AI could help solve the privacy problems it has created

The stunning successes of artificial intelligence would not have happened without the availability of massive amounts of data, whether its smart speakers in the home or personalized book recommendations. And the spread of AI into new areas of the economy, such as AI-driven marketing and self driving vehicles, has been driving the collection of ever more data. These large databases are amassing a wide variety of information, some of it sensitive and personally identifiable. All that data in one place makes such databases tempting targets, ratcheting up the risk of privacy breaches.

The general public is largely wary of AI’s data-hungry ways. According to a survey by Brookings, 49% of people think AI will reduce privacy. Only 12% think it will have no effect, and a mere 5% think it may make it better.

As cybersecurity and privacy researchers, we believe that the relationship between AI and data privacy is more nuanced. The spread of AI raises a number of privacy concerns, most of which people may not even be aware. But in a twist, AI can also help mitigate many of these privacy problems.

Revealing models

Privacy risks from AI stem not just from the mass collection of personal data, but from the deep neural network models that power most of today’s artificial intelligence. Data isn’t vulnerable just from database breaches, but from “leaks” in the models that reveal the data on which they were trained.

Deep neural networks – which are a collection of algorithms designed to spot patterns in data – consist of many layers. In those layers are a large number of nodes called neurons, and neurons from adjacent layers are interconnected. Each node, as well as the links between them, encode certain bits of information. These bits of information are created when a special process scans large amounts of data to train the model.

For example, a facial recognition algorithm may be trained on a series of selfies so it can more accurately predict a person’s gender. Such models are very accurate, but they also may store too much information – actually remembering certain faces from the training data. In fact, that’s exactly what researchers at Cornell University discovered. Attackers could identify people in training data by probing the deep neural networks that classified the gender of facial images.

They also found that even if the original neural network model is not available to attackers, attackers may still be able to tell whether a person is in the training data. They do this by using a set of models that are trained on data similar, but not identical, to the training data. So if a man with a beard was present in the original training data, then a model trained on photos of different bearded men may be able to reveal his identity.

AI to the rescue?

On the other hand, AI can be used to mitigate many privacy problems. According to Verizon’s 2019 Data Breach Investigations Report, about 52% of data breaches involve hacking. Most existing techniques to detect cyberattacks rely on patterns. By studying previous attacks, and identifying how the attacker’s behavior deviates from the norm, these techniques can flag suspicious activity. It’s the sort of thing at which AI excels: studying existing information to recognize similar patterns in new data.

Still, AI is no panacea. Attackers can often modify their behavior to evade detection. Take the following two examples. For one, suppose anti-malware software uses AI techniques to detect a certain malicious program by scanning for a certain sequence of software code. In that case, an attacker can simply shuffle the order the code. In another example, the anti-malware software might first run the suspicious program in a safe environment, called a sandbox, where it can look for any malicious behavior. Here, an attacker can instruct the malware to detect if it’s being run in a sandbox. If it is, it can behave normally until it’s released from the sandbox – like a possum playing dead until the threat has passed.

Making AI more privacy friendly

A recent branch of AI research called adversarial learning seeks to improve AI technologies so they’re less susceptible to such evasion attacks. For example, we have done some initial research on how to make it harder for malware, which could be used to violate a person’s privacy, to evade detection. One method we came up with was to add uncertainty to the AI models so the attackers cannot accurately predict what the model will do. Will it scan for a certain data sequence? Or will it run the sandbox? Ideally, a malicious piece of software won’t know and will unwittingly expose its motives.

Another way we can use AI to improve privacy is by probing the vulnerabilities of deep neural networks. No algorithm is perfect, and these models are vulnerable because they are often very sensitive to small changes in the data they are reading. For example, researchers have shown that a Post-it note added to a stop sign can trick an AI model into thinking it is seeing a speed limit sign instead. Subtle alterations like that take advantage of the way models are trained to reduce error. Those error-reduction techniques open a vulnerability that allows attackers to find the smallest changes that will fool the model.

These vulnerabilities can be used to improve privacy by adding noise to personal data. For example, researchers from Max Planck Institute for Informatics in Germany have designed clever ways to alter Flickr images to foil facial recognition software. The alterations are incredibly subtle, so much so that they’re undetectable by the human eye.

