The use of machine learning for personal privacy and security – A Literature Review

Posted by on Apr 2, 2017 in Privacy and Security
No Comments

 

ABSTRACT

Artificial intelligence, machine learning, privacy, security, personal privacy and security

Author: Salman khan | Deakin University | ksal@deakin.edu.au

 

Privacy is a fundamental concept to being a human being. We are social animals we have the need to connect with other human beings to share ideas and let others know about our ideologies and beliefs but equally essential to being a human is to have a place where we can be away from the judgments of society.  To be a free and fulfilled human being means to have a place where we can be free from social norms and to have a private moment without worrying about being watched.

As technological advancements bring about rapid changes and improve our way of life it also grows is complexity and introduce new risks and challenges. As more and more aspects of our lives are being automated users are tasked with consequential and tough privacy and security decisions.

This study summarize the research conducted in the field of privacy and security challenges in the age of information, human behavior towards privacy and how can we use artificial intelligence to solve these problems.

 

INTRODUCTION

 

The Internet is one of the fastest-growing areas of technical infrastructure development. [1] It is growing in size and complexity. New technologies are introduced at a very fast pace forcing everybody to upgrade. The introduction of new technologies introduce new attack surfaces and new privacy and security challenges. Advancements in information technology often task users with complex and consequential privacy and security decisions. [2] As people connect and go about their online activities they are faced with a number of difficult privacy and security decisions. Those decisions range from whether to install a smartphone app which require certain permissions to setting permissions on social network’s activity or whether to click on an email link or not. Activities that were a part of our private life or to be shared with a few people like family or friends is becoming a serious threat to our personal privacy. We communicate with our friends and family using smartphones, talk about our life on social media, like pages and follow things related to our interests, read books and magazines online, find answers to sensitive questions using search engines. Through these activities, we knowingly/unknowingly disclose information about our beliefs, traits, interests and intensions to commercial entities/governments and to people who should not have this information. Individuals are daily confronted with complex privacy and security decisions and it is often extremely difficult to weight all the factors involved or to exactly know what vulnerabilities they are exposing their selves to if they interact with a system or how much and what kind of data is being collected and in what ways that data can be used. Decisions regarding privacy or system security are often very complex. Security and privacy are rarely end-users’ primary tasks, and users have limited mental resources to evaluate all possible options and consequences of their actions. [3]

Artificial intelligence now a days can be trained to perform many complex tasks effectively. There have been many commercial successes in machine learning from Google search, to amazon product suggestion to pattern recognition and image recognition. We now know that computers can learn and they can perform tasks that is impossible or extremely time-consuming do to for humans. I believe that the power of machine learning can be used to solve privacy and security issues online.

 

PERSONAL PRIVACY AND SECURITY

 

Samuel D. Warren and Louis D. Brandeis describe privacy as the right to be let alone. [4] A person should have full protection in person and in property of both tangible and in tangible objects. Invasion of privacy occur when an individual no longer able to maintain a significant amount of control on the usage of their personal information.

The advancement in the field of information has derived societies to do almost everything online. Technology has become an integral part of our life. As we go about our online activities we leave a trace of our online activities which tells a lot about us. The low cost of storage and internet allow very efficient and in expensive collection and storage of information without our consent. [5]

Introduction of new concepts like “Internet of things” where every devices has the capability to monitor and communicate and devices communicating with each other through the internet adds to the collection and use of highly personal data. [6] Innovation in technology has made our life easier but has also facilitated privacy and security abuse such as hacking, identity theft, theft of personal information, mass surveillance and an has made us vulnerable to online exploitation.

 

ONLINE AND OFFLINE IDENTITIES

 

It’s important to distinguish between online and offline identities of users to better understand privacy and security issues. Online identity of an individual is the data that carry information about a user’s taste, likes/dislikes, interests and purchasing behaviour. Offline identities represent the actual identity of an individual, the data that can be associated to an actual person.

In an e-commerce transaction, online identities are the search queries, interests in certain topics and feelings about certain products or services and offline can be the credit card details, phone numbers and other pieces of information that is the actual identity of an individual.

 

UNCERTAINTY

 

Individuals manage their public and private spaces in various ways, by being reserved, separateness, and anonymity but also by deception and dissimulation. People establish these boundaries for many reasons like protection against social influence and control and for the need of intimacy. The advancement in technology has made the data collection and use of personal data of individuals almost disappeared as a result people often don’t know what kind of data is being collected about them and what information corporation governments have about them how that data can be used and what are the consequences. Because people are don’t know the collected data and the ways that data can be used they are often uncertain about how much information to share.

 

 

 

PRIVACY, SECURITY AND HUMAN BEHAVIOR

 

Much evidence suggests that privacy is a universal human need. [7] One of the causes of the privacy problems in the online space the definition of the concept of privacy. Privacy means different things to different people. And people respond to it differently according to their level of understanding of the information systems we have in place today and according to their views on the amount of information they can disclose about themselves. Different people have different views about privacy, someone might value the security of their email account then the data that is saved on their computer, people might have different views on the amount of information disclosed in a transaction and for some disclosing information might be a trade-off to using a system or service. People rarely pay attention to the privacy statements of different products and services which has tangible and in tangible consequences like financial loss or some historical information disclosed about them with can result in social problems.

