Connect with us

Technology

Accelerating the future of privacy through SmartData agents

Avatar

Published

on

Digital Life of Mind
Share this:

Imagine a future where you can communicate with your smartphone – or whatever digital extension of you exists at that time – through an evolved smart digital agent that readily understands you, your needs, and exists on your behalf to procure the things and experiences you want. What if it could do all this while protecting and securing your personal information, putting you firmly in control of your data?

Dr. George Tomko, University of Toronto

Dr. George Tomko, University of Toronto

Dr. George Tomko Ph.D, Expert-in-Residence at IPSI (Privacy, Security and Identity Institute) at the University of Toronto, Adjunct Professor in Computer Science at Ryerson University, and Neuroscientist, believes the time is ripe to address the privacy and ethical challenges we face today, and to put into place a system that will work for individuals, while delivering effective business performance and minimizing harms to society at large. I had the privilege of meeting George to discuss his brainchild, SmartData: the development of intelligent agents and the solution to data protection.

As AI explodes, we are witnessing incident after incident from technology mishaps to data breaches, to data misuse, and erroneous and even deadline outcomes. My recent post, Artificial Intelligence needs to Reset advances the need to take a step back, slow down the course of AI, and examine these events with a view to educate, fix, prevent and regulate towards effective and sustainable implementations.

Dr. Tomko is not new to the topic of privacy. He also invented Biometric Encryption as well as the Anonymous Database in the early 90’s.  His invention of SmartData was published SmartData: Privacy Meets Evolutionary Robotics, co-authored with Dr. Ann Cavoukian, former 3-term Privacy Commissioner in Ontario and inventor of Privacy by Design. This led to his current work, Smart Data Intelligent Agents, the subject of this article.

There is an inherent danger with the current model today. How the internet evolved was not its intended path. Tim Berners-Lee envisioned an open internet, owned by no one,

…an open platform that allows anyone to share information, access opportunities and collaborate across geographical boundaries…

This has been challenged by the spread of misinformation and propaganda online has exploded partly because of the way the advertising systems of large digital platforms such as Google or Facebook have been designed to hold people’s attention…

People are being distorted by very finely trained AIs that figure out how to distract them.

What has evolved is a system that’s failing. Tomko points to major corporations and digital gatekeepers who are accumulating the bulk of the world’s personal data:

He who has the personal data has the power, and as you accumulate more personal information (personally identifiable information, location, purchases, web surfing, social media), in effect you make it more difficult for competitors to get into the game. The current oligopoly of Facebook, Google, Amazon etc will make it more difficult for companies like Duck Duck Go and Akasha to thrive.

That would be okay if these companies were to utilize the data in accordance with the positive consent of the data subject for the primary purpose intended and protected it against data hacking. However, we know that’s not happening. Instead, they are using it for purposes not intended, selling the data to third parties, transferring it to government for surveillance, often without a warrant for probable cause.

Tomko asserts if Elon Musk and the late Stephen Hawking are correct about the potential of a dystopian-like AI popularized by Skynet in The Terminator series, this is likely if the AI has access to large amounts of personal data centralized into databases. While this implies an AI with malevolent intentions, humans are relentlessly innovative and Tomko argues for the importance of putting roadblocks in place before this happens.

Enter SmartData. This is the evolution of Privacy by Design, which shifts control from the organization and places it directly in the hands of the individual (the data subject).

SmartData empowers personal data by, in effect, wrapping it in a cloak of intelligence such that it now becomes the individual’s virtual proxy in cyberspace. No longer will personal data be shared or stored in the cloud as merely data, encrypted or otherwise; it will now be stored and shared as a constituent of the binary string specifying the neural weights of the entire SmartData agent. This agent proactively builds-in privacy, security and user preferences, right from the outset, not as an afterthought.

For SmartData to succeed, it requires a radical, new approach – with an effective separation from the centralized models which exist today.

Privacy Requires Decentralization and Distribution

Our current systems and policies present hurdles we need to overcome as privacy becomes the norm. The advent of Europe’s GDPR is already making waves and challenging business today. Through GDPR’s Article 20 (The Right to Data Portability) and Article 17 (The Right to Be Forgotten), the mechanisms to download personal data, plus the absolute deletion of data belie current directives and processes. Most systems ensure data redundancy, therefore data will always exist. Systems will need to evolve to fully comply with these GDPR mandates. In addition, customer transactions on private sites are collected, analyzed, shared and sometimes sold with a prevailing mindset that data ownership is at the organizational level.