The third way that AI can help mitigate privacy issues is by preserving data privacy when the models are being built. One promising development is called federated learning, which Google uses in its Gboard smart keyboard to predict which word to type next. Federated learning builds a final deep neural network from data stored on many different devices, such as cellphones, rather than one central data repository. The key benefit of federated learning is that the original data never leaves the local devices. Thus privacy is protected to some degree. It’s not a perfect solution, though, because while the local devices complete some of the computations, they do not finish them. The intermediate results could reveal some data about the device and its user.

Federated learning offers a glimpse of a future where AI is more respectful of privacy. We are hopeful that continued research into AI will find more ways it can be part of the solution rather than a source of problems.

[You’re smart and curious about the world. So are The Conversation’s authors and editors. You can read us daily by subscribing to our newsletter.]


Original post:

32 comentários em “AI could help solve the privacy problems it has created

  1. I’m the proprietor of JustCBD company ( and I am currently trying to develop my wholesale side of business. It would be great if anybody at targetdomain can help me . I considered that the best way to do this would be to connect to vape companies and cbd retail stores. I was hoping if anyone could recommend a trusted web-site where I can purchase CBD Shops B2B Sales Leads I am already looking at, and Not exactly sure which one would be the most ideal option and would appreciate any advice on this. Or would it be easier for me to scrape my own leads? Ideas?

  2. I’m the manager of JustCBD label ( and am planning to expand my wholesale side of business. It would be great if someone at targetdomain is able to provide some guidance 🙂 I thought that the most effective way to do this would be to reach out to vape companies and cbd retailers. I was hoping if someone could recommend a trustworthy website where I can purchase CBD Shops B2B Leads I am already taking a look at, and Unsure which one would be the best option and would appreciate any guidance on this. Or would it be easier for me to scrape my own leads? Ideas?

  3. An outstanding share! I’ve just forwarded this onto a colleague who had been doing a little research on this. And he in fact bought me lunch because I discovered it for him… lol. So allow me to reword this…. Thank YOU for the meal!! But yeah, thanx for spending some time to discuss this subject here on your internet site.

  4. Hi! I could have sworn I’ve visited this website before but after looking at many of the posts I realized it’s new to me. Nonetheless, I’m certainly delighted I came across it and I’ll be bookmarking it and checking back often!

  5. You’re so cool! I do not suppose I’ve read through a single thing like that before. So nice to discover someone with genuine thoughts on this topic. Seriously.. many thanks for starting this up. This site is something that is needed on the web, someone with some originality!

  6. Superb blog! Do you have any tips and hints for aspiring writers?
    I’m hoping to start my own blog soon but I’m a little
    lost on everything. Would you propose starting with a free platform like WordPress or go for a paid option? There
    are so many choices out there that I’m totally confused ..
    Any recommendations? Thanks a lot! adreamoftrains web hosting providers

  7. Oh my goodness! Awesome article dude! Thank you so much, However I am having issues with your RSS. I don’t understand why I cannot join it. Is there anyone else having similar RSS problems? Anyone that knows the solution can you kindly respond? Thanx!!

  8. Achieving your fitness goal does not have to require a certified personal trainer or an expensive gym memberships, especially when you have the budget and the space to consider practically every workout machine on the market.

  9. Aw, this was an incredibly good post. Taking the time and actual effort to create a superb article… but what can I say… I put things off a lot and never seem to get anything done.

  10. Howdy! I could have sworn I’ve visited this site before but after looking at many of the articles I realized it’s new to me. Anyways, I’m definitely delighted I discovered it and I’ll be bookmarking it and checking back regularly!

  11. Oh my goodness! Incredible article dude! Thanks, However I am experiencing difficulties with your RSS. I don’t know why I can’t subscribe to it. Is there anybody having similar RSS problems? Anyone who knows the answer can you kindly respond? Thanx!!

  12. Can I just say what a relief to find somebody who genuinely understands what they are discussing online. You definitely know how to bring an issue to light and make it important. A lot more people ought to look at this and understand this side of your story. I can’t believe you’re not more popular because you definitely possess the gift.

  13. Oh my goodness! Amazing article dude! Thank you so much, However I am encountering difficulties with your RSS. I don’t know the reason why I cannot join it. Is there anybody getting the same RSS problems? Anybody who knows the answer can you kindly respond? Thanks!!

  14. After I initially left a comment I seem to have clicked on the -Notify me when new comments are added- checkbox and from now on whenever a comment is added I get 4 emails with the exact same comment. There has to be a means you can remove me from that service? Thanks!

  15. This is a good tip especially to those new to the blogosphere. Simple but very accurate information… Appreciate your sharing this one. A must read article!

Leave a Reply

Your email address will not be published. Required fields are marked *