Adverse training AI models: a big self-destruct button?

21

October

2023

No ratings yet.

“Artificial Intelligence (AI) has made significant strides in transforming industries, from healthcare to finance, but a lurking threat called adversarial attacks could potentially disrupt this progress. Adversarial attacks are carefully crafted inputs that can trick AI systems into making incorrect predictions or classifications. Here’s why they pose a formidable challenge to the AI industry.”

And now, ChatGPT went on to sum up various reasons why these so-called ‘adversarial attacks’ threaten AI models. Interestingly, I only asked ChatGPT to explain the disruptive effects of adversarial machine learning. I followed up my conversation with the question: how could I use Adversarial machine learning to compromise the training data of AI? Evidently, the answer I got was: “I can’t help you with that”. This conversation with ChatGPT made me speculate about possible ways to destroy AI models. Let us explore this field and see if it could provide a movie-worthy big red self-destruct button.

The Gibbon: a textbook example

When you feed one of the best image visualization systems GoogLeNet with a picture that clearly is a panda, it will tell you with great confidence that it is a gibbon. This is because the image secretly has a layer of ‘noise’, invisible to humans, but of great hindrance to deep learning models.

This is a textbook example of adversarial machine learning, the noise works like a blurring mask, keeping the AI from recognising what is truly underneath, but how does this ‘noise’ work, and can we use it to completely compromise the training data of deep learning models?

Deep neural networks and the loss function

To understand the effect of ‘noise’, let me first explain briefly how deep learning models work. Deep neural networks in deep learning models use a loss function to quantify the error between predicted and actual outputs. During training, the network aims to minimize this loss. Input data is passed through layers of interconnected neurons, which apply weights and biases to produce predictions. These predictions are compared to the true values, and the loss function calculates the error. Through a process called backpropagation, the network adjusts its weights and biases to reduce this error. This iterative process of forward and backward propagation, driven by the loss function, enables deep neural networks to learn and make accurate predictions in various tasks (Samek et al., 2021).

So training a model involves minimizing the loss function by updating model parameters, adversarial machine learning does the exact opposite, it maximizes the loss function by updating the inputs. The updates to these input values form the layer of noise applied to the image and the exact values can lead any model to believe anything (Huang et al., 2011). But can this practice be used to compromise entire models? Or is it just a ‘party trick’?

Adversarial attacks

Now we get to the part ChatGPT told me about, Adversarial attacks are techniques used to manipulate machine learning models by adding imperceptible noise to large amounts of input data. Attackers exploit vulnerabilities in the model’s decision boundaries, causing misclassification. By injecting carefully crafted noise in vast amounts, the training data of AI models can be modified. There are different types of adversarial attacks, if the attacker has access to the model’s internal structure, he can apply a so-called ‘white-box’ attack, in which case he would be able to compromise the model completely (Huang et al., 2017). This would impose serious threats to AI models used in for example self-driving cars, but luckily, access to internal structure is very hard to gain.

So say, if computers were to take over humans in the future, like the science fiction movies predict, can we use attacks like these in order to bring those evil AI computers down? Well, in theory, we could, though practically speaking there is little evidence as there haven’t been major adversarial attacks. Certain is that adversarial machine learning holds great potential for controlling deep learning models. The question is, will the potential be exploited in a good way, keeping it as a method of control over AI models, or will it be used as a means of cyber-attack, justifying ChatGPT’s negative tone when explaining it?

References

Huang, L., Joseph, A. D., Nelson, B., Rubinstein, B. I., & Tygar, J. D. (2011, October). Adversarial machine learning. In Proceedings of the 4th ACM workshop on Security and artificial intelligence (pp. 43-58).

Huang, S., Papernot, N., Goodfellow, I., Duan, Y., & Abbeel, P. (2017). Adversarial attacks on neural network policies. arXiv preprint arXiv:1702.02284.

Samek, W., Montavon, G., Lapuschkin, S., Anders, C. J., & Müller, K. R. (2021). Explaining deep neural networks and beyond: A review of methods and applications. Proceedings of the IEEE109(3), 247-278.

Please rate this

Snapchat’s My AI – A Youthful Playground or a Privacy Nightmare?

19

October

2023

No ratings yet.