Tomko explains the SmartData solution must be developed in an open source environment.

A company that says: “Trust me that the smart agent or app we developed has no “back-door” to leak or surreptitiously share your information,” just won’t cut it any longer. Open source enables hackers to verify this information. I believe that such a platform technology will result in an ecosystem that will grow, as long as there is a demand for privacy.

Within this environment, a data utility within the SmartData platform can request all personal data under GDPR-like regulations from the organizational database. As per the SmartData Security Structure, each subject’s personal data is then cleaned and collated into content categories e.g. A = MRI data, B = subscriber data. They will be de-identified, segmented, encrypted and placed in these locked boxes (files in the cloud) identified by categorized metatags. A “Trusted Enclave” like Intel’s SGX will be associated with each data subject’s personal data. The enclave will generate a public/private key pair and output the public key to encrypt the personal data by category.

Today, information is stored and accessed by location. If breaches occur, this practice increases the risk of exposure as information about data subjects are bundled together. By categorizing and storing personal information by content, this effectively prevents personal identity to be connected with the data itself. Only SmartData will know its data subjects and pointers to their unique personal information, accessed by a unique private key.

SmartData Security Structure, George Tomko

SmartData Security Structure, George Tomko

Ensuring Effective Performance while Maintaining Individual Privacy

Organizations who want to effectively utilize data to improve efficiencies and organizational performance will take a different route to achieve this. How do companies analyze and target effectively without exposing personal data? Tomko declares that using Federated Learning, to distribute data analytics such as Machine Learning(ML) is key:

Federated Learning provides an alternative to centralizing a set of data to train a machine learning algorithm, by leaving the training data at their source. For example, a machine learning algorithm can be downloaded to the myriad of smartphones, leveraging the smartphone data as training subsets. The different devices can now contribute to the knowledge and send back the trained parameters to the organization to aggregate.  We can also substitute smartphones with the secure enclaves that protect each data subject’s personal information.

Here’s how it would work: An organization wants to develop a particular application based on machine learning, which requires some category of personal data from a large number of data-subjects as a training set. Once it has received consent from the data subjects, it would download the learning algorithm to each subject’s trusted enclave. The relevant category of encrypted personal data would then be inputted, decrypted by the enclave’s secret key, and used as input to the machine learning algorithm. The trained learning weights from all data-subjects’ enclaves would then be sent to a master enclave within this network to aggregate the weights. This iteration would continue until the accuracies are optimized. Once the algorithm is optimized, the weights would then be sent to the organization. Tomko affirms,

 

The organization will only have the aggregated weights that had been optimized based on the personal data of many data subjects. They would not be able to reverse engineer and determine the personal data of any single data subject. The organization would never have access to anyone’s personal data, plaintext or otherwise, however, would be able to accomplish their data analytic objectives.

Federated Learning - Master Enclave, George Tomko

Federated Learning – Master Enclave, George Tomko

Building a Secure Personal Footprint in the Cloud

To ensure personal web transactions are secure, a person will instruct his SmartData agent to, for example, book a flight. The instruction is transmitted to the cloud using a secure protocol such as IPSec. This digital specification (a binary string) is decrypted and downloaded to one of many reconfigurable computers, which will interpret the instructions.

Natural language (NLP) would convert the verbal instructions into formal language, as well as the encoded communications, back and forth between subject and organization to facilitate the transaction, eliciting permission for passport and payment information. What’s different is the development of an agreement (stored on the Blockchain) that confirms consented terms of use between the parties. It also adds an incentive component through cryptocurrency that enables the data subject to be compensated for their information, if required. This mechanism would be used before every transaction to ensure transparency and expediency between parties.

Tomko realizes Blockchain has its limitations:

Everyone wants to remove the intermediary and the crypto environment is moving quickly. However, we can’t rely on Blockchain alone for privacy because it is transparent, and we can’t use it for computation because it is not scalable.

AI as it exists today is going through some stumbling blocks. Most experiments are largely within ANI: Artificial Narrow Intelligence, with models and solutions built for very specific domains, which cannot be transferred to adjacent domains. Deep Learning has its limitations. The goal of SmartData is to develop a smart digital personal assistant to serve as a proxy for the data-subject across varied transactions and contexts. Tomko illustrates,

With current Deep Learning techniques, different requests such as ‘Hey SmartData, buy me a copy of …” or “book me a flight to…” encompass different domains, and accordingly, require large sets of training data specific to that domain. The different domain-specific algorithms would then need to be strung together into an integrated whole, which, in effect, would become SmartData. This method would be lengthy, computationally costly and ultimately not very effective.

