Machine Unlearning

“Machine UnLearning” and “Model Disgorgement” facilitate Art. 17: The Right to Be Forgotten

May 9, 2024
There’s a phrase from the early years of computer science in the late 1950’s that’s as perrenial as Moore’s Law: “garbage in, garbage out” or GIGO. If the input is rubbish, the output is also bunk. GIGO has plagued programmers for decades but two new areas of research known as “Machine UnLearning” and “Model Disgoregement” are attempting to solve the problem that researchers believe are behind its AI hallucinations or its LLM’s generating factually incorrect information. The Austrian Data Protection

Open Source Supply Chain Attack CVE-2024-3094

April 2, 2024
In the leadup to the easter long weekend, Andres Freund, a software engineer at Microsoft, was testing an unstable Debian release (nicknamed “sid”) shortly before it was due to be released when he noticed something strange: SSH logins that allow users to remotely enter the operating system were chewing up CPU juice and spitting out errors. After a little digging he discovered the liblzma data compression library, part of the popular XZ utility package, was compromised: “the upstream xz repository

Modified ‘Five Safes’ for Machine Learning Algorithms

March 26, 2024
The Five Safes is a system framework helping make decisions about making effective use of data originally developed by the UK Office of National Statistics.  It has since been adopted by institutions and governments around the world, including Australia, and consists of five elements:  Dr Ian Oppermann spoke of a modified ‘Five Safes’ whereby he expanded on the Australian Computer Society’s research and proposed what happens when ‘people’ are substituted for ‘algorithms’ in the Safe People element.  A machine learning
Consumer Data Right

Privacy protections under the Consumer Data Right (CDR) scheme

March 8, 2024
There is no silver bullet for striking a fair balance in power between everyday consumers and large corporations in the age of big data and surveillance capitalism. The Australian Government is investing $65 million to reform the country’s antiquated data ecosystem to address some of the existing inequities that shortchange consumers. A key feature of these reforms is a new Consumer Data Right (‘CDR’) legislated under Part IVD of the Competition and Consumer Act 2010 (Cth) to confer upon citizens

Future changes flagged for the Privacy Act’ Small Business Exemption?

March 1, 2024
The Issues Paper flagged concerns with the so-called ‘Small Business Exemption’ in the Privacy Act (1988)(Cth)(‘Privacy Act’) which does not regulate Australian companies with annual turnover less than $3 million. The paper sought feedback as to whether the Privacy Act strikes the right balance between protecting privacy rights of individuals whose personal data is handled by small businesses and creating unnecessary regulatory burdens on small companies (Issues Paper, p 24). The suitability of the small business exemption and whether it

HOW TO CATCH A CATFISH: identity fraud in the misinformation age 

February 18, 2024
Everybody has an identity and that identity is sacred to their sense of self. An individual needs an identity to perform the most basic of day to day functions from carrying a driver’s license while driving a car to purchasing supermarket groceries with their bank debit card. Life milestones require the identity we carry with us from birth whether it’s for baptisms and Bar Mitzvahs or whenever a wedding celebrant enters a loving couple’s identification into a government register for

JIGSAW: Open Source Anti-Harrassment Tool for Journos

February 15, 2024
I’ve seen some harrowing hate mail working with Mexican journalists over the past 7 years. My colleague Pedro Canché, named a symbol of the Mexican free press by The Guardian, gets death threats all the time over social media. Often the threats are bombastic expletive-ridden tirades from rank and file narco-grunts whose proficiency in the language of force makes up for a lack of basic Spanish literacy. These are easy for Pedro to ignore: he’s a professional. The featured image

Ukraine’s MacPaw and the increased threat profile of your favourite Macbook cleaner

February 15, 2024
I use MacPaw to clean my Mac. When I noticed the valiant Ukrainian flag on the upper bar of my Mac I wondered if the threat profile had increased for this company that cleans our macs. So I looked at the Privacy Policy to see what they collect: https://macpaw.com/policy According to a cursory glance of their Privacy Policy, it seems that as MacPaw is scanning the entire system its mapping the architecture of your hardrive with logs. Furthermore, the Device
·