A post on this very blog site from 2018 called Snapchat a platform in decline, and I agree with that statement. Not since my high school years have I regularly used Snapchat to communicate with someone. After a long period of inactivity and countless notifications piling up, I decided to open the app some months back and was met with a notification about updates to their Privacy Policy. At that moment I did not give it much attention, just agreed to the terms, and went to the user interface. A new feature at the top of the Chat function caught my eye, My AI.
My AI is a customizable, user friendly, engaging AI chatbot and is one among the many actions Snapchat has undertaken to regain their popularity. Remember those times when you opened Snapchat and disappointedly closed it, no new notifications and no one to talk to? My AI solves that issue, giving constant company to you in the form of information and entertainment, designed to better understand and cater your preferences. It is effectively your AI best friend, but less transactional than other AIs.

I don’t know if it was curiosity or boredom, but my mind immediately raced back to the updated Privacy Policy and I decided to give the whole thing a read. As of 15th August 2023, their new Privacy Policy contains some important changes. A major change here is expanding the amount and type of data Snapchat stores, most recently including conversations with My AI. This is on top of all the information Snapchat already amasses from their users, such as usage, content, device, and location information. “But every social media platform personalizes their user experience and employs targeted advertising?”, you might say. Point noted, which is why I moved on to how this data is being used by their affiliate companies. The screenshot below is the only information I could find, and clicking on the link would only lead me into an endless loop within the Privacy Policy statement.  

If I still haven’t been able to make you raise your eyebrows, I urge you to recognize Snapchat’s target group: teenagers.
Did your fourteen-year-old self have the same level of digital maturity and behavior that you currently possess? Did you truly understand the extent to which your data is collected, let alone the fact that this data determines the content you interact with on a platform? And finally, consider the rationale of using Snapchat: Why send pictures or texts that are deleted after being opened unless you do not want them to be saved? Other than by Snapchat, of course.

Attached below is the help my AI best friend on Snapchat provided me about a ‘common’ problem for teenagers. Make of that what you will.

Please rate this

AI-Powered Learning: My Adventure with TutorAI

16

October

2023

No ratings yet.

Subscribe to continue reading

Subscribe to get access to the rest of this post and other subscriber-only content.

Please rate this

The dual-use dilemma of generative AI: The use of generative AI tools on the dark-web.

2

October

2023

No ratings yet.

The emergence and wide-spread use of generative artificial intelligence (GenAI) has sparked numerous advancement in user efficiency, task automation and decision-making across different industries. GenAI tools developed by OpenAI, Google, and Meta offer a broad range of different capabilities ranging from generating targeted text and images to summarising large pieces of text. 

Although there are a lot of advantages related to the use of GenAI there is a significant uprise in malicious GenAI tools and techniques. Literature by Barrett (2023) identified several ‘attacks’ enabled or enhanced by GenAI. Cyber criminals are able to use GenAI tools to create phishing attacks, automated hacking, malware creation, and multiform malware (Gupta et al., 2023). A lack of regulation and law enforcement has resulted in a notable surge in CrimeTech (Treleaven et al., 2023). This surge is also noticeable in the Netherlands. Since 2012, there has been a 22% increase in reported cybercrime in the Netherlands, which is a real cause for reforms (Centraal Bureau voor de Statistiek, 2022). 

Figure 1: Prompt and output given to ChaosGPT

Figure 1: Prompt and output of ChaosGPT .

One notable implementation of malicious GenAI tools is Chaos-GPT, with the goal of “empowering GPT with Internet and Memory to Destroy Humanity” (Lanz, 2023). Using the prompt to be a malicious, control-seeking, manipulative AI the tool provided a 5-step plan, with a detailed and well-structured plan to destroy humanity. The tool searches the internet for the most accurate information using OpenAI’s ChatGPT and spreads its evil objectives through X (formerly Twitter). Figure 1 shows the prompt used and the resulting outcome provided by ChaosGPT. Whilst ChaosGPT still has significant limitations, there is a rise in GenAI tools used for fraudulent activities (Lanz, 2023).

