Anonymity and Software Agents: An Interdiscplinary Challenge

Item does not contain fulltex

Advancing security information and event management frameworks in managed enterprises using geolocation

Includes bibliographical referencesSecurity Information and Event Management (SIEM) technology supports security threat detection and response through real-time and historical analysis of security events from a range of data sources. Through the retrieval of mass feedback from many components and security systems within a computing environment, SIEMs are able to correlate and analyse events with a view to incident detection. The hypothesis of this study is that existing Security Information and Event Management techniques and solutions can be complemented by location-based information provided by feeder systems. In addition, and associated with the introduction of location information, it is hypothesised that privacy-enforcing procedures on geolocation data in SIEMs and meta- systems alike are necessary and enforceable. The method for the study was to augment a SIEM, established for the collection of events in an enterprise service management environment, with geo-location data. Through introducing the location dimension, it was possible to expand the correlation rules of the SIEM with location attributes and to see how this improved security confidence. An important co-consideration is the effect on privacy, where location information of an individual or system is propagated to a SIEM. With a theoretical consideration of the current privacy directives and regulations (specifically as promulgated in the European Union), privacy supporting techniques are introduced to diminish the accuracy of the location information - while still enabling enhanced security analysis. In the context of a European Union FP7 project relating to next generation SIEMs, the results of this work have been implemented based on systems, data, techniques and resilient features of the MASSIF project. In particular, AlienVault has been used as a platform for augmentation of a SIEM and an event set of several million events, collected over a three month period, have formed the basis for the implementation and experimentation. A "brute-force attack" misuse case scenario was selected to highlight the benefits of geolocation information as an enhancement to SIEM detection (and false-positive prevention). With respect to privacy, a privacy model is introduced for SIEM frameworks. This model utilises existing privacy legislation, that is most stringent in terms of privacy, as a basis. An analysis of the implementation and testing is conducted, focusing equally on data security and privacy, that is, assessing location-based information in enhancing SIEM capability in advanced security detection, and, determining if privacy-enforcing procedures on geolocation in SIEMs and other meta-systems are achievable and enforceable. Opportunities for geolocation enhancing various security techniques are considered, specifically for solving misuse cases identified as existing problems in enterprise environments. In summary, the research shows that additional security confidence and insight can be achieved through the augmentation of SIEM event information with geo-location information. Through the use of spatial cloaking it is also possible to incorporate location information without com- promising individual privacy. Overall the research reveals that there are significant benefits for SIEMs to make use of geo-location in their analysis calculations, and that this can be effectively conducted in ways which are acceptable to privacy considerations when considered against prevailing privacy legislation and guidelines

The Regulation of Commercial Profiling — A Comparative Analysis

The authors, all data protection experts, discuss the status of the relevant data protection regulatory framework on profiling in the business sector in sev eral countries worldwide, from the constitutional level to some individual regulation including the general attitude towards the topic. The EU perspective is presented on the basis of the present directives as well as the General Data Protection Regulation. The United Kingdom, Germany and France, as three of the largest EU Member States with partly highly differing regulatory approaches represent Member State law. Australia, Brazil and the US regulation exemplify the different integration of data protection standards and different models of approaching pro filing in the globalised IT world

Privacy Preserving Large Language Models: ChatGPT Case Study Based Vision and Framework

The generative Artificial Intelligence (AI) tools based on Large Language Models (LLMs) use billions of parameters to extensively analyse large datasets and extract critical private information such as, context, specific details, identifying information etc. This have raised serious threats to user privacy and reluctance to use such tools. This article proposes the conceptual model called PrivChatGPT, a privacy-preserving model for LLMs that consists of two main components i.e., preserving user privacy during the data curation/pre-processing together with preserving private context and the private training process for large-scale data. To demonstrate its applicability, we show how a private mechanism could be integrated into the existing model for training LLMs to protect user privacy; specifically, we employed differential privacy and private training using Reinforcement Learning (RL). We measure the privacy loss and evaluate the measure of uncertainty or randomness once differential privacy is applied. It further recursively evaluates the level of privacy guarantees and the measure of uncertainty of public database and resources, during each update when new information is added for training purposes. To critically evaluate the use of differential privacy for private LLMs, we hypothetically compared other mechanisms e..g, Blockchain, private information retrieval, randomisation, for various performance measures such as the model performance and accuracy, computational complexity, privacy vs. utility etc. We conclude that differential privacy, randomisation, and obfuscation can impact utility and performance of trained models, conversely, the use of ToR, Blockchain, and PIR may introduce additional computational complexity and high training latency. We believe that the proposed model could be used as a benchmark for proposing privacy preserving LLMs for generative AI tools

