s global expansion.

There is no evidence that Pinduoduo has handed data to the Chinese government. But as Beijing enjoys significant leverage over businesses under its jurisdiction, there are concerns from US lawmakers that any company operating in China could be forced to cooperate with a broad range of security activities.

The findings follow Google’s suspension of Pinduoduo from its Play Store in March, citing malware identified in versions of the app.

An ensuing report from Bloomberg said a Russian cybersecurity firm had also identified potential malware in the app.

Pinduoduo has previously rejected “the speculation and accusation that Pinduoduo app is malicious.”

CNN has contacted PDD multiple times over email and phone for comment, but has not received a response.

Pinduoduo, which boasts a user base that accounts for three quarters of China’s online population and a market value three times that of eBay

(EBAY), wasn’t always an online shopping behemoth.

Founded in 2015 in Shanghai by Colin Huang, a former Google employee, the startup was fighting to establish itself in a market long dominated by e-commerce stalwarts Alibaba

(BABA) and JD.com

(JD).

It succeeded by offering steep discounts on friends-and-family group buying orders and focusing on lower-income rural areas.

Pinduoduo posted triple digit growth in monthly users until the end of 2018, the year it listed in New York. By the middle of 2020, though, the increase in monthly users had slowed to around 50% and would continue to decline, according to its earnings reports.

It was in 2020, according to a current Pinduoduo employee, that the company set up a team of about 100 engineers and product managers to dig for vulnerabilities in Android phones, develop ways to exploit them — and turn that into profit.

According to the source, who requested anonymity for fear of reprisals, the company only targeted users in rural areas and smaller towns initially, while avoiding users in megacities such as Beijing and Shanghai.

“The goal was to reduce the risk of being exposed,” they said.

By collecting expansive data on user activities, the company was able to create a comprehensive portrait of users’ habits, interests and preferences, according to the source.

This allowed it to improve its machine learning model to offer more personalized push notifications and ads, attracting users to open the app and place orders, they said.

The team was disbanded in early March, the source added, after questions about their activities came to light.

PDD didn’t reply to CNN’s repeated requests for comment on the team.

Approached by CNN, researchers from Tel Aviv-based cyber firm Check Point Research, Delaware-based app security startup Oversecured and Hyppönen’s WithSecure conducted independent analysis of the 6.49.0 version of the app, released on Chinese app stores in late February.

Google Play is not available in China, and Android users in the country download their apps from local stores. In March, when Google suspended Pinduoduo, it said it had found malware in off-Play versions of the app.

The researchers found code designed to achieve “privilege escalation”: a type of cyberattack that exploits a vulnerable operating system to gain a higher level of access to data than it’s supposed to have, according to experts.

“Our team has reverse engineered that code and we can confirm that it tries to escalate rights, tries to gain access to things normal apps wouldn’t be able to do on Android phones,” said Hyppönen.

The app was able to continue running in the background and prevent itself from being uninstalled, which allowed it to boost its monthly active user rates, Hyppönen said. It also had the ability to spy on competitors by tracking activity on other shopping apps and getting information from them, he added.

Check Point Research additionally identified ways in which the app was able to evade scrutiny.

The app deployed a method that allowed it to push updates without an app store review process meant to detect malicious applications, the researchers said.

They also identified in some plug-ins the intent to obscure potentially malicious components by hiding them under legitimate file names, such as Google’s.

“Such a technique is widely used by malware developers that inject malicious code into applications that have legitimate functionality,” they said.

Android targeted

In China, about three quarters of smartphone users are on the Android system. Apple

(AAPL)’s iPhone has 25% market share, according to Daniel Ives of Wedbush Securities.

Sergey Toshin, the founder of Oversecured, said Pinduoduo’s malware specifically targeted different Android-based operating systems, including those used by Samsung, Huawei, Xiaomi and Oppo.

CNN has reached out to these companies for comment.

Toshin described Pinduoduo as “the most dangerous malware” ever found among mainstream apps.