In 2014 MIT conducted a digital currency experiment to discover customer behaviour towards commercial and government surveillance and explained the privacy paradox that people say they care deeply about privacy but practically they give away their private data very easily when small incentives are involved. [8]

Privacy behaviours are culture- and context dependent, however, the dilemma of what to share and what to keep private is universal across societies and over human history. [9] Drawing these boundaries and the consequences of misusing them has become extremely complex, our natural capabilities to be no longer adequate.

We are in greater need of an artificial intelligent system which understands our privacy needs and protect us from cyber threats and help us share information online in a controlled manner.

 

CURRENT TECHNOLOGIES

 

Internet was built on a foundation of trust. [10] It evolved very quickly and grew enormously in complexity and size. That’s why there’s not much privacy protection mechanism in the way we exchange and store information or the way we interact with information systems online.

We can protect ourselves to some degree using cyber security practices and security tools like firewalls, anti-virus and anti-spyware software but these are all rule based systems and it only take one vulnerability in one application to exploit our systems.

But the problem of privacy still remains, there are tools which ensure some degree of anonymity like the tor project and proxies but even when using these tools it only take a small mistake to expose our identities. Often users are not aware about the consequences of sharing certain information in the online world.

Cyber security practices used in today’s world can ensure some amount of security against hacking, identity theft and social engineering attacks but they don’t ensure complete privacy protection and safety mostly because every tool is designed for a specific security or privacy need.

We are in greater need of a system that can understand our privacy and security needs and help us make better privacy decisions online, and protect us from external threats.

 

MACHINE LEARNING AND PERSONAL SECURITY

 

Artificial intelligence is the simulation of human intelligence processes by machines, especially computer systems. [11] Machine learning is a type of artificial intelligence that allow machines to learn without being specifically programmed. Machine learning allows computers to find hidden insights without being explicitly programmed where to look. [12].

The power of artificial intelligence and machine learning is being used in a huge verity of industries. Like robotics to pattern recognition, speech recognition, image recognition and natural language processing.

Artificial intelligence is already being used in malware to hide and steal more effectively. Security of our personal computers, data is at risk and the risk is growing continually, [13] Artificial intelligence and machine learning algorithms are being used to solve these security problems, machine learning is currently being used for intrusion detection, anomaly detection and misuse detection where data is labelled as normal or abnormal and then the classifier is trained to distinguish between the two. [14] Machine learning is extremely useful and is solving many complex computer science problems but there are some security challenges. There has been many attacks identified against machine learning. [15] Like training the algorithm with fake data and classifying malicious behaviour as normal behaviour. Machine learning is a vast area and still needs to be researched. [16]

 

GENERAL PURPOSE AI

 

General purpose AI are machine learning algorithms they can be trainer to do any task, they are not pre-programmed and not designed for one particular problem. We recently achieved a huge milestone in artificial intelligence, a general purpose AI Alpha go defeated legendary Go player Lee Se-dol. Go requires a certain level of intuition and is considerably more complex than Chess. [17] DeepMind founder Demis Hassabis explained about Alpha Go saying it can be trainer to do any task. [18] Google’s deep mind is a good example of a general purpose AI.

With the achievements in Artificial Intelligence in recent times and the development of general purpose AI we are getting closer to solving problem of privacy and security problems of today’s information age.

 

Neural CRYPTOGRAPHY

 

Cryptography is an extremely important topic when we talk about online security and privacy. It used in almost every aspect of Information security.[19] Cryptography is used for the integrity and confidentiality of data but the recent development in artificial intelligence and ever growing computation resources our traditional cryptography techniques are becoming fragile. Neural cryptography is a branch of cryptography dedicated to analysing the application of stochastic algorithms, especially artificial neural network algorithms, for use in encryption and cryptanalysis. [20] There are not many application due to the recent development but it would be extremely useful when we start artificial networks and machine learning algorithms for information security. [21]

 

FUTURE SCOPE

 

Although a lot of work has been done to solve the problem of information security but very limited practical work has been done for the problem of privacy. I think personal privacy and security are still in a state of difficulty that needs to be resolved. There is a lot of work to be done on government and corporate level to regulate the collection and use of personal information.

With the development of artificial intelligent and machine learning systems we need to look into securing those systems from miss guided training. Security of machine learning systems is an emerging field of study, a lot of work is still to be done. [22] And the development of smart security systems for individuals is still under research and a lot of research is needed in this area.

 

CONCLUSION

 

Privacy is a fundamental need of every human being. This is the age of information and protecting privacy has become a major issue, the internet has become a surveillance web for the governments and mega corporations. Making the right privacy and security decisions that is the controlled disclosure of information and choosing the services that guarantee privacy and surety has become extremely complex and difficult, due to the increasing complexity of information systems. The verity of things we do online and increasing number of process of our lives being automated has made it difficult to pick and choose services that protect our privacy according to our needs.