Blockchains and the European Data Protection and Privacy Law

Technology is the application of scientific knowledge. New scientific knowledge produces new technologies and new technologies necessarily expose new vulnerabilities in our laws and legal thinking. Blockchain technology, by allowing us to reduce and even eliminate the role of the middleman in our transactions, triggers a significant paradigm shift in how we deal with value. It is often said in online communities that internet democratizes access to information and blockchain democratizes the access to truth. The aim of this work is to shed light on the unchartered territory of the blockchain with the lenses of the EU data protection and privacy law, and offer an in-depth analysis of the greatest issues the blockchain presents with possible solutions and policy recommendations

Reconciling the conflict between the ‘immutability’ of public and permissionless blockchain technology and the right to erasure under Article 17 of the General Data Protection Regulation

This thesis focuses on the issues between a blockchain technology and the new European Union General Data Protection Regulation (GDPR). The Blockchain technology is a rather new technology which potential has been recognised only in the recent years. Essentially, a blockchain is a distributed database in which data is stored in blocks, which form a chronological chain of blocks. Blockchains have many types and possible use cases, but this research focuses on public and permissionless blockchains, which primary objective is to enable individuals to transact with each other without centralised intermediaries. The GDPR entered into force on 25 May 2018. The GDPR was not drafted taking account of distributed ledger technologies, such as the blockchain technology, which has raised several points of tension between the regulation and the technology. The primary focus of this thesis is on the conflict between the ‘immutability’ of blockchain technology and the right to erasure under Article 17 of the GDPR. One of the main features of blockchains is the immutability, that is to say, data on old blocks is extremely difficult to modify or delete. This feature seems prima facie to conflict with Article 17 of the GDPR that provides data subjects with the right to request erasure of their personal data under certain conditions. Firstly, this thesis analyses the current state of the conflict. Before analysing the conflict, the research addresses two essential preliminary questions: the question about anonymisation and personal data and the question about allocation of responsibilities on blockchains. After that, different solutions proposed to reconcile the conflict are analysed to understand the current situation. While public and permissionless blockchains currently may infringe Article 17 of the GDPR, there are potential solutions for the conflict in the future. The second purpose of this thesis is to identify relevant legal problems and propose how to address the problems in the future. Blockchain developers should consider data protection obligations already in the design phase. From the legal side, this research has provided flexible interpretations for the legal problems that could help to comply with the right to erasure. There is a need for a flexible approach to the problems between the regulation and the technology

Artificial intelligence: the end of legal protection of personal data and intellectual property? : research on the countering effects of data protection and IPR on the regulation of artificial intelligence systems

Artificial Intelligence systems have gained notoriety for changing (and having a great potential) to further change the way we live. The use of AI impacts the rights and freedoms of natural persons necessitating the revision of various laws relevant to AI. This research considers the intersection of data protection and intellectual property law as it impacts the rights and freedoms of natural persons. This research argues that data protection and intellectual property law interrelate in such a manner that the (non) regulation of one legal field might (negatively) impact the other. This research examines some of these issues, (including data reidentification) and further proposes the redefinition of the concept of personal data as a means of ensuring that the application of data protection and intellectual property law to AI does not limit the development, adoption, and use of AI

RISKS OF BLOCKCHAIN FOR DATA PROTECTION: A EUROPEAN APPROACH

RISKS OF BLOCKCHAIN FOR DATA PROTECTION: A EUROPEAN APPROAC