Invoking the Incident Response Plan

January 1, 2024
For the Incident Response Plan to be executed, a certain threshold of severity needs to be reached: when the incident has the potential to inflict a critical impact on business operations and is caused by an unauthorised group or individual, whether external cyber criminal syndicates or an insider attack by an employee.    An incident on the other hand has the following hallmarks: 3.1. Incident Response Form  To standardise the Incident Response, printed copies of Incident Response Form 1 have been

Australian Data Security Standards compared to European GDPR

November 1, 2023
Australian Data Security Standards are legislated under the Privacy Act (1988)(Cth), known simply as the Privacy Act.  This act includes twelve Australian Privacy Principles (APPs) in which Australian organisations with an annual turnover of above $3 million, referred to in the legislation as APP entities, are legally bound to follow.  This means that an APP entity must take steps to reasonably manage the personal information and data of its clients under the APPs, which include: Differences in Data Security Standards

YouTube’s Ad Blocking Detection Scripts Challenged Under EU Law

October 27, 2023
After a Privacy Advocate Alexander Hanff filed a complaint with the Irish Data Protection Commission to challenge YouTube’s use of JavaScript code to detect ad blockers browser extentions. The claimant remarked that under Europe’s ePrivacy Directive, YouTube must ask permission to run detection scripts because they are superflouos and not technically necessary. If Ireland’s Data Protection Commission agrees, it would be a major win for user privacy. Asked how he hopes the Irish DPC will respond, Hanff stated, “I would

TikTok tapdances across DOJ dancefloor

April 7, 2023
If the grandkid of Bob Woodward, legendary reporter for the Washington Post, reached out to the millennial next of kin of Deep Throat to secretly rendezvous in an underground garage at 1401 Wilson Boulevard guess who would be the third person in the room? ByteDance, the parent company of TikTok. Now the company that has a pair of ears in the pocket of every kid in America (and Australia) is in the eyes of the FBI and Department of Justice

Journalism and the limits of AI in the age of ChatGPT

March 16, 2023
A good editor wears multiple hats. There’s the hard hat for the factory floor where the editor is in charge of quality control. They need to know their audience and pick story pitches that fit the publication. The story is like unprocessed ore to be refined or rejected, tweaked on the assembly line or ripped apart for spare parts and reworked if it can indeed be salvaged at a latter date. Then an editor needs to put on his Hemmingway

Gonzalez v. Google & Twitter v. Taamneh

February 24, 2023
Gonzalez v. Google and Twitter v. Taamneh have more in common than the snappy alliteration of their case names. The facts in both cases concern content moderation and may affect the way major platforms such as Facebook, Wikipedia, Youtube deal with disagreeable content. The disagreeable content is some of the worst of the worst online: terrorist propaganda in the wake of the Paris attacks in France. This case arises from the same set of facts as Gonzalez v. Google: Nohemi
Trojan Wars

Zero Trust Architecture versus Castle Defense Systems

July 18, 2022
Zero Trust Architecture is about putting the paranoid back into data security. Every connection must be authenticated. Every access point is a potential vector for malware infection. Every fibre optic cable, off-premise data centre, or public cloud is potentially compromised. Zero Trust always assumes that someone might already be listening in on your traffic so you must act accordingly. The most common IT security strategy known as the Layered Defense Model or Contemporary Perimeter Model and has been used in

Roe v Wade in the age of Surveillance Capitalism

July 3, 2022
Its been years since Google quietly dropped its infamous motto ‘Don’t Be Evil’ which encompassed the company’s spiritual ethos in its early years. Since then the tech behemoth has been involved in countless scandals from firing ethics leaders of its Artificial Intelligence department to currying favour with authoritarian regimes by self-censoring one of history’s most iconic images on the Chinese version of its search engine: Tank Man. Google has a long track record of doing what’s best for Google even
OAIC

The Long Overdue Review of Privacy Act (1988)

March 22, 2022
For years, former prime minister Scott Morrison and his Attorney-General Christian Porter pursued vanity projects that had a chilling affect of free speech and accountability: from prosecuting whistleblowers for exposing wrongdoing to turning tech platforms into hall monitors for morality by threatening to hold them legally responsible for comments deemed defamatory. After Attorney-General Porter resigned in disgrace and Morrison gutted the Coalition of centrist moderates, these vanity projects were shelved by the new Labor government for projects with more punch
Go toTop