A common misconception is that IT teams can manually compile a list of sensitive data
A brief on how AI is compromising our right to privacy and ways to tackle it.
Artificial Intelligence (AI) is high on the agenda across most domains due to these three attributes: scale, speed, and automation. AI processes and sorts through copious amounts of information, at a speed that is unmatched by human analysts. Tools built with AI have enabled the automation of routine yet critical functions that are followed by impactful repercussions, such as employee verification, approval of loans, and more. These functions and their implications make it vital to shed light on the privacy aspect within AI.
Is AI compromising our right to privacy?
It is crucial to strike a balance between keeping a tab on our fundamental right to privacy and the remarkable headway made in AI. Sometimes, organizations and individuals make use of AI to extract information surrounding their consumers without their consent, thus violating their privacy.
Following are a few ways social actors employ to capitalize on data and affect privacy with the help of AI:
· Data exploitation: Consumers are unaware of the data that their gadgets (smartphones, computers, electrical appliances, etc.,) process and share from time to time. As consumers ceaselessly latch on to such devices, they become increasingly vulnerable to data exploitation
· Identification and Tracking: Social actors may utilize AI to identify and track their consumers every so often. What is considered anonymized personal data may also be de-anonymized if explicit measures are not taken to protect the privacy of the data
· Specialized AI- Voice and Image recognition: These two methods are increasingly used by large corporations to provide innovative experiences to their customers. However, some of them can de-anonymize individuals and their personal data
· Prediction: AI-based systems possess the ability to employ complex algorithms to decode/predict sensitive information from a non-sensitive data pool. Metrics like, location data and activity logs can expose sensitive information, like political views, mental status, ethnic makeup, etc., of an individual, which can be consumed by corporations to nudge consumers in lucrative directions
GDPR and CCPA- Bastions of Data Privacy:
· General Data Protection Regulation (GDPR): With advancements in AI, the need for data as fodder to train AI-based systems now (which can come from consumers), is greater than ever. Legal structures like Europe’s GDPR, understand the need to protect consumers’ right to privacy. GDPR went into effect in May 2018 and applies when AI-based systems utilize personal data to make decisions about individuals without their consent
· The California Consumer Privacy Act (CCPA): CCPA comes as a toehold to other states of the U.S. to pursue such laws in the interest of consumers’ right to privacy. The act is set to take effect in January 2020
Four different methods offered by Cryptology that help protect data privacy in organizations:
· Differential Privacy: It intentionally generates “noise” i.e. randomness, in a database that prevents systems from extracting sensitive information about a person, while also preserving the overriding characteristics of the dataset
· Homomorphic Encryption: It is a technique that allows analytical solutions to work on an encrypted dataset without letting it decrypt classified information. This technique shows a promising future, though it lowers the efficiency of the algorithm employing it
· Transfer learning: This method facilitates the utilization of existing/pre-trained models that solve similar tasks. It allows for the usage of fewer data to achieve the same result in a shorter span of time
· RAIRD: Developed by Statistics Norway (SSB) and the Norwegian Centre for Research Data (NSD), this system allows the dissemination of data by permitting access to a metadata of the underlying dataset, while upholding confidentiality
Best Practices to maintain data privacy within AI:
· Blockchain-enabled data lineage: Blockchain has several priceless features that help determine the origin of data. Its unmodifiable chain, the immaculate protection of the sequence of data, etc. can come in handy while trying to trace back the origin of data. Today, some of the more advanced data governance tools find their foundation in such technologies. Starting from any alterations made to the chain to when those alterations were made, everything is cryptographically stored and linked in the blockchain. It does not allow for any modifications in the link. Such systems facilitate firm auditing abilities to showcase their inflexibility to regulatory authorities
· Lifecycle management: Mastering lifecycle management will benefit organizations in more than one way. In order to feed your AI-enabled systems with the required data and yet eradicate the data that is no longer needed, organizations must perfect this aspect of data lineage. Often, organizations tend to store data longer than intended which makes them vulnerable to legal data protection requirements. Organizations can set expiration periods for their data while conforming to data governance policies. But, in the end, they are responsible to destroy these data stores from their systems. The data once expired, doesn’t automate its deletion until the organization steps in. “But, [until then] no one can see it and no one can access it. So it covers you from that point of view of saying I retained this for this time required, I can prove it and show you it was available for this period of time and show you on this date it was no longer available” says Rod Harrison, CTO of StorCentric and Vice President of Engineering
· Security and disaster recovery: The advanced technologies that are similar to blockchain are used for securing data against viruses, malware, etc., Competent solutions in this field let organizations classify stored data into different tiers. This allows for the data tiers to be replaced with shortcuts after a set period of time, making room for upcoming data. This also allows you to actively access your most used data from your local systems. Automating the creation of shortcuts will help your organization restore systems during unfortunate events of security threats like ransomware attacks. These data archiving systems often come in pairs and restore data quickly and intelligently. Harrison says “you can essentially bootstrap your business back to life after a catastrophic event in exactly the perfect order that you need, rather than trying to guess what to restore first.”
Data Privacy within AI is a heavily layered concept that currently requires our collective attention to take a step towards a world destitute of privacy lapse. Social actors, who use data mining techniques need to take the onus and make an effort towards creating intelligent systems that conform to data privacy laws and uphold the confidentiality and trust of the society as a whole. Discussions on the ethical aspects of AI should be encouraged in every organization. On a larger scale, the private sector, consumers, and the academic community can come together to further the development of an ethical code that keeps up with the technological, social and political developments.
When it comes to protecting data, organizations need to view it as an innate entity of their security and privacy program. Complacency can no longer be an option and it is time to take heed of all aspects of one’s data handling processes. Organizations struggling to address the myriad security and privacy regulations around data should look no further. When it comes to selecting a solution that helps you navigate the complex data security and privacy regulation landscape, Kogni is your best bet. For a comprehensive security product with already built-in solutions around GDPR and other data security and privacy regulations, write to firstname.lastname@example.org or visit kogni.io
Michael Daene., (September, 2018): AI and the Future of Privacy. Retrieved from-https://towardsdatascience.com/ai-and-the-future-of-privacy-3d5f6552a7c4
The Norwegian Data Protection Authority., (January 2018): Artificial Intelligence and Privacy., Retrieved from-https://www.datatilsynet.no/globalassets/global/english/ai-and-privacy.pdf
Jelani Harper: Best Practices For Holding Artificial Intelligence Accountable. Retrieved from-
Infographic: Cyber security network and artificial intelligence technology concept. Robot hand using mobile phone with master key connect world networking virtual graphic and binary coded with black background. - Image. Retrieved from-https://www.shutterstock.com/image-photo/cyber-security-network-artificial-intelligence-technology-695337574?src=55PycIZEHZ2SWdkRSrCSCg-1-23&studio=1