Different people have different privacy needs for example people in US are okay with sharing about their sexual affairs while people in china don’t want to discuss or disclose their sexual affairs. Privacy needs differ because of cultural difference and social needs. Which is why defining privacy is an issue and different people define privacy differently and different levels of understanding of information systems prompts different kind of privacy questions.  The advancement in technologies has made it impossible for the human mind to weight all the privacy and security consequences that arises from a interacting with a given system.

The power of artificial intelligence and machine learning is being used in a huge verity of industries. Like robotics to pattern recognition, speech recognition, image recognition and natural language processing. The development of general machine learning algorithms like Alpha Go is a new step towards solving the ever growing problem of online privacy and security.

 

 

REFERENCES

[1] Yang, Miao, “ACM International Conference Proceeding Series”, vol. 113

[2] Acquisti, A., Adjerid, I., Balebako, R., Brandimarte, L., Cranor, L. F., Komanduri, S., Leon, P. G.,          Sadeh, N., Schaub, F., Sleeper, M., Wang, Y., Wilson, S. 2016. Nudges for Privacy and Security: Understanding and Assisting Users’ Choices Online. 1, 1, Article 1 (September 2016), 40 pages

[3] Warren, S., and Brandeis, L. (1890). “The Right to Privacy.” Harvard Law Review, 4, 193.

[4] Acquisti, A., Adjerid, I., Balebako, R., Brandimarte, L., Cranor, L. F., Komanduri, S., Leon, P. G.,          Sadeh, N., Schaub, F., Sleeper, M., Wang, Y., Wilson, S. 2016. Nudges for Privacy and Security: Understanding and Assisting Users’ Choices Online. 1, 1, Article 1 (September 2016), 40 pages

[5] R. Cutshall, “Computer Privacy Annoyances — How to Avoid the Most Annoying Invasions of Your Personal and Online Privacy”, Journal of Information Privacy and Security, vol. 3, no. 4, pp. 55-56, 2007.

[6] X. Caron, R. Bosua, S. Maynard and A. Ahmad, “The Internet of Things (IoT) and its impact on individual privacy: An Australian perspective”, Computer Law & Security Review, vol. 32, no. 1, pp. 4-15, 2016.

[7] [9] A. Acquisti, L. Brandimarte and G. Loewenstein, “Privacy and human behavior in the age of information”, Science, vol. 347, no. 6221, pp. 509-514, 2015.

[8] S.Athey, C Catilini, C Tucker, “Escaping from Government and Corporate Surveillance. Evidence from the MIT Digital Currency Experiment”, Oct 2016, Available at https://www.ftc.gov/system/files/documents/public_comments/2016/10/00071-129190.pdf, last accessed 3rd Dec, 2016

[10] A. Joinson, U. Reips, T. Buchanan and C. Schofield, “Privacy, Trust, and Self-Disclosure Online”, Human-Computer Interaction, vol. 25, no. 1, pp. 1-24, 2010.

[11] McCarthy, John; Minsky, Marvin; Rochester, Nathan; Shannon, Claude (1955), A Proposal for the Dartmouth Summer Research Project on Artificial Intelligence.

[12] P. Langley, “The changing science of machine learning”, Machine Learning, vol. 82, no. 3, pp. 275-279, 2011.

[13] R. Malviya, B K. Umrao, “Machine Learning Security: International Journal of Current Engineering and Technology”, Vol.4, No.6 Dec 2014

[14]P. Langley, “The changing science of machine learning”, Machine Learning, vol. 82, no. 3, pp. 275-279, 2011.

[15] M.  Barreno, B.  Nelson, A.  Joseph and J.  Tygar, “The security of machine learning”, Machine Learning, vol. 81, no. 2, pp. 121-148, 2010.

[16] G. Giacinto and B. Dasarathy, “Machine learning for computer security: A guide to prospective authors”, Information Fusion, vol. 12, no. 3, pp. 238-239, 2011.

[17] S. Yan, “A Google computer victorious over the world’s ‘Go’ champion”, CNNMoney, 2016. [Online]. Available: http://money.cnn.com/2016/03/12/technology/google-deepmind-alphago-wins/. [Accessed: 06- Dec- 2016].

[18] S. Byford, “Google’s DeepMind defeats legendary Go player Lee Se-dol”, The Verge, 2016. [Online]. Available: http://www.theverge.com/2016/3/9/11184362/google-alphago-go-deepmind-result. [Accessed: 09- Dec- 2016].

[19] K. Kim, Public key cryptography. Berlin: Springer, 2001.

[20] A. Yayik and Y. Kutlu, “Neural Network Based Cryptography”, Neural Network World, pp. 177-192, 2014.

[21] P. Williams, “Information Security Governance”, Information Security Technical Report, vol. 6, no. 3, pp. 60-70, 2001.

[22] S. Cannoy, P. Palvia and R. Schilhavy, “A Research Framework for Information Systems Security”, Journal of Information Privacy and Security, vol. 2, no. 2, pp. 3-24, 2006.

# # # #

Reply