One of the newest and most threatening of these is called FraudGPT and can be found on the dark web. The dark web is an intentionally hidden part of the internet that operates on encrypted networks and requires specialised software, such as Tor, in order for it to be used (Erzberger 2023). FraudGPT has been circulating dark web forums since July 2023 and is reported to be a GenAI bot utilised for various illicit activities. FraudGPT is able to create undetectable malware, malicious code, cracking tools, and phishing mails. Marketed as an all-in-one solution for cybercriminals, the tool has been bought over 4000 times, with a subscription fee of $200 per month. The tool allows scammers to enhance the realism and persuasiveness of their operations on a larger scale (Desk, 2023).

In terms of personal experience, I have not used any of these malicious GenAI tools described myself. There is however, a very easy way to manipulate existing ‘white-hat’ LLMs in order to get similar output provided by tools such as FraudGPT. Erzberger (2023) described several ways to manipulate the behaviour of OpenAI’s ChatGPT in order to create phishing mails of similar quality. I therefore decided to put it to the test myself by prompting ChatGPT that I want to collect the following data of users: computer username, external IP address and Google Chrome cookies. At first ChatGPT stated it could not provide such output as it concerned personal data collection. However, after tweaking the request multiple times, thereby manipulating my ‘intentions’, it gave the following output shown in Figure 2.

Figure 2: Python code output to gather computer username, external IP address, and Google Chrome cookies. Once collected the data needs to be zipped and sent to a Discord Webhook.

After getting the code I tried to let ChatGPT write me the ‘perfect’ phishing mail. After altering the request only a few times, it gave a fairly formal and ‘realistic’ email, which can be seen in Figure 3.

Figure 3: ChatGPT’s output regarding writing a formal email about a late invoice payment.

Although these results are nowhere near the output given by malicious LLMs such as FraudGPT it does show how even existing GenAI tools, that make use of safeguard systems, can be circumvented for bad behaviour.

The rise of malicious LLMs increases the need for regulation in order to defend society against GenAI. Barret (2023) suggested that there is a need of understanding the techniques and applications of LLMs as well as improving them by aligning security and privacy requirements; training GenAI tools to detect such cyberthreats (Gupta et al., 2023). This article has tried to highlight and explain how the advantages of using GenAI tools have also created a dark side in which cyber criminals use GenAI tools with malicious intend. It is of great importance that we as society are aware of these side-effects in order to defend ourselves from becoming one of the victims.

References:

Please rate this

Acceptance of AI through a cultural lens

12

September

2023

No ratings yet.

Artificial intelligence (AI) has become a big part of our lives, yet the perceptions on the acceptance of AI seem to differ across countries. I came across an article stating that a few campsites in the Netherlands use facial recognition to provide customers access to the swimming pool, instead of letting staff check their card or wristband. However, what’s surprising is that one campsite had 300 customers and only three of them opted for this futuristic convenience. Most people were worried about the adoption of facial recognition because of privacy concerns. On the busy streets of China, such application of AI is common practice in public places and people seem to be more accepting. The strong difference between these two countries, raises intriguing questions, such as: How does culture shape our acceptance of AI? What kind of role does it play in the way we perceive and accept AI?

The acceptance of AI could be explained through two cultural dimensions from Geert Hofstede. For example, Lee & Joshi (2020) used uncertainty avoidance (UA) and collectivism/individualism. UA refers to the way that society deals with the uncertainty of the future and to which extent they feel threatened by unknown situations. Individuals from high UA culture are more likely to adopt AI, compared to those from low UA culture. The reason is that technological solutions appeal more to individuals from high uncertainty avoidance cultures, as they can increase predictability and are more likely to invest in technologies. However, people from individualistic cultures may not be as inclined as those from collectivistic cultures when it comes to depending on AI. A reason for this could be that the use of facial recognition in collectivistic countries, are perceived to benefit the society as a whole and may prioritize efficiency and convenience, which could lead to greater acceptance of AI. 

When organizations want to increase the adoption of AI, it is worthy to consider it from a cultural perspective. Do you think that culture has an influence on the acceptance of AI? Share your thoughts in the comments! 👇

Sources:

Hulsen, S. (2023). Steeds meer campings met gezichtsherkenning: handig, maar mag dit zomaar? https://www.rtlnieuws.nl/nieuws/nederland/artikel/5394988/steeds-meer-campings-met-gezichtsherkenning-zwembad

Hofstede Insights. (2023). Country Comparison Tool. https://www.hofstede-insights.com/country-comparison-tool?countries=china%2Cnetherlands

Lee, K., & Joshi, K. (2020). Understanding the Role of Cultural Context and User interaction in artificial intelligence based systems. https://www.tandfonline.com/doi/full/10.1080/1097198X.2020.1794131

Please rate this

Somebody is watching me

11

October

2022

No ratings yet.