“I’ve never seen anything like this before. It’s like, super expansive,” he said.

Most phone manufacturers globally customize the core Android software, the Android Open Source Project (AOSP), to add unique features and applications to their own devices.

Toshin found Pinduoduo to have exploited about 50 Android system vulnerabilities. Most of the exploits were tailor made for customized parts known as the original equipment manufacturer (OEM) code, which tends to be audited less often than AOSP and is therefore more prone to vulnerabilities, he said.

Pinduoduo also exploited a number of AOSP vulnerabilities, including one which was flagged by Toshin to Google in February 2022. Google fixed the bug this March, he said.

According to Toshin, the exploits allowed Pinduoduo access to users’ locations, contacts, calendars, notifications and photo albums without their consent. They were also able to change system settings and access users’ social network accounts and chats, he said.

Of the six teams CNN spoke to for this story, three did not conduct full examinations. But their primary reviews showed that Pinduoduo asked for a large number of permissions beyond the normal functions of a shopping app.

They included “potentially invasive permissions” such as “set wallpaper” and “download without notification,” said René Mayrhofer, head of the Institute of Networks and Security at the Johannes Kepler University Linz in Austria.

Disbanding the team

Suspicions about malware in Pinduoduo’s app were first raised in late February in a report by a Chinese cybersecurity firm called Dark Navy. Even though the analysis didn’t directly name the shopping giant, the report spread quickly among other researchers, who did name the company. Some of the analysts followed up with their own reports confirming the original findings.

Soon after, on March 5, Pinduoduo issued a new update of its app, version 6.50.0, which removed the exploits, according to two experts who CNN spoke to.

Two days after the update, Pinduoduo disbanded the team of engineers and product managers who had developed the exploits, according to the Pinduoduo source.

The next day, team members found themselves locked out of Pinduoduo’s bespoke workplace communication app, Knock, and lost access to files on the company’s internal network. Engineers also found their access to big data, data sheets and the log system revoked, the source said.

Most of the team were transferred to work at Temu. They were assigned to different departments at the subsidiary, with some working on marketing or developing push notifications, according to the source.

A core group of about 20 cybersecurity engineers who specialize in finding and exploiting vulnerabilities remain at Pinduoduo, they said.

Toshin of Oversecured, who looked into the update, said although the exploits were removed, the underlying code was still there and could be reactivated to carry out attacks.

Pinduoduo has been able to grow its user base against a backdrop of the Chinese government’s regulatory clampdown on Big Tech that began in late 2020.

That year, the Ministry of Industry and Information Technology launched a sweeping crackdown on apps that illegally collect and use personal data.

In 2021, Beijing passed its first comprehensive data privacy legislation.

The Personal Information Protection Law stipulates that no party should illegally collect, process or transmit personal information. They’re also banned from exploiting internet-related security vulnerabilities or engaging in actions that endanger cybersecurity.

Pinduoduo’s apparent malware would be a violation of those laws, tech policy experts say, and should have been detected by the regulator.

“This would be embarrassing for the Ministry of Industry and Information Technology, because this is their job,” said Kendra Schaefer, a tech policy expert at Trivium China, a consultancy. “They’re supposed to check Pinduoduo, and the fact that they didn’t find (anything) is embarrassing for the regulator.”

The ministry has regularly published lists to name and shame apps found to have undermined user privacy or other rights. It also publishes a separate list of apps that are removed from app stores for failing to comply with regulations.

Pinduoduo did not appear on any of the lists.

CNN has reached out to the Ministry of Industry and Information Technology and the Cyberspace Administration of China for comment.

On Chinese social media, some cybersecurity experts questioned why regulators haven’t taken any action.

“Probably none of our regulators can understand coding and programming, nor do they understand technology. You can’t even understand the malicious code when it’s shoved right in front of your face,” a cybersecurity expert with 1.8 million followers wrote last week in a viral post on Weibo, a Twitter-like platform.

The post was censored the next day.