The promise of AI: to explain and understand the world around us and it has yet to reveal itself.

Tomko explains:

To date, standard Machine Learning (ML) cannot achieve incremental learning that is necessary for intelligent machines and lacks the ability to store learned concepts or skills in long-term memory and use them to compose and learn more sophisticated concepts or behaviors. To emulate the human brain to explain and generally model the world, it cannot be solely engineered. It has to be evolved within a framework of Thermodynamics, Dynamical Systems Theory and Embodied Cognition.

Embodied Cognition is a field of research that “emphasizes the formative role that both the agents’ body and the environment will play in the development of cognitive processes.” Put simply, these processes will be developed when these tightly coupled systems emerge from the real-time, goal-directed interactions between the agents and their environments, and in SmartData’s case, a virtual environment. Tomko notes the underlying foundation of intelligence (including language) is action.

Actions cannot be learned in the traditional ML way but must be evolved through embodied agents. The outcomes of these actions will determine whether the agent can satisfy the data subject’s needs.

Tomko references W. Ross Ashby, a cybernetics guru from the 50’s, who proposed that every agent has a set of essential variables which serve as its benchmark needs, and by which all of its perceptions and actions are measured against. The existential goal is to always satisfy its needs. By using this model (see below), we can train the agent to satisfy the data subject’s needs, and retain the subject’s code of ethics. Essential variables are identified that determine the threshold for low surprise or high surprise. Ideally, the agent should try to maintain a low-surprise and homeostatic state (within the manifold) to be satisfied. Anything outside the manifold, i.e., high surprise should be avoided. Tomko uses Ashby’s example of a mouse, who wants to survive. If a cat is introduced, a causal model of needs is built such that the mouse uses its sensory inputs compared to its benchmark needs to determine how it will act when a cat is present and maintain its life-giving states.

Apply this to individual privacy. As per Tomko,

The survival range will include parameters for privacy protection. Therefore, if the needs change or there is a modified environment or changing context the agent will modify its behavior automatically and adapt because its needs are the puppet-master.

This can be defined as a reward function. We reward actions that result in low surprise or low entropy. For data privacy, ideally, we want to avoid any potential actions that would lead to privacy violations equating to high surprise (and greater disorder).

 

Manifold of Needs, George Tomko

Manifold of Needs, George Tomko

Toronto’s Sidewalk Labs: The Need for Alternative Data Practices

At the time of writing this article, Dr. Ann Cavoukian, Expert-in-Residence at Ryerson University, former 3-term Privacy Commissioner, resigned as an advisor to Sidewalk Labs, in Toronto, a significant project powered by Alphabet, which aimed to develop one of the first smart cities of privacy in the world. Cavoukian’s resignation resulted in a media coup nationally because of her strong advocacy for individual privacy. She explains,

My reason for resigning from Sidewalk Labs is only the tip of the iceberg of a much greater issue in our digitally oriented society.  The escalation of personally identified information being housed in central databases, controlled by a few dominant players, with the potential of being hacked and used for unintended secondary uses, is a persistent threat to our continued functioning as a free and open society.

Organizations in possession of the most personal information about users tend to be the most powerful. Google, Facebook and Amazon are but a few examples in the private sector… As a result, our privacy is being infringed upon, our freedom of expression diminished, and our collective knowledge base outsourced to a few organizations who are, in effect,  involved in surveillance fascism. In this context, these organizations may be viewed as bad actors; accordingly, we must provide individuals with a viable alternative…

The alternative to centralization of personal data storage and computation is decentralization – place all personal data in the hands of the data-subject to whom it relates, ensure that it is encrypted, and create a system where computations may be performed on the encrypted data, in a distributed manner… This is the direction that we must take, and there are now examples of small startups using the blockchain as a backbone infrastructure, taking that direction.  SmartData, Enigma, Oasis Labs, and Tim Berners-Lee’s Solid platform are all developing methods to, among other things, store personal information in a decentralized manner.