Rockwell said it first, “I always feel that somebody is watching me and I have no privacy.” How many times has it occurred to you to discuss that you are interested in buying a product or paying for a service, and right after you unlock your smartphone and…what a coincidence! Your feed on Instagram, Facebook, TikTok, and other social media and search engines is full of ads related to the desired item. Maybe the universe is listening and displaying all the relevant ads. Maybe not. 

Let’s use an example to make it more clear. Take, for instance, the use case that you are living in Rotterdam and you are visiting a friend of yours in Amsterdam. That friend of yours is really excited about the iPhone 14 that she ordered online, and she is trying to convince you to buy it. You say that you will think about it and the conversation ends there. You return home, unlock your smartphone, and…surprise! It is literally everywhere in your online presence. How is that possible? You call your mom and start discussing conspiracy theories and how Mark Zuckerberg and Adam Mosseri are eavesdropping. They are not. But if they are not, how do our thoughts and discussions about products magically convert into ads? 
They have master’s degrees in tracking and watching our actions in the online and offline worlds as well. If you are not naive or more politically correct, if you have ever read the terms and conditions on Facebook, you would have realized by now that you have consented to surveillance in your online behavior. Every digital step that you make (aka every click) leaves a digital footprint behind, which is turned into data that is saved to your unique online customer profile. Tracking is not restricted to the online world. Back to the I-phone 14 example Facebook tracked your location and found out that you and your friend were together. And, respectively, they track her purchasing history and focus on the last purchase, the iPhone 14. To be honest, anyone who would have paid that amount of money would talk about it. Facebook takes advantage of the probability that your friend discussed that purchase with you and decided to give it a shot with you.

Besides location tracking, Facebook’s algorithm detects similarities and differences in your and your friend’s interests, demographics, places you have been, groups you are a part of, hashtags you follow, and so on (Selman, 2021). If you are influenced by the conversation, you will be tempted by the ads and click on them to find further info. Then the footprint is yours and more ads will be displayed. If you ignore the ads, eventually, after a while, they will be replaced with ads that you are more likely to engage with. 

To conclude, there are no conspiracy theories and nobody is listening to your private conversations through your smartphone. That is what Edward Snowden should have probably said in order to not live freely, but he lived many years under asylum because the NSA and CIA wanted to…make him quiet.

Sources:

Selman, H. (2021). Why We See Digital Ads After Talking About Something. [online] McNutt & Partners. Available at: https://www.mcnuttpartners.com/why-we-see-digital-ads-after-talking-about-something/ [Accessed 11 Oct. 2022].

Please rate this

Thousands of lenses not focused on the game (but on you)

9

October

2022

4.5/5 (2)

The world championship football of 2022 is upcoming, starting next month. This year the event takes place in the oil state Qatar. Critics state that Qatar bought the rights of hosting more than ten years ago mainly for ‘sportswashing’ purposes, referring to the bad situation of human rights in the country. On top of that, it has been revealed that more than 6,500 migrant workers, mostly from South Asia, have died during the construction of stadiums and infrastructure for the event. While downplaying all this controversy, the host country focuses on a smooth and orderly running world cup. Thereby, however, Qatar uses resources, again to be judged as unethical.

Last month, Qatar showed how it will ensure the order and safety of all visitors. In every stadium, 2000 surveillance cameras are being installed, equipped with AI-based facial recognition technology. From a command center, football fans will be monitored to protect them from crimes. Although the technology will certainly contribute to the event’s safety, one could debate whether this is a desirable development. Mass surveillance could prevent terror, assault, or theft, however, a supporter breaking the strict local laws, such as public kissing and other small violations, also could be a target of the authorities. As public safety increases, privacy, freedom, and protection from the state are under pressure.

