Privacy and Security

Difference between Privacy and Security:

Privacy -

  • Collection of personal information

  • Using and disclosing personal information in an authorized manner

  • Data quality

  • Access to personal information

Security -

  • Confindetiality: data being stored is safe from unauthorized access and use

  • Integrity: Data is reliable and accurate

  • Availability: Data is available for use when it is needed

  • Security is a necessary tool to build privacy.
    • BUT a communication can be secure and not private.
    • The objective of data security programs is the protection of data
    privacy. (Source)
    • Security is confidentiality, integrity and availability of data.
    • Security offers the ability to be confident that your privacy
    decisions are respected.
    • Cell phone communication: can someone listen to my calls?
    • Privacy goal allows me to say NO
    • Security technology allows that goal to be realized.


Similarities: Both work towards the protection of personal information

Major Issues Concerning Online Privacy:

  • Spying and Snooping: When you are online, you are spied by a number of
    "trackers" for various purposes, information can be used by cybercriminals for illegal purposes

  • Information Mishandling: There are various sites on the internet that need your personal information to get access to their services. These sites often store cookies and save your personal information and later use it for various purposes. Most of the time this information is not encrypted and can be accessed by anyone.

  • Location Tracking: Most of the internet users proudly upload their social media posts highlighting their current location along with tagging friends and family members. This data does not remain restricted to your expected audience only. This same data is stored on the social media site you are using and stays there forever, often without you knowing (though you may have given consent through a terms and services agreement). Along with social media apps, Google Maps and other apps also ask for your location and by turning on your location you are providing first-hand information to the world about where exactly you are and what your next move is, which is certainly risky and insecure.

  • The Fourth Amendment of the US Constitution protects citizens from unreasonable searches and seizures. Its application to digital data is not always clear.
    • Digital privacy is the ability of an individual to control and protect the access and use of their
    personal information when they access the internet. In most cases,
    • Law enforcement can't search a person's electronic devices without a warrant.
    • The Fourth Amendment applies to electronic surveillance and wiretapping.
    • The Fourth Amendment applies to surveillance of GPS data from smart cars.
    • Police can obtain warrants to access a person's internet search history.


The First Amendment protects the freedom of speech, whether it's shared in person or online. The term "speech" is broad, including written and spoken words, as well as symbolic speech. 

PUBLIC KEY ENCRYPTION
• A public key and a private key are created simultaneously using the same algorithm
by a certificate authority. The private key is given to you, the public key is placed in
a directory.

Public key encryption, also known as asymmetric cryptography, uses a pair of mathematically linked keys: a public key that can be shared freely with anyone and a private key that must be kept secret by the owner; anyone can encrypt a message using the recipient's public key, but only the recipient can decrypt it using their corresponding private key, ensuring secure communication even over an insecure channel. 

How does this help?
Bob knows that Alice wants to send him a message,
and creates a pair of keys.
He advertises his public key, maybe on his web page!
Alice sees it, and so does Eve.
Alice uses Bob's public key to encrypt her message, and
sends it to Bob.
Eve intercepts the message, but can't decrypt it—
Only Bob can decrypt the message, because only Bob
has the secret (private) key.
Bob uses his private key to decrypt the message.

SYMMETRIC KEY ENCRYPTION

Uses a single key to encrypt and decrypt data.
• The sender and recipient agree on a secret key.
• The sender encrypts the data using the key.
• The sender sends the encrypted data to the recipient.
• The recipient uses the same key to decrypt the data.


A digital signature is a cryptographic method used to verify the authenticity and
integrity of digital information, like an email or document, by attaching a unique
code that acts as an electronic "fingerprint" to confirm the sender's identity and
ensure the data hasn't been tampered with

"Data" refers to raw, unorganized facts or observations that lack context on their own, while "information" is data that has been processed, organized, and interpreted to provide meaning and context, making it useful for decision-making; essentially, data becomes information once it is analyzed and given meaning through context. 


Given a specific data set, you can answer questions that directly relate to the variables and trends present within that data, like calculating averages, identifying correlations, or comparing groups; however, you cannot answer questions that require information not included in the data set, like making assumptions about causal relationships or generalizing to populations not represented in the data. 

Examples of questions that can be answered with data:

  • "What is the average age of our customers?" (If the data includes customer ages)

Examples of questions that cannot be answered with data (without additional information):

  • "Why did sales decline last month?" (Data might show a decline, but not the underlying reason) 

The purpose of a digital signature is to confirm the authenticity and integrity of digital information: 

  • Authenticity: Confirms that the signer is who they claim to be 

  • Integrity: Ensures that the content has not been changed since it was signed 

In digital messaging, "integrity" refers to ensuring that a message hasn't been altered or tampered with during transmission, while "authenticity" means verifying the source of the message, confirming that it truly originated from the claimed sender; essentially, integrity is about the data itself remaining unchanged, while authenticity is about verifying who sent it. 

