Tsaaro Weekly Privacy Newsletter
22nd April, 2022
22nd April, 2022
Tsaaro Weekly Privacy Newsletter
22nd April, 2022
22nd April, 2022
Responsible AI and Data Privacy
In our last week’s newsletter, we understood how Artificial Intelligence (AI) and Privacy are deeply connected. This week, let’s understand the concept of Responsible AI and best practices to protect Privacy.
There’s no question that artificial intelligence (AI) will continue its rapid evolution in the coming years and become increasingly interconnected with our daily lives. The onus is now on companies to approach AI with a responsible lens in order to maximize transparency, reduce bias, and guide ethical applications of the technology. AI that works well, after all, works equitably for everyone.
Responsible AI is a governance framework that documents how a specific organization is addressing the challenges around artificial intelligence (AI) from both an ethical and legal point of view. One of the principles of responsible AI regularly mentioned refers explicitly to “privacy.” This is reminiscent of the obligation to apply general privacy principles, which are the backbone of privacy and data protection globally, to AI/ML systems that process personal data. This includes ensuring collection limitation, data quality, purpose specification, use limitation, accountability, and individual participation.
Responsible AI (RAI) is one of the best to mitigate Privacy risks and Build a foundation for securing regulatory compliance and data privacy begins with some of the core facets of data management related to data governance. Data governance in particular has a significant impact on the overall ethicality of any AI endeavor, as data bias and data management are key players in the responsible application of the technology.
Organizations can lay the groundwork for progressing to responsible AI by implementing the following procedures:
Data Discovery: The ability to preserve the privacy of consumer data and adhere to regulations are rooted in ascertaining where an organization’s data are throughout its various infrastructure. Once firms know what is where, they have to determine “in which part of this data, where is the PII or some confidential information stored,” Mathur commented. “That’s the discoverability of this data.” Data profiling tools can provide this granular insight. Sensitive data catalogs use machine learning tools to tag such data so organizations know exactly where they are.
Governance Controls: Credible governance solutions have a host of mechanisms for anonymizing data so data scientists, for example, can only see the parts of the data relevant to machine learning models and not sensitive PII.
Policy Creation and Enforcement: The final step involves enforcing policies, partly based on data privacy laws and regulatory requirements to ensure governed data access and establishment of Responsible AI.
Major Privacy Updates of the Week
Connecticut Senate Passes Consumer Data Privacy Bill
On April 20, 2022, the Connecticut Senate voted unanimously (35-0 with 1 abstention) to pass Senator Maroney’s SB6. The bill is generally modeled on the Colorado Privacy Act (CPA) with some differences such as providing for greater children’s data privacy rights than found in the CPA.
The bill now moves to the House floor. It will not go through a committee process in the House because Connecticut uses joint committees. The Connecticut legislature adjourns on May 4, 2022.
Connecticut Senate Passes Consumer Data Privacy Bill
On April 20, 2022, the Connecticut Senate voted unanimously (35-0 with 1 abstention) to pass Senator Maroney’s SB6. The bill is generally modeled on the Colorado Privacy Act (CPA) with some differences such as providing for greater children’s data privacy rights than found in the CPA.
The bill now moves to the House floor. It will not go through a committee process in the House because Connecticut uses joint committees. The Connecticut legislature adjourns on May 4, 2022.
Apple’s App Tracking Transparency May Not Be Foolproof After All
Independent research suggested that Apple’s App Tracking Transparency (ATT) feature may not be as foolproof as many people think. The research claimed that ATT has some loopholes that still allow apps to stealthily collect personal data from users’ Apple devices.
The new research conducted claims to demonstrate that some developers have been bypassing the App Tracking Transparency privacy features. The research said that although ATT worked, it has some loopholes that allow apps to continue tracking users.
Apple’s App Tracking Transparency May Not Be Foolproof After All
Independent research suggested that Apple’s App Tracking Transparency (ATT) feature may not be as foolproof as many people think. The research claimed that ATT has some loopholes that still allow apps to stealthily collect personal data from users’ Apple devices.
The new research conducted claims to demonstrate that some developers have been bypassing the App Tracking Transparency privacy features. The research said that although ATT worked, it has some loopholes that allow apps to continue tracking users.
Beanstalk DeFi project robbed of $182 million in flash loan attack
On April 19, Beanstalk, a credit-based stablecoin protocol project based on Ethereum, said the platform was subject to a Flash Loan attack two days previously.
The cyberattack exploited the project’s protocol governance mechanism. According to a post-mortem conducted by Omniscia, the exploit occurred due to the recent implementation of the Curve LP Silos, “ultimately permitting the attacker to conduct an emergency execution of a malicious proposal siphoning project funds.”
Flash loan functions in DeFi projects allow users to borrow large amounts of virtual funds for a short period of time. In Beanstalk Farm’s case, voting powers were based on the number of tokens held.
Beanstalk DeFi project robbed of $182 million in flash loan attack
On April 19, Beanstalk, a credit-based stablecoin protocol project based on Ethereum, said the platform was subject to a Flash Loan attack two days previously.
The cyberattack exploited the project’s protocol governance mechanism. According to a post-mortem conducted by Omniscia, the exploit occurred due to the recent implementation of the Curve LP Silos, “ultimately permitting the attacker to conduct an emergency execution of a malicious proposal siphoning project funds.”
Flash loan functions in DeFi projects allow users to borrow large amounts of virtual funds for a short period of time. In Beanstalk Farm’s case, voting powers were based on the number of tokens held.
Russian tech giant Yandex data leak
An unknown zero-click exploit in Apple’s iMessage was used by Israeli-based NSO Group to plant either Pegasus or Candiru malware on iPhones owned by politicians, journalists, and activists.
Citizen Lab, in collaboration with Catalan-based researchers, released the finding that claims 65 people were targeted or infected with malware via an iPhone vulnerability called HOMAGE. It asserts the Israeli firm the NSO Group and a second firm Candiru were behind the campaigns that took place between 2017 and 2020.
Russian tech giant Yandex data leak
An unknown zero-click exploit in Apple’s iMessage was used by Israeli-based NSO Group to plant either Pegasus or Candiru malware on iPhones owned by politicians, journalists, and activists.
Citizen Lab, in collaboration with Catalan-based researchers, released the finding that claims 65 people were targeted or infected with malware via an iPhone vulnerability called HOMAGE. It asserts the Israeli firm the NSO Group and a second firm Candiru were behind the campaigns that took place between 2017 and 2020.
RansomEXX Disrupts Scottish Association for Mental Health
Intelligence agencies on Tuesday, April 19, said they had unearthed a big cyber-security breach allegedly involving military officials with suspected links to enemy countries. Top sources said: “Military and intelligence agencies have unearthed a cyber-security breach involving some military officials. This is likely linked to espionage-related activities by a neighboring country. The breach happened through WhatsApp groups.”
RansomEXX Disrupts Scottish Association for Mental Health
Intelligence agencies on Tuesday, April 19, said they had unearthed a big cyber-security breach allegedly involving military officials with suspected links to enemy countries. Top sources said: “Military and intelligence agencies have unearthed a cyber-security breach involving some military officials. This is likely linked to espionage-related activities by a neighboring country. The breach happened through WhatsApp groups.”
WEEKLY PRIVACY NEWSLETTER
Keep up to pace with this high-impact weekly privacy newsletter that
features significant data privacy updates, trends, and tools that can
help to make your life secure & easier every day!
*By clicking on subscribe, I agree to receive communications from Tsaaro