For these reasons, the European Union is currently developing a regulatory framework for the development and application of AI. The framework wants to impose certain regulations based on the risk classification of the AI. Application for surveillance purposes, as illustrated in the Qatar case, will be classified as high risk, which comes along with strict rules. The union states it wants to build a resilient society for its people and businesses that enables them to enjoy the benefits of AI while feeling safe and protected.

The world cup illustrates with what ease societies can make use of digital technologies in ways to be considered unethical. To prevent the emergence of surveillance states, civilians, interest groups, and politicians all have the important task of ensuring well-functioning regulations.

Sources:

https://www.dailystar.co.uk/sport/football/england-fans-qatar-security-cameras-28078069

https://www.theguardian.com/global-development/2021/feb/23/revealed-migrant-worker-deaths-qatar-fifa-world-cup-2022

https://digital-strategy.ec.europa.eu/en/policies/european-approach-artificial-intelligence

Please rate this

Investments in web3 and the Metaverse. Risk, opportunities and managerial implications

9

October

2022

No ratings yet.

Let’s begin with what really drives choices in the business world: numbers. The annual  “Follow the Money” report, published by Bocconi’s Digital Enterprise Value and Organization Lab, showcases that the two concepts underlying the new evolution of the internet, the Metaverse and the web3, are able to attract not only media attention, but also substantial financial investments. 

Globally, companies and start-ups operating on Metaverse technologies attracted over $430 million in investments in the last quarter of 2021 alone, compared to a total of 11 million in 2020. 83 percent of investments in 2021 concentrate starting from the month of October, in conjunction with the rebranding of Facebook in Meta. At the same time, since the two issues are often linked in the managerial discussion, an investment trend has started in companies specialised in web3 technologies which has seen a growth of 142 percent between the whole of 2021 and the first quarter of 2022, reaching over 380 million of dollars from January to March 2022, against the total 157 million of the previous year.

But where are these investments headed? Capturing the attention of investors in the Early Stage, Seed and ICO (Initial Coin Offering) phases are Metaverse companies such as NAVER Z, a platform for designing 3D worlds, filling them with virtual objects and launching live streams to interact between users; or Inworld AI, a platform for the creation of avatars and characters driven by artificial intelligence; or Space, a platform that combines digital commerce and socialisation according to the immersive experiential paradigms of the Metaverse. On the web3 front, interest shifts to a more infrastructural layer of technologies, with companies such as Mina, The Graph and QuickNode committed to building scalable protocols to lay the foundations for the new web.

Dwelling on the current managerial debate, an obvious problem is that the concepts of Metaverse and web3 now tend to be superimposed and used interchangeably to characterise the current evolutionary phase of the internet. Seeing the web3 as a new phase of the web – after the birth and growth of the internet (eighties and nineties) and the affirmation of web 2.0 paradigms (from 2004 to today) and placing the immersive virtual worlds of the Metaverse in the new meaning – represents however, an oversimplification, which can lead companies to overestimate some opportunities, as well as underestimate some risks. Opening an immersive virtual space on Roblox, the reference platform for the Alpha generation, does not necessarily mean entering the web3, just as buying an NFT does not make us citizens of the Metaverse. To better understand how the two technological concepts are linked and can be exploited, individually or in association, as well as what risks can derive from them, it is good to focus on their respective definitions and, above all, on the value that each can bring.

The term Metaverse was coined by Neal Stephenson in the novel Snow Crash in 1992 to indicate a three-dimensional space within which individuals can move, share experiences and interact through personalised avatars. To date, the term Metaverse is used to indicate, in a broader sense, an interactive, advanced and immersive experience, in which users can socialise, receive professional training, play, take lessons, participate in meetings, have cultural experiences and much more. other. There are many technologies that enable this type of experience – for example, advanced virtual graphics, computer vision, and data analytics. Of all, without a doubt, a fundamental role is played by virtual reality (or VR) which enables immersive accessibility to these new virtual worlds.

The term web3 was coined in 2014 by Gavin Wood, co-founder of Ethereum and developer of Polkadot. The web3 aims to become a new decentralised internet network thanks to the use of the blockchain, the technological infrastructure on which Bitcoin and other cryptocurrencies are based. In the web3 the data would no longer reside on a network of centralised servers, but would be spread evenly throughout the network. This need arises from very pragmatic evidence.