Key points to remember: 

  • Integrity: 

    • Focuses on the content of the message. 

    • Uses techniques like hashing to detect changes in data. 

    • Ensures the message received is the same as the one sent. 

  • Authenticity: 

    • Focuses on verifying the sender's identity. 

    • May involve digital signatures or certificates to confirm the source. 

    • Prevents someone from impersonating another sender. 

With ML (machine learning), rather than programmers writing code to do something, the pro- grammers write code that enables the computer to learn. The implications are profound. Before ML, you could reasonably ask how a computer program arrived at a particular result. Not so in this brave new world. The ML code the programmers wrote provided the framework. That piece of software was then exposed to data from which it “learned” how to do the task at hand. Most computer software arrives at a definitive result. Give it all the info about what you earned last year, and it will compute what you owe in taxes. ML programs make their best guesses about something they haven’t seen before, based on what they have seen in the past.

Asimov’s laws of robotics have given birth to 1,000 alternatives and descendants. Even standards just for algorithmic fairness and transparency are numerous. The U.S. Association for Computing Machinery proposed the following principles as a starting point:31

  1. Awareness: Owners, designers, builders, users, and other stakeholders of analytic systems should be aware of the possible biases involved in their design, implementation, and use and the potential harm that biases can cause to individuals and society.

  2. Access and redress: Regulators should encourage the adop tion of mechanisms that enable questioning and redress for individuals and groups that are adversely affected by algo rithmically informed decisions.

  3. Accountability: Institutions should be held responsible for decisions made by the algorithms that they use, even if it is not feasible to explain in detail how the algorithms produce their results.

  4. Explanation: Systems and institutions that use algorithmic decision-making are encouraged to produce explanations regarding both the procedures followed by the algorithm and the specific decisions that are made. This is particularly important in public policy contexts.

  5. Data Provenance: A description of the way in which the train-ing data was collected should be maintained by the builders of the algorithms, accompanied by an exploration of the potential biases induced by the human or algorithmic data- gathering process. Public scrutiny of the data provides max imum opportunity for corrections. However, concerns over However, concerns over privacy, protecting trade secrets, or revelation of analytics that might allow malicious actors to game the system can justify restricting access to qualified and authorized individuals

  6. Auditability: Models, algorithms, data, and decisions should be recorded so that they can be audited in cases where harm is suspected.

  7. Validation and Testing: Institutions should use rigorous methods to validate their models and document those meth ods and results. In particular, they should routinely perform tests to assess and determine whether the model generates discriminatory harm. Institutions are encouraged to make the results of such tests public.

The phrase "Technology, like fire, is neither good nor bad; its value depends on how we use it" can be directly related to Artificial Intelligence (AI) and Machine Learning (ML) in the following ways:

Positive Applications of AI/ML

  1. Healthcare Advancements: AI/ML has enabled breakthroughs in medical diagnostics, personalized medicine, and drug discovery. For example, algorithms can detect diseases like cancer at earlier stages with higher accuracy than traditional methods.

  2. Environmental Protection: AI is being used to monitor deforestation, track endangered species, and optimize renewable energy systems, aiding global sustainability efforts.

  3. Improved Accessibility: AI-powered tools, such as real-time translation or assistive technologies for people with disabilities, enhance inclusivity and communication worldwide.

Negative Potential of AI/ML

  1. Bias and Discrimination: Algorithms can perpetuate and amplify biases present in the data they are trained on, leading to unfair outcomes in hiring, policing, or loan approvals.

  2. Privacy Concerns: AI-driven surveillance and data collection can erode personal privacy, creating ethical dilemmas and potential abuse by authoritarian regimes or corporations.

  3. Job Displacement: Automation powered by AI can lead to significant job losses, particularly in industries reliant on repetitive tasks, posing challenges for economic stability.

Neutral Nature, Human Responsibility

The statement emphasizes that AI/ML is a tool—its outcomes are shaped by how humans design, implement, and regulate it. For example:

  • Ethical Use: Companies and governments must establish frameworks to prevent misuse, such as implementing fairness audits or ensuring transparency in AI systems.

  • Education and Awareness: Users and developers alike need to understand the implications of AI and ML to use them responsibly and mitigate risks.

By focusing on accountability, transparency, and ethical considerations, society can harness the benefits of AI while minimizing harm, proving that its true value lies in how it is applied.