ARTIFICIAL INTELLIGENCE & PRIVACY: Privacy is not dead, it’s just complicated

“Arguing that you don't care about the right to privacy because you have nothing to hide is no different than saying you don't care about free speech because you have nothing to say.” ― Edward Snowden

Cloud computing, artificial intelligence, and privacy rules are the three building blocks of a new digital world order that would see humanity reach new levels of sophistication on the social, political, and economic spectrum. The long road towards such a new world order, however, is not without its pitfalls. One of the most pressing of these being the situation of severe tension and incompatibility between the right to privacy and the extensive data pooling on which efficient cloud computing and sophisticated artificial intelligence is based.

What we know is that in the last decade, data has become more and more of a commodity amongst both governments and large private institutions. So much so that they’ve employed some of the most sophisticated data mining practices to rapidly collect data about every aspect of our lives, in hopes to monopolize insights on our activities, behavior, habits, and lifestyles. Today, the symptoms of this are everywhere, from data-driven innovations such as open banking transforming the customer experience, to tech companies launching inexpensive sensors and data-collection devices to enable the constant flow of big data to central servers in which they are analyzed by “brains” or artificial intelligence algorithms for primarily: data exploitation, identification and tracking, voice & facial recognition, prediction, and profiling purposes.

No tech company has been as bullish on data-driven consumer insights as Amazon, whose inherent frivolity of user privacy has fuelled the need for privacy-centric regulation. Last week the tech giant rolled out Alexa (native personal voice assistant) everything from eyeglasses called Echo Frames -- through which Alexa can be accessed, to the Echo Loop -- a bulky looking mic’d-up ring that looks fresh off a James Bond film. Whilst, Amazon sought to address user-privacy concerns with a new feature enabling users of Alexa to delete recordings of their interaction with the voice assistant, many saw this as too little too late. And we agree.

This tussle between privacy and technological progression provided the foundation for a panel discussion at this week’s Sibos conference in London titled: ‘Cloud, AI, and privacy: Building blocks of a universal collaborative platform?’. Samik Chandarana of JP Morgan explained “Banks have to care a little bit more and have been built on a bastion of trust for many years, but you do not want your payments data to not be secure. There is a constant challenge between keeping things private and leveraging AI. Data has a different ruling in different jurisdictions, we have to play the lowest common denominator game.” Autonomous Research’s very own Pooma Kimis agreed with Chandarana, adding that companies of all types “do not have the necessary awareness to make data privacy decisions”, concluding that tech partnerships and industry-led student programs are essential to curb this.

Lastly, let’s touch on the notion of the “privacy paradox”, which refers to the discrepancy between the concept of privacy reflected in what users say (“I am very concerned for my personal privacy”) and their actual behavior (“Free mint-chip ice-cream for connecting my Facebook account to your website? Of course!”). This extends to organizations, too. The type of information we share with our bank differs from what we share with our healthcare provider, etc. you are different people to different groups. This introduces the notion of privacy control, which is initiated by user awareness. When individuals discover their data is being used in ways they did not expect, they often feel blindsided and get angry. As Jaron Lanier has observed, “Whenever something is free it means that you are the commodity that is being sold.”

And so, in this digital world, privacy -- at the conceptual level -- needs to be treated by regulators, banking & tech institutions, and governments as seriously as the right to freedom of expression. At a functional level, privacy must constantly evolve with the technology that seeks to use and/or exploit it — from the right of individuals to benefit from the commoditisation of their personal data, into a collective right of defence against AI traps, in the context of corporate (Cambridge Analytica), governmental (China’s Social Credit System), and individual exploitation (Social Blackmail).