Other supporters of Dr. George Tomko concur:

Dr. Don Borrett, a practicing neurologist with a background in evolutionary robotics, with a Masters from the Institute for the History and Philosophy of Science and Technology for the University of Toronto states:

By putting control of personal data back into the hands of the individual, the SmartData initiative provides a framework by which respect for the individual and responsibility for the collective good can be both accommodated.

Bruce Pardy is a Law Professor at Queen’s University, who has written on a wide range of legal topics: human rights, climate change policy, free markets, and economic liberty, among others and he declares:

The SmartData concept is not just another appeal for companies to do better to protect personal information. Instead, it proposes to transform the privacy landscape. SmartData technology promises to give individuals the bargaining power to set their own terms for the use of their data and thereby to unleash genuine market forces that compel data-collecting companies to compete to meet customer expectations.

Dr. Tomko is correct! The time is indeed ripe, and SideWalk Labs, an important experiment that will vault us into the future, is an example of the journey many companies must take to propel us into an inevitability where privacy is commonplace.

This originally appeared om Forbes.

Share this:

Technology

Addressing cybercrime with passwordless authentication

Avatar

Published

on

A hand holding a smartphone over a black background.
Share this:

Cybercrime costs the global economy $2.9 million every minute, according to a RiskIQ report titled The Evil Internet Minute, adding up to $1.5 trillion in a year.

The cause? 80% of attacks are password-related issues.

Just think: How many times have you been prompted to change your password by your bank or email company? How many times have you heard the term “data breach” in the news? How many accounts do you have that require two-step authentication? How many passwords do you have, scattered across various accounts?

PINs, passwords, security questions are a daily part of our lives, but it’s typically nothing more than a hassle when we have to change them. For larger organizations, however, costs add up. Estimates show that nearly 50 percent of IT help desk costs are allocated to password resets.

Enter: Passwordless authentication — harnessing the power of technologies like AI and Machine Learning to save time and money.  

Cyber security is high on the World Economic Forum’s agenda, and in collaboration with open industry association FIDO Alliance, WEF’s whitepaper Passwordless Authentication The next breakthrough in secure digital transformation presents a framework for future authentication systems, illustrating five key passwordless technologies organizations can implement.

As part of Davos 2020, the paper — featuring lead authors Andrew Shikiar (Executive Director and Chief Marketing Officer, FIDO Alliance) and Adrien Ogee (Project Lead, Platform for Shaping the Future of Cybersecurity and Digital Trust, World Economic Forum) — outlines that “passwords are indeed at the heart of the data breach problem,” and presents facial biometric technology, hardware keys, and even QR codes and behavioural analysis as the future of passwordless authentication. 

“While company adoption of platform businesses is increasingly driving business valuation and growth, the problem of digital trust is growing equally fast and eroding confidence across online communities,” explains the introduction.

“Security enhancement is a continuous process, there is no magic bullet. Cyber criminals will adapt and develop new means of attack, but the alternative authentication mechanisms presented here provide greater challenge to them and greater security in the foreseeable future.”

Share this:
Continue Reading

Financial Services

How BMO branch technology saves employees up to 30 minutes per day

Avatar

Published

on

Share this:

When it comes to banking, it comes as little surprise that customers are increasingly preferring tellerless interactions. 

A recent customer insight report from Mercator Advisory Group found that those who don’t like using mobile and online banking prefer to use self-service kiosks at physical branch locations.

Even back in 2015, a study by Source Technologies found that self-service retail banking kiosks improve operations, “reducing the time it takes to get an official check from nine minutes (using a teller) to 40 seconds – 13.5 times faster than a teller-conducted transaction.”

When banks invest in features like remote authentication and mobile deposits, it isn’t just customers who benefit — staff are able to better focus on more complex transactions, and developing relationships with clients.

“We see that more and more of our customers are migrating toward self-serve interactions, especially for the simpler, straightforward transactions,” explained Kyle Barnett, BMO’s chief operating officer for US personal and business banking, in an interview with PYMNTS. 

One of technologies implemented by BMO was a faster, real-time process for scanning and depositing cheques, saving customers from having to fill out a paper deposit slip. This has led to deposits clearing within hours instead of days. 

Another BMO implementation was its easy PIN authentication; instead of using a driver’s licenses or state-issued ID, customers use debit cards to verify their identities. The transaction is therefore accelerated, and data is aggregated instantly on the teller’s screen.

Both of these improvements were implemented in more than 500 branches by the end of 2019.

“If a customer walks in and opens up an account [during the] same interaction, they can actually leave with a fully functioning, embossed card that has their name on it,” Barnett said. 