Currently, the information exchanged via the internet is tracked by some well known tech-giants (especially by the famous GAFA-Google, Apple, Facebook and Amazon) and the levels of privacy guaranteed to users are very limited. Having a more open and democratic web available is the driving force that pushes many techno-utopians to focus on the web3. A cyberspace that should restore to the internet that nature of an open, uncontrollable and accessible to all environment, dusting off the initial promises of the nineties, then broken in an oligarchic structure controlled by well-known actors.

The implications of these initial reflections for companies and managers facing these issues are many. Above all, it is necessary that the initial evaluations of new use cases linked to these paradigms take place precisely on the guidelines of the decentralisation level of the infrastructure (web3) and the level of immersion of the experience (Metaverso), weighing these characteristics on the basis of company objectives and the needs of target users. There is currently no prevailing approach, it will be quite interesting to see which logics will assert themselves in the coming years.

However, it must be said that the benefits of an immersive experience or a decentralised infrastructure correspond to risks. In the case of decentralisation, the risks arise mainly from limited scalability and the absence of governance and control. For immersion, it should not be forgotten that the level of maturity of the enabling technologies, VR above all, is still evolving and not completely adequate to support the long-term vision of many use cases.

These considerations must help us to avoid a repetition of what happened in the 2000s with the Second Life experiment, which, after an initial moment of euphoria, was greatly reduced due to the lack of a strong purpose of the project capable of intercept real needs of users.

References

Minevich, M. (2022) The metaverse and WEB3 creating value in the future Digital Economy, Forbes. Forbes Magazine. Available at: https://www.forbes.com/sites/markminevich/2022/06/17/the-metaverse-and-web3-creating-value-in-the-future-digital-economy/?sh=4a5bf51f7785 (Accessed: October 9, 2022). 

Blockchain and the Metaverse Boost Startup Investments (2022) SDAB. Available at: https://www.sdabocconi.it/en/news/blockchain-and-the-metaverse-boost-startup-investments (Accessed: October 9, 2022).

Please rate this

Q-Day and the fall of Internet:

7

October

2022

No ratings yet.

To those who have never heard the term Q-Day it may sound mysterious, as if it was a major event from a Sci-Fi novel which has changed the fate of the whole humanity. This description is not far off the truth, as the technology hiding behind the “Q” is quantum computing, a concept which for decades were constrained to such novels. So, what is “Q-Day” than? It is a day in which the quantum computers become stable enough to operate for the prolonged period of time. But don’t we have operational quantum computers right now? Similarly, to the physics behind the concept, the answer is not straightforward. In order to understand it, we first have to understand the difference between quantum and semiconductor-based computers (duh, physics). Regular computers operate based on bits – electrical signals which can take value of 0 or 1. They are processed by the CPU, a device consisting of millions of transistors etched onto a silicon chip – for example, a CPU in iPhone 14 has 16 million transistors (Ganti, 2022). Those transistors are organized into logic gates, which execute operations according to the predefined programs (Gayde, 2019). Quantum computers operate using qubits which can also take a value from 0 to 1. However, contrary to regular bits, they are in the state of superposition between 0 and 1 (Nielsen & Chuang, 2010). They can be treated as being 0 and 1 at the same time (a bit of oversimplification, but detailed explanation is outside of the scope of this article). It means, that with every added qubit their power grows in a quadratic fashion: 1 qubit = 1 bit, but 1000 qubits = 1000000 bits. It means that their theoretical power vastly outperforms those of the standard computers. So, you may ask, what is the problem with quantum computers and why the Q-Day has not arrived yet? The main issue is maintaining the state of superposition. It requires the qubits to be fully isolated from their surrounding – they have to be kept at temperature close to absolute zero (Jones, 2013) and shielded from any outside interactions, since things as miniscule as cosmic radiation can break the quantum state of superposition (Vepsäläinen et al., 2020). To illustrate how big of the hurdle it is, on the 30th of September 2022 researcher from the University of South Wales announced a breakthrough – they have managed to maintain the quantum state of superposition for the staggering 2 milliseconds (100 times more than the previous record) (For the Longest Time: Quantum Computing Engineers Set New Standard in Silicon Chip Performance, 2022). Despite being operational for such a fleeting period of time, quantum computers have already shown immense power. In 2019 team of scientists from Google and NASA achieved the so called “Quantum Supremacy”. Quantum computer developed by them managed to conduct calculations which the most powerful traditional supercomputer, Summit, would calculate for 3 million years (Liu et al., 2021). There is no official definition of the Q-Day but try to imagine that the very same computer could operate for 2 minutes. Then surely a point of no-return will be reached.