BIG TECH & CYBER SECURITY: Every cloud has a surveillance lining

Let's be honest here, before the turn of the 21st century, if a stranger asked to keep our photo in exchange for a funny caricature, or a supermarket had asked to put a microphone in our homes, or a train company had asked our whereabouts in the station, or physical education teacher had asked us for our step count and sleep data every day, we would have said no. Now days, we upload multiple photos to Russian-based FaceApp, buy Amazon Alexas, use London Underground’s free WiFi, and track our activity on Garmin watches. And still manage to sleep well at night...well some of us at least. We recently learnt that both Amazonand Google admitted to having employees listen to recordings from their smart speakers. Whilst Facebook argues that its "users have no expectation of privacy" on their posts. These big US internet companies — Amazon, Apple, Facebook, Google and Microsoft — have all, to some degree, failed to protect their users' data and establish a base level of security. Controversies about how Facebook -- who received a $5B fine by the Federal Trade Commission -- shared user data with developers such as Cambridge Analytica and foreign governments earns them the lowest marks on security and data privacy, while Apple's strong emphasis on adopting considerably better policies than its more data-hungry competitors, might earn it the highest marks among the five. Other examples worth noting can be found in a previous newsletter entry here.

Relatively, there are more sophisticated means to retrieving user data without the target always being aware that it is happening. One of these was revealed by the Royal Melbourne Institute of Technology, who used various native sensors — such as the accelerometer — found in smartphones to predict the personality traits of its user. Similarly, yet more terrifying, a recent story published in the Financial Times, noted how most internet companies are equally at risk from a mobile phone spyware suite called Pegasus -- produced and sold by Israel-based “Cyber Warfare” vendor The NSO Group. The same spyware implicated in a breach of WhatsApp earlier this year. Private agencies and governments have long used Pegasus to successfully harvest private data — such as passwords, contact information, calendar events, text messages, and live calls — from the mobile phones of targeted individuals. 

Shockingly, the story focuses on the recent evolution of the spyware to infiltrate the data residing in the cloud used by the targeted individual. Such data can contain a full history of location data, archived messages and/or photos, emails, sensitive passwords, and financial records. The way it works is rather smart as it allegedly copies the authentication keys used by services such as iCloud, Google Drive, Facebook, Box, and Dropbox, among others, from a corrupted mobile phone. The keys are what these services use to verify an individual's identity, and thus provide them with access to the data on the respective cloud server. Put simply, these keys allow for an attacker to impersonate the target's phone in order to gain access to the data stored on the cloud, bypassing 2-factor authentication and login notifications. Notably, the NSO Group denies having spyware that can hack such cloud applications, services, or infrastructure.


As noted in the first entry above, the world is shifting to a more digital and decentralized form of finance and commerce, whether it be Wealthfront or Betterment roboadvisors assisting you in facilitating your wealth management, or using Robinhood's mobile app to enact stock trades. The truth is that most of this data flows through the cloud services of internet companies. And so long as hacking tools like Pegasus exist, coupled with our willingness to brazenly share our data with attention platforms, such sensitive data is subject to surveillance. But don't delete your Facebook profile just yet, as "good tech companies" — such as CrowdStrike, Cylance, and SentinelOne — are coming to our aid to fight and protect us against such cloud-native surveillance tech. Earlier this month, shares in CrowdStrike — the cyber security company that uncovered Russian hackers inside the servers of the US Democratic National Committee — jumped 97% in their trading debut on the NASDAQ, valuing the California-based cyber security group at $6.8 Billion. Since then, quarterly reports indicate revenues have risen 103% year-on-year to $96.1 Million, primarily due to the growing demand for its expertise in combating malicious cyber hacks. In any case, stay vigilant, as what we deem most crucial to our privacy in everyday life is what surveillance tech seeks to exploit (Read more here).


Source: Tom Gauld (New Scientist), CitizenLab (Hide and Seek Report), Financial Times (NSO Group Technologies), Pew Research Center (Security & Surveillance Report 2015), Pew Research Center (Americans & Cybersecurity)

BLOCKCHAIN: Microsoft Azure on Cryptlets

Source: Microsoft

Source: Microsoft

So this one is a bit hard to parse, but 100% worth it. Above we just established that Ethereum's open source infrastructure could be an alternate smart contract language to many of the well-funded startups. But even more so, Microsoft Azure, the enterprise cloud, is coming pre-installed with ready-to-go Ethereum infrastructure that makes the creation and deployment of these apps much easier to manage. Microsoft then could be in a pole position to be the massive hosting repository for financial data, period. The concept of Cryptlets is the tech firm's approach for separating the data layers, business logic layer and presentation layer of the tech using APIs. Read more.