And unlike before, when a customer was issued a temporary card and had to wait for the fully-functioning replacement to arrive in the mail, “they also get the PIN right there as part of the account opening, and can even set up a custom PIN if they want at the ATM.”

With the in-branch experience changing, and customers requiring fewer interactions with tellers, the result has been “really freeing up our branch bankers to have more time to dedicate to customers, and have better holistic conversations, and create more personalized recommendations.” 

One case study found that employees have saved between 15 and 30 minutes per day on processing forms. Multiply that by the number of employees within BMO, and you get a major win for efficiency and time saving. 

Share this:
Continue Reading

Technology

How to accelerate business change using data and AI

AI poses as many challenges as opportunities. Here are a few common characteristics we’ve seen among businesses that have realized success with data and AI.

Cognizant

Published

on

Share this:

By Bret Greenstein

Most senior leaders would agree that adapting in real time to customer and market needs is vital for achieving their visions and goals. And to develop this capability, they’d also likely agree they need data and artificial intelligence (AI).

The examples are all around us. The city of Chicago uses 12 variables, including high daily temperatures, to prioritize which of the city’s 7,000 “high-risk” restaurants it should send its 35 food inspectors to. The AI solution found violations a week earlier than they otherwise would have.

We helped an insurer create an AI system that provides underwriters with more precise estimates of risk, as well as the likelihood applicants will accept a specific price quote. The insurer can adjust how the AI environment makes its approval and pricing recommendations to ensure compliance with changing corporate priorities around risk vs. revenue.

We’ve also seen AI help predict customers’ emerging needs as markets change. If the economy goes into a recession, informed analysis could help organizations not only cut costs but also provide the products and services customers might need in a downturn.

And, of course, there are the businesses that have used data and AI to create new revenue streams and business models that drive lasting competitive advantage. For game changers like Uber, data is at the core of the company and constitutes value, not cost.

Facing up to AI realities

But there’s another hard fact that would draw consensus from many business leaders today: the unprecedented effort required to move an enterprise in an AI direction. The fact is, AI-enabled business change requires as much alteration to corporate culture, organizational structures and processes, and workforce roles and skills as it does new technology.

For example, too many organizations still treat data as an expense and a security risk. Technical or organizational siloes make it difficult to pool information in flexible data lakes. Many businesses also lack the skills to manage AI-enabled analytics amid rising privacy and ethical concerns. Others are unable to provide audit trails on how AI decisions were made or deliver AI-enabled analytics quickly enough.

AI success factors

Here are a few common characteristics we’ve seen among businesses that have realized success with data and AI:

  • Senior leadership is passionate about the value of data. CIOs can play a big role here. They need to work with the CEO and business leaders to resolve the tension between business managers who want more access to data and the pressure to restrict such access to reduce cost and risk.
  • Data scientists embedded with business users. By working more closely with business users, data scientists can better understand the business context behind their requests. Business managers may say they need “X,” but what they really need is a solution to a problem, which may or may not be “X.”
  • The establishment of an AI oversight role. Because AI systems learn and improve, they can produce different results at different times based on the data they’re given and the algorithms applied. This means they require closer oversight than traditional systems that are coded, tested and summarily released – and then left alone.In some ways, managing an AI system is like raising a child. You need to be sure they’re not being trained with intentionally or unintentionally biased data or by malicious users. If a loan application is denied, for example, you need to know the decision was ethically sound.
  • Plenty of high-quality data. The more high-quality data, the better and more quickly the AI system can learn. To supply that data, organizations must refine their processes for ongoing data preparation, integration and pipelining. This essential groundwork is the hardest part in building an AI system.
  • Modernized infrastructure. An infrastructure based on application programming interfaces (APIs) and Agile development techniques makes it easier to quickly deliver new AI-based applications. This more flexible infrastructure enables organizations to better access needed data from outside the enterprise, and more effectively monetize the resulting insights by sharing them across the ecosystem.For instance, we worked with one of the world’s largest and busiest airports to revamp its technology infrastructure to increase airport efficiency and performance. The organization combined data and AI to unlock more capacity to serve airlines and reduce passenger misconnects.

Our final recommendation: Start now. AI can be difficult and complex, and it’s hard to catch up once you’ve fallen behind. Even modest successes will teach you a lot, and the real danger in digital is being a laggard.

Share this:
Continue Reading

Featured