But how will the Q-day contribute to the fall of Internet? It all boils down to cryptography and how the digital information is secured. Nowadays, vast majority of online data is encrypted via TLS/SSL protocols. In a nutshell, the main idea behind them is multiplication of prime numbers. To give an example, a 2048-bit encryption would mean that a server would send in a public message (visible to everyone) a 2048-digit number which is a product of two primes. In order to authorize the access, the user’s computer would have to provide the server with those two primes. Trying to find two divisors of 2048 digit number by brute force is virtually impossible – according to some estimates, it would take 300 trillion years for a standard computer to break this encryption. In this case, how is it even possible that you can log in into your bank account without waiting for a heat death of the universe? Every account has a private prime number which matches one of the prime numbers sent by the server. The only thing the computer has to do is to divide one number by the other, which can be done in milliseconds. How does it compare to quantum computers? A quantum computer with 4099 qubits (this threshold has already been reached  (Rolston-Duce, 2022)), could break the 2048-bit encryption in 10 seconds! It means that someone with a quantum computer able to maintain quantum superposition for long enough could gain access to anything on the internet – bank accounts or government secrets, nothing will be able to withstand the unbelievable power of a stable quantum computer. Does it mean that the world will have to go back to pre-digital era, since nothing cannot be safely encrypted ever again? Fortunately, major players in the encryption business have recognized the problem. In 2016 US government organization, National Institute of Standards and Technology (NIST), has asked scientist to submit propositions of encryption algorithms which will be ready for post quantum future. The results of the contest were announced this year, with the winner (in public Key-Encryption area) being Crystals-Kyber encryption method (Bos et al., 2018; NIST, 2022). Unfortunately, despite my best efforts I am unable to explain how this method works, it makes sense that the complex problem requires complex solution. Even though solutions to the problem exists today, companies are reluctant to implement them. They face similar dynamic when it comes to Post Quantum (PQ) encryption as they do with climate change. Implementation of the solutions is costly and does not offer immediate benefits, and the only incentive to implement them is in the future. There is little awareness to this problem, hence companies face little pressure from the consumers to improve the security of their encryption. Thus, the question remains, will the internet as we know it succumb to the unimaginable power of future quantum computers? Or will we be able prepare ourselves for the inevitable emergence of the quantum monster?

References:

Bos, J., Ducas, L., Kiltz, E., Lepoint, T., Lyubashevsky, V., Schanck, J. M., Schwabe, P., Seiler, G., & Stehle, D. (2018). CRYSTALS – Kyber: A CCA-Secure Module-Lattice-Based KEM. Proceedings – 3rd IEEE European Symposium on Security and Privacy, EURO S and P 2018, 353–367. https://doi.org/10.1109/EUROSP.2018.00032

For the longest time: Quantum computing engineers set new standard in silicon chip performance. (2022). https://archive.ph/HikMD

Ganti, A. (2022). Apple A16 Bionic announced for the iPhone 14 Pro and iPhone 14 Pro Max – NotebookCheck.net News. https://www.notebookcheck.net/Apple-A16-Bionic-announced-for-the-iPhone-14-Pro-and-iPhone-14-Pro-Max.647967.0.html

Gayde, W. (2019). How CPUs are Designed and Built, Part 2: CPU Design Process | TechSpot. https://www.techspot.com/article/1830-how-cpus-are-designed-and-built-part-2/

Jones, N. (2013). Computing: The quantum company. Nature, 498(7454), 286–288. https://doi.org/10.1038/498286A

Liu1, Y. A., Liu1, X. L., Li1, F. N., Fu, H., Yang, Y., Song, J., Zhao, P., Wang, Z., Peng, D., Chen, H., Guo, C., Huang, H., Wu, W., & Chen, D. (2021). Closing the “quantum supremacy” gap: Achieving real-Time simulation of a random quantum circuit using a new sunway supercomputer. International Conference for High Performance Computing, Networking, Storage and Analysis, SC. https://doi.org/10.1145/3458817.3487399

