Posts Under: Privacy & Data Security

Model Explanations are Part of Ethical Data Practice

Institutions involved in predictive modeling are using ever more advanced techniques to predict outcomes of interest from credit scoring to facial recognition to spam detection.  Institutions assess the performance of these models through standard measures such as accuracy (the number of correct predictions divided by the total number of predictions) or error rate (the number of incorrect predictions divided by the total number of predictions).  They can in addition assess the fairness of their predictions with respect to vulnerable groups using measures such as predictive parity across groups, statistical parity, or equal error rates. Institutions also face legal and ethical obligations to explain the basis of their consequential decisions to those who are affected, to regulators and to the general public.  The idea is that people have rights based on autonomy and dignity to be able to understand why institutions make the decisions they do. When predictive models are ...

more

Google Implements Latest Steps to Combat Online Extremism

In the wake of the tragic violence in Charlottesville earlier this month, it’s even more evident that online extremism continues to pose serious threats to society. While battling extremism is an important step in preventing the spread of hate and violence around the world, there are many inherent challenges, including the sheer volume of daily posts, complexity of purpose for videos, and the need to adhere to free speech rights.  In spite of these challenges, industry has been committed to this effort for many years—we’ve highlighted some of this in the past, including industry efforts to cooperate with law enforcement, and formation of a partnership to fight terrorism.

more

AI Spotlight: Competitions that Use AI to Exploit Vulnerabilities Can Strengthen Cybersecurity

So far in 2017, cyberattacks like WannaCry and Petya have left the world wondering what can be done to prevent such attacks in the future before people lose millions of dollars to ransomware, or worse.  While no digital system is ever completely secure, finding and patching vulnerabilities before they can be exploited is the best defense, but continues to be a challenge.  One tool that can help detect vulnerabilities is artificial intelligence (AI).  AI technology can look for bugs that need to be patched in a faster, more in-depth way that produces more results than humans can.  In this vein, this week’s AI spotlight is about using AI in data science competitions like those held by Kaggle, which is part of Google’s cloud platform, or those held by the U.S. Department of Defense.  Typically, Hackathons pit human versus human or human versus system in competitions which also show how particular systems can be vulnerable and need to be fixed, like ...

more

Civil Society Groups are Moving the Goalposts on EU-U.S. Privacy Shield

Human Rights Watch (HRW) and Amnesty International (AI) issued a press release today on a letter and brief the two organizations sent to European Justice and Home Affairs Commissioner Vera Jourova arguing for invalidation of the EU-U.S. Privacy Shield.  The letter and brief can be found here.  On substance of the criticism, these groups continue to sell the U.S. surveillance framework short, failing to recognize extensive transparency and safeguards that underlie the U.S. framework.  That aside, invalidation on these terms is not appropriate because the European Commission’s reasoned and detailed adequacy decision was based on information about U.S. surveillance practices and laws that the Commission had when the decision was released on July 12, 2016. After reviewing the commitments self-certifying organizations would make under the privacy shield and the enforcement mechanisms available under U.S. law, the Commission said, “the United States ensures an a ...

more

France’s Extraterritorial Interpretation of the Right to be Forgotten Goes to the European Court of Justice

Does the EU’s right to be forgotten extend to the whole world?  The French data protection authority, CNIL, says yes and wants search engines to delist search results which contain information that violates the European Union’s right to be forgotten – not just for French users, not just for European users, but for all users everywhere. Google is prepared to remove offending search results for European users, but balks at removing material globally just because European courts find that it violates European privacy rules. 

more

Good News and Bad News on Canada’s Anti-Spam Law

First, the good news:  Last month, Canada’s Minister of Innovation, Science, and Economic Development announced that the pending private right of action under the Canadian Anti-SPAM Law (CASL) would be delayed indefinitely—this was initially scheduled to come into effect on July 1, 2017.  As many of us pointed out back when the law was enacted, unleashing the threat of frivolous litigation is likely to punish innocent companies to the tune of millions of dollars—in most cases companies that are trying to comply—while enriching trial attorneys and stifling many of the desirable email communications citizens have come to expect and appreciate. In the statement announcing the delay, Navdeep Bains, the Canadian Minister, noted that while “Canadians deserve to be protected from spam and other electronic threats so that they can have confidence in digital technology,” the Canadian government is “committed to striking the right balance&rd ...

more

SEC and Civil Agencies Should Need a Warrant for Remotely-Stored Electronic Content

For years, the Securities and Exchange Commission (SEC)  has been seeking an administrative agency exception that would enable it to use a subpoena to access email content stored remotely by third parties.  But under current legal precedent, per a 2010 Sixth Circuit decision, United States v. Warshak, it has been precedent that this material should only be accessible with a search warrant. The SEC continues to seek expanded authority, and they question the application of this warrant requirement to civil agencies.  In February, they issued a subpoena to Yahoo to access a user’s email, where the account was owned by a defendant in a securities fraud case.  Yahoo has rightly challenged this action, and the case, Securities and Exchange Commission v. North Star Finance LLC, represents a landmark dispute regarding the government efforts to obtain email content in a civil case with just a subpoena to an email service provider. Unlike a warrant based upon pro ...

more

EU-Japan Economic Partnership Agreement Falls Short on Data Flows

Today, the EU and Japan announced political agreement in principle on an Economic Partnership Agreement.  Overall, this should be a positive development for EU and Japanese workers, consumers, and businesses.  But, it does fall short in one crucial regard.  There is no binding data flow obligation yet.  SIIA put out a statement on this gap today.  Instead of a binding data flow commitment now, the two sides agreed to conclude an accord on data flows in early 2018. 

more

Big Data: A Twenty-First Century Arms Race Report Launch

The Atlantic Council and Thomson Reuters released a timely report on “Big Data: A Twenty-First Century Arms Race” on June 27, 2017, at a well-attended event at the Atlantic Council’s Washington, D.C. headquarters.  Policymakers all over the world should be aware of the powerful tools at their disposal such as World-Check to address political and economic threats.  This is something of a theme for SIIA.  Recently, for example, we wrote about how artificial intelligence (AI) can help in the anti-money laundering (AML) fight.   We have also written about how FICO’s AML tool works.  The Atlantic Council report contains many realistic policy recommendations, which policymakers from different regulatory “silos” should review.  This is another theme for SIIA.  Regulators and policymakers should engage in regular dialogue with each other.  For example, financial supervisors and privacy regulators should talk to ea ...

more

Google Builds on Industry-Driven Ad Standards to Improve User Experience and Content Creation

Online advertising is an increasingly important source of revenue for online content creators, who include professional journalists to web developers to bloggers and provide tremendous value to the Internet ecosystem. To remain afloat, these content creators rely on effective online advertising in order to continue to provide their service or business.

more