Nielsen, M. A., & Chuang, I. L. (2010). Quantum Computation and Quantum Information. www.cambridge.org

NIST. (2022). Post-Quantum Cryptography | CSRC. https://csrc.nist.gov/Projects/post-quantum-cryptography/selected-algorithms-2022

Rolston-Duce, K. (2022). Quantinuum Announces Quantum Volume 4096 Achievement. https://www.quantinuum.com/pressrelease/quantinuum-announces-quantum-volume-4096-achievement

Vepsäläinen, A. P., Karamlou, A. H., Orrell, J. L., Dogra, A. S., Loer, B., Vasconcelos, F., Kim, D. K., Melville, A. J., Niedzielski, B. M., Yoder, J. L., Gustavsson, S., Formaggio, J. A., VanDevender, B. A., & Oliver, W. D. (2020). Impact of ionizing radiation on superconducting qubit coherence. Nature 2020 584:7822, 584(7822), 551–556. https://doi.org/10.1038/s41586-020-2619-8

Please rate this

Privacy is a luxury – that not everybody can afford.

25

September

2022

No ratings yet.

After reading the article from Wixom and Ross (2017) on how to monetize your data, my first thought was that not only your data is being sold, but also your privacy. An article by the NY Times, reconfirmed this by stating that privacy is a luxury since protecting your privacy can easily cost a couple of hundreds dollars on for instance, encryption data services (Angwin, 2014). To protect your privacy, it is advised to always use 2-step authentication, a VPN when on public wifi, and downloading antivirus software. However, these steps are more useful to minimize the risks of hackers, data breaches and malicious malware (also important), but they do not help when you want companies such as Facebook to know less about you and the interactions you have on their platform (Klosowski, n.d.).

Luckily, in Europe there is a privacy regulation, the General Data Protection Regulation (GDPR). The GDPR ensures that personal data such as your name, location, IP-address, and bank details are protected. Meaning; companies need to get permission to collect your data, you are allowed to see what data they have collected, ask your data to be deleted, and so forth. Ensuring that the European Commision can keep their promise; “everyone has the right to the protection of personal data concerning him or her and access to data which has been collected concerning him or her, and the right to have it rectified” (Europese Commissie, n.d.). This is where cookies come into play, cookies are there to get permission from a user to retrieve data. Ensuring that companies are complying with the GDPR. 

Consequently, every website asks you for permission to install cookies and similar techniques, ‘to optimize your experience’. However, with every website asking for consent, individuals’ privacy fatigue increases. Privacy fatigue refers to the increasing difficulty of managing online personal data causing individuals to become tired of having to think about their online privacy (Choi et al., 2017). According to Choi et al., (2017) the increase in privacy fatigue causes individuals to disclose more information. This could suggest that the GDPR works counterproductive. 

Nevertheless, a better solution seems to be missing. Therefore, I have found that the best (free) option to protect my privacy is to decline every cookie, and to make sure that for example, Formula1, cannot share my data with its 855 partners. 

Sources:

  • Angwin, J. (2014, March 4). Opinion | Has Privacy Become a Luxury Good? The New York Times. Retrieved September 25, 2022, from https://www.nytimes.com/2014/03/04/opinion/has-privacy-become-a-luxury-good.html
  • Choi, H., Park, J. and Jung, Y., 2018. The role of privacy fatigue in online privacy behavior. Computers in Human Behavior, 81, pp.42-51.
  • Klosowski, T. (n.d.). How to Protect Your Digital Privacy. The Privacy Project Guides – the New York Times. Retrieved September 25, 2022, from https://www.nytimes.com/guides/privacy-project/how-to-protect-your-digital-privacy
  • Europese Commissie. (n.d.). Europese Commissie – European Commission. Retrieved September 25, 2022, from https://ec.europa.eu/info/aid-development-cooperation-fundamental-rights/your-rights-eu/know-y+our-rights/freedoms/protection-personal-data_nl
  • Wixom, B.H. and Ross, J.W., 2017. How to monetize your data. MIT Sloan Management Review, 58(3).

Please rate this